2 # Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved.
4 # Licensed under the Apache License 2.0 (the "License"). You may not use
5 # this file except in compliance with the License. You can obtain a copy
6 # in the file LICENSE in the source distribution or at
7 # https://www.openssl.org/source/license.html
14 use OpenSSL::Test qw/:DEFAULT srctop_file ok_nofips/;
15 use OpenSSL::Test::Utils;
17 setup("test_pkeyutl");
21 # For the tests below we use the cert itself as the TBS file
24 skip "Skipping tests that require EC, SM2 or SM3", 2
25 if disabled("ec") || disabled("sm2") || disabled("sm3");
27 # TODO(3.0) Remove this when we have a SM2 keymgmt and decoder
28 my @tmp_sm2_hack = qw(-engine loader_attic)
29 unless disabled('dynamic-engine') || disabled('deprecated-3.0');
30 skip "Skipping tests that require dynamic enginess (temporary meaasure)", 2
34 ok_nofips(run(app(([ 'openssl', 'pkeyutl', @tmp_sm2_hack, '-sign',
35 '-in', srctop_file('test', 'certs', 'sm2.pem'),
36 '-inkey', srctop_file('test', 'certs', 'sm2.key'),
37 '-out', 'sm2.sig', '-rawin',
38 '-digest', 'sm3', '-pkeyopt', 'distid:someid']))),
39 "Sign a piece of data using SM2");
40 ok_nofips(run(app(([ 'openssl', 'pkeyutl', @tmp_sm2_hack,
42 '-in', srctop_file('test', 'certs', 'sm2.pem'),
43 '-inkey', srctop_file('test', 'certs', 'sm2.pem'),
44 '-sigfile', 'sm2.sig', '-rawin',
45 '-digest', 'sm3', '-pkeyopt', 'distid:someid']))),
46 "Verify an SM2 signature against a piece of data");
50 skip "Skipping tests that require EC", 4
54 ok(run(app(([ 'openssl', 'pkeyutl', '-sign', '-in',
55 srctop_file('test', 'certs', 'server-ed25519-cert.pem'),
56 '-inkey', srctop_file('test', 'certs', 'server-ed25519-key.pem'),
57 '-out', 'Ed25519.sig', '-rawin']))),
58 "Sign a piece of data using Ed25519");
59 ok(run(app(([ 'openssl', 'pkeyutl', '-verify', '-certin', '-in',
60 srctop_file('test', 'certs', 'server-ed25519-cert.pem'),
61 '-inkey', srctop_file('test', 'certs', 'server-ed25519-cert.pem'),
62 '-sigfile', 'Ed25519.sig', '-rawin']))),
63 "Verify an Ed25519 signature against a piece of data");
66 ok(run(app(([ 'openssl', 'pkeyutl', '-sign', '-in',
67 srctop_file('test', 'certs', 'server-ed448-cert.pem'),
68 '-inkey', srctop_file('test', 'certs', 'server-ed448-key.pem'),
69 '-out', 'Ed448.sig', '-rawin']))),
70 "Sign a piece of data using Ed448");
71 ok(run(app(([ 'openssl', 'pkeyutl', '-verify', '-certin', '-in',
72 srctop_file('test', 'certs', 'server-ed448-cert.pem'),
73 '-inkey', srctop_file('test', 'certs', 'server-ed448-cert.pem'),
74 '-sigfile', 'Ed448.sig', '-rawin']))),
75 "Verify an Ed448 signature against a piece of data");
84 my $data_to_sign = srctop_file('test', 'data.txt');
85 my $other_data = srctop_file('test', 'data2.txt');
86 my $sigfile = basename($privkey, '.pem') . '.sig';
91 @args = ('openssl', 'pkeyutl', '-sign',
94 '-in', $data_to_sign);
95 push(@args, @extraopts);
97 $testtext.": Generating signature");
99 @args = ('openssl', 'pkeyutl', '-verify',
101 '-sigfile', $sigfile,
102 '-in', $data_to_sign);
103 push(@args, @extraopts);
104 ok(run(app([@args])),
105 $testtext.": Verify signature with private key");
107 @args = ('openssl', 'pkeyutl', '-verify',
108 '-inkey', $pubkey, '-pubin',
109 '-sigfile', $sigfile,
110 '-in', $data_to_sign);
111 push(@args, @extraopts);
112 ok(run(app([@args])),
113 $testtext.": Verify signature with public key");
115 @args = ('openssl', 'pkeyutl', '-verify',
116 '-inkey', $pubkey, '-pubin',
117 '-sigfile', $sigfile,
119 push(@args, @extraopts);
120 ok(!run(app([@args])),
121 $testtext.": Expect failure verifying mismatching data");
125 skip "RSA is not supported by this OpenSSL build", 1
128 subtest "RSA CLI signature generation and verification" => sub {
130 srctop_file("test","testrsa.pem"),
131 srctop_file("test","testrsapub.pem"),
132 "-rawin", "-digest", "sha256");
137 skip "DSA is not supported by this OpenSSL build", 1
140 subtest "DSA CLI signature generation and verification" => sub {
142 srctop_file("test","testdsa.pem"),
143 srctop_file("test","testdsapub.pem"),
144 "-rawin", "-digest", "sha256");
149 skip "ECDSA is not supported by this OpenSSL build", 1
152 subtest "ECDSA CLI signature generation and verification" => sub {
154 srctop_file("test","testec-p256.pem"),
155 srctop_file("test","testecpub-p256.pem"),
156 "-rawin", "-digest", "sha256");
161 skip "EdDSA is not supported by this OpenSSL build", 2
164 subtest "Ed2559 CLI signature generation and verification" => sub {
165 tsignverify("Ed25519",
166 srctop_file("test","tested25519.pem"),
167 srctop_file("test","tested25519pub.pem"),
171 subtest "Ed448 CLI signature generation and verification" => sub {
173 srctop_file("test","tested448.pem"),
174 srctop_file("test","tested448pub.pem"),