Add a test for the dhparam CLI application

Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13231)
2025-04-27 02:04:37 +00:00 · 2020-10-22 10:23:43 +01:00 · 2020-10-22 10:23:43 +01:00 · 97485aec7f
commit 97485aec7f
parent 1fd08e909d
9 changed files with 194 additions and 0 deletions
--- a/test/recipes/20-test_dhparam.t
+++ b/test/recipes/20-test_dhparam.t
@ -0,0 +1,167 @@
+#! /usr/bin/env perl
+# Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use strict;
+use warnings;
+
+use OpenSSL::Test qw(:DEFAULT data_file);
+use OpenSSL::Test::Utils;
+
+#Tests for the dhparam CLI application
+
+setup("test_dhparam");
+
+plan skip_all => "DH is not supported in this build"
+    if disabled("dh");
+plan tests => 16;
+
+sub checkdhparams {
+    my $file = shift; #Filename containing params
+    my $type = shift; #PKCS3 or X9.42?
+    my $gen = shift; #2, 5 or something else (0 is "something else")?
+    my $format = shift; #DER or PEM?
+    my $bits = shift; #Number of bits in p
+    my $pemtype;
+    my $readtype;
+    my $readbits = 0;
+    my $genline;
+
+    if (-T $file) {
+        #Text file. Check it looks like PEM
+        open(PEMFILE, '<', $file) or die $!;
+        if (my $firstline = <PEMFILE>) {
+            chomp($firstline);
+            if ($firstline eq "-----BEGIN DH PARAMETERS-----") {
+                $pemtype = "PKCS3";
+            } elsif ($firstline eq "-----BEGIN X9.42 DH PARAMETERS-----") {
+                $pemtype = "X9.42";
+            }
+        } else {
+            $pemtype = "";
+        }
+        close(PEMFILE);
+        ok(($format eq "PEM") && defined $pemtype, "Checking format is PEM");
+    } else {
+        ok($format eq "DER", "Checking format is DER");
+        #No PEM type in this case, so we just set the pemtype to the expected
+        #type so that we never fail that part of the test
+        $pemtype = $type;
+    }
+    my @textdata = run(app(['openssl', 'dhparam', '-in', $file, '-noout',
+                            '-text', '-inform', $format]), capture => 1);
+    chomp(@textdata);
+    #Trim trailing whitespace
+    @textdata = grep { s/\s*$//g } @textdata;
+    if (grep { $_ =~ 'Q:' } @textdata) {
+        $readtype = "X9.42";
+    } else {
+        $readtype = "PKCS3";
+    }
+    ok(($type eq $pemtype) && ($type eq $readtype),
+       "Checking parameter type is ".$type." ($pemtype, $readtype)");
+
+    if (defined $textdata[0] && $textdata[0] =~ /DH Parameters: \((\d+) bit\)/) {
+        $readbits = $1;
+    }
+    ok($bits == $readbits, "Checking number of bits is $bits");
+    if ($gen == 2 || $gen == 5) {
+        #For generators 2 and 5 the value appears on the same line
+        $genline = "G:    $gen (0x$gen)";
+    } else {
+        #For any other generator the value appears on the following line
+        $genline = "G:";
+    }
+
+    ok((grep { (index($_, $genline) + length ($genline)) == length ($_)} @textdata),
+       "Checking generator is correct");
+}
+
+#Test some "known good" parameter files to check that we can read them
+subtest "Read: 1024 bit PKCS3 params, generator 2, PEM file" => sub {
+    plan tests => 4;
+    checkdhparams(data_file("pkcs3-2-1024.pem"), "PKCS3", 2, "PEM", 1024);
+};
+subtest "Read: 1024 bit PKCS3 params, generator 5, PEM file" => sub {
+    plan tests => 4;
+    checkdhparams(data_file("pkcs3-5-1024.pem"), "PKCS3", 5, "PEM", 1024);
+};
+subtest "Read: 2048 bit PKCS3 params, generator 2, PEM file" => sub {
+    plan tests => 4;
+    checkdhparams(data_file("pkcs3-2-2048.pem"), "PKCS3", 2, "PEM", 2048);
+};
+subtest "Read: 1024 bit X9.42 params, PEM file" => sub {
+    plan tests => 4;
+    checkdhparams(data_file("x942-0-1024.pem"), "X9.42", 0, "PEM", 1024);
+};
+subtest "Read: 1024 bit PKCS3 params, generator 2, DER file" => sub {
+    plan tests => 4;
+    checkdhparams(data_file("pkcs3-2-1024.der"), "PKCS3", 2, "DER", 1024);
+};
+subtest "Read: 1024 bit PKCS3 params, generator 5, DER file" => sub {
+    plan tests => 4;
+    checkdhparams(data_file("pkcs3-5-1024.der"), "PKCS3", 5, "DER", 1024);
+};
+subtest "Read: 2048 bit PKCS3 params, generator 2, DER file" => sub {
+    plan tests => 4;
+    checkdhparams(data_file("pkcs3-2-2048.der"), "PKCS3", 2, "DER", 2048);
+};
+subtest "Read: 1024 bit X9.42 params, DER file" => sub {
+    checkdhparams(data_file("x942-0-1024.der"), "X9.42", 0, "DER", 1024);
+};
+
+#Test that generating parameters of different types creates what we expect. We
+#use 512 for the size for speed reasons. Don't use this in real applications!
+subtest "Generate: 512 bit PKCS3 params, generator 2, PEM file" => sub {
+    plan tests => 5;
+    ok(run(app([ 'openssl', 'dhparam', '-out', 'gen-pkcs3-2-512.pem',
+                 '512' ])));
+    checkdhparams("gen-pkcs3-2-512.pem", "PKCS3", 2, "PEM", 512);
+};
+subtest "Generate: 512 bit PKCS3 params, explicit generator 2, PEM file" => sub {
+    plan tests => 5;
+    ok(run(app([ 'openssl', 'dhparam', '-out', 'gen-pkcs3-exp2-512.pem', '-2',
+                 '512' ])));
+    checkdhparams("gen-pkcs3-exp2-512.pem", "PKCS3", 2, "PEM", 512);
+};
+subtest "Generate: 512 bit PKCS3 params, generator 5, PEM file" => sub {
+    plan tests => 5;
+    ok(run(app([ 'openssl', 'dhparam', '-out', 'gen-pkcs3-5-512.pem', '-5',
+                 '512' ])));
+    checkdhparams("gen-pkcs3-5-512.pem", "PKCS3", 5, "PEM", 512);
+};
+subtest "Generate: 512 bit PKCS3 params, generator 2, explicit PEM file" => sub {
+    plan tests => 5;
+    ok(run(app([ 'openssl', 'dhparam', '-out', 'gen-pkcs3-2-512.exp.pem',
+                 '-outform', 'PEM', '512' ])));
+    checkdhparams("gen-pkcs3-2-512.exp.pem", "PKCS3", 2, "PEM", 512);
+};
+subtest "Generate: 512 bit X9.42 params, generator 0, PEM file" => sub {
+    plan tests => 5;
+    ok(run(app([ 'openssl', 'dhparam', '-out', 'gen-x942-0-512.pem',
+                 '-dsaparam', '512' ])));
+    checkdhparams("gen-x942-0-512.pem", "X9.42", 0, "PEM", 512);
+};
+subtest "Generate: 512 bit X9.42 params, explicit generator 2, PEM file" => sub {
+    plan tests => 1;
+    #Expected to fail - you cannot select a generator with '-dsaparam'
+    ok(!run(app([ 'openssl', 'dhparam', '-out', 'gen-x942-exp2-512.pem', '-2',
+                  '-dsaparam', '512' ])));
+};
+subtest "Generate: 512 bit X9.42 params, generator 5, PEM file" => sub {
+    plan tests => 1;
+    #Expected to fail - you cannot select a generator with '-dsaparam'
+    ok(!run(app([ 'openssl', 'dhparam', '-out', 'gen-x942-5-512.pem',
+                  '-5', '-dsaparam', '512' ])));
+};
+subtest "Generate: 512 bit X9.42 params, generator 0, DER file" => sub {
+    plan tests => 5;
+    ok(run(app([ 'openssl', 'dhparam', '-out', 'gen-x942-0-512.der',
+                 '-dsaparam', '-outform', 'DER', '512' ])));
+    checkdhparams("gen-x942-0-512.der", "X9.42", 0, "DER", 512);
+};
--- a/test/recipes/20-test_dhparam_data/pkcs3-2-1024.der
+++ b/test/recipes/20-test_dhparam_data/pkcs3-2-1024.der
--- a/test/recipes/20-test_dhparam_data/pkcs3-2-1024.pem
+++ b/test/recipes/20-test_dhparam_data/pkcs3-2-1024.pem
@ -0,0 +1,5 @@
+-----BEGIN DH PARAMETERS-----
+MIGHAoGBANbtqnwjHSC1EIivUM8e2xuSgG1k4LfetWkRNvjf0k+RBKGdtkbCH/0w
+Jcdt1v4vC1WeMTFMFEZTEwp0e4LyoD5WQbU76ndlOKXiqSCOwH1v/URH604q0eFP
+gXDfnSLoKLqSDjLRkfbBfpyJVrgxqQxMHXXkQxDH2SfBnq6pouizAgEC
+-----END DH PARAMETERS-----
--- a/test/recipes/20-test_dhparam_data/pkcs3-2-2048.der
+++ b/test/recipes/20-test_dhparam_data/pkcs3-2-2048.der
--- a/test/recipes/20-test_dhparam_data/pkcs3-2-2048.pem
+++ b/test/recipes/20-test_dhparam_data/pkcs3-2-2048.pem
@ -0,0 +1,8 @@
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEAnpsK4ZwLxWUBcDH8BlIvjnUStc9etrEq/dGTqWq5d6pOldZ/JzYn
+qrfIQCicE5bRF2VSZ7ceg4tzO/dtfg86vnzB9Q0oiRM2NuLS0clPZ+RH0wvWyV9Y
+/PgnSqFOaURmIKln0vWy8yJJcjpUL4gFl+S/G0sf6aIRoe/GsJE/2wocD2/LkK1t
+6tyunTbp7oijar1/0Q3L0rVazkgXAJDtunWlS4t1DbFgx04na7mD/wGDAM7SqvnU
+P7c8uXlWmIZHH9okmykgiMI3+TU3ESFyfK0ABrbK7qHxPjpYJasiv4T0MsryH0e4
+4NI/Z2HyNAeKovaq9paBsui5drN5rSSNuwIBAg==
+-----END DH PARAMETERS-----
--- a/test/recipes/20-test_dhparam_data/pkcs3-5-1024.der
+++ b/test/recipes/20-test_dhparam_data/pkcs3-5-1024.der
--- a/test/recipes/20-test_dhparam_data/pkcs3-5-1024.pem
+++ b/test/recipes/20-test_dhparam_data/pkcs3-5-1024.pem
@ -0,0 +1,5 @@
+-----BEGIN DH PARAMETERS-----
+MIGHAoGBAINLNshx3qDIHPR4UMK7SDgzdBa1G5j4GTsw+Nquge7P6JL/4zKwjuny
+IUzbcD8bcyhayS8yRYoKg7MAd3ApStKUHhG5h8LqRQO5I9iXdch8u+Dsmpb1Gf8+
+JFTOHsoMf4wHwGLr883TODBmbP4g9AZKEAlyKWcI6Qvulhk6fk+/AgEF
+-----END DH PARAMETERS-----
--- a/test/recipes/20-test_dhparam_data/x942-0-1024.der
+++ b/test/recipes/20-test_dhparam_data/x942-0-1024.der
--- a/test/recipes/20-test_dhparam_data/x942-0-1024.pem
+++ b/test/recipes/20-test_dhparam_data/x942-0-1024.pem
@ -0,0 +1,9 @@
+-----BEGIN X9.42 DH PARAMETERS-----
+MIIBOwKBgQDskzkX4bMaCeRWmyrR5VhoYbigr3UPU2eHTm8uPYjxUbQPBg+8sw64
+gklilB3BCja0snLRqN2DOgg/JBJhT+39f0nynPpjOiJSLf3giOCH/+eKOz+eLB2z
+MuJkB7HAI7VL4xOJsCJ0K08/Tu6/qoS/gBVsAnaard4LixDcQ9dQbwKBgQDmgfeg
+hL8896pzlqqr7QSw/oig+EN8HutbvA6BYaPMFyz0AGRP29MrQd3vMNV+OBQdjbgA
+wFR/V5PqZM5/pUcoAQSfPKaGFj2QmBabOskDXPp1aqJzQMnlz6FGB/ttaScPey9P
+gaN98WuvA+dy7jljoQlCQT+73jRbYfM5Uj6CxgIVAL5HGyZDqkbfJsbBDm3PYeIM
+qJqvMBoDFQD8mX9cL0Pjbag03XhoqT6ygu6WFAIBXw==
+-----END X9.42 DH PARAMETERS-----