From 97485aec7f16714f309aeb6637bc4faa2f61f98a Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Thu, 22 Oct 2020 10:23:43 +0100 Subject: [PATCH] Add a test for the dhparam CLI application Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/13231) --- test/recipes/20-test_dhparam.t | 167 ++++++++++++++++++ .../20-test_dhparam_data/pkcs3-2-1024.der | Bin 0 -> 138 bytes .../20-test_dhparam_data/pkcs3-2-1024.pem | 5 + .../20-test_dhparam_data/pkcs3-2-2048.der | Bin 0 -> 268 bytes .../20-test_dhparam_data/pkcs3-2-2048.pem | 8 + .../20-test_dhparam_data/pkcs3-5-1024.der | Bin 0 -> 138 bytes .../20-test_dhparam_data/pkcs3-5-1024.pem | 5 + .../20-test_dhparam_data/x942-0-1024.der | Bin 0 -> 319 bytes .../20-test_dhparam_data/x942-0-1024.pem | 9 + 9 files changed, 194 insertions(+) create mode 100644 test/recipes/20-test_dhparam.t create mode 100644 test/recipes/20-test_dhparam_data/pkcs3-2-1024.der create mode 100644 test/recipes/20-test_dhparam_data/pkcs3-2-1024.pem create mode 100644 test/recipes/20-test_dhparam_data/pkcs3-2-2048.der create mode 100644 test/recipes/20-test_dhparam_data/pkcs3-2-2048.pem create mode 100644 test/recipes/20-test_dhparam_data/pkcs3-5-1024.der create mode 100644 test/recipes/20-test_dhparam_data/pkcs3-5-1024.pem create mode 100644 test/recipes/20-test_dhparam_data/x942-0-1024.der create mode 100644 test/recipes/20-test_dhparam_data/x942-0-1024.pem diff --git a/test/recipes/20-test_dhparam.t b/test/recipes/20-test_dhparam.t new file mode 100644 index 0000000000..63441a5785 --- /dev/null +++ b/test/recipes/20-test_dhparam.t @@ -0,0 +1,167 @@ +#! /usr/bin/env perl +# Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use strict; +use warnings; + +use OpenSSL::Test qw(:DEFAULT data_file); +use OpenSSL::Test::Utils; + +#Tests for the dhparam CLI application + +setup("test_dhparam"); + +plan skip_all => "DH is not supported in this build" + if disabled("dh"); +plan tests => 16; + +sub checkdhparams { + my $file = shift; #Filename containing params + my $type = shift; #PKCS3 or X9.42? + my $gen = shift; #2, 5 or something else (0 is "something else")? + my $format = shift; #DER or PEM? + my $bits = shift; #Number of bits in p + my $pemtype; + my $readtype; + my $readbits = 0; + my $genline; + + if (-T $file) { + #Text file. Check it looks like PEM + open(PEMFILE, '<', $file) or die $!; + if (my $firstline = ) { + chomp($firstline); + if ($firstline eq "-----BEGIN DH PARAMETERS-----") { + $pemtype = "PKCS3"; + } elsif ($firstline eq "-----BEGIN X9.42 DH PARAMETERS-----") { + $pemtype = "X9.42"; + } + } else { + $pemtype = ""; + } + close(PEMFILE); + ok(($format eq "PEM") && defined $pemtype, "Checking format is PEM"); + } else { + ok($format eq "DER", "Checking format is DER"); + #No PEM type in this case, so we just set the pemtype to the expected + #type so that we never fail that part of the test + $pemtype = $type; + } + my @textdata = run(app(['openssl', 'dhparam', '-in', $file, '-noout', + '-text', '-inform', $format]), capture => 1); + chomp(@textdata); + #Trim trailing whitespace + @textdata = grep { s/\s*$//g } @textdata; + if (grep { $_ =~ 'Q:' } @textdata) { + $readtype = "X9.42"; + } else { + $readtype = "PKCS3"; + } + ok(($type eq $pemtype) && ($type eq $readtype), + "Checking parameter type is ".$type." ($pemtype, $readtype)"); + + if (defined $textdata[0] && $textdata[0] =~ /DH Parameters: \((\d+) bit\)/) { + $readbits = $1; + } + ok($bits == $readbits, "Checking number of bits is $bits"); + if ($gen == 2 || $gen == 5) { + #For generators 2 and 5 the value appears on the same line + $genline = "G: $gen (0x$gen)"; + } else { + #For any other generator the value appears on the following line + $genline = "G:"; + } + + ok((grep { (index($_, $genline) + length ($genline)) == length ($_)} @textdata), + "Checking generator is correct"); +} + +#Test some "known good" parameter files to check that we can read them +subtest "Read: 1024 bit PKCS3 params, generator 2, PEM file" => sub { + plan tests => 4; + checkdhparams(data_file("pkcs3-2-1024.pem"), "PKCS3", 2, "PEM", 1024); +}; +subtest "Read: 1024 bit PKCS3 params, generator 5, PEM file" => sub { + plan tests => 4; + checkdhparams(data_file("pkcs3-5-1024.pem"), "PKCS3", 5, "PEM", 1024); +}; +subtest "Read: 2048 bit PKCS3 params, generator 2, PEM file" => sub { + plan tests => 4; + checkdhparams(data_file("pkcs3-2-2048.pem"), "PKCS3", 2, "PEM", 2048); +}; +subtest "Read: 1024 bit X9.42 params, PEM file" => sub { + plan tests => 4; + checkdhparams(data_file("x942-0-1024.pem"), "X9.42", 0, "PEM", 1024); +}; +subtest "Read: 1024 bit PKCS3 params, generator 2, DER file" => sub { + plan tests => 4; + checkdhparams(data_file("pkcs3-2-1024.der"), "PKCS3", 2, "DER", 1024); +}; +subtest "Read: 1024 bit PKCS3 params, generator 5, DER file" => sub { + plan tests => 4; + checkdhparams(data_file("pkcs3-5-1024.der"), "PKCS3", 5, "DER", 1024); +}; +subtest "Read: 2048 bit PKCS3 params, generator 2, DER file" => sub { + plan tests => 4; + checkdhparams(data_file("pkcs3-2-2048.der"), "PKCS3", 2, "DER", 2048); +}; +subtest "Read: 1024 bit X9.42 params, DER file" => sub { + checkdhparams(data_file("x942-0-1024.der"), "X9.42", 0, "DER", 1024); +}; + +#Test that generating parameters of different types creates what we expect. We +#use 512 for the size for speed reasons. Don't use this in real applications! +subtest "Generate: 512 bit PKCS3 params, generator 2, PEM file" => sub { + plan tests => 5; + ok(run(app([ 'openssl', 'dhparam', '-out', 'gen-pkcs3-2-512.pem', + '512' ]))); + checkdhparams("gen-pkcs3-2-512.pem", "PKCS3", 2, "PEM", 512); +}; +subtest "Generate: 512 bit PKCS3 params, explicit generator 2, PEM file" => sub { + plan tests => 5; + ok(run(app([ 'openssl', 'dhparam', '-out', 'gen-pkcs3-exp2-512.pem', '-2', + '512' ]))); + checkdhparams("gen-pkcs3-exp2-512.pem", "PKCS3", 2, "PEM", 512); +}; +subtest "Generate: 512 bit PKCS3 params, generator 5, PEM file" => sub { + plan tests => 5; + ok(run(app([ 'openssl', 'dhparam', '-out', 'gen-pkcs3-5-512.pem', '-5', + '512' ]))); + checkdhparams("gen-pkcs3-5-512.pem", "PKCS3", 5, "PEM", 512); +}; +subtest "Generate: 512 bit PKCS3 params, generator 2, explicit PEM file" => sub { + plan tests => 5; + ok(run(app([ 'openssl', 'dhparam', '-out', 'gen-pkcs3-2-512.exp.pem', + '-outform', 'PEM', '512' ]))); + checkdhparams("gen-pkcs3-2-512.exp.pem", "PKCS3", 2, "PEM", 512); +}; +subtest "Generate: 512 bit X9.42 params, generator 0, PEM file" => sub { + plan tests => 5; + ok(run(app([ 'openssl', 'dhparam', '-out', 'gen-x942-0-512.pem', + '-dsaparam', '512' ]))); + checkdhparams("gen-x942-0-512.pem", "X9.42", 0, "PEM", 512); +}; +subtest "Generate: 512 bit X9.42 params, explicit generator 2, PEM file" => sub { + plan tests => 1; + #Expected to fail - you cannot select a generator with '-dsaparam' + ok(!run(app([ 'openssl', 'dhparam', '-out', 'gen-x942-exp2-512.pem', '-2', + '-dsaparam', '512' ]))); +}; +subtest "Generate: 512 bit X9.42 params, generator 5, PEM file" => sub { + plan tests => 1; + #Expected to fail - you cannot select a generator with '-dsaparam' + ok(!run(app([ 'openssl', 'dhparam', '-out', 'gen-x942-5-512.pem', + '-5', '-dsaparam', '512' ]))); +}; +subtest "Generate: 512 bit X9.42 params, generator 0, DER file" => sub { + plan tests => 5; + ok(run(app([ 'openssl', 'dhparam', '-out', 'gen-x942-0-512.der', + '-dsaparam', '-outform', 'DER', '512' ]))); + checkdhparams("gen-x942-0-512.der", "X9.42", 0, "DER", 512); +}; diff --git a/test/recipes/20-test_dhparam_data/pkcs3-2-1024.der b/test/recipes/20-test_dhparam_data/pkcs3-2-1024.der new file mode 100644 index 0000000000000000000000000000000000000000..9cae01ca83ecf254a028fcf48d92d9f1e890ba78 GIT binary patch literal 138 zcmV;50CoQ`frkQtfdGUUs$HrvXA3Sew1a9==5 zD{$IOE*L|HaJrV$11g`d3i}~+MJ6r}L?b`#tUcDz@**6j#zz@PhjUr&&6>i1e)x;nP;0l!e2wj?5lgU+80mcM%^j8$u_r(|HtVTV8=g$WeM6bg{l6% zt*{@eX73(VX2b24wNp!@s`7JfBP~={5Z+IKl)zQJc9u)M;$!2)nZ@_P`FbA!ZAj>g?sju&WY=In&B`O01@x1O&`4(EL#sFsj$-h)#0D-8cM- SzMMLM@Fwu{={2&G0s#VqaD^NI literal 0 HcmV?d00001 diff --git a/test/recipes/20-test_dhparam_data/pkcs3-2-2048.pem b/test/recipes/20-test_dhparam_data/pkcs3-2-2048.pem new file mode 100644 index 0000000000..1b18d4efad --- /dev/null +++ b/test/recipes/20-test_dhparam_data/pkcs3-2-2048.pem @@ -0,0 +1,8 @@ +-----BEGIN DH PARAMETERS----- +MIIBCAKCAQEAnpsK4ZwLxWUBcDH8BlIvjnUStc9etrEq/dGTqWq5d6pOldZ/JzYn +qrfIQCicE5bRF2VSZ7ceg4tzO/dtfg86vnzB9Q0oiRM2NuLS0clPZ+RH0wvWyV9Y +/PgnSqFOaURmIKln0vWy8yJJcjpUL4gFl+S/G0sf6aIRoe/GsJE/2wocD2/LkK1t +6tyunTbp7oijar1/0Q3L0rVazkgXAJDtunWlS4t1DbFgx04na7mD/wGDAM7SqvnU +P7c8uXlWmIZHH9okmykgiMI3+TU3ESFyfK0ABrbK7qHxPjpYJasiv4T0MsryH0e4 +4NI/Z2HyNAeKovaq9paBsui5drN5rSSNuwIBAg== +-----END DH PARAMETERS----- diff --git a/test/recipes/20-test_dhparam_data/pkcs3-5-1024.der b/test/recipes/20-test_dhparam_data/pkcs3-5-1024.der new file mode 100644 index 0000000000000000000000000000000000000000..c2fbc23287f5b35b084f2ab04be854e7725a140c GIT binary patch literal 138 zcmV;50CoQ`frkQtfdI^~gNtO*eik0?gjd`*to#p&Ft$k#F8W|FPeSDhPR2mN+h#8h zdl=UtumU~$ogHqy;wABqb9?`*b8kyV=$)`Tma|2J*}wjN-<(ANH{w#tW$FB8yhz+C s?Jc3{-$qbA>EF7S5pt{Y#?jKVy@GCp^Z0P@=QbYhO@JJYFRuat1!YD?t^fc4 literal 0 HcmV?d00001 diff --git a/test/recipes/20-test_dhparam_data/pkcs3-5-1024.pem b/test/recipes/20-test_dhparam_data/pkcs3-5-1024.pem new file mode 100644 index 0000000000..fc93d470a2 --- /dev/null +++ b/test/recipes/20-test_dhparam_data/pkcs3-5-1024.pem @@ -0,0 +1,5 @@ +-----BEGIN DH PARAMETERS----- +MIGHAoGBAINLNshx3qDIHPR4UMK7SDgzdBa1G5j4GTsw+Nquge7P6JL/4zKwjuny +IUzbcD8bcyhayS8yRYoKg7MAd3ApStKUHhG5h8LqRQO5I9iXdch8u+Dsmpb1Gf8+ +JFTOHsoMf4wHwGLr883TODBmbP4g9AZKEAlyKWcI6Qvulhk6fk+/AgEF +-----END DH PARAMETERS----- diff --git a/test/recipes/20-test_dhparam_data/x942-0-1024.der b/test/recipes/20-test_dhparam_data/x942-0-1024.der new file mode 100644 index 0000000000000000000000000000000000000000..41db9506cd4f026cb14640178e2943828b38f1f9 GIT binary patch literal 319 zcmV-F0l@w+f&n`Mfq?+oI@*W?9s3)-vH&9)VJ&atE%X5udpe`VlaSag5yL7HU1hP! zI-N)_?N~mUycTU}m4=*aCqEdNMa|@_4R6LcNhU2QMKnxgeDSGAWqx+>d_d}dSQ+OT zGhd?X2K)9m?A6ewYbjNgt`~1_3-!4oXneaDu}6NdRhmDwZKN$I)DgZ{_n*1O(I>I!Tr7 zhj~UfzQ(ua$lM#7H`t_~QCo*@yL=7N`gLVRoX!RD)57Cv!-=~DbB>e{`#p# RON^xkX1f)<`|AP%0RvyQmi7Pu literal 0 HcmV?d00001 diff --git a/test/recipes/20-test_dhparam_data/x942-0-1024.pem b/test/recipes/20-test_dhparam_data/x942-0-1024.pem new file mode 100644 index 0000000000..045d36b133 --- /dev/null +++ b/test/recipes/20-test_dhparam_data/x942-0-1024.pem @@ -0,0 +1,9 @@ +-----BEGIN X9.42 DH PARAMETERS----- +MIIBOwKBgQDskzkX4bMaCeRWmyrR5VhoYbigr3UPU2eHTm8uPYjxUbQPBg+8sw64 +gklilB3BCja0snLRqN2DOgg/JBJhT+39f0nynPpjOiJSLf3giOCH/+eKOz+eLB2z +MuJkB7HAI7VL4xOJsCJ0K08/Tu6/qoS/gBVsAnaard4LixDcQ9dQbwKBgQDmgfeg +hL8896pzlqqr7QSw/oig+EN8HutbvA6BYaPMFyz0AGRP29MrQd3vMNV+OBQdjbgA +wFR/V5PqZM5/pUcoAQSfPKaGFj2QmBabOskDXPp1aqJzQMnlz6FGB/ttaScPey9P +gaN98WuvA+dy7jljoQlCQT+73jRbYfM5Uj6CxgIVAL5HGyZDqkbfJsbBDm3PYeIM +qJqvMBoDFQD8mX9cL0Pjbag03XhoqT6ygu6WFAIBXw== +-----END X9.42 DH PARAMETERS-----