1#! /usr/bin/env perl 2# Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. 3# 4# Licensed under the Apache License 2.0 (the "License"). You may not use 5# this file except in compliance with the License. You can obtain a copy 6# in the file LICENSE in the source distribution or at 7# https://www.openssl.org/source/license.html 8 9 10use strict; 11use warnings; 12 13use File::Spec; 14use OpenSSL::Glob; 15use OpenSSL::Test qw/:DEFAULT data_file/; 16use OpenSSL::Test::Utils; 17 18setup("test_dhparam_check"); 19 20plan skip_all => "DH isn't supported in this build" 21 if disabled("dh"); 22 23=pod Generation script 24 25#!/bin/sh 26 27TESTDIR=test/recipes/20-test_dhparam_check_data/valid 28rm -rf $TESTDIR 29mkdir -p $TESTDIR 30 31./util/opensslwrap.sh genpkey -genparam -algorithm DH -pkeyopt dh_rfc5114:1 -out $TESTDIR/dh_5114_1.pem 32./util/opensslwrap.sh genpkey -genparam -algorithm DH -pkeyopt dh_rfc5114:2 -out $TESTDIR/dh_5114_2.pem 33./util/opensslwrap.sh genpkey -genparam -algorithm DH -pkeyopt dh_rfc5114:3 -out $TESTDIR/dh_5114_3.pem 34./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt dh_rfc5114:2 -out $TESTDIR/dhx_5114_2.pem 35 36./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:1024 -pkeyopt qbits:160 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p1024_q160_t1862.pem 37./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:1024 -pkeyopt qbits:224 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p1024_q224_t1862.pem 38./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:1024 -pkeyopt qbits:256 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p1024_q256_t1862.pem 39 40./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:1024 -pkeyopt qbits:160 -pkeyopt type:fips186_4 -out $TESTDIR/dhx_p1024_q160_t1864.pem 41 42./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:2048 -pkeyopt qbits:160 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p2048_q160_t1862.pem 43./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:2048 -pkeyopt qbits:224 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p2048_q224_t1862.pem 44./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:2048 -pkeyopt qbits:256 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p2048_q256_t1862.pem 45 46./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:2048 -pkeyopt qbits:224 -pkeyopt type:fips186_4 -out $TESTDIR/dhx_p2048_q224_t1864.pem 47./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:2048 -pkeyopt qbits:256 -pkeyopt type:fips186_4 -out $TESTDIR/dhx_p2048_q256_t1864.pem 48 49./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:3072 -pkeyopt qbits:160 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p3072_q160_t1862.pem 50./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:3072 -pkeyopt qbits:224 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p3072_q224_t1862.pem 51./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:3072 -pkeyopt qbits:256 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p3072_q256_t1862.pem 52 53./util/opensslwrap.sh genpkey -genparam -algorithm DH -pkeyopt group:ffdhe2048 -out $TESTDIR/dh_ffdhe2048.pem 54./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt group:ffdhe2048 -out $TESTDIR/dhx_ffdhe2048.pem 55 56 57=cut 58 59my @valid = glob(data_file("valid", "*.pem")); 60my @invalid = glob(data_file("invalid", "*.pem")); 61 62my $num_tests = scalar @valid + scalar @invalid; 63plan tests => 2 + 2 * $num_tests; 64 65foreach (@valid) { 66 ok(run(app([qw{openssl dhparam -noout -check -in}, $_]))); 67 ok(run(app([qw{openssl pkeyparam -noout -check -in}, $_]))); 68} 69 70foreach (@invalid) { 71 ok(!run(app([qw{openssl dhparam -noout -check -in}, $_]))); 72 ok(!run(app([qw{openssl pkeyparam -noout -check -in}, $_]))); 73} 74 75my $tmpfile = 'out.txt'; 76 77sub contains { 78 my $expected = shift; 79 my $found = 0; 80 open(my $in, '<', $tmpfile) or die "Could not open file $tmpfile"; 81 while(<$in>) { 82 $found = 1 if m/$expected/; # output must include $expected 83 } 84 close $in; 85 return $found; 86} 87 88# Check that if we load dh params with only a 'p' and 'g' that it detects 89# that this is actually a valid named group. 90ok(run(app([qw{openssl pkeyparam -text -in}, data_file("valid/dh_ffdhe2048.pem")], stdout => $tmpfile))); 91ok(contains("ffdhe2048")) 92
