mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-04-06 20:20:50 +08:00
Code Issues Packages Projects Releases Wiki Activity

More testing for sign/verify through dgst and pkeyutl

Browse Source 
Add tests for signature generation and verification with `dgst` and
`pkeyutl` CLI for common key types:
- RSA
- DSA
- ECDSA
- EdDSA

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10410)
This commit is contained in:
Nicola Tuveri 2019-11-11 15:52:52 +02:00 committed by Richard Levitte
parent 81722fdf2e
commit ef1e59ed83
2 changed files with 208 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

104
test/recipes/20-test_dgst.t Normal file
View File

@ -0,0 +1,104 @@
#! /usr/bin/env perl
# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
use strict;
use warnings;
use File::Spec;
use OpenSSL::Test qw/:DEFAULT with srctop_file/;
use OpenSSL::Test::Utils;
setup("test_dgst");
plan tests => 5;
sub tsignverify {
my $testtext = shift;
my $privkey = shift;
my $pubkey = shift;
my $data_to_sign = srctop_file('test', 'README');
my $other_data = srctop_file('test', 'README.external');
plan tests => 4;
ok(run(app(['openssl', 'dgst', '-sign', $privkey,
'-out', 'testdgst.sig',
$data_to_sign])),
$testtext.": Generating signature");
ok(run(app(['openssl', 'dgst', '-prverify', $privkey,
'-signature', 'testdgst.sig',
$data_to_sign])),
$testtext.": Verify signature with private key");
ok(run(app(['openssl', 'dgst', '-verify', $pubkey,
'-signature', 'testdgst.sig',
$data_to_sign])),
$testtext.": Verify signature with public key");
ok(!run(app(['openssl', 'dgst', '-verify', $pubkey,
'-signature', 'testdgst.sig',
$other_data])),
$testtext.": Expect failure verifying mismatching data");
unlink 'testdgst.sig';
}
SKIP: {
skip "RSA is not supported by this OpenSSL build", 1
if disabled("rsa");
subtest "RSA signature generation and verification with `dgst` CLI" => sub {
tsignverify("RSA",
srctop_file("test","testrsa.pem"),
srctop_file("test","testrsapub.pem"));
};
}
SKIP: {
skip "DSA is not supported by this OpenSSL build", 1
if disabled("dsa");
subtest "DSA signature generation and verification with `dgst` CLI" => sub {
tsignverify("DSA",
srctop_file("test","testdsa.pem"),
srctop_file("test","testdsapub.pem"));
};
}
SKIP: {
skip "ECDSA is not supported by this OpenSSL build", 1
if disabled("ec");
subtest "ECDSA signature generation and verification with `dgst` CLI" => sub {
tsignverify("ECDSA",
srctop_file("test","testec-p256.pem"),
srctop_file("test","testecpub-p256.pem"));
};
}
SKIP: {
skip "EdDSA is not supported by this OpenSSL build", 2
if disabled("ec");
skip "EdDSA is not supported with `dgst` CLI", 2;
subtest "Ed25519 signature generation and verification with `dgst` CLI" => sub {
tsignverify("Ed25519",
srctop_file("test","tested25519.pem"),
srctop_file("test","tested25519pub.pem"));
};
subtest "Ed448 signature generation and verification with `dgst` CLI" => sub {
tsignverify("Ed448",
srctop_file("test","tested448.pem"),
srctop_file("test","tested448pub.pem"));
};
}

105
test/recipes/20-test_pkeyutl.t
View File

@ -15,7 +15,7 @@ use OpenSSL::Test::Utils;
setup("test_pkeyutl");
plan tests => 6;
plan tests => 11;
# For the tests below we use the cert itself as the TBS file
@ -68,3 +68,106 @@ SKIP: {
}
unlink 'signature.dat';
sub tsignverify {
my $testtext = shift;
my $privkey = shift;
my $pubkey = shift;
my @extraopts = @_;
my $data_to_sign = srctop_file('test', 'README');
my $other_data = srctop_file('test', 'README.external');
my $sigfile = 'testpkeyutl.sig';
my @args = ();
plan tests => 4;
@args = ('openssl', 'pkeyutl', '-sign',
'-inkey', $privkey,
'-out', $sigfile,
'-in', $data_to_sign);
push(@args, @extraopts);
ok(run(app([@args])),
$testtext.": Generating signature");
@args = ('openssl', 'pkeyutl', '-verify',
'-inkey', $privkey,
'-sigfile', $sigfile,
'-in', $data_to_sign);
push(@args, @extraopts);
ok(run(app([@args])),
$testtext.": Verify signature with private key");
@args = ('openssl', 'pkeyutl', '-verify',
'-inkey', $pubkey, '-pubin',
'-sigfile', $sigfile,
'-in', $data_to_sign);
push(@args, @extraopts);
ok(run(app([@args])),
$testtext.": Verify signature with public key");
@args = ('openssl', 'pkeyutl', '-verify',
'-inkey', $pubkey, '-pubin',
'-sigfile', $sigfile,
'-in', $other_data);
push(@args, @extraopts);
ok(!run(app([@args])),
$testtext.": Expect failure verifying mismatching data");
unlink $sigfile;
}
SKIP: {
skip "RSA is not supported by this OpenSSL build", 1
if disabled("rsa");
subtest "RSA CLI signature generation and verification" => sub {
tsignverify("RSA",
srctop_file("test","testrsa.pem"),
srctop_file("test","testrsapub.pem"),
"-rawin", "-digest", "sha256");
};
}
SKIP: {
skip "DSA is not supported by this OpenSSL build", 1
if disabled("dsa");
subtest "DSA CLI signature generation and verification" => sub {
tsignverify("DSA",
srctop_file("test","testdsa.pem"),
srctop_file("test","testdsapub.pem"),
"-rawin", "-digest", "sha256");
};
}
SKIP: {
skip "ECDSA is not supported by this OpenSSL build", 1
if disabled("ec");
subtest "ECDSA CLI signature generation and verification" => sub {
tsignverify("ECDSA",
srctop_file("test","testec-p256.pem"),
srctop_file("test","testecpub-p256.pem"),
"-rawin", "-digest", "sha256");
};
}
SKIP: {
skip "EdDSA is not supported by this OpenSSL build", 2
if disabled("ec");
subtest "Ed2559 CLI signature generation and verification" => sub {
tsignverify("Ed25519",
srctop_file("test","tested25519.pem"),
srctop_file("test","tested25519pub.pem"),
"-rawin");
};
subtest "Ed448 CLI signature generation and verification" => sub {
tsignverify("Ed448",
srctop_file("test","tested448.pem"),
srctop_file("test","tested448pub.pem"),
"-rawin");
};
}