[thirdparty/openssl.git] / test / recipes / 15-test_rsapss.t

#! /usr/bin/env perl
# Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License").  You may not use
# this file except in compliance with the License.  You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html


use strict;
use warnings;

use File::Spec;
use OpenSSL::Test qw/:DEFAULT with srctop_file data_file/;
use OpenSSL::Test::Utils;

setup("test_rsapss");

plan tests => 16;

#using test/testrsa.pem which happens to be a 512 bit RSA
ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha1',
            '-sigopt', 'rsa_padding_mode:pss',
            '-sigopt', 'rsa_pss_saltlen:max',
            '-sigopt', 'rsa_mgf1_md:sha512',
            '-out', 'testrsapss-restricted.sig',
            srctop_file('test', 'testrsa.pem')])),
   "openssl dgst -sign [plain RSA key, PSS padding mode, PSS restrictions]");

ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha1',
            '-sigopt', 'rsa_padding_mode:pss',
            '-out', 'testrsapss-unrestricted.sig',
            srctop_file('test', 'testrsa.pem')])),
   "openssl dgst -sign [plain RSA key, PSS padding mode, no PSS restrictions]");

ok(!run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha512',
             '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:max',
             '-sigopt', 'rsa_mgf1_md:sha512', srctop_file('test', 'testrsa.pem')])),
   "openssl dgst -sign, expect to fail gracefully");

ok(!run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha512',
             '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:2147483647',
             '-sigopt', 'rsa_mgf1_md:sha1', srctop_file('test', 'testrsa.pem')])),
   "openssl dgst -sign, expect to fail gracefully");

ok(!run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'), '-sha512',
             '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:max',
             '-sigopt', 'rsa_mgf1_md:sha512', '-signature', 'testrsapss.sig',
             srctop_file('test', 'testrsa.pem')])),
   "openssl dgst -prverify, expect to fail gracefully");

ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'),
            '-sha1',
            '-sigopt', 'rsa_padding_mode:pss',
            '-sigopt', 'rsa_pss_saltlen:max',
            '-sigopt', 'rsa_mgf1_md:sha512',
            '-signature', 'testrsapss-restricted.sig',
            srctop_file('test', 'testrsa.pem')])),
   "openssl dgst -prverify [plain RSA key, PSS padding mode, PSS restrictions]");

ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'),
            '-sha1',
            '-sigopt', 'rsa_padding_mode:pss',
            '-sigopt', 'rsa_pss_saltlen:42',
            '-sigopt', 'rsa_mgf1_md:sha512',
            '-signature', 'testrsapss-restricted.sig',
            srctop_file('test', 'testrsa.pem')])),
   "openssl dgst -sign rsa512bit.pem -sha1 -sigopt rsa_pss_saltlen:max produces 42 bits of PSS salt");

ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'),
            '-sha1',
            '-sigopt', 'rsa_padding_mode:pss',
            '-sigopt', 'rsa_pss_saltlen:auto-digestmax',
            '-sigopt', 'rsa_mgf1_md:sha512',
            '-signature', 'testrsapss-restricted.sig',
            srctop_file('test', 'testrsa.pem')])),
   "openssl dgst -prverify rsa512bit.pem -sha1 -sigopt rsa_pss_saltlen:auto-digestmax verifies signatures with saltlen > digestlen");

ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'),
            '-sha1',
            '-sigopt', 'rsa_padding_mode:pss',
            '-signature', 'testrsapss-unrestricted.sig',
            srctop_file('test', 'testrsa.pem')])),
   "openssl dgst -prverify [plain RSA key, PSS padding mode, no PSS restrictions]");

ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha1',
            '-sigopt', 'rsa_padding_mode:pss',
            '-sigopt', 'rsa_pss_saltlen:auto-digestmax',
            '-out', 'testrsapss-sha1-autodigestmax.sig',
            srctop_file('test', 'testrsa.pem')])),
   "openssl dgst -sign -sha1 -rsa_pss_saltlen:auto-digestmax");
ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'), '-sha1',
            '-sigopt', 'rsa_padding_mode:pss',
            '-sigopt', 'rsa_pss_saltlen:20',
            '-signature', 'testrsapss-sha1-autodigestmax.sig',
            srctop_file('test', 'testrsa.pem')])),
   "openssl dgst -sign -sha1 -rsa_padding_mode:auto-digestmax produces 20 (i.e., digestlen) bits of PSS salt");

ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha256',
            '-sigopt', 'rsa_padding_mode:pss',
            '-sigopt', 'rsa_pss_saltlen:auto-digestmax',
            '-out', 'testrsapss-sha256-autodigestmax.sig',
            srctop_file('test', 'testrsa.pem')])),
   "openssl dgst -sign -sha256 -rsa_pss_saltlen:auto-digestmax");
ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'), '-sha256',
            '-sigopt', 'rsa_padding_mode:pss',
            '-sigopt', 'rsa_pss_saltlen:30',
            '-signature', 'testrsapss-sha256-autodigestmax.sig',
            srctop_file('test', 'testrsa.pem')])),
   "openssl dgst -sign rsa512bit.pem -sha256 -rsa_padding_mode:auto-digestmax produces 30 bits of PSS salt (due to 512bit key)");

# Test that RSA-PSS keys are supported by genpkey and rsa commands.
{
   my $rsapss = "rsapss.key";
   ok(run(app(['openssl', 'genpkey', '-algorithm', 'RSA-PSS',
               '-pkeyopt', 'rsa_keygen_bits:1024',
               '-pkeyopt', 'rsa_keygen_pubexp:65537',
               '-pkeyopt', 'rsa_keygen_primes:2',
               '--out', $rsapss])));
   ok(run(app(['openssl', 'rsa', '-check',
               '-in', $rsapss])));
}

ok(!run(app([ 'openssl', 'rsa',
             '-in' => data_file('negativesaltlen.pem')],
             '-out' => 'badout')));
Commit	Line	Data
5e047ebf	1	#! /usr/bin/env perl
da1c088f	2	# Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved.
5e047ebf	3	#
909f1a2e	4	# Licensed under the Apache License 2.0 (the "License"). You may not use
5e047ebf BE	5	# this file except in compliance with the License. You can obtain a copy
	6	# in the file LICENSE in the source distribution or at
	7	# https://www.openssl.org/source/license.html
	8
	9
	10	use strict;
	11	use warnings;
	12
	13	use File::Spec;
48320997	14	use OpenSSL::Test qw/:DEFAULT with srctop_file data_file/;
5e047ebf BE	15	use OpenSSL::Test::Utils;
	16
	17	setup("test_rsapss");
	18
6c73ca4a	19	plan tests => 16;
5e047ebf BE	20
	21	#using test/testrsa.pem which happens to be a 512 bit RSA
	22	ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha1',
d49be019 RL	23	'-sigopt', 'rsa_padding_mode:pss',
	24	'-sigopt', 'rsa_pss_saltlen:max',
	25	'-sigopt', 'rsa_mgf1_md:sha512',
	26	'-out', 'testrsapss-restricted.sig',
d8f9213a	27	srctop_file('test', 'testrsa.pem')])),
d49be019 RL	28	"openssl dgst -sign [plain RSA key, PSS padding mode, PSS restrictions]");
	29
	30	ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha1',
	31	'-sigopt', 'rsa_padding_mode:pss',
	32	'-out', 'testrsapss-unrestricted.sig',
	33	srctop_file('test', 'testrsa.pem')])),
	34	"openssl dgst -sign [plain RSA key, PSS padding mode, no PSS restrictions]");
5e047ebf	35
67eacb60 TM	36	ok(!run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha512',
	37	'-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:max',
	38	'-sigopt', 'rsa_mgf1_md:sha512', srctop_file('test', 'testrsa.pem')])),
	39	"openssl dgst -sign, expect to fail gracefully");
	40
	41	ok(!run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha512',
	42	'-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:2147483647',
	43	'-sigopt', 'rsa_mgf1_md:sha1', srctop_file('test', 'testrsa.pem')])),
	44	"openssl dgst -sign, expect to fail gracefully");
	45
	46	ok(!run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'), '-sha512',
	47	'-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:max',
	48	'-sigopt', 'rsa_mgf1_md:sha512', '-signature', 'testrsapss.sig',
	49	srctop_file('test', 'testrsa.pem')])),
	50	"openssl dgst -prverify, expect to fail gracefully");
5e047ebf	51
d49be019 RL	52	ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'),
	53	'-sha1',
	54	'-sigopt', 'rsa_padding_mode:pss',
	55	'-sigopt', 'rsa_pss_saltlen:max',
	56	'-sigopt', 'rsa_mgf1_md:sha512',
	57	'-signature', 'testrsapss-restricted.sig',
	58	srctop_file('test', 'testrsa.pem')])),
	59	"openssl dgst -prverify [plain RSA key, PSS padding mode, PSS restrictions]");
	60
5a3bbe17 CL	61	ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'),
	62	'-sha1',
	63	'-sigopt', 'rsa_padding_mode:pss',
	64	'-sigopt', 'rsa_pss_saltlen:42',
	65	'-sigopt', 'rsa_mgf1_md:sha512',
	66	'-signature', 'testrsapss-restricted.sig',
	67	srctop_file('test', 'testrsa.pem')])),
	68	"openssl dgst -sign rsa512bit.pem -sha1 -sigopt rsa_pss_saltlen:max produces 42 bits of PSS salt");
	69
6c73ca4a CL	70	ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'),
	71	'-sha1',
	72	'-sigopt', 'rsa_padding_mode:pss',
	73	'-sigopt', 'rsa_pss_saltlen:auto-digestmax',
	74	'-sigopt', 'rsa_mgf1_md:sha512',
	75	'-signature', 'testrsapss-restricted.sig',
	76	srctop_file('test', 'testrsa.pem')])),
	77	"openssl dgst -prverify rsa512bit.pem -sha1 -sigopt rsa_pss_saltlen:auto-digestmax verifies signatures with saltlen > digestlen");
	78
d49be019 RL	79	ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'),
	80	'-sha1',
	81	'-sigopt', 'rsa_padding_mode:pss',
	82	'-signature', 'testrsapss-unrestricted.sig',
5e047ebf	83	srctop_file('test', 'testrsa.pem')])),
d49be019	84	"openssl dgst -prverify [plain RSA key, PSS padding mode, no PSS restrictions]");
388d6f45	85
6c73ca4a CL	86	ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha1',
	87	'-sigopt', 'rsa_padding_mode:pss',
	88	'-sigopt', 'rsa_pss_saltlen:auto-digestmax',
	89	'-out', 'testrsapss-sha1-autodigestmax.sig',
	90	srctop_file('test', 'testrsa.pem')])),
	91	"openssl dgst -sign -sha1 -rsa_pss_saltlen:auto-digestmax");
	92	ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'), '-sha1',
	93	'-sigopt', 'rsa_padding_mode:pss',
	94	'-sigopt', 'rsa_pss_saltlen:20',
	95	'-signature', 'testrsapss-sha1-autodigestmax.sig',
	96	srctop_file('test', 'testrsa.pem')])),
	97	"openssl dgst -sign -sha1 -rsa_padding_mode:auto-digestmax produces 20 (i.e., digestlen) bits of PSS salt");
	98
	99	ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha256',
	100	'-sigopt', 'rsa_padding_mode:pss',
	101	'-sigopt', 'rsa_pss_saltlen:auto-digestmax',
	102	'-out', 'testrsapss-sha256-autodigestmax.sig',
	103	srctop_file('test', 'testrsa.pem')])),
	104	"openssl dgst -sign -sha256 -rsa_pss_saltlen:auto-digestmax");
	105	ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'), '-sha256',
	106	'-sigopt', 'rsa_padding_mode:pss',
	107	'-sigopt', 'rsa_pss_saltlen:30',
	108	'-signature', 'testrsapss-sha256-autodigestmax.sig',
	109	srctop_file('test', 'testrsa.pem')])),
	110	"openssl dgst -sign rsa512bit.pem -sha256 -rsa_padding_mode:auto-digestmax produces 30 bits of PSS salt (due to 512bit key)");
	111
388d6f45 DF	112	# Test that RSA-PSS keys are supported by genpkey and rsa commands.
	113	{
	114	my $rsapss = "rsapss.key";
	115	ok(run(app(['openssl', 'genpkey', '-algorithm', 'RSA-PSS',
	116	'-pkeyopt', 'rsa_keygen_bits:1024',
e2c2cca4 IF	117	'-pkeyopt', 'rsa_keygen_pubexp:65537',
e2c2cca4 IF	118	'-pkeyopt', 'rsa_keygen_primes:2',
388d6f45 DF	119	'--out', $rsapss])));
	120	ok(run(app(['openssl', 'rsa', '-check',
	121	'-in', $rsapss])));
	122	}
48320997 DF	123
	124	ok(!run(app([ 'openssl', 'rsa',
	125	'-in' => data_file('negativesaltlen.pem')],
	126	'-out' => 'badout')));