features/misc/openssl.featureRunning behat features/misc/openssl.feature results in:
@rugged @openssl @gitlab-160
Feature: Ensure that we have a modern OpenSSL.
In order to test HSM-based root keys
As an developer
I need to emulate HSM opertions using OpenSSL.
Background:
Given I run "make clean-fixtures"
And I run "mkdir -p fixtures/external_keys fixtures/tmp"
And I am in the "fixtures/external_keys" directory
Scenario: Ensure that we have a modern version of OpenSSL available.
When I run "openssl version"
Then I should get:
"""
OpenSSL 3.
"""
Scenario: Ensure that the version of OpenSSL in Python is modern enough.
When I run "python -c 'import cryptography.hazmat.backends.openssl as openssl; print(openssl.backend.openssl_version_text())'"
Then I should get:
"""
OpenSSL 3
"""
Scenario: Ensure that we can use OpenSSL to generate keys that can emulate an HSM.
When I run "openssl genpkey -algorithm ED25519 -out private.pem"
And I run "openssl pkey -in private.pem -text"
Then I should get:
"""
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
ED25519 Private-Key:
priv:
pub:
"""
When I run "openssl pkey -in private.pem -pubout > public.pem"
And I run "openssl pkey -in public.pem -pubin -text"
Then I should get:
"""
-----BEGIN PUBLIC KEY-----
-----END PUBLIC KEY-----
ED25519 Public-Key:
pub:
"""
And I should not get:
"""
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
ED25519 Private-Key:
priv:
"""
Scenario: Ensure that we can use OpenSSL to generate signatures that can emulate an HSM.
Given I run "openssl genpkey -algorithm ED25519 -out private.pem"
And I run "openssl pkey -in private.pem -pubout > public.pem"
And I run "echo 'Hello World!' > ../tmp/input.txt"
When I run "openssl pkeyutl -in ../tmp/input.txt -rawin -sign -inkey private.pem > signature.bin"
And I run "openssl pkeyutl -verify -sigfile signature.bin -in ../tmp/input.txt -rawin -inkey public.pem -pubin"
Then I should get:
"""
Signature Verified Successfully
"""
4 scenarios (4 passed)
29 steps (29 passed)