#2 tests: add simple-rsapss-test
Merged 5 years ago by tmraz. Opened 5 years ago by mvadkert.
rpms/ mvadkert/openssl master  into  master

@@ -0,0 +1,63 @@ 

+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ #

+ #   Makefile of /CoreOS/openssl/Sanity/simple-rsapss-test

+ #   Description: Test if RSA-PSS signature scheme is supported

+ #   Author: Hubert Kario <hkario@redhat.com>

+ #

+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ #

+ #   Copyright (c) 2013 Red Hat, Inc. All rights reserved.

+ #

+ #   This copyrighted material is made available to anyone wishing

+ #   to use, modify, copy, or redistribute it subject to the terms

+ #   and conditions of the GNU General Public License version 2.

+ #

+ #   This program is distributed in the hope that it will be

+ #   useful, but WITHOUT ANY WARRANTY; without even the implied

+ #   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR

+ #   PURPOSE. See the GNU General Public License for more details.

+ #

+ #   You should have received a copy of the GNU General Public

+ #   License along with this program; if not, write to the Free

+ #   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,

+ #   Boston, MA 02110-1301, USA.

+ #

+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ 

+ export TEST=/CoreOS/openssl/Sanity/simple-rsapss-test

+ export TESTVERSION=1.0

+ 

+ BUILT_FILES=

+ 

+ FILES=$(METADATA) runtest.sh Makefile PURPOSE

+ 

+ .PHONY: all install download clean

+ 

+ run: $(FILES) build

+ 	./runtest.sh

+ 

+ build: $(BUILT_FILES)

+ 	test -x runtest.sh || chmod a+x runtest.sh

+ 

+ clean:

+ 	rm -f *~ $(BUILT_FILES)

+ 

+ 

+ -include /usr/share/rhts/lib/rhts-make.include

+ 

+ $(METADATA): Makefile

+ 	@echo "Owner:           Hubert Kario <hkario@redhat.com>" > $(METADATA)

+ 	@echo "Name:            $(TEST)" >> $(METADATA)

+ 	@echo "TestVersion:     $(TESTVERSION)" >> $(METADATA)

+ 	@echo "Path:            $(TEST_DIR)" >> $(METADATA)

+ 	@echo "Description:     Test if RSA-PSS signature scheme is supported" >> $(METADATA)

+ 	@echo "Type:            Sanity" >> $(METADATA)

+ 	@echo "TestTime:        1m" >> $(METADATA)

+ 	@echo "RunFor:          openssl" >> $(METADATA)

+ 	@echo "Requires:        openssl man man-db" >> $(METADATA)

+ 	@echo "Priority:        Normal" >> $(METADATA)

+ 	@echo "License:         GPLv2" >> $(METADATA)

+ 	@echo "Confidential:    no" >> $(METADATA)

+ 	@echo "Destructive:     no" >> $(METADATA)

+ 

+ 	rhts-lint $(METADATA)

@@ -0,0 +1,3 @@ 

+ PURPOSE of /CoreOS/openssl/Sanity/simple-rsapss-test

+ Description: Test if RSA-PSS signature scheme is supported

+ Author: Hubert Kario <hkario@redhat.com>

@@ -0,0 +1,74 @@ 

+ #!/bin/bash

+ # vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k

+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ #

+ #   runtest.sh of /CoreOS/openssl/Sanity/simple-rsapss-test

+ #   Description: Test if RSA-PSS signature scheme is supported

+ #   Author: Hubert Kario <hkario@redhat.com>

+ #

+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ #

+ #   Copyright (c) 2013 Red Hat, Inc. All rights reserved.

+ #

+ #   This copyrighted material is made available to anyone wishing

+ #   to use, modify, copy, or redistribute it subject to the terms

+ #   and conditions of the GNU General Public License version 2.

+ #

+ #   This program is distributed in the hope that it will be

+ #   useful, but WITHOUT ANY WARRANTY; without even the implied

+ #   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR

+ #   PURPOSE. See the GNU General Public License for more details.

+ #

+ #   You should have received a copy of the GNU General Public

+ #   License along with this program; if not, write to the Free

+ #   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,

+ #   Boston, MA 02110-1301, USA.

+ #

+ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ 

+ # Include Beaker environment

+ . /usr/share/beakerlib/beakerlib.sh || exit 1

+ 

+ PACKAGE="openssl"

+ 

+ PUB_KEY="rsa_pubkey.pem"

+ PRIV_KEY="rsa_key.pem"

+ FILE="text.txt"

+ SIG="text.sig"

+ 

+ rlJournalStart

+     rlPhaseStartSetup

+         rlAssertRpm $PACKAGE

+         rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"

+         rlRun "pushd $TmpDir"

+         rlRun "openssl genrsa -out $PRIV_KEY 2048" 0 "Generate RSA key"

+         rlRun "openssl rsa -in $PRIV_KEY -out $PUB_KEY -pubout" 0 "Split the public key from private key"

+         rlRun "echo 'sign me!' > $FILE" 0 "Create file for signing"

+         rlAssertExists $FILE

+         rlAssertExists $PRIV_KEY

+         rlAssertExists $PUB_KEY

+     rlPhaseEnd

+ 

+     rlPhaseStartTest "Test RSA-PSS padding mode"

+         set -o pipefail

+         rlRun "openssl dgst -sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:32 -out $SIG -sign $PRIV_KEY $FILE" 0 "Sign the file"

+         rlRun "openssl dgst -sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:32 -prverify $PRIV_KEY -signature $SIG $FILE | grep 'Verified OK'" 0 "Verify the signature using the private key file"

+         rlRun "openssl dgst -sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:32 -verify $PUB_KEY -signature $SIG $FILE | grep 'Verified OK'" 0 "Verify the signature using public key file"

+         rlRun "openssl dgst -sha256 -sigopt rsa_padding_mode:pss -prverify $PRIV_KEY -signature $SIG $FILE | grep 'Verified OK'" 0 "Verify the signature using the private key file without specifying salt length"

+         rlRun "openssl dgst -sha256 -sigopt rsa_padding_mode:pss -verify $PUB_KEY -signature $SIG $FILE | grep 'Verified OK'" 0 "Verify the signature using public key file without specifying salt length"

+         set +o pipefail

+         rlRun "sed -i 's/sign/Sign/' $FILE" 0 "Modify signed file"

+         rlRun "openssl dgst -sha256 -sigopt rsa_padding_mode:pss -verify $PUB_KEY -signature $SIG $FILE | grep 'Verification Failure'" 0 "Verify that the signature is no longer valid"

+     rlPhaseEnd

+ 

+     rlPhaseStartTest "Documentation check"

+         [ -e "$(rpm -ql openssl | grep dgst)"] && rlRun "man dgst | col -b | grep -- -sigopt" 0 "Check if -sigopt option is described in man page"

+         rlRun "openssl dgst -help 2>&1 | grep -- -sigopt" 0 "Check if -sigopt option is present in help message"

+     rlPhaseEnd

+ 

+     rlPhaseStartCleanup

+         rlRun "popd"

+         rlRun "rm -r $TmpDir" 0 "Removing tmp directory"

+     rlPhaseEnd

+ rlJournalPrintText

+ rlJournalEnd

file added
+15
@@ -0,0 +1,15 @@ 

+ ---

+ # This first play always runs on the local staging system

+ - hosts: localhost

+   roles:

+   - role: standard-test-beakerlib

+     tags:

+     - classic

+     - container

+     tests:

+     - simple-rsapss-test

+     required_packages:

+     - findutils         # beakerlib needs find command

+     - man               # needed by simple-rsapss-test

+     - man-db            # needed by simple-rsapss-test

+     - openssl           # needed by simple-rsapss-test

This patch adds first upstream test to openssl component executable via the standard test interface - Ansible. More information can be found on this page:

https://fedoraproject.org/wiki/CI/Tests

The added test can be run in these 2 environments: localhost or in a docker container. The test was run and passes on all supported Fedora releases - F26, F27 and rawhide in these environments.

Tests that will be available in dist-git will be automatically run in Fedora CI on a commit to dist-git. The tests currently do not gate the commit, but we hope this to change in the future, once the tests are stable.

Please contact the issuer of this commit, if you have any additional questions.

Signed-off-by: Miroslav Vadkerti mvadkert@redhat.com

Pull-Request has been merged by tmraz

5 years ago