1#! /usr/bin/env perl
2# Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
3#
4# Licensed under the Apache License 2.0 (the "License").  You may not use
5# this file except in compliance with the License.  You can obtain a copy
6# in the file LICENSE in the source distribution or at
7# https://www.openssl.org/source/license.html
8
9
10use strict;
11use warnings;
12
13use OpenSSL::Test qw(:DEFAULT data_file);
14use OpenSSL::Test::Utils;
15
16#Tests for the dhparam CLI application
17
18setup("test_dhparam");
19
20plan skip_all => "DH is not supported in this build"
21    if disabled("dh");
22plan tests => 17;
23
24sub checkdhparams {
25    my $file = shift; #Filename containing params
26    my $type = shift; #PKCS3 or X9.42?
27    my $gen = shift; #2, 5 or something else (0 is "something else")?
28    my $format = shift; #DER or PEM?
29    my $bits = shift; #Number of bits in p
30    my $pemtype;
31    my $readtype;
32    my $readbits = 0;
33    my $genline;
34
35    if (-T $file) {
36        #Text file. Check it looks like PEM
37        open(PEMFILE, '<', $file) or die $!;
38        if (my $firstline = <PEMFILE>) {
39            $firstline =~ s/\R$//;
40            if ($firstline eq "-----BEGIN DH PARAMETERS-----") {
41                $pemtype = "PKCS3";
42            } elsif ($firstline eq "-----BEGIN X9.42 DH PARAMETERS-----") {
43                $pemtype = "X9.42";
44            } else {
45                $pemtype = "";
46            }
47        } else {
48            $pemtype = "";
49        }
50        close(PEMFILE);
51        ok(($format eq "PEM") && defined $pemtype, "Checking format is PEM");
52    } else {
53        ok($format eq "DER", "Checking format is DER");
54        #No PEM type in this case, so we just set the pemtype to the expected
55        #type so that we never fail that part of the test
56        $pemtype = $type;
57    }
58    my @textdata = run(app(['openssl', 'dhparam', '-in', $file, '-noout',
59                            '-text', '-inform', $format]), capture => 1);
60    chomp(@textdata);
61    #Trim trailing whitespace
62    @textdata = grep { s/\s*$//g } @textdata;
63    if (grep { $_ =~ 'Q:' } @textdata) {
64        $readtype = "X9.42";
65    } else {
66        $readtype = "PKCS3";
67    }
68    ok(($type eq $pemtype) && ($type eq $readtype),
69       "Checking parameter type is ".$type." ($pemtype, $readtype)");
70
71    if (defined $textdata[0] && $textdata[0] =~ /DH Parameters: \((\d+) bit\)/) {
72        $readbits = $1;
73    }
74    ok($bits == $readbits, "Checking number of bits is $bits");
75    if ($gen == 2 || $gen == 5) {
76        #For generators 2 and 5 the value appears on the same line
77        $genline = "G:    $gen (0x$gen)";
78    } else {
79        #For any other generator the value appears on the following line
80        $genline = "G:";
81    }
82
83    ok((grep { (index($_, $genline) + length ($genline)) == length ($_)} @textdata),
84       "Checking generator is correct");
85}
86
87#Test some "known good" parameter files to check that we can read them
88subtest "Read: 1024 bit PKCS3 params, generator 2, PEM file" => sub {
89    plan tests => 4;
90    checkdhparams(data_file("pkcs3-2-1024.pem"), "PKCS3", 2, "PEM", 1024);
91};
92subtest "Read: 1024 bit PKCS3 params, generator 5, PEM file" => sub {
93    plan tests => 4;
94    checkdhparams(data_file("pkcs3-5-1024.pem"), "PKCS3", 5, "PEM", 1024);
95};
96subtest "Read: 2048 bit PKCS3 params, generator 2, PEM file" => sub {
97    plan tests => 4;
98    checkdhparams(data_file("pkcs3-2-2048.pem"), "PKCS3", 2, "PEM", 2048);
99};
100subtest "Read: 1024 bit X9.42 params, PEM file" => sub {
101    plan tests => 4;
102    checkdhparams(data_file("x942-0-1024.pem"), "X9.42", 0, "PEM", 1024);
103};
104subtest "Read: 1024 bit PKCS3 params, generator 2, DER file" => sub {
105    plan tests => 4;
106    checkdhparams(data_file("pkcs3-2-1024.der"), "PKCS3", 2, "DER", 1024);
107};
108subtest "Read: 1024 bit PKCS3 params, generator 5, DER file" => sub {
109    plan tests => 4;
110    checkdhparams(data_file("pkcs3-5-1024.der"), "PKCS3", 5, "DER", 1024);
111};
112subtest "Read: 2048 bit PKCS3 params, generator 2, DER file" => sub {
113    plan tests => 4;
114    checkdhparams(data_file("pkcs3-2-2048.der"), "PKCS3", 2, "DER", 2048);
115};
116subtest "Read: 1024 bit X9.42 params, DER file" => sub {
117    checkdhparams(data_file("x942-0-1024.der"), "X9.42", 0, "DER", 1024);
118};
119
120#Test that generating parameters of different types creates what we expect. We
121#use 512 for the size for speed reasons. Don't use this in real applications!
122subtest "Generate: 512 bit PKCS3 params, generator 2, PEM file" => sub {
123    plan tests => 5;
124    ok(run(app([ 'openssl', 'dhparam', '-out', 'gen-pkcs3-2-512.pem',
125                 '512' ])));
126    checkdhparams("gen-pkcs3-2-512.pem", "PKCS3", 2, "PEM", 512);
127};
128subtest "Generate: 512 bit PKCS3 params, explicit generator 2, PEM file" => sub {
129    plan tests => 5;
130    ok(run(app([ 'openssl', 'dhparam', '-out', 'gen-pkcs3-exp2-512.pem', '-2',
131                 '512' ])));
132    checkdhparams("gen-pkcs3-exp2-512.pem", "PKCS3", 2, "PEM", 512);
133};
134subtest "Generate: 512 bit PKCS3 params, generator 5, PEM file" => sub {
135    plan tests => 5;
136    ok(run(app([ 'openssl', 'dhparam', '-out', 'gen-pkcs3-5-512.pem', '-5',
137                 '512' ])));
138    checkdhparams("gen-pkcs3-5-512.pem", "PKCS3", 5, "PEM", 512);
139};
140subtest "Generate: 512 bit PKCS3 params, generator 2, explicit PEM file" => sub {
141    plan tests => 5;
142    ok(run(app([ 'openssl', 'dhparam', '-out', 'gen-pkcs3-2-512.exp.pem',
143                 '-outform', 'PEM', '512' ])));
144    checkdhparams("gen-pkcs3-2-512.exp.pem", "PKCS3", 2, "PEM", 512);
145};
146SKIP: {
147    skip "Skipping tests that require DSA", 4 if disabled("dsa");
148
149    subtest "Generate: 512 bit X9.42 params, generator 0, PEM file" => sub {
150        plan tests => 5;
151        ok(run(app([ 'openssl', 'dhparam', '-out', 'gen-x942-0-512.pem',
152                    '-dsaparam', '512' ])));
153        checkdhparams("gen-x942-0-512.pem", "X9.42", 0, "PEM", 512);
154    };
155    subtest "Generate: 512 bit X9.42 params, explicit generator 2, PEM file" => sub {
156        plan tests => 1;
157        #Expected to fail - you cannot select a generator with '-dsaparam'
158        ok(!run(app([ 'openssl', 'dhparam', '-out', 'gen-x942-exp2-512.pem', '-2',
159                    '-dsaparam', '512' ])));
160    };
161    subtest "Generate: 512 bit X9.42 params, generator 5, PEM file" => sub {
162        plan tests => 1;
163        #Expected to fail - you cannot select a generator with '-dsaparam'
164        ok(!run(app([ 'openssl', 'dhparam', '-out', 'gen-x942-5-512.pem',
165                    '-5', '-dsaparam', '512' ])));
166    };
167    subtest "Generate: 512 bit X9.42 params, generator 0, DER file" => sub {
168        plan tests => 5;
169        ok(run(app([ 'openssl', 'dhparam', '-out', 'gen-x942-0-512.der',
170                    '-dsaparam', '-outform', 'DER', '512' ])));
171        checkdhparams("gen-x942-0-512.der", "X9.42", 0, "DER", 512);
172    };
173}
174
175ok(run(app(["openssl", "dhparam", "-noout", "-text"],
176           stdin => data_file("pkcs3-2-1024.pem"))),
177   "stdinbuffer input test that uses BIO_gets");
178