diff options
| author | Richard Levitte <richard@levitte.org> | 2021-02-13 14:52:39 +0100 |
|---|---|---|
| committer | Dmitry Belyavskiy <beldmit@users.noreply.github.com> | 2021-10-11 19:34:09 +0300 |
| commit | bd2d5542f307ae0e9e98a291f0d765a0be58b5fd (patch) | |
| tree | 86cf8c484f908d225be6f525332948065338800d /test | |
| parent | 0021eb1fac2d7a6e628b1a4125cecd7520f7b6b6 (diff) | |
| download | gost-engine-bd2d5542f307ae0e9e98a291f0d765a0be58b5fd.zip gost-engine-bd2d5542f307ae0e9e98a291f0d765a0be58b5fd.tar.gz gost-engine-bd2d5542f307ae0e9e98a291f0d765a0be58b5fd.tar.bz2 | |
Making a gost provider - Add the ciphers
We add the ciphers for the provider as wrappers around the routines
designed for ENGINEs. This is not the most elegant, but it does the
job.
When an algorithm has an OID, it's included in the OSSL_ALGORITHM name
as an aliase. This is the way to avoid having to register the OIDs in
OpenSSL proper.
test/03-encrypt.t is modified to test the provider as well.
Diffstat (limited to 'test')
| -rw-r--r-- | test/03-encrypt.t | 350 |
1 files changed, 207 insertions, 143 deletions
diff --git a/test/03-encrypt.t b/test/03-encrypt.t index 5b25f30..91e8876 100644 --- a/test/03-encrypt.t +++ b/test/03-encrypt.t @@ -1,160 +1,224 @@ #!/usr/bin/perl use Test2::V0; -skip_all('TODO: add symmetric cipher support in provider') - unless $ARGV[0] eq 'engine'; -plan(48); use Cwd 'abs_path'; -# -# If this variable is set, engine would be loaded via configuration -# file. Otherwise - via command line -# -my $use_config = 1; - -# prepare data for - -my $key='0123456789abcdef' x 2; +my $engine_name = $ENV{ENGINE_NAME} || 'gost'; +my $provider_name = $ENV{PROVIDER_NAME} || 'gostprov'; +# Supported test types: # -# You can redefine engine to use using ENGINE_NAME environment variable -# -my $engine=$ENV{'ENGINE_NAME'}||"gost"; +# conf Only if there's a command line argument. +# For this test type, we rely entirely on the +# caller to define the environment variable +# OPENSSL_CONF appropriately. +# standalone-engine-conf Tests the engine through a generated config +# file. +# This is done when there are no command line +# arguments or when the environment variable +# ENGINE_NAME is defined. +# standalone-engine-args Tests the engine through openssl command args. +# This is done when there are no command line +# arguments or when the environment variable +# ENGINE_NAME is defined. +# standalone-provider-conf Tests the provider through a generated config +# file. +# This is done when there are no command line +# arguments or when the environment variable +# PROVIDER_NAME is defined. +# standalone-provider-args Tests the provider through openssl command args. +# This is done when there are no command line +# arguments or when the environment variable +# PROVIDER_NAME is defined. +my @test_types = ( $ARGV[0] ? 'conf' : (), + ( !$ARGV[0] || $ENV{ENGINE_NAME} + ? ( 'standalone-engine-conf', 'standalone-engine-args' ) + : () ), + ( !$ARGV[0] || $ENV{PROVIDER_NAME} + ? ( 'standalone-provider-conf', 'standalone-provider-args' ) + : () ) ); + +plan(48 * scalar @test_types); + +# prepare data for -# Reopen STDERR to eliminate extra output -open STDERR, ">>","tests.err"; - -our $count=0; +my $key='0123456789abcdef' x 2; -# -# parameters -paramset = oid of the parameters -# -cleartext - data to encrypt -# -ciphertext - expected ciphertext (hex-encoded) -# -key - key (hex-encoded) -# -iv - IV (hex-encoded) -# -my $F; -my $eng_param; - -open $F,">","test.cnf"; -if (defined($use_config) && $use_config) { - $eng_param = ""; - open $F,">","test.cnf"; - print $F <<EOCFG +my %configurations = ( + 'standalone-engine-args' => { + 'openssl-args' => "-engine $engine_name", + }, + 'standalone-provider-args' => { + 'openssl-args' => "-provider $provider_name -provider default", + }, + 'standalone-engine-conf' => { + 'openssl-conf' => <<EOCFG, openssl_conf = openssl_def [openssl_def] engines = engines [engines] -${engine}=gost_conf -[gost_conf] +${engine_name}=${engine_name}_conf +[${engine_name}_conf] default_algorithms = ALL - EOCFG -} else { - $eng_param = "-engine $engine" -} -close $F; -$ENV{'OPENSSL_CONF'}=abs_path('test.cnf'); - + }, + 'standalone-provider-conf' => { + 'openssl-conf' => <<EOCFG, +openssl_conf = openssl_def +[openssl_def] +providers = providers +[providers] +${provider_name}=${provider_name}_conf +[${provider_name}_conf] +EOCFG + }, +); + sub crypt_test { - my %p = @_; - our $count++; - open my $f, ">", "test$count.clear"; - print $f $p{-cleartext}; - close $f; - - $ENV{'CRYPT_PARAMS'} = $p{-paramset} if exists $p{-paramset}; - my $ctext = `openssl enc ${eng_param} -e -$p{-alg} -K $p{-key} -iv $p{-iv} -in test$count.clear`; - is($?,0,"$p{-name} - encrypt successful"); - is(unpack("H*",$ctext),$p{-ciphertext},"$p{-name} - ciphertext expected"); - open $f, ">", "test$count.enc"; - print $f $ctext; - close $f; - my $otext = `openssl enc ${eng_param} -d -$p{-alg} -K $p{-key} -iv $p{-iv} -in test$count.enc`; - is($?,0,"$p{-name} - decrypt successful"); - is($otext,$p{-cleartext},"$p{-name} - decrypted correctly"); - unlink "test$count.enc"; - unlink "test$count.clear"; - delete $ENV{'CRYPT_PARAMS'}; + my %p = @_; + my $test_type = $p{-testtype}; + my $args = $p{-args}; + my $count = ++${$p{-count}}; + my $result_name = "$test_type$count"; + open my $f, ">", "$result_name.clear"; + print $f $p{-cleartext}; + close $f; + + $ENV{'CRYPT_PARAMS'} = $p{-paramset} if exists $p{-paramset}; + my $ccmd = "openssl enc${args} -e -$p{-alg} -K $p{-key} -iv $p{-iv} -in $result_name.clear"; + my $ctext = `$ccmd`; + unless (is($?,0,"$p{-name} - Trying to encrypt")) { + diag("Command was: $ccmd"); + } + is(unpack("H*",$ctext),$p{-ciphertext},"$p{-name} - Checking that it encrypted correctly"); + open $f, ">", "$result_name.enc"; + print $f $ctext; + close $f; + my $ocmd = "openssl enc${args} -d -$p{-alg} -K $p{-key} -iv $p{-iv} -in $result_name.enc"; + my $otext = `$ocmd`; + unless(is($?,0,"$p{-name} - Trying to decrypt")) { + diag("Command was: $ocmd"); + } + is($otext,$p{-cleartext},"$p{-name} - Checking that it decrypted correctly"); + unlink "$result_name.enc"; + unlink "$result_name.clear"; + delete $ENV{'CRYPT_PARAMS'}; } -$key = '0123456789ABCDEF' x 4; -my $iv = '0000000000000000'; -my $clear1 = "The quick brown fox jumps over the lazy dog\n"; - -crypt_test(-paramset=> "1.2.643.2.2.31.1", -key => $key, -iv => $iv, - -cleartext => $clear1, - -ciphertext => '07f4102c6185c4a09e676e269bfa4bc9c5df6575916b879bd13a893a2285ee6690107cdeef7a315d2eb54bfa', - -alg => 'gost89', - -name=> 'CFB short text, paramset A'); - -crypt_test(-paramset=> "1.2.643.2.2.31.2", -key => $key, -iv => $iv, - -cleartext => $clear1, - -ciphertext => '11465c1c9708033e784fbb5536f2719c38353cb488b01f195c20d4c027022e8300d98bb66c138afbe878c88b', - -alg => 'gost89', - -name=> 'CFB short text, paramset B'); - -crypt_test(-paramset=> "1.2.643.2.2.31.3", -key => $key, -iv => $iv, - -cleartext => $clear1, - -ciphertext => '2f213b390c9b6ceb18de479686d23f4f03c76644a0aab8894b50b71a3bbb3c027ec4c2d569ba0e6a873bd46e', - -alg => 'gost89', - -name=> 'CFB short text, paramset C'); - -crypt_test(-paramset=> "1.2.643.2.2.31.4", -key => $key, -iv => $iv, - -cleartext => $clear1, - -ciphertext => 'e835f59a7fdfd84764efe1e987660327f5d0de187afea72f9cd040983a5e5bbeb4fe1aa5ff85d623ebc4d435', - -alg => 'gost89', - -name=> 'CFB short text, paramset D'); - - -crypt_test(-paramset=> "1.2.643.2.2.31.1", -key => $key, -iv => $iv, - -cleartext => $clear1, - -ciphertext => 'bcb821452e459f10f92019171e7c3b27b87f24b174306667f67704812c07b70b5e7420f74a9d54feb4897df8', - -alg => 'gost89-cnt', - -name=> 'CNT short text'); - -crypt_test(-paramset=> "1.2.643.2.2.31.2", -key => $key, -iv => $iv, - -cleartext => $clear1, - -ciphertext => 'bcb821452e459f10f92019171e7c3b27b87f24b174306667f67704812c07b70b5e7420f74a9d54feb4897df8', - -alg => 'gost89-cnt', - -name=> 'CNT short text, paramset param doesnt affect cnt'); - - -crypt_test(-paramset=> "1.2.643.2.2.31.1", -key => $key, -iv => $iv, - -cleartext => $clear1, - -ciphertext => 'cf3f5f713b3d10abd0c6f7bafb6aaffe13dfc12ef5c844f84873aeaaf6eb443a9747c9311b86f97ba3cdb5c4', - -alg => 'gost89-cnt-12', - -name=> 'CNT-12 short text'); - -crypt_test(-paramset=> "1.2.643.2.2.31.2", -key => $key, -iv => $iv, - -cleartext => $clear1, - -ciphertext => 'cf3f5f713b3d10abd0c6f7bafb6aaffe13dfc12ef5c844f84873aeaaf6eb443a9747c9311b86f97ba3cdb5c4', - -alg => 'gost89-cnt-12', - -name=> 'CNT-12 short text, paramset param doesnt affect cnt'); - - -crypt_test(-paramset=> "1.2.643.2.2.31.1", -key => $key, -iv => $iv, - -cleartext => $clear1, - -ciphertext => '3a3293e75089376572da44966cd1759c29d2f1e5e1c3fa9674909a63026da3dc51a4266bff37fb74a3a07155c9ca8fcf', - -alg => 'gost89-cbc', - -name=> 'CBC short text, paramset A'); - - -crypt_test(-paramset=> "1.2.643.2.2.31.2", -key => $key, -iv => $iv, - -cleartext => $clear1, - -ciphertext => 'af2a2167b75852378af176ac9950e3c4bffc94d3d4355191707adbb16d6c8e3f3a07868c4702babef18393edfac60a6d', - -alg => 'gost89-cbc', - -name=> 'CBC short text, paramset B'); - -crypt_test(-paramset=> "1.2.643.2.2.31.3", -key => $key, -iv => $iv, - -cleartext => $clear1, - -ciphertext => '987c0fb3d84530467a1973791e0a25e33c5d14591976f8c1573bdb9d056eb7b353f66fef3ffe2e3524583b3997123c8a', - -alg => 'gost89-cbc', - -name=> 'CBC short text, paramset C'); - -crypt_test(-paramset=> "1.2.643.2.2.31.4", -key => $key, -iv => $iv, - -cleartext => $clear1, - -ciphertext => 'e076b09822d4786a2863125d16594d765d8acd0f360e52df42e9d52c8e6c0e6595b5f6bbecb04a22c8ae5f4f87c1523b', - -alg => 'gost89-cbc', - -name=> 'CBC short text, paramset D'); - -unlink "test.cnf"; +foreach my $test_type (@test_types) { + my $configuration = $configurations{$test_type}; + my $module_args = $configuration->{'openssl-args'} // ''; + my $module_conf = $configuration->{'openssl-conf'}; + # This is a trick to make a locally modifiable environment variable and + # retain it's current value as a default. + local $ENV{OPENSSL_CONF} = $ENV{OPENSSL_CONF}; + + note("Running tests for test type $test_type"); + + if ($module_args) { + $module_args = ' ' . $module_args; + } + if (defined $module_conf) { + my $confname = "$test_type.cnf"; + open my $F, '>', $confname; + print $F $module_conf; + close $F; + $ENV{OPENSSL_CONF} = abs_path($confname); + } + + # Reopen STDERR to eliminate extra output + #open STDERR, ">>","tests.err"; + + my $count=0; + + # + # parameters -paramset = oid of the parameters + # -cleartext - data to encrypt + # -ciphertext - expected ciphertext (hex-encoded) + # -key - key (hex-encoded) + # -iv - IV (hex-encoded) + # + $key = '0123456789ABCDEF' x 4; + my $iv = '0000000000000000'; + my $clear1 = "The quick brown fox jumps over the lazy dog\n"; + my @common_args = ( -count => \$count, + -args => $module_args, + -key => $key, + -iv => $iv, + -cleartext => $clear1 ); + + crypt_test(-paramset => "1.2.643.2.2.31.1", + -ciphertext => '07f4102c6185c4a09e676e269bfa4bc9c5df6575916b879bd13a893a2285ee6690107cdeef7a315d2eb54bfa', + -alg => 'gost89', + -name => 'CFB short text, paramset A', + @common_args); + + crypt_test(-paramset => "1.2.643.2.2.31.2", + -ciphertext => '11465c1c9708033e784fbb5536f2719c38353cb488b01f195c20d4c027022e8300d98bb66c138afbe878c88b', + -alg => 'gost89', + -name => 'CFB short text, paramset B', + @common_args); + + crypt_test(-paramset => "1.2.643.2.2.31.3", + -ciphertext => '2f213b390c9b6ceb18de479686d23f4f03c76644a0aab8894b50b71a3bbb3c027ec4c2d569ba0e6a873bd46e', + -alg => 'gost89', + -name => 'CFB short text, paramset C', + @common_args); + + crypt_test(-paramset => "1.2.643.2.2.31.4", + -ciphertext => 'e835f59a7fdfd84764efe1e987660327f5d0de187afea72f9cd040983a5e5bbeb4fe1aa5ff85d623ebc4d435', + -alg => 'gost89', + -name => 'CFB short text, paramset D', + @common_args); + + crypt_test(-paramset => "1.2.643.2.2.31.1", + -ciphertext => 'bcb821452e459f10f92019171e7c3b27b87f24b174306667f67704812c07b70b5e7420f74a9d54feb4897df8', + -alg => 'gost89-cnt', + -name => 'CNT short text', + @common_args); + + crypt_test(-paramset => "1.2.643.2.2.31.2", + -ciphertext => 'bcb821452e459f10f92019171e7c3b27b87f24b174306667f67704812c07b70b5e7420f74a9d54feb4897df8', + -alg => 'gost89-cnt', + -name => 'CNT short text, paramset param doesnt affect cnt', + @common_args); + + crypt_test(-paramset => "1.2.643.2.2.31.1", + -ciphertext => 'cf3f5f713b3d10abd0c6f7bafb6aaffe13dfc12ef5c844f84873aeaaf6eb443a9747c9311b86f97ba3cdb5c4', + -alg => 'gost89-cnt-12', + -name => 'CNT-12 short text', + @common_args); + + crypt_test(-paramset => "1.2.643.2.2.31.2", + -ciphertext => 'cf3f5f713b3d10abd0c6f7bafb6aaffe13dfc12ef5c844f84873aeaaf6eb443a9747c9311b86f97ba3cdb5c4', + -alg => 'gost89-cnt-12', + -name => 'CNT-12 short text, paramset param doesnt affect cnt', + @common_args); + + crypt_test(-paramset => "1.2.643.2.2.31.1", + -ciphertext => '3a3293e75089376572da44966cd1759c29d2f1e5e1c3fa9674909a63026da3dc51a4266bff37fb74a3a07155c9ca8fcf', + -alg => 'gost89-cbc', + -name => 'CBC short text, paramset A', + @common_args); + + crypt_test(-paramset => "1.2.643.2.2.31.2", + -ciphertext => 'af2a2167b75852378af176ac9950e3c4bffc94d3d4355191707adbb16d6c8e3f3a07868c4702babef18393edfac60a6d', + -alg => 'gost89-cbc', + -name => 'CBC short text, paramset B', + @common_args); + + crypt_test(-paramset => "1.2.643.2.2.31.3", + -ciphertext => '987c0fb3d84530467a1973791e0a25e33c5d14591976f8c1573bdb9d056eb7b353f66fef3ffe2e3524583b3997123c8a', + -alg => 'gost89-cbc', + -name => 'CBC short text, paramset C', + @common_args); + + crypt_test(-paramset => "1.2.643.2.2.31.4", + -ciphertext => 'e076b09822d4786a2863125d16594d765d8acd0f360e52df42e9d52c8e6c0e6595b5f6bbecb04a22c8ae5f4f87c1523b', + -alg => 'gost89-cbc', + -name => 'CBC short text, paramset D', + @common_args); + + if (defined $module_conf) { + unlink "$test_type.cnf"; + } +} |