2
0

20-test_dgst.t 9.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249
  1. #! /usr/bin/env perl
  2. # Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved.
  3. #
  4. # Licensed under the Apache License 2.0 (the "License"). You may not use
  5. # this file except in compliance with the License. You can obtain a copy
  6. # in the file LICENSE in the source distribution or at
  7. # https://www.openssl.org/source/license.html
  8. use strict;
  9. use warnings;
  10. use File::Spec;
  11. use File::Basename;
  12. use OpenSSL::Test qw/:DEFAULT with srctop_file bldtop_dir/;
  13. use OpenSSL::Test::Utils;
  14. setup("test_dgst");
  15. plan tests => 13;
  16. sub tsignverify {
  17. my $testtext = shift;
  18. my $privkey = shift;
  19. my $pubkey = shift;
  20. my $data_to_sign = srctop_file('test', 'data.bin');
  21. my $other_data = srctop_file('test', 'data2.bin');
  22. my $sigfile = basename($privkey, '.pem') . '.sig';
  23. plan tests => 4;
  24. ok(run(app(['openssl', 'dgst', '-sign', $privkey,
  25. '-out', $sigfile,
  26. $data_to_sign])),
  27. $testtext.": Generating signature");
  28. ok(run(app(['openssl', 'dgst', '-prverify', $privkey,
  29. '-signature', $sigfile,
  30. $data_to_sign])),
  31. $testtext.": Verify signature with private key");
  32. ok(run(app(['openssl', 'dgst', '-verify', $pubkey,
  33. '-signature', $sigfile,
  34. $data_to_sign])),
  35. $testtext.": Verify signature with public key");
  36. ok(!run(app(['openssl', 'dgst', '-verify', $pubkey,
  37. '-signature', $sigfile,
  38. $other_data])),
  39. $testtext.": Expect failure verifying mismatching data");
  40. }
  41. sub tsignverify_sha512 {
  42. my $testtext = shift;
  43. my $privkey = shift;
  44. my $pubkey = shift;
  45. my $data_to_sign = srctop_file('test', 'data.bin');
  46. my $other_data = srctop_file('test', 'data2.bin');
  47. my $sigfile = basename($privkey, '.pem') . '.sig';
  48. plan tests => 5;
  49. ok(run(app(['openssl', 'sha512', '-sign', $privkey,
  50. '-out', $sigfile,
  51. $data_to_sign])),
  52. $testtext.": Generating signature using sha512 command");
  53. ok(run(app(['openssl', 'sha512', '-verify', $pubkey,
  54. '-signature', $sigfile,
  55. $data_to_sign])),
  56. $testtext.": Verify signature with public key using sha512 command");
  57. ok(run(app(['openssl', 'dgst', '-sha512', '-prverify', $privkey,
  58. '-signature', $sigfile,
  59. $data_to_sign])),
  60. $testtext.": Verify signature with private key");
  61. ok(run(app(['openssl', 'dgst', '-sha512', '-verify', $pubkey,
  62. '-signature', $sigfile,
  63. $data_to_sign])),
  64. $testtext.": Verify signature with public key");
  65. ok(!run(app(['openssl', 'dgst', '-sha512', '-verify', $pubkey,
  66. '-signature', $sigfile,
  67. $other_data])),
  68. $testtext.": Expect failure verifying mismatching data");
  69. }
  70. SKIP: {
  71. skip "RSA is not supported by this OpenSSL build", 1
  72. if disabled("rsa");
  73. subtest "RSA signature generation and verification with `dgst` CLI" => sub {
  74. tsignverify("RSA",
  75. srctop_file("test","testrsa.pem"),
  76. srctop_file("test","testrsapub.pem"));
  77. };
  78. subtest "RSA signature generation and verification with `sha512` CLI" => sub {
  79. tsignverify_sha512("RSA",
  80. srctop_file("test","testrsa2048.pem"),
  81. srctop_file("test","testrsa2048pub.pem"));
  82. };
  83. }
  84. SKIP: {
  85. skip "DSA is not supported by this OpenSSL build", 1
  86. if disabled("dsa");
  87. subtest "DSA signature generation and verification with `dgst` CLI" => sub {
  88. tsignverify("DSA",
  89. srctop_file("test","testdsa.pem"),
  90. srctop_file("test","testdsapub.pem"));
  91. };
  92. }
  93. SKIP: {
  94. skip "ECDSA is not supported by this OpenSSL build", 1
  95. if disabled("ec");
  96. subtest "ECDSA signature generation and verification with `dgst` CLI" => sub {
  97. tsignverify("ECDSA",
  98. srctop_file("test","testec-p256.pem"),
  99. srctop_file("test","testecpub-p256.pem"));
  100. };
  101. }
  102. SKIP: {
  103. skip "EdDSA is not supported by this OpenSSL build", 2
  104. if disabled("ec");
  105. skip "EdDSA is not supported with `dgst` CLI", 2;
  106. subtest "Ed25519 signature generation and verification with `dgst` CLI" => sub {
  107. tsignverify("Ed25519",
  108. srctop_file("test","tested25519.pem"),
  109. srctop_file("test","tested25519pub.pem"));
  110. };
  111. subtest "Ed448 signature generation and verification with `dgst` CLI" => sub {
  112. tsignverify("Ed448",
  113. srctop_file("test","tested448.pem"),
  114. srctop_file("test","tested448pub.pem"));
  115. };
  116. }
  117. SKIP: {
  118. skip "dgst with engine is not supported by this OpenSSL build", 1
  119. if disabled("engine") || disabled("dynamic-engine");
  120. subtest "SHA1 generation by engine with `dgst` CLI" => sub {
  121. plan tests => 1;
  122. my $testdata = srctop_file('test', 'data.bin');
  123. # intentionally using -engine twice, please do not remove the duplicate line
  124. my @macdata = run(app(['openssl', 'dgst', '-sha1',
  125. '-engine', "ossltest",
  126. '-engine', "ossltest",
  127. $testdata]), capture => 1);
  128. chomp(@macdata);
  129. my $expected = qr/SHA1\(\Q$testdata\E\)= 000102030405060708090a0b0c0d0e0f10111213/;
  130. ok($macdata[0] =~ $expected, "SHA1: Check HASH value is as expected ($macdata[0]) vs ($expected)");
  131. }
  132. }
  133. subtest "HMAC generation with `dgst` CLI" => sub {
  134. plan tests => 2;
  135. my $testdata = srctop_file('test', 'data.bin');
  136. #HMAC the data twice to check consistency
  137. my @hmacdata = run(app(['openssl', 'dgst', '-sha256', '-hmac', '123456',
  138. $testdata, $testdata]), capture => 1);
  139. chomp(@hmacdata);
  140. my $expected = qr/HMAC-SHA2-256\(\Q$testdata\E\)= 6f12484129c4a761747f13d8234a1ff0e074adb34e9e9bf3a155c391b97b9a7c/;
  141. ok($hmacdata[0] =~ $expected, "HMAC: Check HMAC value is as expected ($hmacdata[0]) vs ($expected)");
  142. ok($hmacdata[1] =~ $expected,
  143. "HMAC: Check second HMAC value is consistent with the first ($hmacdata[1]) vs ($expected)");
  144. };
  145. subtest "HMAC generation with `dgst` CLI, default digest" => sub {
  146. plan tests => 2;
  147. my $testdata = srctop_file('test', 'data.bin');
  148. #HMAC the data twice to check consistency
  149. my @hmacdata = run(app(['openssl', 'dgst', '-hmac', '123456',
  150. $testdata, $testdata]), capture => 1);
  151. chomp(@hmacdata);
  152. my $expected = qr/HMAC-SHA256\(\Q$testdata\E\)= 6f12484129c4a761747f13d8234a1ff0e074adb34e9e9bf3a155c391b97b9a7c/;
  153. ok($hmacdata[0] =~ $expected, "HMAC: Check HMAC value is as expected ($hmacdata[0]) vs ($expected)");
  154. ok($hmacdata[1] =~ $expected,
  155. "HMAC: Check second HMAC value is consistent with the first ($hmacdata[1]) vs ($expected)");
  156. };
  157. subtest "HMAC generation with `dgst` CLI, key via option" => sub {
  158. plan tests => 2;
  159. my $testdata = srctop_file('test', 'data.bin');
  160. #HMAC the data twice to check consistency
  161. my @hmacdata = run(app(['openssl', 'dgst', '-sha256', '-hmac',
  162. '-macopt', 'hexkey:FFFF',
  163. $testdata, $testdata]), capture => 1);
  164. chomp(@hmacdata);
  165. my $expected = qr/HMAC-SHA2-256\(\Q$testdata\E\)= b6727b7bb251dfa65846e0a8223bdd57d244aa6d7e312cb906d8e21f2dee3a57/;
  166. ok($hmacdata[0] =~ $expected, "HMAC: Check HMAC value is as expected ($hmacdata[0]) vs ($expected)");
  167. ok($hmacdata[1] =~ $expected,
  168. "HMAC: Check second HMAC value is consistent with the first ($hmacdata[1]) vs ($expected)");
  169. };
  170. subtest "Custom length XOF digest generation with `dgst` CLI" => sub {
  171. plan tests => 2;
  172. my $testdata = srctop_file('test', 'data.bin');
  173. #Digest the data twice to check consistency
  174. my @xofdata = run(app(['openssl', 'dgst', '-shake128', '-xoflen', '64',
  175. $testdata, $testdata]), capture => 1);
  176. chomp(@xofdata);
  177. my $expected = qr/SHAKE-128\(\Q$testdata\E\)= bb565dac72640109e1c926ef441d3fa64ffd0b3e2bf8cd73d5182dfba19b6a8a2eab96d2df854b647b3795ef090582abe41ba4e0717dc4df40bc4e17d88e4677/;
  178. ok($xofdata[0] =~ $expected, "XOF: Check digest value is as expected ($xofdata[0]) vs ($expected)");
  179. ok($xofdata[1] =~ $expected,
  180. "XOF: Check second digest value is consistent with the first ($xofdata[1]) vs ($expected)");
  181. };
  182. subtest "SHAKE digest generation with no xoflen set `dgst` CLI" => sub {
  183. plan tests => 1;
  184. my $testdata = srctop_file('test', 'data.bin');
  185. my @xofdata = run(app(['openssl', 'dgst', '-shake128', $testdata], stderr => "outerr.txt"), capture => 1);
  186. chomp(@xofdata);
  187. my $expected = qr/SHAKE-128\(\Q$testdata\E\)= bb565dac72640109e1c926ef441d3fa6/;
  188. ok($xofdata[0] =~ $expected, "Check short digest is output");
  189. };
  190. SKIP: {
  191. skip "ECDSA is not supported by this OpenSSL build", 1
  192. if disabled("ec");
  193. subtest "signing with xoflen is not supported `dgst` CLI" => sub {
  194. plan tests => 1;
  195. my $data_to_sign = srctop_file('test', 'data.bin');
  196. ok(!run(app(['openssl', 'dgst', '-shake256', '-xoflen', '64',
  197. '-sign', srctop_file("test","testec-p256.pem"),
  198. '-out', 'test.sig',
  199. srctop_file('test', 'data.bin')])),
  200. "Generating signature with xoflen should fail");
  201. }
  202. }