]>
Commit | Line | Data |
---|---|---|
a7246ea6 | 1 | #! /usr/bin/env perl |
a28d06f3 | 2 | # Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. |
a7246ea6 DB |
3 | # |
4 | # Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | # this file except in compliance with the License. You can obtain a copy | |
6 | # in the file LICENSE in the source distribution or at | |
7 | # https://www.openssl.org/source/license.html | |
8 | ||
9 | ||
10 | use strict; | |
11 | use warnings; | |
12 | ||
13 | use File::Spec; | |
14 | use OpenSSL::Glob; | |
15 | use OpenSSL::Test qw/:DEFAULT data_file/; | |
16 | use OpenSSL::Test::Utils; | |
17 | ||
18 | setup("test_dhparam_check"); | |
19 | ||
20 | plan skip_all => "DH isn't supported in this build" | |
21 | if disabled("dh"); | |
22 | ||
23 | =pod Generation script | |
24 | ||
25 | #!/bin/sh | |
26 | ||
27 | TESTDIR=test/recipes/20-test_dhparam_check_data/valid | |
28 | rm -rf $TESTDIR | |
29 | mkdir -p $TESTDIR | |
30 | ||
f1ffaaee SL |
31 | ./util/opensslwrap.sh genpkey -genparam -algorithm DH -pkeyopt dh_rfc5114:1 -out $TESTDIR/dh_5114_1.pem |
32 | ./util/opensslwrap.sh genpkey -genparam -algorithm DH -pkeyopt dh_rfc5114:2 -out $TESTDIR/dh_5114_2.pem | |
33 | ./util/opensslwrap.sh genpkey -genparam -algorithm DH -pkeyopt dh_rfc5114:3 -out $TESTDIR/dh_5114_3.pem | |
34 | ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt dh_rfc5114:2 -out $TESTDIR/dhx_5114_2.pem | |
a7246ea6 DB |
35 | |
36 | ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:1024 -pkeyopt qbits:160 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p1024_q160_t1862.pem | |
37 | ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:1024 -pkeyopt qbits:224 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p1024_q224_t1862.pem | |
38 | ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:1024 -pkeyopt qbits:256 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p1024_q256_t1862.pem | |
39 | ||
40 | ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:1024 -pkeyopt qbits:160 -pkeyopt type:fips186_4 -out $TESTDIR/dhx_p1024_q160_t1864.pem | |
41 | ||
42 | ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:2048 -pkeyopt qbits:160 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p2048_q160_t1862.pem | |
43 | ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:2048 -pkeyopt qbits:224 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p2048_q224_t1862.pem | |
44 | ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:2048 -pkeyopt qbits:256 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p2048_q256_t1862.pem | |
45 | ||
46 | ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:2048 -pkeyopt qbits:224 -pkeyopt type:fips186_4 -out $TESTDIR/dhx_p2048_q224_t1864.pem | |
47 | ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:2048 -pkeyopt qbits:256 -pkeyopt type:fips186_4 -out $TESTDIR/dhx_p2048_q256_t1864.pem | |
48 | ||
49 | ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:3072 -pkeyopt qbits:160 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p3072_q160_t1862.pem | |
50 | ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:3072 -pkeyopt qbits:224 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p3072_q224_t1862.pem | |
51 | ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:3072 -pkeyopt qbits:256 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p3072_q256_t1862.pem | |
52 | ||
eabb3014 SL |
53 | ./util/opensslwrap.sh genpkey -genparam -algorithm DH -pkeyopt group:ffdhe2048 -out $TESTDIR/dh_ffdhe2048.pem |
54 | ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt group:ffdhe2048 -out $TESTDIR/dhx_ffdhe2048.pem | |
55 | ||
56 | ||
a7246ea6 DB |
57 | =cut |
58 | ||
59 | my @valid = glob(data_file("valid", "*.pem")); | |
0217e53e | 60 | my @invalid = glob(data_file("invalid", "*.pem")); |
a7246ea6 | 61 | |
0217e53e | 62 | my $num_tests = scalar @valid + scalar @invalid; |
eabb3014 | 63 | plan tests => 2 + 2 * $num_tests; |
a7246ea6 | 64 | |
a7246ea6 | 65 | foreach (@valid) { |
0217e53e | 66 | ok(run(app([qw{openssl dhparam -noout -check -in}, $_]))); |
a7246ea6 DB |
67 | ok(run(app([qw{openssl pkeyparam -noout -check -in}, $_]))); |
68 | } | |
69 | ||
0217e53e MC |
70 | foreach (@invalid) { |
71 | ok(!run(app([qw{openssl dhparam -noout -check -in}, $_]))); | |
72 | ok(!run(app([qw{openssl pkeyparam -noout -check -in}, $_]))); | |
73 | } | |
eabb3014 SL |
74 | |
75 | my $tmpfile = 'out.txt'; | |
76 | ||
77 | sub contains { | |
78 | my $expected = shift; | |
79 | my $found = 0; | |
80 | open(my $in, '<', $tmpfile) or die "Could not open file $tmpfile"; | |
81 | while(<$in>) { | |
82 | $found = 1 if m/$expected/; # output must include $expected | |
83 | } | |
84 | close $in; | |
85 | return $found; | |
86 | } | |
87 | ||
88 | # Check that if we load dh params with only a 'p' and 'g' that it detects | |
89 | # that this is actually a valid named group. | |
90 | ok(run(app([qw{openssl pkeyparam -text -in}, data_file("valid/dh_ffdhe2048.pem")], stdout => $tmpfile))); | |
91 | ok(contains("ffdhe2048")) |