test/recipes/20-test_dhparam_check.t

   1 #! /usr/bin/env perl
   2 # Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
   3 #
   4 # Licensed under the Apache License 2.0 (the "License").  You may not use
   5 # this file except in compliance with the License.  You can obtain a copy
   6 # in the file LICENSE in the source distribution or at
   7 # https://www.openssl.org/source/license.html
   8
   9
  10 use strict;
  11 use warnings;
  12
  13 use File::Spec;
  14 use OpenSSL::Glob;
  15 use OpenSSL::Test qw/:DEFAULT data_file/;
  16 use OpenSSL::Test::Utils;
  17
  18 setup("test_dhparam_check");
  19
  20 plan skip_all => "DH isn't supported in this build"
  21     if disabled("dh");
  22
  23 =pod Generation script
  24
  25 #!/bin/sh
  26
  27 TESTDIR=test/recipes/20-test_dhparam_check_data/valid
  28 rm -rf $TESTDIR
  29 mkdir -p $TESTDIR
  30
  31 ./util/opensslwrap.sh genpkey -genparam -algorithm DH -pkeyopt dh_rfc5114:1 -out $TESTDIR/dh_5114_1.pem
  32 ./util/opensslwrap.sh genpkey -genparam -algorithm DH -pkeyopt dh_rfc5114:2 -out $TESTDIR/dh_5114_2.pem
  33 ./util/opensslwrap.sh genpkey -genparam -algorithm DH -pkeyopt dh_rfc5114:3 -out $TESTDIR/dh_5114_3.pem
  34 ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt dh_rfc5114:2 -out $TESTDIR/dhx_5114_2.pem
  35
  36 ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:1024 -pkeyopt qbits:160 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p1024_q160_t1862.pem
  37 ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:1024 -pkeyopt qbits:224 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p1024_q224_t1862.pem
  38 ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:1024 -pkeyopt qbits:256 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p1024_q256_t1862.pem
  39
  40 ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:1024 -pkeyopt qbits:160 -pkeyopt type:fips186_4 -out $TESTDIR/dhx_p1024_q160_t1864.pem
  41
  42 ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:2048 -pkeyopt qbits:160 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p2048_q160_t1862.pem
  43 ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:2048 -pkeyopt qbits:224 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p2048_q224_t1862.pem
  44 ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:2048 -pkeyopt qbits:256 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p2048_q256_t1862.pem
  45
  46 ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:2048 -pkeyopt qbits:224 -pkeyopt type:fips186_4 -out $TESTDIR/dhx_p2048_q224_t1864.pem
  47 ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:2048 -pkeyopt qbits:256 -pkeyopt type:fips186_4 -out $TESTDIR/dhx_p2048_q256_t1864.pem
  48
  49 ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:3072 -pkeyopt qbits:160 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p3072_q160_t1862.pem
  50 ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:3072 -pkeyopt qbits:224 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p3072_q224_t1862.pem
  51 ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:3072 -pkeyopt qbits:256 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p3072_q256_t1862.pem
  52
  53 ./util/opensslwrap.sh genpkey -genparam -algorithm DH -pkeyopt group:ffdhe2048 -out $TESTDIR/dh_ffdhe2048.pem
  54 ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt group:ffdhe2048 -out $TESTDIR/dhx_ffdhe2048.pem
  55
  56
  57 =cut
  58
  59 my @valid = glob(data_file("valid", "*.pem"));
  60 my @invalid = glob(data_file("invalid", "*.pem"));
  61
  62 my $num_tests = scalar @valid + scalar @invalid;
  63 plan tests => 2 + 2 * $num_tests;
  64
  65 foreach (@valid) {
  66     ok(run(app([qw{openssl dhparam -noout -check -in}, $_])));
  67     ok(run(app([qw{openssl pkeyparam -noout -check -in}, $_])));
  68 }
  69
  70 foreach (@invalid) {
  71     ok(!run(app([qw{openssl dhparam -noout -check -in}, $_])));
  72     ok(!run(app([qw{openssl pkeyparam -noout -check -in}, $_])));
  73 }
  74
  75 my $tmpfile = 'out.txt';
  76
  77 sub contains {
  78     my $expected = shift;
  79     my $found = 0;
  80     open(my $in, '<', $tmpfile) or die "Could not open file $tmpfile";
  81     while(<$in>) {
  82         $found = 1 if m/$expected/; # output must include $expected
  83     }
  84     close $in;
  85     return $found;
  86 }
  87
  88 # Check that if we load dh params with only a 'p' and 'g' that it detects
  89 # that this is actually a valid named group.
  90 ok(run(app([qw{openssl pkeyparam -text -in}, data_file("valid/dh_ffdhe2048.pem")], stdout => $tmpfile)));
  91 ok(contains("ffdhe2048"))