]>
Commit | Line | Data |
---|---|---|
69795831 | 1 | #! /usr/bin/env perl |
33388b44 | 2 | # Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. |
69795831 | 3 | # |
909f1a2e | 4 | # Licensed under the Apache License 2.0 (the "License"). You may not use |
69795831 RS |
5 | # this file except in compliance with the License. You can obtain a copy |
6 | # in the file LICENSE in the source distribution or at | |
7 | # https://www.openssl.org/source/license.html | |
8 | ||
9 | ||
10 | use strict; | |
11 | use warnings; | |
12 | ||
13 | use File::Spec; | |
7c9a7cf1 | 14 | use OpenSSL::Test qw/:DEFAULT srctop_file srctop_dir bldtop_dir bldtop_file/; |
69795831 RS |
15 | use OpenSSL::Test::Utils; |
16 | ||
7c9a7cf1 SL |
17 | BEGIN { |
18 | setup("test_genrsa"); | |
19 | } | |
20 | ||
21 | use lib srctop_dir('Configurations'); | |
22 | use lib bldtop_dir('.'); | |
23 | use platform; | |
69795831 | 24 | |
7c9a7cf1 SL |
25 | my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); |
26 | ||
27 | plan tests => | |
28 | ($no_fips ? 0 : 2) # FIPS install test + fips related test | |
29 | + 12; | |
69795831 | 30 | |
1b9f41a0 | 31 | # We want to know that an absurdly small number of bits isn't support |
c5f87134 P |
32 | if (disabled("deprecated-3.0")) { |
33 | is(run(app([ 'openssl', 'genpkey', '-out', 'genrsatest.pem', | |
34 | '-algorithm', 'RSA', '-pkeyopt', 'rsa_keygen_bits:8', | |
35 | '-pkeyopt', 'rsa_keygen_pubexp:3'])), | |
36 | 0, "genrsa -3 8"); | |
37 | } else { | |
38 | is(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', '8'])), | |
39 | 0, "genrsa -3 8"); | |
40 | } | |
1b9f41a0 RL |
41 | |
42 | # Depending on the shared library, we might have different lower limits. | |
43 | # Let's find it! This is a simple binary search | |
44 | # ------------------------------------------------------------ | |
45 | # NOTE: $good may need an update in the future | |
46 | # ------------------------------------------------------------ | |
47 | note "Looking for lowest amount of bits"; | |
48 | my $bad = 3; # Log2 of number of bits (2 << 3 == 8) | |
49 | my $good = 11; # Log2 of number of bits (2 << 11 == 2048) | |
c5f87134 | 50 | my $fin; |
1b9f41a0 RL |
51 | while ($good > $bad + 1) { |
52 | my $checked = int(($good + $bad + 1) / 2); | |
c5f87134 P |
53 | my $bits = 2 ** $checked; |
54 | if (disabled("deprecated-3.0")) { | |
55 | $fin = run(app([ 'openssl', 'genpkey', '-out', 'genrsatest.pem', | |
8bf37709 | 56 | '-algorithm', 'RSA', '-pkeyopt', 'rsa_keygen_pubexp:65537', |
c5f87134 P |
57 | '-pkeyopt', "rsa_keygen_bits:$bits", |
58 | ], stderr => undef)); | |
59 | } else { | |
60 | $fin = run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', | |
61 | $bits | |
62 | ], stderr => undef)); | |
63 | } | |
64 | if ($fin) { | |
1b9f41a0 RL |
65 | note 2 ** $checked, " bits is good"; |
66 | $good = $checked; | |
67 | } else { | |
68 | note 2 ** $checked, " bits is bad"; | |
69 | $bad = $checked; | |
70 | } | |
71 | } | |
72 | $good++ if $good == $bad; | |
73 | $good = 2 ** $good; | |
74 | note "Found lowest allowed amount of bits to be $good"; | |
75 | ||
c5f87134 | 76 | ok(run(app([ 'openssl', 'genpkey', '-algorithm', 'RSA', |
8bf37709 | 77 | '-pkeyopt', 'rsa_keygen_pubexp:65537', |
c5f87134 P |
78 | '-pkeyopt', "rsa_keygen_bits:$good", |
79 | '-out', 'genrsatest.pem' ])), | |
80 | "genpkey -3 $good"); | |
81 | ok(run(app([ 'openssl', 'pkey', '-check', '-in', 'genrsatest.pem', '-noout' ])), | |
82 | "pkey -check"); | |
83 | ok(run(app([ 'openssl', 'genpkey', '-algorithm', 'RSA', | |
84 | '-pkeyopt', 'rsa_keygen_pubexp:65537', | |
85 | '-pkeyopt', "rsa_keygen_bits:$good", | |
86 | '-out', 'genrsatest.pem' ])), | |
87 | "genpkey -f4 $good"); | |
8bf37709 SL |
88 | |
89 | ok(run(app([ 'openssl', 'genpkey', '-algorithm', 'RSA', | |
90 | '-pkeyopt', 'rsa_keygen_bits:2048', | |
91 | '-out', 'genrsatest2048.pem' ])), | |
92 | "genpkey 2048 bits"); | |
93 | ok(run(app([ 'openssl', 'pkey', '-check', '-in', 'genrsatest2048.pem', '-noout' ])), | |
c5f87134 P |
94 | "pkey -check"); |
95 | ||
8bf37709 SL |
96 | ok(!run(app([ 'openssl', 'genpkey', '-algorithm', 'RSA', |
97 | '-pkeyopt', 'hexe:02', | |
98 | '-out', 'genrsatest.pem' ])), | |
99 | "genpkey with a bad public exponent should fail"); | |
100 | ok(!run(app([ 'openssl', 'genpkey', '-algorithm', 'RSA', | |
101 | '-pkeyopt', 'e:65538', | |
102 | '-out', 'genrsatest.pem' ])), | |
103 | "genpkey with a even public exponent should fail"); | |
104 | ||
105 | ||
c5f87134 P |
106 | SKIP: { |
107 | skip "Skipping rsa command line test", 4 if disabled("deprecated-3.0"); | |
108 | ||
109 | ok(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', $good ])), | |
110 | "genrsa -3 $good"); | |
111 | ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout' ])), | |
112 | "rsa -check"); | |
113 | ok(run(app([ 'openssl', 'genrsa', '-f4', '-out', 'genrsatest.pem', $good ])), | |
114 | "genrsa -f4 $good"); | |
115 | ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout' ])), | |
116 | "rsa -check"); | |
117 | } | |
7c9a7cf1 SL |
118 | |
119 | unless ($no_fips) { | |
7192e4df | 120 | my $provconf = srctop_file("test", "fips-and-base.cnf"); |
7c9a7cf1 | 121 | my $provpath = bldtop_dir("providers"); |
c9dcbc07 | 122 | my @prov = ( "-provider-path", $provpath, |
7c9a7cf1 SL |
123 | "-config", $provconf); |
124 | my $infile = bldtop_file('providers', platform->dso('fips')); | |
125 | ||
126 | ok(run(app(['openssl', 'fipsinstall', | |
127 | '-out', bldtop_file('providers', 'fipsmodule.cnf'), | |
128 | '-module', $infile, | |
129 | '-provider_name', 'fips', '-mac_name', 'HMAC', | |
130 | '-section_name', 'fips_sect'])), | |
131 | "fipsinstall"); | |
132 | ||
133 | $ENV{OPENSSL_TEST_LIBCTX} = "1"; | |
134 | ok(run(app(['openssl', 'genpkey', | |
135 | @prov, | |
136 | '-algorithm', 'RSA', | |
137 | '-pkeyopt', 'bits:2080', | |
138 | '-out', 'genrsatest2080.pem'])), | |
139 | "Generating RSA key with > 2048 bits and < 3072 bits"); | |
140 | } |