def test_sigverify(ossl, ossl_config, test_artifacts_dir, sig_name, worker_id):
common.gen_keys(ossl, ossl_config, sig_name, test_artifacts_dir, worker_id)
# determine available digest algorithms
dgsts_out = common.run_subprocess([ossl, 'dgst', '-list'])
dgst_list = dgst_algs(dgsts_out)
# now pick a random digest algorithm; for EC and RSA only accept a SHA[1|2]*
test_dgst = dgst_list[random.randint(0, len(dgst_list) - 1)]
while (sig_name.startswith("ec") or sig_name.startswith("rsa")) and not (
test_dgst.startswith("-sha1") or test_dgst.startswith("-sha2")):
test_dgst = dgst_list[random.randint(0, len(dgst_list) - 1)]
# do sign/verify with the picked digest
sign_out = common.run_subprocess([
ossl, 'dgst', test_dgst, '-sign',
os.path.join(test_artifacts_dir, '{}_{}_srv.key'.format(
worker_id, sig_name)), '-out',
os.path.join(test_artifacts_dir, '{}_{}_srv.signature'.format(
worker_id, sig_name))
],
input=input_msg.encode())
verify_out = common.run_subprocess([
ossl, 'dgst', test_dgst, '-verify',
os.path.join(test_artifacts_dir, '{}_{}_srv.pubk'.format(
worker_id, sig_name)), '-signature',
os.path.join(test_artifacts_dir, '{}_{}_srv.signature'.format(
worker_id, sig_name))
],
input=input_msg.encode())
assert "Verified OK" in verify_out
def test_sig(ossl, ossl_config, test_artifacts_dir, sig_name, worker_id):
if (sys.platform.startswith("win") and ("rainbowVclassic" in sig_name)):
pytest.skip('rainbowVclassic not supported in windows')
common.gen_keys(ossl, ossl_config, sig_name, test_artifacts_dir, worker_id)
sign_out = common.run_subprocess([
ossl, 'cms', '-sign', '-signer',
os.path.join(test_artifacts_dir, '{}_{}_srv.crt'.format(
worker_id, sig_name)), '-inkey',
os.path.join(test_artifacts_dir, '{}_{}_srv.key'.format(
worker_id, sig_name)), '-nodetach', '-outform', 'pem', '-binary'
],
input=input_msg.encode())
common.run_subprocess([
ossl, 'cms', '-verify', '-CAfile',
os.path.join(test_artifacts_dir, '{}_{}_CA.crt'.format(
worker_id, sig_name)), '-inform', 'pem', '-crlfeol', '-out',
os.path.join(test_artifacts_dir, '{}_{}_verify_out'.format(
worker_id, sig_name))
],
input=sign_out.encode())
with open(
os.path.join(test_artifacts_dir,
'{}_{}_verify_out'.format(worker_id, sig_name)),
'r') as verify_out:
assert input_msg == verify_out.read(), "Signature verification failed."
def sig_default_server_port(ossl, ossl_config, test_artifacts_dir, worker_id):
# Setup: start ossl server
common.gen_keys(ossl, ossl_config, 'oqs_sig_default', test_artifacts_dir, worker_id)
server, port = common.start_server(ossl, test_artifacts_dir, 'oqs_sig_default', worker_id)
# Run tests
yield port
# Teardown: stop ossl server
server.kill()
def parametrized_sig_server(request, ossl, ossl_config, test_artifacts_dir, worker_id):
# Setup: start ossl server
common.gen_keys(ossl, ossl_config, request.param, test_artifacts_dir, worker_id)
server, port = common.start_server(ossl, test_artifacts_dir, request.param, worker_id)
# Run tests
yield request.param, port
# Teardown: stop ossl server
server.kill()
def parametrized_sig_server(request, ossl, ossl_config, test_artifacts_dir, worker_id):
if (sys.platform.startswith("win") and ("rainbowVclassic" in request.param)):
pytest.skip('rainbowVclassic not supported in windows')
# Setup: start ossl server
common.gen_keys(ossl, ossl_config, request.param, test_artifacts_dir, worker_id)
server, port = common.start_server(ossl, test_artifacts_dir, request.param, worker_id)
# Run tests
yield request.param, port
# Teardown: stop ossl server
server.kill()
def test_sig(ossl, ossl_config, test_artifacts_dir, sig_name, worker_id):
common.gen_keys(ossl, ossl_config, sig_name, test_artifacts_dir, worker_id)
sign_out = common.run_subprocess([
ossl, 'cms', '-sign', '-signer',
os.path.join(test_artifacts_dir, '{}_{}_srv.crt'.format(
worker_id, sig_name)), '-inkey',
os.path.join(test_artifacts_dir, '{}_{}_srv.key'.format(
worker_id, sig_name)), '-nodetach', '-outform', 'pem', '-binary'
],
input=input_msg.encode())
common.run_subprocess([
ossl, 'cms', '-verify', '-CAfile',
os.path.join(test_artifacts_dir, '{}_{}_CA.crt'.format(
worker_id, sig_name)), '-inform', 'pem', '-crlfeol', '-out',
os.path.join(test_artifacts_dir, '{}_{}_verify_out'.format(
worker_id, sig_name))
],
input=sign_out.encode())
with open(
os.path.join(test_artifacts_dir,
'{}_{}_verify_out'.format(worker_id, sig_name)),
'r') as verify_out:
assert input_msg == verify_out.read(), "Signature verification failed."