#!/usr/libexec/platform-python
#
# Test script for openssl command line utility. This is written primarily
# with FIPS mode in mind.
#
# Copyright (C) 2021, 2022 Olaf Kirch <okir@suse.de>

import susetest

def __verify_digest(driver, args):
	'''digest.@ARGS: check whether openssl digest @ARGS works'''

	node = driver.client
	algo = args[0]

	data = "random input".encode('utf-8')

	openssl = node.requireExecutable("openssl")

	# evaluate failure conditions specified for openssl (specifcally,
	# for algorithms disabled by FIPS)
	driver.predictTestResult(openssl, algorithm = algo)

	st = openssl.run(" ".join(args), stdin = data)
	if not st:
		node.logFailure(f"algorithm {algo} failed: {st.message}")
		return

	node.logInfo(f"algorithm {algo} seems to work")

susetest.define_parameterized(__verify_digest, "md4")
susetest.define_parameterized(__verify_digest, "md5")
susetest.define_parameterized(__verify_digest, "mdc2")
susetest.define_parameterized(__verify_digest, "sha1")
susetest.define_parameterized(__verify_digest, "sha224")
susetest.define_parameterized(__verify_digest, "sha256")
susetest.define_parameterized(__verify_digest, "sha384")
susetest.define_parameterized(__verify_digest, "sha512")
susetest.define_parameterized(__verify_digest, "sha3-224")
susetest.define_parameterized(__verify_digest, "sha3-256")
susetest.define_parameterized(__verify_digest, "sha3-384")
susetest.define_parameterized(__verify_digest, "sha3-512")
susetest.define_parameterized(__verify_digest, "rmd160")
susetest.define_parameterized(__verify_digest, "shake128")
susetest.define_parameterized(__verify_digest, "shake256")
susetest.define_parameterized(__verify_digest, "gost")
susetest.define_parameterized(__verify_digest, "sm3")

def __verify_cipher(driver, args):
	'''cipher.@ARGS: check whether openssl cipher @ARGS works'''

	node = driver.client
	algo = args[0]

	data = "random input".encode('utf-8')

	openssl = node.requireExecutable("openssl")

	# evaluate failure conditions specified for openssl (specifcally,
	# for algorithms disabled by FIPS)
	driver.predictTestResult(openssl, algorithm = algo)

	st = openssl.run(f"enc -{algo} -pbkdf2 -out encrypted.bin -pass pass:l33t", stdin = data)
	if not st:
		node.logFailure(f"encryption algorithm {algo} failed: {st.message}")
		return

	node.logInfo(f"encryption with {algo} seems to work, now verify decryption")
	st = openssl.run(f"enc -d -{algo} -pbkdf2 -in encrypted.bin -pass pass:l33t", quiet = True)
	if not st:
		node.logFailure(f"decryption with {algo} failed")
		return

	if st.stdout != data:
		node.logFailure("decryption did not produce the original clear test")
		node.logInfo(f" clear text: {data}")
		node.logInfo(f" deciphered: {st.stdout}")
		return

	node.logInfo(f"algorithm {algo} seems to work")

susetest.define_parameterized(__verify_cipher, "aes128")
susetest.define_parameterized(__verify_cipher, "aes192")
susetest.define_parameterized(__verify_cipher, "aes256")
susetest.define_parameterized(__verify_cipher, "aria-128-ecb")
susetest.define_parameterized(__verify_cipher, "aria-192-ecb")
susetest.define_parameterized(__verify_cipher, "bf")
susetest.define_parameterized(__verify_cipher, "camellia-128-ecb")
susetest.define_parameterized(__verify_cipher, "camellia-192-ecb")
susetest.define_parameterized(__verify_cipher, "camellia-256-ecb")
susetest.define_parameterized(__verify_cipher, "cast")
susetest.define_parameterized(__verify_cipher, "cast5-ecb")
susetest.define_parameterized(__verify_cipher, "des")
susetest.define_parameterized(__verify_cipher, "des-ede")
susetest.define_parameterized(__verify_cipher, "des3")
susetest.define_parameterized(__verify_cipher, "desx")
susetest.define_parameterized(__verify_cipher, "rc2")
susetest.define_parameterized(__verify_cipher, "rc2-40-cbc")
susetest.define_parameterized(__verify_cipher, "rc2-64-cbc")
susetest.define_parameterized(__verify_cipher, "rc4")
susetest.define_parameterized(__verify_cipher, "seed")
susetest.define_parameterized(__verify_cipher, "sm4-ecb")

if __name__ == '__main__':
	susetest.perform()
