pki_crypto: Added pki_sign_data() and pki_verify_data_signature()

pki_sign_data() uses the given private key and hash algorithm to sign
the data using the OpenSSL EVP interface.  The corresponding function
pki_verify_data_signature() receives the signature, the signed data, and
the public key to verify the signature.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>

tests/unittests/torture_pki_dsa.c

@@ -169,6 +169,66 @@ static void torture_pki_dsa_import_privkey_base64(void **state)
 }
 
 #ifdef HAVE_LIBCRYPTO
+static int test_sign_verify_data(ssh_key key,
+                                 enum ssh_digest_e hash_type,
+                                 const unsigned char *input,
+                                 size_t input_len)
+{
+    ssh_signature sig;
+    ssh_key pubkey = NULL;
+    int rc;
+
+    /* Get the public key to verify signature */
+    rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey);
+    assert_int_equal(rc, SSH_OK);
+    assert_non_null(pubkey);
+
+    /* Sign the buffer */
+    sig = pki_sign_data(key, hash_type, input, input_len);
+    assert_non_null(sig);
+
+    /* Verify signature */
+    rc = pki_verify_data_signature(sig, pubkey, input, input_len);
+    assert_int_equal(rc, SSH_OK);
+
+    ssh_signature_free(sig);
+    SSH_KEY_FREE(pubkey);
+
+    return rc;
+}
+
+static void torture_pki_sign_data_dsa(void **state)
+{
+    int rc;
+    ssh_key key = NULL;
+
+    (void) state;
+
+    /* Setup */
+    rc = ssh_pki_generate(SSH_KEYTYPE_DSS, 2048, &key);
+    assert_int_equal(rc, SSH_OK);
+    assert_non_null(key);
+
+    /* Test using automatic digest */
+    rc = test_sign_verify_data(key, SSH_DIGEST_AUTO, DSA_HASH, 20);
+    assert_int_equal(rc, SSH_OK);
+
+    /* Test using SHA1 */
+    rc = test_sign_verify_data(key, SSH_DIGEST_SHA1, DSA_HASH, 20);
+    assert_int_equal(rc, SSH_OK);
+
+    /* Test using SHA256 */
+    rc = test_sign_verify_data(key, SSH_DIGEST_SHA256, DSA_HASH, 20);
+    assert_int_equal(rc, SSH_OK);
+
+    /* Test using SHA512 */
+    rc = test_sign_verify_data(key, SSH_DIGEST_SHA512, DSA_HASH, 20);
+    assert_int_equal(rc, SSH_OK);
+
+    /* Cleanup */
+    SSH_KEY_FREE(key);
+}
+
 static void torture_pki_dsa_write_privkey(void **state)
 {
     ssh_key origkey = NULL;
@@ -708,6 +768,7 @@ int torture_run_tests(void)
         cmocka_unit_test_setup_teardown(torture_pki_dsa_write_privkey,
                                  setup_dsa_key,
                                  teardown),
+        cmocka_unit_test(torture_pki_sign_data_dsa),
 #endif
         cmocka_unit_test(torture_pki_dsa_import_privkey_base64_passphrase),
         cmocka_unit_test(torture_pki_dsa_import_openssh_privkey_base64_passphrase),