15-test_rsapss.t 3.4 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980
  1. #! /usr/bin/env perl
  2. # Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved.
  3. #
  4. # Licensed under the Apache License 2.0 (the "License"). You may not use
  5. # this file except in compliance with the License. You can obtain a copy
  6. # in the file LICENSE in the source distribution or at
  7. # https://www.openssl.org/source/license.html
  8. use strict;
  9. use warnings;
  10. use File::Spec;
  11. use OpenSSL::Test qw/:DEFAULT with srctop_file data_file/;
  12. use OpenSSL::Test::Utils;
  13. setup("test_rsapss");
  14. plan tests => 10;
  15. #using test/testrsa.pem which happens to be a 512 bit RSA
  16. ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha1',
  17. '-sigopt', 'rsa_padding_mode:pss',
  18. '-sigopt', 'rsa_pss_saltlen:max',
  19. '-sigopt', 'rsa_mgf1_md:sha512',
  20. '-out', 'testrsapss-restricted.sig',
  21. srctop_file('test', 'testrsa.pem')])),
  22. "openssl dgst -sign [plain RSA key, PSS padding mode, PSS restrictions]");
  23. ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha1',
  24. '-sigopt', 'rsa_padding_mode:pss',
  25. '-out', 'testrsapss-unrestricted.sig',
  26. srctop_file('test', 'testrsa.pem')])),
  27. "openssl dgst -sign [plain RSA key, PSS padding mode, no PSS restrictions]");
  28. ok(!run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha512',
  29. '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:max',
  30. '-sigopt', 'rsa_mgf1_md:sha512', srctop_file('test', 'testrsa.pem')])),
  31. "openssl dgst -sign, expect to fail gracefully");
  32. ok(!run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha512',
  33. '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:2147483647',
  34. '-sigopt', 'rsa_mgf1_md:sha1', srctop_file('test', 'testrsa.pem')])),
  35. "openssl dgst -sign, expect to fail gracefully");
  36. ok(!run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'), '-sha512',
  37. '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:max',
  38. '-sigopt', 'rsa_mgf1_md:sha512', '-signature', 'testrsapss.sig',
  39. srctop_file('test', 'testrsa.pem')])),
  40. "openssl dgst -prverify, expect to fail gracefully");
  41. ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'),
  42. '-sha1',
  43. '-sigopt', 'rsa_padding_mode:pss',
  44. '-sigopt', 'rsa_pss_saltlen:max',
  45. '-sigopt', 'rsa_mgf1_md:sha512',
  46. '-signature', 'testrsapss-restricted.sig',
  47. srctop_file('test', 'testrsa.pem')])),
  48. "openssl dgst -prverify [plain RSA key, PSS padding mode, PSS restrictions]");
  49. ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'),
  50. '-sha1',
  51. '-sigopt', 'rsa_padding_mode:pss',
  52. '-signature', 'testrsapss-unrestricted.sig',
  53. srctop_file('test', 'testrsa.pem')])),
  54. "openssl dgst -prverify [plain RSA key, PSS padding mode, no PSS restrictions]");
  55. # Test that RSA-PSS keys are supported by genpkey and rsa commands.
  56. {
  57. my $rsapss = "rsapss.key";
  58. ok(run(app(['openssl', 'genpkey', '-algorithm', 'RSA-PSS',
  59. '-pkeyopt', 'rsa_keygen_bits:1024',
  60. '--out', $rsapss])));
  61. ok(run(app(['openssl', 'rsa', '-check',
  62. '-in', $rsapss])));
  63. }
  64. ok(!run(app([ 'openssl', 'rsa',
  65. '-in' => data_file('negativesaltlen.pem')],
  66. '-out' => 'badout')));