From 65997b1761b3ccbaef84cbc4ffc24585717e8b02 Mon Sep 17 00:00:00 2001
From: Casey Deccio <casey@deccio.net>
Date: Thu, 19 Nov 2020 09:51:29 -0700
Subject: Add support for DigestSign* and DigestVerify*

Add support for DigestSign* and DigestVerify* OpenSSL functions, for use
with ED25519, etc.  Allow PKey to support non-digest algorithms, such as
ED25519, but keep default behaviors.  Include tests for both digest and
non-digest algorithms.
---
 tests/ec.pub2.pem      |  5 +++++
 tests/ed25519.priv.pem |  3 +++
 tests/ed25519.pub.pem  |  3 +++
 tests/ed25519.pub2.pem |  3 +++
 tests/test_evp.py      | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++
 5 files changed, 68 insertions(+)
 create mode 100644 tests/ec.pub2.pem
 create mode 100644 tests/ed25519.priv.pem
 create mode 100644 tests/ed25519.pub.pem
 create mode 100644 tests/ed25519.pub2.pem

(limited to 'tests')

diff --git a/tests/ec.pub2.pem b/tests/ec.pub2.pem
new file mode 100644
index 0000000..80e740f
--- /dev/null
+++ b/tests/ec.pub2.pem
@@ -0,0 +1,5 @@
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEQdk1A7xe7OelJhoFfE7x0u3gFSACecUC
+lM/9SqYiPusEpxI9XOe7te/8N/uavHd7z/GxnWSS7cTWuKUzkBgmggZkeVwz1a0a
++trEhzxxiEN50Puuc0ExtNFQcgvIa6en
+-----END PUBLIC KEY-----
diff --git a/tests/ed25519.priv.pem b/tests/ed25519.priv.pem
new file mode 100644
index 0000000..6f764c4
--- /dev/null
+++ b/tests/ed25519.priv.pem
@@ -0,0 +1,3 @@
+-----BEGIN PRIVATE KEY-----
+MC4CAQAwBQYDK2VwBCIEIHYXZmLr4mS9wVx+PZVTNalGrxvuuS2SwrJqEmCUsYaC
+-----END PRIVATE KEY-----
diff --git a/tests/ed25519.pub.pem b/tests/ed25519.pub.pem
new file mode 100644
index 0000000..e3c5d01
--- /dev/null
+++ b/tests/ed25519.pub.pem
@@ -0,0 +1,3 @@
+-----BEGIN PUBLIC KEY-----
+MCowBQYDK2VwAyEAqVvZ55o7SU/yNEr/07AwMzxtm7teY6xhnhR9bDoWm2k=
+-----END PUBLIC KEY-----
diff --git a/tests/ed25519.pub2.pem b/tests/ed25519.pub2.pem
new file mode 100644
index 0000000..557f28e
--- /dev/null
+++ b/tests/ed25519.pub2.pem
@@ -0,0 +1,3 @@
+-----BEGIN PUBLIC KEY-----
+MCowBQYDK2VwAyEANSn/xYZB3kS30u9Gxb7RriRu80oJYsQd6jmA3u7TaVY=
+-----END PUBLIC KEY-----
diff --git a/tests/test_evp.py b/tests/test_evp.py
index fff7127..c98b50c 100644
--- a/tests/test_evp.py
+++ b/tests/test_evp.py
@@ -248,6 +248,60 @@ class EVPTestCase(unittest.TestCase):
         pubkey.verify_update(b'test  message not')
         self.assertEqual(pubkey.verify_final(sig), 0)
 
+    @unittest.skipIf(m2.OPENSSL_VERSION_NUMBER < 0x10101000,
+                     'Relies on support for Ed25519 which was introduced in OpenSSL 1.1.1')
+    def test_digest_verify(self):
+        pkey = EVP.load_key('tests/ed25519.priv.pem')
+        pkey.reset_context(None)
+        pkey.digest_sign_init()
+        sig = pkey.digest_sign(b'test  message')
+
+        # OK
+        pkey = EVP.load_key_pubkey('tests/ed25519.pub.pem')
+        pkey.reset_context(None)
+        pkey.digest_verify_init()
+        self.assertEqual(pkey.digest_verify(sig, b'test  message'), 1)
+
+        # wrong public key
+        pkey = EVP.load_key_pubkey('tests/ed25519.pub2.pem')
+        pkey.reset_context(None)
+        pkey.digest_verify_init()
+        self.assertEqual(pkey.digest_verify(sig, b'test  message'), 0)
+
+        # wrong message
+        pkey = EVP.load_key_pubkey('tests/ed25519.pub.pem')
+        pkey.reset_context(None)
+        pkey.digest_verify_init()
+        self.assertEqual(pkey.digest_verify(sig, b'test  message  not'), 0)
+
+    def test_digest_verify_final(self):
+        pkey = EVP.load_key('tests/ec.priv.pem')
+        pkey.reset_context('sha256')
+        pkey.digest_sign_init()
+        pkey.digest_sign_update(b'test  message')
+        sig = pkey.digest_sign_final()
+
+        # OK
+        pkey = EVP.load_key_pubkey('tests/ec.pub.pem')
+        pkey.reset_context('sha256')
+        pkey.digest_verify_init()
+        pkey.digest_verify_update(b'test  message')
+        self.assertEqual(pkey.digest_verify_final(sig), 1)
+
+        # wrong public key
+        pkey = EVP.load_key_pubkey('tests/ec.pub2.pem')
+        pkey.reset_context('sha256')
+        pkey.digest_verify_init()
+        pkey.digest_verify_update(b'test  message')
+        self.assertEqual(pkey.digest_verify_final(sig), 0)
+
+        # wrong message
+        pkey = EVP.load_key_pubkey('tests/ec.pub.pem')
+        pkey.reset_context('sha256')
+        pkey.digest_verify_init()
+        pkey.digest_verify_update(b'test  message not')
+        self.assertEqual(pkey.digest_verify_final(sig), 0)
+
     def test_load_bad(self):
         with self.assertRaises(BIO.BIOError):
             EVP.load_key('thisdoesnotexist-dfgh56789')
-- 
cgit v1.2.1