1 1.1 christos #! /usr/bin/env perl 2 1.1.1.5 christos # Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved. 3 1.1 christos # 4 1.1.1.4 christos # Licensed under the Apache License 2.0 (the "License"). You may not use 5 1.1 christos # this file except in compliance with the License. You can obtain a copy 6 1.1 christos # in the file LICENSE in the source distribution or at 7 1.1 christos # https://www.openssl.org/source/license.html 8 1.1 christos 9 1.1 christos 10 1.1 christos use strict; 11 1.1 christos use warnings; 12 1.1 christos 13 1.1 christos use File::Spec; 14 1.1.1.4 christos use OpenSSL::Test qw/:DEFAULT with srctop_file data_file/; 15 1.1 christos use OpenSSL::Test::Utils; 16 1.1 christos 17 1.1 christos setup("test_rsapss"); 18 1.1 christos 19 1.1.1.5 christos plan tests => 13; 20 1.1 christos 21 1.1 christos #using test/testrsa.pem which happens to be a 512 bit RSA 22 1.1 christos ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha1', 23 1.1.1.4 christos '-sigopt', 'rsa_padding_mode:pss', 24 1.1.1.4 christos '-sigopt', 'rsa_pss_saltlen:max', 25 1.1.1.4 christos '-sigopt', 'rsa_mgf1_md:sha512', 26 1.1.1.4 christos '-out', 'testrsapss-restricted.sig', 27 1.1 christos srctop_file('test', 'testrsa.pem')])), 28 1.1.1.4 christos "openssl dgst -sign [plain RSA key, PSS padding mode, PSS restrictions]"); 29 1.1 christos 30 1.1.1.4 christos ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha1', 31 1.1.1.4 christos '-sigopt', 'rsa_padding_mode:pss', 32 1.1.1.4 christos '-out', 'testrsapss-unrestricted.sig', 33 1.1.1.4 christos srctop_file('test', 'testrsa.pem')])), 34 1.1.1.4 christos "openssl dgst -sign [plain RSA key, PSS padding mode, no PSS restrictions]"); 35 1.1.1.4 christos 36 1.1.1.4 christos ok(!run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha512', 37 1.1.1.4 christos '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:max', 38 1.1.1.4 christos '-sigopt', 'rsa_mgf1_md:sha512', srctop_file('test', 'testrsa.pem')])), 39 1.1.1.4 christos "openssl dgst -sign, expect to fail gracefully"); 40 1.1.1.4 christos 41 1.1.1.4 christos ok(!run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha512', 42 1.1.1.4 christos '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:2147483647', 43 1.1.1.4 christos '-sigopt', 'rsa_mgf1_md:sha1', srctop_file('test', 'testrsa.pem')])), 44 1.1.1.4 christos "openssl dgst -sign, expect to fail gracefully"); 45 1.1.1.4 christos 46 1.1.1.4 christos ok(!run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'), '-sha512', 47 1.1.1.4 christos '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:max', 48 1.1.1.4 christos '-sigopt', 'rsa_mgf1_md:sha512', '-signature', 'testrsapss.sig', 49 1.1.1.4 christos srctop_file('test', 'testrsa.pem')])), 50 1.1.1.4 christos "openssl dgst -prverify, expect to fail gracefully"); 51 1.1.1.4 christos 52 1.1.1.4 christos ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'), 53 1.1.1.4 christos '-sha1', 54 1.1.1.4 christos '-sigopt', 'rsa_padding_mode:pss', 55 1.1.1.4 christos '-sigopt', 'rsa_pss_saltlen:max', 56 1.1.1.4 christos '-sigopt', 'rsa_mgf1_md:sha512', 57 1.1.1.4 christos '-signature', 'testrsapss-restricted.sig', 58 1.1.1.4 christos srctop_file('test', 'testrsa.pem')])), 59 1.1.1.4 christos "openssl dgst -prverify [plain RSA key, PSS padding mode, PSS restrictions]"); 60 1.1.1.4 christos 61 1.1.1.4 christos ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'), 62 1.1.1.4 christos '-sha1', 63 1.1.1.4 christos '-sigopt', 'rsa_padding_mode:pss', 64 1.1.1.4 christos '-sigopt', 'rsa_pss_saltlen:42', 65 1.1.1.4 christos '-sigopt', 'rsa_mgf1_md:sha512', 66 1.1.1.4 christos '-signature', 'testrsapss-restricted.sig', 67 1.1.1.4 christos srctop_file('test', 'testrsa.pem')])), 68 1.1.1.4 christos "openssl dgst -sign rsa512bit.pem -sha1 -sigopt rsa_pss_saltlen:max produces 42 bits of PSS salt"); 69 1.1.1.4 christos 70 1.1.1.4 christos ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'), 71 1.1.1.4 christos '-sha1', 72 1.1.1.4 christos '-sigopt', 'rsa_padding_mode:pss', 73 1.1.1.4 christos '-signature', 'testrsapss-unrestricted.sig', 74 1.1 christos srctop_file('test', 'testrsa.pem')])), 75 1.1.1.4 christos "openssl dgst -prverify [plain RSA key, PSS padding mode, no PSS restrictions]"); 76 1.1.1.4 christos 77 1.1.1.4 christos # Test that RSA-PSS keys are supported by genpkey and rsa commands. 78 1.1.1.4 christos { 79 1.1.1.4 christos my $rsapss = "rsapss.key"; 80 1.1.1.4 christos ok(run(app(['openssl', 'genpkey', '-algorithm', 'RSA-PSS', 81 1.1.1.4 christos '-pkeyopt', 'rsa_keygen_bits:1024', 82 1.1.1.5 christos '-pkeyopt', 'rsa_keygen_pubexp:65537', 83 1.1.1.5 christos '-pkeyopt', 'rsa_keygen_primes:2', 84 1.1.1.4 christos '--out', $rsapss]))); 85 1.1.1.4 christos ok(run(app(['openssl', 'rsa', '-check', 86 1.1.1.4 christos '-in', $rsapss]))); 87 1.1.1.4 christos } 88 1.1.1.4 christos 89 1.1.1.4 christos ok(!run(app([ 'openssl', 'rsa', 90 1.1.1.4 christos '-in' => data_file('negativesaltlen.pem')], 91 1.1.1.4 christos '-out' => 'badout'))); 92 1.1.1.5 christos 93 1.1.1.5 christos ok(run(app(['openssl', 'genpkey', '-algorithm', 'RSA-PSS', '-pkeyopt', 'rsa_keygen_bits:1024', 94 1.1.1.5 christos '-pkeyopt', 'rsa_pss_keygen_md:SHA256', '-pkeyopt', 'rsa_pss_keygen_saltlen:10', 95 1.1.1.5 christos '-out', 'testrsapss.pem'])), 96 1.1.1.5 christos "openssl genpkey RSA-PSS with pss parameters"); 97 1.1.1.5 christos ok(run(app(['openssl', 'pkey', '-in', 'testrsapss.pem', '-pubout', '-text'])), 98 1.1.1.5 christos "openssl pkey, execute rsa_pub_encode with pss parameters"); 99 1.1.1.5 christos unlink 'testrsapss.pem'; 100
Indexes created Sat Apr 25 00:22:52 UTC 2026