20-test_dgst.t@ 107935

Last change on this file since 107935 was 104078, checked in by vboxsync, 11 months ago
openssl-3.1.5: Applied and adjusted our OpenSSL changes to 3.1.4. bugref:10638
File size: 9.3 KB

Line
1	#! /usr/bin/env perl
2	# Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved.
3	#
4	# Licensed under the Apache License 2.0 (the "License"). You may not use
5	# this file except in compliance with the License. You can obtain a copy
6	# in the file LICENSE in the source distribution or at
7	# https://www.openssl.org/source/license.html
8
9
10	use strict;
11	use warnings;
12
13	use File::Spec;
14	use File::Basename;
15	use OpenSSL::Test qw/:DEFAULT with srctop_file bldtop_dir/;
16	use OpenSSL::Test::Utils;
17
18	setup("test_dgst");
19
20	plan tests => 13;
21
22	sub tsignverify {
23	my $testtext = shift;
24	my $privkey = shift;
25	my $pubkey = shift;
26
27	my $data_to_sign = srctop_file('test', 'data.bin');
28	my $other_data = srctop_file('test', 'data2.bin');
29
30	my $sigfile = basename($privkey, '.pem') . '.sig';
31	plan tests => 4;
32
33	ok(run(app(['openssl', 'dgst', '-sign', $privkey,
34	'-out', $sigfile,
35	$data_to_sign])),
36	$testtext.": Generating signature");
37
38	ok(run(app(['openssl', 'dgst', '-prverify', $privkey,
39	'-signature', $sigfile,
40	$data_to_sign])),
41	$testtext.": Verify signature with private key");
42
43	ok(run(app(['openssl', 'dgst', '-verify', $pubkey,
44	'-signature', $sigfile,
45	$data_to_sign])),
46	$testtext.": Verify signature with public key");
47
48	ok(!run(app(['openssl', 'dgst', '-verify', $pubkey,
49	'-signature', $sigfile,
50	$other_data])),
51	$testtext.": Expect failure verifying mismatching data");
52	}
53
54	sub tsignverify_sha512 {
55	my $testtext = shift;
56	my $privkey = shift;
57	my $pubkey = shift;
58
59	my $data_to_sign = srctop_file('test', 'data.bin');
60	my $other_data = srctop_file('test', 'data2.bin');
61
62	my $sigfile = basename($privkey, '.pem') . '.sig';
63	plan tests => 5;
64
65	ok(run(app(['openssl', 'sha512', '-sign', $privkey,
66	'-out', $sigfile,
67	$data_to_sign])),
68	$testtext.": Generating signature using sha512 command");
69
70	ok(run(app(['openssl', 'sha512', '-verify', $pubkey,
71	'-signature', $sigfile,
72	$data_to_sign])),
73	$testtext.": Verify signature with public key using sha512 command");
74
75	ok(run(app(['openssl', 'dgst', '-sha512', '-prverify', $privkey,
76	'-signature', $sigfile,
77	$data_to_sign])),
78	$testtext.": Verify signature with private key");
79
80	ok(run(app(['openssl', 'dgst', '-sha512', '-verify', $pubkey,
81	'-signature', $sigfile,
82	$data_to_sign])),
83	$testtext.": Verify signature with public key");
84
85	ok(!run(app(['openssl', 'dgst', '-sha512', '-verify', $pubkey,
86	'-signature', $sigfile,
87	$other_data])),
88	$testtext.": Expect failure verifying mismatching data");
89	}
90
91	SKIP: {
92	skip "RSA is not supported by this OpenSSL build", 1
93	if disabled("rsa");
94
95	subtest "RSA signature generation and verification with `dgst` CLI" => sub {
96	tsignverify("RSA",
97	srctop_file("test","testrsa.pem"),
98	srctop_file("test","testrsapub.pem"));
99	};
100
101	subtest "RSA signature generation and verification with `sha512` CLI" => sub {
102	tsignverify_sha512("RSA",
103	srctop_file("test","testrsa2048.pem"),
104	srctop_file("test","testrsa2048pub.pem"));
105	};
106	}
107
108	SKIP: {
109	skip "DSA is not supported by this OpenSSL build", 1
110	if disabled("dsa");
111
112	subtest "DSA signature generation and verification with `dgst` CLI" => sub {
113	tsignverify("DSA",
114	srctop_file("test","testdsa.pem"),
115	srctop_file("test","testdsapub.pem"));
116	};
117	}
118
119	SKIP: {
120	skip "ECDSA is not supported by this OpenSSL build", 1
121	if disabled("ec");
122
123	subtest "ECDSA signature generation and verification with `dgst` CLI" => sub {
124	tsignverify("ECDSA",
125	srctop_file("test","testec-p256.pem"),
126	srctop_file("test","testecpub-p256.pem"));
127	};
128	}
129
130	SKIP: {
131	skip "EdDSA is not supported by this OpenSSL build", 2
132	if disabled("ec");
133
134	skip "EdDSA is not supported with `dgst` CLI", 2;
135
136	subtest "Ed25519 signature generation and verification with `dgst` CLI" => sub {
137	tsignverify("Ed25519",
138	srctop_file("test","tested25519.pem"),
139	srctop_file("test","tested25519pub.pem"));
140	};
141
142	subtest "Ed448 signature generation and verification with `dgst` CLI" => sub {
143	tsignverify("Ed448",
144	srctop_file("test","tested448.pem"),
145	srctop_file("test","tested448pub.pem"));
146	};
147	}
148
149	SKIP: {
150	skip "dgst with engine is not supported by this OpenSSL build", 1
151	if disabled("engine") \|\| disabled("dynamic-engine");
152
153	subtest "SHA1 generation by engine with `dgst` CLI" => sub {
154	plan tests => 1;
155
156	my $testdata = srctop_file('test', 'data.bin');
157	# intentionally using -engine twice, please do not remove the duplicate line
158	my @macdata = run(app(['openssl', 'dgst', '-sha1',
159	'-engine', "ossltest",
160	'-engine', "ossltest",
161	$testdata]), capture => 1);
162	chomp(@macdata);
163	my $expected = qr/SHA1$\Q$testdata\E$= 000102030405060708090a0b0c0d0e0f10111213/;
164	ok($macdata[0] =~ $expected, "SHA1: Check HASH value is as expected ($macdata[0]) vs ($expected)");
165	}
166	}
167
168	subtest "HMAC generation with `dgst` CLI" => sub {
169	plan tests => 2;
170
171	my $testdata = srctop_file('test', 'data.bin');
172	#HMAC the data twice to check consistency
173	my @hmacdata = run(app(['openssl', 'dgst', '-sha256', '-hmac', '123456',
174	$testdata, $testdata]), capture => 1);
175	chomp(@hmacdata);
176	my $expected = qr/HMAC-SHA2-256$\Q$testdata\E$= 6f12484129c4a761747f13d8234a1ff0e074adb34e9e9bf3a155c391b97b9a7c/;
177	ok($hmacdata[0] =~ $expected, "HMAC: Check HMAC value is as expected ($hmacdata[0]) vs ($expected)");
178	ok($hmacdata[1] =~ $expected,
179	"HMAC: Check second HMAC value is consistent with the first ($hmacdata[1]) vs ($expected)");
180	};
181
182	subtest "HMAC generation with `dgst` CLI, default digest" => sub {
183	plan tests => 2;
184
185	my $testdata = srctop_file('test', 'data.bin');
186	#HMAC the data twice to check consistency
187	my @hmacdata = run(app(['openssl', 'dgst', '-hmac', '123456',
188	$testdata, $testdata]), capture => 1);
189	chomp(@hmacdata);
190	my $expected = qr/HMAC-SHA256$\Q$testdata\E$= 6f12484129c4a761747f13d8234a1ff0e074adb34e9e9bf3a155c391b97b9a7c/;
191	ok($hmacdata[0] =~ $expected, "HMAC: Check HMAC value is as expected ($hmacdata[0]) vs ($expected)");
192	ok($hmacdata[1] =~ $expected,
193	"HMAC: Check second HMAC value is consistent with the first ($hmacdata[1]) vs ($expected)");
194	};
195
196	subtest "HMAC generation with `dgst` CLI, key via option" => sub {
197	plan tests => 2;
198
199	my $testdata = srctop_file('test', 'data.bin');
200	#HMAC the data twice to check consistency
201	my @hmacdata = run(app(['openssl', 'dgst', '-sha256', '-hmac',
202	'-macopt', 'hexkey:FFFF',
203	$testdata, $testdata]), capture => 1);
204	chomp(@hmacdata);
205	my $expected = qr/HMAC-SHA2-256$\Q$testdata\E$= b6727b7bb251dfa65846e0a8223bdd57d244aa6d7e312cb906d8e21f2dee3a57/;
206	ok($hmacdata[0] =~ $expected, "HMAC: Check HMAC value is as expected ($hmacdata[0]) vs ($expected)");
207	ok($hmacdata[1] =~ $expected,
208	"HMAC: Check second HMAC value is consistent with the first ($hmacdata[1]) vs ($expected)");
209	};
210
211	subtest "Custom length XOF digest generation with `dgst` CLI" => sub {
212	plan tests => 2;
213
214	my $testdata = srctop_file('test', 'data.bin');
215	#Digest the data twice to check consistency
216	my @xofdata = run(app(['openssl', 'dgst', '-shake128', '-xoflen', '64',
217	$testdata, $testdata]), capture => 1);
218	chomp(@xofdata);
219	my $expected = qr/SHAKE-128$\Q$testdata\E$= bb565dac72640109e1c926ef441d3fa64ffd0b3e2bf8cd73d5182dfba19b6a8a2eab96d2df854b647b3795ef090582abe41ba4e0717dc4df40bc4e17d88e4677/;
220	ok($xofdata[0] =~ $expected, "XOF: Check digest value is as expected ($xofdata[0]) vs ($expected)");
221	ok($xofdata[1] =~ $expected,
222	"XOF: Check second digest value is consistent with the first ($xofdata[1]) vs ($expected)");
223	};
224
225	subtest "SHAKE digest generation with no xoflen set `dgst` CLI" => sub {
226	plan tests => 1;
227
228	my $testdata = srctop_file('test', 'data.bin');
229	my @xofdata = run(app(['openssl', 'dgst', '-shake128', $testdata], stderr => "outerr.txt"), capture => 1);
230	chomp(@xofdata);
231	my $expected = qr/SHAKE-128$\Q$testdata\E$= bb565dac72640109e1c926ef441d3fa6/;
232	ok($xofdata[0] =~ $expected, "Check short digest is output");
233	};
234
235	SKIP: {
236	skip "ECDSA is not supported by this OpenSSL build", 1
237	if disabled("ec");
238
239	subtest "signing with xoflen is not supported `dgst` CLI" => sub {
240	plan tests => 1;
241	my $data_to_sign = srctop_file('test', 'data.bin');
242
243	ok(!run(app(['openssl', 'dgst', '-shake256', '-xoflen', '64',
244	'-sign', srctop_file("test","testec-p256.pem"),
245	'-out', 'test.sig',
246	srctop_file('test', 'data.bin')])),
247	"Generating signature with xoflen should fail");
248	}
249	}

Note: See TracBrowser for help on using the repository browser.

source: vbox/trunk/src/libs/openssl-3.1.7/test/recipes/20-test_dgst.t@ 107935

Download in other formats: