* ext/openssl/pkey_dh.c: corrected documentation.

* test/openssl/utils.rb: add test key for DH.
* test/openssl/test_pkey_dh.rb: add tests.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32039 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

ChangeLog

@@ -1,3 +1,9 @@
+Mon Jun 13 10:54:03 2011  Martin Bosslet  <Martin.Bosslet@googlemail.com>
+
+	* ext/openssl/pkey_dh.c: corrected documentation.
+	* test/openssl/utils.rb: add test key for DH.
+	* test/openssl/test_pkey_dh.rb: add tests.
+
 Mon Jun 13 10:13:08 2011  Martin Bosslet  <Martin.Bosslet@googlemail.com>
 
 	* ext/openssl/pkey_dh.c: clarify difference between DH#public_key and

ext/openssl/ossl_pkey_dh.c

@@ -137,9 +137,9 @@ ossl_dh_s_generate(int argc, VALUE *argv, VALUE klass)
  *
  * Either generates a DH instance from scratch or by reading already existing
  * DH parameters from +string+. Note that when reading a DH instance from
- * data that was encoded from a DH#public_key DH instance the result
- * will *not* contain a public/private key pair yet. This needs to be
- * generated using DH#generate_key! first.
+ * data that was encoded from a DH instance by using DH#to_pem or DH#to_der
+ * the result will *not* contain a public/private key pair yet. This needs to
+ * be generated using DH#generate_key! first.
  *
  * === Parameters
  * * +size+ is an integer representing the desired key size. Keys smaller than 1024 bits should be considered insecure.
@@ -150,9 +150,7 @@ ossl_dh_s_generate(int argc, VALUE *argv, VALUE klass)
  *  DH.new # -> dh
  *  DH.new(1024) # -> dh
  *  DH.new(1024, 5) # -> dh
- *  #Reading a "private" DH key
- *  DH.new(File.read('key.pem')) # -> dh
- *  #Reading public DH parameters
+ *  #Reading DH parameters
  *  dh = DH.new(File.read('parameters.pem')) # -> dh, but no public/private key yet
  *  dh.generate_key! # -> dh with public and private key
  */
@@ -237,7 +235,9 @@ ossl_dh_is_private(VALUE self)
  *  call-seq:
  *     dh.to_pem -> aString
  *
- * Encodes this DH to its PEM encoding.
+ * Encodes this DH to its PEM encoding. Note that any existing per-session
+ * public/private keys will *not* get encoded, just the Diffie-Hellman
+ * parameters will be encoded.
  */
 static VALUE
 ossl_dh_export(VALUE self)
@@ -263,7 +263,10 @@ ossl_dh_export(VALUE self)
  *  call-seq:
  *     dh.to_der -> aString
  *
- * Encodes this DH to its DER encoding.
+ * Encodes this DH to its DER encoding. Note that any existing per-session
+ * public/private keys will *not* get encoded, just the Diffie-Hellman
+ * parameters will be encoded.
+
  */
 static VALUE
 ossl_dh_to_der(VALUE self)

test/openssl/test_pkey_dh.rb

@@ -0,0 +1,72 @@
+require_relative 'utils'
+
+if defined?(OpenSSL)
+
+class OpenSSL::TestPKeyDH < Test::Unit::TestCase
+  def test_new
+    dh = OpenSSL::PKey::DH.new(256)
+    assert_key(dh)
+  end
+
+  def test_to_der
+    dh = OpenSSL::PKey::DH.new(256)
+    der = dh.to_der
+    dh2 = OpenSSL::PKey::DH.new(der)
+    assert_equal_params(dh, dh2)
+    assert_no_key(dh2)
+  end
+
+  def test_to_pem
+    dh = OpenSSL::PKey::DH.new(256)
+    pem = dh.to_pem
+    dh2 = OpenSSL::PKey::DH.new(pem)
+    assert_equal_params(dh, dh2)
+    assert_no_key(dh2)
+  end
+
+  def test_public_key
+    dh = OpenSSL::PKey::DH.new(256)
+    public_key = dh.public_key
+    assert_no_key(public_key) #implies public_key.public? is false!
+    assert_equal(dh.to_der, public_key.to_der)
+    assert_equal(dh.to_pem, public_key.to_pem)
+  end
+
+  def test_generate_key
+    dh = OpenSSL::TestUtils::TEST_KEY_DH512.public_key # creates a copy
+    assert_no_key(dh)
+    dh.generate_key!
+    assert_key(dh)
+  end
+
+  def test_key_exchange
+    dh = OpenSSL::TestUtils::TEST_KEY_DH512
+    dh2 = dh.public_key
+    dh.generate_key!
+    dh2.generate_key!
+    assert_equal(dh.compute_key(dh2.pub_key), dh2.compute_key(dh.pub_key))
+  end
+
+  private
+
+  def assert_equal_params(dh1, dh2)
+    assert_equal(dh1.g, dh2.g)
+    assert_equal(dh1.p, dh2.p)
+  end
+
+  def assert_no_key(dh)
+    assert_equal(false, dh.public?)
+    assert_equal(false, dh.private?)
+    assert_equal(nil, dh.pub_key)
+    assert_equal(nil, dh.priv_key)
+  end
+
+  def assert_key(dh)
+    assert(dh.public?)
+    assert(dh.private?)
+    assert(dh.pub_key)
+    assert(dh.priv_key)
+  end
+end
+
+end

test/openssl/utils.rb

@@ -88,6 +88,13 @@ CeBUl+MahZtn9fO1JKdF4qJmS39dXnpENg==
 -----END EC PRIVATE KEY-----
   _end_of_pem_
 
+  TEST_KEY_DH512 = OpenSSL::PKey::DH.new <<-_end_of_pem_
+-----BEGIN DH PARAMETERS-----
+MEYCQQDmWXGPqk76sKw/edIOdhAQD4XzjJ+AR/PTk2qzaGs+u4oND2yU5D2NN4wr
+aPgwHyJBiK1/ebK3tYcrSKrOoRyrAgEC
+-----END DH PARAMETERS-----
+  _end_of_pem_
+
   module_function
 
   def issue_cert(dn, key, serial, not_before, not_after, extensions,