]> git.ipfire.org Git - thirdparty/openssl.git/blob - test/recipes/20-test_pkeyutl.t
projects / thirdparty / openssl.git / blob
? search:


7f2ff029baceb0fd1dac1c75d6dc065fbd60fa22
[thirdparty/openssl.git] / test / recipes / 20-test_pkeyutl.t
1 #! /usr/bin/env perl
2 # Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved.
3 #
4 # Licensed under the Apache License 2.0 (the "License"). You may not use
5 # this file except in compliance with the License. You can obtain a copy
6 # in the file LICENSE in the source distribution or at
7 # https://www.openssl.org/source/license.html
8
9 use strict;
10 use warnings;
11
12 use File::Spec;
13 use File::Basename;
14 use OpenSSL::Test qw/:DEFAULT srctop_file ok_nofips/;
15 use OpenSSL::Test::Utils;
16
17 setup("test_pkeyutl");
18
19 plan tests => 12;
20
21 # For the tests below we use the cert itself as the TBS file
22
23 SKIP: {
24 skip "Skipping tests that require EC, SM2 or SM3", 2
25 if disabled("ec") || disabled("sm2") || disabled("sm3");
26
27 # SM2
28 ok_nofips(run(app(([ 'openssl', 'pkeyutl', '-sign',
29 '-in', srctop_file('test', 'certs', 'sm2.pem'),
30 '-inkey', srctop_file('test', 'certs', 'sm2.key'),
31 '-out', 'sm2.sig', '-rawin',
32 '-digest', 'sm3', '-pkeyopt', 'distid:someid']))),
33 "Sign a piece of data using SM2");
34 ok_nofips(run(app(([ 'openssl', 'pkeyutl',
35 '-verify', '-certin',
36 '-in', srctop_file('test', 'certs', 'sm2.pem'),
37 '-inkey', srctop_file('test', 'certs', 'sm2.pem'),
38 '-sigfile', 'sm2.sig', '-rawin',
39 '-digest', 'sm3', '-pkeyopt', 'distid:someid']))),
40 "Verify an SM2 signature against a piece of data");
41 }
42
43 SKIP: {
44 skip "Skipping tests that require EC", 4
45 if disabled("ec");
46
47 # Ed25519
48 ok(run(app(([ 'openssl', 'pkeyutl', '-sign', '-in',
49 srctop_file('test', 'certs', 'server-ed25519-cert.pem'),
50 '-inkey', srctop_file('test', 'certs', 'server-ed25519-key.pem'),
51 '-out', 'Ed25519.sig', '-rawin']))),
52 "Sign a piece of data using Ed25519");
53 ok(run(app(([ 'openssl', 'pkeyutl', '-verify', '-certin', '-in',
54 srctop_file('test', 'certs', 'server-ed25519-cert.pem'),
55 '-inkey', srctop_file('test', 'certs', 'server-ed25519-cert.pem'),
56 '-sigfile', 'Ed25519.sig', '-rawin']))),
57 "Verify an Ed25519 signature against a piece of data");
58
59 # Ed448
60 ok(run(app(([ 'openssl', 'pkeyutl', '-sign', '-in',
61 srctop_file('test', 'certs', 'server-ed448-cert.pem'),
62 '-inkey', srctop_file('test', 'certs', 'server-ed448-key.pem'),
63 '-out', 'Ed448.sig', '-rawin']))),
64 "Sign a piece of data using Ed448");
65 ok(run(app(([ 'openssl', 'pkeyutl', '-verify', '-certin', '-in',
66 srctop_file('test', 'certs', 'server-ed448-cert.pem'),
67 '-inkey', srctop_file('test', 'certs', 'server-ed448-cert.pem'),
68 '-sigfile', 'Ed448.sig', '-rawin']))),
69 "Verify an Ed448 signature against a piece of data");
70 }
71
72 sub tsignverify {
73 my $testtext = shift;
74 my $privkey = shift;
75 my $pubkey = shift;
76 my @extraopts = @_;
77
78 my $data_to_sign = srctop_file('test', 'data.bin');
79 my $other_data = srctop_file('test', 'data2.bin');
80 my $sigfile = basename($privkey, '.pem') . '.sig';
81
82 my @args = ();
83 plan tests => 4;
84
85 @args = ('openssl', 'pkeyutl', '-sign',
86 '-inkey', $privkey,
87 '-out', $sigfile,
88 '-in', $data_to_sign);
89 push(@args, @extraopts);
90 ok(run(app([@args])),
91 $testtext.": Generating signature");
92
93 @args = ('openssl', 'pkeyutl', '-verify',
94 '-inkey', $privkey,
95 '-sigfile', $sigfile,
96 '-in', $data_to_sign);
97 push(@args, @extraopts);
98 ok(run(app([@args])),
99 $testtext.": Verify signature with private key");
100
101 @args = ('openssl', 'pkeyutl', '-verify',
102 '-inkey', $pubkey, '-pubin',
103 '-sigfile', $sigfile,
104 '-in', $data_to_sign);
105 push(@args, @extraopts);
106 ok(run(app([@args])),
107 $testtext.": Verify signature with public key");
108
109 @args = ('openssl', 'pkeyutl', '-verify',
110 '-inkey', $pubkey, '-pubin',
111 '-sigfile', $sigfile,
112 '-in', $other_data);
113 push(@args, @extraopts);
114 ok(!run(app([@args])),
115 $testtext.": Expect failure verifying mismatching data");
116 }
117
118 SKIP: {
119 skip "RSA is not supported by this OpenSSL build", 1
120 if disabled("rsa");
121
122 subtest "RSA CLI signature generation and verification" => sub {
123 tsignverify("RSA",
124 srctop_file("test","testrsa.pem"),
125 srctop_file("test","testrsapub.pem"),
126 "-rawin", "-digest", "sha256");
127 };
128
129 subtest "RSA CLI signature and verification with pkeyopt" => sub {
130 tsignverify("RSA",
131 srctop_file("test","testrsa.pem"),
132 srctop_file("test","testrsapub.pem"),
133 "-rawin", "-digest", "sha256",
134 "-pkeyopt", "rsa_padding_mode:pss");
135 };
136 }
137
138 SKIP: {
139 skip "DSA is not supported by this OpenSSL build", 1
140 if disabled("dsa");
141
142 subtest "DSA CLI signature generation and verification" => sub {
143 tsignverify("DSA",
144 srctop_file("test","testdsa.pem"),
145 srctop_file("test","testdsapub.pem"),
146 "-rawin", "-digest", "sha256");
147 };
148 }
149
150 SKIP: {
151 skip "ECDSA is not supported by this OpenSSL build", 1
152 if disabled("ec");
153
154 subtest "ECDSA CLI signature generation and verification" => sub {
155 tsignverify("ECDSA",
156 srctop_file("test","testec-p256.pem"),
157 srctop_file("test","testecpub-p256.pem"),
158 "-rawin", "-digest", "sha256");
159 };
160 }
161
162 SKIP: {
163 skip "EdDSA is not supported by this OpenSSL build", 2
164 if disabled("ec");
165
166 subtest "Ed2559 CLI signature generation and verification" => sub {
167 tsignverify("Ed25519",
168 srctop_file("test","tested25519.pem"),
169 srctop_file("test","tested25519pub.pem"),
170 "-rawin");
171 };
172
173 subtest "Ed448 CLI signature generation and verification" => sub {
174 tsignverify("Ed448",
175 srctop_file("test","tested448.pem"),
176 srctop_file("test","tested448pub.pem"),
177 "-rawin");
178 };
179 }
A mirror of the official openssl repository