1*e0c4386eSCy Schubert#! /usr/bin/env perl 2*e0c4386eSCy Schubert# Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. 3*e0c4386eSCy Schubert# 4*e0c4386eSCy Schubert# Licensed under the Apache License 2.0 (the "License"). You may not use 5*e0c4386eSCy Schubert# this file except in compliance with the License. You can obtain a copy 6*e0c4386eSCy Schubert# in the file LICENSE in the source distribution or at 7*e0c4386eSCy Schubert# https://www.openssl.org/source/license.html 8*e0c4386eSCy Schubert 9*e0c4386eSCy Schubert 10*e0c4386eSCy Schubertuse strict; 11*e0c4386eSCy Schubertuse warnings; 12*e0c4386eSCy Schubert 13*e0c4386eSCy Schubertuse File::Spec; 14*e0c4386eSCy Schubertuse OpenSSL::Glob; 15*e0c4386eSCy Schubertuse OpenSSL::Test qw/:DEFAULT data_file/; 16*e0c4386eSCy Schubertuse OpenSSL::Test::Utils; 17*e0c4386eSCy Schubert 18*e0c4386eSCy Schubertsetup("test_dhparam_check"); 19*e0c4386eSCy Schubert 20*e0c4386eSCy Schubertplan skip_all => "DH isn't supported in this build" 21*e0c4386eSCy Schubert if disabled("dh"); 22*e0c4386eSCy Schubert 23*e0c4386eSCy Schubert=pod Generation script 24*e0c4386eSCy Schubert 25*e0c4386eSCy Schubert#!/bin/sh 26*e0c4386eSCy Schubert 27*e0c4386eSCy SchubertTESTDIR=test/recipes/20-test_dhparam_check_data/valid 28*e0c4386eSCy Schubertrm -rf $TESTDIR 29*e0c4386eSCy Schubertmkdir -p $TESTDIR 30*e0c4386eSCy Schubert 31*e0c4386eSCy Schubert./util/opensslwrap.sh genpkey -genparam -algorithm DH -pkeyopt dh_rfc5114:1 -out $TESTDIR/dh_5114_1.pem 32*e0c4386eSCy Schubert./util/opensslwrap.sh genpkey -genparam -algorithm DH -pkeyopt dh_rfc5114:2 -out $TESTDIR/dh_5114_2.pem 33*e0c4386eSCy Schubert./util/opensslwrap.sh genpkey -genparam -algorithm DH -pkeyopt dh_rfc5114:3 -out $TESTDIR/dh_5114_3.pem 34*e0c4386eSCy Schubert./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt dh_rfc5114:2 -out $TESTDIR/dhx_5114_2.pem 35*e0c4386eSCy Schubert 36*e0c4386eSCy Schubert./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:1024 -pkeyopt qbits:160 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p1024_q160_t1862.pem 37*e0c4386eSCy Schubert./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:1024 -pkeyopt qbits:224 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p1024_q224_t1862.pem 38*e0c4386eSCy Schubert./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:1024 -pkeyopt qbits:256 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p1024_q256_t1862.pem 39*e0c4386eSCy Schubert 40*e0c4386eSCy Schubert./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:1024 -pkeyopt qbits:160 -pkeyopt type:fips186_4 -out $TESTDIR/dhx_p1024_q160_t1864.pem 41*e0c4386eSCy Schubert 42*e0c4386eSCy Schubert./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:2048 -pkeyopt qbits:160 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p2048_q160_t1862.pem 43*e0c4386eSCy Schubert./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:2048 -pkeyopt qbits:224 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p2048_q224_t1862.pem 44*e0c4386eSCy Schubert./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:2048 -pkeyopt qbits:256 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p2048_q256_t1862.pem 45*e0c4386eSCy Schubert 46*e0c4386eSCy Schubert./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:2048 -pkeyopt qbits:224 -pkeyopt type:fips186_4 -out $TESTDIR/dhx_p2048_q224_t1864.pem 47*e0c4386eSCy Schubert./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:2048 -pkeyopt qbits:256 -pkeyopt type:fips186_4 -out $TESTDIR/dhx_p2048_q256_t1864.pem 48*e0c4386eSCy Schubert 49*e0c4386eSCy Schubert./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:3072 -pkeyopt qbits:160 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p3072_q160_t1862.pem 50*e0c4386eSCy Schubert./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:3072 -pkeyopt qbits:224 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p3072_q224_t1862.pem 51*e0c4386eSCy Schubert./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:3072 -pkeyopt qbits:256 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p3072_q256_t1862.pem 52*e0c4386eSCy Schubert 53*e0c4386eSCy Schubert./util/opensslwrap.sh genpkey -genparam -algorithm DH -pkeyopt group:ffdhe2048 -out $TESTDIR/dh_ffdhe2048.pem 54*e0c4386eSCy Schubert./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt group:ffdhe2048 -out $TESTDIR/dhx_ffdhe2048.pem 55*e0c4386eSCy Schubert 56*e0c4386eSCy Schubert 57*e0c4386eSCy Schubert=cut 58*e0c4386eSCy Schubert 59*e0c4386eSCy Schubertmy @valid = glob(data_file("valid", "*.pem")); 60*e0c4386eSCy Schubertmy @invalid = glob(data_file("invalid", "*.pem")); 61*e0c4386eSCy Schubert 62*e0c4386eSCy Schubertmy $num_tests = scalar @valid + scalar @invalid; 63*e0c4386eSCy Schubertplan tests => 2 + 2 * $num_tests; 64*e0c4386eSCy Schubert 65*e0c4386eSCy Schubertforeach (@valid) { 66*e0c4386eSCy Schubert ok(run(app([qw{openssl dhparam -noout -check -in}, $_]))); 67*e0c4386eSCy Schubert ok(run(app([qw{openssl pkeyparam -noout -check -in}, $_]))); 68*e0c4386eSCy Schubert} 69*e0c4386eSCy Schubert 70*e0c4386eSCy Schubertforeach (@invalid) { 71*e0c4386eSCy Schubert ok(!run(app([qw{openssl dhparam -noout -check -in}, $_]))); 72*e0c4386eSCy Schubert ok(!run(app([qw{openssl pkeyparam -noout -check -in}, $_]))); 73*e0c4386eSCy Schubert} 74*e0c4386eSCy Schubert 75*e0c4386eSCy Schubertmy $tmpfile = 'out.txt'; 76*e0c4386eSCy Schubert 77*e0c4386eSCy Schubertsub contains { 78*e0c4386eSCy Schubert my $expected = shift; 79*e0c4386eSCy Schubert my $found = 0; 80*e0c4386eSCy Schubert open(my $in, '<', $tmpfile) or die "Could not open file $tmpfile"; 81*e0c4386eSCy Schubert while(<$in>) { 82*e0c4386eSCy Schubert $found = 1 if m/$expected/; # output must include $expected 83*e0c4386eSCy Schubert } 84*e0c4386eSCy Schubert close $in; 85*e0c4386eSCy Schubert return $found; 86*e0c4386eSCy Schubert} 87*e0c4386eSCy Schubert 88*e0c4386eSCy Schubert# Check that if we load dh params with only a 'p' and 'g' that it detects 89*e0c4386eSCy Schubert# that this is actually a valid named group. 90*e0c4386eSCy Schubertok(run(app([qw{openssl pkeyparam -text -in}, data_file("valid/dh_ffdhe2048.pem")], stdout => $tmpfile))); 91*e0c4386eSCy Schubertok(contains("ffdhe2048")) 92