1e1051a39Sopenharmony_ci#! /usr/bin/env perl
2e1051a39Sopenharmony_ci# Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved.
3e1051a39Sopenharmony_ci#
4e1051a39Sopenharmony_ci# Licensed under the Apache License 2.0 (the "License").  You may not use
5e1051a39Sopenharmony_ci# this file except in compliance with the License.  You can obtain a copy
6e1051a39Sopenharmony_ci# in the file LICENSE in the source distribution or at
7e1051a39Sopenharmony_ci# https://www.openssl.org/source/license.html
8e1051a39Sopenharmony_ci
9e1051a39Sopenharmony_ci
10e1051a39Sopenharmony_ciuse strict;
11e1051a39Sopenharmony_ciuse warnings;
12e1051a39Sopenharmony_ci
13e1051a39Sopenharmony_ciuse File::Spec;
14e1051a39Sopenharmony_ciuse OpenSSL::Test qw/:DEFAULT data_file with/;
15e1051a39Sopenharmony_ciuse OpenSSL::Test::Utils;
16e1051a39Sopenharmony_ci
17e1051a39Sopenharmony_cisub pkey_check {
18e1051a39Sopenharmony_ci    my $f = shift;
19e1051a39Sopenharmony_ci    my $pubcheck = shift;
20e1051a39Sopenharmony_ci    my @checkopt = ('-check');
21e1051a39Sopenharmony_ci
22e1051a39Sopenharmony_ci    @checkopt = ('-pubcheck', '-pubin') if $pubcheck;
23e1051a39Sopenharmony_ci
24e1051a39Sopenharmony_ci    return run(app(['openssl', 'pkey', @checkopt, '-text',
25e1051a39Sopenharmony_ci                    '-in', $f]));
26e1051a39Sopenharmony_ci}
27e1051a39Sopenharmony_ci
28e1051a39Sopenharmony_cisub check_key {
29e1051a39Sopenharmony_ci    my $f = shift;
30e1051a39Sopenharmony_ci    my $should_fail = shift;
31e1051a39Sopenharmony_ci    my $pubcheck = shift;
32e1051a39Sopenharmony_ci    my $str;
33e1051a39Sopenharmony_ci
34e1051a39Sopenharmony_ci
35e1051a39Sopenharmony_ci    $str = "$f should fail validation" if $should_fail;
36e1051a39Sopenharmony_ci    $str = "$f should pass validation" unless $should_fail;
37e1051a39Sopenharmony_ci
38e1051a39Sopenharmony_ci    $f = data_file($f);
39e1051a39Sopenharmony_ci
40e1051a39Sopenharmony_ci    if ( -s $f ) {
41e1051a39Sopenharmony_ci        with({ exit_checker => sub { return shift == $should_fail; } },
42e1051a39Sopenharmony_ci            sub {
43e1051a39Sopenharmony_ci                ok(pkey_check($f, $pubcheck), $str);
44e1051a39Sopenharmony_ci            });
45e1051a39Sopenharmony_ci    } else {
46e1051a39Sopenharmony_ci        fail("Missing file $f");
47e1051a39Sopenharmony_ci    }
48e1051a39Sopenharmony_ci}
49e1051a39Sopenharmony_ci
50e1051a39Sopenharmony_cisetup("test_pkey_check");
51e1051a39Sopenharmony_ci
52e1051a39Sopenharmony_cimy @negative_tests = ();
53e1051a39Sopenharmony_ci
54e1051a39Sopenharmony_cipush(@negative_tests, (
55e1051a39Sopenharmony_ci    # For EC keys the range for the secret scalar `k` is `1 <= k <= n-1`
56e1051a39Sopenharmony_ci    "ec_p256_bad_0.pem", # `k` set to `n` (equivalent to `0 mod n`, invalid)
57e1051a39Sopenharmony_ci    "ec_p256_bad_1.pem", # `k` set to `n+1` (equivalent to `1 mod n`, invalid)
58e1051a39Sopenharmony_ci    )) unless disabled("ec");
59e1051a39Sopenharmony_ci
60e1051a39Sopenharmony_cipush(@negative_tests, (
61e1051a39Sopenharmony_ci    # For SM2 keys the range for the secret scalar `k` is `1 <= k < n-1`
62e1051a39Sopenharmony_ci    "sm2_bad_neg1.pem", # `k` set to `n-1` (invalid, because SM2 range)
63e1051a39Sopenharmony_ci    "sm2_bad_0.pem", # `k` set to `n` (equivalent to `0 mod n`, invalid)
64e1051a39Sopenharmony_ci    "sm2_bad_1.pem", # `k` set to `n+1` (equivalent to `1 mod n`, invalid)
65e1051a39Sopenharmony_ci    )) unless disabled("sm2");
66e1051a39Sopenharmony_ci
67e1051a39Sopenharmony_cimy @positive_tests = ();
68e1051a39Sopenharmony_ci
69e1051a39Sopenharmony_cipush(@positive_tests, (
70e1051a39Sopenharmony_ci    "dhpkey.pem"
71e1051a39Sopenharmony_ci    )) unless disabled("dh");
72e1051a39Sopenharmony_ci
73e1051a39Sopenharmony_cimy @negative_pubtests = ("rsapub_17k.pem");  # Too big RSA public key
74e1051a39Sopenharmony_ci
75e1051a39Sopenharmony_cipush(@negative_pubtests, (
76e1051a39Sopenharmony_ci    "dsapub_noparam.der"
77e1051a39Sopenharmony_ci    )) unless disabled("dsa");
78e1051a39Sopenharmony_ci
79e1051a39Sopenharmony_cimy @positive_pubtests = ();
80e1051a39Sopenharmony_ci
81e1051a39Sopenharmony_cipush(@positive_pubtests, (
82e1051a39Sopenharmony_ci    "dsapub.pem"
83e1051a39Sopenharmony_ci    )) unless disabled("dsa");
84e1051a39Sopenharmony_ci
85e1051a39Sopenharmony_ciplan skip_all => "No tests within the current enabled feature set"
86e1051a39Sopenharmony_ci    unless @negative_tests && @positive_tests
87e1051a39Sopenharmony_ci           && @negative_pubtests && @positive_pubtests;
88e1051a39Sopenharmony_ci
89e1051a39Sopenharmony_ciplan tests => scalar(@negative_tests) + scalar(@positive_tests)
90e1051a39Sopenharmony_ci              + scalar(@negative_pubtests) + scalar(@positive_pubtests);
91e1051a39Sopenharmony_ci
92e1051a39Sopenharmony_ciforeach my $t (@negative_tests) {
93e1051a39Sopenharmony_ci    check_key($t, 1, 0);
94e1051a39Sopenharmony_ci}
95e1051a39Sopenharmony_ci
96e1051a39Sopenharmony_ciforeach my $t (@positive_tests) {
97e1051a39Sopenharmony_ci    check_key($t, 0, 0);
98e1051a39Sopenharmony_ci}
99e1051a39Sopenharmony_ci
100e1051a39Sopenharmony_ciforeach my $t (@negative_pubtests) {
101e1051a39Sopenharmony_ci    check_key($t, 1, 1);
102e1051a39Sopenharmony_ci}
103e1051a39Sopenharmony_ci
104e1051a39Sopenharmony_ciforeach my $t (@positive_pubtests) {
105e1051a39Sopenharmony_ci    check_key($t, 0, 1);
106e1051a39Sopenharmony_ci}
107