xref: /freebsd/crypto/openssl/test/recipes/15-test_gendsa.t (revision 5ca8e32633c4ffbbcd6762e5888b6a4ba0708c6c)
1#! /usr/bin/env perl
2# Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
3#
4# Licensed under the Apache License 2.0 (the "License").  You may not use
5# this file except in compliance with the License.  You can obtain a copy
6# in the file LICENSE in the source distribution or at
7# https://www.openssl.org/source/license.html
8
9
10use strict;
11use warnings;
12
13use File::Spec;
14use OpenSSL::Test qw/:DEFAULT srctop_file srctop_dir bldtop_dir bldtop_file/;
15use OpenSSL::Test::Utils;
16
17BEGIN {
18    setup("test_gendsa");
19}
20
21use lib srctop_dir('Configurations');
22use lib bldtop_dir('.');
23
24plan skip_all => "This test is unsupported in a no-dsa build"
25    if disabled("dsa");
26
27my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
28
29plan tests =>
30    ($no_fips ? 0 : 2)          # FIPS related tests
31    + 11;
32
33ok(run(app([ 'openssl', 'genpkey', '-genparam',
34             '-algorithm', 'DSA',
35             '-pkeyopt', 'gindex:1',
36             '-pkeyopt', 'type:fips186_4',
37             '-text'])),
38   "genpkey DSA params fips186_4 with verifiable g");
39
40ok(run(app([ 'openssl', 'genpkey', '-genparam',
41             '-algorithm', 'DSA',
42             '-pkeyopt', 'type:fips186_4',
43             '-text'])),
44   "genpkey DSA params fips186_4 with unverifiable g");
45
46ok(run(app([ 'openssl', 'genpkey', '-genparam',
47             '-algorithm', 'DSA',
48             '-pkeyopt', 'pbits:2048',
49             '-pkeyopt', 'qbits:224',
50             '-pkeyopt', 'digest:SHA512-256',
51             '-pkeyopt', 'type:fips186_4'])),
52   "genpkey DSA params fips186_4 with truncated SHA");
53
54ok(run(app([ 'openssl', 'genpkey', '-genparam',
55             '-algorithm', 'DSA',
56             '-pkeyopt', 'type:fips186_2',
57             '-text'])),
58   "genpkey DSA params fips186_2");
59
60ok(run(app([ 'openssl', 'genpkey', '-genparam',
61             '-algorithm', 'DSA',
62             '-pkeyopt', 'type:fips186_2',
63             '-pkeyopt', 'dsa_paramgen_bits:1024',
64             '-out', 'dsagen.legacy.pem'])),
65   "genpkey DSA params fips186_2 PEM");
66
67ok(!run(app([ 'openssl', 'genpkey', '-algorithm', 'DSA',
68             '-pkeyopt', 'type:group',
69             '-text'])),
70   "genpkey DSA does not support groups");
71
72ok(run(app([ 'openssl', 'genpkey', '-genparam',
73             '-algorithm', 'DSA',
74             '-pkeyopt', 'gindex:1',
75             '-pkeyopt', 'type:fips186_4',
76             '-out', 'dsagen.pem'])),
77   "genpkey DSA params fips186_4 PEM");
78
79ok(run(app([ 'openssl', 'genpkey', '-genparam',
80             '-algorithm', 'DSA',
81             '-pkeyopt', 'gindex:1',
82             '-pkeyopt', 'pbits:2048',
83             '-pkeyopt', 'qbits:256',
84             '-pkeyopt', 'type:fips186_4',
85             '-outform', 'DER',
86             '-out', 'dsagen.der'])),
87   "genpkey DSA params fips186_4 DER");
88
89ok(run(app([ 'openssl', 'genpkey',
90             '-paramfile', 'dsagen.legacy.pem',
91             '-pkeyopt', 'type:fips186_2',
92             '-text'])),
93   "genpkey DSA fips186_2 with PEM params");
94
95# The seed and counter should be the ones generated from the param generation
96# Just put some dummy ones in to show it works.
97ok(run(app([ 'openssl', 'genpkey',
98             '-paramfile', 'dsagen.der',
99             '-pkeyopt', 'type:fips186_4',
100             '-pkeyopt', 'gindex:1',
101             '-pkeyopt', 'hexseed:0102030405060708090A0B0C0D0E0F1011121314',
102             '-pkeyopt', 'pcounter:25',
103             '-text'])),
104   "genpkey DSA fips186_4 with DER params");
105
106ok(!run(app([ 'openssl', 'genpkey',
107              '-algorithm', 'DSA'])),
108   "genpkey DSA with no params should fail");
109
110unless ($no_fips) {
111    my $provconf = srctop_file("test", "fips-and-base.cnf");
112    my $provpath = bldtop_dir("providers");
113    my @prov = ( "-provider-path", $provpath,
114                 "-config", $provconf);
115
116    $ENV{OPENSSL_TEST_LIBCTX} = "1";
117
118    # Generate params
119    ok(run(app(['openssl', 'genpkey',
120                @prov,
121               '-genparam',
122               '-algorithm', 'DSA',
123               '-pkeyopt', 'pbits:3072',
124               '-pkeyopt', 'qbits:256',
125               '-out', 'gendsatest3072params.pem'])),
126       "Generating 3072-bit DSA params");
127
128    # Generate keypair
129    ok(run(app(['openssl', 'genpkey',
130                @prov,
131               '-paramfile', 'gendsatest3072params.pem',
132               '-text',
133               '-out', 'gendsatest3072.pem'])),
134       "Generating 3072-bit DSA keypair");
135
136}
137