]>
git.ipfire.org Git - thirdparty/openssl.git/blob - test/recipes/20-test_dhparam_check.t
2 # Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
4 # Licensed under the Apache License 2.0 (the "License"). You may not use
5 # this file except in compliance with the License. You can obtain a copy
6 # in the file LICENSE in the source distribution or at
7 # https://www.openssl.org/source/license.html
15 use OpenSSL
::Test qw
/:DEFAULT data_file/;
16 use OpenSSL
::Test
::Utils
;
18 setup
("test_dhparam_check");
20 plan skip_all
=> "DH isn't supported in this build"
23 =pod Generation script
27 TESTDIR=test/recipes/20-test_dhparam_check_data/valid
31 #TODO(3.0): These 3 currently create invalid output - see issue #14145
32 ./util/opensslwrap.sh genpkey -genparam -algorithm DH -pkeyopt dh_rfc5114:1 -out $TESTDIR/dh5114_1.pem
33 ./util/opensslwrap.sh genpkey -genparam -algorithm DH -pkeyopt dh_rfc5114:2 -out $TESTDIR/dh5114_2.pem
34 ./util/opensslwrap.sh genpkey -genparam -algorithm DH -pkeyopt dh_rfc5114:3 -out $TESTDIR/dh5114_3.pem
36 #TODO(3.0): These 4 currently create invalid output - see issue #14145
37 ./util/opensslwrap.sh genpkey -genparam -algorithm DH -pkeyopt pbits:1024 -pkeyopt type:fips186_2 -out $TESTDIR/dh_p1024_t1862.pem
38 ./util/opensslwrap.sh genpkey -genparam -algorithm DH -pkeyopt pbits:2048 -pkeyopt type:fips186_2 -out $TESTDIR/dh_p2048_t1862.pem
39 ./util/opensslwrap.sh genpkey -genparam -algorithm DH -pkeyopt pbits:2048 -pkeyopt type:fips186_4 -out $TESTDIR/dh_p2048_t1864.pem
40 ./util/opensslwrap.sh genpkey -genparam -algorithm DH -pkeyopt pbits:3072 -pkeyopt type:fips186_2 -out $TESTDIR/dh_p3072_t1862.pem
42 ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:1024 -pkeyopt qbits:160 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p1024_q160_t1862.pem
43 ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:1024 -pkeyopt qbits:224 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p1024_q224_t1862.pem
44 ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:1024 -pkeyopt qbits:256 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p1024_q256_t1862.pem
46 ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:1024 -pkeyopt qbits:160 -pkeyopt type:fips186_4 -out $TESTDIR/dhx_p1024_q160_t1864.pem
48 ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:2048 -pkeyopt qbits:160 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p2048_q160_t1862.pem
49 ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:2048 -pkeyopt qbits:224 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p2048_q224_t1862.pem
50 ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:2048 -pkeyopt qbits:256 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p2048_q256_t1862.pem
52 ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:2048 -pkeyopt qbits:224 -pkeyopt type:fips186_4 -out $TESTDIR/dhx_p2048_q224_t1864.pem
53 ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:2048 -pkeyopt qbits:256 -pkeyopt type:fips186_4 -out $TESTDIR/dhx_p2048_q256_t1864.pem
55 ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:3072 -pkeyopt qbits:160 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p3072_q160_t1862.pem
56 ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:3072 -pkeyopt qbits:224 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p3072_q224_t1862.pem
57 ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:3072 -pkeyopt qbits:256 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p3072_q256_t1862.pem
59 ./util/opensslwrap.sh genpkey -genparam -algorithm DH -pkeyopt group:ffdhe2048 -out $TESTDIR/dh_ffdhe2048.pem
60 ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt group:ffdhe2048 -out $TESTDIR/dhx_ffdhe2048.pem
65 my @valid = glob(data_file
("valid", "*.pem"));
66 my @invalid = glob(data_file
("invalid", "*.pem"));
68 my $num_tests = scalar @valid + scalar @invalid;
69 plan tests
=> 2 + 2 * $num_tests;
72 ok
(run
(app
([qw{openssl dhparam
-noout
-check
-in}, $_])));
73 ok
(run
(app
([qw{openssl pkeyparam
-noout
-check
-in}, $_])));
77 ok
(!run
(app
([qw{openssl dhparam
-noout
-check
-in}, $_])));
78 ok
(!run
(app
([qw{openssl pkeyparam
-noout
-check
-in}, $_])));
81 my $tmpfile = 'out.txt';
86 open(my $in, '<', $tmpfile) or die "Could not open file $tmpfile";
88 $found = 1 if m/$expected/; # output must include $expected
94 # Check that if we load dh params with only a 'p' and 'g' that it detects
95 # that this is actually a valid named group.
96 ok
(run
(app
([qw{openssl pkeyparam
-text
-in}, data_file
("valid/dh_ffdhe2048.pem")], stdout
=> $tmpfile)));
97 ok
(contains
("ffdhe2048"))