| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178 |
- #! /usr/bin/env perl
- # Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved.
- #
- # Licensed under the Apache License 2.0 (the "License"). You may not use
- # this file except in compliance with the License. You can obtain a copy
- # in the file LICENSE in the source distribution or at
- # https://www.openssl.org/source/license.html
- use strict;
- use warnings;
- use OpenSSL::Test;
- use OpenSSL::Test::Utils;
- setup("test_gendhparam");
- my @testdata = (
- {
- algorithm => 'DHX',
- pkeyopts => [ "type:fips186_4", 'digest:SHA256', 'gindex:1' ],
- expect => [ 'BEGIN X9.42 DH PARAMETERS', 'gindex:', 'pcounter:', 'SEED:' ],
- message => 'DH fips186_4 param gen with verifiable g',
- },
- {
- algorithm => 'DH',
- pkeyopts => [ "type:fips186_4", 'digest:SHA256', 'gindex:1' ],
- expect => [ 'ERROR' ],
- message => 'fips186_4 param gen should fail if DHX is not used',
- },
- {
- algorithm => 'DHX',
- pkeyopts => [ "type:fips186_4", 'digest:SHA512-224', 'gindex:1' ],
- expect => [ 'BEGIN X9.42 DH PARAMETERS', 'gindex:', 'pcounter:', 'SEED:' ],
- message => 'DH fips186_4 param gen with verifiable g and truncated digest',
- },
- {
- algorithm => 'DHX',
- pkeyopts => [ 'type:fips186_2', 'pbits:1024', 'qbits:160' ],
- expect => [ 'BEGIN X9.42 DH PARAMETERS', 'h:', 'pcounter:', 'SEED:' ],
- message => 'DHX fips186_2 param gen with a selected p and q size with unverifyable g',
- },
- {
- algorithm => 'DHX',
- pkeyopts => [ 'type:fips186_2', 'dh_paramgen_prime_len:1024', 'dh_paramgen_subprime_len:160' ],
- message => 'DHX fips186_2 param gen with a selected p and q size using aliased',
- expect => [ "BEGIN X9.42 DH PARAMETERS" ],
- },
- {
- algorithm => 'DH',
- pkeyopts => [ 'type:fips186_2', 'dh_paramgen_prime_len:1024', 'dh_paramgen_subprime_len:160' ],
- message => 'DH fips186_2 param gen with a selected p and q size using aliases should fail',
- expect => [ "ERROR" ],
- },
- {
- algorithm => 'DH',
- pkeyopts => [ 'group:ffdhe2048'],
- expect => [ 'BEGIN DH PARAMETERS', 'GROUP:' ],
- message => 'DH named group ffdhe selection',
- },
- {
- algorithm => 'DH',
- pkeyopts => [ 'dh_param:ffdhe8192'],
- expect => [ 'BEGIN DH PARAMETERS', 'GROUP:' ],
- message => 'DH named group ffdhe selection using alias',
- },
- {
- algorithm => 'DH',
- pkeyopts => [ 'group:modp_3072'],
- expect => [ 'BEGIN DH PARAMETERS', 'GROUP:' ],
- message => 'DH named group modp selection',
- },
- {
- algorithm => 'DH',
- pkeyopts => [ 'dh_param:modp_4096'],
- message => 'DH named group modp selection using alias',
- expect => [ 'BEGIN DH PARAMETERS', 'GROUP:'],
- },
- {
- algorithm => 'DHX',
- pkeyopts => [ 'group:dh_2048_256' ],
- expect => [ 'BEGIN X9.42 DH PARAMETERS', 'GROUP:' ],
- message => 'DHX RFC5114 named group selection',
- },
- {
- algorithm => 'DHX',
- pkeyopts => [ 'dh_param:dh_2048_224' ],
- expect => [ 'BEGIN X9.42 DH PARAMETERS', 'GROUP:' ],
- message => 'DHX RFC5114 named group selection using alias',
- },
- {
- algorithm => 'DHX',
- pkeyopts => [ 'dh_rfc5114:2'],
- expect => [ 'BEGIN X9.42 DH PARAMETERS', 'GROUP:' ],
- message => 'DHX RFC5114 named group selection using an id',
- },
- {
- algorithm => 'DHX',
- pkeyopts => [ 'dh_rfc5114:1', 'dh_paramgen_type:1' ],
- expect => [ 'BEGIN X9.42 DH PARAMETERS', 'GROUP:' ],
- message => 'DHX paramgen_type is ignored if the group is set',
- },
- {
- algorithm => 'DH',
- pkeyopts => [ 'dh_rfc5114:1', 'dh_paramgen_type:1' ],
- expect => [ 'ERROR' ],
- message => "Setting dh_paramgen_type to fips186 should fail for DH keys",
- },
- # These tests using the safeprime generator were removed as they are slow..
- # {
- # algorithm => 'DH',
- # pkeyopts => [ 'type:generator', 'safeprime-generator:5'],
- # expect => [ 'BEGIN DH PARAMETERS', 'G: 5' ],
- # message => 'DH safe prime generator',
- # },
- # {
- # algorithm => 'DH',
- # pkeyopts => [ 'dh_paramgen_type:0', 'dh_paramgen_generator:5'],
- # expect => [ 'BEGIN DH PARAMETERS', 'G: 5' ],
- # message => 'DH safe prime generator using an alias',
- # },
- {
- algorithm => 'DHX',
- pkeyopts => [ 'type:generator', 'safeprime-generator:5'],
- expect => [ 'ERROR' ],
- message => 'safe prime generator should fail for DHX',
- }
- );
- plan skip_all => "DH isn't supported in this build" if disabled("dh");
- plan tests => scalar @testdata;
- foreach my $test (@testdata) {
- my $alg = $test->{algorithm};
- my $msg = $test->{message};
- my @testargs = @{ $test->{pkeyopts} };
- my @expected = @{ $test->{expect} };
- my @pkeyopts= ();
- foreach (@testargs) {
- push(@pkeyopts, '-pkeyopt');
- push(@pkeyopts, $_);
- }
- my @lines;
- if ($expected[0] eq 'ERROR') {
- @lines = run(app(['openssl', 'genpkey', '-genparam',
- '-algorithm', $alg, '-text', @pkeyopts],
- stderr => undef),
- capture => 1);
- } else {
- @lines = run(app(['openssl', 'genpkey', '-genparam',
- '-algorithm', $alg, '-text', @pkeyopts]),
- capture => 1);
- }
- ok(compareline(\@lines, \@expected), $msg);
- }
- # Check that the stdout output matches the expected value.
- sub compareline {
- my ($ref_lines, $ref_expected) = @_;
- my @lines = @$ref_lines;
- my @expected = @$ref_expected;
- if (@lines == 0 and $expected[0] eq 'ERROR') {
- return 1;
- }
- print "-----------------\n";
- foreach (@lines) {
- print "# ".$_;
- }
- print "-----------------\n";
- foreach my $ex (@expected) {
- if ( !grep { index($_, $ex) >= 0 } @lines) {
- print "ERROR: Cannot find: $ex\n";
- return 0;
- }
- }
- return 1;
- }
|
