Add test cases for SM2 cert verification

This follows #8321 which added the SM2 certificate verification feature.
This commit adds some test cases for #8321.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8465)

diff --git a/test/certs/sm2-ca-cert.pem b/test/certs/sm2-ca-cert.pem
new file mode 100644 (file)
index 0000000..5677ac6
--- /dev/null
+++ b/test/certs/sm2-ca-cert.pem
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICJDCCAcqgAwIBAgIJAOlkpDpSrmVbMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT
+AkNOMQswCQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRl
+c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAe
+Fw0xOTAyMTkwNzA1NDhaFw0yMzAzMzAwNzA1NDhaMGgxCzAJBgNVBAYTAkNOMQsw
+CQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRlc3QgT3Jn
+MRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTBZMBMGByqG
+SM49AgEGCCqBHM9VAYItA0IABHRYnqErofBdXPptvvO7+BSVJxcpHuTGnZ+UPrbU
+5kVEUMaUnNOeMJZl/vRGimZCm/AkReJmRfnb15ESHR+ssp6jXTBbMB0GA1UdDgQW
+BBTFjcWu/zJgSZ5SKUlU5Vx4/0W5dDAfBgNVHSMEGDAWgBTFjcWu/zJgSZ5SKUlU
+5Vx4/0W5dDAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqgRzPVQGDdQNI
+ADBFAiEAs6byi1nSQtFELOw/2tQIv5AEsZFR5MJ/oB2ztXzs2LYCIEfIw4xlUH6X
+YFhs4RnIa0K9Ng1ebsGPrifYkudwBIk3
+-----END CERTIFICATE-----

diff --git a/test/certs/sm2.crt b/test/certs/sm2.pem
similarity index 100%
rename from test/certs/sm2.crt
rename to test/certs/sm2.pem

diff --git a/test/recipes/20-test_pkeyutl.t b/test/recipes/20-test_pkeyutl.t
index 21f4e629bf88ad40c9508790f8146a98584768cb..5dbed9835c7735bdccdca67d4d77e25680b8dfc2 100644 (file)
--- a/test/recipes/20-test_pkeyutl.t
+++ b/test/recipes/20-test_pkeyutl.t
@@ -25,14 +25,14 @@ SKIP: {
 
     # SM2
     ok(run(app(([ 'openssl', 'pkeyutl', '-sign',
-                      '-in', srctop_file('test', 'certs', 'sm2.crt'),
+                      '-in', srctop_file('test', 'certs', 'sm2.pem'),
                       '-inkey', srctop_file('test', 'certs', 'sm2.key'),
                       '-out', 'signature.dat', '-rawin',
                       '-digest', 'sm3', '-pkeyopt', 'sm2_id:someid']))),
                       "Sign a piece of data using SM2");
     ok(run(app(([ 'openssl', 'pkeyutl', '-verify', '-certin',
-                      '-in', srctop_file('test', 'certs', 'sm2.crt'),
-                      '-inkey', srctop_file('test', 'certs', 'sm2.crt'),
+                      '-in', srctop_file('test', 'certs', 'sm2.pem'),
+                      '-inkey', srctop_file('test', 'certs', 'sm2.pem'),
                       '-sigfile', 'signature.dat', '-rawin',
                       '-digest', 'sm3', '-pkeyopt', 'sm2_id:someid']))),
                       "Verify an SM2 signature against a piece of data");

diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t
index 9ddf2c9c3c8235c43bac1e8743c6802c064902d6..e4939478618b9d8e12cd4a7fc3435e1da0f438b4 100644 (file)
--- a/test/recipes/25-test_verify.t
+++ b/test/recipes/25-test_verify.t
@@ -27,7 +27,7 @@ sub verify {
     run(app([@args]));
 }
 
-plan tests => 135;
+plan tests => 137;
 
 # Canonical success
 ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]),
@@ -373,3 +373,15 @@ SKIP: {
        "ED25519 signature");
 
 }
+
+SKIP: {
+    skip "SM2 is not supported by this OpenSSL build", 1
+             if disabled("sm2");
+
+   # Test '-sm2-id' and '-sm2-hex-id'  option
+   ok(verify("sm2", "any", ["sm2-ca-cert"], [], "-sm2-id", "1234567812345678"),
+       "SM2 ID test");
+   ok(verify("sm2", "any", ["sm2-ca-cert"], [], "-sm2-hex-id",
+             "31323334353637383132333435363738"),
+       "SM2 hex ID test");
+}