From 70ec749d23620cbabae0ed622585befe674eb0bd Mon Sep 17 00:00:00 2001
From: Dmitry Belyavskiy <beldmit@gmail.com>
Date: Thu, 8 Aug 2024 13:45:19 +0200
Subject: [PATCH] Encap/decap in pkeyutl - tests

---
 test/decap_out.bin             |  3 +++
 test/encap_out.bin             |  4 ++++
 test/encap_secret.bin          |  3 +++
 test/recipes/20-test_pkeyutl.t | 34 ++++++++++++++++++++++++++++++++--
 4 files changed, 42 insertions(+), 2 deletions(-)
 create mode 100644 test/decap_out.bin
 create mode 100644 test/encap_out.bin
 create mode 100644 test/encap_secret.bin

diff --git a/test/decap_out.bin b/test/decap_out.bin
new file mode 100644
index 00000000000000..b94441ed1c0027
--- /dev/null
+++ b/test/decap_out.bin
@@ -0,0 +1,3 @@
+6žW«¡ŠòÌn‘©ú;’ù¡ÃÄmç Ä¥ÉB[HãÕË#äÓ‡(™‡hŽ]:\³PŸ›xñe¡ƒŽbòé)G¿fõÈ"¨ýË­fË	ÊýJÝ)ïþÜì{ªHm‚\PÃº+¸PÞ¸%èÄ/jÏ™%çØ†È<_æ~–
+K—JEhßù‡©lEa¼:¢(Ÿå/\Ñ®Íb€Ã®©Ê×È-g,AYœ‹4
+lÚtÚN­)~\HU4yáŸ	}qJŸ€”t#¦}.™üTÅý”?ÚØÏŠÐÿcD=üLõ¨nmv{—éÅ¿Ô‹È£®
\ No newline at end of file
diff --git a/test/encap_out.bin b/test/encap_out.bin
new file mode 100644
index 00000000000000..024fc40550f155
--- /dev/null
+++ b/test/encap_out.bin
@@ -0,0 +1,4 @@
+¼:÷Ùy‚Ä‰5°ã ÿÙ[Û2ê<¾ê?«î±qÕª1·µŒ¸ºæÝ>YÎMå¯¬3PÝ
+ìÛO’2rÈÙŠíùAd"Gç„m‡2mÏÄ7x•Ñhú7-ÿ@:?NµÇrSê‹œKÁ¡žè`«t¥ÉŸªÓxiéå¤´'	Mhøñ‘˜3rÞÚƒ–Sd¦ðO±£ãHT„F§þ
+®‹kZ'xšFÛKùx”q"ÐÒúl@04E‰†ÌûŽ;c¾iA}U÷ÆŒP6ýk0–‰ó%DôòLÄ.U– aO¨(LIý®QÇç¢ÏA
+Œ[´uÔžØ4s$¨†Ò%tÕB
\ No newline at end of file
diff --git a/test/encap_secret.bin b/test/encap_secret.bin
new file mode 100644
index 00000000000000..b94441ed1c0027
--- /dev/null
+++ b/test/encap_secret.bin
@@ -0,0 +1,3 @@
+6žW«¡ŠòÌn‘©ú;’ù¡ÃÄmç Ä¥ÉB[HãÕË#äÓ‡(™‡hŽ]:\³PŸ›xñe¡ƒŽbòé)G¿fõÈ"¨ýË­fË	ÊýJÝ)ïþÜì{ªHm‚\PÃº+¸PÞ¸%èÄ/jÏ™%çØ†È<_æ~–
+K—JEhßù‡©lEa¼:¢(Ÿå/\Ñ®Íb€Ã®©Ê×È-g,AYœ‹4
+lÚtÚN­)~\HU4yáŸ	}qJŸ€”t#¦}.™üTÅý”?ÚØÏŠÐÿcD=üLõ¨nmv{—éÅ¿Ô‹È£®
\ No newline at end of file
diff --git a/test/recipes/20-test_pkeyutl.t b/test/recipes/20-test_pkeyutl.t
index 76e4f0a869459d..e9472a21352e2a 100644
--- a/test/recipes/20-test_pkeyutl.t
+++ b/test/recipes/20-test_pkeyutl.t
@@ -13,11 +13,11 @@ use File::Spec;
 use File::Basename;
 use OpenSSL::Test qw/:DEFAULT srctop_file ok_nofips/;
 use OpenSSL::Test::Utils;
-use File::Compare qw/compare_text/;
+use File::Compare qw/compare_text compare/;
 
 setup("test_pkeyutl");
 
-plan tests => 14;
+plan tests => 19;
 
 # For the tests below we use the cert itself as the TBS file
 
@@ -200,3 +200,33 @@ SKIP: {
                     "-rawin");
     };
 }
+
+#Encap/decap tests
+# openssl pkeyutl -encap -pubin -inkey rsa_pub.pem -secret secret.bin -out encap_out.bin
+# openssl pkeyutl -decap -inkey rsa_priv.pem -in encap_out.bin -out decap_out.bin
+# decap_out is equal to secret
+SKIP: {
+    skip "RSA is not supported by this OpenSSL build", 3
+        if disabled("rsa");
+
+    # Self-compat
+    ok(run(app(([ 'openssl', 'pkeyutl', '-encap', '-pubin', '-kemop', 'RSASVE',
+                  '-inkey', srctop_file('test', 'testrsa2048pub.pem'),
+                  '-out', 'encap_out.bin', '-secret', 'secret.bin']))),
+                  "RSA pubkey encapsulation");
+    ok(run(app(([ 'openssl', 'pkeyutl', '-decap', '-kemop', 'RSASVE',
+                  '-inkey', srctop_file('test', 'testrsa2048.pem'),
+                  '-in', 'encap_out.bin', '-out', 'decap_out.bin']))),
+                  "RSA pubkey decapsulation");
+    is(compare("secret.bin", "decap_out.bin"), 0, "Secret is correctly decapsulated");
+
+    # Pregenerated
+    ok(run(app(([ 'openssl', 'pkeyutl', '-decap', '-kemop', 'RSASVE',
+                  '-inkey', srctop_file('test', 'testrsa2048.pem'),
+                  '-in', srctop_file('test', 'encap_out.bin'), '-out', 'decap_out_etl.bin']))),
+                  "RSA pubkey decapsulation - pregenerated");
+
+    is(compare(srctop_file('test', 'encap_secret.bin'), "decap_out_etl.bin"), 0,
+               "Secret is correctly decapsulated - pregenerated");
+}
+