[thirdparty/openssl.git] / test / recipes / 20-test_pkeyutl.t

#! /usr/bin/env perl
# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License").  You may not use
# this file except in compliance with the License.  You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html

use strict;
use warnings;

use File::Spec;
use File::Basename;
use OpenSSL::Test qw/:DEFAULT srctop_file ok_nofips/;
use OpenSSL::Test::Utils;

setup("test_pkeyutl");

plan tests => 11;

# For the tests below we use the cert itself as the TBS file

SKIP: {
    skip "Skipping tests that require EC, SM2 or SM3", 2
        if disabled("ec") || disabled("sm2") || disabled("sm3");

    # SM2
    ok_nofips(run(app(([ 'openssl', 'pkeyutl', '-sign',
                      '-in', srctop_file('test', 'certs', 'sm2.pem'),
                      '-inkey', srctop_file('test', 'certs', 'sm2.key'),
                      '-out', 'sm2.sig', '-rawin',
                      '-digest', 'sm3', '-pkeyopt', 'sm2_id:someid']))),
                      "Sign a piece of data using SM2");
    ok_nofips(run(app(([ 'openssl', 'pkeyutl', '-verify', '-certin',
                      '-in', srctop_file('test', 'certs', 'sm2.pem'),
                      '-inkey', srctop_file('test', 'certs', 'sm2.pem'),
                      '-sigfile', 'sm2.sig', '-rawin',
                      '-digest', 'sm3', '-pkeyopt', 'sm2_id:someid']))),
                      "Verify an SM2 signature against a piece of data");
}

SKIP: {
    skip "Skipping tests that require EC", 4
        if disabled("ec");

    # Ed25519
    ok(run(app(([ 'openssl', 'pkeyutl', '-sign', '-in',
                  srctop_file('test', 'certs', 'server-ed25519-cert.pem'),
                  '-inkey', srctop_file('test', 'certs', 'server-ed25519-key.pem'),
                  '-out', 'Ed25519.sig', '-rawin']))),
                  "Sign a piece of data using Ed25519");
    ok(run(app(([ 'openssl', 'pkeyutl', '-verify', '-certin', '-in',
                  srctop_file('test', 'certs', 'server-ed25519-cert.pem'),
                  '-inkey', srctop_file('test', 'certs', 'server-ed25519-cert.pem'),
                  '-sigfile', 'Ed25519.sig', '-rawin']))),
                  "Verify an Ed25519 signature against a piece of data");

    # Ed448
    ok(run(app(([ 'openssl', 'pkeyutl', '-sign', '-in',
                  srctop_file('test', 'certs', 'server-ed448-cert.pem'),
                  '-inkey', srctop_file('test', 'certs', 'server-ed448-key.pem'),
                  '-out', 'Ed448.sig', '-rawin']))),
                  "Sign a piece of data using Ed448");
    ok(run(app(([ 'openssl', 'pkeyutl', '-verify', '-certin', '-in',
                  srctop_file('test', 'certs', 'server-ed448-cert.pem'),
                  '-inkey', srctop_file('test', 'certs', 'server-ed448-cert.pem'),
                  '-sigfile', 'Ed448.sig', '-rawin']))),
                  "Verify an Ed448 signature against a piece of data");
}

sub tsignverify {
    my $testtext = shift;
    my $privkey = shift;
    my $pubkey = shift;
    my @extraopts = @_;

    my $data_to_sign = srctop_file('test', 'README');
    my $other_data = srctop_file('test', 'README.external');
    my $sigfile = basename($privkey, '.pem') . '.sig';

    my @args = ();
    plan tests => 4;

    @args = ('openssl', 'pkeyutl', '-sign',
             '-inkey', $privkey,
             '-out', $sigfile,
             '-in', $data_to_sign);
    push(@args, @extraopts);
    ok(run(app([@args])),
       $testtext.": Generating signature");

    @args = ('openssl', 'pkeyutl', '-verify',
             '-inkey', $privkey,
             '-sigfile', $sigfile,
             '-in', $data_to_sign);
    push(@args, @extraopts);
    ok(run(app([@args])),
       $testtext.": Verify signature with private key");

    @args = ('openssl', 'pkeyutl', '-verify',
             '-inkey', $pubkey, '-pubin',
             '-sigfile', $sigfile,
             '-in', $data_to_sign);
    push(@args, @extraopts);
    ok(run(app([@args])),
       $testtext.": Verify signature with public key");

    @args = ('openssl', 'pkeyutl', '-verify',
             '-inkey', $pubkey, '-pubin',
             '-sigfile', $sigfile,
             '-in', $other_data);
    push(@args, @extraopts);
    ok(!run(app([@args])),
       $testtext.": Expect failure verifying mismatching data");
}

SKIP: {
    skip "RSA is not supported by this OpenSSL build", 1
        if disabled("rsa");

    subtest "RSA CLI signature generation and verification" => sub {
        tsignverify("RSA",
                    srctop_file("test","testrsa.pem"),
                    srctop_file("test","testrsapub.pem"),
                    "-rawin", "-digest", "sha256");
    };
}

SKIP: {
    skip "DSA is not supported by this OpenSSL build", 1
        if disabled("dsa");

    subtest "DSA CLI signature generation and verification" => sub {
        tsignverify("DSA",
                    srctop_file("test","testdsa.pem"),
                    srctop_file("test","testdsapub.pem"),
                    "-rawin", "-digest", "sha256");
    };
}

SKIP: {
    skip "ECDSA is not supported by this OpenSSL build", 1
        if disabled("ec");

    subtest "ECDSA CLI signature generation and verification" => sub {
        tsignverify("ECDSA",
                    srctop_file("test","testec-p256.pem"),
                    srctop_file("test","testecpub-p256.pem"),
                    "-rawin", "-digest", "sha256");
    };
}

SKIP: {
    skip "EdDSA is not supported by this OpenSSL build", 2
        if disabled("ec");

    subtest "Ed2559 CLI signature generation and verification" => sub {
        tsignverify("Ed25519",
                    srctop_file("test","tested25519.pem"),
                    srctop_file("test","tested25519pub.pem"),
                    "-rawin");
    };

    subtest "Ed448 CLI signature generation and verification" => sub {
        tsignverify("Ed448",
                    srctop_file("test","tested448.pem"),
                    srctop_file("test","tested448pub.pem"),
                    "-rawin");
    };
}
Commit	Line	Data
a7cef52f PY	1	#! /usr/bin/env perl
	2	# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
	3	#
	4	# Licensed under the Apache License 2.0 (the "License"). You may not use
	5	# this file except in compliance with the License. You can obtain a copy
	6	# in the file LICENSE in the source distribution or at
	7	# https://www.openssl.org/source/license.html
	8
	9	use strict;
	10	use warnings;
	11
	12	use File::Spec;
35746c79	13	use File::Basename;
10c25644	14	use OpenSSL::Test qw/:DEFAULT srctop_file ok_nofips/;
a7cef52f PY	15	use OpenSSL::Test::Utils;
	16
	17	setup("test_pkeyutl");
	18
ef1e59ed	19	plan tests => 11;
a7cef52f	20
ee633ace MC	21	# For the tests below we use the cert itself as the TBS file
	22
	23	SKIP: {
	24	skip "Skipping tests that require EC, SM2 or SM3", 2
	25	if disabled("ec") \|\| disabled("sm2") \|\| disabled("sm3");
	26
	27	# SM2
10c25644	28	ok_nofips(run(app(([ 'openssl', 'pkeyutl', '-sign',
317ba78f	29	'-in', srctop_file('test', 'certs', 'sm2.pem'),
a7cef52f	30	'-inkey', srctop_file('test', 'certs', 'sm2.key'),
35746c79	31	'-out', 'sm2.sig', '-rawin',
ee633ace MC	32	'-digest', 'sm3', '-pkeyopt', 'sm2_id:someid']))),
ee633ace MC	33	"Sign a piece of data using SM2");
10c25644	34	ok_nofips(run(app(([ 'openssl', 'pkeyutl', '-verify', '-certin',
317ba78f PY	35	'-in', srctop_file('test', 'certs', 'sm2.pem'),
317ba78f PY	36	'-inkey', srctop_file('test', 'certs', 'sm2.pem'),
35746c79	37	'-sigfile', 'sm2.sig', '-rawin',
ee633ace MC	38	'-digest', 'sm3', '-pkeyopt', 'sm2_id:someid']))),
ee633ace MC	39	"Verify an SM2 signature against a piece of data");
a7cef52f PY	40	}
a7cef52f PY	41
ed86f884	42	SKIP: {
ee633ace MC	43	skip "Skipping tests that require EC", 4
	44	if disabled("ec");
	45
	46	# Ed25519
	47	ok(run(app(([ 'openssl', 'pkeyutl', '-sign', '-in',
	48	srctop_file('test', 'certs', 'server-ed25519-cert.pem'),
	49	'-inkey', srctop_file('test', 'certs', 'server-ed25519-key.pem'),
35746c79	50	'-out', 'Ed25519.sig', '-rawin']))),
ee633ace MC	51	"Sign a piece of data using Ed25519");
	52	ok(run(app(([ 'openssl', 'pkeyutl', '-verify', '-certin', '-in',
	53	srctop_file('test', 'certs', 'server-ed25519-cert.pem'),
	54	'-inkey', srctop_file('test', 'certs', 'server-ed25519-cert.pem'),
35746c79	55	'-sigfile', 'Ed25519.sig', '-rawin']))),
ee633ace	56	"Verify an Ed25519 signature against a piece of data");
ed86f884	57
ee633ace MC	58	# Ed448
	59	ok(run(app(([ 'openssl', 'pkeyutl', '-sign', '-in',
	60	srctop_file('test', 'certs', 'server-ed448-cert.pem'),
	61	'-inkey', srctop_file('test', 'certs', 'server-ed448-key.pem'),
35746c79	62	'-out', 'Ed448.sig', '-rawin']))),
ee633ace MC	63	"Sign a piece of data using Ed448");
	64	ok(run(app(([ 'openssl', 'pkeyutl', '-verify', '-certin', '-in',
	65	srctop_file('test', 'certs', 'server-ed448-cert.pem'),
	66	'-inkey', srctop_file('test', 'certs', 'server-ed448-cert.pem'),
35746c79	67	'-sigfile', 'Ed448.sig', '-rawin']))),
ee633ace	68	"Verify an Ed448 signature against a piece of data");
ed86f884	69	}
a7cef52f	70
ef1e59ed NT	71	sub tsignverify {
	72	my $testtext = shift;
	73	my $privkey = shift;
	74	my $pubkey = shift;
	75	my @extraopts = @_;
	76
	77	my $data_to_sign = srctop_file('test', 'README');
	78	my $other_data = srctop_file('test', 'README.external');
35746c79	79	my $sigfile = basename($privkey, '.pem') . '.sig';
ef1e59ed NT	80
	81	my @args = ();
	82	plan tests => 4;
	83
	84	@args = ('openssl', 'pkeyutl', '-sign',
	85	'-inkey', $privkey,
	86	'-out', $sigfile,
	87	'-in', $data_to_sign);
	88	push(@args, @extraopts);
	89	ok(run(app([@args])),
	90	$testtext.": Generating signature");
	91
	92	@args = ('openssl', 'pkeyutl', '-verify',
	93	'-inkey', $privkey,
	94	'-sigfile', $sigfile,
	95	'-in', $data_to_sign);
	96	push(@args, @extraopts);
	97	ok(run(app([@args])),
	98	$testtext.": Verify signature with private key");
	99
	100	@args = ('openssl', 'pkeyutl', '-verify',
	101	'-inkey', $pubkey, '-pubin',
	102	'-sigfile', $sigfile,
	103	'-in', $data_to_sign);
	104	push(@args, @extraopts);
	105	ok(run(app([@args])),
	106	$testtext.": Verify signature with public key");
	107
	108	@args = ('openssl', 'pkeyutl', '-verify',
	109	'-inkey', $pubkey, '-pubin',
	110	'-sigfile', $sigfile,
	111	'-in', $other_data);
	112	push(@args, @extraopts);
	113	ok(!run(app([@args])),
	114	$testtext.": Expect failure verifying mismatching data");
ef1e59ed NT	115	}
	116
	117	SKIP: {
	118	skip "RSA is not supported by this OpenSSL build", 1
	119	if disabled("rsa");
	120
	121	subtest "RSA CLI signature generation and verification" => sub {
	122	tsignverify("RSA",
	123	srctop_file("test","testrsa.pem"),
	124	srctop_file("test","testrsapub.pem"),
	125	"-rawin", "-digest", "sha256");
	126	};
	127	}
	128
	129	SKIP: {
	130	skip "DSA is not supported by this OpenSSL build", 1
	131	if disabled("dsa");
	132
	133	subtest "DSA CLI signature generation and verification" => sub {
	134	tsignverify("DSA",
	135	srctop_file("test","testdsa.pem"),
	136	srctop_file("test","testdsapub.pem"),
	137	"-rawin", "-digest", "sha256");
	138	};
	139	}
	140
	141	SKIP: {
	142	skip "ECDSA is not supported by this OpenSSL build", 1
	143	if disabled("ec");
	144
	145	subtest "ECDSA CLI signature generation and verification" => sub {
	146	tsignverify("ECDSA",
	147	srctop_file("test","testec-p256.pem"),
	148	srctop_file("test","testecpub-p256.pem"),
	149	"-rawin", "-digest", "sha256");
	150	};
	151	}
	152
	153	SKIP: {
	154	skip "EdDSA is not supported by this OpenSSL build", 2
	155	if disabled("ec");
	156
	157	subtest "Ed2559 CLI signature generation and verification" => sub {
	158	tsignverify("Ed25519",
	159	srctop_file("test","tested25519.pem"),
	160	srctop_file("test","tested25519pub.pem"),
	161	"-rawin");
	162	};
	163
	164	subtest "Ed448 CLI signature generation and verification" => sub {
	165	tsignverify("Ed448",
	166	srctop_file("test","tested448.pem"),
	167	srctop_file("test","tested448pub.pem"),
	168	"-rawin");
	169	};
	170	}