diff options
author | rhe <rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2016-08-29 05:47:09 +0000 |
---|---|---|
committer | rhe <rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2016-08-29 05:47:09 +0000 |
commit | c9dc0164b8ad1cb23faf6120749bcc349a7bfd45 (patch) | |
tree | 831281099f54c0be80293785761a46688a0711f3 /test/openssl/test_cipher.rb | |
parent | 28bf4d545fb7674fcdc99c93ba7476d320551d11 (diff) |
import Ruby/OpenSSL 2.0.0.beta.1
* NEWS, {ext,test,sample}/openssl: Import Ruby/OpenSSL 2.0.0.beta.1.
ext/openssl is now converted into a default gem. The full commit
history since r55538 can be found at:
https://github.com/ruby/openssl/compare/08e1881f5663...v2.0.0.beta.1
[Feature #9612]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56027 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'test/openssl/test_cipher.rb')
-rw-r--r-- | test/openssl/test_cipher.rb | 90 |
1 files changed, 79 insertions, 11 deletions
diff --git a/test/openssl/test_cipher.rb b/test/openssl/test_cipher.rb index ec14f46714..74c5394f5f 100644 --- a/test/openssl/test_cipher.rb +++ b/test/openssl/test_cipher.rb @@ -5,16 +5,12 @@ if defined?(OpenSSL::TestUtils) class OpenSSL::TestCipher < OpenSSL::TestCase + @ciphers = OpenSSL::Cipher.ciphers + class << self def has_cipher?(name) - ciphers = OpenSSL::Cipher.ciphers - # redefine method so we can use the cached ciphers value from the closure - # and need not recompute the list each time - define_singleton_method :has_cipher? do |name| - ciphers.include?(name) - end - has_cipher?(name) + @ciphers.include?(name) end def has_ciphers?(list) @@ -24,7 +20,7 @@ class OpenSSL::TestCipher < OpenSSL::TestCase end def setup - @c1 = OpenSSL::Cipher::Cipher.new("DES-EDE3-CBC") + @c1 = OpenSSL::Cipher.new("DES-EDE3-CBC") @c2 = OpenSSL::Cipher::DES.new(:EDE3, "CBC") @key = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" @iv = "\0\0\0\0\0\0\0\0" @@ -118,10 +114,9 @@ class OpenSSL::TestCipher < OpenSSL::TestCase OpenSSL::Cipher.ciphers.each{|name| next if /netbsd/ =~ RUBY_PLATFORM && /idea|rc5/i =~ name begin - assert_kind_of(OpenSSL::Cipher::Cipher, OpenSSL::Cipher::Cipher.new(name)) + assert_kind_of(OpenSSL::Cipher, OpenSSL::Cipher.new(name)) rescue OpenSSL::Cipher::CipherError => e - next if /wrap/ =~ name and e.message == 'wrap mode not allowed' - raise + raise unless /wrap/ =~ name and /wrap mode not allowed/ =~ e.message end } end @@ -247,8 +242,81 @@ class OpenSSL::TestCipher < OpenSSL::TestCase end end + def test_aes_gcm_variable_iv_len + pt = "You should all use Authenticated Encryption!" + cipher = OpenSSL::Cipher.new("aes-128-gcm").encrypt + cipher.key = "x" * 16 + assert_equal(12, cipher.iv_len) + cipher.iv = "a" * 12 + ct1 = cipher.update(pt) << cipher.final + tag1 = cipher.auth_tag + + cipher = OpenSSL::Cipher.new("aes-128-gcm").encrypt + cipher.key = "x" * 16 + cipher.iv_len = 10 + assert_equal(10, cipher.iv_len) + cipher.iv = "a" * 10 + ct2 = cipher.update(pt) << cipher.final + tag2 = cipher.auth_tag + + assert_not_equal ct1, ct2 + assert_not_equal tag1, tag2 + + decipher = OpenSSL::Cipher.new("aes-128-gcm").decrypt + decipher.auth_tag = tag1 + decipher.key = "x" * 16 + decipher.iv_len = 12 + decipher.iv = "a" * 12 + assert_equal(pt, decipher.update(ct1) << decipher.final) + + decipher.reset + decipher.auth_tag = tag2 + assert_raise(OpenSSL::Cipher::CipherError) { + decipher.update(ct2) << decipher.final + } + + decipher.reset + decipher.auth_tag = tag2 + decipher.iv_len = 10 + decipher.iv = "a" * 10 + assert_equal(pt, decipher.update(ct2) << decipher.final) + end + end + def test_aes_ocb_tag_len + pt = "You should all use Authenticated Encryption!" + cipher = OpenSSL::Cipher.new("aes-128-ocb").encrypt + cipher.auth_tag_len = 14 + cipher.iv_len = 8 + key = cipher.random_key + iv = cipher.random_iv + cipher.auth_data = "aad" + ct = cipher.update(pt) + cipher.final + tag = cipher.auth_tag + assert_equal(14, tag.size) + + decipher = OpenSSL::Cipher.new("aes-128-ocb").decrypt + decipher.auth_tag_len = 14 + decipher.auth_tag = tag + decipher.iv_len = 8 + decipher.key = key + decipher.iv = iv + decipher.auth_data = "aad" + assert_equal(pt, decipher.update(ct) + decipher.final) + + decipher = OpenSSL::Cipher.new("aes-128-ocb").decrypt + decipher.auth_tag_len = 9 + decipher.auth_tag = tag[0, 9] + decipher.iv_len = 8 + decipher.key = key + decipher.iv = iv + decipher.auth_data = "aad" + assert_raise(OpenSSL::Cipher::CipherError) { + decipher.update(ct) + decipher.final + } + end if has_cipher?("aes-128-ocb") + private def new_encryptor(algo) |