1e1051a39Sopenharmony_ci#! /usr/bin/env perl
2e1051a39Sopenharmony_ci# Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
3e1051a39Sopenharmony_ci#
4e1051a39Sopenharmony_ci# Licensed under the Apache License 2.0 (the "License").  You may not use
5e1051a39Sopenharmony_ci# this file except in compliance with the License.  You can obtain a copy
6e1051a39Sopenharmony_ci# in the file LICENSE in the source distribution or at
7e1051a39Sopenharmony_ci# https://www.openssl.org/source/license.html
8e1051a39Sopenharmony_ci
9e1051a39Sopenharmony_ci
10e1051a39Sopenharmony_ciuse strict;
11e1051a39Sopenharmony_ciuse warnings;
12e1051a39Sopenharmony_ci
13e1051a39Sopenharmony_ciuse File::Spec;
14e1051a39Sopenharmony_ciuse OpenSSL::Test qw/:DEFAULT srctop_file srctop_dir bldtop_dir bldtop_file/;
15e1051a39Sopenharmony_ciuse OpenSSL::Test::Utils;
16e1051a39Sopenharmony_ci
17e1051a39Sopenharmony_ciBEGIN {
18e1051a39Sopenharmony_ci    setup("test_gendsa");
19e1051a39Sopenharmony_ci}
20e1051a39Sopenharmony_ci
21e1051a39Sopenharmony_ciuse lib srctop_dir('Configurations');
22e1051a39Sopenharmony_ciuse lib bldtop_dir('.');
23e1051a39Sopenharmony_ci
24e1051a39Sopenharmony_ciplan skip_all => "This test is unsupported in a no-dsa build"
25e1051a39Sopenharmony_ci    if disabled("dsa");
26e1051a39Sopenharmony_ci
27e1051a39Sopenharmony_cimy $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
28e1051a39Sopenharmony_ci
29e1051a39Sopenharmony_ciplan tests =>
30e1051a39Sopenharmony_ci    ($no_fips ? 0 : 2)          # FIPS related tests
31e1051a39Sopenharmony_ci    + 11;
32e1051a39Sopenharmony_ci
33e1051a39Sopenharmony_ciok(run(app([ 'openssl', 'genpkey', '-genparam',
34e1051a39Sopenharmony_ci             '-algorithm', 'DSA',
35e1051a39Sopenharmony_ci             '-pkeyopt', 'gindex:1',
36e1051a39Sopenharmony_ci             '-pkeyopt', 'type:fips186_4',
37e1051a39Sopenharmony_ci             '-text'])),
38e1051a39Sopenharmony_ci   "genpkey DSA params fips186_4 with verifiable g");
39e1051a39Sopenharmony_ci
40e1051a39Sopenharmony_ciok(run(app([ 'openssl', 'genpkey', '-genparam',
41e1051a39Sopenharmony_ci             '-algorithm', 'DSA',
42e1051a39Sopenharmony_ci             '-pkeyopt', 'type:fips186_4',
43e1051a39Sopenharmony_ci             '-text'])),
44e1051a39Sopenharmony_ci   "genpkey DSA params fips186_4 with unverifiable g");
45e1051a39Sopenharmony_ci
46e1051a39Sopenharmony_ciok(run(app([ 'openssl', 'genpkey', '-genparam',
47e1051a39Sopenharmony_ci             '-algorithm', 'DSA',
48e1051a39Sopenharmony_ci             '-pkeyopt', 'pbits:2048',
49e1051a39Sopenharmony_ci             '-pkeyopt', 'qbits:224',
50e1051a39Sopenharmony_ci             '-pkeyopt', 'digest:SHA512-256',
51e1051a39Sopenharmony_ci             '-pkeyopt', 'type:fips186_4'])),
52e1051a39Sopenharmony_ci   "genpkey DSA params fips186_4 with truncated SHA");
53e1051a39Sopenharmony_ci
54e1051a39Sopenharmony_ciok(run(app([ 'openssl', 'genpkey', '-genparam',
55e1051a39Sopenharmony_ci             '-algorithm', 'DSA',
56e1051a39Sopenharmony_ci             '-pkeyopt', 'type:fips186_2',
57e1051a39Sopenharmony_ci             '-text'])),
58e1051a39Sopenharmony_ci   "genpkey DSA params fips186_2");
59e1051a39Sopenharmony_ci
60e1051a39Sopenharmony_ciok(run(app([ 'openssl', 'genpkey', '-genparam',
61e1051a39Sopenharmony_ci             '-algorithm', 'DSA',
62e1051a39Sopenharmony_ci             '-pkeyopt', 'type:fips186_2',
63e1051a39Sopenharmony_ci             '-pkeyopt', 'dsa_paramgen_bits:1024',
64e1051a39Sopenharmony_ci             '-out', 'dsagen.legacy.pem'])),
65e1051a39Sopenharmony_ci   "genpkey DSA params fips186_2 PEM");
66e1051a39Sopenharmony_ci
67e1051a39Sopenharmony_ciok(!run(app([ 'openssl', 'genpkey', '-algorithm', 'DSA',
68e1051a39Sopenharmony_ci             '-pkeyopt', 'type:group',
69e1051a39Sopenharmony_ci             '-text'])),
70e1051a39Sopenharmony_ci   "genpkey DSA does not support groups");
71e1051a39Sopenharmony_ci
72e1051a39Sopenharmony_ciok(run(app([ 'openssl', 'genpkey', '-genparam',
73e1051a39Sopenharmony_ci             '-algorithm', 'DSA',
74e1051a39Sopenharmony_ci             '-pkeyopt', 'gindex:1',
75e1051a39Sopenharmony_ci             '-pkeyopt', 'type:fips186_4',
76e1051a39Sopenharmony_ci             '-out', 'dsagen.pem'])),
77e1051a39Sopenharmony_ci   "genpkey DSA params fips186_4 PEM");
78e1051a39Sopenharmony_ci
79e1051a39Sopenharmony_ciok(run(app([ 'openssl', 'genpkey', '-genparam',
80e1051a39Sopenharmony_ci             '-algorithm', 'DSA',
81e1051a39Sopenharmony_ci             '-pkeyopt', 'gindex:1',
82e1051a39Sopenharmony_ci             '-pkeyopt', 'pbits:2048',
83e1051a39Sopenharmony_ci             '-pkeyopt', 'qbits:256',
84e1051a39Sopenharmony_ci             '-pkeyopt', 'type:fips186_4',
85e1051a39Sopenharmony_ci             '-outform', 'DER',
86e1051a39Sopenharmony_ci             '-out', 'dsagen.der'])),
87e1051a39Sopenharmony_ci   "genpkey DSA params fips186_4 DER");
88e1051a39Sopenharmony_ci
89e1051a39Sopenharmony_ciok(run(app([ 'openssl', 'genpkey',
90e1051a39Sopenharmony_ci             '-paramfile', 'dsagen.legacy.pem',
91e1051a39Sopenharmony_ci             '-pkeyopt', 'type:fips186_2',
92e1051a39Sopenharmony_ci             '-text'])),
93e1051a39Sopenharmony_ci   "genpkey DSA fips186_2 with PEM params");
94e1051a39Sopenharmony_ci
95e1051a39Sopenharmony_ci# The seed and counter should be the ones generated from the param generation
96e1051a39Sopenharmony_ci# Just put some dummy ones in to show it works.
97e1051a39Sopenharmony_ciok(run(app([ 'openssl', 'genpkey',
98e1051a39Sopenharmony_ci             '-paramfile', 'dsagen.der',
99e1051a39Sopenharmony_ci             '-pkeyopt', 'type:fips186_4',
100e1051a39Sopenharmony_ci             '-pkeyopt', 'gindex:1',
101e1051a39Sopenharmony_ci             '-pkeyopt', 'hexseed:0102030405060708090A0B0C0D0E0F1011121314',
102e1051a39Sopenharmony_ci             '-pkeyopt', 'pcounter:25',
103e1051a39Sopenharmony_ci             '-text'])),
104e1051a39Sopenharmony_ci   "genpkey DSA fips186_4 with DER params");
105e1051a39Sopenharmony_ci
106e1051a39Sopenharmony_ciok(!run(app([ 'openssl', 'genpkey',
107e1051a39Sopenharmony_ci              '-algorithm', 'DSA'])),
108e1051a39Sopenharmony_ci   "genpkey DSA with no params should fail");
109e1051a39Sopenharmony_ci
110e1051a39Sopenharmony_ciunless ($no_fips) {
111e1051a39Sopenharmony_ci    my $provconf = srctop_file("test", "fips-and-base.cnf");
112e1051a39Sopenharmony_ci    my $provpath = bldtop_dir("providers");
113e1051a39Sopenharmony_ci    my @prov = ( "-provider-path", $provpath,
114e1051a39Sopenharmony_ci                 "-config", $provconf);
115e1051a39Sopenharmony_ci
116e1051a39Sopenharmony_ci    $ENV{OPENSSL_TEST_LIBCTX} = "1";
117e1051a39Sopenharmony_ci
118e1051a39Sopenharmony_ci    # Generate params
119e1051a39Sopenharmony_ci    ok(run(app(['openssl', 'genpkey',
120e1051a39Sopenharmony_ci                @prov,
121e1051a39Sopenharmony_ci               '-genparam',
122e1051a39Sopenharmony_ci               '-algorithm', 'DSA',
123e1051a39Sopenharmony_ci               '-pkeyopt', 'pbits:3072',
124e1051a39Sopenharmony_ci               '-pkeyopt', 'qbits:256',
125e1051a39Sopenharmony_ci               '-out', 'gendsatest3072params.pem'])),
126e1051a39Sopenharmony_ci       "Generating 3072-bit DSA params");
127e1051a39Sopenharmony_ci
128e1051a39Sopenharmony_ci    # Generate keypair
129e1051a39Sopenharmony_ci    ok(run(app(['openssl', 'genpkey',
130e1051a39Sopenharmony_ci                @prov,
131e1051a39Sopenharmony_ci               '-paramfile', 'gendsatest3072params.pem',
132e1051a39Sopenharmony_ci               '-text',
133e1051a39Sopenharmony_ci               '-out', 'gendsatest3072.pem'])),
134e1051a39Sopenharmony_ci       "Generating 3072-bit DSA keypair");
135e1051a39Sopenharmony_ci
136e1051a39Sopenharmony_ci}
137