projects / thirdparty / openssl.git / blame
| Commit | Line | Data |
|---|---|---|
| a7cef52f | 1 | #! /usr/bin/env perl |
| da1c088f | 2 | # Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved. |
| a7cef52f PY |
3 | # |
| 4 | # Licensed under the Apache License 2.0 (the "License"). You may not use | |
| 5 | # this file except in compliance with the License. You can obtain a copy | |
| 6 | # in the file LICENSE in the source distribution or at | |
| 7 | # https://www.openssl.org/source/license.html | |
| 8 | ||
| 9 | use strict; | |
| 10 | use warnings; | |
| 11 | ||
| 12 | use File::Spec; | |
| 35746c79 | 13 | use File::Basename; |
| 10c25644 | 14 | use OpenSSL::Test qw/:DEFAULT srctop_file ok_nofips/; |
| a7cef52f | 15 | use OpenSSL::Test::Utils; |
| 810f7dc1 | 16 | use File::Compare qw/compare_text/; |
| a7cef52f PY |
17 | |
| 18 | setup("test_pkeyutl"); | |
| 19 | ||
| 810f7dc1 | 20 | plan tests => 14; |
| a7cef52f | 21 | |
| ee633ace MC |
22 | # For the tests below we use the cert itself as the TBS file |
| 23 | ||
| 24 | SKIP: { | |
| 810f7dc1 | 25 | skip "Skipping tests that require EC, SM2 or SM3", 4 |
| ee633ace MC |
26 | if disabled("ec") || disabled("sm2") || disabled("sm3"); |
| 27 | ||
| 28 | # SM2 | |
| fb2a6954 | 29 | ok_nofips(run(app(([ 'openssl', 'pkeyutl', '-sign', |
| 317ba78f | 30 | '-in', srctop_file('test', 'certs', 'sm2.pem'), |
| a7cef52f | 31 | '-inkey', srctop_file('test', 'certs', 'sm2.key'), |
| 35746c79 | 32 | '-out', 'sm2.sig', '-rawin', |
| fda127be | 33 | '-digest', 'sm3', '-pkeyopt', 'distid:someid']))), |
| ee633ace | 34 | "Sign a piece of data using SM2"); |
| fb2a6954 | 35 | ok_nofips(run(app(([ 'openssl', 'pkeyutl', |
| a10847c4 | 36 | '-verify', '-certin', |
| 317ba78f PY |
37 | '-in', srctop_file('test', 'certs', 'sm2.pem'), |
| 38 | '-inkey', srctop_file('test', 'certs', 'sm2.pem'), | |
| 35746c79 | 39 | '-sigfile', 'sm2.sig', '-rawin', |
| fda127be | 40 | '-digest', 'sm3', '-pkeyopt', 'distid:someid']))), |
| ee633ace | 41 | "Verify an SM2 signature against a piece of data"); |
| 810f7dc1 MC |
42 | ok_nofips(run(app(([ 'openssl', 'pkeyutl', '-encrypt', |
| 43 | '-in', srctop_file('test', 'data2.bin'), | |
| 44 | '-inkey', srctop_file('test', 'certs', 'sm2-pub.key'), | |
| 45 | '-pubin', '-out', 'sm2.enc']))), | |
| 46 | "Encrypt a piece of data using SM2"); | |
| 47 | ok_nofips(run(app(([ 'openssl', 'pkeyutl', '-decrypt', | |
| 48 | '-in', 'sm2.enc', | |
| 49 | '-inkey', srctop_file('test', 'certs', 'sm2.key'), | |
| 50 | '-out', 'sm2.dat']))) | |
| 51 | && compare_text('sm2.dat', | |
| 52 | srctop_file('test', 'data2.bin')) == 0, | |
| 53 | "Decrypt a piece of data using SM2"); | |
| a7cef52f PY |
54 | } |
| 55 | ||
| ed86f884 | 56 | SKIP: { |
| 4032cd9a YL |
57 | skip "Skipping tests that require ECX", 4 |
| 58 | if disabled("ecx"); | |
| ee633ace MC |
59 | |
| 60 | # Ed25519 | |
| 61 | ok(run(app(([ 'openssl', 'pkeyutl', '-sign', '-in', | |
| 62 | srctop_file('test', 'certs', 'server-ed25519-cert.pem'), | |
| 63 | '-inkey', srctop_file('test', 'certs', 'server-ed25519-key.pem'), | |
| 35746c79 | 64 | '-out', 'Ed25519.sig', '-rawin']))), |
| ee633ace MC |
65 | "Sign a piece of data using Ed25519"); |
| 66 | ok(run(app(([ 'openssl', 'pkeyutl', '-verify', '-certin', '-in', | |
| 67 | srctop_file('test', 'certs', 'server-ed25519-cert.pem'), | |
| 68 | '-inkey', srctop_file('test', 'certs', 'server-ed25519-cert.pem'), | |
| 35746c79 | 69 | '-sigfile', 'Ed25519.sig', '-rawin']))), |
| ee633ace | 70 | "Verify an Ed25519 signature against a piece of data"); |
| ed86f884 | 71 | |
| ee633ace MC |
72 | # Ed448 |
| 73 | ok(run(app(([ 'openssl', 'pkeyutl', '-sign', '-in', | |
| 74 | srctop_file('test', 'certs', 'server-ed448-cert.pem'), | |
| 75 | '-inkey', srctop_file('test', 'certs', 'server-ed448-key.pem'), | |
| 35746c79 | 76 | '-out', 'Ed448.sig', '-rawin']))), |
| ee633ace MC |
77 | "Sign a piece of data using Ed448"); |
| 78 | ok(run(app(([ 'openssl', 'pkeyutl', '-verify', '-certin', '-in', | |
| 79 | srctop_file('test', 'certs', 'server-ed448-cert.pem'), | |
| 80 | '-inkey', srctop_file('test', 'certs', 'server-ed448-cert.pem'), | |
| 35746c79 | 81 | '-sigfile', 'Ed448.sig', '-rawin']))), |
| ee633ace | 82 | "Verify an Ed448 signature against a piece of data"); |
| ed86f884 | 83 | } |
| a7cef52f | 84 | |
| ef1e59ed NT |
85 | sub tsignverify { |
| 86 | my $testtext = shift; | |
| 87 | my $privkey = shift; | |
| 88 | my $pubkey = shift; | |
| 89 | my @extraopts = @_; | |
| 90 | ||
| c150a948 RL |
91 | my $data_to_sign = srctop_file('test', 'data.bin'); |
| 92 | my $other_data = srctop_file('test', 'data2.bin'); | |
| 35746c79 | 93 | my $sigfile = basename($privkey, '.pem') . '.sig'; |
| ef1e59ed NT |
94 | |
| 95 | my @args = (); | |
| d105a24c | 96 | plan tests => 5; |
| ef1e59ed NT |
97 | |
| 98 | @args = ('openssl', 'pkeyutl', '-sign', | |
| 99 | '-inkey', $privkey, | |
| 100 | '-out', $sigfile, | |
| 101 | '-in', $data_to_sign); | |
| 102 | push(@args, @extraopts); | |
| 103 | ok(run(app([@args])), | |
| 104 | $testtext.": Generating signature"); | |
| 105 | ||
| d105a24c TM |
106 | @args = ('openssl', 'pkeyutl', '-sign', |
| 107 | '-inkey', $privkey, | |
| 108 | '-keyform', 'DER', | |
| 109 | '-out', $sigfile, | |
| 110 | '-in', $data_to_sign); | |
| 111 | push(@args, @extraopts); | |
| 112 | ok(!run(app([@args])), | |
| 113 | $testtext.": Checking that mismatching keyform fails"); | |
| 114 | ||
| ef1e59ed NT |
115 | @args = ('openssl', 'pkeyutl', '-verify', |
| 116 | '-inkey', $privkey, | |
| 117 | '-sigfile', $sigfile, | |
| 118 | '-in', $data_to_sign); | |
| 119 | push(@args, @extraopts); | |
| 120 | ok(run(app([@args])), | |
| 121 | $testtext.": Verify signature with private key"); | |
| 122 | ||
| 123 | @args = ('openssl', 'pkeyutl', '-verify', | |
| d105a24c | 124 | '-keyform', 'PEM', |
| ef1e59ed NT |
125 | '-inkey', $pubkey, '-pubin', |
| 126 | '-sigfile', $sigfile, | |
| 127 | '-in', $data_to_sign); | |
| 128 | push(@args, @extraopts); | |
| 129 | ok(run(app([@args])), | |
| 130 | $testtext.": Verify signature with public key"); | |
| 131 | ||
| 132 | @args = ('openssl', 'pkeyutl', '-verify', | |
| 133 | '-inkey', $pubkey, '-pubin', | |
| 134 | '-sigfile', $sigfile, | |
| 135 | '-in', $other_data); | |
| 136 | push(@args, @extraopts); | |
| 137 | ok(!run(app([@args])), | |
| 138 | $testtext.": Expect failure verifying mismatching data"); | |
| ef1e59ed NT |
139 | } |
| 140 | ||
| 141 | SKIP: { | |
| 142 | skip "RSA is not supported by this OpenSSL build", 1 | |
| 143 | if disabled("rsa"); | |
| 144 | ||
| 145 | subtest "RSA CLI signature generation and verification" => sub { | |
| 146 | tsignverify("RSA", | |
| 147 | srctop_file("test","testrsa.pem"), | |
| 148 | srctop_file("test","testrsapub.pem"), | |
| 149 | "-rawin", "-digest", "sha256"); | |
| 150 | }; | |
| 6ceaf672 PG |
151 | |
| 152 | subtest "RSA CLI signature and verification with pkeyopt" => sub { | |
| 153 | tsignverify("RSA", | |
| 154 | srctop_file("test","testrsa.pem"), | |
| 155 | srctop_file("test","testrsapub.pem"), | |
| 156 | "-rawin", "-digest", "sha256", | |
| 157 | "-pkeyopt", "rsa_padding_mode:pss"); | |
| 158 | }; | |
| ef1e59ed NT |
159 | } |
| 160 | ||
| 161 | SKIP: { | |
| 162 | skip "DSA is not supported by this OpenSSL build", 1 | |
| 163 | if disabled("dsa"); | |
| 164 | ||
| 165 | subtest "DSA CLI signature generation and verification" => sub { | |
| 166 | tsignverify("DSA", | |
| 167 | srctop_file("test","testdsa.pem"), | |
| 168 | srctop_file("test","testdsapub.pem"), | |
| 169 | "-rawin", "-digest", "sha256"); | |
| 170 | }; | |
| 171 | } | |
| 172 | ||
| 173 | SKIP: { | |
| 174 | skip "ECDSA is not supported by this OpenSSL build", 1 | |
| 175 | if disabled("ec"); | |
| 176 | ||
| 177 | subtest "ECDSA CLI signature generation and verification" => sub { | |
| 178 | tsignverify("ECDSA", | |
| 179 | srctop_file("test","testec-p256.pem"), | |
| 180 | srctop_file("test","testecpub-p256.pem"), | |
| 181 | "-rawin", "-digest", "sha256"); | |
| 182 | }; | |
| 183 | } | |
| 184 | ||
| 185 | SKIP: { | |
| 186 | skip "EdDSA is not supported by this OpenSSL build", 2 | |
| 4032cd9a | 187 | if disabled("ecx"); |
| ef1e59ed NT |
188 | |
| 189 | subtest "Ed2559 CLI signature generation and verification" => sub { | |
| 190 | tsignverify("Ed25519", | |
| 191 | srctop_file("test","tested25519.pem"), | |
| 192 | srctop_file("test","tested25519pub.pem"), | |
| 193 | "-rawin"); | |
| 194 | }; | |
| 195 | ||
| 196 | subtest "Ed448 CLI signature generation and verification" => sub { | |
| 197 | tsignverify("Ed448", | |
| 198 | srctop_file("test","tested448.pem"), | |
| 199 | srctop_file("test","tested448pub.pem"), | |
| 200 | "-rawin"); | |
| 201 | }; | |
| 202 | } |