]>
Commit | Line | Data |
---|---|---|
5e047ebf | 1 | #! /usr/bin/env perl |
fecb3aae | 2 | # Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. |
5e047ebf | 3 | # |
909f1a2e | 4 | # Licensed under the Apache License 2.0 (the "License"). You may not use |
5e047ebf BE |
5 | # this file except in compliance with the License. You can obtain a copy |
6 | # in the file LICENSE in the source distribution or at | |
7 | # https://www.openssl.org/source/license.html | |
8 | ||
9 | ||
10 | use strict; | |
11 | use warnings; | |
12 | ||
13 | use File::Spec; | |
48320997 | 14 | use OpenSSL::Test qw/:DEFAULT with srctop_file data_file/; |
5e047ebf BE |
15 | use OpenSSL::Test::Utils; |
16 | ||
17 | setup("test_rsapss"); | |
18 | ||
48320997 | 19 | plan tests => 10; |
5e047ebf BE |
20 | |
21 | #using test/testrsa.pem which happens to be a 512 bit RSA | |
22 | ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha1', | |
d49be019 RL |
23 | '-sigopt', 'rsa_padding_mode:pss', |
24 | '-sigopt', 'rsa_pss_saltlen:max', | |
25 | '-sigopt', 'rsa_mgf1_md:sha512', | |
26 | '-out', 'testrsapss-restricted.sig', | |
d8f9213a | 27 | srctop_file('test', 'testrsa.pem')])), |
d49be019 RL |
28 | "openssl dgst -sign [plain RSA key, PSS padding mode, PSS restrictions]"); |
29 | ||
30 | ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha1', | |
31 | '-sigopt', 'rsa_padding_mode:pss', | |
32 | '-out', 'testrsapss-unrestricted.sig', | |
33 | srctop_file('test', 'testrsa.pem')])), | |
34 | "openssl dgst -sign [plain RSA key, PSS padding mode, no PSS restrictions]"); | |
5e047ebf | 35 | |
67eacb60 TM |
36 | ok(!run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha512', |
37 | '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:max', | |
38 | '-sigopt', 'rsa_mgf1_md:sha512', srctop_file('test', 'testrsa.pem')])), | |
39 | "openssl dgst -sign, expect to fail gracefully"); | |
40 | ||
41 | ok(!run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha512', | |
42 | '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:2147483647', | |
43 | '-sigopt', 'rsa_mgf1_md:sha1', srctop_file('test', 'testrsa.pem')])), | |
44 | "openssl dgst -sign, expect to fail gracefully"); | |
45 | ||
46 | ok(!run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'), '-sha512', | |
47 | '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:max', | |
48 | '-sigopt', 'rsa_mgf1_md:sha512', '-signature', 'testrsapss.sig', | |
49 | srctop_file('test', 'testrsa.pem')])), | |
50 | "openssl dgst -prverify, expect to fail gracefully"); | |
5e047ebf | 51 | |
d49be019 RL |
52 | ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'), |
53 | '-sha1', | |
54 | '-sigopt', 'rsa_padding_mode:pss', | |
55 | '-sigopt', 'rsa_pss_saltlen:max', | |
56 | '-sigopt', 'rsa_mgf1_md:sha512', | |
57 | '-signature', 'testrsapss-restricted.sig', | |
58 | srctop_file('test', 'testrsa.pem')])), | |
59 | "openssl dgst -prverify [plain RSA key, PSS padding mode, PSS restrictions]"); | |
60 | ||
61 | ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'), | |
62 | '-sha1', | |
63 | '-sigopt', 'rsa_padding_mode:pss', | |
64 | '-signature', 'testrsapss-unrestricted.sig', | |
5e047ebf | 65 | srctop_file('test', 'testrsa.pem')])), |
d49be019 | 66 | "openssl dgst -prverify [plain RSA key, PSS padding mode, no PSS restrictions]"); |
388d6f45 DF |
67 | |
68 | # Test that RSA-PSS keys are supported by genpkey and rsa commands. | |
69 | { | |
70 | my $rsapss = "rsapss.key"; | |
71 | ok(run(app(['openssl', 'genpkey', '-algorithm', 'RSA-PSS', | |
72 | '-pkeyopt', 'rsa_keygen_bits:1024', | |
73 | '--out', $rsapss]))); | |
74 | ok(run(app(['openssl', 'rsa', '-check', | |
75 | '-in', $rsapss]))); | |
76 | } | |
48320997 DF |
77 | |
78 | ok(!run(app([ 'openssl', 'rsa', | |
79 | '-in' => data_file('negativesaltlen.pem')], | |
80 | '-out' => 'badout'))); |