xref: /freebsd/crypto/openssl/test/recipes/15-test_gendsa.t (revision e0c4386e7e71d93b0edc0c8fa156263fc4a8b0b6) 
1*e0c4386eSCy Schubert#! /usr/bin/env perl
2*e0c4386eSCy Schubert# Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
3*e0c4386eSCy Schubert#
4*e0c4386eSCy Schubert# Licensed under the Apache License 2.0 (the "License").  You may not use
5*e0c4386eSCy Schubert# this file except in compliance with the License.  You can obtain a copy
6*e0c4386eSCy Schubert# in the file LICENSE in the source distribution or at
7*e0c4386eSCy Schubert# https://www.openssl.org/source/license.html
8*e0c4386eSCy Schubert
9*e0c4386eSCy Schubert
10*e0c4386eSCy Schubertuse strict;
11*e0c4386eSCy Schubertuse warnings;
12*e0c4386eSCy Schubert
13*e0c4386eSCy Schubertuse File::Spec;
14*e0c4386eSCy Schubertuse OpenSSL::Test qw/:DEFAULT srctop_file srctop_dir bldtop_dir bldtop_file/;
15*e0c4386eSCy Schubertuse OpenSSL::Test::Utils;
16*e0c4386eSCy Schubert
17*e0c4386eSCy SchubertBEGIN {
18*e0c4386eSCy Schubert    setup("test_gendsa");
19*e0c4386eSCy Schubert}
20*e0c4386eSCy Schubert
21*e0c4386eSCy Schubertuse lib srctop_dir('Configurations');
22*e0c4386eSCy Schubertuse lib bldtop_dir('.');
23*e0c4386eSCy Schubert
24*e0c4386eSCy Schubertplan skip_all => "This test is unsupported in a no-dsa build"
25*e0c4386eSCy Schubert    if disabled("dsa");
26*e0c4386eSCy Schubert
27*e0c4386eSCy Schubertmy $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
28*e0c4386eSCy Schubert
29*e0c4386eSCy Schubertplan tests =>
30*e0c4386eSCy Schubert    ($no_fips ? 0 : 2)          # FIPS related tests
31*e0c4386eSCy Schubert    + 11;
32*e0c4386eSCy Schubert
33*e0c4386eSCy Schubertok(run(app([ 'openssl', 'genpkey', '-genparam',
34*e0c4386eSCy Schubert             '-algorithm', 'DSA',
35*e0c4386eSCy Schubert             '-pkeyopt', 'gindex:1',
36*e0c4386eSCy Schubert             '-pkeyopt', 'type:fips186_4',
37*e0c4386eSCy Schubert             '-text'])),
38*e0c4386eSCy Schubert   "genpkey DSA params fips186_4 with verifiable g");
39*e0c4386eSCy Schubert
40*e0c4386eSCy Schubertok(run(app([ 'openssl', 'genpkey', '-genparam',
41*e0c4386eSCy Schubert             '-algorithm', 'DSA',
42*e0c4386eSCy Schubert             '-pkeyopt', 'type:fips186_4',
43*e0c4386eSCy Schubert             '-text'])),
44*e0c4386eSCy Schubert   "genpkey DSA params fips186_4 with unverifiable g");
45*e0c4386eSCy Schubert
46*e0c4386eSCy Schubertok(run(app([ 'openssl', 'genpkey', '-genparam',
47*e0c4386eSCy Schubert             '-algorithm', 'DSA',
48*e0c4386eSCy Schubert             '-pkeyopt', 'pbits:2048',
49*e0c4386eSCy Schubert             '-pkeyopt', 'qbits:224',
50*e0c4386eSCy Schubert             '-pkeyopt', 'digest:SHA512-256',
51*e0c4386eSCy Schubert             '-pkeyopt', 'type:fips186_4'])),
52*e0c4386eSCy Schubert   "genpkey DSA params fips186_4 with truncated SHA");
53*e0c4386eSCy Schubert
54*e0c4386eSCy Schubertok(run(app([ 'openssl', 'genpkey', '-genparam',
55*e0c4386eSCy Schubert             '-algorithm', 'DSA',
56*e0c4386eSCy Schubert             '-pkeyopt', 'type:fips186_2',
57*e0c4386eSCy Schubert             '-text'])),
58*e0c4386eSCy Schubert   "genpkey DSA params fips186_2");
59*e0c4386eSCy Schubert
60*e0c4386eSCy Schubertok(run(app([ 'openssl', 'genpkey', '-genparam',
61*e0c4386eSCy Schubert             '-algorithm', 'DSA',
62*e0c4386eSCy Schubert             '-pkeyopt', 'type:fips186_2',
63*e0c4386eSCy Schubert             '-pkeyopt', 'dsa_paramgen_bits:1024',
64*e0c4386eSCy Schubert             '-out', 'dsagen.legacy.pem'])),
65*e0c4386eSCy Schubert   "genpkey DSA params fips186_2 PEM");
66*e0c4386eSCy Schubert
67*e0c4386eSCy Schubertok(!run(app([ 'openssl', 'genpkey', '-algorithm', 'DSA',
68*e0c4386eSCy Schubert             '-pkeyopt', 'type:group',
69*e0c4386eSCy Schubert             '-text'])),
70*e0c4386eSCy Schubert   "genpkey DSA does not support groups");
71*e0c4386eSCy Schubert
72*e0c4386eSCy Schubertok(run(app([ 'openssl', 'genpkey', '-genparam',
73*e0c4386eSCy Schubert             '-algorithm', 'DSA',
74*e0c4386eSCy Schubert             '-pkeyopt', 'gindex:1',
75*e0c4386eSCy Schubert             '-pkeyopt', 'type:fips186_4',
76*e0c4386eSCy Schubert             '-out', 'dsagen.pem'])),
77*e0c4386eSCy Schubert   "genpkey DSA params fips186_4 PEM");
78*e0c4386eSCy Schubert
79*e0c4386eSCy Schubertok(run(app([ 'openssl', 'genpkey', '-genparam',
80*e0c4386eSCy Schubert             '-algorithm', 'DSA',
81*e0c4386eSCy Schubert             '-pkeyopt', 'gindex:1',
82*e0c4386eSCy Schubert             '-pkeyopt', 'pbits:2048',
83*e0c4386eSCy Schubert             '-pkeyopt', 'qbits:256',
84*e0c4386eSCy Schubert             '-pkeyopt', 'type:fips186_4',
85*e0c4386eSCy Schubert             '-outform', 'DER',
86*e0c4386eSCy Schubert             '-out', 'dsagen.der'])),
87*e0c4386eSCy Schubert   "genpkey DSA params fips186_4 DER");
88*e0c4386eSCy Schubert
89*e0c4386eSCy Schubertok(run(app([ 'openssl', 'genpkey',
90*e0c4386eSCy Schubert             '-paramfile', 'dsagen.legacy.pem',
91*e0c4386eSCy Schubert             '-pkeyopt', 'type:fips186_2',
92*e0c4386eSCy Schubert             '-text'])),
93*e0c4386eSCy Schubert   "genpkey DSA fips186_2 with PEM params");
94*e0c4386eSCy Schubert
95*e0c4386eSCy Schubert# The seed and counter should be the ones generated from the param generation
96*e0c4386eSCy Schubert# Just put some dummy ones in to show it works.
97*e0c4386eSCy Schubertok(run(app([ 'openssl', 'genpkey',
98*e0c4386eSCy Schubert             '-paramfile', 'dsagen.der',
99*e0c4386eSCy Schubert             '-pkeyopt', 'type:fips186_4',
100*e0c4386eSCy Schubert             '-pkeyopt', 'gindex:1',
101*e0c4386eSCy Schubert             '-pkeyopt', 'hexseed:0102030405060708090A0B0C0D0E0F1011121314',
102*e0c4386eSCy Schubert             '-pkeyopt', 'pcounter:25',
103*e0c4386eSCy Schubert             '-text'])),
104*e0c4386eSCy Schubert   "genpkey DSA fips186_4 with DER params");
105*e0c4386eSCy Schubert
106*e0c4386eSCy Schubertok(!run(app([ 'openssl', 'genpkey',
107*e0c4386eSCy Schubert              '-algorithm', 'DSA'])),
108*e0c4386eSCy Schubert   "genpkey DSA with no params should fail");
109*e0c4386eSCy Schubert
110*e0c4386eSCy Schubertunless ($no_fips) {
111*e0c4386eSCy Schubert    my $provconf = srctop_file("test", "fips-and-base.cnf");
112*e0c4386eSCy Schubert    my $provpath = bldtop_dir("providers");
113*e0c4386eSCy Schubert    my @prov = ( "-provider-path", $provpath,
114*e0c4386eSCy Schubert                 "-config", $provconf);
115*e0c4386eSCy Schubert
116*e0c4386eSCy Schubert    $ENV{OPENSSL_TEST_LIBCTX} = "1";
117*e0c4386eSCy Schubert
118*e0c4386eSCy Schubert    # Generate params
119*e0c4386eSCy Schubert    ok(run(app(['openssl', 'genpkey',
120*e0c4386eSCy Schubert                @prov,
121*e0c4386eSCy Schubert               '-genparam',
122*e0c4386eSCy Schubert               '-algorithm', 'DSA',
123*e0c4386eSCy Schubert               '-pkeyopt', 'pbits:3072',
124*e0c4386eSCy Schubert               '-pkeyopt', 'qbits:256',
125*e0c4386eSCy Schubert               '-out', 'gendsatest3072params.pem'])),
126*e0c4386eSCy Schubert       "Generating 3072-bit DSA params");
127*e0c4386eSCy Schubert
128*e0c4386eSCy Schubert    # Generate keypair
129*e0c4386eSCy Schubert    ok(run(app(['openssl', 'genpkey',
130*e0c4386eSCy Schubert                @prov,
131*e0c4386eSCy Schubert               '-paramfile', 'gendsatest3072params.pem',
132*e0c4386eSCy Schubert               '-text',
133*e0c4386eSCy Schubert               '-out', 'gendsatest3072.pem'])),
134*e0c4386eSCy Schubert       "Generating 3072-bit DSA keypair");
135*e0c4386eSCy Schubert
136*e0c4386eSCy Schubert}
137