test/recipes/15-test_rsapss.t

   1 #! /usr/bin/env perl
   2 # Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
   3 #
   4 # Licensed under the Apache License 2.0 (the "License").  You may not use
   5 # this file except in compliance with the License.  You can obtain a copy
   6 # in the file LICENSE in the source distribution or at
   7 # https://www.openssl.org/source/license.html
   8
   9
  10 use strict;
  11 use warnings;
  12
  13 use File::Spec;
  14 use OpenSSL::Test qw/:DEFAULT with srctop_file/;
  15 use OpenSSL::Test::Utils;
  16
  17 setup("test_rsapss");
  18
  19 plan tests => 9;
  20
  21 #using test/testrsa.pem which happens to be a 512 bit RSA
  22 ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha1',
  23             '-sigopt', 'rsa_padding_mode:pss',
  24             '-sigopt', 'rsa_pss_saltlen:max',
  25             '-sigopt', 'rsa_mgf1_md:sha512',
  26             '-out', 'testrsapss-restricted.sig',
  27             srctop_file('test', 'testrsa.pem')])),
  28    "openssl dgst -sign [plain RSA key, PSS padding mode, PSS restrictions]");
  29
  30 ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha1',
  31             '-sigopt', 'rsa_padding_mode:pss',
  32             '-out', 'testrsapss-unrestricted.sig',
  33             srctop_file('test', 'testrsa.pem')])),
  34    "openssl dgst -sign [plain RSA key, PSS padding mode, no PSS restrictions]");
  35
  36 ok(!run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha512',
  37              '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:max',
  38              '-sigopt', 'rsa_mgf1_md:sha512', srctop_file('test', 'testrsa.pem')])),
  39    "openssl dgst -sign, expect to fail gracefully");
  40
  41 ok(!run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha512',
  42              '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:2147483647',
  43              '-sigopt', 'rsa_mgf1_md:sha1', srctop_file('test', 'testrsa.pem')])),
  44    "openssl dgst -sign, expect to fail gracefully");
  45
  46 ok(!run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'), '-sha512',
  47              '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:max',
  48              '-sigopt', 'rsa_mgf1_md:sha512', '-signature', 'testrsapss.sig',
  49              srctop_file('test', 'testrsa.pem')])),
  50    "openssl dgst -prverify, expect to fail gracefully");
  51
  52 ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'),
  53             '-sha1',
  54             '-sigopt', 'rsa_padding_mode:pss',
  55             '-sigopt', 'rsa_pss_saltlen:max',
  56             '-sigopt', 'rsa_mgf1_md:sha512',
  57             '-signature', 'testrsapss-restricted.sig',
  58             srctop_file('test', 'testrsa.pem')])),
  59    "openssl dgst -prverify [plain RSA key, PSS padding mode, PSS restrictions]");
  60
  61 ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'),
  62             '-sha1',
  63             '-sigopt', 'rsa_padding_mode:pss',
  64             '-signature', 'testrsapss-unrestricted.sig',
  65             srctop_file('test', 'testrsa.pem')])),
  66    "openssl dgst -prverify [plain RSA key, PSS padding mode, no PSS restrictions]");
  67
  68 # Test that RSA-PSS keys are supported by genpkey and rsa commands.
  69 {
  70    my $rsapss = "rsapss.key";
  71    ok(run(app(['openssl', 'genpkey', '-algorithm', 'RSA-PSS',
  72                '-pkeyopt', 'rsa_keygen_bits:1024',
  73                '--out', $rsapss])));
  74    ok(run(app(['openssl', 'rsa', '-check',
  75                '-in', $rsapss])));
  76 }