20-test_pkeyutl.t 6.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189
  1. #! /usr/bin/env perl
  2. # Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved.
  3. #
  4. # Licensed under the Apache License 2.0 (the "License"). You may not use
  5. # this file except in compliance with the License. You can obtain a copy
  6. # in the file LICENSE in the source distribution or at
  7. # https://www.openssl.org/source/license.html
  8. use strict;
  9. use warnings;
  10. use File::Spec;
  11. use File::Basename;
  12. use OpenSSL::Test qw/:DEFAULT srctop_file ok_nofips/;
  13. use OpenSSL::Test::Utils;
  14. setup("test_pkeyutl");
  15. plan tests => 12;
  16. # For the tests below we use the cert itself as the TBS file
  17. SKIP: {
  18. skip "Skipping tests that require EC, SM2 or SM3", 2
  19. if disabled("ec") || disabled("sm2") || disabled("sm3");
  20. # SM2
  21. ok_nofips(run(app(([ 'openssl', 'pkeyutl', '-sign',
  22. '-in', srctop_file('test', 'certs', 'sm2.pem'),
  23. '-inkey', srctop_file('test', 'certs', 'sm2.key'),
  24. '-out', 'sm2.sig', '-rawin',
  25. '-digest', 'sm3', '-pkeyopt', 'distid:someid']))),
  26. "Sign a piece of data using SM2");
  27. ok_nofips(run(app(([ 'openssl', 'pkeyutl',
  28. '-verify', '-certin',
  29. '-in', srctop_file('test', 'certs', 'sm2.pem'),
  30. '-inkey', srctop_file('test', 'certs', 'sm2.pem'),
  31. '-sigfile', 'sm2.sig', '-rawin',
  32. '-digest', 'sm3', '-pkeyopt', 'distid:someid']))),
  33. "Verify an SM2 signature against a piece of data");
  34. }
  35. SKIP: {
  36. skip "Skipping tests that require EC", 4
  37. if disabled("ec");
  38. # Ed25519
  39. ok(run(app(([ 'openssl', 'pkeyutl', '-sign', '-in',
  40. srctop_file('test', 'certs', 'server-ed25519-cert.pem'),
  41. '-inkey', srctop_file('test', 'certs', 'server-ed25519-key.pem'),
  42. '-out', 'Ed25519.sig', '-rawin']))),
  43. "Sign a piece of data using Ed25519");
  44. ok(run(app(([ 'openssl', 'pkeyutl', '-verify', '-certin', '-in',
  45. srctop_file('test', 'certs', 'server-ed25519-cert.pem'),
  46. '-inkey', srctop_file('test', 'certs', 'server-ed25519-cert.pem'),
  47. '-sigfile', 'Ed25519.sig', '-rawin']))),
  48. "Verify an Ed25519 signature against a piece of data");
  49. # Ed448
  50. ok(run(app(([ 'openssl', 'pkeyutl', '-sign', '-in',
  51. srctop_file('test', 'certs', 'server-ed448-cert.pem'),
  52. '-inkey', srctop_file('test', 'certs', 'server-ed448-key.pem'),
  53. '-out', 'Ed448.sig', '-rawin']))),
  54. "Sign a piece of data using Ed448");
  55. ok(run(app(([ 'openssl', 'pkeyutl', '-verify', '-certin', '-in',
  56. srctop_file('test', 'certs', 'server-ed448-cert.pem'),
  57. '-inkey', srctop_file('test', 'certs', 'server-ed448-cert.pem'),
  58. '-sigfile', 'Ed448.sig', '-rawin']))),
  59. "Verify an Ed448 signature against a piece of data");
  60. }
  61. sub tsignverify {
  62. my $testtext = shift;
  63. my $privkey = shift;
  64. my $pubkey = shift;
  65. my @extraopts = @_;
  66. my $data_to_sign = srctop_file('test', 'data.bin');
  67. my $other_data = srctop_file('test', 'data2.bin');
  68. my $sigfile = basename($privkey, '.pem') . '.sig';
  69. my @args = ();
  70. plan tests => 5;
  71. @args = ('openssl', 'pkeyutl', '-sign',
  72. '-inkey', $privkey,
  73. '-out', $sigfile,
  74. '-in', $data_to_sign);
  75. push(@args, @extraopts);
  76. ok(run(app([@args])),
  77. $testtext.": Generating signature");
  78. @args = ('openssl', 'pkeyutl', '-sign',
  79. '-inkey', $privkey,
  80. '-keyform', 'DER',
  81. '-out', $sigfile,
  82. '-in', $data_to_sign);
  83. push(@args, @extraopts);
  84. ok(!run(app([@args])),
  85. $testtext.": Checking that mismatching keyform fails");
  86. @args = ('openssl', 'pkeyutl', '-verify',
  87. '-inkey', $privkey,
  88. '-sigfile', $sigfile,
  89. '-in', $data_to_sign);
  90. push(@args, @extraopts);
  91. ok(run(app([@args])),
  92. $testtext.": Verify signature with private key");
  93. @args = ('openssl', 'pkeyutl', '-verify',
  94. '-keyform', 'PEM',
  95. '-inkey', $pubkey, '-pubin',
  96. '-sigfile', $sigfile,
  97. '-in', $data_to_sign);
  98. push(@args, @extraopts);
  99. ok(run(app([@args])),
  100. $testtext.": Verify signature with public key");
  101. @args = ('openssl', 'pkeyutl', '-verify',
  102. '-inkey', $pubkey, '-pubin',
  103. '-sigfile', $sigfile,
  104. '-in', $other_data);
  105. push(@args, @extraopts);
  106. ok(!run(app([@args])),
  107. $testtext.": Expect failure verifying mismatching data");
  108. }
  109. SKIP: {
  110. skip "RSA is not supported by this OpenSSL build", 1
  111. if disabled("rsa");
  112. subtest "RSA CLI signature generation and verification" => sub {
  113. tsignverify("RSA",
  114. srctop_file("test","testrsa.pem"),
  115. srctop_file("test","testrsapub.pem"),
  116. "-rawin", "-digest", "sha256");
  117. };
  118. subtest "RSA CLI signature and verification with pkeyopt" => sub {
  119. tsignverify("RSA",
  120. srctop_file("test","testrsa.pem"),
  121. srctop_file("test","testrsapub.pem"),
  122. "-rawin", "-digest", "sha256",
  123. "-pkeyopt", "rsa_padding_mode:pss");
  124. };
  125. }
  126. SKIP: {
  127. skip "DSA is not supported by this OpenSSL build", 1
  128. if disabled("dsa");
  129. subtest "DSA CLI signature generation and verification" => sub {
  130. tsignverify("DSA",
  131. srctop_file("test","testdsa.pem"),
  132. srctop_file("test","testdsapub.pem"),
  133. "-rawin", "-digest", "sha256");
  134. };
  135. }
  136. SKIP: {
  137. skip "ECDSA is not supported by this OpenSSL build", 1
  138. if disabled("ec");
  139. subtest "ECDSA CLI signature generation and verification" => sub {
  140. tsignverify("ECDSA",
  141. srctop_file("test","testec-p256.pem"),
  142. srctop_file("test","testecpub-p256.pem"),
  143. "-rawin", "-digest", "sha256");
  144. };
  145. }
  146. SKIP: {
  147. skip "EdDSA is not supported by this OpenSSL build", 2
  148. if disabled("ec");
  149. subtest "Ed2559 CLI signature generation and verification" => sub {
  150. tsignverify("Ed25519",
  151. srctop_file("test","tested25519.pem"),
  152. srctop_file("test","tested25519pub.pem"),
  153. "-rawin");
  154. };
  155. subtest "Ed448 CLI signature generation and verification" => sub {
  156. tsignverify("Ed448",
  157. srctop_file("test","tested448.pem"),
  158. srctop_file("test","tested448pub.pem"),
  159. "-rawin");
  160. };
  161. }