20-test_pkeyutl.t 6.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171
  1. #! /usr/bin/env perl
  2. # Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved.
  3. #
  4. # Licensed under the Apache License 2.0 (the "License"). You may not use
  5. # this file except in compliance with the License. You can obtain a copy
  6. # in the file LICENSE in the source distribution or at
  7. # https://www.openssl.org/source/license.html
  8. use strict;
  9. use warnings;
  10. use File::Spec;
  11. use File::Basename;
  12. use OpenSSL::Test qw/:DEFAULT srctop_file ok_nofips/;
  13. use OpenSSL::Test::Utils;
  14. setup("test_pkeyutl");
  15. plan tests => 11;
  16. # For the tests below we use the cert itself as the TBS file
  17. SKIP: {
  18. skip "Skipping tests that require EC, SM2 or SM3", 2
  19. if disabled("ec") || disabled("sm2") || disabled("sm3");
  20. # SM2
  21. ok_nofips(run(app(([ 'openssl', 'pkeyutl', '-sign',
  22. '-in', srctop_file('test', 'certs', 'sm2.pem'),
  23. '-inkey', srctop_file('test', 'certs', 'sm2.key'),
  24. '-out', 'sm2.sig', '-rawin',
  25. '-digest', 'sm3', '-pkeyopt', 'distid:someid']))),
  26. "Sign a piece of data using SM2");
  27. ok_nofips(run(app(([ 'openssl', 'pkeyutl',
  28. '-verify', '-certin',
  29. '-in', srctop_file('test', 'certs', 'sm2.pem'),
  30. '-inkey', srctop_file('test', 'certs', 'sm2.pem'),
  31. '-sigfile', 'sm2.sig', '-rawin',
  32. '-digest', 'sm3', '-pkeyopt', 'distid:someid']))),
  33. "Verify an SM2 signature against a piece of data");
  34. }
  35. SKIP: {
  36. skip "Skipping tests that require EC", 4
  37. if disabled("ec");
  38. # Ed25519
  39. ok(run(app(([ 'openssl', 'pkeyutl', '-sign', '-in',
  40. srctop_file('test', 'certs', 'server-ed25519-cert.pem'),
  41. '-inkey', srctop_file('test', 'certs', 'server-ed25519-key.pem'),
  42. '-out', 'Ed25519.sig', '-rawin']))),
  43. "Sign a piece of data using Ed25519");
  44. ok(run(app(([ 'openssl', 'pkeyutl', '-verify', '-certin', '-in',
  45. srctop_file('test', 'certs', 'server-ed25519-cert.pem'),
  46. '-inkey', srctop_file('test', 'certs', 'server-ed25519-cert.pem'),
  47. '-sigfile', 'Ed25519.sig', '-rawin']))),
  48. "Verify an Ed25519 signature against a piece of data");
  49. # Ed448
  50. ok(run(app(([ 'openssl', 'pkeyutl', '-sign', '-in',
  51. srctop_file('test', 'certs', 'server-ed448-cert.pem'),
  52. '-inkey', srctop_file('test', 'certs', 'server-ed448-key.pem'),
  53. '-out', 'Ed448.sig', '-rawin']))),
  54. "Sign a piece of data using Ed448");
  55. ok(run(app(([ 'openssl', 'pkeyutl', '-verify', '-certin', '-in',
  56. srctop_file('test', 'certs', 'server-ed448-cert.pem'),
  57. '-inkey', srctop_file('test', 'certs', 'server-ed448-cert.pem'),
  58. '-sigfile', 'Ed448.sig', '-rawin']))),
  59. "Verify an Ed448 signature against a piece of data");
  60. }
  61. sub tsignverify {
  62. my $testtext = shift;
  63. my $privkey = shift;
  64. my $pubkey = shift;
  65. my @extraopts = @_;
  66. my $data_to_sign = srctop_file('test', 'data.txt');
  67. my $other_data = srctop_file('test', 'data2.txt');
  68. my $sigfile = basename($privkey, '.pem') . '.sig';
  69. my @args = ();
  70. plan tests => 4;
  71. @args = ('openssl', 'pkeyutl', '-sign',
  72. '-inkey', $privkey,
  73. '-out', $sigfile,
  74. '-in', $data_to_sign);
  75. push(@args, @extraopts);
  76. ok(run(app([@args])),
  77. $testtext.": Generating signature");
  78. @args = ('openssl', 'pkeyutl', '-verify',
  79. '-inkey', $privkey,
  80. '-sigfile', $sigfile,
  81. '-in', $data_to_sign);
  82. push(@args, @extraopts);
  83. ok(run(app([@args])),
  84. $testtext.": Verify signature with private key");
  85. @args = ('openssl', 'pkeyutl', '-verify',
  86. '-inkey', $pubkey, '-pubin',
  87. '-sigfile', $sigfile,
  88. '-in', $data_to_sign);
  89. push(@args, @extraopts);
  90. ok(run(app([@args])),
  91. $testtext.": Verify signature with public key");
  92. @args = ('openssl', 'pkeyutl', '-verify',
  93. '-inkey', $pubkey, '-pubin',
  94. '-sigfile', $sigfile,
  95. '-in', $other_data);
  96. push(@args, @extraopts);
  97. ok(!run(app([@args])),
  98. $testtext.": Expect failure verifying mismatching data");
  99. }
  100. SKIP: {
  101. skip "RSA is not supported by this OpenSSL build", 1
  102. if disabled("rsa");
  103. subtest "RSA CLI signature generation and verification" => sub {
  104. tsignverify("RSA",
  105. srctop_file("test","testrsa.pem"),
  106. srctop_file("test","testrsapub.pem"),
  107. "-rawin", "-digest", "sha256");
  108. };
  109. }
  110. SKIP: {
  111. skip "DSA is not supported by this OpenSSL build", 1
  112. if disabled("dsa");
  113. subtest "DSA CLI signature generation and verification" => sub {
  114. tsignverify("DSA",
  115. srctop_file("test","testdsa.pem"),
  116. srctop_file("test","testdsapub.pem"),
  117. "-rawin", "-digest", "sha256");
  118. };
  119. }
  120. SKIP: {
  121. skip "ECDSA is not supported by this OpenSSL build", 1
  122. if disabled("ec");
  123. subtest "ECDSA CLI signature generation and verification" => sub {
  124. tsignverify("ECDSA",
  125. srctop_file("test","testec-p256.pem"),
  126. srctop_file("test","testecpub-p256.pem"),
  127. "-rawin", "-digest", "sha256");
  128. };
  129. }
  130. SKIP: {
  131. skip "EdDSA is not supported by this OpenSSL build", 2
  132. if disabled("ec");
  133. subtest "Ed2559 CLI signature generation and verification" => sub {
  134. tsignverify("Ed25519",
  135. srctop_file("test","tested25519.pem"),
  136. srctop_file("test","tested25519pub.pem"),
  137. "-rawin");
  138. };
  139. subtest "Ed448 CLI signature generation and verification" => sub {
  140. tsignverify("Ed448",
  141. srctop_file("test","tested448.pem"),
  142. srctop_file("test","tested448pub.pem"),
  143. "-rawin");
  144. };
  145. }