From ef1e59ed833e8ed1d5f4de5b0c734da8561890e3 Mon Sep 17 00:00:00 2001
From: Nicola Tuveri <nic.tuv@gmail.com>
Date: Mon, 11 Nov 2019 15:52:52 +0200
Subject: More testing for sign/verify through `dgst` and `pkeyutl`

Add tests for signature generation and verification with `dgst` and
`pkeyutl` CLI for common key types:
- RSA
- DSA
- ECDSA
- EdDSA

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10410)
---
 test/recipes/20-test_dgst.t    | 104 ++++++++++++++++++++++++++++++++++++++++
 test/recipes/20-test_pkeyutl.t | 105 ++++++++++++++++++++++++++++++++++++++++-
 2 files changed, 208 insertions(+), 1 deletion(-)
 create mode 100644 test/recipes/20-test_dgst.t

(limited to 'test')

diff --git a/test/recipes/20-test_dgst.t b/test/recipes/20-test_dgst.t
new file mode 100644
index 0000000000..1080770f53
--- /dev/null
+++ b/test/recipes/20-test_dgst.t
@@ -0,0 +1,104 @@
+#! /usr/bin/env perl
+# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use strict;
+use warnings;
+
+use File::Spec;
+use OpenSSL::Test qw/:DEFAULT with srctop_file/;
+use OpenSSL::Test::Utils;
+
+setup("test_dgst");
+
+plan tests => 5;
+
+sub tsignverify {
+    my $testtext = shift;
+    my $privkey = shift;
+    my $pubkey = shift;
+
+    my $data_to_sign = srctop_file('test', 'README');
+    my $other_data = srctop_file('test', 'README.external');
+
+    plan tests => 4;
+
+    ok(run(app(['openssl', 'dgst', '-sign', $privkey,
+                '-out', 'testdgst.sig',
+                $data_to_sign])),
+       $testtext.": Generating signature");
+
+    ok(run(app(['openssl', 'dgst', '-prverify', $privkey,
+                '-signature', 'testdgst.sig',
+                $data_to_sign])),
+       $testtext.": Verify signature with private key");
+
+    ok(run(app(['openssl', 'dgst', '-verify', $pubkey,
+                '-signature', 'testdgst.sig',
+                $data_to_sign])),
+       $testtext.": Verify signature with public key");
+
+    ok(!run(app(['openssl', 'dgst', '-verify', $pubkey,
+                 '-signature', 'testdgst.sig',
+                 $other_data])),
+       $testtext.": Expect failure verifying mismatching data");
+
+    unlink 'testdgst.sig';
+}
+
+SKIP: {
+    skip "RSA is not supported by this OpenSSL build", 1
+        if disabled("rsa");
+
+    subtest "RSA signature generation and verification with `dgst` CLI" => sub {
+        tsignverify("RSA",
+                    srctop_file("test","testrsa.pem"),
+                    srctop_file("test","testrsapub.pem"));
+    };
+}
+
+SKIP: {
+    skip "DSA is not supported by this OpenSSL build", 1
+        if disabled("dsa");
+
+    subtest "DSA signature generation and verification with `dgst` CLI" => sub {
+        tsignverify("DSA",
+                    srctop_file("test","testdsa.pem"),
+                    srctop_file("test","testdsapub.pem"));
+    };
+}
+
+SKIP: {
+    skip "ECDSA is not supported by this OpenSSL build", 1
+        if disabled("ec");
+
+    subtest "ECDSA signature generation and verification with `dgst` CLI" => sub {
+        tsignverify("ECDSA",
+                    srctop_file("test","testec-p256.pem"),
+                    srctop_file("test","testecpub-p256.pem"));
+    };
+}
+
+SKIP: {
+    skip "EdDSA is not supported by this OpenSSL build", 2
+        if disabled("ec");
+
+    skip "EdDSA is not supported with `dgst` CLI", 2;
+
+    subtest "Ed25519 signature generation and verification with `dgst` CLI" => sub {
+        tsignverify("Ed25519",
+                    srctop_file("test","tested25519.pem"),
+                    srctop_file("test","tested25519pub.pem"));
+    };
+
+    subtest "Ed448 signature generation and verification with `dgst` CLI" => sub {
+        tsignverify("Ed448",
+                    srctop_file("test","tested448.pem"),
+                    srctop_file("test","tested448pub.pem"));
+    };
+}
diff --git a/test/recipes/20-test_pkeyutl.t b/test/recipes/20-test_pkeyutl.t
index 83804d69ad..0f82b1f21a 100644
--- a/test/recipes/20-test_pkeyutl.t
+++ b/test/recipes/20-test_pkeyutl.t
@@ -15,7 +15,7 @@ use OpenSSL::Test::Utils;
 
 setup("test_pkeyutl");
 
-plan tests => 6;
+plan tests => 11;
 
 # For the tests below we use the cert itself as the TBS file
 
@@ -68,3 +68,106 @@ SKIP: {
 }
 
 unlink 'signature.dat';
+
+sub tsignverify {
+    my $testtext = shift;
+    my $privkey = shift;
+    my $pubkey = shift;
+    my @extraopts = @_;
+
+    my $data_to_sign = srctop_file('test', 'README');
+    my $other_data = srctop_file('test', 'README.external');
+    my $sigfile = 'testpkeyutl.sig';
+
+    my @args = ();
+    plan tests => 4;
+
+    @args = ('openssl', 'pkeyutl', '-sign',
+             '-inkey', $privkey,
+             '-out', $sigfile,
+             '-in', $data_to_sign);
+    push(@args, @extraopts);
+    ok(run(app([@args])),
+       $testtext.": Generating signature");
+
+    @args = ('openssl', 'pkeyutl', '-verify',
+             '-inkey', $privkey,
+             '-sigfile', $sigfile,
+             '-in', $data_to_sign);
+    push(@args, @extraopts);
+    ok(run(app([@args])),
+       $testtext.": Verify signature with private key");
+
+    @args = ('openssl', 'pkeyutl', '-verify',
+             '-inkey', $pubkey, '-pubin',
+             '-sigfile', $sigfile,
+             '-in', $data_to_sign);
+    push(@args, @extraopts);
+    ok(run(app([@args])),
+       $testtext.": Verify signature with public key");
+
+    @args = ('openssl', 'pkeyutl', '-verify',
+             '-inkey', $pubkey, '-pubin',
+             '-sigfile', $sigfile,
+             '-in', $other_data);
+    push(@args, @extraopts);
+    ok(!run(app([@args])),
+       $testtext.": Expect failure verifying mismatching data");
+
+    unlink $sigfile;
+}
+
+SKIP: {
+    skip "RSA is not supported by this OpenSSL build", 1
+        if disabled("rsa");
+
+    subtest "RSA CLI signature generation and verification" => sub {
+        tsignverify("RSA",
+                    srctop_file("test","testrsa.pem"),
+                    srctop_file("test","testrsapub.pem"),
+                    "-rawin", "-digest", "sha256");
+    };
+}
+
+SKIP: {
+    skip "DSA is not supported by this OpenSSL build", 1
+        if disabled("dsa");
+
+    subtest "DSA CLI signature generation and verification" => sub {
+        tsignverify("DSA",
+                    srctop_file("test","testdsa.pem"),
+                    srctop_file("test","testdsapub.pem"),
+                    "-rawin", "-digest", "sha256");
+    };
+}
+
+SKIP: {
+    skip "ECDSA is not supported by this OpenSSL build", 1
+        if disabled("ec");
+
+    subtest "ECDSA CLI signature generation and verification" => sub {
+        tsignverify("ECDSA",
+                    srctop_file("test","testec-p256.pem"),
+                    srctop_file("test","testecpub-p256.pem"),
+                    "-rawin", "-digest", "sha256");
+    };
+}
+
+SKIP: {
+    skip "EdDSA is not supported by this OpenSSL build", 2
+        if disabled("ec");
+
+    subtest "Ed2559 CLI signature generation and verification" => sub {
+        tsignverify("Ed25519",
+                    srctop_file("test","tested25519.pem"),
+                    srctop_file("test","tested25519pub.pem"),
+                    "-rawin");
+    };
+
+    subtest "Ed448 CLI signature generation and verification" => sub {
+        tsignverify("Ed448",
+                    srctop_file("test","tested448.pem"),
+                    srctop_file("test","tested448pub.pem"),
+                    "-rawin");
+    };
+}
-- 
cgit v1.2.1