2010-12-10 20:25:25 -05:00
|
|
|
require_relative 'utils'
|
* ext/openssl/extconf.rb: check for EVP_CIPHER_CTX_copy, ENGINE_add,
EVP_CIPHER_CTX_set_padding, EVP_CipherFinal_ex, EVP_CipherInit_ex,
EVP_DigestFinal_ex and EVP_DigestInit_ex.
* ext/openssl/openssl_missing.c (EVP_CIPHER_CTX_copy): new function.
* ext/openssl/openssl_missing.h (EVP_DigestInit_ex, EVP_DigestFinal_ex,
EVP_CipherInit_ex, EVP_CipherFinal_ex, HMAC_Init_ex): new macro for
OpenSSL 0.9.6.
* ext/openssl/ossl_cipher.c (ossl_cipher_alloc, ossl_cipher_initialize,
ossl_cipher_copy, ossl_cipher_reset, ossl_cipher_encrypt,
ossl_cipher_decrypt, ossl_cipher_final, ossl_cipher_set_key,
ossl_cipher_set_iv): replace all EVP_CipherInit and
EVP_CipherFinal into EVP_CipherInit_ex and EVP_CipherFinal_ex.
and EVP_CIPHER_CTX_init should only be called once.
* ext/openssl/ossl_cipher.c (ossl_cipher_set_padding): check for
EVP_CIPHER_CTX_set_padding.
* ext/openssl/ossl_cipher.c (Init_ossl_cipher): Cipher#<< is deprecated.
* ext/openssl/ossl_digest.c: replace all EVP_DigestInit and
EVP_DigestFinal into EVP_DigestInit_ex and EVP_DigestFinal_ex.
and EVP_MD_CTX_init should only be called once.
* ext/openssl/ossl_digest.c (digest_final): should call
EVP_MD_CTX_cleanup to avoid memory leak.
* ext/openssl/ossl_hmac.c (ossl_hmac_initialize): repalce HMAC_init
into HMAC_init_ex. and HMAC_CTX_init is moved to ossl_hmac_alloc.
* ext/openssl/ossl_hmac.c (hmac_final): should call
HMAC_CTX_cleanup to avoid memory leak.
* test/openssl/test_cipher.rb, test/openssl/test_digest.rb,
test/openssl/test_hmac.rb: new file.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@6548 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2004-06-30 06:48:43 -04:00
|
|
|
|
2014-12-12 22:05:43 -05:00
|
|
|
if defined?(OpenSSL::TestUtils)
|
* ext/openssl/extconf.rb: check for EVP_CIPHER_CTX_copy, ENGINE_add,
EVP_CIPHER_CTX_set_padding, EVP_CipherFinal_ex, EVP_CipherInit_ex,
EVP_DigestFinal_ex and EVP_DigestInit_ex.
* ext/openssl/openssl_missing.c (EVP_CIPHER_CTX_copy): new function.
* ext/openssl/openssl_missing.h (EVP_DigestInit_ex, EVP_DigestFinal_ex,
EVP_CipherInit_ex, EVP_CipherFinal_ex, HMAC_Init_ex): new macro for
OpenSSL 0.9.6.
* ext/openssl/ossl_cipher.c (ossl_cipher_alloc, ossl_cipher_initialize,
ossl_cipher_copy, ossl_cipher_reset, ossl_cipher_encrypt,
ossl_cipher_decrypt, ossl_cipher_final, ossl_cipher_set_key,
ossl_cipher_set_iv): replace all EVP_CipherInit and
EVP_CipherFinal into EVP_CipherInit_ex and EVP_CipherFinal_ex.
and EVP_CIPHER_CTX_init should only be called once.
* ext/openssl/ossl_cipher.c (ossl_cipher_set_padding): check for
EVP_CIPHER_CTX_set_padding.
* ext/openssl/ossl_cipher.c (Init_ossl_cipher): Cipher#<< is deprecated.
* ext/openssl/ossl_digest.c: replace all EVP_DigestInit and
EVP_DigestFinal into EVP_DigestInit_ex and EVP_DigestFinal_ex.
and EVP_MD_CTX_init should only be called once.
* ext/openssl/ossl_digest.c (digest_final): should call
EVP_MD_CTX_cleanup to avoid memory leak.
* ext/openssl/ossl_hmac.c (ossl_hmac_initialize): repalce HMAC_init
into HMAC_init_ex. and HMAC_CTX_init is moved to ossl_hmac_alloc.
* ext/openssl/ossl_hmac.c (hmac_final): should call
HMAC_CTX_cleanup to avoid memory leak.
* test/openssl/test_cipher.rb, test/openssl/test_digest.rb,
test/openssl/test_hmac.rb: new file.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@6548 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2004-06-30 06:48:43 -04:00
|
|
|
|
|
|
|
class OpenSSL::TestCipher < Test::Unit::TestCase
|
2012-12-20 01:03:03 -05:00
|
|
|
|
|
|
|
class << self
|
|
|
|
|
|
|
|
def has_cipher?(name)
|
|
|
|
ciphers = OpenSSL::Cipher.ciphers
|
|
|
|
# redefine method so we can use the cached ciphers value from the closure
|
|
|
|
# and need not recompute the list each time
|
|
|
|
define_singleton_method :has_cipher? do |name|
|
|
|
|
ciphers.include?(name)
|
|
|
|
end
|
|
|
|
has_cipher?(name)
|
2012-12-20 01:18:26 -05:00
|
|
|
end
|
2012-12-20 01:03:03 -05:00
|
|
|
|
|
|
|
def has_ciphers?(list)
|
|
|
|
list.all? { |name| has_cipher?(name) }
|
|
|
|
end
|
|
|
|
|
|
|
|
end
|
|
|
|
|
* ext/openssl/extconf.rb: check for EVP_CIPHER_CTX_copy, ENGINE_add,
EVP_CIPHER_CTX_set_padding, EVP_CipherFinal_ex, EVP_CipherInit_ex,
EVP_DigestFinal_ex and EVP_DigestInit_ex.
* ext/openssl/openssl_missing.c (EVP_CIPHER_CTX_copy): new function.
* ext/openssl/openssl_missing.h (EVP_DigestInit_ex, EVP_DigestFinal_ex,
EVP_CipherInit_ex, EVP_CipherFinal_ex, HMAC_Init_ex): new macro for
OpenSSL 0.9.6.
* ext/openssl/ossl_cipher.c (ossl_cipher_alloc, ossl_cipher_initialize,
ossl_cipher_copy, ossl_cipher_reset, ossl_cipher_encrypt,
ossl_cipher_decrypt, ossl_cipher_final, ossl_cipher_set_key,
ossl_cipher_set_iv): replace all EVP_CipherInit and
EVP_CipherFinal into EVP_CipherInit_ex and EVP_CipherFinal_ex.
and EVP_CIPHER_CTX_init should only be called once.
* ext/openssl/ossl_cipher.c (ossl_cipher_set_padding): check for
EVP_CIPHER_CTX_set_padding.
* ext/openssl/ossl_cipher.c (Init_ossl_cipher): Cipher#<< is deprecated.
* ext/openssl/ossl_digest.c: replace all EVP_DigestInit and
EVP_DigestFinal into EVP_DigestInit_ex and EVP_DigestFinal_ex.
and EVP_MD_CTX_init should only be called once.
* ext/openssl/ossl_digest.c (digest_final): should call
EVP_MD_CTX_cleanup to avoid memory leak.
* ext/openssl/ossl_hmac.c (ossl_hmac_initialize): repalce HMAC_init
into HMAC_init_ex. and HMAC_CTX_init is moved to ossl_hmac_alloc.
* ext/openssl/ossl_hmac.c (hmac_final): should call
HMAC_CTX_cleanup to avoid memory leak.
* test/openssl/test_cipher.rb, test/openssl/test_digest.rb,
test/openssl/test_hmac.rb: new file.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@6548 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2004-06-30 06:48:43 -04:00
|
|
|
def setup
|
|
|
|
@c1 = OpenSSL::Cipher::Cipher.new("DES-EDE3-CBC")
|
|
|
|
@c2 = OpenSSL::Cipher::DES.new(:EDE3, "CBC")
|
|
|
|
@key = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"
|
2006-05-07 20:12:00 -04:00
|
|
|
@iv = "\0\0\0\0\0\0\0\0"
|
* ext/openssl/extconf.rb: check for EVP_CIPHER_CTX_copy, ENGINE_add,
EVP_CIPHER_CTX_set_padding, EVP_CipherFinal_ex, EVP_CipherInit_ex,
EVP_DigestFinal_ex and EVP_DigestInit_ex.
* ext/openssl/openssl_missing.c (EVP_CIPHER_CTX_copy): new function.
* ext/openssl/openssl_missing.h (EVP_DigestInit_ex, EVP_DigestFinal_ex,
EVP_CipherInit_ex, EVP_CipherFinal_ex, HMAC_Init_ex): new macro for
OpenSSL 0.9.6.
* ext/openssl/ossl_cipher.c (ossl_cipher_alloc, ossl_cipher_initialize,
ossl_cipher_copy, ossl_cipher_reset, ossl_cipher_encrypt,
ossl_cipher_decrypt, ossl_cipher_final, ossl_cipher_set_key,
ossl_cipher_set_iv): replace all EVP_CipherInit and
EVP_CipherFinal into EVP_CipherInit_ex and EVP_CipherFinal_ex.
and EVP_CIPHER_CTX_init should only be called once.
* ext/openssl/ossl_cipher.c (ossl_cipher_set_padding): check for
EVP_CIPHER_CTX_set_padding.
* ext/openssl/ossl_cipher.c (Init_ossl_cipher): Cipher#<< is deprecated.
* ext/openssl/ossl_digest.c: replace all EVP_DigestInit and
EVP_DigestFinal into EVP_DigestInit_ex and EVP_DigestFinal_ex.
and EVP_MD_CTX_init should only be called once.
* ext/openssl/ossl_digest.c (digest_final): should call
EVP_MD_CTX_cleanup to avoid memory leak.
* ext/openssl/ossl_hmac.c (ossl_hmac_initialize): repalce HMAC_init
into HMAC_init_ex. and HMAC_CTX_init is moved to ossl_hmac_alloc.
* ext/openssl/ossl_hmac.c (hmac_final): should call
HMAC_CTX_cleanup to avoid memory leak.
* test/openssl/test_cipher.rb, test/openssl/test_digest.rb,
test/openssl/test_hmac.rb: new file.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@6548 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2004-06-30 06:48:43 -04:00
|
|
|
@hexkey = "0000000000000000000000000000000000000000000000"
|
|
|
|
@hexiv = "0000000000000000"
|
|
|
|
@data = "DATA"
|
|
|
|
end
|
|
|
|
|
|
|
|
def teardown
|
|
|
|
@c1 = @c2 = nil
|
|
|
|
end
|
|
|
|
|
|
|
|
def test_crypt
|
2006-05-07 20:12:00 -04:00
|
|
|
@c1.encrypt.pkcs5_keyivgen(@key, @iv)
|
|
|
|
@c2.encrypt.pkcs5_keyivgen(@key, @iv)
|
|
|
|
s1 = @c1.update(@data) + @c1.final
|
|
|
|
s2 = @c2.update(@data) + @c2.final
|
* ext/openssl/extconf.rb: check for EVP_CIPHER_CTX_copy, ENGINE_add,
EVP_CIPHER_CTX_set_padding, EVP_CipherFinal_ex, EVP_CipherInit_ex,
EVP_DigestFinal_ex and EVP_DigestInit_ex.
* ext/openssl/openssl_missing.c (EVP_CIPHER_CTX_copy): new function.
* ext/openssl/openssl_missing.h (EVP_DigestInit_ex, EVP_DigestFinal_ex,
EVP_CipherInit_ex, EVP_CipherFinal_ex, HMAC_Init_ex): new macro for
OpenSSL 0.9.6.
* ext/openssl/ossl_cipher.c (ossl_cipher_alloc, ossl_cipher_initialize,
ossl_cipher_copy, ossl_cipher_reset, ossl_cipher_encrypt,
ossl_cipher_decrypt, ossl_cipher_final, ossl_cipher_set_key,
ossl_cipher_set_iv): replace all EVP_CipherInit and
EVP_CipherFinal into EVP_CipherInit_ex and EVP_CipherFinal_ex.
and EVP_CIPHER_CTX_init should only be called once.
* ext/openssl/ossl_cipher.c (ossl_cipher_set_padding): check for
EVP_CIPHER_CTX_set_padding.
* ext/openssl/ossl_cipher.c (Init_ossl_cipher): Cipher#<< is deprecated.
* ext/openssl/ossl_digest.c: replace all EVP_DigestInit and
EVP_DigestFinal into EVP_DigestInit_ex and EVP_DigestFinal_ex.
and EVP_MD_CTX_init should only be called once.
* ext/openssl/ossl_digest.c (digest_final): should call
EVP_MD_CTX_cleanup to avoid memory leak.
* ext/openssl/ossl_hmac.c (ossl_hmac_initialize): repalce HMAC_init
into HMAC_init_ex. and HMAC_CTX_init is moved to ossl_hmac_alloc.
* ext/openssl/ossl_hmac.c (hmac_final): should call
HMAC_CTX_cleanup to avoid memory leak.
* test/openssl/test_cipher.rb, test/openssl/test_digest.rb,
test/openssl/test_hmac.rb: new file.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@6548 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2004-06-30 06:48:43 -04:00
|
|
|
assert_equal(s1, s2, "encrypt")
|
2006-05-07 20:12:00 -04:00
|
|
|
|
|
|
|
@c1.decrypt.pkcs5_keyivgen(@key, @iv)
|
|
|
|
@c2.decrypt.pkcs5_keyivgen(@key, @iv)
|
|
|
|
assert_equal(@data, @c1.update(s1)+@c1.final, "decrypt")
|
|
|
|
assert_equal(@data, @c2.update(s2)+@c2.final, "decrypt")
|
* ext/openssl/extconf.rb: check for EVP_CIPHER_CTX_copy, ENGINE_add,
EVP_CIPHER_CTX_set_padding, EVP_CipherFinal_ex, EVP_CipherInit_ex,
EVP_DigestFinal_ex and EVP_DigestInit_ex.
* ext/openssl/openssl_missing.c (EVP_CIPHER_CTX_copy): new function.
* ext/openssl/openssl_missing.h (EVP_DigestInit_ex, EVP_DigestFinal_ex,
EVP_CipherInit_ex, EVP_CipherFinal_ex, HMAC_Init_ex): new macro for
OpenSSL 0.9.6.
* ext/openssl/ossl_cipher.c (ossl_cipher_alloc, ossl_cipher_initialize,
ossl_cipher_copy, ossl_cipher_reset, ossl_cipher_encrypt,
ossl_cipher_decrypt, ossl_cipher_final, ossl_cipher_set_key,
ossl_cipher_set_iv): replace all EVP_CipherInit and
EVP_CipherFinal into EVP_CipherInit_ex and EVP_CipherFinal_ex.
and EVP_CIPHER_CTX_init should only be called once.
* ext/openssl/ossl_cipher.c (ossl_cipher_set_padding): check for
EVP_CIPHER_CTX_set_padding.
* ext/openssl/ossl_cipher.c (Init_ossl_cipher): Cipher#<< is deprecated.
* ext/openssl/ossl_digest.c: replace all EVP_DigestInit and
EVP_DigestFinal into EVP_DigestInit_ex and EVP_DigestFinal_ex.
and EVP_MD_CTX_init should only be called once.
* ext/openssl/ossl_digest.c (digest_final): should call
EVP_MD_CTX_cleanup to avoid memory leak.
* ext/openssl/ossl_hmac.c (ossl_hmac_initialize): repalce HMAC_init
into HMAC_init_ex. and HMAC_CTX_init is moved to ossl_hmac_alloc.
* ext/openssl/ossl_hmac.c (hmac_final): should call
HMAC_CTX_cleanup to avoid memory leak.
* test/openssl/test_cipher.rb, test/openssl/test_digest.rb,
test/openssl/test_hmac.rb: new file.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@6548 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2004-06-30 06:48:43 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
def test_info
|
|
|
|
assert_equal("DES-EDE3-CBC", @c1.name, "name")
|
|
|
|
assert_equal("DES-EDE3-CBC", @c2.name, "name")
|
|
|
|
assert_kind_of(Fixnum, @c1.key_len, "key_len")
|
|
|
|
assert_kind_of(Fixnum, @c1.iv_len, "iv_len")
|
|
|
|
end
|
|
|
|
|
|
|
|
def test_dup
|
|
|
|
assert_equal(@c1.name, @c1.dup.name, "dup")
|
|
|
|
assert_equal(@c1.name, @c1.clone.name, "clone")
|
|
|
|
@c1.encrypt
|
|
|
|
@c1.key = @key
|
|
|
|
@c1.iv = @iv
|
|
|
|
tmpc = @c1.dup
|
|
|
|
s1 = @c1.update(@data) + @c1.final
|
|
|
|
s2 = tmpc.update(@data) + tmpc.final
|
|
|
|
assert_equal(s1, s2, "encrypt dup")
|
|
|
|
end
|
|
|
|
|
|
|
|
def test_reset
|
|
|
|
@c1.encrypt
|
|
|
|
@c1.key = @key
|
|
|
|
@c1.iv = @iv
|
|
|
|
s1 = @c1.update(@data) + @c1.final
|
|
|
|
@c1.reset
|
|
|
|
s2 = @c1.update(@data) + @c1.final
|
|
|
|
assert_equal(s1, s2, "encrypt reset")
|
|
|
|
end
|
2005-10-30 15:50:48 -05:00
|
|
|
|
|
|
|
def test_empty_data
|
|
|
|
@c1.encrypt
|
2008-09-24 13:44:39 -04:00
|
|
|
assert_raise(ArgumentError){ @c1.update("") }
|
2005-10-30 15:50:48 -05:00
|
|
|
end
|
2006-05-07 20:12:00 -04:00
|
|
|
|
2011-02-04 21:48:55 -05:00
|
|
|
def test_initialize
|
|
|
|
assert_raise(RuntimeError) {@c1.__send__(:initialize, "DES-EDE3-CBC")}
|
|
|
|
assert_raise(RuntimeError) {OpenSSL::Cipher.allocate.final}
|
|
|
|
end
|
|
|
|
|
2012-11-29 08:24:42 -05:00
|
|
|
def test_ctr_if_exists
|
|
|
|
begin
|
|
|
|
cipher = OpenSSL::Cipher.new('aes-128-ctr')
|
|
|
|
cipher.encrypt
|
|
|
|
cipher.pkcs5_keyivgen('password')
|
|
|
|
c = cipher.update('hello,world') + cipher.final
|
|
|
|
cipher.decrypt
|
|
|
|
cipher.pkcs5_keyivgen('password')
|
|
|
|
assert_equal('hello,world', cipher.update(c) + cipher.final)
|
|
|
|
end
|
2012-12-20 01:03:03 -05:00
|
|
|
end if has_cipher?('aes-128-ctr')
|
2012-11-29 08:24:42 -05:00
|
|
|
|
2006-05-07 20:12:00 -04:00
|
|
|
if OpenSSL::OPENSSL_VERSION_NUMBER > 0x00907000
|
|
|
|
def test_ciphers
|
|
|
|
OpenSSL::Cipher.ciphers.each{|name|
|
2011-09-20 03:18:37 -04:00
|
|
|
next if /netbsd/ =~ RUBY_PLATFORM && /idea|rc5/i =~ name
|
2015-02-06 03:30:55 -05:00
|
|
|
begin
|
|
|
|
assert_kind_of(OpenSSL::Cipher::Cipher, OpenSSL::Cipher::Cipher.new(name))
|
|
|
|
rescue OpenSSL::Cipher::CipherError => e
|
2015-02-12 21:06:31 -05:00
|
|
|
next if /wrap/ =~ name and e.message == 'wrap mode not allowed'
|
2015-02-06 03:30:55 -05:00
|
|
|
raise
|
|
|
|
end
|
2006-05-07 20:12:00 -04:00
|
|
|
}
|
|
|
|
end
|
|
|
|
|
|
|
|
def test_AES
|
|
|
|
pt = File.read(__FILE__)
|
|
|
|
%w(ECB CBC CFB OFB).each{|mode|
|
|
|
|
c1 = OpenSSL::Cipher::AES256.new(mode)
|
|
|
|
c1.encrypt
|
|
|
|
c1.pkcs5_keyivgen("passwd")
|
|
|
|
ct = c1.update(pt) + c1.final
|
|
|
|
|
|
|
|
c2 = OpenSSL::Cipher::AES256.new(mode)
|
|
|
|
c2.decrypt
|
|
|
|
c2.pkcs5_keyivgen("passwd")
|
|
|
|
assert_equal(pt, c2.update(ct) + c2.final)
|
|
|
|
}
|
|
|
|
end
|
2011-07-28 09:48:05 -04:00
|
|
|
|
|
|
|
def test_AES_crush
|
|
|
|
500.times do
|
|
|
|
assert_nothing_raised("[Bug #2768]") do
|
|
|
|
# it caused OpenSSL SEGV by uninitialized key
|
|
|
|
OpenSSL::Cipher::AES128.new("ECB").update "." * 17
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
2006-05-07 20:12:00 -04:00
|
|
|
end
|
2012-12-20 01:03:03 -05:00
|
|
|
|
2013-04-18 18:45:12 -04:00
|
|
|
if has_ciphers?(['aes-128-gcm', 'aes-192-gcm', 'aes-256-gcm'])
|
2012-12-20 01:03:03 -05:00
|
|
|
|
|
|
|
def test_authenticated
|
|
|
|
cipher = OpenSSL::Cipher.new('aes-128-gcm')
|
|
|
|
assert(cipher.authenticated?)
|
|
|
|
cipher = OpenSSL::Cipher.new('aes-128-cbc')
|
|
|
|
refute(cipher.authenticated?)
|
|
|
|
end
|
|
|
|
|
|
|
|
def test_aes_gcm
|
2013-04-18 18:45:12 -04:00
|
|
|
['aes-128-gcm', 'aes-192-gcm', 'aes-256-gcm'].each do |algo|
|
2012-12-20 01:03:03 -05:00
|
|
|
pt = "You should all use Authenticated Encryption!"
|
|
|
|
cipher, key, iv = new_encryptor(algo)
|
|
|
|
|
|
|
|
cipher.auth_data = "aad"
|
|
|
|
ct = cipher.update(pt) + cipher.final
|
|
|
|
tag = cipher.auth_tag
|
|
|
|
assert_equal(16, tag.size)
|
|
|
|
|
|
|
|
decipher = new_decryptor(algo, key, iv)
|
|
|
|
decipher.auth_tag = tag
|
|
|
|
decipher.auth_data = "aad"
|
|
|
|
|
|
|
|
assert_equal(pt, decipher.update(ct) + decipher.final)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def test_aes_gcm_short_tag
|
2013-04-18 18:45:12 -04:00
|
|
|
['aes-128-gcm', 'aes-192-gcm', 'aes-256-gcm'].each do |algo|
|
2012-12-20 01:03:03 -05:00
|
|
|
pt = "You should all use Authenticated Encryption!"
|
|
|
|
cipher, key, iv = new_encryptor(algo)
|
|
|
|
|
|
|
|
cipher.auth_data = "aad"
|
|
|
|
ct = cipher.update(pt) + cipher.final
|
|
|
|
tag = cipher.auth_tag(8)
|
|
|
|
assert_equal(8, tag.size)
|
|
|
|
|
|
|
|
decipher = new_decryptor(algo, key, iv)
|
|
|
|
decipher.auth_tag = tag
|
|
|
|
decipher.auth_data = "aad"
|
|
|
|
|
|
|
|
assert_equal(pt, decipher.update(ct) + decipher.final)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def test_aes_gcm_wrong_tag
|
|
|
|
pt = "You should all use Authenticated Encryption!"
|
|
|
|
cipher, key, iv = new_encryptor('aes-128-gcm')
|
|
|
|
|
|
|
|
cipher.auth_data = "aad"
|
|
|
|
ct = cipher.update(pt) + cipher.final
|
|
|
|
tag = cipher.auth_tag
|
|
|
|
|
|
|
|
decipher = new_decryptor('aes-128-gcm', key, iv)
|
2013-11-14 05:58:15 -05:00
|
|
|
tag.setbyte(-1, (tag.getbyte(-1) + 1) & 0xff)
|
|
|
|
decipher.auth_tag = tag
|
2012-12-20 01:03:03 -05:00
|
|
|
decipher.auth_data = "aad"
|
|
|
|
|
|
|
|
assert_raise OpenSSL::Cipher::CipherError do
|
|
|
|
decipher.update(ct) + decipher.final
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def test_aes_gcm_wrong_auth_data
|
|
|
|
pt = "You should all use Authenticated Encryption!"
|
|
|
|
cipher, key, iv = new_encryptor('aes-128-gcm')
|
|
|
|
|
|
|
|
cipher.auth_data = "aad"
|
|
|
|
ct = cipher.update(pt) + cipher.final
|
|
|
|
tag = cipher.auth_tag
|
|
|
|
|
|
|
|
decipher = new_decryptor('aes-128-gcm', key, iv)
|
|
|
|
decipher.auth_tag = tag
|
|
|
|
decipher.auth_data = "daa"
|
|
|
|
|
|
|
|
assert_raise OpenSSL::Cipher::CipherError do
|
|
|
|
decipher.update(ct) + decipher.final
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def test_aes_gcm_wrong_ciphertext
|
|
|
|
pt = "You should all use Authenticated Encryption!"
|
|
|
|
cipher, key, iv = new_encryptor('aes-128-gcm')
|
|
|
|
|
|
|
|
cipher.auth_data = "aad"
|
|
|
|
ct = cipher.update(pt) + cipher.final
|
|
|
|
tag = cipher.auth_tag
|
|
|
|
|
|
|
|
decipher = new_decryptor('aes-128-gcm', key, iv)
|
|
|
|
decipher.auth_tag = tag
|
|
|
|
decipher.auth_data = "aad"
|
|
|
|
|
|
|
|
assert_raise OpenSSL::Cipher::CipherError do
|
|
|
|
decipher.update(ct[0..-2] << ct[-1].succ) + decipher.final
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
private
|
|
|
|
|
|
|
|
def new_encryptor(algo)
|
|
|
|
cipher = OpenSSL::Cipher.new(algo)
|
|
|
|
cipher.encrypt
|
|
|
|
key = cipher.random_key
|
|
|
|
iv = cipher.random_iv
|
|
|
|
[cipher, key, iv]
|
|
|
|
end
|
|
|
|
|
|
|
|
def new_decryptor(algo, key, iv)
|
|
|
|
OpenSSL::Cipher.new(algo).tap do |cipher|
|
|
|
|
cipher.decrypt
|
|
|
|
cipher.key = key
|
|
|
|
cipher.iv = iv
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
* ext/openssl/extconf.rb: check for EVP_CIPHER_CTX_copy, ENGINE_add,
EVP_CIPHER_CTX_set_padding, EVP_CipherFinal_ex, EVP_CipherInit_ex,
EVP_DigestFinal_ex and EVP_DigestInit_ex.
* ext/openssl/openssl_missing.c (EVP_CIPHER_CTX_copy): new function.
* ext/openssl/openssl_missing.h (EVP_DigestInit_ex, EVP_DigestFinal_ex,
EVP_CipherInit_ex, EVP_CipherFinal_ex, HMAC_Init_ex): new macro for
OpenSSL 0.9.6.
* ext/openssl/ossl_cipher.c (ossl_cipher_alloc, ossl_cipher_initialize,
ossl_cipher_copy, ossl_cipher_reset, ossl_cipher_encrypt,
ossl_cipher_decrypt, ossl_cipher_final, ossl_cipher_set_key,
ossl_cipher_set_iv): replace all EVP_CipherInit and
EVP_CipherFinal into EVP_CipherInit_ex and EVP_CipherFinal_ex.
and EVP_CIPHER_CTX_init should only be called once.
* ext/openssl/ossl_cipher.c (ossl_cipher_set_padding): check for
EVP_CIPHER_CTX_set_padding.
* ext/openssl/ossl_cipher.c (Init_ossl_cipher): Cipher#<< is deprecated.
* ext/openssl/ossl_digest.c: replace all EVP_DigestInit and
EVP_DigestFinal into EVP_DigestInit_ex and EVP_DigestFinal_ex.
and EVP_MD_CTX_init should only be called once.
* ext/openssl/ossl_digest.c (digest_final): should call
EVP_MD_CTX_cleanup to avoid memory leak.
* ext/openssl/ossl_hmac.c (ossl_hmac_initialize): repalce HMAC_init
into HMAC_init_ex. and HMAC_CTX_init is moved to ossl_hmac_alloc.
* ext/openssl/ossl_hmac.c (hmac_final): should call
HMAC_CTX_cleanup to avoid memory leak.
* test/openssl/test_cipher.rb, test/openssl/test_digest.rb,
test/openssl/test_hmac.rb: new file.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@6548 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2004-06-30 06:48:43 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
end
|