diff options
| author | nahi <nahi@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2010-03-06 21:43:31 +0000 |
|---|---|---|
| committer | nahi <nahi@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2010-03-06 21:43:31 +0000 |
| commit | 8e6893f7b28700bb5294aab2f3c4a302be97b581 (patch) | |
| tree | 5989826c9e0f64f8e29a9a1e732a522c7dcb4282 /test | |
| parent | 0322d30623165b350e47d99ce81d60ab14e5b3cd (diff) | |
* test/openssl/test_ec.rb: added test_dsa_sign_asn1_FIPS186_3. dgst is
truncated with ec_key.group.order.size after openssl 0.9.8m for
FIPS 186-3 compliance.
WARNING: ruby-openssl aims to wrap an OpenSSL so when you're using
openssl 0.9.8l or earlier version, EC.dsa_sign_asn1 raises
OpenSSL::PKey::ECError as before and EC.dsa_verify_asn1 just returns
false when you pass dgst longer than expected (no truncation
performed).
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@26837 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'test')
| -rw-r--r-- | test/openssl/test_ec.rb | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/test/openssl/test_ec.rb b/test/openssl/test_ec.rb index 282bb67624..39f5577dc2 100644 --- a/test/openssl/test_ec.rb +++ b/test/openssl/test_ec.rb @@ -87,9 +87,24 @@ class OpenSSL::TestEC < Test::Unit::TestCase def test_dsa_sign_verify for key in @keys sig = key.dsa_sign_asn1(@data1) - assert_equal(key.dsa_verify_asn1(@data1, sig), true) + assert(key.dsa_verify_asn1(@data1, sig)) + end + end - assert_raise(OpenSSL::PKey::ECError) { key.dsa_sign_asn1(@data2) } + def test_dsa_sign_asn1_FIPS186_3 + for key in @keys + size = key.group.order.num_bits / 8 + 1 + dgst = (1..size).to_a.pack('C*') + begin + sig = key.dsa_sign_asn1(dgst) + # dgst is auto-truncated according to FIPS186-3 after openssl-0.9.8m + assert(key.dsa_verify_asn1(dgst + "garbage", sig)) + rescue OpenSSL::PKey::ECError => e + # just an exception for longer dgst before openssl-0.9.8m + assert_equal('ECDSA_sign: data too large for key size', e.message) + # no need to do following tests + return + end end end |