Página inicial Explorar Ajuda
Entrar
OWEALs
/
openssl
mirror de git://git.openssl.org/openssl.git
2
0
Fork 0
Arquivos Issues 1 Wiki
Tree: 0a3b330cf0
Branches Tags
openssl
/
test
/
recipes
/
20-test_pkeyutl.t

20-test_pkeyutl.t 6.0 KB
Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171 
  1. #! /usr/bin/env perl
    2. 

  2. # Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved.
    3. 

  3. #
    4. 

  4. # Licensed under the Apache License 2.0 (the "License").  You may not use
    5. 

  5. # this file except in compliance with the License.  You can obtain a copy
    6. 

  6. # in the file LICENSE in the source distribution or at
    7. 

  7. # https://www.openssl.org/source/license.html
    8. 

  8. 

  9. use strict;
    10. 

  10. use warnings;
    11. 

  11. 

  12. use File::Spec;
    13. 

  13. use File::Basename;
    14. 

  14. use OpenSSL::Test qw/:DEFAULT srctop_file ok_nofips/;
    15. 

  15. use OpenSSL::Test::Utils;
    16. 

  16. 

  17. setup("test_pkeyutl");
    18. 

  18. 

  19. plan tests => 11;
    20. 

  20. 

  21. # For the tests below we use the cert itself as the TBS file
    22. 

  22. 

  23. SKIP: {
    24. 

  24.     skip "Skipping tests that require EC, SM2 or SM3", 2
    25. 

  25.         if disabled("ec") || disabled("sm2") || disabled("sm3");
    26. 

  26. 

  27.     # SM2
    28. 

  28.     ok_nofips(run(app(([ 'openssl', 'pkeyutl', '-sign',
    29. 

  29.                       '-in', srctop_file('test', 'certs', 'sm2.pem'),
    30. 

  30.                       '-inkey', srctop_file('test', 'certs', 'sm2.key'),
    31. 

  31.                       '-out', 'sm2.sig', '-rawin',
    32. 

  32.                       '-digest', 'sm3', '-pkeyopt', 'distid:someid']))),
    33. 

  33.                       "Sign a piece of data using SM2");
    34. 

  34.     ok_nofips(run(app(([ 'openssl', 'pkeyutl',
    35. 

  35.                       '-verify', '-certin',
    36. 

  36.                       '-in', srctop_file('test', 'certs', 'sm2.pem'),
    37. 

  37.                       '-inkey', srctop_file('test', 'certs', 'sm2.pem'),
    38. 

  38.                       '-sigfile', 'sm2.sig', '-rawin',
    39. 

  39.                       '-digest', 'sm3', '-pkeyopt', 'distid:someid']))),
    40. 

  40.                       "Verify an SM2 signature against a piece of data");
    41. 

  41. }
    42. 

  42. 

  43. SKIP: {
    44. 

  44.     skip "Skipping tests that require EC", 4
    45. 

  45.         if disabled("ec");
    46. 

  46. 

  47.     # Ed25519
    48. 

  48.     ok(run(app(([ 'openssl', 'pkeyutl', '-sign', '-in',
    49. 

  49.                   srctop_file('test', 'certs', 'server-ed25519-cert.pem'),
    50. 

  50.                   '-inkey', srctop_file('test', 'certs', 'server-ed25519-key.pem'),
    51. 

  51.                   '-out', 'Ed25519.sig', '-rawin']))),
    52. 

  52.                   "Sign a piece of data using Ed25519");
    53. 

  53.     ok(run(app(([ 'openssl', 'pkeyutl', '-verify', '-certin', '-in',
    54. 

  54.                   srctop_file('test', 'certs', 'server-ed25519-cert.pem'),
    55. 

  55.                   '-inkey', srctop_file('test', 'certs', 'server-ed25519-cert.pem'),
    56. 

  56.                   '-sigfile', 'Ed25519.sig', '-rawin']))),
    57. 

  57.                   "Verify an Ed25519 signature against a piece of data");
    58. 

  58. 

  59.     # Ed448
    60. 

  60.     ok(run(app(([ 'openssl', 'pkeyutl', '-sign', '-in',
    61. 

  61.                   srctop_file('test', 'certs', 'server-ed448-cert.pem'),
    62. 

  62.                   '-inkey', srctop_file('test', 'certs', 'server-ed448-key.pem'),
    63. 

  63.                   '-out', 'Ed448.sig', '-rawin']))),
    64. 

  64.                   "Sign a piece of data using Ed448");
    65. 

  65.     ok(run(app(([ 'openssl', 'pkeyutl', '-verify', '-certin', '-in',
    66. 

  66.                   srctop_file('test', 'certs', 'server-ed448-cert.pem'),
    67. 

  67.                   '-inkey', srctop_file('test', 'certs', 'server-ed448-cert.pem'),
    68. 

  68.                   '-sigfile', 'Ed448.sig', '-rawin']))),
    69. 

  69.                   "Verify an Ed448 signature against a piece of data");
    70. 

  70. }
    71. 

  71. 

  72. sub tsignverify {
    73. 

  73.     my $testtext = shift;
    74. 

  74.     my $privkey = shift;
    75. 

  75.     my $pubkey = shift;
    76. 

  76.     my @extraopts = @_;
    77. 

  77. 

  78.     my $data_to_sign = srctop_file('test', 'data.bin');
    79. 

  79.     my $other_data = srctop_file('test', 'data2.bin');
    80. 

  80.     my $sigfile = basename($privkey, '.pem') . '.sig';
    81. 

  81. 

  82.     my @args = ();
    83. 

  83.     plan tests => 4;
    84. 

  84. 

  85.     @args = ('openssl', 'pkeyutl', '-sign',
    86. 

  86.              '-inkey', $privkey,
    87. 

  87.              '-out', $sigfile,
    88. 

  88.              '-in', $data_to_sign);
    89. 

  89.     push(@args, @extraopts);
    90. 

  90.     ok(run(app([@args])),
    91. 

  91.        $testtext.": Generating signature");
    92. 

  92. 

  93.     @args = ('openssl', 'pkeyutl', '-verify',
    94. 

  94.              '-inkey', $privkey,
    95. 

  95.              '-sigfile', $sigfile,
    96. 

  96.              '-in', $data_to_sign);
    97. 

  97.     push(@args, @extraopts);
    98. 

  98.     ok(run(app([@args])),
    99. 

  99.        $testtext.": Verify signature with private key");
    100. 

  100. 

  101.     @args = ('openssl', 'pkeyutl', '-verify',
    102. 

  102.              '-inkey', $pubkey, '-pubin',
    103. 

  103.              '-sigfile', $sigfile,
    104. 

  104.              '-in', $data_to_sign);
    105. 

  105.     push(@args, @extraopts);
    106. 

  106.     ok(run(app([@args])),
    107. 

  107.        $testtext.": Verify signature with public key");
    108. 

  108. 

  109.     @args = ('openssl', 'pkeyutl', '-verify',
    110. 

  110.              '-inkey', $pubkey, '-pubin',
    111. 

  111.              '-sigfile', $sigfile,
    112. 

  112.              '-in', $other_data);
    113. 

  113.     push(@args, @extraopts);
    114. 

  114.     ok(!run(app([@args])),
    115. 

  115.        $testtext.": Expect failure verifying mismatching data");
    116. 

  116. }
    117. 

  117. 

  118. SKIP: {
    119. 

  119.     skip "RSA is not supported by this OpenSSL build", 1
    120. 

  120.         if disabled("rsa");
    121. 

  121. 

  122.     subtest "RSA CLI signature generation and verification" => sub {
    123. 

  123.         tsignverify("RSA",
    124. 

  124.                     srctop_file("test","testrsa.pem"),
    125. 

  125.                     srctop_file("test","testrsapub.pem"),
    126. 

  126.                     "-rawin", "-digest", "sha256");
    127. 

  127.     };
    128. 

  128. }
    129. 

  129. 

  130. SKIP: {
    131. 

  131.     skip "DSA is not supported by this OpenSSL build", 1
    132. 

  132.         if disabled("dsa");
    133. 

  133. 

  134.     subtest "DSA CLI signature generation and verification" => sub {
    135. 

  135.         tsignverify("DSA",
    136. 

  136.                     srctop_file("test","testdsa.pem"),
    137. 

  137.                     srctop_file("test","testdsapub.pem"),
    138. 

  138.                     "-rawin", "-digest", "sha256");
    139. 

  139.     };
    140. 

  140. }
    141. 

  141. 

  142. SKIP: {
    143. 

  143.     skip "ECDSA is not supported by this OpenSSL build", 1
    144. 

  144.         if disabled("ec");
    145. 

  145. 

  146.     subtest "ECDSA CLI signature generation and verification" => sub {
    147. 

  147.         tsignverify("ECDSA",
    148. 

  148.                     srctop_file("test","testec-p256.pem"),
    149. 

  149.                     srctop_file("test","testecpub-p256.pem"),
    150. 

  150.                     "-rawin", "-digest", "sha256");
    151. 

  151.     };
    152. 

  152. }
    153. 

  153. 

  154. SKIP: {
    155. 

  155.     skip "EdDSA is not supported by this OpenSSL build", 2
    156. 

  156.         if disabled("ec");
    157. 

  157. 

  158.     subtest "Ed2559 CLI signature generation and verification" => sub {
    159. 

  159.         tsignverify("Ed25519",
    160. 

  160.                     srctop_file("test","tested25519.pem"),
    161. 

  161.                     srctop_file("test","tested25519pub.pem"),
    162. 

  162.                     "-rawin");
    163. 

  163.     };
    164. 

  164. 

  165.     subtest "Ed448 CLI signature generation and verification" => sub {
    166. 

  166.         tsignverify("Ed448",
    167. 

  167.                     srctop_file("test","tested448.pem"),
    168. 

  168.                     srctop_file("test","tested448pub.pem"),
    169. 

  169.                     "-rawin");
    170. 

  170.     };
    171. 

  171. }
    172.