Acasă Explorează Ajutor
Autentificare
OWEALs
/
openssl
oglindă de git://git.openssl.org/openssl.git
2
0
Bifurcare 0
Fisiere Probleme 1 Wiki
Arbore: 8dab4de538
Ramuri Etichete
openssl
/
test
/
recipes
/
20-test_pkeyutl.t

20-test_pkeyutl.t 6.0 KB
Istoric Crud

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170 
  1. #! /usr/bin/env perl
    2. 

  2. # Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved.
    3. 

  3. #
    4. 

  4. # Licensed under the Apache License 2.0 (the "License").  You may not use
    5. 

  5. # this file except in compliance with the License.  You can obtain a copy
    6. 

  6. # in the file LICENSE in the source distribution or at
    7. 

  7. # https://www.openssl.org/source/license.html
    8. 

  8. 

  9. use strict;
    10. 

  10. use warnings;
    11. 

  11. 

  12. use File::Spec;
    13. 

  13. use File::Basename;
    14. 

  14. use OpenSSL::Test qw/:DEFAULT srctop_file ok_nofips/;
    15. 

  15. use OpenSSL::Test::Utils;
    16. 

  16. 

  17. setup("test_pkeyutl");
    18. 

  18. 

  19. plan tests => 11;
    20. 

  20. 

  21. # For the tests below we use the cert itself as the TBS file
    22. 

  22. 

  23. SKIP: {
    24. 

  24.     skip "Skipping tests that require EC, SM2 or SM3", 2
    25. 

  25.         if disabled("ec") || disabled("sm2") || disabled("sm3");
    26. 

  26. 

  27.     # SM2
    28. 

  28.     ok_nofips(run(app(([ 'openssl', 'pkeyutl', '-sign',
    29. 

  29.                       '-in', srctop_file('test', 'certs', 'sm2.pem'),
    30. 

  30.                       '-inkey', srctop_file('test', 'certs', 'sm2.key'),
    31. 

  31.                       '-out', 'sm2.sig', '-rawin',
    32. 

  32.                       '-digest', 'sm3', '-pkeyopt', 'distid:someid']))),
    33. 

  33.                       "Sign a piece of data using SM2");
    34. 

  34.     ok_nofips(run(app(([ 'openssl', 'pkeyutl', '-verify', '-certin',
    35. 

  35.                       '-in', srctop_file('test', 'certs', 'sm2.pem'),
    36. 

  36.                       '-inkey', srctop_file('test', 'certs', 'sm2.pem'),
    37. 

  37.                       '-sigfile', 'sm2.sig', '-rawin',
    38. 

  38.                       '-digest', 'sm3', '-pkeyopt', 'distid:someid']))),
    39. 

  39.                       "Verify an SM2 signature against a piece of data");
    40. 

  40. }
    41. 

  41. 

  42. SKIP: {
    43. 

  43.     skip "Skipping tests that require EC", 4
    44. 

  44.         if disabled("ec");
    45. 

  45. 

  46.     # Ed25519
    47. 

  47.     ok(run(app(([ 'openssl', 'pkeyutl', '-sign', '-in',
    48. 

  48.                   srctop_file('test', 'certs', 'server-ed25519-cert.pem'),
    49. 

  49.                   '-inkey', srctop_file('test', 'certs', 'server-ed25519-key.pem'),
    50. 

  50.                   '-out', 'Ed25519.sig', '-rawin']))),
    51. 

  51.                   "Sign a piece of data using Ed25519");
    52. 

  52.     ok(run(app(([ 'openssl', 'pkeyutl', '-verify', '-certin', '-in',
    53. 

  53.                   srctop_file('test', 'certs', 'server-ed25519-cert.pem'),
    54. 

  54.                   '-inkey', srctop_file('test', 'certs', 'server-ed25519-cert.pem'),
    55. 

  55.                   '-sigfile', 'Ed25519.sig', '-rawin']))),
    56. 

  56.                   "Verify an Ed25519 signature against a piece of data");
    57. 

  57. 

  58.     # Ed448
    59. 

  59.     ok(run(app(([ 'openssl', 'pkeyutl', '-sign', '-in',
    60. 

  60.                   srctop_file('test', 'certs', 'server-ed448-cert.pem'),
    61. 

  61.                   '-inkey', srctop_file('test', 'certs', 'server-ed448-key.pem'),
    62. 

  62.                   '-out', 'Ed448.sig', '-rawin']))),
    63. 

  63.                   "Sign a piece of data using Ed448");
    64. 

  64.     ok(run(app(([ 'openssl', 'pkeyutl', '-verify', '-certin', '-in',
    65. 

  65.                   srctop_file('test', 'certs', 'server-ed448-cert.pem'),
    66. 

  66.                   '-inkey', srctop_file('test', 'certs', 'server-ed448-cert.pem'),
    67. 

  67.                   '-sigfile', 'Ed448.sig', '-rawin']))),
    68. 

  68.                   "Verify an Ed448 signature against a piece of data");
    69. 

  69. }
    70. 

  70. 

  71. sub tsignverify {
    72. 

  72.     my $testtext = shift;
    73. 

  73.     my $privkey = shift;
    74. 

  74.     my $pubkey = shift;
    75. 

  75.     my @extraopts = @_;
    76. 

  76. 

  77.     my $data_to_sign = srctop_file('test', 'data.txt');
    78. 

  78.     my $other_data = srctop_file('test', 'data2.txt');
    79. 

  79.     my $sigfile = basename($privkey, '.pem') . '.sig';
    80. 

  80. 

  81.     my @args = ();
    82. 

  82.     plan tests => 4;
    83. 

  83. 

  84.     @args = ('openssl', 'pkeyutl', '-sign',
    85. 

  85.              '-inkey', $privkey,
    86. 

  86.              '-out', $sigfile,
    87. 

  87.              '-in', $data_to_sign);
    88. 

  88.     push(@args, @extraopts);
    89. 

  89.     ok(run(app([@args])),
    90. 

  90.        $testtext.": Generating signature");
    91. 

  91. 

  92.     @args = ('openssl', 'pkeyutl', '-verify',
    93. 

  93.              '-inkey', $privkey,
    94. 

  94.              '-sigfile', $sigfile,
    95. 

  95.              '-in', $data_to_sign);
    96. 

  96.     push(@args, @extraopts);
    97. 

  97.     ok(run(app([@args])),
    98. 

  98.        $testtext.": Verify signature with private key");
    99. 

  99. 

  100.     @args = ('openssl', 'pkeyutl', '-verify',
    101. 

  101.              '-inkey', $pubkey, '-pubin',
    102. 

  102.              '-sigfile', $sigfile,
    103. 

  103.              '-in', $data_to_sign);
    104. 

  104.     push(@args, @extraopts);
    105. 

  105.     ok(run(app([@args])),
    106. 

  106.        $testtext.": Verify signature with public key");
    107. 

  107. 

  108.     @args = ('openssl', 'pkeyutl', '-verify',
    109. 

  109.              '-inkey', $pubkey, '-pubin',
    110. 

  110.              '-sigfile', $sigfile,
    111. 

  111.              '-in', $other_data);
    112. 

  112.     push(@args, @extraopts);
    113. 

  113.     ok(!run(app([@args])),
    114. 

  114.        $testtext.": Expect failure verifying mismatching data");
    115. 

  115. }
    116. 

  116. 

  117. SKIP: {
    118. 

  118.     skip "RSA is not supported by this OpenSSL build", 1
    119. 

  119.         if disabled("rsa");
    120. 

  120. 

  121.     subtest "RSA CLI signature generation and verification" => sub {
    122. 

  122.         tsignverify("RSA",
    123. 

  123.                     srctop_file("test","testrsa.pem"),
    124. 

  124.                     srctop_file("test","testrsapub.pem"),
    125. 

  125.                     "-rawin", "-digest", "sha256");
    126. 

  126.     };
    127. 

  127. }
    128. 

  128. 

  129. SKIP: {
    130. 

  130.     skip "DSA is not supported by this OpenSSL build", 1
    131. 

  131.         if disabled("dsa");
    132. 

  132. 

  133.     subtest "DSA CLI signature generation and verification" => sub {
    134. 

  134.         tsignverify("DSA",
    135. 

  135.                     srctop_file("test","testdsa.pem"),
    136. 

  136.                     srctop_file("test","testdsapub.pem"),
    137. 

  137.                     "-rawin", "-digest", "sha256");
    138. 

  138.     };
    139. 

  139. }
    140. 

  140. 

  141. SKIP: {
    142. 

  142.     skip "ECDSA is not supported by this OpenSSL build", 1
    143. 

  143.         if disabled("ec");
    144. 

  144. 

  145.     subtest "ECDSA CLI signature generation and verification" => sub {
    146. 

  146.         tsignverify("ECDSA",
    147. 

  147.                     srctop_file("test","testec-p256.pem"),
    148. 

  148.                     srctop_file("test","testecpub-p256.pem"),
    149. 

  149.                     "-rawin", "-digest", "sha256");
    150. 

  150.     };
    151. 

  151. }
    152. 

  152. 

  153. SKIP: {
    154. 

  154.     skip "EdDSA is not supported by this OpenSSL build", 2
    155. 

  155.         if disabled("ec");
    156. 

  156. 

  157.     subtest "Ed2559 CLI signature generation and verification" => sub {
    158. 

  158.         tsignverify("Ed25519",
    159. 

  159.                     srctop_file("test","tested25519.pem"),
    160. 

  160.                     srctop_file("test","tested25519pub.pem"),
    161. 

  161.                     "-rawin");
    162. 

  162.     };
    163. 

  163. 

  164.     subtest "Ed448 CLI signature generation and verification" => sub {
    165. 

  165.         tsignverify("Ed448",
    166. 

  166.                     srctop_file("test","tested448.pem"),
    167. 

  167.                     srctop_file("test","tested448pub.pem"),
    168. 

  168.                     "-rawin");
    169. 

  169.     };
    170. 

  170. }
    171.