15-test_genrsa.t 5.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140
  1. #! /usr/bin/env perl
  2. # Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
  3. #
  4. # Licensed under the Apache License 2.0 (the "License"). You may not use
  5. # this file except in compliance with the License. You can obtain a copy
  6. # in the file LICENSE in the source distribution or at
  7. # https://www.openssl.org/source/license.html
  8. use strict;
  9. use warnings;
  10. use File::Spec;
  11. use OpenSSL::Test qw/:DEFAULT srctop_file srctop_dir bldtop_dir bldtop_file/;
  12. use OpenSSL::Test::Utils;
  13. BEGIN {
  14. setup("test_genrsa");
  15. }
  16. use lib srctop_dir('Configurations');
  17. use lib bldtop_dir('.');
  18. use platform;
  19. my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
  20. plan tests =>
  21. ($no_fips ? 0 : 2) # FIPS install test + fips related test
  22. + 12;
  23. # We want to know that an absurdly small number of bits isn't support
  24. if (disabled("deprecated-3.0")) {
  25. is(run(app([ 'openssl', 'genpkey', '-out', 'genrsatest.pem',
  26. '-algorithm', 'RSA', '-pkeyopt', 'rsa_keygen_bits:8',
  27. '-pkeyopt', 'rsa_keygen_pubexp:3'])),
  28. 0, "genrsa -3 8");
  29. } else {
  30. is(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', '8'])),
  31. 0, "genrsa -3 8");
  32. }
  33. # Depending on the shared library, we might have different lower limits.
  34. # Let's find it! This is a simple binary search
  35. # ------------------------------------------------------------
  36. # NOTE: $good may need an update in the future
  37. # ------------------------------------------------------------
  38. note "Looking for lowest amount of bits";
  39. my $bad = 3; # Log2 of number of bits (2 << 3 == 8)
  40. my $good = 11; # Log2 of number of bits (2 << 11 == 2048)
  41. my $fin;
  42. while ($good > $bad + 1) {
  43. my $checked = int(($good + $bad + 1) / 2);
  44. my $bits = 2 ** $checked;
  45. if (disabled("deprecated-3.0")) {
  46. $fin = run(app([ 'openssl', 'genpkey', '-out', 'genrsatest.pem',
  47. '-algorithm', 'RSA', '-pkeyopt', 'rsa_keygen_pubexp:65537',
  48. '-pkeyopt', "rsa_keygen_bits:$bits",
  49. ], stderr => undef));
  50. } else {
  51. $fin = run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem',
  52. $bits
  53. ], stderr => undef));
  54. }
  55. if ($fin) {
  56. note 2 ** $checked, " bits is good";
  57. $good = $checked;
  58. } else {
  59. note 2 ** $checked, " bits is bad";
  60. $bad = $checked;
  61. }
  62. }
  63. $good++ if $good == $bad;
  64. $good = 2 ** $good;
  65. note "Found lowest allowed amount of bits to be $good";
  66. ok(run(app([ 'openssl', 'genpkey', '-algorithm', 'RSA',
  67. '-pkeyopt', 'rsa_keygen_pubexp:65537',
  68. '-pkeyopt', "rsa_keygen_bits:$good",
  69. '-out', 'genrsatest.pem' ])),
  70. "genpkey -3 $good");
  71. ok(run(app([ 'openssl', 'pkey', '-check', '-in', 'genrsatest.pem', '-noout' ])),
  72. "pkey -check");
  73. ok(run(app([ 'openssl', 'genpkey', '-algorithm', 'RSA',
  74. '-pkeyopt', 'rsa_keygen_pubexp:65537',
  75. '-pkeyopt', "rsa_keygen_bits:$good",
  76. '-out', 'genrsatest.pem' ])),
  77. "genpkey -f4 $good");
  78. ok(run(app([ 'openssl', 'genpkey', '-algorithm', 'RSA',
  79. '-pkeyopt', 'rsa_keygen_bits:2048',
  80. '-out', 'genrsatest2048.pem' ])),
  81. "genpkey 2048 bits");
  82. ok(run(app([ 'openssl', 'pkey', '-check', '-in', 'genrsatest2048.pem', '-noout' ])),
  83. "pkey -check");
  84. ok(!run(app([ 'openssl', 'genpkey', '-algorithm', 'RSA',
  85. '-pkeyopt', 'hexe:02',
  86. '-out', 'genrsatest.pem' ])),
  87. "genpkey with a bad public exponent should fail");
  88. ok(!run(app([ 'openssl', 'genpkey', '-algorithm', 'RSA',
  89. '-pkeyopt', 'e:65538',
  90. '-out', 'genrsatest.pem' ])),
  91. "genpkey with a even public exponent should fail");
  92. SKIP: {
  93. skip "Skipping rsa command line test", 4 if disabled("deprecated-3.0");
  94. ok(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', $good ])),
  95. "genrsa -3 $good");
  96. ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout' ])),
  97. "rsa -check");
  98. ok(run(app([ 'openssl', 'genrsa', '-f4', '-out', 'genrsatest.pem', $good ])),
  99. "genrsa -f4 $good");
  100. ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout' ])),
  101. "rsa -check");
  102. }
  103. unless ($no_fips) {
  104. my $provconf = srctop_file("test", "fips-and-base.cnf");
  105. my $provpath = bldtop_dir("providers");
  106. my @prov = ( "-provider-path", $provpath,
  107. "-config", $provconf);
  108. my $infile = bldtop_file('providers', platform->dso('fips'));
  109. ok(run(app(['openssl', 'fipsinstall',
  110. '-out', bldtop_file('providers', 'fipsmodule.cnf'),
  111. '-module', $infile,
  112. '-provider_name', 'fips', '-mac_name', 'HMAC',
  113. '-section_name', 'fips_sect'])),
  114. "fipsinstall");
  115. $ENV{OPENSSL_TEST_LIBCTX} = "1";
  116. ok(run(app(['openssl', 'genpkey',
  117. @prov,
  118. '-algorithm', 'RSA',
  119. '-pkeyopt', 'bits:2080',
  120. '-out', 'genrsatest2080.pem'])),
  121. "Generating RSA key with > 2048 bits and < 3072 bits");
  122. }