1 files changed, 88 insertions, 18 deletions

diff --git a/test/openssl/test_pkey.rb b/test/openssl/test_pkey.rb
index 4a539d8c46..aee0546f63 100644
--- a/test/openssl/test_pkey.rb
+++ b/test/openssl/test_pkey.rb
@@ -27,23 +27,24 @@ class OpenSSL::TestPKey < OpenSSL::PKeyTestCase
   end
 
   def test_s_generate_parameters
-    # 512 is non-default; 1024 is used if 'dsa_paramgen_bits' is not specified
-    # with OpenSSL 1.1.0.
-    pkey = OpenSSL::PKey.generate_parameters("DSA", {
-      "dsa_paramgen_bits" => 512,
-      "dsa_paramgen_q_bits" => 256,
+    pkey = OpenSSL::PKey.generate_parameters("EC", {
+      "ec_paramgen_curve" => "secp384r1",
     })
-    assert_instance_of OpenSSL::PKey::DSA, pkey
-    assert_equal 512, pkey.p.num_bits
-    assert_equal 256, pkey.q.num_bits
-    assert_equal nil, pkey.priv_key
+    assert_instance_of OpenSSL::PKey::EC, pkey
+    assert_equal "secp384r1", pkey.group.curve_name
+    assert_equal nil, pkey.private_key
 
     # Invalid options are checked
     assert_raise(OpenSSL::PKey::PKeyError) {
-      OpenSSL::PKey.generate_parameters("DSA", "invalid" => "option")
+      OpenSSL::PKey.generate_parameters("EC", "invalid" => "option")
     }
 
     # Parameter generation callback is called
+    if openssl?(3, 0, 0, 0) && !openssl?(3, 0, 0, 6)
+      # Errors in BN_GENCB were not properly handled. This special pend is to
+      # suppress failures on Ubuntu 22.04, which uses OpenSSL 3.0.2.
+      pend "unstable test on OpenSSL 3.0.[0-5]"
+    end
     cb_called = []
     assert_raise(RuntimeError) {
       OpenSSL::PKey.generate_parameters("DSA") { |*args|
@@ -59,14 +60,13 @@ class OpenSSL::TestPKey < OpenSSL::PKeyTestCase
       # DSA key pair cannot be generated without parameters
       OpenSSL::PKey.generate_key("DSA")
     }
-    pkey_params = OpenSSL::PKey.generate_parameters("DSA", {
-      "dsa_paramgen_bits" => 512,
-      "dsa_paramgen_q_bits" => 256,
+    pkey_params = OpenSSL::PKey.generate_parameters("EC", {
+      "ec_paramgen_curve" => "secp384r1",
     })
     pkey = OpenSSL::PKey.generate_key(pkey_params)
-    assert_instance_of OpenSSL::PKey::DSA, pkey
-    assert_equal 512, pkey.p.num_bits
-    assert_not_equal nil, pkey.priv_key
+    assert_instance_of OpenSSL::PKey::EC, pkey
+    assert_equal "secp384r1", pkey.group.curve_name
+    assert_not_equal nil, pkey.private_key
   end
 
   def test_hmac_sign_verify
@@ -82,6 +82,9 @@ class OpenSSL::TestPKey < OpenSSL::PKeyTestCase
   end
 
   def test_ed25519
+    # Ed25519 is not FIPS-approved.
+    omit_on_fips
+
     # Test vector from RFC 8032 Section 7.1 TEST 2
     priv_pem = <<~EOF
     -----BEGIN PRIVATE KEY-----
@@ -96,9 +99,11 @@ class OpenSSL::TestPKey < OpenSSL::PKeyTestCase
     begin
       priv = OpenSSL::PKey.read(priv_pem)
       pub = OpenSSL::PKey.read(pub_pem)
-    rescue OpenSSL::PKey::PKeyError
+    rescue OpenSSL::PKey::PKeyError => e
       # OpenSSL < 1.1.1
-      pend "Ed25519 is not implemented"
+      pend "Ed25519 is not implemented" unless openssl?(1, 1, 1)
+
+      raise e
     end
     assert_instance_of OpenSSL::PKey::PKey, priv
     assert_instance_of OpenSSL::PKey::PKey, pub
@@ -106,6 +111,19 @@ class OpenSSL::TestPKey < OpenSSL::PKeyTestCase
     assert_equal pub_pem, priv.public_to_pem
     assert_equal pub_pem, pub.public_to_pem
 
+    begin
+      assert_equal "4ccd089b28ff96da9db6c346ec114e0f5b8a319f35aba624da8cf6ed4fb8a6fb",
+        priv.raw_private_key.unpack1("H*")
+      assert_equal OpenSSL::PKey.new_raw_private_key("ED25519", priv.raw_private_key).private_to_pem,
+        priv.private_to_pem
+      assert_equal "3d4017c3e843895a92b70aa74d1b7ebc9c982ccf2ec4968cc0cd55f12af4660c",
+        priv.raw_public_key.unpack1("H*")
+      assert_equal OpenSSL::PKey.new_raw_public_key("ED25519", priv.raw_public_key).public_to_pem,
+        pub.public_to_pem
+    rescue NoMethodError
+      pend "running OpenSSL version does not have raw public key support"
+    end
+
     sig = [<<~EOF.gsub(/[^0-9a-f]/, "")].pack("H*")
     92a009a9f0d4cab8720e820b5f642540
     a2b27b5416503f8fb3762223ebdb69da
@@ -126,6 +144,32 @@ class OpenSSL::TestPKey < OpenSSL::PKeyTestCase
     assert_raise(OpenSSL::PKey::PKeyError) { priv.derive(pub) }
   end
 
+  def test_ed25519_not_approved_on_fips
+    omit_on_non_fips
+    # Ed25519 is technically allowed in the OpenSSL 3.0 code as a kind of bug.
+    # So, we need to omit OpenSSL 3.0.
+    #
+    # See OpenSSL providers/fips/fipsprov.c PROV_NAMES_ED25519 entries with
+    # FIPS_DEFAULT_PROPERTIES on openssl-3.0 branch and
+    # FIPS_UNAPPROVED_PROPERTIES on openssl-3.1 branch.
+    #
+    # See also
+    # https://github.com/openssl/openssl/issues/20758#issuecomment-1639658102
+    # for details.
+    unless openssl?(3, 1, 0, 0)
+      omit 'Ed25519 is allowed in the OpenSSL 3.0 FIPS code as a kind of bug'
+    end
+
+    priv_pem = <<~EOF
+    -----BEGIN PRIVATE KEY-----
+    MC4CAQAwBQYDK2VwBCIEIEzNCJso/5banbbDRuwRTg9bijGfNaumJNqM9u1PuKb7
+    -----END PRIVATE KEY-----
+    EOF
+    assert_raise(OpenSSL::PKey::PKeyError) do
+      OpenSSL::PKey.read(priv_pem)
+    end
+  end
+
   def test_x25519
     # Test vector from RFC 7748 Section 6.1
     alice_pem = <<~EOF
@@ -150,6 +194,32 @@ class OpenSSL::TestPKey < OpenSSL::PKeyTestCase
     assert_equal alice_pem, alice.private_to_pem
     assert_equal bob_pem, bob.public_to_pem
     assert_equal [shared_secret].pack("H*"), alice.derive(bob)
+    begin
+      alice_private = OpenSSL::PKey.new_raw_private_key("X25519", alice.raw_private_key)
+      bob_public = OpenSSL::PKey.new_raw_public_key("X25519", bob.raw_public_key)
+      alice_private_raw = alice.raw_private_key.unpack1("H*")
+      bob_public_raw = bob.raw_public_key.unpack1("H*")
+    rescue NoMethodError
+      # OpenSSL < 1.1.1
+      pend "running OpenSSL version does not have raw public key support"
+    end
+    assert_equal alice_private.private_to_pem,
+      alice.private_to_pem
+    assert_equal bob_public.public_to_pem,
+      bob.public_to_pem
+    assert_equal "77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a",
+      alice_private_raw
+    assert_equal "de9edb7d7b7dc1b4d35b61c2ece435373f8343c85b78674dadfc7e146f882b4f",
+      bob_public_raw
+  end
+
+  def raw_initialize
+    pend "Ed25519 is not implemented" unless openssl?(1, 1, 1) # >= v1.1.1
+
+    assert_raise(OpenSSL::PKey::PKeyError) { OpenSSL::PKey.new_raw_private_key("foo123", "xxx") }
+    assert_raise(OpenSSL::PKey::PKeyError) { OpenSSL::PKey.new_raw_private_key("ED25519", "xxx") }
+    assert_raise(OpenSSL::PKey::PKeyError) { OpenSSL::PKey.new_raw_public_key("foo123", "xxx") }
+    assert_raise(OpenSSL::PKey::PKeyError) { OpenSSL::PKey.new_raw_public_key("ED25519", "xxx") }
   end
 
   def test_compare?