test/openssl/test_digest.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152

# frozen_string_literal: true
require_relative 'utils'

if defined?(OpenSSL)

class OpenSSL::TestDigest < OpenSSL::TestCase
  def setup
    super
    @d1 = OpenSSL::Digest.new("MD5")
    @d2 = OpenSSL::Digest::MD5.new
  end

  def test_initialize
    assert_raise(OpenSSL::Digest::DigestError) {
      OpenSSL::Digest.new("no such algorithm")
    }
  end

  def test_digest
    null_hex = "d41d8cd98f00b204e9800998ecf8427e"
    null_bin = [null_hex].pack("H*")
    data = "DATA"
    hex = "e44f9e348e41cb272efa87387728571b"
    bin = [hex].pack("H*")
    assert_equal(null_bin, @d1.digest)
    assert_equal(null_hex, @d1.hexdigest)
    @d1 << data
    assert_equal(bin, @d1.digest)
    assert_equal(hex, @d1.hexdigest)
    assert_equal(bin, OpenSSL::Digest.digest('MD5', data))
    assert_equal(hex, OpenSSL::Digest.hexdigest('MD5', data))
  end

  def test_eql
    assert(@d1 == @d2, "==")
    d = @d1.clone
    assert(d == @d1, "clone")
  end

  def test_info
    assert_equal("MD5", @d1.name, "name")
    assert_equal("MD5", @d2.name, "name")
    assert_equal(16, @d1.size, "size")
  end

  def test_dup
    @d1.update("DATA")
    assert_equal(@d1.name, @d1.dup.name, "dup")
    assert_equal(@d1.name, @d1.clone.name, "clone")
    assert_equal(@d1.digest, @d1.clone.digest, "clone .digest")
  end

  def test_reset
    @d1.update("DATA")
    dig1 = @d1.digest
    @d1.reset
    @d1.update("DATA")
    dig2 = @d1.digest
    assert_equal(dig1, dig2, "reset")
  end

  def test_digest_constants
    %w{MD5 SHA1 SHA224 SHA256 SHA384 SHA512}.each do |name|
      assert_not_nil(OpenSSL::Digest.new(name))
      klass = OpenSSL::Digest.const_get(name.tr('-', '_'))
      assert_not_nil(klass.new)
    end
  end

  def test_digest_by_oid_and_name
    # SHA256
    o1 = OpenSSL::Digest.digest("SHA256", "")
    o2 = OpenSSL::Digest.digest("sha256", "")
    assert_equal(o1, o2)
    o3 = OpenSSL::Digest.digest("2.16.840.1.101.3.4.2.1", "")
    assert_equal(o1, o3)

    # An alias for SHA256 recognized by EVP_get_digestbyname(), but not by
    # EVP_MD_fetch()
    o4 = OpenSSL::Digest.digest("RSA-SHA256", "")
    assert_equal(o1, o4)
  end

  def encode16(str)
    str.unpack1("H*")
  end

  def test_sha2
    sha224_a = "abd37534c7d9a2efb9465de931cd7055ffdb8879563ae98078d6d6d5"
    sha256_a = "ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb"
    sha384_a = "54a59b9f22b0b80880d8427e548b7c23abd873486e1f035dce9cd697e85175033caa88e6d57bc35efae0b5afd3145f31"
    sha512_a = "1f40fc92da241694750979ee6cf582f2d5d7d28e18335de05abc54d0560e0f5302860c652bf08d560252aa5e74210546f369fbbbce8c12cfc7957b2652fe9a75"

    assert_equal(sha224_a, OpenSSL::Digest.hexdigest('SHA224', "a"))
    assert_equal(sha256_a, OpenSSL::Digest.hexdigest('SHA256', "a"))
    assert_equal(sha384_a, OpenSSL::Digest.hexdigest('SHA384', "a"))
    assert_equal(sha512_a, OpenSSL::Digest.hexdigest('SHA512', "a"))

    assert_equal(sha224_a, encode16(OpenSSL::Digest.digest('SHA224', "a")))
    assert_equal(sha256_a, encode16(OpenSSL::Digest.digest('SHA256', "a")))
    assert_equal(sha384_a, encode16(OpenSSL::Digest.digest('SHA384', "a")))
    assert_equal(sha512_a, encode16(OpenSSL::Digest.digest('SHA512', "a")))
  end

  def test_sha512_truncate
    sha512_224_a = "d5cdb9ccc769a5121d4175f2bfdd13d6310e0d3d361ea75d82108327"
    sha512_256_a = "455e518824bc0601f9fb858ff5c37d417d67c2f8e0df2babe4808858aea830f8"

    assert_equal(sha512_224_a, OpenSSL::Digest.hexdigest('SHA512-224', "a"))
    assert_equal(sha512_256_a, OpenSSL::Digest.hexdigest('SHA512-256', "a"))

    assert_equal(sha512_224_a, encode16(OpenSSL::Digest.digest('SHA512-224', "a")))
    assert_equal(sha512_256_a, encode16(OpenSSL::Digest.digest('SHA512-256', "a")))
  end

  def test_sha3
    s224 = '6b4e03423667dbb73b6e15454f0eb1abd4597f9a1b078e3f5b5a6bc7'
    s256 = 'a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a'
    s384 = '0c63a75b845e4f7d01107d852e4c2485c51a50aaaa94fc61995e71bbee983a2ac3713831264adb47fb6bd1e058d5f004'
    s512 = 'a69f73cca23a9ac5c8b567dc185a756e97c982164fe25859e0d1dcc1475c80a615b2123af1f5f94c11e3e9402c3ac558f500199d95b6d3e301758586281dcd26'
    assert_equal(s224, OpenSSL::Digest.hexdigest('SHA3-224', ""))
    assert_equal(s256, OpenSSL::Digest.hexdigest('SHA3-256', ""))
    assert_equal(s384, OpenSSL::Digest.hexdigest('SHA3-384', ""))
    assert_equal(s512, OpenSSL::Digest.hexdigest('SHA3-512', ""))
  end

  def test_fetched_evp_md
    # Pre-NIST Keccak is an example of a digest algorithm that doesn't have an
    # NID and requires dynamic allocation of EVP_MD
    hex = "c5d2460186f7233c927e7db2dcc703c0e500b653ca82273b7bfad8045d85a470"
    assert_equal(hex, OpenSSL::Digest.hexdigest("KECCAK-256", ""))
  end if openssl?(3, 2, 0)

  def test_openssl_digest
    assert_equal OpenSSL::Digest::MD5, OpenSSL::Digest("MD5")

    assert_raise NameError do
      OpenSSL::Digest("no such digest")
    end
  end

  def test_digests
    digests = OpenSSL::Digest.digests
    assert_kind_of Array, digests
    assert_include digests, "md5"
    assert_include digests, "sha1"
    assert_include digests, "sha256"
    assert_include digests, "sha512"
  end
end

end