import Ruby/OpenSSL 2.0.0.beta.1

* NEWS, {ext,test,sample}/openssl: Import Ruby/OpenSSL 2.0.0.beta.1. ext/openssl is now converted into a default gem. The full commit history since r55538 can be found at: https://github.com/ruby/openssl/compare/08e1881f5663...v2.0.0.beta.1 [Feature #9612] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56027 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
author: rhe <rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2016-08-29 05:47:09 +0000
committer: rhe <rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2016-08-29 05:47:09 +0000
commit: c9dc0164b8ad1cb23faf6120749bcc349a7bfd45 (patch)
tree: 831281099f54c0be80293785761a46688a0711f3 /test/openssl/test_cipher.rb
parent: 28bf4d545fb7674fcdc99c93ba7476d320551d11 (diff)
1 files changed, 79 insertions, 11 deletions
diff --git a/test/openssl/test_cipher.rb b/test/openssl/test_cipher.rb
index ec14f46714..74c5394f5f 100644
--- a/test/openssl/test_cipher.rb
+++ b/test/openssl/test_cipher.rb
@@ -5,16 +5,12 @@ if defined?(OpenSSL::TestUtils)
 
 class OpenSSL::TestCipher < OpenSSL::TestCase
 
+  @ciphers = OpenSSL::Cipher.ciphers
+
   class << self
 
     def has_cipher?(name)
-      ciphers = OpenSSL::Cipher.ciphers
-      # redefine method so we can use the cached ciphers value from the closure
-      # and need not recompute the list each time
-      define_singleton_method :has_cipher? do |name|
-        ciphers.include?(name)
-      end
-      has_cipher?(name)
+      @ciphers.include?(name)
     end
 
     def has_ciphers?(list)
@@ -24,7 +20,7 @@ class OpenSSL::TestCipher < OpenSSL::TestCase
   end
 
   def setup
-    @c1 = OpenSSL::Cipher::Cipher.new("DES-EDE3-CBC")
+    @c1 = OpenSSL::Cipher.new("DES-EDE3-CBC")
     @c2 = OpenSSL::Cipher::DES.new(:EDE3, "CBC")
     @key = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"
     @iv = "\0\0\0\0\0\0\0\0"
@@ -118,10 +114,9 @@ class OpenSSL::TestCipher < OpenSSL::TestCase
     OpenSSL::Cipher.ciphers.each{|name|
       next if /netbsd/ =~ RUBY_PLATFORM && /idea|rc5/i =~ name
       begin
-        assert_kind_of(OpenSSL::Cipher::Cipher, OpenSSL::Cipher::Cipher.new(name))
+        assert_kind_of(OpenSSL::Cipher, OpenSSL::Cipher.new(name))
       rescue OpenSSL::Cipher::CipherError => e
-        next if /wrap/ =~ name and e.message == 'wrap mode not allowed'
-        raise
+        raise unless /wrap/ =~ name and /wrap mode not allowed/ =~ e.message
       end
     }
   end
@@ -247,8 +242,81 @@ class OpenSSL::TestCipher < OpenSSL::TestCase
       end
     end
 
+    def test_aes_gcm_variable_iv_len
+      pt = "You should all use Authenticated Encryption!"
+      cipher = OpenSSL::Cipher.new("aes-128-gcm").encrypt
+      cipher.key = "x" * 16
+      assert_equal(12, cipher.iv_len)
+      cipher.iv = "a" * 12
+      ct1 = cipher.update(pt) << cipher.final
+      tag1 = cipher.auth_tag
+
+      cipher = OpenSSL::Cipher.new("aes-128-gcm").encrypt
+      cipher.key = "x" * 16
+      cipher.iv_len = 10
+      assert_equal(10, cipher.iv_len)
+      cipher.iv = "a" * 10
+      ct2 = cipher.update(pt) << cipher.final
+      tag2 = cipher.auth_tag
+
+      assert_not_equal ct1, ct2
+      assert_not_equal tag1, tag2
+
+      decipher = OpenSSL::Cipher.new("aes-128-gcm").decrypt
+      decipher.auth_tag = tag1
+      decipher.key = "x" * 16
+      decipher.iv_len = 12
+      decipher.iv = "a" * 12
+      assert_equal(pt, decipher.update(ct1) << decipher.final)
+
+      decipher.reset
+      decipher.auth_tag = tag2
+      assert_raise(OpenSSL::Cipher::CipherError) {
+        decipher.update(ct2) << decipher.final
+      }
+
+      decipher.reset
+      decipher.auth_tag = tag2
+      decipher.iv_len = 10
+      decipher.iv = "a" * 10
+      assert_equal(pt, decipher.update(ct2) << decipher.final)
+    end
+
   end
 
+  def test_aes_ocb_tag_len
+    pt = "You should all use Authenticated Encryption!"
+    cipher = OpenSSL::Cipher.new("aes-128-ocb").encrypt
+    cipher.auth_tag_len = 14
+    cipher.iv_len = 8
+    key = cipher.random_key
+    iv = cipher.random_iv
+    cipher.auth_data = "aad"
+    ct  = cipher.update(pt) + cipher.final
+    tag = cipher.auth_tag
+    assert_equal(14, tag.size)
+
+    decipher = OpenSSL::Cipher.new("aes-128-ocb").decrypt
+    decipher.auth_tag_len = 14
+    decipher.auth_tag = tag
+    decipher.iv_len = 8
+    decipher.key = key
+    decipher.iv = iv
+    decipher.auth_data = "aad"
+    assert_equal(pt, decipher.update(ct) + decipher.final)
+
+    decipher = OpenSSL::Cipher.new("aes-128-ocb").decrypt
+    decipher.auth_tag_len = 9
+    decipher.auth_tag = tag[0, 9]
+    decipher.iv_len = 8
+    decipher.key = key
+    decipher.iv = iv
+    decipher.auth_data = "aad"
+    assert_raise(OpenSSL::Cipher::CipherError) {
+      decipher.update(ct) + decipher.final
+    }
+  end if has_cipher?("aes-128-ocb")
+
   private
 
   def new_encryptor(algo)
author	rhe <rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2016-08-29 05:47:09 +0000
committer	rhe <rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2016-08-29 05:47:09 +0000
commit	c9dc0164b8ad1cb23faf6120749bcc349a7bfd45 (patch)
tree	831281099f54c0be80293785761a46688a0711f3 /test/openssl/test_cipher.rb
parent	28bf4d545fb7674fcdc99c93ba7476d320551d11 (diff)