Openssl sign verify (#3852)

* Added openSSL tool and testsuites to lay ground work for encryption and decryption tests

* Fixing tuple type error in actions

* made helper method private and added more to test description

* Removed duplicated line

* fixed comment

Author: WithEnoughCoffee

lisa/tools/openssl.py

@@ -2,7 +2,7 @@
 # Licensed under the MIT license.
 
 import shlex
-from typing import TYPE_CHECKING
+from typing import TYPE_CHECKING, Tuple
 
 from lisa.executable import Tool
 
@@ -37,7 +37,7 @@ def encrypt(
         return self._run_with_piped_input(
             plaintext,
             f"enc -{algorithm} -K '{hex_key}' -iv '{hex_iv}' -base64 -A",
-            expected_exit_code_failure_message="Failed to encrypt data with OpenSSL.",
+            expected_exit_code_failure_message=("Failed to encrypt data with OpenSSL."),
         )
 
     def decrypt(
@@ -56,7 +56,69 @@ def decrypt(
         return self._run_with_piped_input(
             ciphertext,
             f"enc -d -{algorithm} -K '{hex_key}' -iv '{hex_iv}' -base64 -A",
-            expected_exit_code_failure_message="Failed to decrypt data with OpenSSL.",
+            expected_exit_code_failure_message=("Failed to decrypt data with OpenSSL."),
+        )
+
+    def create_key_pair(self, algorithm: str = "RSA") -> Tuple[str, str]:
+        """
+        Generate a key pair using the specified algorithm.
+        Returns the private key and public key as strings.
+
+        This key generation is for testing generation of keys
+        with OpenSSL on the remote.
+        """
+        private_key_result = self.run(
+            f"genpkey -algorithm {algorithm} -outform PEM",
+            expected_exit_code=0,
+            expected_exit_code_failure_message=(
+                "Failed to generate private key with OpenSSL."
+            ),
+        )
+        private_key_pem = private_key_result.stdout.strip()
+        public_key = self._run_with_piped_input(
+            private_key_pem,
+            "pkey -in /dev/stdin -pubout -outform PEM",
+            expected_exit_code_failure_message=(
+                "Failed to generate public key with OpenSSL."
+            ),
+        )
+        return private_key_pem, public_key
+
+    def sign(
+        self,
+        data: str,
+        private_key: str,
+        algorithm: str = "sha256",
+    ) -> str:
+        """
+        Sign the data using the specified private key and algorithm.
+        Returns the base64 encoded signature.
+        """
+        return self._run_with_piped_input(
+            data,
+            f"dgst -{algorithm} -sign <(echo '{private_key}') | openssl base64 -A",
+            expected_exit_code_failure_message="Failed to sign data with OpenSSL.",
+        )
+
+    def verify(
+        self,
+        data: str,
+        public_key: str,
+        signature_base64: str,
+        algorithm: str = "sha256",
+    ) -> None:
+        """
+        Verify the signature of the data using the specified
+        public key and algorithm.
+        """
+        self._run_with_piped_input(
+            data,
+            f"dgst -{algorithm} -verify <(echo '{public_key}') "
+            f"-signature <(echo '{signature_base64}' | "
+            "openssl base64 -A -d)",
+            expected_exit_code_failure_message=(
+                "Failed to verify signature with OpenSSL."
+            ),
         )
 
     def _run_with_piped_input(

microsoft/testsuites/security/openssl.py

@@ -16,6 +16,7 @@
     Tests the functionality of OpenSSL, including encryption and decryption
     operations. Validates that OpenSSL can successfully encrypt plaintext data
     and decrypt it back to its original form using generated keys and IVs.
+    Validates that OpenSSL signs and verifies signatures correctly.
     """,
 )
 class OpenSSLTestSuite(TestSuite):
@@ -32,12 +33,16 @@ class OpenSSLTestSuite(TestSuite):
         priority=2,
     )
     def verify_openssl_basic(self, log: Logger, node: Node) -> None:
+        """This function tests the basic functionality of
+        OpenSSL by calling helper functions"""
         self._openssl_test_encrypt_decrypt(log, node)
+        self._openssl_test_sign_verify(log, node)
 
     def _openssl_test_encrypt_decrypt(self, log: Logger, node: Node) -> None:
         """
         Tests OpenSSL encryption and decryption functionality.
         This function generates a random key and IV, encrypts various types of
+        plaintext, and then decrypts them to verify the functionality.
         """
 
         # Key and IV for encryption and decryption.
@@ -66,3 +71,18 @@ def _openssl_test_encrypt_decrypt(self, log: Logger, node: Node) -> None:
             assert_that(plaintext).described_as(
                 "Plaintext and decrypted data do not match"
             ).is_equal_to(decrypted_data)
+
+    def _openssl_test_sign_verify(self, log: Logger, node: Node) -> None:
+        """
+        Tests OpenSSL signing and verification functionality.
+        This function generates a key pair, signs a message,
+        and verifies the signature.
+        """
+        openssl = node.tools[OpenSSL]
+        private_key, public_key = openssl.create_key_pair()
+
+        plaintext = "cool"
+        signature = openssl.sign(plaintext, private_key)
+        openssl.verify(plaintext, public_key, signature)
+
+        log.debug("Successfully signed and verified a file.")