test/recipes/20-test_dhparam_check.t

   1 #! /usr/bin/env perl
   2 # Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
   3 #
   4 # Licensed under the Apache License 2.0 (the "License").  You may not use
   5 # this file except in compliance with the License.  You can obtain a copy
   6 # in the file LICENSE in the source distribution or at
   7 # https://www.openssl.org/source/license.html
   8
   9
  10 use strict;
  11 use warnings;
  12
  13 use File::Spec;
  14 use OpenSSL::Glob;
  15 use OpenSSL::Test qw/:DEFAULT data_file/;
  16 use OpenSSL::Test::Utils;
  17
  18 setup("test_dhparam_check");
  19
  20 plan skip_all => "DH isn't supported in this build"
  21     if disabled("dh");
  22
  23 =pod Generation script
  24
  25 #!/bin/sh
  26
  27 TESTDIR=test/recipes/20-test_dhparam_check_data/valid
  28 rm -rf $TESTDIR
  29 mkdir -p $TESTDIR
  30
  31 #TODO(3.0): These 3 currently create invalid output - see issue #14145
  32 ./util/opensslwrap.sh genpkey -genparam -algorithm DH -pkeyopt dh_rfc5114:1 -out $TESTDIR/dh5114_1.pem
  33 ./util/opensslwrap.sh genpkey -genparam -algorithm DH -pkeyopt dh_rfc5114:2 -out $TESTDIR/dh5114_2.pem
  34 ./util/opensslwrap.sh genpkey -genparam -algorithm DH -pkeyopt dh_rfc5114:3 -out $TESTDIR/dh5114_3.pem
  35
  36 #TODO(3.0): These 4 currently create invalid output - see issue #14145
  37 ./util/opensslwrap.sh genpkey -genparam -algorithm DH -pkeyopt pbits:1024 -pkeyopt type:fips186_2 -out $TESTDIR/dh_p1024_t1862.pem
  38 ./util/opensslwrap.sh genpkey -genparam -algorithm DH -pkeyopt pbits:2048 -pkeyopt type:fips186_2 -out $TESTDIR/dh_p2048_t1862.pem
  39 ./util/opensslwrap.sh genpkey -genparam -algorithm DH -pkeyopt pbits:2048 -pkeyopt type:fips186_4 -out $TESTDIR/dh_p2048_t1864.pem
  40 ./util/opensslwrap.sh genpkey -genparam -algorithm DH -pkeyopt pbits:3072 -pkeyopt type:fips186_2 -out $TESTDIR/dh_p3072_t1862.pem
  41
  42 ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:1024 -pkeyopt qbits:160 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p1024_q160_t1862.pem
  43 ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:1024 -pkeyopt qbits:224 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p1024_q224_t1862.pem
  44 ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:1024 -pkeyopt qbits:256 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p1024_q256_t1862.pem
  45
  46 ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:1024 -pkeyopt qbits:160 -pkeyopt type:fips186_4 -out $TESTDIR/dhx_p1024_q160_t1864.pem
  47
  48 ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:2048 -pkeyopt qbits:160 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p2048_q160_t1862.pem
  49 ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:2048 -pkeyopt qbits:224 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p2048_q224_t1862.pem
  50 ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:2048 -pkeyopt qbits:256 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p2048_q256_t1862.pem
  51
  52 ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:2048 -pkeyopt qbits:224 -pkeyopt type:fips186_4 -out $TESTDIR/dhx_p2048_q224_t1864.pem
  53 ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:2048 -pkeyopt qbits:256 -pkeyopt type:fips186_4 -out $TESTDIR/dhx_p2048_q256_t1864.pem
  54
  55 ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:3072 -pkeyopt qbits:160 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p3072_q160_t1862.pem
  56 ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:3072 -pkeyopt qbits:224 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p3072_q224_t1862.pem
  57 ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:3072 -pkeyopt qbits:256 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p3072_q256_t1862.pem
  58
  59 ./util/opensslwrap.sh genpkey -genparam -algorithm DH -pkeyopt group:ffdhe2048 -out $TESTDIR/dh_ffdhe2048.pem
  60 ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt group:ffdhe2048 -out $TESTDIR/dhx_ffdhe2048.pem
  61
  62
  63 =cut
  64
  65 my @valid = glob(data_file("valid", "*.pem"));
  66 my @invalid = glob(data_file("invalid", "*.pem"));
  67
  68 my $num_tests = scalar @valid + scalar @invalid;
  69 plan tests => 2 + 2 * $num_tests;
  70
  71 foreach (@valid) {
  72     ok(run(app([qw{openssl dhparam -noout -check -in}, $_])));
  73     ok(run(app([qw{openssl pkeyparam -noout -check -in}, $_])));
  74 }
  75
  76 foreach (@invalid) {
  77     ok(!run(app([qw{openssl dhparam -noout -check -in}, $_])));
  78     ok(!run(app([qw{openssl pkeyparam -noout -check -in}, $_])));
  79 }
  80
  81 my $tmpfile = 'out.txt';
  82
  83 sub contains {
  84     my $expected = shift;
  85     my $found = 0;
  86     open(my $in, '<', $tmpfile) or die "Could not open file $tmpfile";
  87     while(<$in>) {
  88         $found = 1 if m/$expected/; # output must include $expected
  89     }
  90     close $in;
  91     return $found;
  92 }
  93
  94 # Check that if we load dh params with only a 'p' and 'g' that it detects
  95 # that this is actually a valid named group.
  96 ok(run(app([qw{openssl pkeyparam -text -in}, data_file("valid/dh_ffdhe2048.pem")], stdout => $tmpfile)));
  97 ok(contains("ffdhe2048"))