[rpms/openssl] rebase_40beta: tests: add simple-rsapss-test

[Miroslav Vadkerti <mvadkert@redhat.com>]

            A new commit has been pushed.

            Repo   : rpms/openssl
            Branch : rebase_40beta
            Commit : 0ac4eaaf93fb1c1ca23df600ba4f76a00848ac60
            Author : Miroslav Vadkerti <mvadkert@redhat.com>
            Date   : 2017-11-11T22:12:23-05:00
            Stats  : +155/-0 in 4 file(s)
            URL    : https://src.fedoraproject.org/rpms/openssl/c/0ac4eaaf93fb1c1ca23df600ba4f76a00848ac60?branch=rebase_40beta

            Log:
            tests: add simple-rsapss-test

Signed-off-by: Miroslav Vadkerti <mvadkert@redhat.com>

---
diff --git a/tests/simple-rsapss-test/Makefile b/tests/simple-rsapss-test/Makefile
new file mode 100644
index 0000000..13a123d
--- /dev/null
+++ b/tests/simple-rsapss-test/Makefile
@@ -0,0 +1,63 @@
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Makefile of /CoreOS/openssl/Sanity/simple-rsapss-test
+#   Description: Test if RSA-PSS signature scheme is supported
+#   Author: Hubert Kario <hkario@redhat.com>
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Copyright (c) 2013 Red Hat, Inc. All rights reserved.
+#
+#   This copyrighted material is made available to anyone wishing
+#   to use, modify, copy, or redistribute it subject to the terms
+#   and conditions of the GNU General Public License version 2.
+#
+#   This program is distributed in the hope that it will be
+#   useful, but WITHOUT ANY WARRANTY; without even the implied
+#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+#   PURPOSE. See the GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public
+#   License along with this program; if not, write to the Free
+#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+#   Boston, MA 02110-1301, USA.
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+export TEST=/CoreOS/openssl/Sanity/simple-rsapss-test
+export TESTVERSION=1.0
+
+BUILT_FILES=
+
+FILES=$(METADATA) runtest.sh Makefile PURPOSE
+
+.PHONY: all install download clean
+
+run: $(FILES) build
+	./runtest.sh
+
+build: $(BUILT_FILES)
+	test -x runtest.sh || chmod a+x runtest.sh
+
+clean:
+	rm -f *~ $(BUILT_FILES)
+
+
+-include /usr/share/rhts/lib/rhts-make.include
+
+$(METADATA): Makefile
+	@echo "Owner:           Hubert Kario <hkario@redhat.com>" > $(METADATA)
+	@echo "Name:            $(TEST)" >> $(METADATA)
+	@echo "TestVersion:     $(TESTVERSION)" >> $(METADATA)
+	@echo "Path:            $(TEST_DIR)" >> $(METADATA)
+	@echo "Description:     Test if RSA-PSS signature scheme is supported" >> $(METADATA)
+	@echo "Type:            Sanity" >> $(METADATA)
+	@echo "TestTime:        1m" >> $(METADATA)
+	@echo "RunFor:          openssl" >> $(METADATA)
+	@echo "Requires:        openssl man man-db" >> $(METADATA)
+	@echo "Priority:        Normal" >> $(METADATA)
+	@echo "License:         GPLv2" >> $(METADATA)
+	@echo "Confidential:    no" >> $(METADATA)
+	@echo "Destructive:     no" >> $(METADATA)
+
+	rhts-lint $(METADATA)

diff --git a/tests/simple-rsapss-test/PURPOSE b/tests/simple-rsapss-test/PURPOSE
new file mode 100644
index 0000000..66848e7
--- /dev/null
+++ b/tests/simple-rsapss-test/PURPOSE
@@ -0,0 +1,3 @@
+PURPOSE of /CoreOS/openssl/Sanity/simple-rsapss-test
+Description: Test if RSA-PSS signature scheme is supported
+Author: Hubert Kario <hkario@redhat.com>

diff --git a/tests/simple-rsapss-test/runtest.sh b/tests/simple-rsapss-test/runtest.sh
new file mode 100755
index 0000000..8b60e2f
--- /dev/null
+++ b/tests/simple-rsapss-test/runtest.sh
@@ -0,0 +1,74 @@
+#!/bin/bash
+# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   runtest.sh of /CoreOS/openssl/Sanity/simple-rsapss-test
+#   Description: Test if RSA-PSS signature scheme is supported
+#   Author: Hubert Kario <hkario@redhat.com>
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Copyright (c) 2013 Red Hat, Inc. All rights reserved.
+#
+#   This copyrighted material is made available to anyone wishing
+#   to use, modify, copy, or redistribute it subject to the terms
+#   and conditions of the GNU General Public License version 2.
+#
+#   This program is distributed in the hope that it will be
+#   useful, but WITHOUT ANY WARRANTY; without even the implied
+#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+#   PURPOSE. See the GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public
+#   License along with this program; if not, write to the Free
+#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+#   Boston, MA 02110-1301, USA.
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+# Include Beaker environment
+. /usr/share/beakerlib/beakerlib.sh || exit 1
+
+PACKAGE="openssl"
+
+PUB_KEY="rsa_pubkey.pem"
+PRIV_KEY="rsa_key.pem"
+FILE="text.txt"
+SIG="text.sig"
+
+rlJournalStart
+    rlPhaseStartSetup
+        rlAssertRpm $PACKAGE
+        rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
+        rlRun "pushd $TmpDir"
+        rlRun "openssl genrsa -out $PRIV_KEY 2048" 0 "Generate RSA key"
+        rlRun "openssl rsa -in $PRIV_KEY -out $PUB_KEY -pubout" 0 "Split the public key from private key"
+        rlRun "echo 'sign me!' > $FILE" 0 "Create file for signing"
+        rlAssertExists $FILE
+        rlAssertExists $PRIV_KEY
+        rlAssertExists $PUB_KEY
+    rlPhaseEnd
+
+    rlPhaseStartTest "Test RSA-PSS padding mode"
+        set -o pipefail
+        rlRun "openssl dgst -sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:32 -out $SIG -sign $PRIV_KEY $FILE" 0 "Sign the file"
+        rlRun "openssl dgst -sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:32 -prverify $PRIV_KEY -signature $SIG $FILE | grep 'Verified OK'" 0 "Verify the signature using the private key file"
+        rlRun "openssl dgst -sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:32 -verify $PUB_KEY -signature $SIG $FILE | grep 'Verified OK'" 0 "Verify the signature using public key file"
+        rlRun "openssl dgst -sha256 -sigopt rsa_padding_mode:pss -prverify $PRIV_KEY -signature $SIG $FILE | grep 'Verified OK'" 0 "Verify the signature using the private key file without specifying salt length"
+        rlRun "openssl dgst -sha256 -sigopt rsa_padding_mode:pss -verify $PUB_KEY -signature $SIG $FILE | grep 'Verified OK'" 0 "Verify the signature using public key file without specifying salt length"
+        set +o pipefail
+        rlRun "sed -i 's/sign/Sign/' $FILE" 0 "Modify signed file"
+        rlRun "openssl dgst -sha256 -sigopt rsa_padding_mode:pss -verify $PUB_KEY -signature $SIG $FILE | grep 'Verification Failure'" 0 "Verify that the signature is no longer valid"
+    rlPhaseEnd
+
+    rlPhaseStartTest "Documentation check"
+        [ -e "$(rpm -ql openssl | grep dgst)"] && rlRun "man dgst | col -b | grep -- -sigopt" 0 "Check if -sigopt option is described in man page"
+        rlRun "openssl dgst -help 2>&1 | grep -- -sigopt" 0 "Check if -sigopt option is present in help message"
+    rlPhaseEnd
+
+    rlPhaseStartCleanup
+        rlRun "popd"
+        rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
+    rlPhaseEnd
+rlJournalPrintText
+rlJournalEnd

diff --git a/tests/tests.yml b/tests/tests.yml
new file mode 100644
index 0000000..4b71d56
--- /dev/null
+++ b/tests/tests.yml
@@ -0,0 +1,15 @@
+---
+# This first play always runs on the local staging system
+- hosts: localhost
+  roles:
+  - role: standard-test-beakerlib
+    tags:
+    - classic
+    - container
+    tests:
+    - simple-rsapss-test
+    required_packages:
+    - findutils         # beakerlib needs find command
+    - man               # needed by simple-rsapss-test
+    - man-db            # needed by simple-rsapss-test
+    - openssl           # needed by simple-rsapss-test