diff options
Diffstat (limited to 'test/openssl/test_pkey_rsa.rb')
-rw-r--r-- | test/openssl/test_pkey_rsa.rb | 149 |
1 files changed, 93 insertions, 56 deletions
diff --git a/test/openssl/test_pkey_rsa.rb b/test/openssl/test_pkey_rsa.rb index 5e127f5407..61c55c60b2 100644 --- a/test/openssl/test_pkey_rsa.rb +++ b/test/openssl/test_pkey_rsa.rb @@ -11,7 +11,7 @@ class OpenSSL::TestPKeyRSA < OpenSSL::PKeyTestCase key.set_factors(rsa.p, rsa.q) assert_raise(OpenSSL::PKey::RSAError){ key.private_encrypt("foo") } assert_raise(OpenSSL::PKey::RSAError){ key.private_decrypt("foo") } - end + end if !openssl?(3, 0, 0) # Impossible state in OpenSSL 3.0 def test_private # Generated by key size and public exponent @@ -31,15 +31,18 @@ class OpenSSL::TestPKeyRSA < OpenSSL::PKeyTestCase assert(!key4.private?) rsa1024 = Fixtures.pkey("rsa1024") - # Generated by RSA#set_key - key5 = OpenSSL::PKey::RSA.new - key5.set_key(rsa1024.n, rsa1024.e, rsa1024.d) - assert(key5.private?) - - # Generated by RSA#set_key, without d - key6 = OpenSSL::PKey::RSA.new - key6.set_key(rsa1024.n, rsa1024.e, nil) - assert(!key6.private?) + if !openssl?(3, 0, 0) + key = OpenSSL::PKey::RSA.new + # Generated by RSA#set_key + key5 = OpenSSL::PKey::RSA.new + key5.set_key(rsa1024.n, rsa1024.e, rsa1024.d) + assert(key5.private?) + + # Generated by RSA#set_key, without d + key6 = OpenSSL::PKey::RSA.new + key6.set_key(rsa1024.n, rsa1024.e, nil) + assert(!key6.private?) + end end def test_new @@ -77,10 +80,10 @@ class OpenSSL::TestPKeyRSA < OpenSSL::PKeyTestCase def test_sign_verify rsa1024 = Fixtures.pkey("rsa1024") data = "Sign me!" - signature = rsa1024.sign("SHA1", data) - assert_equal true, rsa1024.verify("SHA1", signature, data) + signature = rsa1024.sign("SHA256", data) + assert_equal true, rsa1024.verify("SHA256", signature, data) - signature0 = (<<~'end;').unpack("m")[0] + signature0 = (<<~'end;').unpack1("m") oLCgbprPvfhM4pjFQiDTFeWI9Sk+Og7Nh9TmIZ/xSxf2CGXQrptlwo7NQ28+ WA6YQo8jPH4hSuyWIM4Gz4qRYiYRkl5TDMUYob94zm8Si1HxEiS9354tzvqS zS8MLW2BtNPuTubMxTItHGTnOzo9sUg0LAHVFt8kHG2NfKAw/gQ= @@ -105,15 +108,20 @@ class OpenSSL::TestPKeyRSA < OpenSSL::PKeyTestCase salt_length: 20, mgf1_hash: "SHA1") # Defaults to PKCS #1 v1.5 padding => verification failure assert_equal false, key.verify("SHA256", sig_pss, data) + + # option type check + assert_raise_with_message(TypeError, /expected Hash/) { + key.sign("SHA256", data, ["x"]) + } end def test_sign_verify_raw key = Fixtures.pkey("rsa-1") data = "Sign me!" - hash = OpenSSL::Digest.digest("SHA1", data) - signature = key.sign_raw("SHA1", hash) - assert_equal true, key.verify_raw("SHA1", signature, hash) - assert_equal true, key.verify("SHA1", signature, data) + hash = OpenSSL::Digest.digest("SHA256", data) + signature = key.sign_raw("SHA256", hash) + assert_equal true, key.verify_raw("SHA256", signature, hash) + assert_equal true, key.verify("SHA256", signature, data) # Too long data assert_raise(OpenSSL::PKey::PKeyError) { @@ -126,9 +134,9 @@ class OpenSSL::TestPKeyRSA < OpenSSL::PKeyTestCase "rsa_pss_saltlen" => 20, "rsa_mgf1_md" => "SHA256" } - sig_pss = key.sign_raw("SHA1", hash, pssopts) - assert_equal true, key.verify("SHA1", sig_pss, data, pssopts) - assert_equal true, key.verify_raw("SHA1", sig_pss, hash, pssopts) + sig_pss = key.sign_raw("SHA256", hash, pssopts) + assert_equal true, key.verify("SHA256", sig_pss, data, pssopts) + assert_equal true, key.verify_raw("SHA256", sig_pss, hash, pssopts) end def test_sign_verify_raw_legacy @@ -201,7 +209,7 @@ class OpenSSL::TestPKeyRSA < OpenSSL::PKeyTestCase def test_encrypt_decrypt rsapriv = Fixtures.pkey("rsa-1") - rsapub = dup_public(rsapriv) + rsapub = OpenSSL::PKey.read(rsapriv.public_to_der) # Defaults to PKCS #1 v1.5 raw = "data" @@ -216,7 +224,7 @@ class OpenSSL::TestPKeyRSA < OpenSSL::PKeyTestCase def test_encrypt_decrypt_legacy rsapriv = Fixtures.pkey("rsa-1") - rsapub = dup_public(rsapriv) + rsapub = OpenSSL::PKey.read(rsapriv.public_to_der) # Defaults to PKCS #1 v1.5 raw = "data" @@ -235,36 +243,52 @@ class OpenSSL::TestPKeyRSA < OpenSSL::PKeyTestCase def test_export rsa1024 = Fixtures.pkey("rsa1024") - key = OpenSSL::PKey::RSA.new - # key has only n, e and d - key.set_key(rsa1024.n, rsa1024.e, rsa1024.d) - assert_equal rsa1024.public_key.export, key.export + pub = OpenSSL::PKey.read(rsa1024.public_to_der) + assert_not_equal rsa1024.export, pub.export + assert_equal rsa1024.public_to_pem, pub.export + + # PKey is immutable in OpenSSL >= 3.0 + if !openssl?(3, 0, 0) + key = OpenSSL::PKey::RSA.new + + # key has only n, e and d + key.set_key(rsa1024.n, rsa1024.e, rsa1024.d) + assert_equal rsa1024.public_key.export, key.export - # key has only n, e, d, p and q - key.set_factors(rsa1024.p, rsa1024.q) - assert_equal rsa1024.public_key.export, key.export + # key has only n, e, d, p and q + key.set_factors(rsa1024.p, rsa1024.q) + assert_equal rsa1024.public_key.export, key.export - # key has n, e, d, p, q, dmp1, dmq1 and iqmp - key.set_crt_params(rsa1024.dmp1, rsa1024.dmq1, rsa1024.iqmp) - assert_equal rsa1024.export, key.export + # key has n, e, d, p, q, dmp1, dmq1 and iqmp + key.set_crt_params(rsa1024.dmp1, rsa1024.dmq1, rsa1024.iqmp) + assert_equal rsa1024.export, key.export + end end def test_to_der rsa1024 = Fixtures.pkey("rsa1024") - key = OpenSSL::PKey::RSA.new - # key has only n, e and d - key.set_key(rsa1024.n, rsa1024.e, rsa1024.d) - assert_equal rsa1024.public_key.to_der, key.to_der + pub = OpenSSL::PKey.read(rsa1024.public_to_der) + assert_not_equal rsa1024.to_der, pub.to_der + assert_equal rsa1024.public_to_der, pub.to_der + + # PKey is immutable in OpenSSL >= 3.0 + if !openssl?(3, 0, 0) + key = OpenSSL::PKey::RSA.new - # key has only n, e, d, p and q - key.set_factors(rsa1024.p, rsa1024.q) - assert_equal rsa1024.public_key.to_der, key.to_der + # key has only n, e and d + key.set_key(rsa1024.n, rsa1024.e, rsa1024.d) + assert_equal rsa1024.public_key.to_der, key.to_der - # key has n, e, d, p, q, dmp1, dmq1 and iqmp - key.set_crt_params(rsa1024.dmp1, rsa1024.dmq1, rsa1024.iqmp) - assert_equal rsa1024.to_der, key.to_der + # key has only n, e, d, p and q + key.set_factors(rsa1024.p, rsa1024.q) + assert_equal rsa1024.public_key.to_der, key.to_der + + # key has n, e, d, p, q, dmp1, dmq1 and iqmp + key.set_crt_params(rsa1024.dmp1, rsa1024.dmq1, rsa1024.iqmp) + assert_equal rsa1024.to_der, key.to_der + end end def test_RSAPrivateKey @@ -306,6 +330,12 @@ class OpenSSL::TestPKeyRSA < OpenSSL::PKeyTestCase assert_equal asn1.to_der, rsa1024.to_der assert_equal pem, rsa1024.export + + # Unknown PEM prepended + cert = issue_cert(OpenSSL::X509::Name.new([["CN", "nobody"]]), rsa1024, 1, [], nil, nil) + str = cert.to_text + cert.to_pem + rsa1024.to_pem + key = OpenSSL::PKey::RSA.new(str) + assert_same_rsa rsa1024, key end def test_RSAPrivateKey_encrypted @@ -346,13 +376,15 @@ class OpenSSL::TestPKeyRSA < OpenSSL::PKeyTestCase def test_RSAPublicKey rsa1024 = Fixtures.pkey("rsa1024") + rsa1024pub = OpenSSL::PKey::RSA.new(rsa1024.public_to_der) + asn1 = OpenSSL::ASN1::Sequence([ OpenSSL::ASN1::Integer(rsa1024.n), OpenSSL::ASN1::Integer(rsa1024.e) ]) key = OpenSSL::PKey::RSA.new(asn1.to_der) assert_not_predicate key, :private? - assert_same_rsa dup_public(rsa1024), key + assert_same_rsa rsa1024pub, key pem = <<~EOF -----BEGIN RSA PUBLIC KEY----- @@ -362,11 +394,13 @@ class OpenSSL::TestPKeyRSA < OpenSSL::PKeyTestCase -----END RSA PUBLIC KEY----- EOF key = OpenSSL::PKey::RSA.new(pem) - assert_same_rsa dup_public(rsa1024), key + assert_same_rsa rsa1024pub, key end def test_PUBKEY rsa1024 = Fixtures.pkey("rsa1024") + rsa1024pub = OpenSSL::PKey::RSA.new(rsa1024.public_to_der) + asn1 = OpenSSL::ASN1::Sequence([ OpenSSL::ASN1::Sequence([ OpenSSL::ASN1::ObjectId("rsaEncryption"), @@ -381,7 +415,7 @@ class OpenSSL::TestPKeyRSA < OpenSSL::PKeyTestCase ]) key = OpenSSL::PKey::RSA.new(asn1.to_der) assert_not_predicate key, :private? - assert_same_rsa dup_public(rsa1024), key + assert_same_rsa rsa1024pub, key pem = <<~EOF -----BEGIN PUBLIC KEY----- @@ -392,10 +426,15 @@ class OpenSSL::TestPKeyRSA < OpenSSL::PKeyTestCase -----END PUBLIC KEY----- EOF key = OpenSSL::PKey::RSA.new(pem) - assert_same_rsa dup_public(rsa1024), key + assert_same_rsa rsa1024pub, key - assert_equal asn1.to_der, dup_public(rsa1024).to_der - assert_equal pem, dup_public(rsa1024).export + assert_equal asn1.to_der, key.to_der + assert_equal pem, key.export + + assert_equal asn1.to_der, rsa1024.public_to_der + assert_equal asn1.to_der, key.public_to_der + assert_equal pem, rsa1024.public_to_pem + assert_equal pem, key.public_to_pem end def test_pem_passwd @@ -482,18 +521,16 @@ class OpenSSL::TestPKeyRSA < OpenSSL::PKeyTestCase assert_same_rsa rsa1024, OpenSSL::PKey.read(pem, "abcdef") end - def test_public_encoding - rsa1024 = Fixtures.pkey("rsa1024") - assert_equal dup_public(rsa1024).to_der, rsa1024.public_to_der - assert_equal dup_public(rsa1024).to_pem, rsa1024.public_to_pem - end - def test_dup key = Fixtures.pkey("rsa1024") key2 = key.dup assert_equal key.params, key2.params - key2.set_key(key2.n, 3, key2.d) - assert_not_equal key.params, key2.params + + # PKey is immutable in OpenSSL >= 3.0 + if !openssl?(3, 0, 0) + key2.set_key(key2.n, 3, key2.d) + assert_not_equal key.params, key2.params + end end def test_marshal |