summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog6
-rw-r--r--ext/openssl/ossl_pkey_dh.c19
-rw-r--r--test/openssl/test_pkey_dh.rb72
-rw-r--r--test/openssl/utils.rb7
4 files changed, 96 insertions, 8 deletions
diff --git a/ChangeLog b/ChangeLog
index 6c4c1656132..a7260b948e1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+Mon Jun 13 10:54:03 2011 Martin Bosslet <Martin.Bosslet@googlemail.com>
+
+ * ext/openssl/pkey_dh.c: corrected documentation.
+ * test/openssl/utils.rb: add test key for DH.
+ * test/openssl/test_pkey_dh.rb: add tests.
+
Mon Jun 13 10:13:08 2011 Martin Bosslet <Martin.Bosslet@googlemail.com>
* ext/openssl/pkey_dh.c: clarify difference between DH#public_key and
diff --git a/ext/openssl/ossl_pkey_dh.c b/ext/openssl/ossl_pkey_dh.c
index 464f41b156d..d0faef51eba 100644
--- a/ext/openssl/ossl_pkey_dh.c
+++ b/ext/openssl/ossl_pkey_dh.c
@@ -137,9 +137,9 @@ ossl_dh_s_generate(int argc, VALUE *argv, VALUE klass)
*
* Either generates a DH instance from scratch or by reading already existing
* DH parameters from +string+. Note that when reading a DH instance from
- * data that was encoded from a DH#public_key DH instance the result
- * will *not* contain a public/private key pair yet. This needs to be
- * generated using DH#generate_key! first.
+ * data that was encoded from a DH instance by using DH#to_pem or DH#to_der
+ * the result will *not* contain a public/private key pair yet. This needs to
+ * be generated using DH#generate_key! first.
*
* === Parameters
* * +size+ is an integer representing the desired key size. Keys smaller than 1024 bits should be considered insecure.
@@ -150,9 +150,7 @@ ossl_dh_s_generate(int argc, VALUE *argv, VALUE klass)
* DH.new # -> dh
* DH.new(1024) # -> dh
* DH.new(1024, 5) # -> dh
- * #Reading a "private" DH key
- * DH.new(File.read('key.pem')) # -> dh
- * #Reading public DH parameters
+ * #Reading DH parameters
* dh = DH.new(File.read('parameters.pem')) # -> dh, but no public/private key yet
* dh.generate_key! # -> dh with public and private key
*/
@@ -237,7 +235,9 @@ ossl_dh_is_private(VALUE self)
* call-seq:
* dh.to_pem -> aString
*
- * Encodes this DH to its PEM encoding.
+ * Encodes this DH to its PEM encoding. Note that any existing per-session
+ * public/private keys will *not* get encoded, just the Diffie-Hellman
+ * parameters will be encoded.
*/
static VALUE
ossl_dh_export(VALUE self)
@@ -263,7 +263,10 @@ ossl_dh_export(VALUE self)
* call-seq:
* dh.to_der -> aString
*
- * Encodes this DH to its DER encoding.
+ * Encodes this DH to its DER encoding. Note that any existing per-session
+ * public/private keys will *not* get encoded, just the Diffie-Hellman
+ * parameters will be encoded.
+
*/
static VALUE
ossl_dh_to_der(VALUE self)
diff --git a/test/openssl/test_pkey_dh.rb b/test/openssl/test_pkey_dh.rb
new file mode 100644
index 00000000000..bcba400efe4
--- /dev/null
+++ b/test/openssl/test_pkey_dh.rb
@@ -0,0 +1,72 @@
+require_relative 'utils'
+
+if defined?(OpenSSL)
+
+class OpenSSL::TestPKeyDH < Test::Unit::TestCase
+ def test_new
+ dh = OpenSSL::PKey::DH.new(256)
+ assert_key(dh)
+ end
+
+ def test_to_der
+ dh = OpenSSL::PKey::DH.new(256)
+ der = dh.to_der
+ dh2 = OpenSSL::PKey::DH.new(der)
+ assert_equal_params(dh, dh2)
+ assert_no_key(dh2)
+ end
+
+ def test_to_pem
+ dh = OpenSSL::PKey::DH.new(256)
+ pem = dh.to_pem
+ dh2 = OpenSSL::PKey::DH.new(pem)
+ assert_equal_params(dh, dh2)
+ assert_no_key(dh2)
+ end
+
+ def test_public_key
+ dh = OpenSSL::PKey::DH.new(256)
+ public_key = dh.public_key
+ assert_no_key(public_key) #implies public_key.public? is false!
+ assert_equal(dh.to_der, public_key.to_der)
+ assert_equal(dh.to_pem, public_key.to_pem)
+ end
+
+ def test_generate_key
+ dh = OpenSSL::TestUtils::TEST_KEY_DH512.public_key # creates a copy
+ assert_no_key(dh)
+ dh.generate_key!
+ assert_key(dh)
+ end
+
+ def test_key_exchange
+ dh = OpenSSL::TestUtils::TEST_KEY_DH512
+ dh2 = dh.public_key
+ dh.generate_key!
+ dh2.generate_key!
+ assert_equal(dh.compute_key(dh2.pub_key), dh2.compute_key(dh.pub_key))
+ end
+
+ private
+
+ def assert_equal_params(dh1, dh2)
+ assert_equal(dh1.g, dh2.g)
+ assert_equal(dh1.p, dh2.p)
+ end
+
+ def assert_no_key(dh)
+ assert_equal(false, dh.public?)
+ assert_equal(false, dh.private?)
+ assert_equal(nil, dh.pub_key)
+ assert_equal(nil, dh.priv_key)
+ end
+
+ def assert_key(dh)
+ assert(dh.public?)
+ assert(dh.private?)
+ assert(dh.pub_key)
+ assert(dh.priv_key)
+ end
+end
+
+end
diff --git a/test/openssl/utils.rb b/test/openssl/utils.rb
index bb51f57c729..3f9662a8a59 100644
--- a/test/openssl/utils.rb
+++ b/test/openssl/utils.rb
@@ -88,6 +88,13 @@ CeBUl+MahZtn9fO1JKdF4qJmS39dXnpENg==
-----END EC PRIVATE KEY-----
_end_of_pem_
+ TEST_KEY_DH512 = OpenSSL::PKey::DH.new <<-_end_of_pem_
+-----BEGIN DH PARAMETERS-----
+MEYCQQDmWXGPqk76sKw/edIOdhAQD4XzjJ+AR/PTk2qzaGs+u4oND2yU5D2NN4wr
+aPgwHyJBiK1/ebK3tYcrSKrOoRyrAgEC
+-----END DH PARAMETERS-----
+ _end_of_pem_
+
module_function
def issue_cert(dn, key, serial, not_before, not_after, extensions,