]> git.ipfire.org Git - thirdparty/openssl.git/blob - test/recipes/20-test_pkeyutl.t
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Raise an error on syscall failure in tls_retry_write_records
[thirdparty/openssl.git] / test / recipes / 20-test_pkeyutl.t
1 #! /usr/bin/env perl
2 # Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved.
3 #
4 # Licensed under the Apache License 2.0 (the "License"). You may not use
5 # this file except in compliance with the License. You can obtain a copy
6 # in the file LICENSE in the source distribution or at
7 # https://www.openssl.org/source/license.html
8
9 use strict;
10 use warnings;
11
12 use File::Spec;
13 use File::Basename;
14 use OpenSSL::Test qw/:DEFAULT srctop_file ok_nofips/;
15 use OpenSSL::Test::Utils;
16 use File::Compare qw/compare_text/;
17
18 setup("test_pkeyutl");
19
20 plan tests => 14;
21
22 # For the tests below we use the cert itself as the TBS file
23
24 SKIP: {
25 skip "Skipping tests that require EC, SM2 or SM3", 4
26 if disabled("ec") || disabled("sm2") || disabled("sm3");
27
28 # SM2
29 ok_nofips(run(app(([ 'openssl', 'pkeyutl', '-sign',
30 '-in', srctop_file('test', 'certs', 'sm2.pem'),
31 '-inkey', srctop_file('test', 'certs', 'sm2.key'),
32 '-out', 'sm2.sig', '-rawin',
33 '-digest', 'sm3', '-pkeyopt', 'distid:someid']))),
34 "Sign a piece of data using SM2");
35 ok_nofips(run(app(([ 'openssl', 'pkeyutl',
36 '-verify', '-certin',
37 '-in', srctop_file('test', 'certs', 'sm2.pem'),
38 '-inkey', srctop_file('test', 'certs', 'sm2.pem'),
39 '-sigfile', 'sm2.sig', '-rawin',
40 '-digest', 'sm3', '-pkeyopt', 'distid:someid']))),
41 "Verify an SM2 signature against a piece of data");
42 ok_nofips(run(app(([ 'openssl', 'pkeyutl', '-encrypt',
43 '-in', srctop_file('test', 'data2.bin'),
44 '-inkey', srctop_file('test', 'certs', 'sm2-pub.key'),
45 '-pubin', '-out', 'sm2.enc']))),
46 "Encrypt a piece of data using SM2");
47 ok_nofips(run(app(([ 'openssl', 'pkeyutl', '-decrypt',
48 '-in', 'sm2.enc',
49 '-inkey', srctop_file('test', 'certs', 'sm2.key'),
50 '-out', 'sm2.dat'])))
51 && compare_text('sm2.dat',
52 srctop_file('test', 'data2.bin')) == 0,
53 "Decrypt a piece of data using SM2");
54 }
55
56 SKIP: {
57 skip "Skipping tests that require ECX", 4
58 if disabled("ecx");
59
60 # Ed25519
61 ok(run(app(([ 'openssl', 'pkeyutl', '-sign', '-in',
62 srctop_file('test', 'certs', 'server-ed25519-cert.pem'),
63 '-inkey', srctop_file('test', 'certs', 'server-ed25519-key.pem'),
64 '-out', 'Ed25519.sig', '-rawin']))),
65 "Sign a piece of data using Ed25519");
66 ok(run(app(([ 'openssl', 'pkeyutl', '-verify', '-certin', '-in',
67 srctop_file('test', 'certs', 'server-ed25519-cert.pem'),
68 '-inkey', srctop_file('test', 'certs', 'server-ed25519-cert.pem'),
69 '-sigfile', 'Ed25519.sig', '-rawin']))),
70 "Verify an Ed25519 signature against a piece of data");
71
72 # Ed448
73 ok(run(app(([ 'openssl', 'pkeyutl', '-sign', '-in',
74 srctop_file('test', 'certs', 'server-ed448-cert.pem'),
75 '-inkey', srctop_file('test', 'certs', 'server-ed448-key.pem'),
76 '-out', 'Ed448.sig', '-rawin']))),
77 "Sign a piece of data using Ed448");
78 ok(run(app(([ 'openssl', 'pkeyutl', '-verify', '-certin', '-in',
79 srctop_file('test', 'certs', 'server-ed448-cert.pem'),
80 '-inkey', srctop_file('test', 'certs', 'server-ed448-cert.pem'),
81 '-sigfile', 'Ed448.sig', '-rawin']))),
82 "Verify an Ed448 signature against a piece of data");
83 }
84
85 sub tsignverify {
86 my $testtext = shift;
87 my $privkey = shift;
88 my $pubkey = shift;
89 my @extraopts = @_;
90
91 my $data_to_sign = srctop_file('test', 'data.bin');
92 my $other_data = srctop_file('test', 'data2.bin');
93 my $sigfile = basename($privkey, '.pem') . '.sig';
94
95 my @args = ();
96 plan tests => 5;
97
98 @args = ('openssl', 'pkeyutl', '-sign',
99 '-inkey', $privkey,
100 '-out', $sigfile,
101 '-in', $data_to_sign);
102 push(@args, @extraopts);
103 ok(run(app([@args])),
104 $testtext.": Generating signature");
105
106 @args = ('openssl', 'pkeyutl', '-sign',
107 '-inkey', $privkey,
108 '-keyform', 'DER',
109 '-out', $sigfile,
110 '-in', $data_to_sign);
111 push(@args, @extraopts);
112 ok(!run(app([@args])),
113 $testtext.": Checking that mismatching keyform fails");
114
115 @args = ('openssl', 'pkeyutl', '-verify',
116 '-inkey', $privkey,
117 '-sigfile', $sigfile,
118 '-in', $data_to_sign);
119 push(@args, @extraopts);
120 ok(run(app([@args])),
121 $testtext.": Verify signature with private key");
122
123 @args = ('openssl', 'pkeyutl', '-verify',
124 '-keyform', 'PEM',
125 '-inkey', $pubkey, '-pubin',
126 '-sigfile', $sigfile,
127 '-in', $data_to_sign);
128 push(@args, @extraopts);
129 ok(run(app([@args])),
130 $testtext.": Verify signature with public key");
131
132 @args = ('openssl', 'pkeyutl', '-verify',
133 '-inkey', $pubkey, '-pubin',
134 '-sigfile', $sigfile,
135 '-in', $other_data);
136 push(@args, @extraopts);
137 ok(!run(app([@args])),
138 $testtext.": Expect failure verifying mismatching data");
139 }
140
141 SKIP: {
142 skip "RSA is not supported by this OpenSSL build", 1
143 if disabled("rsa");
144
145 subtest "RSA CLI signature generation and verification" => sub {
146 tsignverify("RSA",
147 srctop_file("test","testrsa.pem"),
148 srctop_file("test","testrsapub.pem"),
149 "-rawin", "-digest", "sha256");
150 };
151
152 subtest "RSA CLI signature and verification with pkeyopt" => sub {
153 tsignverify("RSA",
154 srctop_file("test","testrsa.pem"),
155 srctop_file("test","testrsapub.pem"),
156 "-rawin", "-digest", "sha256",
157 "-pkeyopt", "rsa_padding_mode:pss");
158 };
159 }
160
161 SKIP: {
162 skip "DSA is not supported by this OpenSSL build", 1
163 if disabled("dsa");
164
165 subtest "DSA CLI signature generation and verification" => sub {
166 tsignverify("DSA",
167 srctop_file("test","testdsa.pem"),
168 srctop_file("test","testdsapub.pem"),
169 "-rawin", "-digest", "sha256");
170 };
171 }
172
173 SKIP: {
174 skip "ECDSA is not supported by this OpenSSL build", 1
175 if disabled("ec");
176
177 subtest "ECDSA CLI signature generation and verification" => sub {
178 tsignverify("ECDSA",
179 srctop_file("test","testec-p256.pem"),
180 srctop_file("test","testecpub-p256.pem"),
181 "-rawin", "-digest", "sha256");
182 };
183 }
184
185 SKIP: {
186 skip "EdDSA is not supported by this OpenSSL build", 2
187 if disabled("ecx");
188
189 subtest "Ed2559 CLI signature generation and verification" => sub {
190 tsignverify("Ed25519",
191 srctop_file("test","tested25519.pem"),
192 srctop_file("test","tested25519pub.pem"),
193 "-rawin");
194 };
195
196 subtest "Ed448 CLI signature generation and verification" => sub {
197 tsignverify("Ed448",
198 srctop_file("test","tested448.pem"),
199 srctop_file("test","tested448pub.pem"),
200 "-rawin");
201 };
202 }
A mirror of the official openssl repository