Home Explore Help
Sign In
OWEALs
/
openssl
mirror of git://git.openssl.org/openssl.git
2
0
Fork 0
Files Issues 1 Wiki
Tree: 6594baf645
Branches Tags
openssl
/
test
/
recipes
/
15-test_rsapss.t

15-test_rsapss.t 6.4 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134 
  1. #! /usr/bin/env perl
    2. 

  2. # Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved.
    3. 

  3. #
    4. 

  4. # Licensed under the Apache License 2.0 (the "License").  You may not use
    5. 

  5. # this file except in compliance with the License.  You can obtain a copy
    6. 

  6. # in the file LICENSE in the source distribution or at
    7. 

  7. # https://www.openssl.org/source/license.html
    8. 

  8. 

  9. 

  10. use strict;
    11. 

  11. use warnings;
    12. 

  12. 

  13. use File::Spec;
    14. 

  14. use OpenSSL::Test qw/:DEFAULT with srctop_file data_file/;
    15. 

  15. use OpenSSL::Test::Utils;
    16. 

  16. 

  17. setup("test_rsapss");
    18. 

  18. 

  19. plan tests => 18;
    20. 

  20. 

  21. #using test/testrsa.pem which happens to be a 512 bit RSA
    22. 

  22. ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha1',
    23. 

  23.             '-sigopt', 'rsa_padding_mode:pss',
    24. 

  24.             '-sigopt', 'rsa_pss_saltlen:max',
    25. 

  25.             '-sigopt', 'rsa_mgf1_md:sha512',
    26. 

  26.             '-out', 'testrsapss-restricted.sig',
    27. 

  27.             srctop_file('test', 'testrsa.pem')])),
    28. 

  28.    "openssl dgst -sign [plain RSA key, PSS padding mode, PSS restrictions]");
    29. 

  29. 

  30. ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha1',
    31. 

  31.             '-sigopt', 'rsa_padding_mode:pss',
    32. 

  32.             '-out', 'testrsapss-unrestricted.sig',
    33. 

  33.             srctop_file('test', 'testrsa.pem')])),
    34. 

  34.    "openssl dgst -sign [plain RSA key, PSS padding mode, no PSS restrictions]");
    35. 

  35. 

  36. ok(!run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha512',
    37. 

  37.              '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:max',
    38. 

  38.              '-sigopt', 'rsa_mgf1_md:sha512', srctop_file('test', 'testrsa.pem')])),
    39. 

  39.    "openssl dgst -sign, expect to fail gracefully");
    40. 

  40. 

  41. ok(!run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha512',
    42. 

  42.              '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:2147483647',
    43. 

  43.              '-sigopt', 'rsa_mgf1_md:sha1', srctop_file('test', 'testrsa.pem')])),
    44. 

  44.    "openssl dgst -sign, expect to fail gracefully");
    45. 

  45. 

  46. ok(!run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'), '-sha512',
    47. 

  47.              '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:max',
    48. 

  48.              '-sigopt', 'rsa_mgf1_md:sha512', '-signature', 'testrsapss.sig',
    49. 

  49.              srctop_file('test', 'testrsa.pem')])),
    50. 

  50.    "openssl dgst -prverify, expect to fail gracefully");
    51. 

  51. 

  52. ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'),
    53. 

  53.             '-sha1',
    54. 

  54.             '-sigopt', 'rsa_padding_mode:pss',
    55. 

  55.             '-sigopt', 'rsa_pss_saltlen:max',
    56. 

  56.             '-sigopt', 'rsa_mgf1_md:sha512',
    57. 

  57.             '-signature', 'testrsapss-restricted.sig',
    58. 

  58.             srctop_file('test', 'testrsa.pem')])),
    59. 

  59.    "openssl dgst -prverify [plain RSA key, PSS padding mode, PSS restrictions]");
    60. 

  60. 

  61. ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'),
    62. 

  62.             '-sha1',
    63. 

  63.             '-sigopt', 'rsa_padding_mode:pss',
    64. 

  64.             '-sigopt', 'rsa_pss_saltlen:42',
    65. 

  65.             '-sigopt', 'rsa_mgf1_md:sha512',
    66. 

  66.             '-signature', 'testrsapss-restricted.sig',
    67. 

  67.             srctop_file('test', 'testrsa.pem')])),
    68. 

  68.    "openssl dgst -sign rsa512bit.pem -sha1 -sigopt rsa_pss_saltlen:max produces 42 bits of PSS salt");
    69. 

  69. 

  70. ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'),
    71. 

  71.             '-sha1',
    72. 

  72.             '-sigopt', 'rsa_padding_mode:pss',
    73. 

  73.             '-sigopt', 'rsa_pss_saltlen:auto-digestmax',
    74. 

  74.             '-sigopt', 'rsa_mgf1_md:sha512',
    75. 

  75.             '-signature', 'testrsapss-restricted.sig',
    76. 

  76.             srctop_file('test', 'testrsa.pem')])),
    77. 

  77.    "openssl dgst -prverify rsa512bit.pem -sha1 -sigopt rsa_pss_saltlen:auto-digestmax verifies signatures with saltlen > digestlen");
    78. 

  78. 

  79. ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'),
    80. 

  80.             '-sha1',
    81. 

  81.             '-sigopt', 'rsa_padding_mode:pss',
    82. 

  82.             '-signature', 'testrsapss-unrestricted.sig',
    83. 

  83.             srctop_file('test', 'testrsa.pem')])),
    84. 

  84.    "openssl dgst -prverify [plain RSA key, PSS padding mode, no PSS restrictions]");
    85. 

  85. 

  86. ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha1',
    87. 

  87.             '-sigopt', 'rsa_padding_mode:pss',
    88. 

  88.             '-sigopt', 'rsa_pss_saltlen:auto-digestmax',
    89. 

  89.             '-out', 'testrsapss-sha1-autodigestmax.sig',
    90. 

  90.             srctop_file('test', 'testrsa.pem')])),
    91. 

  91.    "openssl dgst -sign -sha1 -rsa_pss_saltlen:auto-digestmax");
    92. 

  92. ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'), '-sha1',
    93. 

  93.             '-sigopt', 'rsa_padding_mode:pss',
    94. 

  94.             '-sigopt', 'rsa_pss_saltlen:20',
    95. 

  95.             '-signature', 'testrsapss-sha1-autodigestmax.sig',
    96. 

  96.             srctop_file('test', 'testrsa.pem')])),
    97. 

  97.    "openssl dgst -sign -sha1 -rsa_padding_mode:auto-digestmax produces 20 (i.e., digestlen) bits of PSS salt");
    98. 

  98. 

  99. ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha256',
    100. 

  100.             '-sigopt', 'rsa_padding_mode:pss',
    101. 

  101.             '-sigopt', 'rsa_pss_saltlen:auto-digestmax',
    102. 

  102.             '-out', 'testrsapss-sha256-autodigestmax.sig',
    103. 

  103.             srctop_file('test', 'testrsa.pem')])),
    104. 

  104.    "openssl dgst -sign -sha256 -rsa_pss_saltlen:auto-digestmax");
    105. 

  105. ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'), '-sha256',
    106. 

  106.             '-sigopt', 'rsa_padding_mode:pss',
    107. 

  107.             '-sigopt', 'rsa_pss_saltlen:30',
    108. 

  108.             '-signature', 'testrsapss-sha256-autodigestmax.sig',
    109. 

  109.             srctop_file('test', 'testrsa.pem')])),
    110. 

  110.    "openssl dgst -sign rsa512bit.pem -sha256 -rsa_padding_mode:auto-digestmax produces 30 bits of PSS salt (due to 512bit key)");
    111. 

  111. 

  112. # Test that RSA-PSS keys are supported by genpkey and rsa commands.
    113. 

  113. {
    114. 

  114.    my $rsapss = "rsapss.key";
    115. 

  115.    ok(run(app(['openssl', 'genpkey', '-algorithm', 'RSA-PSS',
    116. 

  116.                '-pkeyopt', 'rsa_keygen_bits:1024',
    117. 

  117.                '-pkeyopt', 'rsa_keygen_pubexp:65537',
    118. 

  118.                '-pkeyopt', 'rsa_keygen_primes:2',
    119. 

  119.                '--out', $rsapss])));
    120. 

  120.    ok(run(app(['openssl', 'rsa', '-check',
    121. 

  121.                '-in', $rsapss])));
    122. 

  122. }
    123. 

  123. 

  124. ok(!run(app([ 'openssl', 'rsa',
    125. 

  125.              '-in' => data_file('negativesaltlen.pem')],
    126. 

  126.              '-out' => 'badout')));
    127. 

  127. 

  128. ok(run(app(['openssl', 'genpkey', '-algorithm', 'RSA-PSS', '-pkeyopt', 'rsa_keygen_bits:1024',
    129. 

  129.             '-pkeyopt', 'rsa_pss_keygen_md:SHA256', '-pkeyopt', 'rsa_pss_keygen_saltlen:10',
    130. 

  130.             '-out', 'testrsapss.pem'])),
    131. 

  131.    "openssl genpkey RSA-PSS with pss parameters");
    132. 

  132. ok(run(app(['openssl', 'pkey', '-in', 'testrsapss.pem', '-pubout', '-text'])),
    133. 

  133.    "openssl pkey, execute rsa_pub_encode with pss parameters");
    134. 

  134. unlink 'testrsapss.pem';
    135.