1#! /usr/bin/env perl 2# Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved. 3# 4# Licensed under the Apache License 2.0 (the "License"). You may not use 5# this file except in compliance with the License. You can obtain a copy 6# in the file LICENSE in the source distribution or at 7# https://www.openssl.org/source/license.html 8 9 10use strict; 11use warnings; 12 13use File::Spec; 14use OpenSSL::Test qw/:DEFAULT srctop_file srctop_dir bldtop_dir bldtop_file/; 15use OpenSSL::Test::Utils; 16 17BEGIN { 18 setup("test_gendsa"); 19} 20 21use lib srctop_dir('Configurations'); 22use lib bldtop_dir('.'); 23 24plan skip_all => "This test is unsupported in a no-dsa build" 25 if disabled("dsa"); 26 27my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); 28 29plan tests => 30 ($no_fips ? 0 : 2) # FIPS related tests 31 + 18; 32 33ok(run(app([ 'openssl', 'genpkey', '-genparam', 34 '-algorithm', 'DSA', 35 '-pkeyopt', 'gindex:1', 36 '-pkeyopt', 'type:fips186_4', 37 '-text'])), 38 "genpkey DSA params fips186_4 with verifiable g"); 39 40ok(run(app([ 'openssl', 'genpkey', '-genparam', 41 '-algorithm', 'DSA', 42 '-pkeyopt', 'type:fips186_4', 43 '-text'])), 44 "genpkey DSA params fips186_4 with unverifiable g"); 45 46ok(run(app([ 'openssl', 'genpkey', '-genparam', 47 '-algorithm', 'DSA', 48 '-pkeyopt', 'pbits:2048', 49 '-pkeyopt', 'qbits:224', 50 '-pkeyopt', 'digest:SHA512-256', 51 '-pkeyopt', 'type:fips186_4'])), 52 "genpkey DSA params fips186_4 with truncated SHA"); 53 54ok(run(app([ 'openssl', 'genpkey', '-genparam', 55 '-algorithm', 'DSA', 56 '-pkeyopt', 'type:fips186_2', 57 '-text'])), 58 "genpkey DSA params fips186_2"); 59 60ok(run(app([ 'openssl', 'genpkey', '-genparam', 61 '-algorithm', 'DSA', 62 '-pkeyopt', 'type:fips186_2', 63 '-pkeyopt', 'dsa_paramgen_bits:1024', 64 '-out', 'dsagen.legacy.pem'])), 65 "genpkey DSA params fips186_2 PEM"); 66 67ok(!run(app([ 'openssl', 'genpkey', '-algorithm', 'DSA', 68 '-pkeyopt', 'type:group', 69 '-text'])), 70 "genpkey DSA does not support groups"); 71 72ok(run(app([ 'openssl', 'genpkey', '-genparam', 73 '-algorithm', 'DSA', 74 '-pkeyopt', 'gindex:1', 75 '-pkeyopt', 'type:fips186_4', 76 '-out', 'dsagen.pem'])), 77 "genpkey DSA params fips186_4 PEM"); 78 79ok(run(app([ 'openssl', 'genpkey', '-genparam', 80 '-algorithm', 'DSA', 81 '-pkeyopt', 'gindex:1', 82 '-pkeyopt', 'pbits:2048', 83 '-pkeyopt', 'qbits:256', 84 '-pkeyopt', 'type:fips186_4', 85 '-outform', 'DER', 86 '-out', 'dsagen.der'])), 87 "genpkey DSA params fips186_4 DER"); 88 89ok(run(app([ 'openssl', 'genpkey', 90 '-paramfile', 'dsagen.legacy.pem', 91 '-pkeyopt', 'type:fips186_2', 92 '-text'])), 93 "genpkey DSA fips186_2 with PEM params"); 94 95# The seed and counter should be the ones generated from the param generation 96# Just put some dummy ones in to show it works. 97ok(run(app([ 'openssl', 'genpkey', 98 '-paramfile', 'dsagen.der', 99 '-pkeyopt', 'type:fips186_4', 100 '-pkeyopt', 'gindex:1', 101 '-pkeyopt', 'hexseed:0102030405060708090A0B0C0D0E0F1011121314', 102 '-pkeyopt', 'pcounter:25', 103 '-text'])), 104 "genpkey DSA fips186_4 with DER params"); 105 106ok(!run(app([ 'openssl', 'genpkey', 107 '-algorithm', 'DSA'])), 108 "genpkey DSA with no params should fail"); 109 110ok(run(app(["openssl", "gendsa", "-verbose", 111 'dsagen.pem'])), 112 "gendsa with -verbose option and dsagen parameter"); 113 114ok(!run(app(["openssl", "gendsa", 115 'dsagen.pem', "-verbose"])), 116 "gendsa with extra parameter (at end) should fail"); 117 118# test key generation with dsaparam tool 119ok(run(app([ 'openssl', 'dsaparam', 120 '-genkey', 121 '-text', 122 '1024', 123 ])), 124 "dsaparam -genkey DSA 1024 with default qbits"); 125 126ok(run(app([ 'openssl', 'dsaparam', 127 '-genkey', 128 '-text', 129 '2048', 130 ])), 131 "dsaparam -genkey DSA 2048 with default qbits"); 132 133ok(run(app([ 'openssl', 'dsaparam', 134 '-genkey', 135 '-text', 136 '1024', '160', 137 ])), 138 "dsaparam -genkey DSA 1024 with 160 qbits"); 139 140ok(run(app([ 'openssl', 'dsaparam', 141 '-genkey', 142 '-text', 143 '2048', '224', 144 ])), 145 "dsaparam -genkey DSA 2048 with 224 qbits"); 146 147ok(run(app([ 'openssl', 'dsaparam', 148 '-genkey', 149 '-text', 150 '2048', '256', 151 ])), 152 "dsaparam -genkey DSA 2048 with 256 qbits"); 153# genkey test for 3072 bits keys were removed to speed up the tests 154 155unless ($no_fips) { 156 my $provconf = srctop_file("test", "fips-and-base.cnf"); 157 my $provpath = bldtop_dir("providers"); 158 my @prov = ( "-provider-path", $provpath, 159 "-config", $provconf); 160 161 $ENV{OPENSSL_TEST_LIBCTX} = "1"; 162 163 # DSA signing/keygen is not approved in FIPS 140-3 164 run(test(["fips_version_test", "-config", $provconf, "<3.4.0"]), 165 capture => 1, statusvar => \my $dsasignpass); 166 167 # Generate params 168 is(run(app(['openssl', 'genpkey', 169 @prov, 170 '-genparam', 171 '-algorithm', 'DSA', 172 '-pkeyopt', 'pbits:3072', 173 '-pkeyopt', 'qbits:256', 174 '-out', 'gendsatest3072params.pem'])), 175 $dsasignpass, 176 "Generating 3072-bit DSA params"); 177 178 # Generate keypair 179 is(run(app(['openssl', 'genpkey', 180 @prov, 181 '-paramfile', 'gendsatest3072params.pem', 182 '-text', 183 '-out', 'gendsatest3072.pem'])), 184 $dsasignpass, 185 "Generating 3072-bit DSA keypair"); 186 187} 188
