]>
git.ipfire.org Git - thirdparty/openssl.git/blob - test/recipes/20-test_dhparam_check.t
2 # Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
4 # Licensed under the Apache License 2.0 (the "License"). You may not use
5 # this file except in compliance with the License. You can obtain a copy
6 # in the file LICENSE in the source distribution or at
7 # https://www.openssl.org/source/license.html
15 use OpenSSL
::Test qw
/:DEFAULT data_file/;
16 use OpenSSL
::Test
::Utils
;
18 setup
("test_dhparam_check");
20 plan skip_all
=> "DH isn't supported in this build"
23 =pod Generation script
27 TESTDIR=test/recipes/20-test_dhparam_check_data/valid
31 ./util/opensslwrap.sh genpkey -genparam -algorithm DH -pkeyopt dh_rfc5114:1 -out $TESTDIR/dh_5114_1.pem
32 ./util/opensslwrap.sh genpkey -genparam -algorithm DH -pkeyopt dh_rfc5114:2 -out $TESTDIR/dh_5114_2.pem
33 ./util/opensslwrap.sh genpkey -genparam -algorithm DH -pkeyopt dh_rfc5114:3 -out $TESTDIR/dh_5114_3.pem
34 ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt dh_rfc5114:2 -out $TESTDIR/dhx_5114_2.pem
36 ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:1024 -pkeyopt qbits:160 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p1024_q160_t1862.pem
37 ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:1024 -pkeyopt qbits:224 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p1024_q224_t1862.pem
38 ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:1024 -pkeyopt qbits:256 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p1024_q256_t1862.pem
40 ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:1024 -pkeyopt qbits:160 -pkeyopt type:fips186_4 -out $TESTDIR/dhx_p1024_q160_t1864.pem
42 ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:2048 -pkeyopt qbits:160 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p2048_q160_t1862.pem
43 ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:2048 -pkeyopt qbits:224 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p2048_q224_t1862.pem
44 ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:2048 -pkeyopt qbits:256 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p2048_q256_t1862.pem
46 ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:2048 -pkeyopt qbits:224 -pkeyopt type:fips186_4 -out $TESTDIR/dhx_p2048_q224_t1864.pem
47 ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:2048 -pkeyopt qbits:256 -pkeyopt type:fips186_4 -out $TESTDIR/dhx_p2048_q256_t1864.pem
49 ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:3072 -pkeyopt qbits:160 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p3072_q160_t1862.pem
50 ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:3072 -pkeyopt qbits:224 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p3072_q224_t1862.pem
51 ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:3072 -pkeyopt qbits:256 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p3072_q256_t1862.pem
53 ./util/opensslwrap.sh genpkey -genparam -algorithm DH -pkeyopt group:ffdhe2048 -out $TESTDIR/dh_ffdhe2048.pem
54 ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt group:ffdhe2048 -out $TESTDIR/dhx_ffdhe2048.pem
59 my @valid = glob(data_file
("valid", "*.pem"));
60 my @invalid = glob(data_file
("invalid", "*.pem"));
62 my $num_tests = scalar @valid + scalar @invalid;
63 plan tests
=> 2 + 2 * $num_tests;
66 ok
(run
(app
([qw{openssl dhparam
-noout
-check
-in}, $_])));
67 ok
(run
(app
([qw{openssl pkeyparam
-noout
-check
-in}, $_])));
71 ok
(!run
(app
([qw{openssl dhparam
-noout
-check
-in}, $_])));
72 ok
(!run
(app
([qw{openssl pkeyparam
-noout
-check
-in}, $_])));
75 my $tmpfile = 'out.txt';
80 open(my $in, '<', $tmpfile) or die "Could not open file $tmpfile";
82 $found = 1 if m/$expected/; # output must include $expected
88 # Check that if we load dh params with only a 'p' and 'g' that it detects
89 # that this is actually a valid named group.
90 ok
(run
(app
([qw{openssl pkeyparam
-text
-in}, data_file
("valid/dh_ffdhe2048.pem")], stdout
=> $tmpfile)));
91 ok
(contains
("ffdhe2048"))