From: Nicola Tuveri Date: Mon, 11 Nov 2019 13:52:52 +0000 (+0200) Subject: More testing for sign/verify through `dgst` X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=e7bab429fb2f043165838496fb58aa257235dbe1;p=oweals%2Fopenssl.git More testing for sign/verify through `dgst` Add tests for signature generation and verification with `dgst` CLI for common key types: - RSA - DSA - ECDSA (cherry picked from commit ef1e59ed833e8ed1d5f4de5b0c734da8561890e3) This is a backport from https://github.com/openssl/openssl/pull/10410. Support for testing EdDSA through `pkeyutl` was dropped as the required `-rawin` option is not supported in 1.1.1. Fixes #10687 Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/11939) --- diff --git a/test/recipes/20-test_dgst.t b/test/recipes/20-test_dgst.t new file mode 100644 index 0000000000..1080770f53 --- /dev/null +++ b/test/recipes/20-test_dgst.t @@ -0,0 +1,104 @@ +#! /usr/bin/env perl +# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use strict; +use warnings; + +use File::Spec; +use OpenSSL::Test qw/:DEFAULT with srctop_file/; +use OpenSSL::Test::Utils; + +setup("test_dgst"); + +plan tests => 5; + +sub tsignverify { + my $testtext = shift; + my $privkey = shift; + my $pubkey = shift; + + my $data_to_sign = srctop_file('test', 'README'); + my $other_data = srctop_file('test', 'README.external'); + + plan tests => 4; + + ok(run(app(['openssl', 'dgst', '-sign', $privkey, + '-out', 'testdgst.sig', + $data_to_sign])), + $testtext.": Generating signature"); + + ok(run(app(['openssl', 'dgst', '-prverify', $privkey, + '-signature', 'testdgst.sig', + $data_to_sign])), + $testtext.": Verify signature with private key"); + + ok(run(app(['openssl', 'dgst', '-verify', $pubkey, + '-signature', 'testdgst.sig', + $data_to_sign])), + $testtext.": Verify signature with public key"); + + ok(!run(app(['openssl', 'dgst', '-verify', $pubkey, + '-signature', 'testdgst.sig', + $other_data])), + $testtext.": Expect failure verifying mismatching data"); + + unlink 'testdgst.sig'; +} + +SKIP: { + skip "RSA is not supported by this OpenSSL build", 1 + if disabled("rsa"); + + subtest "RSA signature generation and verification with `dgst` CLI" => sub { + tsignverify("RSA", + srctop_file("test","testrsa.pem"), + srctop_file("test","testrsapub.pem")); + }; +} + +SKIP: { + skip "DSA is not supported by this OpenSSL build", 1 + if disabled("dsa"); + + subtest "DSA signature generation and verification with `dgst` CLI" => sub { + tsignverify("DSA", + srctop_file("test","testdsa.pem"), + srctop_file("test","testdsapub.pem")); + }; +} + +SKIP: { + skip "ECDSA is not supported by this OpenSSL build", 1 + if disabled("ec"); + + subtest "ECDSA signature generation and verification with `dgst` CLI" => sub { + tsignverify("ECDSA", + srctop_file("test","testec-p256.pem"), + srctop_file("test","testecpub-p256.pem")); + }; +} + +SKIP: { + skip "EdDSA is not supported by this OpenSSL build", 2 + if disabled("ec"); + + skip "EdDSA is not supported with `dgst` CLI", 2; + + subtest "Ed25519 signature generation and verification with `dgst` CLI" => sub { + tsignverify("Ed25519", + srctop_file("test","tested25519.pem"), + srctop_file("test","tested25519pub.pem")); + }; + + subtest "Ed448 signature generation and verification with `dgst` CLI" => sub { + tsignverify("Ed448", + srctop_file("test","tested448.pem"), + srctop_file("test","tested448pub.pem")); + }; +}