diff options
author | Nicola Tuveri <nic.tuv@gmail.com> | 2019-11-11 15:52:52 +0200 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2019-12-11 18:44:38 +0100 |
commit | ef1e59ed833e8ed1d5f4de5b0c734da8561890e3 (patch) | |
tree | 1ed47fb6054bf3eb391c701a316df869c20bd22f /test/recipes/20-test_pkeyutl.t | |
parent | 81722fdf2e01cfa71c46abbcc19e65aa003e083f (diff) | |
download | openssl-ef1e59ed833e8ed1d5f4de5b0c734da8561890e3.tar.gz |
More testing for sign/verify through `dgst` and `pkeyutl`
Add tests for signature generation and verification with `dgst` and
`pkeyutl` CLI for common key types:
- RSA
- DSA
- ECDSA
- EdDSA
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10410)
Diffstat (limited to 'test/recipes/20-test_pkeyutl.t')
-rw-r--r-- | test/recipes/20-test_pkeyutl.t | 105 |
1 files changed, 104 insertions, 1 deletions
diff --git a/test/recipes/20-test_pkeyutl.t b/test/recipes/20-test_pkeyutl.t index 83804d69ad..0f82b1f21a 100644 --- a/test/recipes/20-test_pkeyutl.t +++ b/test/recipes/20-test_pkeyutl.t @@ -15,7 +15,7 @@ use OpenSSL::Test::Utils; setup("test_pkeyutl"); -plan tests => 6; +plan tests => 11; # For the tests below we use the cert itself as the TBS file @@ -68,3 +68,106 @@ SKIP: { } unlink 'signature.dat'; + +sub tsignverify { + my $testtext = shift; + my $privkey = shift; + my $pubkey = shift; + my @extraopts = @_; + + my $data_to_sign = srctop_file('test', 'README'); + my $other_data = srctop_file('test', 'README.external'); + my $sigfile = 'testpkeyutl.sig'; + + my @args = (); + plan tests => 4; + + @args = ('openssl', 'pkeyutl', '-sign', + '-inkey', $privkey, + '-out', $sigfile, + '-in', $data_to_sign); + push(@args, @extraopts); + ok(run(app([@args])), + $testtext.": Generating signature"); + + @args = ('openssl', 'pkeyutl', '-verify', + '-inkey', $privkey, + '-sigfile', $sigfile, + '-in', $data_to_sign); + push(@args, @extraopts); + ok(run(app([@args])), + $testtext.": Verify signature with private key"); + + @args = ('openssl', 'pkeyutl', '-verify', + '-inkey', $pubkey, '-pubin', + '-sigfile', $sigfile, + '-in', $data_to_sign); + push(@args, @extraopts); + ok(run(app([@args])), + $testtext.": Verify signature with public key"); + + @args = ('openssl', 'pkeyutl', '-verify', + '-inkey', $pubkey, '-pubin', + '-sigfile', $sigfile, + '-in', $other_data); + push(@args, @extraopts); + ok(!run(app([@args])), + $testtext.": Expect failure verifying mismatching data"); + + unlink $sigfile; +} + +SKIP: { + skip "RSA is not supported by this OpenSSL build", 1 + if disabled("rsa"); + + subtest "RSA CLI signature generation and verification" => sub { + tsignverify("RSA", + srctop_file("test","testrsa.pem"), + srctop_file("test","testrsapub.pem"), + "-rawin", "-digest", "sha256"); + }; +} + +SKIP: { + skip "DSA is not supported by this OpenSSL build", 1 + if disabled("dsa"); + + subtest "DSA CLI signature generation and verification" => sub { + tsignverify("DSA", + srctop_file("test","testdsa.pem"), + srctop_file("test","testdsapub.pem"), + "-rawin", "-digest", "sha256"); + }; +} + +SKIP: { + skip "ECDSA is not supported by this OpenSSL build", 1 + if disabled("ec"); + + subtest "ECDSA CLI signature generation and verification" => sub { + tsignverify("ECDSA", + srctop_file("test","testec-p256.pem"), + srctop_file("test","testecpub-p256.pem"), + "-rawin", "-digest", "sha256"); + }; +} + +SKIP: { + skip "EdDSA is not supported by this OpenSSL build", 2 + if disabled("ec"); + + subtest "Ed2559 CLI signature generation and verification" => sub { + tsignverify("Ed25519", + srctop_file("test","tested25519.pem"), + srctop_file("test","tested25519pub.pem"), + "-rawin"); + }; + + subtest "Ed448 CLI signature generation and verification" => sub { + tsignverify("Ed448", + srctop_file("test","tested448.pem"), + srctop_file("test","tested448pub.pem"), + "-rawin"); + }; +} |