diff --git a/.github/scripts/check-workflow-result.sh b/.github/scripts/check-workflow-result.sh index 60f1b449..1cc9a87c 100755 --- a/.github/scripts/check-workflow-result.sh +++ b/.github/scripts/check-workflow-result.sh @@ -2,7 +2,7 @@ set -e -if [ $# -lt 2 ]; then +if [ $# -lt 1 ]; then echo "Usage: $0 [WOLFPROV_FORCE_FAIL] [TEST_SUITE]" exit 1 fi @@ -11,7 +11,12 @@ TEST_RESULT="$1" WOLFPROV_FORCE_FAIL="${2:-}" TEST_SUITE="${3:-}" -if [ "$WOLFPROV_FORCE_FAIL" = "1" ]; then +# If force fail is empty treat second arg as test suite +if [ -z "$WOLFPROV_FORCE_FAIL" ]; then + TEST_SUITE="${2:-}" +fi + +if [ "$WOLFPROV_FORCE_FAIL" = "WOLFPROV_FORCE_FAIL=1" ]; then if [ "$TEST_SUITE" = "curl" ]; then # --- curl-specific logic --- if [ -f "tests/test.log" ]; then @@ -69,21 +74,6 @@ if [ "$WOLFPROV_FORCE_FAIL" = "1" ]; then echo "FAIL: Actual failed tests do not match expected." exit 1 fi - elif [ "$TEST_SUITE" = "simple" ]; then - # --- simple test suite specific logic --- - if [ -f "test-suite.log" ]; then - # For simple tests, we expect all tests to fail when force fail is enabled - if [ $TEST_RESULT -eq 0 ]; then - echo "Simple tests unexpectedly succeeded with force fail enabled" - exit 1 - else - echo "Simple tests failed as expected with force fail enabled" - exit 0 - fi - else - echo "Error: test-suite.log not found" - exit 1 - fi else # --- generic force-fail logic for other suites --- if [ $TEST_RESULT -eq 0 ]; then diff --git a/.github/workflows/curl.yml b/.github/workflows/curl.yml index 60bfd8c4..0c8cdb8c 100644 --- a/.github/workflows/curl.yml +++ b/.github/workflows/curl.yml @@ -73,7 +73,7 @@ jobs: matrix: curl_ref: [ 'master', 'curl-8_4_0' ] wolfssl_ref: [ 'master', 'v5.7.4-stable' ] - force_fail: [ 1, 0 ] # ['WOLFPROV_FORCE_FAIL=1', ''] + force_fail: ['WOLFPROV_FORCE_FAIL=1', ''] steps: - name: Checkout wolfProvider uses: actions/checkout@v4 @@ -118,7 +118,7 @@ jobs: - name: Generate certificates for curl master force-fail tests run: | - if [ "${{ matrix.force_fail }}" = "1" ] && + if [ "${{ matrix.force_fail }}" = "WOLFPROV_FORCE_FAIL=1" ] && [ "${{ matrix.curl_ref }}" = "master" ]; then cd curl/tests/certs make test-ca.cacert @@ -132,7 +132,7 @@ jobs: export OPENSSL_CONF=$GITHUB_WORKSPACE/provider.conf export OPENSSL_MODULES=$GITHUB_WORKSPACE/wolfprov-install/lib export PKG_CONFIG_PATH=$GITHUB_WORKSPACE/openssl-install/lib64/pkgconfig - export WOLFPROV_FORCE_FAIL=${{ matrix.force_fail }} + export ${{ matrix.force_fail }} export CURL_REF=${{ matrix.curl_ref }} # Run tests and save output to test.log diff --git a/.github/workflows/simple.yml b/.github/workflows/simple.yml index 183c93a0..78181e8e 100644 --- a/.github/workflows/simple.yml +++ b/.github/workflows/simple.yml @@ -24,7 +24,7 @@ jobs: - 'OPENSSL_TAG=master' - 'WOLFSSL_TAG=master' - 'OPENSSL_TAG=master WOLFSSL_TAG=master' - force_fail: [ 1, 0 ] # ['WOLFPROV_FORCE_FAIL=1', ''] + force_fail: ['WOLFPROV_FORCE_FAIL=1', ''] steps: - name: Checkout wolfProvider @@ -61,13 +61,11 @@ jobs: - name: Build wolfProvider if: steps.wolfprov-${{ matrix.build_ref }}-cache.hit != 'true' run: | - ${{ matrix.build_ref.openssl }} ${{ matrix.build_ref.wolfssl }} WOLFPROV_FORCE_FAIL=${{ matrix.force_fail }} ./scripts/build-wolfprovider.sh || BUILD_RESULT=$? - $GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $BUILD_RESULT ${{ matrix.force_fail }} simple + ${{ matrix.build_ref.openssl }} ${{ matrix.build_ref.wolfssl }} ./scripts/build-wolfprovider.sh - name: Run simple tests run: | - WOLFPROV_FORCE_FAIL=${{ matrix.force_fail }} ./scripts/cmd_test/do-cmd-tests.sh || TEST_RESULT=$? - $GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} simple + ./scripts/cmd_test/do-cmd-tests.sh ${{ matrix.force_fail }} - name: Print test logs if: always() diff --git a/scripts/cmd_test/aes-cmd-test.sh b/scripts/cmd_test/aes-cmd-test.sh index 1737022c..d9da1b12 100755 --- a/scripts/cmd_test/aes-cmd-test.sh +++ b/scripts/cmd_test/aes-cmd-test.sh @@ -1,4 +1,24 @@ #!/bin/bash +# aes-cmd-test.sh +# AES encryption test for wolfProvider +# +# Copyright (C) 2006-2024 wolfSSL Inc. +# +# This file is part of wolfProvider. +# +# wolfProvider is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# wolfProvider is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA # Set up environment SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" @@ -16,8 +36,17 @@ source "${UTILS_DIR}/utils-wolfprovider.sh" # Initialize the environment init_wolfprov -# Fail flag +# Fail flags FAIL=0 +FORCE_FAIL=0 +FORCE_FAIL_PASSED=0 + +# Check for force fail parameter +if [ "$1" = "WOLFPROV_FORCE_FAIL=1" ]; then + export WOLFPROV_FORCE_FAIL=1 + FORCE_FAIL=1 + echo -e "\nForce fail mode enabled for AES tests" +fi # Verify wolfProvider is properly loaded echo -e "\nVerifying wolfProvider configuration:" @@ -27,7 +56,7 @@ if ! $OPENSSL_BIN list -providers | grep -q "wolf"; then $OPENSSL_BIN list -providers FAIL=1 else - echo "[PASS] wolfProvider is properly configured" + echo "wolfProvider is properly configured" fi # Print environment for verification @@ -40,6 +69,14 @@ echo "OPENSSL_BIN: ${OPENSSL_BIN}" mkdir -p aes_outputs echo "This is test data for AES encryption testing." > test.txt +# Helper function to handle force fail checks +check_force_fail() { + if [ $FORCE_FAIL -eq 1 ]; then + echo "[PASS] Test passed when force fail was enabled" + FORCE_FAIL_PASSED=1 + fi +} + # Arrays for test configurations KEY_SIZES=("128" "192" "256") # Only include modes supported by wolfProvider @@ -83,6 +120,7 @@ for key_size in "${KEY_SIZES[@]}"; do if [ $FAIL -eq 0 ]; then if cmp -s "test.txt" "$dec_file"; then echo "[PASS] Interop AES-${key_size}-${mode}: OpenSSL encrypt, wolfProvider decrypt" + check_force_fail else echo "[FAIL] Interop AES-${key_size}-${mode}: OpenSSL encrypt, wolfProvider decrypt" FAIL=1 @@ -111,6 +149,7 @@ for key_size in "${KEY_SIZES[@]}"; do if [ $FAIL -eq 0 ]; then if cmp -s "test.txt" "$dec_file"; then echo "[PASS] Interop AES-${key_size}-${mode}: wolfProvider encrypt, OpenSSL decrypt" + check_force_fail else echo "[FAIL] Interop AES-${key_size}-${mode}: wolfProvider encrypt, OpenSSL decrypt" FAIL=1 @@ -121,11 +160,22 @@ for key_size in "${KEY_SIZES[@]}"; do done done -# Change end of script to check FAIL flag -if [ $FAIL -eq 0 ]; then - echo -e "\n=== All AES tests completed successfully ===" - exit 0 +if [ $FORCE_FAIL -eq 1 ]; then + if [ $FORCE_FAIL_PASSED -eq 1 ]; then + echo -e "\n=== AES Tests Failed With Force Fail Enabled ===" + echo "ERROR: Some tests passed when they should have failed" + exit 1 + else + echo -e "\n=== AES Tests Passed With Force Fail Enabled ===" + echo "SUCCESS: All tests failed as expected" + exit 0 + fi else - echo -e "\n=== AES tests completed with failures ===" - exit 1 + if [ $FAIL -eq 0 ]; then + echo -e "\n=== All AES tests completed successfully ===" + exit 0 + else + echo -e "\n=== AES tests completed with failures ===" + exit 1 + fi fi diff --git a/scripts/cmd_test/do-cmd-tests.sh b/scripts/cmd_test/do-cmd-tests.sh index ff18d8ad..96886203 100755 --- a/scripts/cmd_test/do-cmd-tests.sh +++ b/scripts/cmd_test/do-cmd-tests.sh @@ -20,6 +20,12 @@ # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA +# Get the force fail parameter +FORCE_FAIL=0 +if [ "$1" = "WOLFPROV_FORCE_FAIL=1" ]; then + FORCE_FAIL=1 +fi + # Get the directory where this script is located SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" REPO_ROOT="$( cd "${SCRIPT_DIR}/../.." &> /dev/null && pwd )" @@ -51,30 +57,30 @@ echo "Using wolfSSL version: ${WOLFSSL_TAG}" # Run the hash comparison test echo -e "\n=== Running Hash Comparison Test ===" -"${REPO_ROOT}/scripts/cmd_test/hash-cmd-test.sh" +"${REPO_ROOT}/scripts/cmd_test/hash-cmd-test.sh" "$1" HASH_RESULT=$? # Run the AES comparison test echo -e "\n=== Running AES Comparison Test ===" -"${REPO_ROOT}/scripts/cmd_test/aes-cmd-test.sh" +"${REPO_ROOT}/scripts/cmd_test/aes-cmd-test.sh" "$1" AES_RESULT=$? # Run the RSA key generation test echo -e "\n=== Running RSA Key Generation Test ===" -"${REPO_ROOT}/scripts/cmd_test/rsa-cmd-test.sh" +"${REPO_ROOT}/scripts/cmd_test/rsa-cmd-test.sh" "$1" RSA_RESULT=$? # Run the ECC key generation test echo -e "\n=== Running ECC Key Generation Test ===" -"${REPO_ROOT}/scripts/cmd_test/ecc-cmd-test.sh" +"${REPO_ROOT}/scripts/cmd_test/ecc-cmd-test.sh" "$1" ECC_RESULT=$? # Check results if [ $HASH_RESULT -eq 0 ] && [ $AES_RESULT -eq 0 ] && [ $RSA_RESULT -eq 0 ] && [ $ECC_RESULT -eq 0 ]; then - echo -e "\n=== All Command-Line Tests Passed ===" + echo -e "\n=== All Command-Line Tests Passed $1 ===" exit 0 else - echo -e "\n=== Command-Line Tests Failed ===" + echo -e "\n=== Command-Line Tests Failed $1 ===" echo "Hash Test Result: $HASH_RESULT (0=success)" echo "AES Test Result: $AES_RESULT (0=success)" echo "RSA Test Result: $RSA_RESULT (0=success)" diff --git a/scripts/cmd_test/ecc-cmd-test.sh b/scripts/cmd_test/ecc-cmd-test.sh index acb79b10..9d0e80b6 100755 --- a/scripts/cmd_test/ecc-cmd-test.sh +++ b/scripts/cmd_test/ecc-cmd-test.sh @@ -36,8 +36,17 @@ source "${UTILS_DIR}/utils-wolfprovider.sh" # Initialize the environment init_wolfprov -# Fail flag +# Fail flags FAIL=0 +FORCE_FAIL=0 +FORCE_FAIL_PASSED=0 + +# Check for force fail parameter +if [ "$1" = "WOLFPROV_FORCE_FAIL=1" ]; then + export WOLFPROV_FORCE_FAIL=1 + FORCE_FAIL=1 + echo -e "\nForce fail mode enabled for ECC tests" +fi # Verify wolfProvider is properly loaded echo -e "\nVerifying wolfProvider configuration:" @@ -45,9 +54,9 @@ if ! $OPENSSL_BIN list -providers | grep -q "libwolfprov"; then echo "[FAIL] wolfProvider not found in OpenSSL providers!" echo "Current provider list:" $OPENSSL_BIN list -providers - exit 1 + FAIL=1 fi -echo "[PASS] wolfProvider is properly configured" +echo "wolfProvider is properly configured" # Print environment for verification echo "Environment variables:" @@ -61,10 +70,6 @@ mkdir -p ecc_outputs # Create test data for signing echo "This is test data for ECC signing and verification." > ecc_outputs/test_data.txt -# Array of ECC curves and providers to test -CURVES=("prime256v1" "secp384r1" "secp521r1") -PROVIDER_ARGS=("-provider-path $WOLFPROV_PATH -provider libwolfprov" "-provider default") - # Function to use default provider only use_default_provider() { unset OPENSSL_MODULES @@ -79,6 +84,18 @@ use_wolf_provider() { echo "Switched to wolfProvider" } +# Helper function to handle force fail checks +check_force_fail() { + if [ $FORCE_FAIL -eq 1 ]; then + echo "[PASS] Test passed when force fail was enabled" + FORCE_FAIL_PASSED=1 + fi +} + +# Array of ECC curves and providers to test +CURVES=("prime256v1" "secp384r1" "secp521r1") +PROVIDER_ARGS=("-provider-path $WOLFPROV_PATH -provider libwolfprov" "-provider default") + echo "=== Running ECC Key Generation Tests ===" # Function to validate key @@ -92,26 +109,28 @@ validate_key() { if [ ! -f "$key_file" ]; then echo "[FAIL] ECC key (${curve}) file does not exist" FAIL=1 - return 1 + return fi # Then check if file is empty (has size 0) if [ ! -s "$key_file" ]; then echo "[FAIL] ECC key (${curve}) file is empty" FAIL=1 - return 1 + return + else + echo "[PASS] ECC key file exists and has content" + check_force_fail fi - echo "[PASS] ECC key file exists and has content" - # Try to extract public key + # Only try to extract public key if file exists and has content local pub_key_file="ecc_outputs/ecc_${curve}_pub.pem" if $OPENSSL_BIN pkey -in "$key_file" -pubout -out "$pub_key_file" \ ${provider_args} -passin pass: >/dev/null; then echo "[PASS] ECC Public key extraction successful" + check_force_fail else echo "[FAIL] ECC Public key extraction failed" FAIL=1 - return 1 fi } @@ -169,8 +188,10 @@ test_sign_verify_pkeyutl() { local default_sig_file="ecc_outputs/ecc_${curve}_default_sig.bin" if sign_ecc "$key_file" "$data_file" "$default_sig_file" "$provider_args"; then echo "[PASS] Signing with OpenSSL default successful" + check_force_fail if verify_ecc "$pub_key_file" "$data_file" "$default_sig_file" "$provider_args"; then echo "[PASS] Default provider verify successful" + check_force_fail else echo "[FAIL] Default provider verify failed" FAIL=1 @@ -186,8 +207,10 @@ test_sign_verify_pkeyutl() { local wolf_sig_file="ecc_outputs/ecc_${curve}_wolf_sig.bin" if sign_ecc "$key_file" "$data_file" "$wolf_sig_file" "$provider_args"; then echo "[PASS] Signing with wolfProvider successful" + check_force_fail if verify_ecc "$pub_key_file" "$data_file" "$wolf_sig_file" "$provider_args"; then echo "[PASS] wolfProvider sign/verify successful" + check_force_fail else echo "[FAIL] wolfProvider verify failed" FAIL=1 @@ -203,6 +226,7 @@ test_sign_verify_pkeyutl() { echo "Test 3: Cross-provider verification (default sign, wolf verify)" if verify_ecc "$pub_key_file" "$data_file" "$default_sig_file" "$provider_args"; then echo "[PASS] wolfProvider can verify OpenSSL default signature" + check_force_fail else echo "[FAIL] wolfProvider cannot verify OpenSSL default signature" FAIL=1 @@ -213,6 +237,7 @@ test_sign_verify_pkeyutl() { echo "Test 4: Cross-provider verification (wolf sign, default verify)" if verify_ecc "$pub_key_file" "$data_file" "$wolf_sig_file" "$provider_args"; then echo "[PASS] OpenSSL default can verify wolfProvider signature" + check_force_fail else echo "[FAIL] OpenSSL default cannot verify wolfProvider signature" FAIL=1 @@ -231,10 +256,12 @@ generate_and_test_key() { echo -e "\n=== Testing ECC Key Generation (${curve}) with provider default ===" echo "Generating ECC key (${curve})..." - if $OPENSSL_BIN ecparam -name $curve -genkey \ + if $OPENSSL_BIN genpkey -algorithm EC \ ${provider_args} \ + -pkeyopt ec_paramgen_curve:${curve} \ -out "$output_file" 2>/dev/null; then echo "[PASS] ECC key generation successful" + check_force_fail else echo "[FAIL] ECC key generation failed" FAIL=1 @@ -243,6 +270,7 @@ generate_and_test_key() { # Verify the key was generated if [ -s "$output_file" ]; then echo "[PASS] ECC key generation successful" + check_force_fail else echo "[FAIL] ECC key generation failed" FAIL=1 @@ -259,6 +287,7 @@ generate_and_test_key() { if $OPENSSL_BIN pkey -in "$output_file" -check \ ${provider_args} -passin pass: >/dev/null; then echo "[PASS] provider default can use ECC key (${curve})" + check_force_fail else echo "[FAIL] provider default cannot use ECC key (${curve})" FAIL=1 @@ -277,10 +306,22 @@ for curve in "${CURVES[@]}"; do done done -if [ $FAIL -eq 0 ]; then - echo -e "\n=== All ECC key generation tests completed successfully ===" - exit 0 +if [ $FORCE_FAIL -eq 1 ]; then + if [ $FORCE_FAIL_PASSED -eq 1 ]; then + echo -e "\n=== ECC Tests Failed With Force Fail Enabled ===" + echo "ERROR: Some tests passed when they should have failed" + exit 1 + else + echo -e "\n=== ECC Tests Passed With Force Fail Enabled ===" + echo "SUCCESS: All tests failed as expected" + exit 0 + fi else - echo -e "\n=== ECC key generation tests completed with failures ===" - exit 1 + if [ $FAIL -eq 0 ]; then + echo -e "\n=== All ECC tests completed successfully ===" + exit 0 + else + echo -e "\n=== ECC tests completed with failures ===" + exit 1 + fi fi diff --git a/scripts/cmd_test/hash-cmd-test.sh b/scripts/cmd_test/hash-cmd-test.sh index 1aa15e07..e8ea03fc 100755 --- a/scripts/cmd_test/hash-cmd-test.sh +++ b/scripts/cmd_test/hash-cmd-test.sh @@ -1,4 +1,24 @@ #!/bin/bash +# hash-cmd-test.sh +# Run hash command-line tests for wolfProvider +# +# Copyright (C) 2006-2024 wolfSSL Inc. +# +# This file is part of wolfProvider. +# +# wolfProvider is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# wolfProvider is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA # Set up environment SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" @@ -16,8 +36,17 @@ source "${UTILS_DIR}/utils-wolfprovider.sh" # Initialize the environment init_wolfprov -# Fail flag +# Fail flags FAIL=0 +FORCE_FAIL=0 +FORCE_FAIL_PASSED=0 + +# Check for force fail parameter +if [ "$1" = "WOLFPROV_FORCE_FAIL=1" ]; then + export WOLFPROV_FORCE_FAIL=1 + FORCE_FAIL=1 + echo -e "\nForce fail mode enabled for hash tests" +fi # Verify wolfProvider is properly loaded echo -e "\nVerifying wolfProvider configuration:" @@ -27,7 +56,7 @@ if ! $OPENSSL_BIN list -providers | grep -q "wolf"; then $OPENSSL_BIN list -providers FAIL=1 else - echo "[PASS] wolfProvider is properly configured" + echo "wolfProvider is properly configured" fi # Print environment for verification @@ -40,6 +69,19 @@ echo "OPENSSL_BIN: ${OPENSSL_BIN}" mkdir -p hash_outputs echo "This is test data for hash algorithm testing." > test.txt +# Helper function to handle force fail checks +check_force_fail() { + if [ $FORCE_FAIL -eq 1 ]; then + echo "[PASS] Test passed when force fail was enabled" + FORCE_FAIL_PASSED=1 + fi +} + +# Array of hash algorithms to test +HASH_ALGOS=("sha1" "sha224" "sha256" "sha384" "sha512") + +echo "=== Running Hash Algorithm Comparisons ===" + # Function to run hash test with specified provider options run_hash_test() { local algo="$1" @@ -81,6 +123,7 @@ compare_hashes() { if cmp -s "$openssl_file" "$wolf_file"; then echo "[PASS] ${algo} hashes match" + check_force_fail else echo "[FAIL] ${algo} hashes don't match" FAIL=1 @@ -88,11 +131,6 @@ compare_hashes() { fi } -# Array of hash algorithms to test -HASH_ALGOS=("sha1" "sha224" "sha256" "sha384" "sha512") - -echo "=== Running Hash Algorithm Comparisons ===" - # Run tests for each hash algorithm for algo in "${HASH_ALGOS[@]}"; do echo -e "\n=== Testing ${algo^^} ===" @@ -108,10 +146,22 @@ for algo in "${HASH_ALGOS[@]}"; do done # Modify end of script -if [ $FAIL -eq 0 ]; then - echo -e "\n=== All hash tests completed successfully ===" - exit 0 +if [ $FORCE_FAIL -eq 1 ]; then + if [ $FORCE_FAIL_PASSED -eq 1 ]; then + echo -e "\n=== Hash Tests Failed With Force Fail Enabled ===" + echo "ERROR: Some tests passed when they should have failed" + exit 1 + else + echo -e "\n=== Hash Tests Passed With Force Fail Enabled ===" + echo "SUCCESS: All tests failed as expected" + exit 0 + fi else - echo -e "\n=== Hash tests completed with failures ===" - exit 1 + if [ $FAIL -eq 0 ]; then + echo -e "\n=== All hash tests completed successfully ===" + exit 0 + else + echo -e "\n=== Hash tests completed with failures ===" + exit 1 + fi fi diff --git a/scripts/cmd_test/rsa-cmd-test.sh b/scripts/cmd_test/rsa-cmd-test.sh index e8948dc5..d6feb311 100755 --- a/scripts/cmd_test/rsa-cmd-test.sh +++ b/scripts/cmd_test/rsa-cmd-test.sh @@ -36,8 +36,17 @@ source "${UTILS_DIR}/utils-wolfprovider.sh" # Initialize the environment init_wolfprov -# Fail flag +# Fail flags FAIL=0 +FORCE_FAIL=0 +FORCE_FAIL_PASSED=0 + +# Check for force fail parameter +if [ "$1" = "WOLFPROV_FORCE_FAIL=1" ]; then + export WOLFPROV_FORCE_FAIL=1 + FORCE_FAIL=1 + echo -e "\nForce fail mode enabled for RSA tests" +fi # Verify wolfProvider is properly loaded echo -e "\nVerifying wolfProvider configuration:" @@ -45,9 +54,9 @@ if ! $OPENSSL_BIN list -providers | grep -q "libwolfprov"; then echo "[FAIL] wolfProvider not found in OpenSSL providers!" echo "Current provider list:" $OPENSSL_BIN list -providers - exit 1 + FAIL=1 fi -echo "[PASS] wolfProvider is properly configured" +echo "wolfProvider is properly configured" # Print environment for verification echo "Environment variables:" @@ -61,11 +70,6 @@ mkdir -p rsa_outputs # Create test data for signing echo "This is test data for RSA signing and verification." > rsa_outputs/test_data.txt -# Array of RSA key types, sizes, and providers to test -KEY_TYPES=("RSA" "RSA-PSS") -KEY_SIZES=("2048" "3072" "4096") -PROVIDER_ARGS=("-provider-path $WOLFPROV_PATH -provider libwolfprov" "-provider default") - # Function to use default provider only use_default_provider() { unset OPENSSL_MODULES @@ -80,6 +84,19 @@ use_wolf_provider() { echo "Switched to wolfProvider" } +# Helper function to handle force fail checks +check_force_fail() { + if [ $FORCE_FAIL -eq 1 ]; then + echo "[PASS] Test passed when force fail was enabled" + FORCE_FAIL_PASSED=1 + fi +} + +# Array of RSA key types, sizes, and providers to test +KEY_TYPES=("RSA" "RSA-PSS") +KEY_SIZES=("2048" "3072" "4096") +PROVIDER_ARGS=("-provider-path $WOLFPROV_PATH -provider libwolfprov" "-provider default") + echo "=== Running RSA Key Generation Tests ===" # Function to validate key @@ -94,20 +111,25 @@ validate_key() { if [ ! -f "$key_file" ]; then echo "[FAIL] ${key_type} key (${key_size}) file does not exist" FAIL=1 + return fi # Then check if file is empty (has size 0) if [ ! -s "$key_file" ]; then echo "[FAIL] ${key_type} key (${key_size}) file is empty" FAIL=1 + return + else + echo "[PASS] ${key_type} key file exists and has content" + check_force_fail fi - echo "[PASS] ${key_type} key file exists and has content" - # Try to extract public key + # Only try to extract public key if file exists and has content local pub_key_file="rsa_outputs/${key_type}_${key_size}_pub.pem" if $OPENSSL_BIN pkey -in "$key_file" -pubout -out "$pub_key_file" \ ${provider_args} -passin pass: >/dev/null; then echo "[PASS] ${key_type} Public key extraction successful" + check_force_fail else echo "[FAIL] ${key_type} Public key extraction failed" FAIL=1 @@ -215,8 +237,10 @@ test_sign_verify_pkeyutl() { local default_sig_file="rsa_outputs/${key_prefix}_${key_size}_default_sig.bin" if $sign_func "$key_file" "$data_file" "$default_sig_file" "$provider_args"; then echo "[PASS] Signing with OpenSSL default successful" + check_force_fail if $verify_func "$pub_key_file" "$data_file" "$default_sig_file" "$provider_args"; then echo "[PASS] Default provider verify successful" + check_force_fail else echo "[FAIL] Default provider verify failed" FAIL=1 @@ -232,8 +256,10 @@ test_sign_verify_pkeyutl() { local wolf_sig_file="rsa_outputs/${key_prefix}_${key_size}_wolf_sig.bin" if $sign_func "$key_file" "$data_file" "$wolf_sig_file" "$provider_args"; then echo "[PASS] Signing with wolfProvider successful" + check_force_fail if $verify_func "$pub_key_file" "$data_file" "$wolf_sig_file" "$provider_args"; then echo "[PASS] wolfProvider sign/verify successful" + check_force_fail else echo "[FAIL] wolfProvider verify failed" FAIL=1 @@ -249,6 +275,7 @@ test_sign_verify_pkeyutl() { echo "Test 3: Cross-provider verification (default sign, wolf verify)" if $verify_func "$pub_key_file" "$data_file" "$default_sig_file" "$provider_args"; then echo "[PASS] wolfProvider can verify OpenSSL default signature" + check_force_fail else echo "[FAIL] wolfProvider cannot verify OpenSSL default signature" FAIL=1 @@ -259,6 +286,7 @@ test_sign_verify_pkeyutl() { echo "Test 4: Cross-provider verification (wolf sign, default verify)" if $verify_func "$pub_key_file" "$data_file" "$wolf_sig_file" "$provider_args"; then echo "[PASS] OpenSSL default can verify wolfProvider signature" + check_force_fail else echo "[FAIL] OpenSSL default cannot verify wolfProvider signature" FAIL=1 @@ -287,6 +315,7 @@ generate_and_test_key() { -pkeyopt rsa_pss_keygen_saltlen:-1 \ -out "$output_file" 2>/dev/null; then echo "[PASS] RSA-PSS key generation successful" + check_force_fail else echo "[FAIL] RSA-PSS key generation failed" FAIL=1 @@ -298,6 +327,7 @@ generate_and_test_key() { -pkeyopt rsa_keygen_bits:${key_size} \ -out "$output_file" 2>/dev/null; then echo "[PASS] RSA key generation successful" + check_force_fail else echo "[FAIL] RSA key generation failed" FAIL=1 @@ -307,6 +337,7 @@ generate_and_test_key() { # Verify the key was generated if [ -s "$output_file" ]; then echo "[PASS] ${key_type} key (${key_size}) generation successful" + check_force_fail else echo "[FAIL] ${key_type} key (${key_size}) generation failed" FAIL=1 @@ -323,6 +354,7 @@ generate_and_test_key() { if $OPENSSL_BIN pkey -in "$output_file" -check \ ${provider_args} -passin pass: >/dev/null; then echo "[PASS] provider default can use ${key_type} key (${key_size})" + check_force_fail else echo "[FAIL] provider default cannot use ${key_type} key (${key_size})" FAIL=1 @@ -347,10 +379,22 @@ for key_type in "${KEY_TYPES[@]}"; do done done -if [ $FAIL -eq 0 ]; then - echo -e "\n=== All RSA key generation tests completed successfully ===" - exit 0 +if [ $FORCE_FAIL -eq 1 ]; then + if [ $FORCE_FAIL_PASSED -eq 1 ]; then + echo -e "\n=== RSA Tests Failed With Force Fail Enabled ===" + echo "ERROR: Some tests passed when they should have failed" + exit 1 + else + echo -e "\n=== RSA Tests Passed With Force Fail Enabled ===" + echo "SUCCESS: All tests failed as expected" + exit 0 + fi else - echo -e "\n=== RSA key generation tests completed with failures ===" - exit 1 + if [ $FAIL -eq 0 ]; then + echo -e "\n=== All RSA tests completed successfully ===" + exit 0 + else + echo -e "\n=== RSA tests completed with failures ===" + exit 1 + fi fi