From a27b63d3fc1c491eda62a8a48527df53301f45ce Mon Sep 17 00:00:00 2001 From: emboss Date: Mon, 13 Jun 2011 01:58:09 +0000 Subject: [PATCH] * ext/openssl/pkey_dh.c: corrected documentation. * test/openssl/utils.rb: add test key for DH. * test/openssl/test_pkey_dh.rb: add tests. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32039 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- ChangeLog | 6 +++ ext/openssl/ossl_pkey_dh.c | 19 ++++++---- test/openssl/test_pkey_dh.rb | 72 ++++++++++++++++++++++++++++++++++++ test/openssl/utils.rb | 7 ++++ 4 files changed, 96 insertions(+), 8 deletions(-) create mode 100644 test/openssl/test_pkey_dh.rb diff --git a/ChangeLog b/ChangeLog index 6c4c165613..a7260b948e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +Mon Jun 13 10:54:03 2011 Martin Bosslet + + * ext/openssl/pkey_dh.c: corrected documentation. + * test/openssl/utils.rb: add test key for DH. + * test/openssl/test_pkey_dh.rb: add tests. + Mon Jun 13 10:13:08 2011 Martin Bosslet * ext/openssl/pkey_dh.c: clarify difference between DH#public_key and diff --git a/ext/openssl/ossl_pkey_dh.c b/ext/openssl/ossl_pkey_dh.c index 464f41b156..d0faef51eb 100644 --- a/ext/openssl/ossl_pkey_dh.c +++ b/ext/openssl/ossl_pkey_dh.c @@ -137,9 +137,9 @@ ossl_dh_s_generate(int argc, VALUE *argv, VALUE klass) * * Either generates a DH instance from scratch or by reading already existing * DH parameters from +string+. Note that when reading a DH instance from - * data that was encoded from a DH#public_key DH instance the result - * will *not* contain a public/private key pair yet. This needs to be - * generated using DH#generate_key! first. + * data that was encoded from a DH instance by using DH#to_pem or DH#to_der + * the result will *not* contain a public/private key pair yet. This needs to + * be generated using DH#generate_key! first. * * === Parameters * * +size+ is an integer representing the desired key size. Keys smaller than 1024 bits should be considered insecure. @@ -150,9 +150,7 @@ ossl_dh_s_generate(int argc, VALUE *argv, VALUE klass) * DH.new # -> dh * DH.new(1024) # -> dh * DH.new(1024, 5) # -> dh - * #Reading a "private" DH key - * DH.new(File.read('key.pem')) # -> dh - * #Reading public DH parameters + * #Reading DH parameters * dh = DH.new(File.read('parameters.pem')) # -> dh, but no public/private key yet * dh.generate_key! # -> dh with public and private key */ @@ -237,7 +235,9 @@ ossl_dh_is_private(VALUE self) * call-seq: * dh.to_pem -> aString * - * Encodes this DH to its PEM encoding. + * Encodes this DH to its PEM encoding. Note that any existing per-session + * public/private keys will *not* get encoded, just the Diffie-Hellman + * parameters will be encoded. */ static VALUE ossl_dh_export(VALUE self) @@ -263,7 +263,10 @@ ossl_dh_export(VALUE self) * call-seq: * dh.to_der -> aString * - * Encodes this DH to its DER encoding. + * Encodes this DH to its DER encoding. Note that any existing per-session + * public/private keys will *not* get encoded, just the Diffie-Hellman + * parameters will be encoded. + */ static VALUE ossl_dh_to_der(VALUE self) diff --git a/test/openssl/test_pkey_dh.rb b/test/openssl/test_pkey_dh.rb new file mode 100644 index 0000000000..bcba400efe --- /dev/null +++ b/test/openssl/test_pkey_dh.rb @@ -0,0 +1,72 @@ +require_relative 'utils' + +if defined?(OpenSSL) + +class OpenSSL::TestPKeyDH < Test::Unit::TestCase + def test_new + dh = OpenSSL::PKey::DH.new(256) + assert_key(dh) + end + + def test_to_der + dh = OpenSSL::PKey::DH.new(256) + der = dh.to_der + dh2 = OpenSSL::PKey::DH.new(der) + assert_equal_params(dh, dh2) + assert_no_key(dh2) + end + + def test_to_pem + dh = OpenSSL::PKey::DH.new(256) + pem = dh.to_pem + dh2 = OpenSSL::PKey::DH.new(pem) + assert_equal_params(dh, dh2) + assert_no_key(dh2) + end + + def test_public_key + dh = OpenSSL::PKey::DH.new(256) + public_key = dh.public_key + assert_no_key(public_key) #implies public_key.public? is false! + assert_equal(dh.to_der, public_key.to_der) + assert_equal(dh.to_pem, public_key.to_pem) + end + + def test_generate_key + dh = OpenSSL::TestUtils::TEST_KEY_DH512.public_key # creates a copy + assert_no_key(dh) + dh.generate_key! + assert_key(dh) + end + + def test_key_exchange + dh = OpenSSL::TestUtils::TEST_KEY_DH512 + dh2 = dh.public_key + dh.generate_key! + dh2.generate_key! + assert_equal(dh.compute_key(dh2.pub_key), dh2.compute_key(dh.pub_key)) + end + + private + + def assert_equal_params(dh1, dh2) + assert_equal(dh1.g, dh2.g) + assert_equal(dh1.p, dh2.p) + end + + def assert_no_key(dh) + assert_equal(false, dh.public?) + assert_equal(false, dh.private?) + assert_equal(nil, dh.pub_key) + assert_equal(nil, dh.priv_key) + end + + def assert_key(dh) + assert(dh.public?) + assert(dh.private?) + assert(dh.pub_key) + assert(dh.priv_key) + end +end + +end diff --git a/test/openssl/utils.rb b/test/openssl/utils.rb index bb51f57c72..3f9662a8a5 100644 --- a/test/openssl/utils.rb +++ b/test/openssl/utils.rb @@ -88,6 +88,13 @@ CeBUl+MahZtn9fO1JKdF4qJmS39dXnpENg== -----END EC PRIVATE KEY----- _end_of_pem_ + TEST_KEY_DH512 = OpenSSL::PKey::DH.new <<-_end_of_pem_ +-----BEGIN DH PARAMETERS----- +MEYCQQDmWXGPqk76sKw/edIOdhAQD4XzjJ+AR/PTk2qzaGs+u4oND2yU5D2NN4wr +aPgwHyJBiK1/ebK3tYcrSKrOoRyrAgEC +-----END DH PARAMETERS----- + _end_of_pem_ + module_function def issue_cert(dn, key, serial, not_before, not_after, extensions,