summaryrefslogtreecommitdiff
path: root/test/openssl/test_pkey_rsa.rb
diff options
context:
space:
mode:
authorKazuki Yamaguchi <k@rhe.jp>2020-07-18 20:40:39 +0900
committerKazuki Yamaguchi <k@rhe.jp>2021-07-18 17:44:46 +0900
commit8cfe92b8a249465457ebef1d49b9e14a9fdaaddd (patch)
tree612f89dd1a5aeccb0e92793d89be6dbfd551b95c /test/openssl/test_pkey_rsa.rb
parente2014d03542b7d1a9d4a624f82fb94c9a8119fdb (diff)
[ruby/openssl] pkey: allow setting algorithm-specific options in #sign and #verify
Similarly to OpenSSL::PKey.generate_key and .generate_parameters, let OpenSSL::PKey::PKey#sign and #verify take an optional parameter for specifying control strings for EVP_PKEY_CTX_ctrl_str(). https://github.com/ruby/openssl/commit/faf85d7c1d
Diffstat (limited to 'test/openssl/test_pkey_rsa.rb')
-rw-r--r--test/openssl/test_pkey_rsa.rb34
1 files changed, 14 insertions, 20 deletions
diff --git a/test/openssl/test_pkey_rsa.rb b/test/openssl/test_pkey_rsa.rb
index 88164c3b52..d1e68dbc9f 100644
--- a/test/openssl/test_pkey_rsa.rb
+++ b/test/openssl/test_pkey_rsa.rb
@@ -117,27 +117,21 @@ class OpenSSL::TestPKeyRSA < OpenSSL::PKeyTestCase
assert_equal false, rsa1024.verify("SHA256", signature1, data)
end
- def test_digest_state_irrelevant_sign
+ def test_sign_verify_options
key = Fixtures.pkey("rsa1024")
- digest1 = OpenSSL::Digest.new('SHA1')
- digest2 = OpenSSL::Digest.new('SHA1')
- data = 'Sign me!'
- digest1 << 'Change state of digest1'
- sig1 = key.sign(digest1, data)
- sig2 = key.sign(digest2, data)
- assert_equal(sig1, sig2)
- end
-
- def test_digest_state_irrelevant_verify
- key = Fixtures.pkey("rsa1024")
- digest1 = OpenSSL::Digest.new('SHA1')
- digest2 = OpenSSL::Digest.new('SHA1')
- data = 'Sign me!'
- sig = key.sign(digest1, data)
- digest1.reset
- digest1 << 'Change state of digest1'
- assert(key.verify(digest1, sig, data))
- assert(key.verify(digest2, sig, data))
+ data = "Sign me!"
+ pssopts = {
+ "rsa_padding_mode" => "pss",
+ "rsa_pss_saltlen" => 20,
+ "rsa_mgf1_md" => "SHA1"
+ }
+ sig_pss = key.sign("SHA256", data, pssopts)
+ assert_equal 128, sig_pss.bytesize
+ assert_equal true, key.verify("SHA256", sig_pss, data, pssopts)
+ assert_equal true, key.verify_pss("SHA256", sig_pss, data,
+ salt_length: 20, mgf1_hash: "SHA1")
+ # Defaults to PKCS #1 v1.5 padding => verification failure
+ assert_equal false, key.verify("SHA256", sig_pss, data)
end
def test_verify_empty_rsa