Feature: Ensure that we have a modern OpenSSL.

Test results for features/misc/openssl.feature

Running behat features/misc/openssl.feature results in:

@rugged @openssl @gitlab-160
Feature: Ensure that we have a modern OpenSSL.
  In order to test HSM-based root keys
  As an developer
  I need to emulate HSM opertions using OpenSSL.

  Background:
    Given I run "make clean-fixtures"
    And I run "mkdir -p fixtures/external_keys fixtures/tmp"
    And I am in the "fixtures/external_keys" directory

  Scenario: Ensure that we have a modern version of OpenSSL available.
    When I run "openssl version"
    Then I should get:
      """
      OpenSSL 3.
      """

  Scenario: Ensure that the version of OpenSSL in Python is modern enough.
    When I run "python -c 'import cryptography.hazmat.backends.openssl as openssl; print(openssl.backend.openssl_version_text())'"
    Then I should get:
      """
      OpenSSL 3
      """

  Scenario: Ensure that we can use OpenSSL to generate keys that can emulate an HSM.
    When I run "openssl genpkey -algorithm ED25519 -out private.pem"
    And I run "openssl pkey -in private.pem -text"
    Then I should get:
      """
      -----BEGIN PRIVATE KEY-----
      -----END PRIVATE KEY-----
      ED25519 Private-Key:
      priv:
      pub:
      """
    When I run "openssl pkey -in private.pem -pubout > public.pem"
    And I run "openssl pkey -in public.pem -pubin -text"
    Then I should get:
      """
      -----BEGIN PUBLIC KEY-----
      -----END PUBLIC KEY-----
      ED25519 Public-Key:
      pub:
      """
    And I should not get:
      """
      -----BEGIN PRIVATE KEY-----
      -----END PRIVATE KEY-----
      ED25519 Private-Key:
      priv:
      """

  Scenario: Ensure that we can use OpenSSL to generate signatures that can emulate an HSM.
    Given I run "openssl genpkey -algorithm ED25519 -out private.pem"
    And I run "openssl pkey -in private.pem -pubout > public.pem"
    And I run "echo 'Hello World!' > ../tmp/input.txt"
    When I run "openssl pkeyutl -in ../tmp/input.txt -rawin -sign -inkey private.pem > signature.bin"
    And I run "openssl pkeyutl -verify -sigfile signature.bin -in ../tmp/input.txt -rawin -inkey public.pem -pubin"
    Then I should get:
      """
      Signature Verified Successfully
      """

4 scenarios (4 passed)
29 steps (29 passed)
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
Rugged TUF Server is a trademark of Consensus Enterprises.