From: Matt Caswell Date: Thu, 22 Oct 2020 09:23:43 +0000 (+0100) Subject: Add a test for the dhparam CLI application X-Git-Tag: openssl-3.0.0-alpha9~24 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=97485aec7f16714f309aeb6637bc4faa2f61f98a;p=thirdparty%2Fopenssl.git Add a test for the dhparam CLI application Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/13231) --- diff --git a/test/recipes/20-test_dhparam.t b/test/recipes/20-test_dhparam.t new file mode 100644 index 00000000000..63441a57859 --- /dev/null +++ b/test/recipes/20-test_dhparam.t @@ -0,0 +1,167 @@ +#! /usr/bin/env perl +# Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use strict; +use warnings; + +use OpenSSL::Test qw(:DEFAULT data_file); +use OpenSSL::Test::Utils; + +#Tests for the dhparam CLI application + +setup("test_dhparam"); + +plan skip_all => "DH is not supported in this build" + if disabled("dh"); +plan tests => 16; + +sub checkdhparams { + my $file = shift; #Filename containing params + my $type = shift; #PKCS3 or X9.42? + my $gen = shift; #2, 5 or something else (0 is "something else")? + my $format = shift; #DER or PEM? + my $bits = shift; #Number of bits in p + my $pemtype; + my $readtype; + my $readbits = 0; + my $genline; + + if (-T $file) { + #Text file. Check it looks like PEM + open(PEMFILE, '<', $file) or die $!; + if (my $firstline = ) { + chomp($firstline); + if ($firstline eq "-----BEGIN DH PARAMETERS-----") { + $pemtype = "PKCS3"; + } elsif ($firstline eq "-----BEGIN X9.42 DH PARAMETERS-----") { + $pemtype = "X9.42"; + } + } else { + $pemtype = ""; + } + close(PEMFILE); + ok(($format eq "PEM") && defined $pemtype, "Checking format is PEM"); + } else { + ok($format eq "DER", "Checking format is DER"); + #No PEM type in this case, so we just set the pemtype to the expected + #type so that we never fail that part of the test + $pemtype = $type; + } + my @textdata = run(app(['openssl', 'dhparam', '-in', $file, '-noout', + '-text', '-inform', $format]), capture => 1); + chomp(@textdata); + #Trim trailing whitespace + @textdata = grep { s/\s*$//g } @textdata; + if (grep { $_ =~ 'Q:' } @textdata) { + $readtype = "X9.42"; + } else { + $readtype = "PKCS3"; + } + ok(($type eq $pemtype) && ($type eq $readtype), + "Checking parameter type is ".$type." ($pemtype, $readtype)"); + + if (defined $textdata[0] && $textdata[0] =~ /DH Parameters: \((\d+) bit\)/) { + $readbits = $1; + } + ok($bits == $readbits, "Checking number of bits is $bits"); + if ($gen == 2 || $gen == 5) { + #For generators 2 and 5 the value appears on the same line + $genline = "G: $gen (0x$gen)"; + } else { + #For any other generator the value appears on the following line + $genline = "G:"; + } + + ok((grep { (index($_, $genline) + length ($genline)) == length ($_)} @textdata), + "Checking generator is correct"); +} + +#Test some "known good" parameter files to check that we can read them +subtest "Read: 1024 bit PKCS3 params, generator 2, PEM file" => sub { + plan tests => 4; + checkdhparams(data_file("pkcs3-2-1024.pem"), "PKCS3", 2, "PEM", 1024); +}; +subtest "Read: 1024 bit PKCS3 params, generator 5, PEM file" => sub { + plan tests => 4; + checkdhparams(data_file("pkcs3-5-1024.pem"), "PKCS3", 5, "PEM", 1024); +}; +subtest "Read: 2048 bit PKCS3 params, generator 2, PEM file" => sub { + plan tests => 4; + checkdhparams(data_file("pkcs3-2-2048.pem"), "PKCS3", 2, "PEM", 2048); +}; +subtest "Read: 1024 bit X9.42 params, PEM file" => sub { + plan tests => 4; + checkdhparams(data_file("x942-0-1024.pem"), "X9.42", 0, "PEM", 1024); +}; +subtest "Read: 1024 bit PKCS3 params, generator 2, DER file" => sub { + plan tests => 4; + checkdhparams(data_file("pkcs3-2-1024.der"), "PKCS3", 2, "DER", 1024); +}; +subtest "Read: 1024 bit PKCS3 params, generator 5, DER file" => sub { + plan tests => 4; + checkdhparams(data_file("pkcs3-5-1024.der"), "PKCS3", 5, "DER", 1024); +}; +subtest "Read: 2048 bit PKCS3 params, generator 2, DER file" => sub { + plan tests => 4; + checkdhparams(data_file("pkcs3-2-2048.der"), "PKCS3", 2, "DER", 2048); +}; +subtest "Read: 1024 bit X9.42 params, DER file" => sub { + checkdhparams(data_file("x942-0-1024.der"), "X9.42", 0, "DER", 1024); +}; + +#Test that generating parameters of different types creates what we expect. We +#use 512 for the size for speed reasons. Don't use this in real applications! +subtest "Generate: 512 bit PKCS3 params, generator 2, PEM file" => sub { + plan tests => 5; + ok(run(app([ 'openssl', 'dhparam', '-out', 'gen-pkcs3-2-512.pem', + '512' ]))); + checkdhparams("gen-pkcs3-2-512.pem", "PKCS3", 2, "PEM", 512); +}; +subtest "Generate: 512 bit PKCS3 params, explicit generator 2, PEM file" => sub { + plan tests => 5; + ok(run(app([ 'openssl', 'dhparam', '-out', 'gen-pkcs3-exp2-512.pem', '-2', + '512' ]))); + checkdhparams("gen-pkcs3-exp2-512.pem", "PKCS3", 2, "PEM", 512); +}; +subtest "Generate: 512 bit PKCS3 params, generator 5, PEM file" => sub { + plan tests => 5; + ok(run(app([ 'openssl', 'dhparam', '-out', 'gen-pkcs3-5-512.pem', '-5', + '512' ]))); + checkdhparams("gen-pkcs3-5-512.pem", "PKCS3", 5, "PEM", 512); +}; +subtest "Generate: 512 bit PKCS3 params, generator 2, explicit PEM file" => sub { + plan tests => 5; + ok(run(app([ 'openssl', 'dhparam', '-out', 'gen-pkcs3-2-512.exp.pem', + '-outform', 'PEM', '512' ]))); + checkdhparams("gen-pkcs3-2-512.exp.pem", "PKCS3", 2, "PEM", 512); +}; +subtest "Generate: 512 bit X9.42 params, generator 0, PEM file" => sub { + plan tests => 5; + ok(run(app([ 'openssl', 'dhparam', '-out', 'gen-x942-0-512.pem', + '-dsaparam', '512' ]))); + checkdhparams("gen-x942-0-512.pem", "X9.42", 0, "PEM", 512); +}; +subtest "Generate: 512 bit X9.42 params, explicit generator 2, PEM file" => sub { + plan tests => 1; + #Expected to fail - you cannot select a generator with '-dsaparam' + ok(!run(app([ 'openssl', 'dhparam', '-out', 'gen-x942-exp2-512.pem', '-2', + '-dsaparam', '512' ]))); +}; +subtest "Generate: 512 bit X9.42 params, generator 5, PEM file" => sub { + plan tests => 1; + #Expected to fail - you cannot select a generator with '-dsaparam' + ok(!run(app([ 'openssl', 'dhparam', '-out', 'gen-x942-5-512.pem', + '-5', '-dsaparam', '512' ]))); +}; +subtest "Generate: 512 bit X9.42 params, generator 0, DER file" => sub { + plan tests => 5; + ok(run(app([ 'openssl', 'dhparam', '-out', 'gen-x942-0-512.der', + '-dsaparam', '-outform', 'DER', '512' ]))); + checkdhparams("gen-x942-0-512.der", "X9.42", 0, "DER", 512); +}; diff --git a/test/recipes/20-test_dhparam_data/pkcs3-2-1024.der b/test/recipes/20-test_dhparam_data/pkcs3-2-1024.der new file mode 100644 index 00000000000..9cae01ca83e Binary files /dev/null and b/test/recipes/20-test_dhparam_data/pkcs3-2-1024.der differ diff --git a/test/recipes/20-test_dhparam_data/pkcs3-2-1024.pem b/test/recipes/20-test_dhparam_data/pkcs3-2-1024.pem new file mode 100644 index 00000000000..7e9b2304da1 --- /dev/null +++ b/test/recipes/20-test_dhparam_data/pkcs3-2-1024.pem @@ -0,0 +1,5 @@ +-----BEGIN DH PARAMETERS----- +MIGHAoGBANbtqnwjHSC1EIivUM8e2xuSgG1k4LfetWkRNvjf0k+RBKGdtkbCH/0w +Jcdt1v4vC1WeMTFMFEZTEwp0e4LyoD5WQbU76ndlOKXiqSCOwH1v/URH604q0eFP +gXDfnSLoKLqSDjLRkfbBfpyJVrgxqQxMHXXkQxDH2SfBnq6pouizAgEC +-----END DH PARAMETERS----- diff --git a/test/recipes/20-test_dhparam_data/pkcs3-2-2048.der b/test/recipes/20-test_dhparam_data/pkcs3-2-2048.der new file mode 100644 index 00000000000..23dbab1ad18 Binary files /dev/null and b/test/recipes/20-test_dhparam_data/pkcs3-2-2048.der differ diff --git a/test/recipes/20-test_dhparam_data/pkcs3-2-2048.pem b/test/recipes/20-test_dhparam_data/pkcs3-2-2048.pem new file mode 100644 index 00000000000..1b18d4efadf --- /dev/null +++ b/test/recipes/20-test_dhparam_data/pkcs3-2-2048.pem @@ -0,0 +1,8 @@ +-----BEGIN DH PARAMETERS----- +MIIBCAKCAQEAnpsK4ZwLxWUBcDH8BlIvjnUStc9etrEq/dGTqWq5d6pOldZ/JzYn +qrfIQCicE5bRF2VSZ7ceg4tzO/dtfg86vnzB9Q0oiRM2NuLS0clPZ+RH0wvWyV9Y +/PgnSqFOaURmIKln0vWy8yJJcjpUL4gFl+S/G0sf6aIRoe/GsJE/2wocD2/LkK1t +6tyunTbp7oijar1/0Q3L0rVazkgXAJDtunWlS4t1DbFgx04na7mD/wGDAM7SqvnU +P7c8uXlWmIZHH9okmykgiMI3+TU3ESFyfK0ABrbK7qHxPjpYJasiv4T0MsryH0e4 +4NI/Z2HyNAeKovaq9paBsui5drN5rSSNuwIBAg== +-----END DH PARAMETERS----- diff --git a/test/recipes/20-test_dhparam_data/pkcs3-5-1024.der b/test/recipes/20-test_dhparam_data/pkcs3-5-1024.der new file mode 100644 index 00000000000..c2fbc23287f Binary files /dev/null and b/test/recipes/20-test_dhparam_data/pkcs3-5-1024.der differ diff --git a/test/recipes/20-test_dhparam_data/pkcs3-5-1024.pem b/test/recipes/20-test_dhparam_data/pkcs3-5-1024.pem new file mode 100644 index 00000000000..fc93d470a24 --- /dev/null +++ b/test/recipes/20-test_dhparam_data/pkcs3-5-1024.pem @@ -0,0 +1,5 @@ +-----BEGIN DH PARAMETERS----- +MIGHAoGBAINLNshx3qDIHPR4UMK7SDgzdBa1G5j4GTsw+Nquge7P6JL/4zKwjuny +IUzbcD8bcyhayS8yRYoKg7MAd3ApStKUHhG5h8LqRQO5I9iXdch8u+Dsmpb1Gf8+ +JFTOHsoMf4wHwGLr883TODBmbP4g9AZKEAlyKWcI6Qvulhk6fk+/AgEF +-----END DH PARAMETERS----- diff --git a/test/recipes/20-test_dhparam_data/x942-0-1024.der b/test/recipes/20-test_dhparam_data/x942-0-1024.der new file mode 100644 index 00000000000..41db9506cd4 Binary files /dev/null and b/test/recipes/20-test_dhparam_data/x942-0-1024.der differ diff --git a/test/recipes/20-test_dhparam_data/x942-0-1024.pem b/test/recipes/20-test_dhparam_data/x942-0-1024.pem new file mode 100644 index 00000000000..045d36b1337 --- /dev/null +++ b/test/recipes/20-test_dhparam_data/x942-0-1024.pem @@ -0,0 +1,9 @@ +-----BEGIN X9.42 DH PARAMETERS----- +MIIBOwKBgQDskzkX4bMaCeRWmyrR5VhoYbigr3UPU2eHTm8uPYjxUbQPBg+8sw64 +gklilB3BCja0snLRqN2DOgg/JBJhT+39f0nynPpjOiJSLf3giOCH/+eKOz+eLB2z +MuJkB7HAI7VL4xOJsCJ0K08/Tu6/qoS/gBVsAnaard4LixDcQ9dQbwKBgQDmgfeg +hL8896pzlqqr7QSw/oig+EN8HutbvA6BYaPMFyz0AGRP29MrQd3vMNV+OBQdjbgA +wFR/V5PqZM5/pUcoAQSfPKaGFj2QmBabOskDXPp1aqJzQMnlz6FGB/ttaScPey9P +gaN98WuvA+dy7jljoQlCQT+73jRbYfM5Uj6CxgIVAL5HGyZDqkbfJsbBDm3PYeIM +qJqvMBoDFQD8mX9cL0Pjbag03XhoqT6ygu6WFAIBXw== +-----END X9.42 DH PARAMETERS-----