mirror of https://github.com/openssl/openssl
Test RSA oaep in fips mode
Added RSA oaep test that uses the pkeyutl application. Added an openssl application option to support loading a (fips) provider via the '-config' option. Added openssl application related environment variable 'OPENSSL_TEST_LIBCTX' (for testing purposes only), that creates a non default library context. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11948)
This commit is contained in:
parent
a27cb956c0
commit
ae89578be2
|
@ -65,6 +65,7 @@ CONF *app_load_config_bio(BIO *in, const char *filename);
|
|||
CONF *app_load_config(const char *filename);
|
||||
CONF *app_load_config_quiet(const char *filename);
|
||||
int app_load_modules(const CONF *config);
|
||||
CONF *app_load_config_modules(const char *configfile);
|
||||
void unbuffer(FILE *fp);
|
||||
void wait_for_async(SSL *s);
|
||||
# if defined(OPENSSL_SYS_MSDOS)
|
||||
|
@ -290,9 +291,12 @@ typedef struct verify_options_st {
|
|||
|
||||
extern VERIFY_CB_ARGS verify_args;
|
||||
|
||||
OPENSSL_CTX *app_create_libctx(void);
|
||||
OPENSSL_CTX *app_get0_libctx(void);
|
||||
OSSL_PARAM *app_params_new_from_opts(STACK_OF(OPENSSL_STRING) *opts,
|
||||
const OSSL_PARAM *paramdefs);
|
||||
void app_params_free(OSSL_PARAM *params);
|
||||
int app_provider_load(OPENSSL_CTX *libctx, const char *provider_name);
|
||||
void app_providers_cleanup(void);
|
||||
|
||||
#endif
|
||||
|
|
|
@ -273,6 +273,9 @@
|
|||
OPT_PROV_PROVIDER, OPT_PROV_PROVIDER_PATH, \
|
||||
OPT_PROV__LAST
|
||||
|
||||
# define OPT_CONFIG_OPTION \
|
||||
{ "config", OPT_CONFIG, '<', "Load a configuration file (this may load modules)" }
|
||||
|
||||
# define OPT_PROV_OPTIONS \
|
||||
OPT_SECTION("Provider"), \
|
||||
{ "provider_path", OPT_PROV_PROVIDER_PATH, 's', "Provider load path (must be before 'provider' argument if required)" }, \
|
||||
|
|
|
@ -8,6 +8,7 @@
|
|||
*/
|
||||
|
||||
#include "apps.h"
|
||||
#include <string.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/provider.h>
|
||||
#include <openssl/safestack.h>
|
||||
|
@ -21,14 +22,19 @@ enum prov_range { OPT_PROV_ENUM };
|
|||
|
||||
static STACK_OF(OSSL_PROVIDER) *app_providers = NULL;
|
||||
|
||||
static int opt_provider_load(const char *provider)
|
||||
static void provider_free(OSSL_PROVIDER *prov)
|
||||
{
|
||||
OSSL_PROVIDER_unload(prov);
|
||||
}
|
||||
|
||||
int app_provider_load(OPENSSL_CTX *libctx, const char *provider_name)
|
||||
{
|
||||
OSSL_PROVIDER *prov;
|
||||
|
||||
prov = OSSL_PROVIDER_load(NULL, provider);
|
||||
prov = OSSL_PROVIDER_load(libctx, provider_name);
|
||||
if (prov == NULL) {
|
||||
opt_printf_stderr("%s: unable to load provider %s\n",
|
||||
opt_getprog(), provider);
|
||||
opt_getprog(), provider_name);
|
||||
return 0;
|
||||
}
|
||||
if (app_providers == NULL)
|
||||
|
@ -41,11 +47,6 @@ static int opt_provider_load(const char *provider)
|
|||
return 1;
|
||||
}
|
||||
|
||||
static void provider_free(OSSL_PROVIDER *prov)
|
||||
{
|
||||
OSSL_PROVIDER_unload(prov);
|
||||
}
|
||||
|
||||
void app_providers_cleanup(void)
|
||||
{
|
||||
sk_OSSL_PROVIDER_pop_free(app_providers, provider_free);
|
||||
|
@ -56,7 +57,7 @@ static int opt_provider_path(const char *path)
|
|||
{
|
||||
if (path != NULL && *path == '\0')
|
||||
path = NULL;
|
||||
return OSSL_PROVIDER_set_default_search_path(NULL, path);
|
||||
return OSSL_PROVIDER_set_default_search_path(app_get0_libctx(), path);
|
||||
}
|
||||
|
||||
int opt_provider(int opt)
|
||||
|
@ -66,7 +67,7 @@ int opt_provider(int opt)
|
|||
case OPT_PROV__LAST:
|
||||
return 1;
|
||||
case OPT_PROV_PROVIDER:
|
||||
return opt_provider_load(opt_arg());
|
||||
return app_provider_load(app_get0_libctx(), opt_arg());
|
||||
case OPT_PROV_PROVIDER_PATH:
|
||||
return opt_provider_path(opt_arg());
|
||||
}
|
||||
|
|
|
@ -78,6 +78,8 @@ typedef struct {
|
|||
unsigned long mask;
|
||||
} NAME_EX_TBL;
|
||||
|
||||
static OPENSSL_CTX *app_libctx = NULL;
|
||||
|
||||
static int set_table_opts(unsigned long *flags, const char *arg,
|
||||
const NAME_EX_TBL * in_tbl);
|
||||
static int set_multi_opts(unsigned long *flags, const char *arg,
|
||||
|
@ -335,13 +337,37 @@ static char *app_get_pass(const char *arg, int keepbio)
|
|||
return OPENSSL_strdup(tpass);
|
||||
}
|
||||
|
||||
OPENSSL_CTX *app_get0_libctx(void)
|
||||
{
|
||||
return app_libctx;
|
||||
}
|
||||
|
||||
OPENSSL_CTX *app_create_libctx(void)
|
||||
{
|
||||
/*
|
||||
* Load the NULL provider into the default library context and create a
|
||||
* library context which will then be used for any OPT_PROV options.
|
||||
*/
|
||||
if (app_libctx == NULL) {
|
||||
|
||||
if (!app_provider_load(NULL, "null")) {
|
||||
BIO_puts(bio_err, "Failed to create null provider\n");
|
||||
return NULL;
|
||||
}
|
||||
app_libctx = OPENSSL_CTX_new();
|
||||
}
|
||||
if (app_libctx == NULL)
|
||||
BIO_puts(bio_err, "Failed to create library context\n");
|
||||
return app_libctx;
|
||||
}
|
||||
|
||||
CONF *app_load_config_bio(BIO *in, const char *filename)
|
||||
{
|
||||
long errorline = -1;
|
||||
CONF *conf;
|
||||
int i;
|
||||
|
||||
conf = NCONF_new(NULL);
|
||||
conf = NCONF_new_with_libctx(app_libctx, NULL);
|
||||
i = NCONF_load_bio(conf, in, &errorline);
|
||||
if (i > 0)
|
||||
return conf;
|
||||
|
@ -357,6 +383,7 @@ CONF *app_load_config_bio(BIO *in, const char *filename)
|
|||
else
|
||||
BIO_printf(bio_err, "config input");
|
||||
|
||||
CONF_modules_load(conf, NULL, 0);
|
||||
NCONF_free(conf);
|
||||
return NULL;
|
||||
}
|
||||
|
@ -434,6 +461,23 @@ int add_oid_section(CONF *conf)
|
|||
return 1;
|
||||
}
|
||||
|
||||
CONF *app_load_config_modules(const char *configfile)
|
||||
{
|
||||
CONF *conf = NULL;
|
||||
|
||||
if (configfile != NULL) {
|
||||
BIO_printf(bio_err, "Using configuration from %s\n", configfile);
|
||||
|
||||
if ((conf = app_load_config(configfile)) == NULL)
|
||||
return NULL;
|
||||
if (configfile != default_config_file && !app_load_modules(conf)) {
|
||||
NCONF_free(conf);
|
||||
conf = NULL;
|
||||
}
|
||||
}
|
||||
return conf;
|
||||
}
|
||||
|
||||
X509 *load_cert_pass(const char *uri, int maybe_stdin,
|
||||
const char *pass, const char *desc)
|
||||
{
|
||||
|
|
|
@ -58,6 +58,7 @@ static void warn_deprecated(const FUNCTION *fp)
|
|||
|
||||
static int apps_startup(void)
|
||||
{
|
||||
const char *use_libctx = NULL;
|
||||
#ifdef SIGPIPE
|
||||
signal(SIGPIPE, SIG_IGN);
|
||||
#endif
|
||||
|
@ -69,11 +70,26 @@ static int apps_startup(void)
|
|||
|
||||
setup_ui_method();
|
||||
|
||||
/*
|
||||
* NOTE: This is an undocumented feature required for testing only.
|
||||
* There are no guarantees that it will exist in future builds.
|
||||
*/
|
||||
use_libctx = getenv("OPENSSL_TEST_LIBCTX");
|
||||
if (use_libctx != NULL) {
|
||||
/* Set this to "1" to create a global libctx */
|
||||
if (strcmp(use_libctx, "1") == 0) {
|
||||
if (app_create_libctx() == NULL)
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
static void apps_shutdown(void)
|
||||
{
|
||||
app_providers_cleanup();
|
||||
OPENSSL_CTX_free(app_get0_libctx());
|
||||
destroy_ui_method();
|
||||
}
|
||||
|
||||
|
@ -273,7 +289,6 @@ int main(int argc, char *argv[])
|
|||
: do_cmd(prog, 1, help_argv);
|
||||
|
||||
end:
|
||||
app_providers_cleanup();
|
||||
OPENSSL_free(default_config_file);
|
||||
lh_FUNCTION_free(prog);
|
||||
OPENSSL_free(arg.argv);
|
||||
|
|
|
@ -25,7 +25,8 @@ DEFINE_STACK_OF_STRING()
|
|||
static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize,
|
||||
const char *keyfile, int keyform, int key_type,
|
||||
char *passinarg, int pkey_op, ENGINE *e,
|
||||
const int impl, int rawin, EVP_PKEY **ppkey);
|
||||
const int impl, int rawin, EVP_PKEY **ppkey,
|
||||
OPENSSL_CTX *libctx, const char *propq);
|
||||
|
||||
static int setup_peer(EVP_PKEY_CTX *ctx, int peerform, const char *file,
|
||||
ENGINE *e);
|
||||
|
@ -47,6 +48,7 @@ typedef enum OPTION_choice {
|
|||
OPT_DERIVE, OPT_SIGFILE, OPT_INKEY, OPT_PEERKEY, OPT_PASSIN,
|
||||
OPT_PEERFORM, OPT_KEYFORM, OPT_PKEYOPT, OPT_PKEYOPT_PASSIN, OPT_KDF,
|
||||
OPT_KDFLEN, OPT_R_ENUM, OPT_PROV_ENUM,
|
||||
OPT_CONFIG,
|
||||
OPT_RAWIN, OPT_DIGEST
|
||||
} OPTION_CHOICE;
|
||||
|
||||
|
@ -63,6 +65,7 @@ const OPTIONS pkeyutl_options[] = {
|
|||
{"encrypt", OPT_ENCRYPT, '-', "Encrypt input data with public key"},
|
||||
{"decrypt", OPT_DECRYPT, '-', "Decrypt input data with private key"},
|
||||
{"derive", OPT_DERIVE, '-', "Derive shared secret"},
|
||||
OPT_CONFIG_OPTION,
|
||||
|
||||
OPT_SECTION("Input"),
|
||||
{"in", OPT_IN, '<', "Input file - default stdin"},
|
||||
|
@ -100,6 +103,7 @@ const OPTIONS pkeyutl_options[] = {
|
|||
|
||||
int pkeyutl_main(int argc, char **argv)
|
||||
{
|
||||
CONF *conf = NULL;
|
||||
BIO *in = NULL, *out = NULL;
|
||||
ENGINE *e = NULL;
|
||||
EVP_PKEY_CTX *ctx = NULL;
|
||||
|
@ -122,6 +126,8 @@ int pkeyutl_main(int argc, char **argv)
|
|||
int rawin = 0;
|
||||
const EVP_MD *md = NULL;
|
||||
int filesize = -1;
|
||||
OPENSSL_CTX *libctx = app_get0_libctx();
|
||||
const char *propq = NULL;
|
||||
|
||||
prog = opt_init(argc, argv, pkeyutl_options);
|
||||
while ((o = opt_next()) != OPT_EOF) {
|
||||
|
@ -168,6 +174,11 @@ int pkeyutl_main(int argc, char **argv)
|
|||
if (!opt_rand(o))
|
||||
goto end;
|
||||
break;
|
||||
case OPT_CONFIG:
|
||||
conf = app_load_config_modules(opt_arg());
|
||||
if (conf == NULL)
|
||||
goto end;
|
||||
break;
|
||||
case OPT_PROV_CASES:
|
||||
if (!opt_provider(o))
|
||||
goto end;
|
||||
|
@ -281,7 +292,8 @@ int pkeyutl_main(int argc, char **argv)
|
|||
goto opthelp;
|
||||
}
|
||||
ctx = init_ctx(kdfalg, &keysize, inkey, keyform, key_type,
|
||||
passinarg, pkey_op, e, engine_impl, rawin, &pkey);
|
||||
passinarg, pkey_op, e, engine_impl, rawin, &pkey,
|
||||
libctx, propq);
|
||||
if (ctx == NULL) {
|
||||
BIO_printf(bio_err, "%s: Error initializing context\n", prog);
|
||||
ERR_print_errors(bio_err);
|
||||
|
@ -484,6 +496,7 @@ int pkeyutl_main(int argc, char **argv)
|
|||
OPENSSL_free(sig);
|
||||
sk_OPENSSL_STRING_free(pkeyopts);
|
||||
sk_OPENSSL_STRING_free(pkeyopts_passin);
|
||||
NCONF_free(conf);
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
@ -491,7 +504,8 @@ static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize,
|
|||
const char *keyfile, int keyform, int key_type,
|
||||
char *passinarg, int pkey_op, ENGINE *e,
|
||||
const int engine_impl, int rawin,
|
||||
EVP_PKEY **ppkey)
|
||||
EVP_PKEY **ppkey,
|
||||
OPENSSL_CTX *libctx, const char *propq)
|
||||
{
|
||||
EVP_PKEY *pkey = NULL;
|
||||
EVP_PKEY_CTX *ctx = NULL;
|
||||
|
@ -547,13 +561,19 @@ static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize,
|
|||
goto end;
|
||||
}
|
||||
}
|
||||
ctx = EVP_PKEY_CTX_new_id(kdfnid, impl);
|
||||
if (impl != NULL)
|
||||
ctx = EVP_PKEY_CTX_new_id(kdfnid, impl);
|
||||
else
|
||||
ctx = EVP_PKEY_CTX_new_from_name(libctx, kdfalg, propq);
|
||||
} else {
|
||||
if (pkey == NULL)
|
||||
goto end;
|
||||
|
||||
*pkeysize = EVP_PKEY_size(pkey);
|
||||
ctx = EVP_PKEY_CTX_new(pkey, impl);
|
||||
if (impl != NULL)
|
||||
ctx = EVP_PKEY_CTX_new(pkey, impl);
|
||||
else
|
||||
ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propq);
|
||||
if (ppkey != NULL)
|
||||
*ppkey = pkey;
|
||||
EVP_PKEY_free(pkey);
|
||||
|
|
|
@ -38,6 +38,7 @@ B<openssl> B<pkeyutl>
|
|||
[B<-engine_impl>]
|
||||
{- $OpenSSL::safe::opt_r_synopsis -}
|
||||
{- $OpenSSL::safe::opt_provider_synopsis -}
|
||||
{- $OpenSSL::safe::opt_config_synopsis -}
|
||||
|
||||
=for openssl ifdef engine engine_impl
|
||||
|
||||
|
@ -193,6 +194,8 @@ engine I<id> for crypto operations.
|
|||
|
||||
{- $OpenSSL::safe::opt_provider_item -}
|
||||
|
||||
{- $OpenSSL::safe::opt_config_item -}
|
||||
|
||||
=back
|
||||
|
||||
=head1 NOTES
|
||||
|
|
|
@ -52,15 +52,6 @@ I<options> and I<parameters>.
|
|||
Detailed documentation and use cases for most standard subcommands are available
|
||||
(e.g., L<openssl-x509(1)>).
|
||||
|
||||
Many commands use an external configuration file for some or all of their
|
||||
arguments and have a B<-config> option to specify that file.
|
||||
The default name of the file is F<openssl.cnf> in the default certificate
|
||||
storage area, which can be determined from the L<openssl-version(1)>
|
||||
command.
|
||||
The environment variable B<OPENSSL_CONF> can be used to specify
|
||||
a different location of the file.
|
||||
See L<openssl-env(7)>.
|
||||
|
||||
The list options B<-standard-commands>, B<-digest-commands>,
|
||||
and B<-cipher-commands> output a list (one entry per line) of the names
|
||||
of all standard commands, message digest commands, or cipher commands,
|
||||
|
@ -86,6 +77,17 @@ availability of ciphers in the B<openssl> program. (B<no->I<XXX> is
|
|||
not able to detect pseudo-commands such as B<quit>,
|
||||
B<list>, or B<no->I<XXX> itself.)
|
||||
|
||||
=head2 Configuration Option
|
||||
|
||||
Many commands use an external configuration file for some or all of their
|
||||
arguments and have a B<-config> option to specify that file.
|
||||
The default name of the file is F<openssl.cnf> in the default certificate
|
||||
storage area, which can be determined from the L<openssl-version(1)>
|
||||
command. This can be used to load modules.
|
||||
The environment variable B<OPENSSL_CONF> can be used to specify
|
||||
a different location of the file.
|
||||
See L<openssl-env(7)>.
|
||||
|
||||
=head2 Standard Commands
|
||||
|
||||
=over 4
|
||||
|
|
|
@ -101,6 +101,14 @@ $OpenSSL::safe::opt_provider_item = ""
|
|||
. "\n"
|
||||
. "See L<openssl(1)/Provider Options>.";
|
||||
|
||||
# Configuration option
|
||||
$OpenSSL::safe::opt_config_synopsis = ""
|
||||
. "[B<-config> I<configfile>]\n";
|
||||
$OpenSSL::safe::opt_config_item = ""
|
||||
. "=item B<-config> I<configfile>\n"
|
||||
. "\n"
|
||||
. "See L<openssl(1)/Configuration Option>.";
|
||||
|
||||
# Engine option
|
||||
$OpenSSL::safe::opt_engine_synopsis = "";
|
||||
$OpenSSL::safe::opt_engine_item = "";
|
||||
|
|
|
@ -0,0 +1,155 @@
|
|||
#! /usr/bin/env perl
|
||||
# Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
# in the file LICENSE in the source distribution or at
|
||||
# https://www.openssl.org/source/license.html
|
||||
|
||||
use strict;
|
||||
use warnings;
|
||||
|
||||
use OpenSSL::Test qw(:DEFAULT data_file bldtop_dir srctop_file srctop_dir bldtop_file);
|
||||
use OpenSSL::Test::Utils;
|
||||
use File::Compare qw/compare_text/;
|
||||
|
||||
BEGIN {
|
||||
setup("test_rsaoaep");
|
||||
}
|
||||
use lib srctop_dir('Configurations');
|
||||
use lib bldtop_dir('.');
|
||||
use platform;
|
||||
|
||||
my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
|
||||
|
||||
plan tests =>
|
||||
($no_fips ? 0 : 1) # FIPS install test
|
||||
+ 9;
|
||||
|
||||
my @prov = ( );
|
||||
my $provconf = srctop_file("test", "fips.cnf");
|
||||
my $provpath = bldtop_dir("providers");
|
||||
my $msg_file = data_file("plain_text");
|
||||
my $enc1_file = "enc1.bin";
|
||||
my $enc2_file = "enc2.bin";
|
||||
my $enc3_file = "enc3.bin";
|
||||
my $dec1_file = "dec1.txt";
|
||||
my $dec2_file = "dec2.txt";
|
||||
my $dec3_file = "dec3.txt";
|
||||
my $key_file = srctop_file("test", "testrsa.pem");
|
||||
|
||||
unless ($no_fips) {
|
||||
@prov = ( "-provider_path", $provpath, "-config", $provconf );
|
||||
my $infile = bldtop_file('providers', platform->dso('fips'));
|
||||
|
||||
ok(run(app(['openssl', 'fipsinstall',
|
||||
'-out', bldtop_file('providers', 'fipsmodule.cnf'),
|
||||
'-module', $infile])),
|
||||
"fipsinstall");
|
||||
$ENV{OPENSSL_TEST_LIBCTX} = "1";
|
||||
}
|
||||
|
||||
ok(run(app(['openssl', 'pkeyutl',
|
||||
@prov,
|
||||
'-encrypt',
|
||||
'-in', $msg_file,
|
||||
'-inkey', $key_file,
|
||||
'-pkeyopt', 'pad-mode:oaep',
|
||||
'-pkeyopt', 'oaep-label:123',
|
||||
'-pkeyopt', 'digest:sha1',
|
||||
'-pkeyopt', 'mgf1-digest:sha1',
|
||||
'-out', $enc1_file])),
|
||||
"RSA OAEP Encryption");
|
||||
|
||||
ok(!run(app(['openssl', 'pkeyutl',
|
||||
@prov,
|
||||
'-encrypt',
|
||||
'-in', $key_file,
|
||||
'-inkey', $key_file,
|
||||
'-pkeyopt', 'pad-mode:oaep',
|
||||
'-pkeyopt', 'oaep-label:123',
|
||||
'-pkeyopt', 'digest:sha256',
|
||||
'-pkeyopt', 'mgf1-digest:sha1'])),
|
||||
"RSA OAEP Encryption should fail if the message is larger than the rsa modulus");
|
||||
|
||||
ok(run(app(['openssl', 'pkeyutl',
|
||||
@prov,
|
||||
'-decrypt',
|
||||
'-inkey', $key_file,
|
||||
'-pkeyopt', 'pad-mode:oaep',
|
||||
'-pkeyopt', 'oaep-label:123',
|
||||
'-pkeyopt', 'digest:sha1',
|
||||
'-pkeyopt', 'mgf1-digest:sha1',
|
||||
'-in', $enc1_file,
|
||||
'-out', $dec1_file]))
|
||||
&& compare_text($dec1_file, $msg_file) == 0,
|
||||
"RSA OAEP Decryption");
|
||||
|
||||
ok(!run(app(['openssl', 'pkeyutl',
|
||||
@prov,
|
||||
'-decrypt',
|
||||
'-inkey', $key_file,
|
||||
'-pkeyopt', 'pad-mode:oaep',
|
||||
'-pkeyopt', 'oaep-label:123',
|
||||
'-pkeyopt', 'digest:sha256',
|
||||
'-pkeyopt', 'mgf1-digest:sha224',
|
||||
'-in', $enc1_file])),
|
||||
"Incorrect digest for RSA OAEP Decryption");
|
||||
|
||||
ok(!run(app(['openssl', 'pkeyutl',
|
||||
@prov,
|
||||
'-decrypt',
|
||||
'-inkey', $key_file,
|
||||
'-pkeyopt', 'pad-mode:oaep',
|
||||
'-pkeyopt', 'oaep-label:123',
|
||||
'-pkeyopt', 'digest:sha1',
|
||||
'-pkeyopt', 'mgf1-digest:sha224',
|
||||
'-in', $enc1_file])),
|
||||
"Incorrect mgf1-digest for RSA OAEP Decryption");
|
||||
|
||||
ok(run(app(['openssl', 'pkeyutl',
|
||||
@prov,
|
||||
'-encrypt',
|
||||
'-in', $msg_file,
|
||||
'-inkey', $key_file,
|
||||
'-pkeyopt', 'pad-mode:oaep',
|
||||
'-pkeyopt', 'oaep-label:123',
|
||||
'-pkeyopt', 'digest:sha1',
|
||||
'-pkeyopt', 'mgf1-digest:sha1',
|
||||
'-out', $enc2_file]))
|
||||
&& compare_text($enc2_file, $enc1_file) != 0,
|
||||
"RSA OAEP Encryption should generate different encrypted data");
|
||||
|
||||
ok(run(app(['openssl', 'pkeyutl',
|
||||
@prov,
|
||||
'-decrypt',
|
||||
'-inkey', $key_file,
|
||||
'-pkeyopt', 'pad-mode:oaep',
|
||||
'-pkeyopt', 'oaep-label:123',
|
||||
'-in', $enc2_file,
|
||||
'-out', $dec2_file]))
|
||||
&& compare_text($dec2_file, $msg_file) == 0,
|
||||
"RSA OAEP Decryption with default digests");
|
||||
|
||||
ok(run(app(['openssl', 'pkeyutl',
|
||||
@prov,
|
||||
'-encrypt',
|
||||
'-in', $msg_file,
|
||||
'-inkey', $key_file,
|
||||
'-pkeyopt', 'pad-mode:oaep',
|
||||
'-pkeyopt', 'oaep-label:123',
|
||||
'-out', $enc3_file])),
|
||||
"RSA OAEP Encryption with default digests");
|
||||
|
||||
ok(run(app(['openssl', 'pkeyutl',
|
||||
@prov,
|
||||
'-decrypt',
|
||||
'-inkey', $key_file,
|
||||
'-pkeyopt', 'pad-mode:oaep',
|
||||
'-pkeyopt', 'oaep-label:123',
|
||||
'-pkeyopt', 'digest:sha1',
|
||||
'-pkeyopt', 'mgf1-digest:sha1',
|
||||
'-in', $enc3_file,
|
||||
'-out', $dec3_file]))
|
||||
&& compare_text($dec3_file, $msg_file) == 0,
|
||||
"RSA OAEP Decryption with explicit default digests");
|
|
@ -0,0 +1 @@
|
|||
Hello world
|
Loading…
Reference in New Issue