#!/bin/sh SPEEDTEST="ed25519 ecdsap256" V="valgrind --log-file=edtest.valgrind.$$.%n.%p" # V= # faster option during development echo '===== compiling new provider' gcc -fPIC -c openssl_ed25519_lib25519.c -g -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -O1 gcc -fPIC -shared -Wl,-soname,openssl_ed25519_lib25519.so.1 -o openssl_ed25519_lib25519.so.1 openssl_ed25519_lib25519.o -l25519 rm -f openssl_ed25519_lib25519.so ln -s openssl_ed25519_lib25519.so.1 openssl_ed25519_lib25519.so echo '===== setting up simple configuration for new provider' ( /bin/echo 'openssl_conf = openssl_init' /bin/echo '' /bin/echo '[openssl_init]' /bin/echo 'providers = provider_sect' /bin/echo 'alg_section = evp_properties' /bin/echo '' /bin/echo '[provider_sect]' /bin/echo 'default = default_sect' /bin/echo 'openssl_ed25519_lib25519 = openssl_ed25519_lib25519_sect' /bin/echo '' /bin/echo '[default_sect]' /bin/echo 'activate = 1' /bin/echo '' /bin/echo '[openssl_ed25519_lib25519_sect]' /bin/echo 'activate = 1' /bin/echo '' /bin/echo '[evp_properties]' /bin/echo 'default_properties = ?provider=openssl_ed25519_lib25519' ) > edtest.cnf echo '===== trying new provider' NEW="env OPENSSL_CONF=edtest.cnf OPENSSL_MODULES=." $NEW $V openssl genpkey -algorithm ed25519 -out edtest.1.pem $NEW $V openssl pkey -in edtest.1.pem -outform der > edtest.1.pem.der $NEW $V openssl pkey -in edtest.1.pem -outform pem > edtest.1.pem.pem $NEW $V openssl pkey -in edtest.1.pem.der -outform der > edtest.1.pem.der.der $NEW $V openssl pkey -in edtest.1.pem.der -outform pem > edtest.1.pem.der.pem $NEW $V openssl pkey -in edtest.1.pem -pubout -outform pem > edtest.1.pem.pub.pem $NEW $V openssl pkey -in edtest.1.pem -pubout -outform der > edtest.1.pem.pub.der $NEW $V openssl pkey -pubin -in edtest.1.pem.pub.pem -outform der > edtest.1.pem.pub.pem.der $NEW $V openssl pkey -pubin -in edtest.1.pem.pub.pem -outform pem > edtest.1.pem.pub.pem.pem $NEW $V openssl pkey -pubin -in edtest.1.pem.pub.der -outform der > edtest.1.pem.pub.der.der $NEW $V openssl pkey -pubin -in edtest.1.pem.pub.der -outform pem > edtest.1.pem.pub.der.pem cmp edtest.1.pem edtest.1.pem.pem cmp edtest.1.pem edtest.1.pem.der.pem cmp edtest.1.pem.der edtest.1.pem.der.der cmp edtest.1.pem.pub.pem edtest.1.pem.pub.pem.pem cmp edtest.1.pem.pub.pem edtest.1.pem.pub.der.pem cmp edtest.1.pem.pub.der edtest.1.pem.pub.pem.der cmp edtest.1.pem.pub.der edtest.1.pem.pub.der.der echo 'Signature Verified Successfully' > edtest.out.success echo 'Signature Verification Failure' > edtest.out.failure echo 'Certificate request self-signature ok' > edtest.out.selfsig echo 'subject=CN=edtest-server' >> edtest.out.selfsig echo '=====' | tr '=' '-' > edtest.out.dashes head -100 /dev/urandom > edtest.0.message head -100 /dev/urandom > edtest.1.message $NEW $V openssl pkeyutl -sign -inkey edtest.1.pem -keyform pem -rawin -in edtest.1.message > edtest.1.message.pem.sig $NEW $V openssl pkeyutl -sign -inkey edtest.1.pem.der -keyform der -rawin -in edtest.1.message > edtest.1.message.der.sig $NEW $V openssl pkeyutl -verify -pubin -inkey edtest.1.pem.pub.pem -keyform pem -rawin -in edtest.1.message -sigfile edtest.1.message.pem.sig 2>&1 | cmp - edtest.out.success $NEW $V openssl pkeyutl -verify -pubin -inkey edtest.1.pem.pub.pem -keyform pem -rawin -in edtest.1.message -sigfile edtest.1.message.der.sig 2>&1 | cmp - edtest.out.success $NEW $V openssl pkeyutl -verify -pubin -inkey edtest.1.pem.pub.der -keyform der -rawin -in edtest.0.message -sigfile edtest.1.message.pem.sig 2>&1 | cmp - edtest.out.failure $NEW $V openssl pkeyutl -verify -pubin -inkey edtest.1.pem.pub.der -keyform der -rawin -in edtest.0.message -sigfile edtest.1.message.der.sig 2>&1 | cmp - edtest.out.failure $NEW $V openssl req -x509 -new -newkey ed25519 -keyout edtest.ca.key -out edtest.ca.crt -nodes -subj /CN=edtest-CA -days 365 2>&1 | cmp - edtest.out.dashes $NEW $V openssl req -new -newkey ed25519 -keyout edtest.server.key -out edtest.server.csr -nodes -subj /CN=edtest-server 2>&1 | cmp - edtest.out.dashes $NEW $V openssl x509 -req -in edtest.server.csr -out edtest.server.crt -CA edtest.ca.crt -CAkey edtest.ca.key -CAcreateserial -days 365 2>&1 | cmp - edtest.out.selfsig echo '===== using default provider to check signatures from new provider' openssl pkeyutl -verify -pubin -inkey edtest.1.pem.pub.pem -keyform pem -rawin -in edtest.1.message -sigfile edtest.1.message.pem.sig 2>&1 | cmp - edtest.out.success openssl pkeyutl -verify -pubin -inkey edtest.1.pem.pub.pem -keyform pem -rawin -in edtest.1.message -sigfile edtest.1.message.der.sig 2>&1 | cmp - edtest.out.success openssl pkeyutl -verify -pubin -inkey edtest.1.pem.pub.der -keyform der -rawin -in edtest.0.message -sigfile edtest.1.message.pem.sig 2>&1 | cmp - edtest.out.failure openssl pkeyutl -verify -pubin -inkey edtest.1.pem.pub.der -keyform der -rawin -in edtest.0.message -sigfile edtest.1.message.der.sig 2>&1 | cmp - edtest.out.failure echo '===== using new provider to check signatures from default provider' openssl genpkey -algorithm ed25519 -out edtest.0.pem openssl pkey -in edtest.0.pem -pubout -outform pem > edtest.0.pem.pub.pem openssl pkey -in edtest.0.pem -pubout -outform der > edtest.0.pem.pub.der openssl pkeyutl -sign -inkey edtest.0.pem -keyform pem -rawin -in edtest.0.message > edtest.0.message.pem.sig $NEW $V openssl pkeyutl -verify -pubin -inkey edtest.0.pem.pub.pem -keyform pem -rawin -in edtest.0.message -sigfile edtest.0.message.pem.sig 2>&1 | cmp - edtest.out.success $NEW $V openssl pkeyutl -verify -pubin -inkey edtest.0.pem.pub.der -keyform der -rawin -in edtest.1.message -sigfile edtest.0.message.pem.sig 2>&1 | cmp - edtest.out.failure echo '===== checking speed with default provider' openssl speed -seconds +1 $SPEEDTEST echo '===== checking speed with new provider' $NEW openssl speed -seconds +1 $SPEEDTEST