1#! /usr/bin/env perl 2# Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. 3# 4# Licensed under the Apache License 2.0 (the "License"). You may not use 5# this file except in compliance with the License. You can obtain a copy 6# in the file LICENSE in the source distribution or at 7# https://www.openssl.org/source/license.html 8 9 10use strict; 11use warnings; 12 13use File::Spec; 14use OpenSSL::Test qw/:DEFAULT srctop_file srctop_dir bldtop_dir bldtop_file/; 15use OpenSSL::Test::Utils; 16 17BEGIN { 18 setup("test_gendsa"); 19} 20 21use lib srctop_dir('Configurations'); 22use lib bldtop_dir('.'); 23 24plan skip_all => "This test is unsupported in a no-dsa build" 25 if disabled("dsa"); 26 27my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); 28 29plan tests => 30 ($no_fips ? 0 : 2) # FIPS related tests 31 + 11; 32 33ok(run(app([ 'openssl', 'genpkey', '-genparam', 34 '-algorithm', 'DSA', 35 '-pkeyopt', 'gindex:1', 36 '-pkeyopt', 'type:fips186_4', 37 '-text'])), 38 "genpkey DSA params fips186_4 with verifiable g"); 39 40ok(run(app([ 'openssl', 'genpkey', '-genparam', 41 '-algorithm', 'DSA', 42 '-pkeyopt', 'type:fips186_4', 43 '-text'])), 44 "genpkey DSA params fips186_4 with unverifiable g"); 45 46ok(run(app([ 'openssl', 'genpkey', '-genparam', 47 '-algorithm', 'DSA', 48 '-pkeyopt', 'pbits:2048', 49 '-pkeyopt', 'qbits:224', 50 '-pkeyopt', 'digest:SHA512-256', 51 '-pkeyopt', 'type:fips186_4'])), 52 "genpkey DSA params fips186_4 with truncated SHA"); 53 54ok(run(app([ 'openssl', 'genpkey', '-genparam', 55 '-algorithm', 'DSA', 56 '-pkeyopt', 'type:fips186_2', 57 '-text'])), 58 "genpkey DSA params fips186_2"); 59 60ok(run(app([ 'openssl', 'genpkey', '-genparam', 61 '-algorithm', 'DSA', 62 '-pkeyopt', 'type:fips186_2', 63 '-pkeyopt', 'dsa_paramgen_bits:1024', 64 '-out', 'dsagen.legacy.pem'])), 65 "genpkey DSA params fips186_2 PEM"); 66 67ok(!run(app([ 'openssl', 'genpkey', '-algorithm', 'DSA', 68 '-pkeyopt', 'type:group', 69 '-text'])), 70 "genpkey DSA does not support groups"); 71 72ok(run(app([ 'openssl', 'genpkey', '-genparam', 73 '-algorithm', 'DSA', 74 '-pkeyopt', 'gindex:1', 75 '-pkeyopt', 'type:fips186_4', 76 '-out', 'dsagen.pem'])), 77 "genpkey DSA params fips186_4 PEM"); 78 79ok(run(app([ 'openssl', 'genpkey', '-genparam', 80 '-algorithm', 'DSA', 81 '-pkeyopt', 'gindex:1', 82 '-pkeyopt', 'pbits:2048', 83 '-pkeyopt', 'qbits:256', 84 '-pkeyopt', 'type:fips186_4', 85 '-outform', 'DER', 86 '-out', 'dsagen.der'])), 87 "genpkey DSA params fips186_4 DER"); 88 89ok(run(app([ 'openssl', 'genpkey', 90 '-paramfile', 'dsagen.legacy.pem', 91 '-pkeyopt', 'type:fips186_2', 92 '-text'])), 93 "genpkey DSA fips186_2 with PEM params"); 94 95# The seed and counter should be the ones generated from the param generation 96# Just put some dummy ones in to show it works. 97ok(run(app([ 'openssl', 'genpkey', 98 '-paramfile', 'dsagen.der', 99 '-pkeyopt', 'type:fips186_4', 100 '-pkeyopt', 'gindex:1', 101 '-pkeyopt', 'hexseed:0102030405060708090A0B0C0D0E0F1011121314', 102 '-pkeyopt', 'pcounter:25', 103 '-text'])), 104 "genpkey DSA fips186_4 with DER params"); 105 106ok(!run(app([ 'openssl', 'genpkey', 107 '-algorithm', 'DSA'])), 108 "genpkey DSA with no params should fail"); 109 110unless ($no_fips) { 111 my $provconf = srctop_file("test", "fips-and-base.cnf"); 112 my $provpath = bldtop_dir("providers"); 113 my @prov = ( "-provider-path", $provpath, 114 "-config", $provconf); 115 116 $ENV{OPENSSL_TEST_LIBCTX} = "1"; 117 118 # Generate params 119 ok(run(app(['openssl', 'genpkey', 120 @prov, 121 '-genparam', 122 '-algorithm', 'DSA', 123 '-pkeyopt', 'pbits:3072', 124 '-pkeyopt', 'qbits:256', 125 '-out', 'gendsatest3072params.pem'])), 126 "Generating 3072-bit DSA params"); 127 128 # Generate keypair 129 ok(run(app(['openssl', 'genpkey', 130 @prov, 131 '-paramfile', 'gendsatest3072params.pem', 132 '-text', 133 '-out', 'gendsatest3072.pem'])), 134 "Generating 3072-bit DSA keypair"); 135 136} 137