summaryrefslogtreecommitdiff
path: root/test/openssl/test_pkey_dsa.rb
diff options
context:
space:
mode:
Diffstat (limited to 'test/openssl/test_pkey_dsa.rb')
-rw-r--r--test/openssl/test_pkey_dsa.rb74
1 files changed, 57 insertions, 17 deletions
diff --git a/test/openssl/test_pkey_dsa.rb b/test/openssl/test_pkey_dsa.rb
index 147e50176b..4c93f2869d 100644
--- a/test/openssl/test_pkey_dsa.rb
+++ b/test/openssl/test_pkey_dsa.rb
@@ -28,28 +28,55 @@ class OpenSSL::TestPKeyDSA < OpenSSL::PKeyTestCase
end
end
+ def test_generate
+ # DSA.generate used to call DSA_generate_parameters_ex(), which adjusts the
+ # size of q according to the size of p
+ key2048 = OpenSSL::PKey::DSA.generate(2048)
+ assert_equal 2048, key2048.p.num_bits
+ assert_equal 256, key2048.q.num_bits
+
+ if ENV["OSSL_TEST_ALL"] == "1" # slow
+ key3072 = OpenSSL::PKey::DSA.generate(3072)
+ assert_equal 3072, key3072.p.num_bits
+ assert_equal 256, key3072.q.num_bits
+ end
+ end
+
+ def test_generate_on_non_fips
+ # DSA with 1024 bits is invalid on FIPS 186-4.
+ # https://github.com/openssl/openssl/commit/49ed5ba8f62875074f04417189147fd3dda072ab
+ omit_on_fips
+
+ key1024 = OpenSSL::PKey::DSA.generate(1024)
+ assert_predicate key1024, :private?
+ assert_equal 1024, key1024.p.num_bits
+ assert_equal 160, key1024.q.num_bits
+ end
+
def test_sign_verify
- dsa512 = Fixtures.pkey("dsa512")
+ # The DSA valid size is 2048 or 3072 on FIPS.
+ # https://github.com/openssl/openssl/blob/7649b5548e5c0352b91d9d3ed695e42a2ac1e99c/providers/common/securitycheck.c#L185-L188
+ dsa = Fixtures.pkey("dsa2048")
data = "Sign me!"
if defined?(OpenSSL::Digest::DSS1)
- signature = dsa512.sign(OpenSSL::Digest.new('DSS1'), data)
- assert_equal true, dsa512.verify(OpenSSL::Digest.new('DSS1'), signature, data)
+ signature = dsa.sign(OpenSSL::Digest.new('DSS1'), data)
+ assert_equal true, dsa.verify(OpenSSL::Digest.new('DSS1'), signature, data)
end
- signature = dsa512.sign("SHA1", data)
- assert_equal true, dsa512.verify("SHA1", signature, data)
+ signature = dsa.sign("SHA256", data)
+ assert_equal true, dsa.verify("SHA256", signature, data)
- signature0 = (<<~'end;').unpack("m")[0]
- MCwCFH5h40plgU5Fh0Z4wvEEpz0eE9SnAhRPbkRB8ggsN/vsSEYMXvJwjGg/
- 6g==
+ signature0 = (<<~'end;').unpack1("m")
+ MD4CHQC0zmRkVOAHJTm28fS5PVUv+4LtBeNaKqr/yfmVAh0AsTcLqofWHoW8X5oWu8AOvngOcFVZ
+ cLTvhY3XNw==
end;
- assert_equal true, dsa512.verify("SHA256", signature0, data)
+ assert_equal true, dsa.verify("SHA256", signature0, data)
signature1 = signature0.succ
- assert_equal false, dsa512.verify("SHA256", signature1, data)
+ assert_equal false, dsa.verify("SHA256", signature1, data)
end
def test_sign_verify_raw
- key = Fixtures.pkey("dsa512")
+ key = Fixtures.pkey("dsa2048")
data = 'Sign me!'
digest = OpenSSL::Digest.digest('SHA1', data)
@@ -108,6 +135,8 @@ class OpenSSL::TestPKeyDSA < OpenSSL::PKeyTestCase
end
def test_DSAPrivateKey_encrypted
+ omit_on_fips
+
# key = abcdef
dsa512 = Fixtures.pkey("dsa512")
pem = <<~EOF
@@ -138,6 +167,8 @@ class OpenSSL::TestPKeyDSA < OpenSSL::PKeyTestCase
def test_PUBKEY
dsa512 = Fixtures.pkey("dsa512")
+ dsa512pub = OpenSSL::PKey::DSA.new(dsa512.public_to_der)
+
asn1 = OpenSSL::ASN1::Sequence([
OpenSSL::ASN1::Sequence([
OpenSSL::ASN1::ObjectId("DSA"),
@@ -153,7 +184,7 @@ class OpenSSL::TestPKeyDSA < OpenSSL::PKeyTestCase
])
key = OpenSSL::PKey::DSA.new(asn1.to_der)
assert_not_predicate key, :private?
- assert_same_dsa dup_public(dsa512), key
+ assert_same_dsa dsa512pub, key
pem = <<~EOF
-----BEGIN PUBLIC KEY-----
@@ -166,10 +197,15 @@ class OpenSSL::TestPKeyDSA < OpenSSL::PKeyTestCase
-----END PUBLIC KEY-----
EOF
key = OpenSSL::PKey::DSA.new(pem)
- assert_same_dsa dup_public(dsa512), key
+ assert_same_dsa dsa512pub, key
- assert_equal asn1.to_der, dup_public(dsa512).to_der
- assert_equal pem, dup_public(dsa512).export
+ assert_equal asn1.to_der, key.to_der
+ assert_equal pem, key.export
+
+ assert_equal asn1.to_der, dsa512.public_to_der
+ assert_equal asn1.to_der, key.public_to_der
+ assert_equal pem, dsa512.public_to_pem
+ assert_equal pem, key.public_to_pem
end
def test_read_DSAPublicKey_pem
@@ -201,8 +237,12 @@ fWLOqqkzFeRrYMDzUpl36XktY6Yq8EJYlW9pCMmBVNy/dQ==
key = Fixtures.pkey("dsa1024")
key2 = key.dup
assert_equal key.params, key2.params
- key2.set_pqg(key2.p + 1, key2.q, key2.g)
- assert_not_equal key.params, key2.params
+
+ # PKey is immutable in OpenSSL >= 3.0
+ if !openssl?(3, 0, 0)
+ key2.set_pqg(key2.p + 1, key2.q, key2.g)
+ assert_not_equal key.params, key2.params
+ end
end
def test_marshal