1#! /usr/bin/env perl 2# Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved. 3# 4# Licensed under the Apache License 2.0 (the "License"). You may not use 5# this file except in compliance with the License. You can obtain a copy 6# in the file LICENSE in the source distribution or at 7# https://www.openssl.org/source/license.html 8 9 10use strict; 11use warnings; 12 13use File::Spec; 14use OpenSSL::Test qw/:DEFAULT with srctop_file data_file/; 15use OpenSSL::Test::Utils; 16 17setup("test_rsapss"); 18 19plan tests => 18; 20 21#using test/testrsa.pem which happens to be a 512 bit RSA 22ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha1', 23 '-sigopt', 'rsa_padding_mode:pss', 24 '-sigopt', 'rsa_pss_saltlen:max', 25 '-sigopt', 'rsa_mgf1_md:sha512', 26 '-out', 'testrsapss-restricted.sig', 27 srctop_file('test', 'testrsa.pem')])), 28 "openssl dgst -sign [plain RSA key, PSS padding mode, PSS restrictions]"); 29 30ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha1', 31 '-sigopt', 'rsa_padding_mode:pss', 32 '-out', 'testrsapss-unrestricted.sig', 33 srctop_file('test', 'testrsa.pem')])), 34 "openssl dgst -sign [plain RSA key, PSS padding mode, no PSS restrictions]"); 35 36ok(!run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha512', 37 '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:max', 38 '-sigopt', 'rsa_mgf1_md:sha512', srctop_file('test', 'testrsa.pem')])), 39 "openssl dgst -sign, expect to fail gracefully"); 40 41ok(!run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha512', 42 '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:2147483647', 43 '-sigopt', 'rsa_mgf1_md:sha1', srctop_file('test', 'testrsa.pem')])), 44 "openssl dgst -sign, expect to fail gracefully"); 45 46ok(!run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'), '-sha512', 47 '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:max', 48 '-sigopt', 'rsa_mgf1_md:sha512', '-signature', 'testrsapss.sig', 49 srctop_file('test', 'testrsa.pem')])), 50 "openssl dgst -prverify, expect to fail gracefully"); 51 52ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'), 53 '-sha1', 54 '-sigopt', 'rsa_padding_mode:pss', 55 '-sigopt', 'rsa_pss_saltlen:max', 56 '-sigopt', 'rsa_mgf1_md:sha512', 57 '-signature', 'testrsapss-restricted.sig', 58 srctop_file('test', 'testrsa.pem')])), 59 "openssl dgst -prverify [plain RSA key, PSS padding mode, PSS restrictions]"); 60 61ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'), 62 '-sha1', 63 '-sigopt', 'rsa_padding_mode:pss', 64 '-sigopt', 'rsa_pss_saltlen:42', 65 '-sigopt', 'rsa_mgf1_md:sha512', 66 '-signature', 'testrsapss-restricted.sig', 67 srctop_file('test', 'testrsa.pem')])), 68 "openssl dgst -sign rsa512bit.pem -sha1 -sigopt rsa_pss_saltlen:max produces 42 bits of PSS salt"); 69 70ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'), 71 '-sha1', 72 '-sigopt', 'rsa_padding_mode:pss', 73 '-sigopt', 'rsa_pss_saltlen:auto-digestmax', 74 '-sigopt', 'rsa_mgf1_md:sha512', 75 '-signature', 'testrsapss-restricted.sig', 76 srctop_file('test', 'testrsa.pem')])), 77 "openssl dgst -prverify rsa512bit.pem -sha1 -sigopt rsa_pss_saltlen:auto-digestmax verifies signatures with saltlen > digestlen"); 78 79ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'), 80 '-sha1', 81 '-sigopt', 'rsa_padding_mode:pss', 82 '-signature', 'testrsapss-unrestricted.sig', 83 srctop_file('test', 'testrsa.pem')])), 84 "openssl dgst -prverify [plain RSA key, PSS padding mode, no PSS restrictions]"); 85 86ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha1', 87 '-sigopt', 'rsa_padding_mode:pss', 88 '-sigopt', 'rsa_pss_saltlen:auto-digestmax', 89 '-out', 'testrsapss-sha1-autodigestmax.sig', 90 srctop_file('test', 'testrsa.pem')])), 91 "openssl dgst -sign -sha1 -rsa_pss_saltlen:auto-digestmax"); 92ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'), '-sha1', 93 '-sigopt', 'rsa_padding_mode:pss', 94 '-sigopt', 'rsa_pss_saltlen:20', 95 '-signature', 'testrsapss-sha1-autodigestmax.sig', 96 srctop_file('test', 'testrsa.pem')])), 97 "openssl dgst -sign -sha1 -rsa_padding_mode:auto-digestmax produces 20 (i.e., digestlen) bits of PSS salt"); 98 99ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha256', 100 '-sigopt', 'rsa_padding_mode:pss', 101 '-sigopt', 'rsa_pss_saltlen:auto-digestmax', 102 '-out', 'testrsapss-sha256-autodigestmax.sig', 103 srctop_file('test', 'testrsa.pem')])), 104 "openssl dgst -sign -sha256 -rsa_pss_saltlen:auto-digestmax"); 105ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'), '-sha256', 106 '-sigopt', 'rsa_padding_mode:pss', 107 '-sigopt', 'rsa_pss_saltlen:30', 108 '-signature', 'testrsapss-sha256-autodigestmax.sig', 109 srctop_file('test', 'testrsa.pem')])), 110 "openssl dgst -sign rsa512bit.pem -sha256 -rsa_padding_mode:auto-digestmax produces 30 bits of PSS salt (due to 512bit key)"); 111 112# Test that RSA-PSS keys are supported by genpkey and rsa commands. 113{ 114 my $rsapss = "rsapss.key"; 115 ok(run(app(['openssl', 'genpkey', '-algorithm', 'RSA-PSS', 116 '-pkeyopt', 'rsa_keygen_bits:1024', 117 '-pkeyopt', 'rsa_keygen_pubexp:65537', 118 '-pkeyopt', 'rsa_keygen_primes:2', 119 '--out', $rsapss]))); 120 ok(run(app(['openssl', 'rsa', '-check', 121 '-in', $rsapss]))); 122} 123 124ok(!run(app([ 'openssl', 'rsa', 125 '-in' => data_file('negativesaltlen.pem')], 126 '-out' => 'badout'))); 127 128ok(run(app(['openssl', 'genpkey', '-algorithm', 'RSA-PSS', '-pkeyopt', 'rsa_keygen_bits:1024', 129 '-pkeyopt', 'rsa_pss_keygen_md:SHA256', '-pkeyopt', 'rsa_pss_keygen_saltlen:10', 130 '-out', 'testrsapss.pem'])), 131 "openssl genpkey RSA-PSS with pss parameters"); 132ok(run(app(['openssl', 'pkey', '-in', 'testrsapss.pem', '-pubout', '-text'])), 133 "openssl pkey, execute rsa_pub_encode with pss parameters"); 134unlink 'testrsapss.pem'; 135
