From ef1e59ed833e8ed1d5f4de5b0c734da8561890e3 Mon Sep 17 00:00:00 2001 From: Nicola Tuveri Date: Mon, 11 Nov 2019 15:52:52 +0200 Subject: [PATCH] More testing for sign/verify through `dgst` and `pkeyutl` Add tests for signature generation and verification with `dgst` and `pkeyutl` CLI for common key types: - RSA - DSA - ECDSA - EdDSA Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/10410) --- test/recipes/20-test_dgst.t | 104 ++++++++++++++++++++++++++++++++ test/recipes/20-test_pkeyutl.t | 105 ++++++++++++++++++++++++++++++++- 2 files changed, 208 insertions(+), 1 deletion(-) create mode 100644 test/recipes/20-test_dgst.t diff --git a/test/recipes/20-test_dgst.t b/test/recipes/20-test_dgst.t new file mode 100644 index 0000000000..1080770f53 --- /dev/null +++ b/test/recipes/20-test_dgst.t @@ -0,0 +1,104 @@ +#! /usr/bin/env perl +# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use strict; +use warnings; + +use File::Spec; +use OpenSSL::Test qw/:DEFAULT with srctop_file/; +use OpenSSL::Test::Utils; + +setup("test_dgst"); + +plan tests => 5; + +sub tsignverify { + my $testtext = shift; + my $privkey = shift; + my $pubkey = shift; + + my $data_to_sign = srctop_file('test', 'README'); + my $other_data = srctop_file('test', 'README.external'); + + plan tests => 4; + + ok(run(app(['openssl', 'dgst', '-sign', $privkey, + '-out', 'testdgst.sig', + $data_to_sign])), + $testtext.": Generating signature"); + + ok(run(app(['openssl', 'dgst', '-prverify', $privkey, + '-signature', 'testdgst.sig', + $data_to_sign])), + $testtext.": Verify signature with private key"); + + ok(run(app(['openssl', 'dgst', '-verify', $pubkey, + '-signature', 'testdgst.sig', + $data_to_sign])), + $testtext.": Verify signature with public key"); + + ok(!run(app(['openssl', 'dgst', '-verify', $pubkey, + '-signature', 'testdgst.sig', + $other_data])), + $testtext.": Expect failure verifying mismatching data"); + + unlink 'testdgst.sig'; +} + +SKIP: { + skip "RSA is not supported by this OpenSSL build", 1 + if disabled("rsa"); + + subtest "RSA signature generation and verification with `dgst` CLI" => sub { + tsignverify("RSA", + srctop_file("test","testrsa.pem"), + srctop_file("test","testrsapub.pem")); + }; +} + +SKIP: { + skip "DSA is not supported by this OpenSSL build", 1 + if disabled("dsa"); + + subtest "DSA signature generation and verification with `dgst` CLI" => sub { + tsignverify("DSA", + srctop_file("test","testdsa.pem"), + srctop_file("test","testdsapub.pem")); + }; +} + +SKIP: { + skip "ECDSA is not supported by this OpenSSL build", 1 + if disabled("ec"); + + subtest "ECDSA signature generation and verification with `dgst` CLI" => sub { + tsignverify("ECDSA", + srctop_file("test","testec-p256.pem"), + srctop_file("test","testecpub-p256.pem")); + }; +} + +SKIP: { + skip "EdDSA is not supported by this OpenSSL build", 2 + if disabled("ec"); + + skip "EdDSA is not supported with `dgst` CLI", 2; + + subtest "Ed25519 signature generation and verification with `dgst` CLI" => sub { + tsignverify("Ed25519", + srctop_file("test","tested25519.pem"), + srctop_file("test","tested25519pub.pem")); + }; + + subtest "Ed448 signature generation and verification with `dgst` CLI" => sub { + tsignverify("Ed448", + srctop_file("test","tested448.pem"), + srctop_file("test","tested448pub.pem")); + }; +} diff --git a/test/recipes/20-test_pkeyutl.t b/test/recipes/20-test_pkeyutl.t index 83804d69ad..0f82b1f21a 100644 --- a/test/recipes/20-test_pkeyutl.t +++ b/test/recipes/20-test_pkeyutl.t @@ -15,7 +15,7 @@ use OpenSSL::Test::Utils; setup("test_pkeyutl"); -plan tests => 6; +plan tests => 11; # For the tests below we use the cert itself as the TBS file @@ -68,3 +68,106 @@ SKIP: { } unlink 'signature.dat'; + +sub tsignverify { + my $testtext = shift; + my $privkey = shift; + my $pubkey = shift; + my @extraopts = @_; + + my $data_to_sign = srctop_file('test', 'README'); + my $other_data = srctop_file('test', 'README.external'); + my $sigfile = 'testpkeyutl.sig'; + + my @args = (); + plan tests => 4; + + @args = ('openssl', 'pkeyutl', '-sign', + '-inkey', $privkey, + '-out', $sigfile, + '-in', $data_to_sign); + push(@args, @extraopts); + ok(run(app([@args])), + $testtext.": Generating signature"); + + @args = ('openssl', 'pkeyutl', '-verify', + '-inkey', $privkey, + '-sigfile', $sigfile, + '-in', $data_to_sign); + push(@args, @extraopts); + ok(run(app([@args])), + $testtext.": Verify signature with private key"); + + @args = ('openssl', 'pkeyutl', '-verify', + '-inkey', $pubkey, '-pubin', + '-sigfile', $sigfile, + '-in', $data_to_sign); + push(@args, @extraopts); + ok(run(app([@args])), + $testtext.": Verify signature with public key"); + + @args = ('openssl', 'pkeyutl', '-verify', + '-inkey', $pubkey, '-pubin', + '-sigfile', $sigfile, + '-in', $other_data); + push(@args, @extraopts); + ok(!run(app([@args])), + $testtext.": Expect failure verifying mismatching data"); + + unlink $sigfile; +} + +SKIP: { + skip "RSA is not supported by this OpenSSL build", 1 + if disabled("rsa"); + + subtest "RSA CLI signature generation and verification" => sub { + tsignverify("RSA", + srctop_file("test","testrsa.pem"), + srctop_file("test","testrsapub.pem"), + "-rawin", "-digest", "sha256"); + }; +} + +SKIP: { + skip "DSA is not supported by this OpenSSL build", 1 + if disabled("dsa"); + + subtest "DSA CLI signature generation and verification" => sub { + tsignverify("DSA", + srctop_file("test","testdsa.pem"), + srctop_file("test","testdsapub.pem"), + "-rawin", "-digest", "sha256"); + }; +} + +SKIP: { + skip "ECDSA is not supported by this OpenSSL build", 1 + if disabled("ec"); + + subtest "ECDSA CLI signature generation and verification" => sub { + tsignverify("ECDSA", + srctop_file("test","testec-p256.pem"), + srctop_file("test","testecpub-p256.pem"), + "-rawin", "-digest", "sha256"); + }; +} + +SKIP: { + skip "EdDSA is not supported by this OpenSSL build", 2 + if disabled("ec"); + + subtest "Ed2559 CLI signature generation and verification" => sub { + tsignverify("Ed25519", + srctop_file("test","tested25519.pem"), + srctop_file("test","tested25519pub.pem"), + "-rawin"); + }; + + subtest "Ed448 CLI signature generation and verification" => sub { + tsignverify("Ed448", + srctop_file("test","tested448.pem"), + srctop_file("test","tested448pub.pem"), + "-rawin"); + }; +} -- 2.25.1