xref: /freebsd/crypto/openssl/test/recipes/15-test_rsapss.t (revision a90b9d0159070121c221b966469c3e36d912bf82)
1#! /usr/bin/env perl
2# Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved.
3#
4# Licensed under the Apache License 2.0 (the "License").  You may not use
5# this file except in compliance with the License.  You can obtain a copy
6# in the file LICENSE in the source distribution or at
7# https://www.openssl.org/source/license.html
8
9
10use strict;
11use warnings;
12
13use File::Spec;
14use OpenSSL::Test qw/:DEFAULT with srctop_file data_file/;
15use OpenSSL::Test::Utils;
16
17setup("test_rsapss");
18
19plan tests => 13;
20
21#using test/testrsa.pem which happens to be a 512 bit RSA
22ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha1',
23            '-sigopt', 'rsa_padding_mode:pss',
24            '-sigopt', 'rsa_pss_saltlen:max',
25            '-sigopt', 'rsa_mgf1_md:sha512',
26            '-out', 'testrsapss-restricted.sig',
27            srctop_file('test', 'testrsa.pem')])),
28   "openssl dgst -sign [plain RSA key, PSS padding mode, PSS restrictions]");
29
30ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha1',
31            '-sigopt', 'rsa_padding_mode:pss',
32            '-out', 'testrsapss-unrestricted.sig',
33            srctop_file('test', 'testrsa.pem')])),
34   "openssl dgst -sign [plain RSA key, PSS padding mode, no PSS restrictions]");
35
36ok(!run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha512',
37             '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:max',
38             '-sigopt', 'rsa_mgf1_md:sha512', srctop_file('test', 'testrsa.pem')])),
39   "openssl dgst -sign, expect to fail gracefully");
40
41ok(!run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha512',
42             '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:2147483647',
43             '-sigopt', 'rsa_mgf1_md:sha1', srctop_file('test', 'testrsa.pem')])),
44   "openssl dgst -sign, expect to fail gracefully");
45
46ok(!run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'), '-sha512',
47             '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:max',
48             '-sigopt', 'rsa_mgf1_md:sha512', '-signature', 'testrsapss.sig',
49             srctop_file('test', 'testrsa.pem')])),
50   "openssl dgst -prverify, expect to fail gracefully");
51
52ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'),
53            '-sha1',
54            '-sigopt', 'rsa_padding_mode:pss',
55            '-sigopt', 'rsa_pss_saltlen:max',
56            '-sigopt', 'rsa_mgf1_md:sha512',
57            '-signature', 'testrsapss-restricted.sig',
58            srctop_file('test', 'testrsa.pem')])),
59   "openssl dgst -prverify [plain RSA key, PSS padding mode, PSS restrictions]");
60
61ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'),
62            '-sha1',
63            '-sigopt', 'rsa_padding_mode:pss',
64            '-sigopt', 'rsa_pss_saltlen:42',
65            '-sigopt', 'rsa_mgf1_md:sha512',
66            '-signature', 'testrsapss-restricted.sig',
67            srctop_file('test', 'testrsa.pem')])),
68   "openssl dgst -sign rsa512bit.pem -sha1 -sigopt rsa_pss_saltlen:max produces 42 bits of PSS salt");
69
70ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'),
71            '-sha1',
72            '-sigopt', 'rsa_padding_mode:pss',
73            '-signature', 'testrsapss-unrestricted.sig',
74            srctop_file('test', 'testrsa.pem')])),
75   "openssl dgst -prverify [plain RSA key, PSS padding mode, no PSS restrictions]");
76
77# Test that RSA-PSS keys are supported by genpkey and rsa commands.
78{
79   my $rsapss = "rsapss.key";
80   ok(run(app(['openssl', 'genpkey', '-algorithm', 'RSA-PSS',
81               '-pkeyopt', 'rsa_keygen_bits:1024',
82               '-pkeyopt', 'rsa_keygen_pubexp:65537',
83               '-pkeyopt', 'rsa_keygen_primes:2',
84               '--out', $rsapss])));
85   ok(run(app(['openssl', 'rsa', '-check',
86               '-in', $rsapss])));
87}
88
89ok(!run(app([ 'openssl', 'rsa',
90             '-in' => data_file('negativesaltlen.pem')],
91             '-out' => 'badout')));
92
93ok(run(app(['openssl', 'genpkey', '-algorithm', 'RSA-PSS', '-pkeyopt', 'rsa_keygen_bits:1024',
94            '-pkeyopt', 'rsa_pss_keygen_md:SHA256', '-pkeyopt', 'rsa_pss_keygen_saltlen:10',
95            '-out', 'testrsapss.pem'])),
96   "openssl genpkey RSA-PSS with pss parameters");
97ok(run(app(['openssl', 'pkey', '-in', 'testrsapss.pem', '-pubout', '-text'])),
98   "openssl pkey, execute rsa_pub_encode with pss parameters");
99unlink 'testrsapss.pem';
100