]>
Commit | Line | Data |
---|---|---|
a7cef52f | 1 | #! /usr/bin/env perl |
da1c088f | 2 | # Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved. |
a7cef52f PY |
3 | # |
4 | # Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | # this file except in compliance with the License. You can obtain a copy | |
6 | # in the file LICENSE in the source distribution or at | |
7 | # https://www.openssl.org/source/license.html | |
8 | ||
9 | use strict; | |
10 | use warnings; | |
11 | ||
12 | use File::Spec; | |
35746c79 | 13 | use File::Basename; |
10c25644 | 14 | use OpenSSL::Test qw/:DEFAULT srctop_file ok_nofips/; |
a7cef52f | 15 | use OpenSSL::Test::Utils; |
810f7dc1 | 16 | use File::Compare qw/compare_text/; |
a7cef52f PY |
17 | |
18 | setup("test_pkeyutl"); | |
19 | ||
810f7dc1 | 20 | plan tests => 14; |
a7cef52f | 21 | |
ee633ace MC |
22 | # For the tests below we use the cert itself as the TBS file |
23 | ||
24 | SKIP: { | |
810f7dc1 | 25 | skip "Skipping tests that require EC, SM2 or SM3", 4 |
ee633ace MC |
26 | if disabled("ec") || disabled("sm2") || disabled("sm3"); |
27 | ||
28 | # SM2 | |
fb2a6954 | 29 | ok_nofips(run(app(([ 'openssl', 'pkeyutl', '-sign', |
317ba78f | 30 | '-in', srctop_file('test', 'certs', 'sm2.pem'), |
a7cef52f | 31 | '-inkey', srctop_file('test', 'certs', 'sm2.key'), |
35746c79 | 32 | '-out', 'sm2.sig', '-rawin', |
fda127be | 33 | '-digest', 'sm3', '-pkeyopt', 'distid:someid']))), |
ee633ace | 34 | "Sign a piece of data using SM2"); |
fb2a6954 | 35 | ok_nofips(run(app(([ 'openssl', 'pkeyutl', |
a10847c4 | 36 | '-verify', '-certin', |
317ba78f PY |
37 | '-in', srctop_file('test', 'certs', 'sm2.pem'), |
38 | '-inkey', srctop_file('test', 'certs', 'sm2.pem'), | |
35746c79 | 39 | '-sigfile', 'sm2.sig', '-rawin', |
fda127be | 40 | '-digest', 'sm3', '-pkeyopt', 'distid:someid']))), |
ee633ace | 41 | "Verify an SM2 signature against a piece of data"); |
810f7dc1 MC |
42 | ok_nofips(run(app(([ 'openssl', 'pkeyutl', '-encrypt', |
43 | '-in', srctop_file('test', 'data2.bin'), | |
44 | '-inkey', srctop_file('test', 'certs', 'sm2-pub.key'), | |
45 | '-pubin', '-out', 'sm2.enc']))), | |
46 | "Encrypt a piece of data using SM2"); | |
47 | ok_nofips(run(app(([ 'openssl', 'pkeyutl', '-decrypt', | |
48 | '-in', 'sm2.enc', | |
49 | '-inkey', srctop_file('test', 'certs', 'sm2.key'), | |
50 | '-out', 'sm2.dat']))) | |
51 | && compare_text('sm2.dat', | |
52 | srctop_file('test', 'data2.bin')) == 0, | |
53 | "Decrypt a piece of data using SM2"); | |
a7cef52f PY |
54 | } |
55 | ||
ed86f884 | 56 | SKIP: { |
4032cd9a YL |
57 | skip "Skipping tests that require ECX", 4 |
58 | if disabled("ecx"); | |
ee633ace MC |
59 | |
60 | # Ed25519 | |
61 | ok(run(app(([ 'openssl', 'pkeyutl', '-sign', '-in', | |
62 | srctop_file('test', 'certs', 'server-ed25519-cert.pem'), | |
63 | '-inkey', srctop_file('test', 'certs', 'server-ed25519-key.pem'), | |
35746c79 | 64 | '-out', 'Ed25519.sig', '-rawin']))), |
ee633ace MC |
65 | "Sign a piece of data using Ed25519"); |
66 | ok(run(app(([ 'openssl', 'pkeyutl', '-verify', '-certin', '-in', | |
67 | srctop_file('test', 'certs', 'server-ed25519-cert.pem'), | |
68 | '-inkey', srctop_file('test', 'certs', 'server-ed25519-cert.pem'), | |
35746c79 | 69 | '-sigfile', 'Ed25519.sig', '-rawin']))), |
ee633ace | 70 | "Verify an Ed25519 signature against a piece of data"); |
ed86f884 | 71 | |
ee633ace MC |
72 | # Ed448 |
73 | ok(run(app(([ 'openssl', 'pkeyutl', '-sign', '-in', | |
74 | srctop_file('test', 'certs', 'server-ed448-cert.pem'), | |
75 | '-inkey', srctop_file('test', 'certs', 'server-ed448-key.pem'), | |
35746c79 | 76 | '-out', 'Ed448.sig', '-rawin']))), |
ee633ace MC |
77 | "Sign a piece of data using Ed448"); |
78 | ok(run(app(([ 'openssl', 'pkeyutl', '-verify', '-certin', '-in', | |
79 | srctop_file('test', 'certs', 'server-ed448-cert.pem'), | |
80 | '-inkey', srctop_file('test', 'certs', 'server-ed448-cert.pem'), | |
35746c79 | 81 | '-sigfile', 'Ed448.sig', '-rawin']))), |
ee633ace | 82 | "Verify an Ed448 signature against a piece of data"); |
ed86f884 | 83 | } |
a7cef52f | 84 | |
ef1e59ed NT |
85 | sub tsignverify { |
86 | my $testtext = shift; | |
87 | my $privkey = shift; | |
88 | my $pubkey = shift; | |
89 | my @extraopts = @_; | |
90 | ||
c150a948 RL |
91 | my $data_to_sign = srctop_file('test', 'data.bin'); |
92 | my $other_data = srctop_file('test', 'data2.bin'); | |
35746c79 | 93 | my $sigfile = basename($privkey, '.pem') . '.sig'; |
ef1e59ed NT |
94 | |
95 | my @args = (); | |
d105a24c | 96 | plan tests => 5; |
ef1e59ed NT |
97 | |
98 | @args = ('openssl', 'pkeyutl', '-sign', | |
99 | '-inkey', $privkey, | |
100 | '-out', $sigfile, | |
101 | '-in', $data_to_sign); | |
102 | push(@args, @extraopts); | |
103 | ok(run(app([@args])), | |
104 | $testtext.": Generating signature"); | |
105 | ||
d105a24c TM |
106 | @args = ('openssl', 'pkeyutl', '-sign', |
107 | '-inkey', $privkey, | |
108 | '-keyform', 'DER', | |
109 | '-out', $sigfile, | |
110 | '-in', $data_to_sign); | |
111 | push(@args, @extraopts); | |
112 | ok(!run(app([@args])), | |
113 | $testtext.": Checking that mismatching keyform fails"); | |
114 | ||
ef1e59ed NT |
115 | @args = ('openssl', 'pkeyutl', '-verify', |
116 | '-inkey', $privkey, | |
117 | '-sigfile', $sigfile, | |
118 | '-in', $data_to_sign); | |
119 | push(@args, @extraopts); | |
120 | ok(run(app([@args])), | |
121 | $testtext.": Verify signature with private key"); | |
122 | ||
123 | @args = ('openssl', 'pkeyutl', '-verify', | |
d105a24c | 124 | '-keyform', 'PEM', |
ef1e59ed NT |
125 | '-inkey', $pubkey, '-pubin', |
126 | '-sigfile', $sigfile, | |
127 | '-in', $data_to_sign); | |
128 | push(@args, @extraopts); | |
129 | ok(run(app([@args])), | |
130 | $testtext.": Verify signature with public key"); | |
131 | ||
132 | @args = ('openssl', 'pkeyutl', '-verify', | |
133 | '-inkey', $pubkey, '-pubin', | |
134 | '-sigfile', $sigfile, | |
135 | '-in', $other_data); | |
136 | push(@args, @extraopts); | |
137 | ok(!run(app([@args])), | |
138 | $testtext.": Expect failure verifying mismatching data"); | |
ef1e59ed NT |
139 | } |
140 | ||
141 | SKIP: { | |
142 | skip "RSA is not supported by this OpenSSL build", 1 | |
143 | if disabled("rsa"); | |
144 | ||
145 | subtest "RSA CLI signature generation and verification" => sub { | |
146 | tsignverify("RSA", | |
147 | srctop_file("test","testrsa.pem"), | |
148 | srctop_file("test","testrsapub.pem"), | |
149 | "-rawin", "-digest", "sha256"); | |
150 | }; | |
6ceaf672 PG |
151 | |
152 | subtest "RSA CLI signature and verification with pkeyopt" => sub { | |
153 | tsignverify("RSA", | |
154 | srctop_file("test","testrsa.pem"), | |
155 | srctop_file("test","testrsapub.pem"), | |
156 | "-rawin", "-digest", "sha256", | |
157 | "-pkeyopt", "rsa_padding_mode:pss"); | |
158 | }; | |
ef1e59ed NT |
159 | } |
160 | ||
161 | SKIP: { | |
162 | skip "DSA is not supported by this OpenSSL build", 1 | |
163 | if disabled("dsa"); | |
164 | ||
165 | subtest "DSA CLI signature generation and verification" => sub { | |
166 | tsignverify("DSA", | |
167 | srctop_file("test","testdsa.pem"), | |
168 | srctop_file("test","testdsapub.pem"), | |
169 | "-rawin", "-digest", "sha256"); | |
170 | }; | |
171 | } | |
172 | ||
173 | SKIP: { | |
174 | skip "ECDSA is not supported by this OpenSSL build", 1 | |
175 | if disabled("ec"); | |
176 | ||
177 | subtest "ECDSA CLI signature generation and verification" => sub { | |
178 | tsignverify("ECDSA", | |
179 | srctop_file("test","testec-p256.pem"), | |
180 | srctop_file("test","testecpub-p256.pem"), | |
181 | "-rawin", "-digest", "sha256"); | |
182 | }; | |
183 | } | |
184 | ||
185 | SKIP: { | |
186 | skip "EdDSA is not supported by this OpenSSL build", 2 | |
4032cd9a | 187 | if disabled("ecx"); |
ef1e59ed NT |
188 | |
189 | subtest "Ed2559 CLI signature generation and verification" => sub { | |
190 | tsignverify("Ed25519", | |
191 | srctop_file("test","tested25519.pem"), | |
192 | srctop_file("test","tested25519pub.pem"), | |
193 | "-rawin"); | |
194 | }; | |
195 | ||
196 | subtest "Ed448 CLI signature generation and verification" => sub { | |
197 | tsignverify("Ed448", | |
198 | srctop_file("test","tested448.pem"), | |
199 | srctop_file("test","tested448pub.pem"), | |
200 | "-rawin"); | |
201 | }; | |
202 | } |