15-test_gendsa.t 4.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136
  1. #! /usr/bin/env perl
  2. # Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
  3. #
  4. # Licensed under the Apache License 2.0 (the "License"). You may not use
  5. # this file except in compliance with the License. You can obtain a copy
  6. # in the file LICENSE in the source distribution or at
  7. # https://www.openssl.org/source/license.html
  8. use strict;
  9. use warnings;
  10. use File::Spec;
  11. use OpenSSL::Test qw/:DEFAULT srctop_file srctop_dir bldtop_dir bldtop_file/;
  12. use OpenSSL::Test::Utils;
  13. BEGIN {
  14. setup("test_gendsa");
  15. }
  16. use lib srctop_dir('Configurations');
  17. use lib bldtop_dir('.');
  18. plan skip_all => "This test is unsupported in a no-dsa build"
  19. if disabled("dsa");
  20. my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
  21. plan tests =>
  22. ($no_fips ? 0 : 2) # FIPS related tests
  23. + 11;
  24. ok(run(app([ 'openssl', 'genpkey', '-genparam',
  25. '-algorithm', 'DSA',
  26. '-pkeyopt', 'gindex:1',
  27. '-pkeyopt', 'type:fips186_4',
  28. '-text'])),
  29. "genpkey DSA params fips186_4 with verifiable g");
  30. ok(run(app([ 'openssl', 'genpkey', '-genparam',
  31. '-algorithm', 'DSA',
  32. '-pkeyopt', 'type:fips186_4',
  33. '-text'])),
  34. "genpkey DSA params fips186_4 with unverifiable g");
  35. ok(run(app([ 'openssl', 'genpkey', '-genparam',
  36. '-algorithm', 'DSA',
  37. '-pkeyopt', 'pbits:2048',
  38. '-pkeyopt', 'qbits:224',
  39. '-pkeyopt', 'digest:SHA512-256',
  40. '-pkeyopt', 'type:fips186_4'])),
  41. "genpkey DSA params fips186_4 with truncated SHA");
  42. ok(run(app([ 'openssl', 'genpkey', '-genparam',
  43. '-algorithm', 'DSA',
  44. '-pkeyopt', 'type:fips186_2',
  45. '-text'])),
  46. "genpkey DSA params fips186_2");
  47. ok(run(app([ 'openssl', 'genpkey', '-genparam',
  48. '-algorithm', 'DSA',
  49. '-pkeyopt', 'type:fips186_2',
  50. '-pkeyopt', 'dsa_paramgen_bits:1024',
  51. '-out', 'dsagen.legacy.pem'])),
  52. "genpkey DSA params fips186_2 PEM");
  53. ok(!run(app([ 'openssl', 'genpkey', '-algorithm', 'DSA',
  54. '-pkeyopt', 'type:group',
  55. '-text'])),
  56. "genpkey DSA does not support groups");
  57. ok(run(app([ 'openssl', 'genpkey', '-genparam',
  58. '-algorithm', 'DSA',
  59. '-pkeyopt', 'gindex:1',
  60. '-pkeyopt', 'type:fips186_4',
  61. '-out', 'dsagen.pem'])),
  62. "genpkey DSA params fips186_4 PEM");
  63. ok(run(app([ 'openssl', 'genpkey', '-genparam',
  64. '-algorithm', 'DSA',
  65. '-pkeyopt', 'gindex:1',
  66. '-pkeyopt', 'pbits:2048',
  67. '-pkeyopt', 'qbits:256',
  68. '-pkeyopt', 'type:fips186_4',
  69. '-outform', 'DER',
  70. '-out', 'dsagen.der'])),
  71. "genpkey DSA params fips186_4 DER");
  72. ok(run(app([ 'openssl', 'genpkey',
  73. '-paramfile', 'dsagen.legacy.pem',
  74. '-pkeyopt', 'type:fips186_2',
  75. '-text'])),
  76. "genpkey DSA fips186_2 with PEM params");
  77. # The seed and counter should be the ones generated from the param generation
  78. # Just put some dummy ones in to show it works.
  79. ok(run(app([ 'openssl', 'genpkey',
  80. '-paramfile', 'dsagen.der',
  81. '-pkeyopt', 'type:fips186_4',
  82. '-pkeyopt', 'gindex:1',
  83. '-pkeyopt', 'hexseed:0102030405060708090A0B0C0D0E0F1011121314',
  84. '-pkeyopt', 'pcounter:25',
  85. '-text'])),
  86. "genpkey DSA fips186_4 with DER params");
  87. ok(!run(app([ 'openssl', 'genpkey',
  88. '-algorithm', 'DSA'])),
  89. "genpkey DSA with no params should fail");
  90. unless ($no_fips) {
  91. my $provconf = srctop_file("test", "fips-and-base.cnf");
  92. my $provpath = bldtop_dir("providers");
  93. my @prov = ( "-provider-path", $provpath,
  94. "-config", $provconf);
  95. $ENV{OPENSSL_TEST_LIBCTX} = "1";
  96. # Generate params
  97. ok(run(app(['openssl', 'genpkey',
  98. @prov,
  99. '-genparam',
  100. '-algorithm', 'DSA',
  101. '-pkeyopt', 'pbits:3072',
  102. '-pkeyopt', 'qbits:256',
  103. '-out', 'gendsatest3072params.pem'])),
  104. "Generating 3072-bit DSA params");
  105. # Generate keypair
  106. ok(run(app(['openssl', 'genpkey',
  107. @prov,
  108. '-paramfile', 'gendsatest3072params.pem',
  109. '-text',
  110. '-out', 'gendsatest3072.pem'])),
  111. "Generating 3072-bit DSA keypair");
  112. }