]>
Commit | Line | Data |
---|---|---|
a7cef52f PY |
1 | #! /usr/bin/env perl |
2 | # Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. | |
3 | # | |
4 | # Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | # this file except in compliance with the License. You can obtain a copy | |
6 | # in the file LICENSE in the source distribution or at | |
7 | # https://www.openssl.org/source/license.html | |
8 | ||
9 | use strict; | |
10 | use warnings; | |
11 | ||
12 | use File::Spec; | |
35746c79 | 13 | use File::Basename; |
10c25644 | 14 | use OpenSSL::Test qw/:DEFAULT srctop_file ok_nofips/; |
a7cef52f PY |
15 | use OpenSSL::Test::Utils; |
16 | ||
17 | setup("test_pkeyutl"); | |
18 | ||
ef1e59ed | 19 | plan tests => 11; |
a7cef52f | 20 | |
ee633ace MC |
21 | # For the tests below we use the cert itself as the TBS file |
22 | ||
23 | SKIP: { | |
24 | skip "Skipping tests that require EC, SM2 or SM3", 2 | |
25 | if disabled("ec") || disabled("sm2") || disabled("sm3"); | |
26 | ||
27 | # SM2 | |
10c25644 | 28 | ok_nofips(run(app(([ 'openssl', 'pkeyutl', '-sign', |
317ba78f | 29 | '-in', srctop_file('test', 'certs', 'sm2.pem'), |
a7cef52f | 30 | '-inkey', srctop_file('test', 'certs', 'sm2.key'), |
35746c79 | 31 | '-out', 'sm2.sig', '-rawin', |
ee633ace MC |
32 | '-digest', 'sm3', '-pkeyopt', 'sm2_id:someid']))), |
33 | "Sign a piece of data using SM2"); | |
10c25644 | 34 | ok_nofips(run(app(([ 'openssl', 'pkeyutl', '-verify', '-certin', |
317ba78f PY |
35 | '-in', srctop_file('test', 'certs', 'sm2.pem'), |
36 | '-inkey', srctop_file('test', 'certs', 'sm2.pem'), | |
35746c79 | 37 | '-sigfile', 'sm2.sig', '-rawin', |
ee633ace MC |
38 | '-digest', 'sm3', '-pkeyopt', 'sm2_id:someid']))), |
39 | "Verify an SM2 signature against a piece of data"); | |
a7cef52f PY |
40 | } |
41 | ||
ed86f884 | 42 | SKIP: { |
ee633ace MC |
43 | skip "Skipping tests that require EC", 4 |
44 | if disabled("ec"); | |
45 | ||
46 | # Ed25519 | |
47 | ok(run(app(([ 'openssl', 'pkeyutl', '-sign', '-in', | |
48 | srctop_file('test', 'certs', 'server-ed25519-cert.pem'), | |
49 | '-inkey', srctop_file('test', 'certs', 'server-ed25519-key.pem'), | |
35746c79 | 50 | '-out', 'Ed25519.sig', '-rawin']))), |
ee633ace MC |
51 | "Sign a piece of data using Ed25519"); |
52 | ok(run(app(([ 'openssl', 'pkeyutl', '-verify', '-certin', '-in', | |
53 | srctop_file('test', 'certs', 'server-ed25519-cert.pem'), | |
54 | '-inkey', srctop_file('test', 'certs', 'server-ed25519-cert.pem'), | |
35746c79 | 55 | '-sigfile', 'Ed25519.sig', '-rawin']))), |
ee633ace | 56 | "Verify an Ed25519 signature against a piece of data"); |
ed86f884 | 57 | |
ee633ace MC |
58 | # Ed448 |
59 | ok(run(app(([ 'openssl', 'pkeyutl', '-sign', '-in', | |
60 | srctop_file('test', 'certs', 'server-ed448-cert.pem'), | |
61 | '-inkey', srctop_file('test', 'certs', 'server-ed448-key.pem'), | |
35746c79 | 62 | '-out', 'Ed448.sig', '-rawin']))), |
ee633ace MC |
63 | "Sign a piece of data using Ed448"); |
64 | ok(run(app(([ 'openssl', 'pkeyutl', '-verify', '-certin', '-in', | |
65 | srctop_file('test', 'certs', 'server-ed448-cert.pem'), | |
66 | '-inkey', srctop_file('test', 'certs', 'server-ed448-cert.pem'), | |
35746c79 | 67 | '-sigfile', 'Ed448.sig', '-rawin']))), |
ee633ace | 68 | "Verify an Ed448 signature against a piece of data"); |
ed86f884 | 69 | } |
a7cef52f | 70 | |
ef1e59ed NT |
71 | sub tsignverify { |
72 | my $testtext = shift; | |
73 | my $privkey = shift; | |
74 | my $pubkey = shift; | |
75 | my @extraopts = @_; | |
76 | ||
77 | my $data_to_sign = srctop_file('test', 'README'); | |
78 | my $other_data = srctop_file('test', 'README.external'); | |
35746c79 | 79 | my $sigfile = basename($privkey, '.pem') . '.sig'; |
ef1e59ed NT |
80 | |
81 | my @args = (); | |
82 | plan tests => 4; | |
83 | ||
84 | @args = ('openssl', 'pkeyutl', '-sign', | |
85 | '-inkey', $privkey, | |
86 | '-out', $sigfile, | |
87 | '-in', $data_to_sign); | |
88 | push(@args, @extraopts); | |
89 | ok(run(app([@args])), | |
90 | $testtext.": Generating signature"); | |
91 | ||
92 | @args = ('openssl', 'pkeyutl', '-verify', | |
93 | '-inkey', $privkey, | |
94 | '-sigfile', $sigfile, | |
95 | '-in', $data_to_sign); | |
96 | push(@args, @extraopts); | |
97 | ok(run(app([@args])), | |
98 | $testtext.": Verify signature with private key"); | |
99 | ||
100 | @args = ('openssl', 'pkeyutl', '-verify', | |
101 | '-inkey', $pubkey, '-pubin', | |
102 | '-sigfile', $sigfile, | |
103 | '-in', $data_to_sign); | |
104 | push(@args, @extraopts); | |
105 | ok(run(app([@args])), | |
106 | $testtext.": Verify signature with public key"); | |
107 | ||
108 | @args = ('openssl', 'pkeyutl', '-verify', | |
109 | '-inkey', $pubkey, '-pubin', | |
110 | '-sigfile', $sigfile, | |
111 | '-in', $other_data); | |
112 | push(@args, @extraopts); | |
113 | ok(!run(app([@args])), | |
114 | $testtext.": Expect failure verifying mismatching data"); | |
ef1e59ed NT |
115 | } |
116 | ||
117 | SKIP: { | |
118 | skip "RSA is not supported by this OpenSSL build", 1 | |
119 | if disabled("rsa"); | |
120 | ||
121 | subtest "RSA CLI signature generation and verification" => sub { | |
122 | tsignverify("RSA", | |
123 | srctop_file("test","testrsa.pem"), | |
124 | srctop_file("test","testrsapub.pem"), | |
125 | "-rawin", "-digest", "sha256"); | |
126 | }; | |
127 | } | |
128 | ||
129 | SKIP: { | |
130 | skip "DSA is not supported by this OpenSSL build", 1 | |
131 | if disabled("dsa"); | |
132 | ||
133 | subtest "DSA CLI signature generation and verification" => sub { | |
134 | tsignverify("DSA", | |
135 | srctop_file("test","testdsa.pem"), | |
136 | srctop_file("test","testdsapub.pem"), | |
137 | "-rawin", "-digest", "sha256"); | |
138 | }; | |
139 | } | |
140 | ||
141 | SKIP: { | |
142 | skip "ECDSA is not supported by this OpenSSL build", 1 | |
143 | if disabled("ec"); | |
144 | ||
145 | subtest "ECDSA CLI signature generation and verification" => sub { | |
146 | tsignverify("ECDSA", | |
147 | srctop_file("test","testec-p256.pem"), | |
148 | srctop_file("test","testecpub-p256.pem"), | |
149 | "-rawin", "-digest", "sha256"); | |
150 | }; | |
151 | } | |
152 | ||
153 | SKIP: { | |
154 | skip "EdDSA is not supported by this OpenSSL build", 2 | |
155 | if disabled("ec"); | |
156 | ||
157 | subtest "Ed2559 CLI signature generation and verification" => sub { | |
158 | tsignverify("Ed25519", | |
159 | srctop_file("test","tested25519.pem"), | |
160 | srctop_file("test","tested25519pub.pem"), | |
161 | "-rawin"); | |
162 | }; | |
163 | ||
164 | subtest "Ed448 CLI signature generation and verification" => sub { | |
165 | tsignverify("Ed448", | |
166 | srctop_file("test","tested448.pem"), | |
167 | srctop_file("test","tested448pub.pem"), | |
168 | "-rawin"); | |
169 | }; | |
170 | } |