1require_relative 'utils' 2require 'base64' 3 4if defined?(OpenSSL) 5 6class OpenSSL::TestPKeyRSA < Test::Unit::TestCase 7 def test_padding 8 key = OpenSSL::PKey::RSA.new(512, 3) 9 10 # Need right size for raw mode 11 plain0 = "x" * (512/8) 12 cipher = key.private_encrypt(plain0, OpenSSL::PKey::RSA::NO_PADDING) 13 plain1 = key.public_decrypt(cipher, OpenSSL::PKey::RSA::NO_PADDING) 14 assert_equal(plain0, plain1) 15 16 # Need smaller size for pkcs1 mode 17 plain0 = "x" * (512/8 - 11) 18 cipher1 = key.private_encrypt(plain0, OpenSSL::PKey::RSA::PKCS1_PADDING) 19 plain1 = key.public_decrypt(cipher1, OpenSSL::PKey::RSA::PKCS1_PADDING) 20 assert_equal(plain0, plain1) 21 22 cipherdef = key.private_encrypt(plain0) # PKCS1_PADDING is default 23 plain1 = key.public_decrypt(cipherdef) 24 assert_equal(plain0, plain1) 25 assert_equal(cipher1, cipherdef) 26 27 # Failure cases 28 assert_raise(ArgumentError){ key.private_encrypt() } 29 assert_raise(ArgumentError){ key.private_encrypt("hi", 1, nil) } 30 assert_raise(OpenSSL::PKey::RSAError){ key.private_encrypt(plain0, 666) } 31 end 32 33 def test_private 34 key = OpenSSL::PKey::RSA.new(512, 3) 35 assert(key.private?) 36 key2 = OpenSSL::PKey::RSA.new(key.to_der) 37 assert(key2.private?) 38 key3 = key.public_key 39 assert(!key3.private?) 40 key4 = OpenSSL::PKey::RSA.new(key3.to_der) 41 assert(!key4.private?) 42 end 43 44 def test_new 45 key = OpenSSL::PKey::RSA.new 512 46 pem = key.public_key.to_pem 47 OpenSSL::PKey::RSA.new pem 48 assert_equal([], OpenSSL.errors) 49 end 50 51 def test_new_exponent_default 52 assert_equal(65537, OpenSSL::PKey::RSA.new(512).e) 53 end 54 55 def test_new_with_exponent 56 1.upto(30) do |idx| 57 e = (2 ** idx) + 1 58 key = OpenSSL::PKey::RSA.new(512, e) 59 assert_equal(e, key.e) 60 end 61 end 62 63 def test_new_break 64 assert_nil(OpenSSL::PKey::RSA.new(1024) { break }) 65 assert_raise(RuntimeError) do 66 OpenSSL::PKey::RSA.new(1024) { raise } 67 end 68 end 69 70 def test_sign_verify 71 key = OpenSSL::TestUtils::TEST_KEY_RSA1024 72 digest = OpenSSL::Digest::SHA1.new 73 data = 'Sign me!' 74 sig = key.sign(digest, data) 75 assert(key.verify(digest, sig, data)) 76 end 77 78 def test_sign_verify_memory_leak 79 bug9743 = '[ruby-core:62038] [Bug #9743]' 80 assert_no_memory_leak(%w[-ropenssl], <<-PREP, <<-CODE, bug9743, rss: true) 81 data = 'Sign me!' 82 digest = OpenSSL::Digest::SHA512.new 83 pkey = OpenSSL::PKey::RSA.new(2048) 84 signature = pkey.sign(digest, data) 85 pub_key = pkey.public_key 86 PREP 87 20_000.times { 88 pub_key.verify(digest, signature, data) 89 } 90 CODE 91 92 assert_no_memory_leak(%w[-ropenssl], <<-PREP, <<-CODE, bug9743, rss: true) 93 data = 'Sign me!' 94 digest = OpenSSL::Digest::SHA512.new 95 pkey = OpenSSL::PKey::RSA.new(2048) 96 signature = pkey.sign(digest, data) 97 pub_key = pkey.public_key 98 PREP 99 20_000.times { 100 begin 101 pub_key.verify(digest, signature, 1) 102 rescue TypeError 103 end 104 } 105 CODE 106 end 107 108 def test_digest_state_irrelevant_sign 109 key = OpenSSL::TestUtils::TEST_KEY_RSA1024 110 digest1 = OpenSSL::Digest::SHA1.new 111 digest2 = OpenSSL::Digest::SHA1.new 112 data = 'Sign me!' 113 digest1 << 'Change state of digest1' 114 sig1 = key.sign(digest1, data) 115 sig2 = key.sign(digest2, data) 116 assert_equal(sig1, sig2) 117 end 118 119 def test_digest_state_irrelevant_verify 120 key = OpenSSL::TestUtils::TEST_KEY_RSA1024 121 digest1 = OpenSSL::Digest::SHA1.new 122 digest2 = OpenSSL::Digest::SHA1.new 123 data = 'Sign me!' 124 sig = key.sign(digest1, data) 125 digest1.reset 126 digest1 << 'Change state of digest1' 127 assert(key.verify(digest1, sig, data)) 128 assert(key.verify(digest2, sig, data)) 129 end 130 131 def test_read_RSAPublicKey 132 modulus = 10664264882656732240315063514678024569492171560814833397008094754351396057398262071307709191731289492697968568138092052265293364132872019762410446076526351 133 exponent = 65537 134 seq = OpenSSL::ASN1::Sequence.new([OpenSSL::ASN1::Integer.new(modulus), OpenSSL::ASN1::Integer.new(exponent)]) 135 key = OpenSSL::PKey::RSA.new(seq.to_der) 136 assert(key.public?) 137 assert(!key.private?) 138 assert_equal(modulus, key.n) 139 assert_equal(exponent, key.e) 140 assert_equal(nil, key.d) 141 assert_equal(nil, key.p) 142 assert_equal(nil, key.q) 143 assert_equal([], OpenSSL.errors) 144 end 145 146 def test_read_RSA_PUBKEY 147 modulus = 10664264882656732240315063514678024569492171560814833397008094754351396057398262071307709191731289492697968568138092052265293364132872019762410446076526351 148 exponent = 65537 149 algo = OpenSSL::ASN1::ObjectId.new('rsaEncryption') 150 null_params = OpenSSL::ASN1::Null.new(nil) 151 algo_id = OpenSSL::ASN1::Sequence.new ([algo, null_params]) 152 pub_key = OpenSSL::ASN1::Sequence.new([OpenSSL::ASN1::Integer.new(modulus), OpenSSL::ASN1::Integer.new(exponent)]) 153 seq = OpenSSL::ASN1::Sequence.new([algo_id, OpenSSL::ASN1::BitString.new(pub_key.to_der)]) 154 key = OpenSSL::PKey::RSA.new(seq.to_der) 155 assert(key.public?) 156 assert(!key.private?) 157 assert_equal(modulus, key.n) 158 assert_equal(exponent, key.e) 159 assert_equal(nil, key.d) 160 assert_equal(nil, key.p) 161 assert_equal(nil, key.q) 162 assert_equal([], OpenSSL.errors) 163 end 164 165 def test_read_RSAPublicKey_pem 166 modulus = 9416340886363418692990906464787534854462163316648195510702927337693641649864839352187127240942127674615733815606532506566068276485089353644309497938966061 167 exponent = 65537 168 pem = <<-EOF 169-----BEGIN RSA PUBLIC KEY----- 170MEgCQQCzyh2RIZK62E2PbTWqUljD+K23XR9AGBKNtXjal6WD2yRGcLqzPJLNCa60 171AudJR1JobbIbDJrQu6AXnWh5k/YtAgMBAAE= 172-----END RSA PUBLIC KEY----- 173 EOF 174 key = OpenSSL::PKey::RSA.new(pem) 175 assert(key.public?) 176 assert(!key.private?) 177 assert_equal(modulus, key.n) 178 assert_equal(exponent, key.e) 179 assert_equal(nil, key.d) 180 assert_equal(nil, key.p) 181 assert_equal(nil, key.q) 182 assert_equal([], OpenSSL.errors) 183 end 184 185 def test_read_RSA_PUBKEY_pem 186 modulus = 9416340886363418692990906464787534854462163316648195510702927337693641649864839352187127240942127674615733815606532506566068276485089353644309497938966061 187 exponent = 65537 188 pem = <<-EOF 189-----BEGIN PUBLIC KEY----- 190MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALPKHZEhkrrYTY9tNapSWMP4rbdd 191H0AYEo21eNqXpYPbJEZwurM8ks0JrrQC50lHUmhtshsMmtC7oBedaHmT9i0C 192AwEAAQ== 193-----END PUBLIC KEY----- 194 EOF 195 key = OpenSSL::PKey::RSA.new(pem) 196 assert(key.public?) 197 assert(!key.private?) 198 assert_equal(modulus, key.n) 199 assert_equal(exponent, key.e) 200 assert_equal(nil, key.d) 201 assert_equal(nil, key.p) 202 assert_equal(nil, key.q) 203 assert_equal([], OpenSSL.errors) 204 end 205 206 def test_export_format_is_RSA_PUBKEY 207 key = OpenSSL::PKey::RSA.new(512) 208 asn1 = OpenSSL::ASN1.decode(key.public_key.to_der) 209 check_PUBKEY(asn1, key) 210 end 211 212 def test_export_format_is_RSA_PUBKEY_pem 213 key = OpenSSL::PKey::RSA.new(512) 214 pem = key.public_key.to_pem 215 pem.gsub!(/^-+(\w|\s)+-+$/, "") # eliminate --------BEGIN...------- 216 asn1 = OpenSSL::ASN1.decode(Base64.decode64(pem)) 217 check_PUBKEY(asn1, key) 218 end 219 220 def test_read_private_key_der 221 der = OpenSSL::TestUtils::TEST_KEY_RSA1024.to_der 222 key = OpenSSL::PKey.read(der) 223 assert(key.private?) 224 assert_equal(der, key.to_der) 225 assert_equal([], OpenSSL.errors) 226 end 227 228 def test_read_private_key_pem 229 pem = OpenSSL::TestUtils::TEST_KEY_RSA1024.to_pem 230 key = OpenSSL::PKey.read(pem) 231 assert(key.private?) 232 assert_equal(pem, key.to_pem) 233 assert_equal([], OpenSSL.errors) 234 end 235 236 def test_read_public_key_der 237 der = OpenSSL::TestUtils::TEST_KEY_RSA1024.public_key.to_der 238 key = OpenSSL::PKey.read(der) 239 assert(!key.private?) 240 assert_equal(der, key.to_der) 241 assert_equal([], OpenSSL.errors) 242 end 243 244 def test_read_public_key_pem 245 pem = OpenSSL::TestUtils::TEST_KEY_RSA1024.public_key.to_pem 246 key = OpenSSL::PKey.read(pem) 247 assert(!key.private?) 248 assert_equal(pem, key.to_pem) 249 assert_equal([], OpenSSL.errors) 250 end 251 252 def test_read_private_key_pem_pw 253 pem = OpenSSL::TestUtils::TEST_KEY_RSA1024.to_pem(OpenSSL::Cipher.new('AES-128-CBC'), 'secret') 254 #callback form for password 255 key = OpenSSL::PKey.read(pem) do 256 'secret' 257 end 258 assert(key.private?) 259 # pass password directly 260 key = OpenSSL::PKey.read(pem, 'secret') 261 assert(key.private?) 262 #omit pem equality check, will be different due to cipher iv 263 assert_equal([], OpenSSL.errors) 264 end 265 266 def test_read_private_key_pem_pw_exception 267 pem = OpenSSL::TestUtils::TEST_KEY_RSA1024.to_pem(OpenSSL::Cipher.new('AES-128-CBC'), 'secret') 268 # it raises an ArgumentError from PEM reading. The exception raised inside are ignored for now. 269 assert_raise(ArgumentError) do 270 OpenSSL::PKey.read(pem) do 271 raise RuntimeError 272 end 273 end 274 assert_equal([], OpenSSL.errors) 275 end 276 277 def test_export_password_length 278 key = OpenSSL::TestUtils::TEST_KEY_RSA1024 279 assert_raise(OpenSSL::OpenSSLError) do 280 key.export(OpenSSL::Cipher.new('AES-128-CBC'), 'sec') 281 end 282 pem = key.export(OpenSSL::Cipher.new('AES-128-CBC'), 'secr') 283 assert(pem) 284 end 285 286 private 287 288 def check_PUBKEY(asn1, key) 289 assert_equal(OpenSSL::ASN1::SEQUENCE, asn1.tag) 290 assert_equal(2, asn1.value.size) 291 seq = asn1.value 292 assert_equal(OpenSSL::ASN1::SEQUENCE, seq[0].tag) 293 assert_equal(2, seq[0].value.size) 294 algo_id = seq[0].value 295 assert_equal(OpenSSL::ASN1::OBJECT, algo_id[0].tag) 296 assert_equal('rsaEncryption', algo_id[0].value) 297 assert_equal(OpenSSL::ASN1::NULL, algo_id[1].tag) 298 assert_equal(nil, algo_id[1].value) 299 assert_equal(OpenSSL::ASN1::BIT_STRING, seq[1].tag) 300 assert_equal(0, seq[1].unused_bits) 301 pub_key = OpenSSL::ASN1.decode(seq[1].value) 302 assert_equal(OpenSSL::ASN1::SEQUENCE, pub_key.tag) 303 assert_equal(2, pub_key.value.size) 304 assert_equal(OpenSSL::ASN1::INTEGER, pub_key.value[0].tag) 305 assert_equal(key.n, pub_key.value[0].value) 306 assert_equal(OpenSSL::ASN1::INTEGER, pub_key.value[1].tag) 307 assert_equal(key.e, pub_key.value[1].value) 308 assert_equal([], OpenSSL.errors) 309 end 310 311end 312 313end 314