packages/uadk_engine
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
uadk_engine/0052-uadk-add-DH-sanity-test.patch
JiangShui 766dabe45f Backport uadk engine build patch
2023-11-21 11:24:33 +08:00

226 lines
9.7 KiB
Diff
Raw Blame History

From e98342b85f0f437de57f82078ecfff987d939570 Mon Sep 17 00:00:00 2001
From: Zhangfei Gao <zhangfei.gao@linaro.org>
Date: Mon, 23 Oct 2023 06:38:15 +0000
Subject: [PATCH 52/63] uadk: add DH sanity test
Add DH sanity test.
Also, for clarity, put all 3.0 sanity tests into a different file:
test/sanity_test_openssl3.0.sh
Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
---
test/sanity_test.sh | 73 +--------------------
test/sanity_test_openssl3.0.sh | 115 +++++++++++++++++++++++++++++++++
2 files changed, 116 insertions(+), 72 deletions(-)
create mode 100755 test/sanity_test_openssl3.0.sh
diff --git a/test/sanity_test.sh b/test/sanity_test.sh
index 5b61da3..7f2d586 100755
--- a/test/sanity_test.sh
+++ b/test/sanity_test.sh
@@ -14,78 +14,7 @@ echo "OpenSSL major version is "$major_version
# Check if the major version is equal to or greater than 3
if ((major_version >= 3)); then
- engine_id="$TEST_SCRIPT_DIR/../src/.libs/uadk_provider.so"
- digest_algs=$(openssl list -provider $engine_id -digest-algorithms)
- cipher_algs=$(openssl list -provider $engine_id -cipher-algorithms)
- signature_algs=$(openssl list -provider $engine_id -signature-algorithms)
-fi
-
-if [[ $digest_algs =~ "uadk_provider" ]]; then
- echo "uadk_provider testing digest"
- openssl speed -provider $engine_id -evp md5
- openssl speed -provider $engine_id -evp sm3
- openssl speed -provider $engine_id -evp sha1
- openssl speed -provider $engine_id -evp sha2-224
- openssl speed -provider $engine_id -evp sha2-256
- openssl speed -provider $engine_id -evp sha2-384
- openssl speed -provider $engine_id -evp sha2-512
-
- openssl speed -provider $engine_id -async_jobs 1 -evp md5
- openssl speed -provider $engine_id -async_jobs 1 -evp sm3
- openssl speed -provider $engine_id -async_jobs 1 -evp sha1
- openssl speed -provider $engine_id -async_jobs 1 -evp sha2-224
- openssl speed -provider $engine_id -async_jobs 1 -evp sha2-256
- openssl speed -provider $engine_id -async_jobs 1 -evp sha2-384
- openssl speed -provider $engine_id -async_jobs 1 -evp sha2-512
-fi
-
-if [[ $cipher_algs =~ "uadk_provider" ]]; then
- echo "uadk_provider testing cipher"
- openssl speed -provider $engine_id -evp aes-128-cbc
- openssl speed -provider $engine_id -evp aes-192-cbc
- openssl speed -provider $engine_id -evp aes-256-cbc
- openssl speed -provider $engine_id -evp aes-128-ecb
- openssl speed -provider $engine_id -evp aes-192-ecb
- openssl speed -provider $engine_id -evp aes-256-ecb
- openssl speed -provider $engine_id -evp aes-128-xts
- openssl speed -provider $engine_id -evp aes-256-xts
- openssl speed -provider $engine_id -evp sm4-cbc
- openssl speed -provider $engine_id -evp sm4-ecb
- openssl speed -provider $engine_id -evp des-ede3-cbc
- openssl speed -provider $engine_id -evp des-ede3-ecb
-
- openssl speed -provider $engine_id -async_jobs 1 -evp aes-128-cbc
- openssl speed -provider $engine_id -async_jobs 1 -evp aes-192-cbc
- openssl speed -provider $engine_id -async_jobs 1 -evp aes-256-cbc
- openssl speed -provider $engine_id -async_jobs 1 -evp aes-128-ecb
- openssl speed -provider $engine_id -async_jobs 1 -evp aes-192-ecb
- openssl speed -provider $engine_id -async_jobs 1 -evp aes-256-ecb
- openssl speed -provider $engine_id -async_jobs 1 -evp aes-128-xts
- openssl speed -provider $engine_id -async_jobs 1 -evp aes-256-xts
- openssl speed -provider $engine_id -async_jobs 1 -evp sm4-cbc
- openssl speed -provider $engine_id -async_jobs 1 -evp sm4-ecb
- openssl speed -provider $engine_id -async_jobs 1 -evp des-ede3-cbc
- openssl speed -provider $engine_id -async_jobs 1 -evp des-ede3-ecb
-fi
-
-if [[ $signature_algs =~ "uadk_provider" ]]; then
- echo "uadk_provider testing rsa"
- openssl speed -provider $engine_id rsa1024
- openssl speed -provider $engine_id rsa2048
- openssl speed -provider $engine_id rsa4096
- openssl speed -provider $engine_id -async_jobs 1 rsa1024
- openssl speed -provider $engine_id -async_jobs 1 rsa2048
- openssl speed -provider $engine_id -async_jobs 1 rsa4096
-
- openssl genrsa -out prikey.pem -provider $engine_id 1024
- openssl rsa -in prikey.pem -pubout -out pubkey.pem -provider $engine_id
- echo "Content to be encrypted" > plain.txt
-
- openssl pkeyutl -encrypt -in plain.txt -inkey pubkey.pem -pubin -out enc.txt \
- -pkeyopt rsa_padding_mode:pkcs1 -provider $engine_id
-
- openssl pkeyutl -decrypt -in enc.txt -inkey prikey.pem -out dec.txt \
- -pkeyopt rsa_padding_mode:pkcs1 -provider $engine_id
+ $TEST_SCRIPT_DIR/sanity_test_openssl3.0.sh
fi
if [[ $version =~ "1.1.1" ]]; then
diff --git a/test/sanity_test_openssl3.0.sh b/test/sanity_test_openssl3.0.sh
new file mode 100755
index 0000000..7f543ae
--- /dev/null
+++ b/test/sanity_test_openssl3.0.sh
@@ -0,0 +1,115 @@
+#!/bin/bash
+
+set -x
+sudo chmod 666 /dev/hisi_*
+
+TEST_SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+version=$(openssl version)
+echo $version
+
+# Extract the major version number (e.g., "3") from the version string
+major_version=$(echo $version | awk -F'[ .]' '{print $2}')
+echo "OpenSSL major version is "$major_version
+
+# Check if the major version is equal to or greater than 3
+if ((major_version >= 3)); then
+ engine_id="$TEST_SCRIPT_DIR/../src/.libs/uadk_provider.so"
+ digest_algs=$(openssl list -provider $engine_id -digest-algorithms)
+ cipher_algs=$(openssl list -provider $engine_id -cipher-algorithms)
+ signature_algs=$(openssl list -provider $engine_id -signature-algorithms)
+ keyexch_algs=$(openssl list -provider $engine_id -key-exchange-algorithms)
+fi
+
+if [[ $digest_algs =~ "uadk_provider" ]]; then
+ echo "uadk_provider testing digest"
+ openssl speed -provider $engine_id -evp md5
+ openssl speed -provider $engine_id -evp sm3
+ openssl speed -provider $engine_id -evp sha1
+ openssl speed -provider $engine_id -evp sha2-224
+ openssl speed -provider $engine_id -evp sha2-256
+ openssl speed -provider $engine_id -evp sha2-384
+ openssl speed -provider $engine_id -evp sha2-512
+
+ openssl speed -provider $engine_id -async_jobs 1 -evp md5
+ openssl speed -provider $engine_id -async_jobs 1 -evp sm3
+ openssl speed -provider $engine_id -async_jobs 1 -evp sha1
+ openssl speed -provider $engine_id -async_jobs 1 -evp sha2-224
+ openssl speed -provider $engine_id -async_jobs 1 -evp sha2-256
+ openssl speed -provider $engine_id -async_jobs 1 -evp sha2-384
+ openssl speed -provider $engine_id -async_jobs 1 -evp sha2-512
+fi
+
+if [[ $cipher_algs =~ "uadk_provider" ]]; then
+ echo "uadk_provider testing cipher"
+ openssl speed -provider $engine_id -evp aes-128-cbc
+ openssl speed -provider $engine_id -evp aes-192-cbc
+ openssl speed -provider $engine_id -evp aes-256-cbc
+ openssl speed -provider $engine_id -evp aes-128-ecb
+ openssl speed -provider $engine_id -evp aes-192-ecb
+ openssl speed -provider $engine_id -evp aes-256-ecb
+ openssl speed -provider $engine_id -evp aes-128-xts
+ openssl speed -provider $engine_id -evp aes-256-xts
+ openssl speed -provider $engine_id -evp sm4-cbc
+ openssl speed -provider $engine_id -evp sm4-ecb
+ openssl speed -provider $engine_id -evp des-ede3-cbc
+ openssl speed -provider $engine_id -evp des-ede3-ecb
+
+ openssl speed -provider $engine_id -async_jobs 1 -evp aes-128-cbc
+ openssl speed -provider $engine_id -async_jobs 1 -evp aes-192-cbc
+ openssl speed -provider $engine_id -async_jobs 1 -evp aes-256-cbc
+ openssl speed -provider $engine_id -async_jobs 1 -evp aes-128-ecb
+ openssl speed -provider $engine_id -async_jobs 1 -evp aes-192-ecb
+ openssl speed -provider $engine_id -async_jobs 1 -evp aes-256-ecb
+ openssl speed -provider $engine_id -async_jobs 1 -evp aes-128-xts
+ openssl speed -provider $engine_id -async_jobs 1 -evp aes-256-xts
+ openssl speed -provider $engine_id -async_jobs 1 -evp sm4-cbc
+ openssl speed -provider $engine_id -async_jobs 1 -evp sm4-ecb
+ openssl speed -provider $engine_id -async_jobs 1 -evp des-ede3-cbc
+ openssl speed -provider $engine_id -async_jobs 1 -evp des-ede3-ecb
+fi
+
+if [[ $signature_algs =~ "uadk_provider" ]]; then
+ echo "uadk_provider testing rsa"
+ openssl speed -provider $engine_id rsa1024
+ openssl speed -provider $engine_id rsa2048
+ openssl speed -provider $engine_id rsa4096
+ openssl speed -provider $engine_id -async_jobs 1 rsa1024
+ openssl speed -provider $engine_id -async_jobs 1 rsa2048
+ openssl speed -provider $engine_id -async_jobs 1 rsa4096
+
+ openssl genrsa -out prikey.pem -provider $engine_id 1024
+ openssl rsa -in prikey.pem -pubout -out pubkey.pem -provider $engine_id
+ echo "Content to be encrypted" > plain.txt
+
+ openssl pkeyutl -encrypt -in plain.txt -inkey pubkey.pem -pubin -out enc.txt \
+ -pkeyopt rsa_padding_mode:pkcs1 -provider $engine_id
+
+ openssl pkeyutl -decrypt -in enc.txt -inkey prikey.pem -out dec.txt \
+ -pkeyopt rsa_padding_mode:pkcs1 -provider $engine_id
+fi
+
+if [[ $keyexch_algs =~ "uadk_provider" ]]; then
+ echo "uadk_provider testing dh"
+
+ #1. Generate global public parameters, and save them in the file dhparam.pem:
+ openssl dhparam -out dhparam.pem 2048
+
+ #2. Generate own private key:
+ openssl genpkey -paramfile dhparam.pem -out privatekey1.pem -provider $engine_id
+ openssl genpkey -paramfile dhparam.pem -out privatekey2.pem -provider $engine_id
+
+ #3. Generate public key:
+ openssl pkey -in privatekey1.pem -pubout -out publickey1.pem -provider $engine_id
+ openssl pkey -in privatekey2.pem -pubout -out publickey2.pem -provider $engine_id
+
+ #4. After exchanging public key, each user can derive the shared secret:
+ openssl pkeyutl -derive -inkey privatekey1.pem -peerkey publickey2.pem -out secret1.bin -provider $engine_id
+ openssl pkeyutl -derive -inkey privatekey2.pem -peerkey publickey1.pem -out secret2.bin -provider $engine_id
+
+ #5. Check secret1.bin and secret2.bin:
+ cmp secret1.bin secret2.bin
+ xxd secret1.bin
+ xxd secret2.bin
+ #secret1.bin and secret2.bin should be same.
+fi
--
2.25.1
Reference in New Issue View Git Blame Copy Permalink