From 317ba78fe16380dbcd16f846794e58f498e975a4 Mon Sep 17 00:00:00 2001 From: Paul Yang Date: Wed, 13 Mar 2019 16:54:11 +0800 Subject: [PATCH] Add test cases for SM2 cert verification This follows #8321 which added the SM2 certificate verification feature. This commit adds some test cases for #8321. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8465) --- test/certs/sm2-ca-cert.pem | 14 ++++++++++++++ test/certs/{sm2.crt => sm2.pem} | 0 test/recipes/20-test_pkeyutl.t | 6 +++--- test/recipes/25-test_verify.t | 14 +++++++++++++- 4 files changed, 30 insertions(+), 4 deletions(-) create mode 100644 test/certs/sm2-ca-cert.pem rename test/certs/{sm2.crt => sm2.pem} (100%) diff --git a/test/certs/sm2-ca-cert.pem b/test/certs/sm2-ca-cert.pem new file mode 100644 index 0000000000..5677ac6c9f --- /dev/null +++ b/test/certs/sm2-ca-cert.pem @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICJDCCAcqgAwIBAgIJAOlkpDpSrmVbMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT +AkNOMQswCQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRl +c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAe +Fw0xOTAyMTkwNzA1NDhaFw0yMzAzMzAwNzA1NDhaMGgxCzAJBgNVBAYTAkNOMQsw +CQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRlc3QgT3Jn +MRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTBZMBMGByqG +SM49AgEGCCqBHM9VAYItA0IABHRYnqErofBdXPptvvO7+BSVJxcpHuTGnZ+UPrbU +5kVEUMaUnNOeMJZl/vRGimZCm/AkReJmRfnb15ESHR+ssp6jXTBbMB0GA1UdDgQW +BBTFjcWu/zJgSZ5SKUlU5Vx4/0W5dDAfBgNVHSMEGDAWgBTFjcWu/zJgSZ5SKUlU +5Vx4/0W5dDAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqgRzPVQGDdQNI +ADBFAiEAs6byi1nSQtFELOw/2tQIv5AEsZFR5MJ/oB2ztXzs2LYCIEfIw4xlUH6X +YFhs4RnIa0K9Ng1ebsGPrifYkudwBIk3 +-----END CERTIFICATE----- diff --git a/test/certs/sm2.crt b/test/certs/sm2.pem similarity index 100% rename from test/certs/sm2.crt rename to test/certs/sm2.pem diff --git a/test/recipes/20-test_pkeyutl.t b/test/recipes/20-test_pkeyutl.t index 21f4e629bf..5dbed9835c 100644 --- a/test/recipes/20-test_pkeyutl.t +++ b/test/recipes/20-test_pkeyutl.t @@ -25,14 +25,14 @@ SKIP: { # SM2 ok(run(app(([ 'openssl', 'pkeyutl', '-sign', - '-in', srctop_file('test', 'certs', 'sm2.crt'), + '-in', srctop_file('test', 'certs', 'sm2.pem'), '-inkey', srctop_file('test', 'certs', 'sm2.key'), '-out', 'signature.dat', '-rawin', '-digest', 'sm3', '-pkeyopt', 'sm2_id:someid']))), "Sign a piece of data using SM2"); ok(run(app(([ 'openssl', 'pkeyutl', '-verify', '-certin', - '-in', srctop_file('test', 'certs', 'sm2.crt'), - '-inkey', srctop_file('test', 'certs', 'sm2.crt'), + '-in', srctop_file('test', 'certs', 'sm2.pem'), + '-inkey', srctop_file('test', 'certs', 'sm2.pem'), '-sigfile', 'signature.dat', '-rawin', '-digest', 'sm3', '-pkeyopt', 'sm2_id:someid']))), "Verify an SM2 signature against a piece of data"); diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t index 9ddf2c9c3c..e493947861 100644 --- a/test/recipes/25-test_verify.t +++ b/test/recipes/25-test_verify.t @@ -27,7 +27,7 @@ sub verify { run(app([@args])); } -plan tests => 135; +plan tests => 137; # Canonical success ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]), @@ -373,3 +373,15 @@ SKIP: { "ED25519 signature"); } + +SKIP: { + skip "SM2 is not supported by this OpenSSL build", 1 + if disabled("sm2"); + + # Test '-sm2-id' and '-sm2-hex-id' option + ok(verify("sm2", "any", ["sm2-ca-cert"], [], "-sm2-id", "1234567812345678"), + "SM2 ID test"); + ok(verify("sm2", "any", ["sm2-ca-cert"], [], "-sm2-hex-id", + "31323334353637383132333435363738"), + "SM2 hex ID test"); +} -- 2.25.1