jruby-openssl 0.7.4 → 0.7.6.1
Sign up to get free protection for your applications and to get access to all the features.
- data/.gemtest +0 -0
- data/History.txt +51 -14
- data/Manifest.txt +136 -79
- data/README.txt +1 -1
- data/Rakefile +17 -8
- data/lib/{openssl → 1.8/openssl}/bn.rb +2 -2
- data/lib/{openssl → 1.8/openssl}/buffering.rb +3 -1
- data/lib/{openssl → 1.8/openssl}/cipher.rb +0 -0
- data/lib/{openssl → 1.8/openssl}/config.rb +1 -1
- data/lib/{openssl → 1.8/openssl}/digest.rb +2 -2
- data/lib/{openssl → 1.8/openssl}/pkcs7.rb +0 -0
- data/lib/{openssl/ssl.rb → 1.8/openssl/ssl-internal.rb} +2 -2
- data/lib/1.8/openssl/ssl.rb +1 -0
- data/lib/{openssl/x509.rb → 1.8/openssl/x509-internal.rb} +8 -9
- data/lib/1.8/openssl/x509.rb +1 -0
- data/lib/{openssl.rb → 1.8/openssl.rb} +2 -11
- data/lib/1.9/openssl/bn.rb +35 -0
- data/lib/1.9/openssl/buffering.rb +448 -0
- data/lib/1.9/openssl/cipher.rb +65 -0
- data/lib/1.9/openssl/config.rb +313 -0
- data/lib/1.9/openssl/digest.rb +72 -0
- data/lib/1.9/openssl/ssl-internal.rb +177 -0
- data/lib/1.9/openssl/ssl.rb +2 -0
- data/lib/1.9/openssl/x509-internal.rb +158 -0
- data/lib/1.9/openssl/x509.rb +2 -0
- data/lib/1.9/openssl.rb +22 -0
- data/lib/{jopenssl → shared/jopenssl}/version.rb +1 -1
- data/lib/shared/jopenssl.jar +0 -0
- data/lib/{openssl → shared/openssl}/dummy.rb +0 -0
- data/lib/{openssl → shared/openssl}/dummyssl.rb +0 -0
- data/lib/shared/openssl/pkcs12.rb +50 -0
- data/lib/shared/openssl/ssl.rb +1 -0
- data/lib/shared/openssl/x509.rb +1 -0
- data/lib/shared/openssl.rb +20 -0
- data/test/{openssl → 1.8}/ssl_server.rb +0 -0
- data/test/{openssl → 1.8}/test_asn1.rb +15 -0
- data/test/{openssl → 1.8}/test_cipher.rb +0 -0
- data/test/{openssl → 1.8}/test_config.rb +0 -0
- data/test/{openssl → 1.8}/test_digest.rb +0 -0
- data/test/{openssl → 1.8}/test_ec.rb +0 -0
- data/test/{openssl → 1.8}/test_hmac.rb +0 -0
- data/test/{openssl → 1.8}/test_ns_spki.rb +0 -0
- data/test/{openssl → 1.8}/test_pair.rb +10 -2
- data/test/{openssl → 1.8}/test_pkcs7.rb +0 -0
- data/test/{openssl → 1.8}/test_pkey_rsa.rb +0 -0
- data/test/{openssl → 1.8}/test_ssl.rb +17 -20
- data/test/{openssl → 1.8}/test_x509cert.rb +0 -0
- data/test/{openssl → 1.8}/test_x509crl.rb +0 -0
- data/test/{openssl → 1.8}/test_x509ext.rb +0 -0
- data/test/{openssl → 1.8}/test_x509name.rb +0 -0
- data/test/{openssl → 1.8}/test_x509req.rb +0 -0
- data/test/{openssl → 1.8}/test_x509store.rb +0 -0
- data/test/{openssl → 1.8}/utils.rb +0 -0
- data/test/1.9/ssl_server.rb +81 -0
- data/test/1.9/test_asn1.rb +589 -0
- data/test/1.9/test_bn.rb +23 -0
- data/test/1.9/test_buffering.rb +88 -0
- data/test/1.9/test_cipher.rb +107 -0
- data/test/1.9/test_config.rb +288 -0
- data/test/1.9/test_digest.rb +118 -0
- data/test/1.9/test_engine.rb +15 -0
- data/test/1.9/test_hmac.rb +32 -0
- data/test/1.9/test_ns_spki.rb +50 -0
- data/test/1.9/test_ocsp.rb +47 -0
- data/test/1.9/test_pair.rb +257 -0
- data/test/1.9/test_pkcs12.rb +209 -0
- data/test/1.9/test_pkcs7.rb +151 -0
- data/test/1.9/test_pkey_dh.rb +72 -0
- data/test/1.9/test_pkey_dsa.rb +224 -0
- data/test/1.9/test_pkey_ec.rb +182 -0
- data/test/1.9/test_pkey_rsa.rb +244 -0
- data/test/1.9/test_ssl.rb +455 -0
- data/test/1.9/test_ssl_session.rb +327 -0
- data/test/1.9/test_x509cert.rb +217 -0
- data/test/1.9/test_x509crl.rb +221 -0
- data/test/1.9/test_x509ext.rb +69 -0
- data/test/1.9/test_x509name.rb +296 -0
- data/test/1.9/test_x509req.rb +150 -0
- data/test/1.9/test_x509store.rb +229 -0
- data/test/1.9/utils.rb +304 -0
- data/test/fixture/ids_in_subject_rdn_set.pem +31 -0
- data/test/fixture/purpose/ca/ca_config.rb +1 -1
- data/test/fixture/purpose/ca/gen_cert.rb +128 -0
- data/test/fixture/purpose/ca/newcerts/4_cert.pem +19 -0
- data/test/fixture/purpose/ca/serial +1 -1
- data/test/fixture/purpose/sslserver_no_dsig_in_keyUsage.pem +19 -0
- data/test/ruby/envutil.rb +208 -0
- data/test/ruby/ut_eof.rb +128 -0
- data/test/test_certificate.rb +9 -0
- data/test/test_java.rb +1 -1
- data/test/test_openssl.rb +1 -1
- data/test/test_pkcs7.rb +16 -0
- data/test/test_pkey_dsa.rb +180 -0
- data/test/test_pkey_rsa.rb +298 -0
- data/test/test_ssl.rb +1 -1
- data/test/test_x509store.rb +8 -0
- metadata +133 -73
- data/lib/jopenssl.jar +0 -0
- data/test/test_pkey.rb +0 -204
@@ -0,0 +1,224 @@
|
|
1
|
+
require_relative 'utils'
|
2
|
+
require 'base64'
|
3
|
+
|
4
|
+
if defined?(OpenSSL)
|
5
|
+
|
6
|
+
class OpenSSL::TestPKeyDSA < Test::Unit::TestCase
|
7
|
+
def test_private
|
8
|
+
key = OpenSSL::PKey::DSA.new(256)
|
9
|
+
assert(key.private?)
|
10
|
+
key2 = OpenSSL::PKey::DSA.new(key.to_der)
|
11
|
+
assert(key2.private?)
|
12
|
+
key3 = key.public_key
|
13
|
+
assert(!key3.private?)
|
14
|
+
key4 = OpenSSL::PKey::DSA.new(key3.to_der)
|
15
|
+
assert(!key4.private?)
|
16
|
+
end
|
17
|
+
|
18
|
+
def test_new
|
19
|
+
key = OpenSSL::PKey::DSA.new 256
|
20
|
+
pem = key.public_key.to_pem
|
21
|
+
OpenSSL::PKey::DSA.new pem
|
22
|
+
assert_equal([], OpenSSL.errors)
|
23
|
+
end
|
24
|
+
|
25
|
+
def test_sys_sign_verify
|
26
|
+
key = OpenSSL::TestUtils::TEST_KEY_DSA256
|
27
|
+
data = 'Sign me!'
|
28
|
+
digest = OpenSSL::Digest::SHA1.digest(data)
|
29
|
+
sig = key.syssign(digest)
|
30
|
+
assert(key.sysverify(digest, sig))
|
31
|
+
end
|
32
|
+
|
33
|
+
def test_sign_verify
|
34
|
+
check_sign_verify(OpenSSL::Digest::DSS1.new)
|
35
|
+
end
|
36
|
+
|
37
|
+
if (OpenSSL::OPENSSL_VERSION_NUMBER > 0x10000000)
|
38
|
+
def test_sign_verify_sha1
|
39
|
+
check_sign_verify(OpenSSL::Digest::SHA1.new)
|
40
|
+
end
|
41
|
+
|
42
|
+
def test_sign_verify_sha256
|
43
|
+
check_sign_verify(OpenSSL::Digest::SHA256.new)
|
44
|
+
end
|
45
|
+
end
|
46
|
+
|
47
|
+
def test_digest_state_irrelevant_verify
|
48
|
+
key = OpenSSL::TestUtils::TEST_KEY_DSA256
|
49
|
+
digest1 = OpenSSL::Digest::DSS1.new
|
50
|
+
digest2 = OpenSSL::Digest::DSS1.new
|
51
|
+
data = 'Sign me!'
|
52
|
+
sig = key.sign(digest1, data)
|
53
|
+
digest1.reset
|
54
|
+
digest1 << 'Change state of digest1'
|
55
|
+
assert(key.verify(digest1, sig, data))
|
56
|
+
assert(key.verify(digest2, sig, data))
|
57
|
+
end
|
58
|
+
|
59
|
+
def test_read_DSA_PUBKEY
|
60
|
+
p = 7188211954100152441468596248707152960171255279130004340103875772401008316444412091945435731597638374542374929457672178957081124632837356913990200866056699
|
61
|
+
q = 957032439192465935099784319494405376402293318491
|
62
|
+
g = 122928973717064636255205666162891733518376475981809749897454444301389338825906076467196186192907631719698166056821519884939865041993585844526937010746285
|
63
|
+
y = 1235756183583465414789073313502727057075641172514181938731172021825149551960029708596057102104063395063907739571546165975727369183495540798749742124846271
|
64
|
+
algo = OpenSSL::ASN1::ObjectId.new('DSA')
|
65
|
+
params = OpenSSL::ASN1::Sequence.new([OpenSSL::ASN1::Integer.new(p),
|
66
|
+
OpenSSL::ASN1::Integer.new(q),
|
67
|
+
OpenSSL::ASN1::Integer.new(g)])
|
68
|
+
algo_id = OpenSSL::ASN1::Sequence.new ([algo, params])
|
69
|
+
pub_key = OpenSSL::ASN1::Integer.new(y)
|
70
|
+
seq = OpenSSL::ASN1::Sequence.new([algo_id, OpenSSL::ASN1::BitString.new(pub_key.to_der)])
|
71
|
+
key = OpenSSL::PKey::DSA.new(seq.to_der)
|
72
|
+
assert(key.public?)
|
73
|
+
assert(!key.private?)
|
74
|
+
assert_equal(p, key.p)
|
75
|
+
assert_equal(q, key.q)
|
76
|
+
assert_equal(g, key.g)
|
77
|
+
assert_equal(y, key.pub_key)
|
78
|
+
assert_equal(nil, key.priv_key)
|
79
|
+
assert_equal([], OpenSSL.errors)
|
80
|
+
end
|
81
|
+
|
82
|
+
def test_read_DSAPublicKey_pem
|
83
|
+
p = 12260055936871293565827712385212529106400444521449663325576634579961635627321079536132296996623400607469624537382977152381984332395192110731059176842635699
|
84
|
+
q = 979494906553787301107832405790107343409973851677
|
85
|
+
g = 3731695366899846297271147240305742456317979984190506040697507048095553842519347835107669437969086119948785140453492839427038591924536131566350847469993845
|
86
|
+
y = 10505239074982761504240823422422813362721498896040719759460296306305851824586095328615844661273887569281276387605297130014564808567159023649684010036304695
|
87
|
+
pem = <<-EOF
|
88
|
+
-----BEGIN DSA PUBLIC KEY-----
|
89
|
+
MIHfAkEAyJSJ+g+P/knVcgDwwTzC7Pwg/pWs2EMd/r+lYlXhNfzg0biuXRul8VR4
|
90
|
+
VUC/phySExY0PdcqItkR/xYAYNMbNwJBAOoV57X0FxKO/PrNa/MkoWzkCKV/hzhE
|
91
|
+
p0zbFdsicw+hIjJ7S6Sd/FlDlo89HQZ2FuvWJ6wGLM1j00r39+F2qbMCFQCrkhIX
|
92
|
+
SG+is37hz1IaBeEudjB2HQJAR0AloavBvtsng8obsjLb7EKnB+pSeHr/BdIQ3VH7
|
93
|
+
fWLOqqkzFeRrYMDzUpl36XktY6Yq8EJYlW9pCMmBVNy/dQ==
|
94
|
+
-----END DSA PUBLIC KEY-----
|
95
|
+
EOF
|
96
|
+
key = OpenSSL::PKey::DSA.new(pem)
|
97
|
+
assert(key.public?)
|
98
|
+
assert(!key.private?)
|
99
|
+
assert_equal(p, key.p)
|
100
|
+
assert_equal(q, key.q)
|
101
|
+
assert_equal(g, key.g)
|
102
|
+
assert_equal(y, key.pub_key)
|
103
|
+
assert_equal(nil, key.priv_key)
|
104
|
+
assert_equal([], OpenSSL.errors)
|
105
|
+
end
|
106
|
+
|
107
|
+
def test_read_DSA_PUBKEY_pem
|
108
|
+
p = 12260055936871293565827712385212529106400444521449663325576634579961635627321079536132296996623400607469624537382977152381984332395192110731059176842635699
|
109
|
+
q = 979494906553787301107832405790107343409973851677
|
110
|
+
g = 3731695366899846297271147240305742456317979984190506040697507048095553842519347835107669437969086119948785140453492839427038591924536131566350847469993845
|
111
|
+
y = 10505239074982761504240823422422813362721498896040719759460296306305851824586095328615844661273887569281276387605297130014564808567159023649684010036304695
|
112
|
+
pem = <<-EOF
|
113
|
+
-----BEGIN PUBLIC KEY-----
|
114
|
+
MIHxMIGoBgcqhkjOOAQBMIGcAkEA6hXntfQXEo78+s1r8yShbOQIpX+HOESnTNsV
|
115
|
+
2yJzD6EiMntLpJ38WUOWjz0dBnYW69YnrAYszWPTSvf34XapswIVAKuSEhdIb6Kz
|
116
|
+
fuHPUhoF4S52MHYdAkBHQCWhq8G+2yeDyhuyMtvsQqcH6lJ4ev8F0hDdUft9Ys6q
|
117
|
+
qTMV5GtgwPNSmXfpeS1jpirwQliVb2kIyYFU3L91A0QAAkEAyJSJ+g+P/knVcgDw
|
118
|
+
wTzC7Pwg/pWs2EMd/r+lYlXhNfzg0biuXRul8VR4VUC/phySExY0PdcqItkR/xYA
|
119
|
+
YNMbNw==
|
120
|
+
-----END PUBLIC KEY-----
|
121
|
+
EOF
|
122
|
+
key = OpenSSL::PKey::DSA.new(pem)
|
123
|
+
assert(key.public?)
|
124
|
+
assert(!key.private?)
|
125
|
+
assert_equal(p, key.p)
|
126
|
+
assert_equal(q, key.q)
|
127
|
+
assert_equal(g, key.g)
|
128
|
+
assert_equal(y, key.pub_key)
|
129
|
+
assert_equal(nil, key.priv_key)
|
130
|
+
assert_equal([], OpenSSL.errors)
|
131
|
+
end
|
132
|
+
|
133
|
+
def test_export_format_is_DSA_PUBKEY_pem
|
134
|
+
key = OpenSSL::TestUtils::TEST_KEY_DSA256
|
135
|
+
pem = key.public_key.to_pem
|
136
|
+
pem.gsub!(/^-+(\w|\s)+-+$/, "") # eliminate --------BEGIN...-------
|
137
|
+
asn1 = OpenSSL::ASN1.decode(Base64.decode64(pem))
|
138
|
+
assert_equal(OpenSSL::ASN1::SEQUENCE, asn1.tag)
|
139
|
+
assert_equal(2, asn1.value.size)
|
140
|
+
seq = asn1.value
|
141
|
+
assert_equal(OpenSSL::ASN1::SEQUENCE, seq[0].tag)
|
142
|
+
assert_equal(2, seq[0].value.size)
|
143
|
+
algo_id = seq[0].value
|
144
|
+
assert_equal(OpenSSL::ASN1::OBJECT, algo_id[0].tag)
|
145
|
+
assert_equal('DSA', algo_id[0].value)
|
146
|
+
assert_equal(OpenSSL::ASN1::SEQUENCE, algo_id[1].tag)
|
147
|
+
assert_equal(3, algo_id[1].value.size)
|
148
|
+
params = algo_id[1].value
|
149
|
+
assert_equal(OpenSSL::ASN1::INTEGER, params[0].tag)
|
150
|
+
assert_equal(key.p, params[0].value)
|
151
|
+
assert_equal(OpenSSL::ASN1::INTEGER, params[1].tag)
|
152
|
+
assert_equal(key.q, params[1].value)
|
153
|
+
assert_equal(OpenSSL::ASN1::INTEGER, params[2].tag)
|
154
|
+
assert_equal(key.g, params[2].value)
|
155
|
+
assert_equal(OpenSSL::ASN1::BIT_STRING, seq[1].tag)
|
156
|
+
assert_equal(0, seq[1].unused_bits)
|
157
|
+
pub_key = OpenSSL::ASN1.decode(seq[1].value)
|
158
|
+
assert_equal(OpenSSL::ASN1::INTEGER, pub_key.tag)
|
159
|
+
assert_equal(key.pub_key, pub_key.value)
|
160
|
+
assert_equal([], OpenSSL.errors)
|
161
|
+
end
|
162
|
+
|
163
|
+
def test_read_private_key_der
|
164
|
+
key = OpenSSL::TestUtils::TEST_KEY_DSA256
|
165
|
+
der = key.to_der
|
166
|
+
key2 = OpenSSL::PKey.read(der)
|
167
|
+
assert(key2.private?)
|
168
|
+
assert_equal(der, key2.to_der)
|
169
|
+
assert_equal([], OpenSSL.errors)
|
170
|
+
end
|
171
|
+
|
172
|
+
def test_read_private_key_pem
|
173
|
+
key = OpenSSL::TestUtils::TEST_KEY_DSA256
|
174
|
+
pem = key.to_pem
|
175
|
+
key2 = OpenSSL::PKey.read(pem)
|
176
|
+
assert(key2.private?)
|
177
|
+
assert_equal(pem, key2.to_pem)
|
178
|
+
assert_equal([], OpenSSL.errors)
|
179
|
+
end
|
180
|
+
|
181
|
+
def test_read_public_key_der
|
182
|
+
key = OpenSSL::TestUtils::TEST_KEY_DSA256.public_key
|
183
|
+
der = key.to_der
|
184
|
+
key2 = OpenSSL::PKey.read(der)
|
185
|
+
assert(!key2.private?)
|
186
|
+
assert_equal(der, key2.to_der)
|
187
|
+
assert_equal([], OpenSSL.errors)
|
188
|
+
end
|
189
|
+
|
190
|
+
def test_read_public_key_pem
|
191
|
+
key = OpenSSL::TestUtils::TEST_KEY_DSA256.public_key
|
192
|
+
pem = key.to_pem
|
193
|
+
key2 = OpenSSL::PKey.read(pem)
|
194
|
+
assert(!key2.private?)
|
195
|
+
assert_equal(pem, key2.to_pem)
|
196
|
+
assert_equal([], OpenSSL.errors)
|
197
|
+
end
|
198
|
+
|
199
|
+
def test_read_private_key_pem_pw
|
200
|
+
key = OpenSSL::TestUtils::TEST_KEY_DSA256
|
201
|
+
pem = key.to_pem(OpenSSL::Cipher.new('AES-128-CBC'), 'secret')
|
202
|
+
#callback form for password
|
203
|
+
key2 = OpenSSL::PKey.read(pem) do
|
204
|
+
'secret'
|
205
|
+
end
|
206
|
+
assert(key2.private?)
|
207
|
+
# pass password directly
|
208
|
+
key2 = OpenSSL::PKey.read(pem, 'secret')
|
209
|
+
assert(key2.private?)
|
210
|
+
#omit pem equality check, will be different due to cipher iv
|
211
|
+
assert_equal([], OpenSSL.errors)
|
212
|
+
end
|
213
|
+
|
214
|
+
private
|
215
|
+
|
216
|
+
def check_sign_verify(digest)
|
217
|
+
key = OpenSSL::TestUtils::TEST_KEY_DSA256
|
218
|
+
data = 'Sign me!'
|
219
|
+
sig = key.sign(digest, data)
|
220
|
+
assert(key.verify(digest, sig, data))
|
221
|
+
end
|
222
|
+
end
|
223
|
+
|
224
|
+
end
|
@@ -0,0 +1,182 @@
|
|
1
|
+
require_relative 'utils'
|
2
|
+
|
3
|
+
if defined?(OpenSSL::PKey::EC)
|
4
|
+
|
5
|
+
class OpenSSL::TestEC < Test::Unit::TestCase
|
6
|
+
def setup
|
7
|
+
@data1 = 'foo'
|
8
|
+
@data2 = 'bar' * 1000 # data too long for DSA sig
|
9
|
+
|
10
|
+
@group1 = OpenSSL::PKey::EC::Group.new('secp112r1')
|
11
|
+
@group2 = OpenSSL::PKey::EC::Group.new('sect163k1')
|
12
|
+
@group3 = OpenSSL::PKey::EC::Group.new('prime256v1')
|
13
|
+
|
14
|
+
@key1 = OpenSSL::PKey::EC.new
|
15
|
+
@key1.group = @group1
|
16
|
+
@key1.generate_key
|
17
|
+
|
18
|
+
@key2 = OpenSSL::PKey::EC.new(@group2.curve_name)
|
19
|
+
@key2.generate_key
|
20
|
+
|
21
|
+
@key3 = OpenSSL::PKey::EC.new(@group3)
|
22
|
+
@key3.generate_key
|
23
|
+
|
24
|
+
@groups = [@group1, @group2, @group3]
|
25
|
+
@keys = [@key1, @key2, @key3]
|
26
|
+
end
|
27
|
+
|
28
|
+
def compare_keys(k1, k2)
|
29
|
+
assert_equal(k1.to_pem, k2.to_pem)
|
30
|
+
end
|
31
|
+
|
32
|
+
def test_curve_names
|
33
|
+
@groups.each_with_index do |group, idx|
|
34
|
+
key = @keys[idx]
|
35
|
+
assert_equal(group.curve_name, key.group.curve_name)
|
36
|
+
end
|
37
|
+
end
|
38
|
+
|
39
|
+
def test_check_key
|
40
|
+
for key in @keys
|
41
|
+
assert_equal(key.check_key, true)
|
42
|
+
assert_equal(key.private_key?, true)
|
43
|
+
assert_equal(key.public_key?, true)
|
44
|
+
end
|
45
|
+
end
|
46
|
+
|
47
|
+
def test_encoding
|
48
|
+
for group in @groups
|
49
|
+
for meth in [:to_der, :to_pem]
|
50
|
+
txt = group.send(meth)
|
51
|
+
gr = OpenSSL::PKey::EC::Group.new(txt)
|
52
|
+
assert_equal(txt, gr.send(meth))
|
53
|
+
|
54
|
+
assert_equal(group.generator.to_bn, gr.generator.to_bn)
|
55
|
+
assert_equal(group.cofactor, gr.cofactor)
|
56
|
+
assert_equal(group.order, gr.order)
|
57
|
+
assert_equal(group.seed, gr.seed)
|
58
|
+
assert_equal(group.degree, gr.degree)
|
59
|
+
end
|
60
|
+
end
|
61
|
+
|
62
|
+
for key in @keys
|
63
|
+
group = key.group
|
64
|
+
|
65
|
+
for meth in [:to_der, :to_pem]
|
66
|
+
txt = key.send(meth)
|
67
|
+
assert_equal(txt, OpenSSL::PKey::EC.new(txt).send(meth))
|
68
|
+
end
|
69
|
+
|
70
|
+
bn = key.public_key.to_bn
|
71
|
+
assert_equal(bn, OpenSSL::PKey::EC::Point.new(group, bn).to_bn)
|
72
|
+
end
|
73
|
+
end
|
74
|
+
|
75
|
+
def test_set_keys
|
76
|
+
for key in @keys
|
77
|
+
k = OpenSSL::PKey::EC.new
|
78
|
+
k.group = key.group
|
79
|
+
k.private_key = key.private_key
|
80
|
+
k.public_key = key.public_key
|
81
|
+
|
82
|
+
compare_keys(key, k)
|
83
|
+
end
|
84
|
+
end
|
85
|
+
|
86
|
+
def test_dsa_sign_verify
|
87
|
+
for key in @keys
|
88
|
+
sig = key.dsa_sign_asn1(@data1)
|
89
|
+
assert(key.dsa_verify_asn1(@data1, sig))
|
90
|
+
end
|
91
|
+
end
|
92
|
+
|
93
|
+
def test_dsa_sign_asn1_FIPS186_3
|
94
|
+
for key in @keys
|
95
|
+
size = key.group.order.num_bits / 8 + 1
|
96
|
+
dgst = (1..size).to_a.pack('C*')
|
97
|
+
begin
|
98
|
+
sig = key.dsa_sign_asn1(dgst)
|
99
|
+
# dgst is auto-truncated according to FIPS186-3 after openssl-0.9.8m
|
100
|
+
assert(key.dsa_verify_asn1(dgst + "garbage", sig))
|
101
|
+
rescue OpenSSL::PKey::ECError => e
|
102
|
+
# just an exception for longer dgst before openssl-0.9.8m
|
103
|
+
assert_equal('ECDSA_sign: data too large for key size', e.message)
|
104
|
+
# no need to do following tests
|
105
|
+
return
|
106
|
+
end
|
107
|
+
end
|
108
|
+
end
|
109
|
+
|
110
|
+
def test_dh_compute_key
|
111
|
+
for key in @keys
|
112
|
+
k = OpenSSL::PKey::EC.new(key.group)
|
113
|
+
k.generate_key
|
114
|
+
|
115
|
+
puba = key.public_key
|
116
|
+
pubb = k.public_key
|
117
|
+
a = key.dh_compute_key(pubb)
|
118
|
+
b = k.dh_compute_key(puba)
|
119
|
+
assert_equal(a, b)
|
120
|
+
end
|
121
|
+
end
|
122
|
+
|
123
|
+
def test_read_private_key_der
|
124
|
+
ec = OpenSSL::TestUtils::TEST_KEY_EC_P256V1
|
125
|
+
der = ec.to_der
|
126
|
+
ec2 = OpenSSL::PKey.read(der)
|
127
|
+
assert(ec2.private_key?)
|
128
|
+
assert_equal(der, ec2.to_der)
|
129
|
+
assert_equal([], OpenSSL.errors)
|
130
|
+
end
|
131
|
+
|
132
|
+
def test_read_private_key_pem
|
133
|
+
ec = OpenSSL::TestUtils::TEST_KEY_EC_P256V1
|
134
|
+
pem = ec.to_pem
|
135
|
+
ec2 = OpenSSL::PKey.read(pem)
|
136
|
+
assert(ec2.private_key?)
|
137
|
+
assert_equal(pem, ec2.to_pem)
|
138
|
+
assert_equal([], OpenSSL.errors)
|
139
|
+
end
|
140
|
+
|
141
|
+
def test_read_public_key_der
|
142
|
+
ec = OpenSSL::TestUtils::TEST_KEY_EC_P256V1
|
143
|
+
ec2 = OpenSSL::PKey::EC.new(ec.group)
|
144
|
+
ec2.public_key = ec.public_key
|
145
|
+
der = ec2.to_der
|
146
|
+
ec3 = OpenSSL::PKey.read(der)
|
147
|
+
assert(!ec3.private_key?)
|
148
|
+
assert_equal(der, ec3.to_der)
|
149
|
+
assert_equal([], OpenSSL.errors)
|
150
|
+
end
|
151
|
+
|
152
|
+
def test_read_public_key_pem
|
153
|
+
ec = OpenSSL::TestUtils::TEST_KEY_EC_P256V1
|
154
|
+
ec2 = OpenSSL::PKey::EC.new(ec.group)
|
155
|
+
ec2.public_key = ec.public_key
|
156
|
+
pem = ec2.to_pem
|
157
|
+
ec3 = OpenSSL::PKey.read(pem)
|
158
|
+
assert(!ec3.private_key?)
|
159
|
+
assert_equal(pem, ec3.to_pem)
|
160
|
+
assert_equal([], OpenSSL.errors)
|
161
|
+
end
|
162
|
+
|
163
|
+
def test_read_private_key_pem_pw
|
164
|
+
ec = OpenSSL::TestUtils::TEST_KEY_EC_P256V1
|
165
|
+
pem = ec.to_pem(OpenSSL::Cipher.new('AES-128-CBC'), 'secret')
|
166
|
+
#callback form for password
|
167
|
+
ec2 = OpenSSL::PKey.read(pem) do
|
168
|
+
'secret'
|
169
|
+
end
|
170
|
+
assert(ec2.private_key?)
|
171
|
+
# pass password directly
|
172
|
+
ec2 = OpenSSL::PKey.read(pem, 'secret')
|
173
|
+
assert(ec2.private_key?)
|
174
|
+
#omit pem equality check, will be different due to cipher iv
|
175
|
+
assert_equal([], OpenSSL.errors)
|
176
|
+
end
|
177
|
+
|
178
|
+
# test Group: asn1_flag, point_conversion
|
179
|
+
|
180
|
+
end
|
181
|
+
|
182
|
+
end
|
@@ -0,0 +1,244 @@
|
|
1
|
+
require_relative 'utils'
|
2
|
+
require 'base64'
|
3
|
+
|
4
|
+
if defined?(OpenSSL)
|
5
|
+
|
6
|
+
class OpenSSL::TestPKeyRSA < Test::Unit::TestCase
|
7
|
+
def test_padding
|
8
|
+
key = OpenSSL::PKey::RSA.new(512, 3)
|
9
|
+
|
10
|
+
# Need right size for raw mode
|
11
|
+
plain0 = "x" * (512/8)
|
12
|
+
cipher = key.private_encrypt(plain0, OpenSSL::PKey::RSA::NO_PADDING)
|
13
|
+
plain1 = key.public_decrypt(cipher, OpenSSL::PKey::RSA::NO_PADDING)
|
14
|
+
assert_equal(plain0, plain1)
|
15
|
+
|
16
|
+
# Need smaller size for pkcs1 mode
|
17
|
+
plain0 = "x" * (512/8 - 11)
|
18
|
+
cipher1 = key.private_encrypt(plain0, OpenSSL::PKey::RSA::PKCS1_PADDING)
|
19
|
+
plain1 = key.public_decrypt(cipher1, OpenSSL::PKey::RSA::PKCS1_PADDING)
|
20
|
+
assert_equal(plain0, plain1)
|
21
|
+
|
22
|
+
cipherdef = key.private_encrypt(plain0) # PKCS1_PADDING is default
|
23
|
+
plain1 = key.public_decrypt(cipherdef)
|
24
|
+
assert_equal(plain0, plain1)
|
25
|
+
assert_equal(cipher1, cipherdef)
|
26
|
+
|
27
|
+
# Failure cases
|
28
|
+
assert_raise(ArgumentError){ key.private_encrypt() }
|
29
|
+
assert_raise(ArgumentError){ key.private_encrypt("hi", 1, nil) }
|
30
|
+
assert_raise(OpenSSL::PKey::RSAError){ key.private_encrypt(plain0, 666) }
|
31
|
+
end
|
32
|
+
|
33
|
+
def test_private
|
34
|
+
key = OpenSSL::PKey::RSA.new(512, 3)
|
35
|
+
assert(key.private?)
|
36
|
+
key2 = OpenSSL::PKey::RSA.new(key.to_der)
|
37
|
+
assert(key2.private?)
|
38
|
+
key3 = key.public_key
|
39
|
+
assert(!key3.private?)
|
40
|
+
key4 = OpenSSL::PKey::RSA.new(key3.to_der)
|
41
|
+
assert(!key4.private?)
|
42
|
+
end
|
43
|
+
|
44
|
+
def test_new
|
45
|
+
key = OpenSSL::PKey::RSA.new 512
|
46
|
+
pem = key.public_key.to_pem
|
47
|
+
OpenSSL::PKey::RSA.new pem
|
48
|
+
assert_equal([], OpenSSL.errors)
|
49
|
+
end
|
50
|
+
|
51
|
+
def test_sign_verify
|
52
|
+
key = OpenSSL::TestUtils::TEST_KEY_RSA1024
|
53
|
+
digest = OpenSSL::Digest::SHA1.new
|
54
|
+
data = 'Sign me!'
|
55
|
+
sig = key.sign(digest, data)
|
56
|
+
assert(key.verify(digest, sig, data))
|
57
|
+
end
|
58
|
+
|
59
|
+
def test_digest_state_irrelevant_sign
|
60
|
+
key = OpenSSL::TestUtils::TEST_KEY_RSA1024
|
61
|
+
digest1 = OpenSSL::Digest::SHA1.new
|
62
|
+
digest2 = OpenSSL::Digest::SHA1.new
|
63
|
+
data = 'Sign me!'
|
64
|
+
digest1 << 'Change state of digest1'
|
65
|
+
sig1 = key.sign(digest1, data)
|
66
|
+
sig2 = key.sign(digest2, data)
|
67
|
+
assert_equal(sig1, sig2)
|
68
|
+
end
|
69
|
+
|
70
|
+
def test_digest_state_irrelevant_verify
|
71
|
+
key = OpenSSL::TestUtils::TEST_KEY_RSA1024
|
72
|
+
digest1 = OpenSSL::Digest::SHA1.new
|
73
|
+
digest2 = OpenSSL::Digest::SHA1.new
|
74
|
+
data = 'Sign me!'
|
75
|
+
sig = key.sign(digest1, data)
|
76
|
+
digest1.reset
|
77
|
+
digest1 << 'Change state of digest1'
|
78
|
+
assert(key.verify(digest1, sig, data))
|
79
|
+
assert(key.verify(digest2, sig, data))
|
80
|
+
end
|
81
|
+
|
82
|
+
def test_read_RSAPublicKey
|
83
|
+
modulus = 10664264882656732240315063514678024569492171560814833397008094754351396057398262071307709191731289492697968568138092052265293364132872019762410446076526351
|
84
|
+
exponent = 65537
|
85
|
+
seq = OpenSSL::ASN1::Sequence.new([OpenSSL::ASN1::Integer.new(modulus), OpenSSL::ASN1::Integer.new(exponent)])
|
86
|
+
key = OpenSSL::PKey::RSA.new(seq.to_der)
|
87
|
+
assert(key.public?)
|
88
|
+
assert(!key.private?)
|
89
|
+
assert_equal(modulus, key.n)
|
90
|
+
assert_equal(exponent, key.e)
|
91
|
+
assert_equal(nil, key.d)
|
92
|
+
assert_equal(nil, key.p)
|
93
|
+
assert_equal(nil, key.q)
|
94
|
+
assert_equal([], OpenSSL.errors)
|
95
|
+
end
|
96
|
+
|
97
|
+
def test_read_RSA_PUBKEY
|
98
|
+
modulus = 10664264882656732240315063514678024569492171560814833397008094754351396057398262071307709191731289492697968568138092052265293364132872019762410446076526351
|
99
|
+
exponent = 65537
|
100
|
+
algo = OpenSSL::ASN1::ObjectId.new('rsaEncryption')
|
101
|
+
null_params = OpenSSL::ASN1::Null.new(nil)
|
102
|
+
algo_id = OpenSSL::ASN1::Sequence.new ([algo, null_params])
|
103
|
+
pub_key = OpenSSL::ASN1::Sequence.new([OpenSSL::ASN1::Integer.new(modulus), OpenSSL::ASN1::Integer.new(exponent)])
|
104
|
+
seq = OpenSSL::ASN1::Sequence.new([algo_id, OpenSSL::ASN1::BitString.new(pub_key.to_der)])
|
105
|
+
key = OpenSSL::PKey::RSA.new(seq.to_der)
|
106
|
+
assert(key.public?)
|
107
|
+
assert(!key.private?)
|
108
|
+
assert_equal(modulus, key.n)
|
109
|
+
assert_equal(exponent, key.e)
|
110
|
+
assert_equal(nil, key.d)
|
111
|
+
assert_equal(nil, key.p)
|
112
|
+
assert_equal(nil, key.q)
|
113
|
+
assert_equal([], OpenSSL.errors)
|
114
|
+
end
|
115
|
+
|
116
|
+
def test_read_RSAPublicKey_pem
|
117
|
+
modulus = 9416340886363418692990906464787534854462163316648195510702927337693641649864839352187127240942127674615733815606532506566068276485089353644309497938966061
|
118
|
+
exponent = 65537
|
119
|
+
pem = <<-EOF
|
120
|
+
-----BEGIN RSA PUBLIC KEY-----
|
121
|
+
MEgCQQCzyh2RIZK62E2PbTWqUljD+K23XR9AGBKNtXjal6WD2yRGcLqzPJLNCa60
|
122
|
+
AudJR1JobbIbDJrQu6AXnWh5k/YtAgMBAAE=
|
123
|
+
-----END RSA PUBLIC KEY-----
|
124
|
+
EOF
|
125
|
+
key = OpenSSL::PKey::RSA.new(pem)
|
126
|
+
assert(key.public?)
|
127
|
+
assert(!key.private?)
|
128
|
+
assert_equal(modulus, key.n)
|
129
|
+
assert_equal(exponent, key.e)
|
130
|
+
assert_equal(nil, key.d)
|
131
|
+
assert_equal(nil, key.p)
|
132
|
+
assert_equal(nil, key.q)
|
133
|
+
assert_equal([], OpenSSL.errors)
|
134
|
+
end
|
135
|
+
|
136
|
+
def test_read_RSA_PUBKEY_pem
|
137
|
+
modulus = 9416340886363418692990906464787534854462163316648195510702927337693641649864839352187127240942127674615733815606532506566068276485089353644309497938966061
|
138
|
+
exponent = 65537
|
139
|
+
pem = <<-EOF
|
140
|
+
-----BEGIN PUBLIC KEY-----
|
141
|
+
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALPKHZEhkrrYTY9tNapSWMP4rbdd
|
142
|
+
H0AYEo21eNqXpYPbJEZwurM8ks0JrrQC50lHUmhtshsMmtC7oBedaHmT9i0C
|
143
|
+
AwEAAQ==
|
144
|
+
-----END PUBLIC KEY-----
|
145
|
+
EOF
|
146
|
+
key = OpenSSL::PKey::RSA.new(pem)
|
147
|
+
assert(key.public?)
|
148
|
+
assert(!key.private?)
|
149
|
+
assert_equal(modulus, key.n)
|
150
|
+
assert_equal(exponent, key.e)
|
151
|
+
assert_equal(nil, key.d)
|
152
|
+
assert_equal(nil, key.p)
|
153
|
+
assert_equal(nil, key.q)
|
154
|
+
assert_equal([], OpenSSL.errors)
|
155
|
+
end
|
156
|
+
|
157
|
+
def test_export_format_is_RSA_PUBKEY
|
158
|
+
key = OpenSSL::PKey::RSA.new(512)
|
159
|
+
asn1 = OpenSSL::ASN1.decode(key.public_key.to_der)
|
160
|
+
check_PUBKEY(asn1, key)
|
161
|
+
end
|
162
|
+
|
163
|
+
def test_export_format_is_RSA_PUBKEY_pem
|
164
|
+
key = OpenSSL::PKey::RSA.new(512)
|
165
|
+
pem = key.public_key.to_pem
|
166
|
+
pem.gsub!(/^-+(\w|\s)+-+$/, "") # eliminate --------BEGIN...-------
|
167
|
+
asn1 = OpenSSL::ASN1.decode(Base64.decode64(pem))
|
168
|
+
check_PUBKEY(asn1, key)
|
169
|
+
end
|
170
|
+
|
171
|
+
def test_read_private_key_der
|
172
|
+
der = OpenSSL::TestUtils::TEST_KEY_RSA1024.to_der
|
173
|
+
key = OpenSSL::PKey.read(der)
|
174
|
+
assert(key.private?)
|
175
|
+
assert_equal(der, key.to_der)
|
176
|
+
assert_equal([], OpenSSL.errors)
|
177
|
+
end
|
178
|
+
|
179
|
+
def test_read_private_key_pem
|
180
|
+
pem = OpenSSL::TestUtils::TEST_KEY_RSA1024.to_pem
|
181
|
+
key = OpenSSL::PKey.read(pem)
|
182
|
+
assert(key.private?)
|
183
|
+
assert_equal(pem, key.to_pem)
|
184
|
+
assert_equal([], OpenSSL.errors)
|
185
|
+
end
|
186
|
+
|
187
|
+
def test_read_public_key_der
|
188
|
+
der = OpenSSL::TestUtils::TEST_KEY_RSA1024.public_key.to_der
|
189
|
+
key = OpenSSL::PKey.read(der)
|
190
|
+
assert(!key.private?)
|
191
|
+
assert_equal(der, key.to_der)
|
192
|
+
assert_equal([], OpenSSL.errors)
|
193
|
+
end
|
194
|
+
|
195
|
+
def test_read_public_key_pem
|
196
|
+
pem = OpenSSL::TestUtils::TEST_KEY_RSA1024.public_key.to_pem
|
197
|
+
key = OpenSSL::PKey.read(pem)
|
198
|
+
assert(!key.private?)
|
199
|
+
assert_equal(pem, key.to_pem)
|
200
|
+
assert_equal([], OpenSSL.errors)
|
201
|
+
end
|
202
|
+
|
203
|
+
def test_read_private_key_pem_pw
|
204
|
+
pem = OpenSSL::TestUtils::TEST_KEY_RSA1024.to_pem(OpenSSL::Cipher.new('AES-128-CBC'), 'secret')
|
205
|
+
#callback form for password
|
206
|
+
key = OpenSSL::PKey.read(pem) do
|
207
|
+
'secret'
|
208
|
+
end
|
209
|
+
assert(key.private?)
|
210
|
+
# pass password directly
|
211
|
+
key = OpenSSL::PKey.read(pem, 'secret')
|
212
|
+
assert(key.private?)
|
213
|
+
#omit pem equality check, will be different due to cipher iv
|
214
|
+
assert_equal([], OpenSSL.errors)
|
215
|
+
end
|
216
|
+
|
217
|
+
private
|
218
|
+
|
219
|
+
def check_PUBKEY(asn1, key)
|
220
|
+
assert_equal(OpenSSL::ASN1::SEQUENCE, asn1.tag)
|
221
|
+
assert_equal(2, asn1.value.size)
|
222
|
+
seq = asn1.value
|
223
|
+
assert_equal(OpenSSL::ASN1::SEQUENCE, seq[0].tag)
|
224
|
+
assert_equal(2, seq[0].value.size)
|
225
|
+
algo_id = seq[0].value
|
226
|
+
assert_equal(OpenSSL::ASN1::OBJECT, algo_id[0].tag)
|
227
|
+
assert_equal('rsaEncryption', algo_id[0].value)
|
228
|
+
assert_equal(OpenSSL::ASN1::NULL, algo_id[1].tag)
|
229
|
+
assert_equal(nil, algo_id[1].value)
|
230
|
+
assert_equal(OpenSSL::ASN1::BIT_STRING, seq[1].tag)
|
231
|
+
assert_equal(0, seq[1].unused_bits)
|
232
|
+
pub_key = OpenSSL::ASN1.decode(seq[1].value)
|
233
|
+
assert_equal(OpenSSL::ASN1::SEQUENCE, pub_key.tag)
|
234
|
+
assert_equal(2, pub_key.value.size)
|
235
|
+
assert_equal(OpenSSL::ASN1::INTEGER, pub_key.value[0].tag)
|
236
|
+
assert_equal(key.n, pub_key.value[0].value)
|
237
|
+
assert_equal(OpenSSL::ASN1::INTEGER, pub_key.value[1].tag)
|
238
|
+
assert_equal(key.e, pub_key.value[1].value)
|
239
|
+
assert_equal([], OpenSSL.errors)
|
240
|
+
end
|
241
|
+
|
242
|
+
end
|
243
|
+
|
244
|
+
end
|