diff options
| author | Kazuki Yamaguchi <k@rhe.jp> | 2020-07-18 20:40:39 +0900 |
|---|---|---|
| committer | Kazuki Yamaguchi <k@rhe.jp> | 2021-07-18 17:44:46 +0900 |
| commit | 8cfe92b8a249465457ebef1d49b9e14a9fdaaddd (patch) | |
| tree | 612f89dd1a5aeccb0e92793d89be6dbfd551b95c /test/openssl | |
| parent | e2014d03542b7d1a9d4a624f82fb94c9a8119fdb (diff) | |
[ruby/openssl] pkey: allow setting algorithm-specific options in #sign and #verify
Similarly to OpenSSL::PKey.generate_key and .generate_parameters, let
OpenSSL::PKey::PKey#sign and #verify take an optional parameter for
specifying control strings for EVP_PKEY_CTX_ctrl_str().
https://github.com/ruby/openssl/commit/faf85d7c1d
Diffstat (limited to 'test/openssl')
| -rw-r--r-- | test/openssl/test_pkey_rsa.rb | 34 |
1 files changed, 14 insertions, 20 deletions
diff --git a/test/openssl/test_pkey_rsa.rb b/test/openssl/test_pkey_rsa.rb index 88164c3b52..d1e68dbc9f 100644 --- a/test/openssl/test_pkey_rsa.rb +++ b/test/openssl/test_pkey_rsa.rb @@ -117,27 +117,21 @@ class OpenSSL::TestPKeyRSA < OpenSSL::PKeyTestCase assert_equal false, rsa1024.verify("SHA256", signature1, data) end - def test_digest_state_irrelevant_sign + def test_sign_verify_options key = Fixtures.pkey("rsa1024") - digest1 = OpenSSL::Digest.new('SHA1') - digest2 = OpenSSL::Digest.new('SHA1') - data = 'Sign me!' - digest1 << 'Change state of digest1' - sig1 = key.sign(digest1, data) - sig2 = key.sign(digest2, data) - assert_equal(sig1, sig2) - end - - def test_digest_state_irrelevant_verify - key = Fixtures.pkey("rsa1024") - digest1 = OpenSSL::Digest.new('SHA1') - digest2 = OpenSSL::Digest.new('SHA1') - data = 'Sign me!' - sig = key.sign(digest1, data) - digest1.reset - digest1 << 'Change state of digest1' - assert(key.verify(digest1, sig, data)) - assert(key.verify(digest2, sig, data)) + data = "Sign me!" + pssopts = { + "rsa_padding_mode" => "pss", + "rsa_pss_saltlen" => 20, + "rsa_mgf1_md" => "SHA1" + } + sig_pss = key.sign("SHA256", data, pssopts) + assert_equal 128, sig_pss.bytesize + assert_equal true, key.verify("SHA256", sig_pss, data, pssopts) + assert_equal true, key.verify_pss("SHA256", sig_pss, data, + salt_length: 20, mgf1_hash: "SHA1") + # Defaults to PKCS #1 v1.5 padding => verification failure + assert_equal false, key.verify("SHA256", sig_pss, data) end def test_verify_empty_rsa |