mirror of
https://github.com/ruby/ruby.git
synced 2022-11-09 12:17:21 -05:00
bcd0bcc390
truncated with ec_key.group.order.size after openssl 0.9.8m for FIPS 186-3 compliance. WARNING: ruby-openssl aims to wrap an OpenSSL so when you're using openssl 0.9.8l or earlier version, EC.dsa_sign_asn1 raises OpenSSL::PKey::ECError as before and EC.dsa_verify_asn1 just returns false when you pass dgst longer than expected (no truncation performed). * ext/openssl/ossl_pkey_ec.c: rdoc typo fixed. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@27645 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
128 lines
3 KiB
Ruby
128 lines
3 KiB
Ruby
begin
|
|
require "openssl"
|
|
require File.join(File.dirname(__FILE__), "utils.rb")
|
|
rescue LoadError
|
|
end
|
|
require "test/unit"
|
|
|
|
if defined?(OpenSSL::PKey::EC)
|
|
|
|
class OpenSSL::TestEC < Test::Unit::TestCase
|
|
def setup
|
|
@data1 = 'foo'
|
|
@data2 = 'bar' * 1000 # data too long for DSA sig
|
|
|
|
@group1 = OpenSSL::PKey::EC::Group.new('secp112r1')
|
|
@group2 = OpenSSL::PKey::EC::Group.new('sect163k1')
|
|
|
|
@key1 = OpenSSL::PKey::EC.new
|
|
@key1.group = @group1
|
|
@key1.generate_key
|
|
|
|
@key2 = OpenSSL::PKey::EC.new(@group2.curve_name)
|
|
@key2.generate_key
|
|
|
|
@groups = [@group1, @group2]
|
|
@keys = [@key1, @key2]
|
|
end
|
|
|
|
def compare_keys(k1, k2)
|
|
assert_equal(k1.to_pem, k2.to_pem)
|
|
end
|
|
|
|
def test_curve_names
|
|
@groups.each_with_index do |group, idx|
|
|
key = @keys[idx]
|
|
assert_equal(group.curve_name, key.group.curve_name)
|
|
end
|
|
end
|
|
|
|
def test_check_key
|
|
for key in @keys
|
|
assert_equal(key.check_key, true)
|
|
assert_equal(key.private_key?, true)
|
|
assert_equal(key.public_key?, true)
|
|
end
|
|
end
|
|
|
|
def test_encoding
|
|
for group in @groups
|
|
for meth in [:to_der, :to_pem]
|
|
txt = group.send(meth)
|
|
gr = OpenSSL::PKey::EC::Group.new(txt)
|
|
assert_equal(txt, gr.send(meth))
|
|
|
|
assert_equal(group.generator.to_bn, gr.generator.to_bn)
|
|
assert_equal(group.cofactor, gr.cofactor)
|
|
assert_equal(group.order, gr.order)
|
|
assert_equal(group.seed, gr.seed)
|
|
assert_equal(group.degree, gr.degree)
|
|
end
|
|
end
|
|
|
|
for key in @keys
|
|
group = key.group
|
|
|
|
for meth in [:to_der, :to_pem]
|
|
txt = key.send(meth)
|
|
assert_equal(txt, OpenSSL::PKey::EC.new(txt).send(meth))
|
|
end
|
|
|
|
bn = key.public_key.to_bn
|
|
assert_equal(bn, OpenSSL::PKey::EC::Point.new(group, bn).to_bn)
|
|
end
|
|
end
|
|
|
|
def test_set_keys
|
|
for key in @keys
|
|
k = OpenSSL::PKey::EC.new
|
|
k.group = key.group
|
|
k.private_key = key.private_key
|
|
k.public_key = key.public_key
|
|
|
|
compare_keys(key, k)
|
|
end
|
|
end
|
|
|
|
def test_dsa_sign_verify
|
|
for key in @keys
|
|
sig = key.dsa_sign_asn1(@data1)
|
|
assert(key.dsa_verify_asn1(@data1, sig))
|
|
end
|
|
end
|
|
|
|
def test_dsa_sign_asn1_FIPS186_3
|
|
for key in @keys
|
|
size = key.group.order.num_bits / 8 + 1
|
|
dgst = (1..size).to_a.pack('C*')
|
|
begin
|
|
sig = key.dsa_sign_asn1(dgst)
|
|
# dgst is auto-truncated according to FIPS186-3 after openssl-0.9.8m
|
|
assert(key.dsa_verify_asn1(dgst + "garbage", sig))
|
|
rescue OpenSSL::PKey::ECError => e
|
|
# just an exception for longer dgst before openssl-0.9.8m
|
|
assert_equal('ECDSA_sign: data too large for key size', e.message)
|
|
# no need to do following tests
|
|
return
|
|
end
|
|
end
|
|
end
|
|
|
|
def test_dh_compute_key
|
|
for key in @keys
|
|
k = OpenSSL::PKey::EC.new(key.group)
|
|
k.generate_key
|
|
|
|
puba = key.public_key
|
|
pubb = k.public_key
|
|
a = key.dh_compute_key(pubb)
|
|
b = k.dh_compute_key(puba)
|
|
assert_equal(a, b)
|
|
end
|
|
end
|
|
|
|
# test Group: asn1_flag, point_conversion
|
|
|
|
end
|
|
|
|
end
|