1require_relative 'utils'
2require 'base64'
3
4if defined?(OpenSSL)
5
6class OpenSSL::TestPKeyDSA < Test::Unit::TestCase
7  def test_private
8    key = OpenSSL::PKey::DSA.new(256)
9    assert(key.private?)
10    key2 = OpenSSL::PKey::DSA.new(key.to_der)
11    assert(key2.private?)
12    key3 = key.public_key
13    assert(!key3.private?)
14    key4 = OpenSSL::PKey::DSA.new(key3.to_der)
15    assert(!key4.private?)
16  end
17
18  def test_new
19    key = OpenSSL::PKey::DSA.new 256
20    pem  = key.public_key.to_pem
21    OpenSSL::PKey::DSA.new pem
22    assert_equal([], OpenSSL.errors)
23  end
24
25  def test_new_break
26    assert_nil(OpenSSL::PKey::DSA.new(512) { break })
27    assert_raise(RuntimeError) do
28      OpenSSL::PKey::DSA.new(512) { raise }
29    end
30  end
31
32  def test_sys_sign_verify
33    key = OpenSSL::TestUtils::TEST_KEY_DSA256
34    data = 'Sign me!'
35    digest = OpenSSL::Digest::SHA1.digest(data)
36    sig = key.syssign(digest)
37    assert(key.sysverify(digest, sig))
38  end
39
40  def test_sign_verify
41    check_sign_verify(OpenSSL::Digest::DSS1.new)
42  end
43
44if (OpenSSL::OPENSSL_VERSION_NUMBER > 0x10000000)
45  def test_sign_verify_sha1
46    check_sign_verify(OpenSSL::Digest::SHA1.new)
47  end
48
49  def test_sign_verify_sha256
50    check_sign_verify(OpenSSL::Digest::SHA256.new)
51  end
52end
53
54  def test_digest_state_irrelevant_verify
55    key = OpenSSL::TestUtils::TEST_KEY_DSA256
56    digest1 = OpenSSL::Digest::DSS1.new
57    digest2 = OpenSSL::Digest::DSS1.new
58    data = 'Sign me!'
59    sig = key.sign(digest1, data)
60    digest1.reset
61    digest1 << 'Change state of digest1'
62    assert(key.verify(digest1, sig, data))
63    assert(key.verify(digest2, sig, data))
64  end
65
66  def test_read_DSA_PUBKEY
67    p = 7188211954100152441468596248707152960171255279130004340103875772401008316444412091945435731597638374542374929457672178957081124632837356913990200866056699
68    q = 957032439192465935099784319494405376402293318491
69    g = 122928973717064636255205666162891733518376475981809749897454444301389338825906076467196186192907631719698166056821519884939865041993585844526937010746285
70    y = 1235756183583465414789073313502727057075641172514181938731172021825149551960029708596057102104063395063907739571546165975727369183495540798749742124846271
71    algo = OpenSSL::ASN1::ObjectId.new('DSA')
72    params = OpenSSL::ASN1::Sequence.new([OpenSSL::ASN1::Integer.new(p),
73                                          OpenSSL::ASN1::Integer.new(q),
74                                          OpenSSL::ASN1::Integer.new(g)])
75    algo_id = OpenSSL::ASN1::Sequence.new ([algo, params])
76    pub_key = OpenSSL::ASN1::Integer.new(y)
77    seq = OpenSSL::ASN1::Sequence.new([algo_id, OpenSSL::ASN1::BitString.new(pub_key.to_der)])
78    key = OpenSSL::PKey::DSA.new(seq.to_der)
79    assert(key.public?)
80    assert(!key.private?)
81    assert_equal(p, key.p)
82    assert_equal(q, key.q)
83    assert_equal(g, key.g)
84    assert_equal(y, key.pub_key)
85    assert_equal(nil, key.priv_key)
86    assert_equal([], OpenSSL.errors)
87  end
88
89  def test_read_DSAPublicKey_pem
90    p = 12260055936871293565827712385212529106400444521449663325576634579961635627321079536132296996623400607469624537382977152381984332395192110731059176842635699
91    q = 979494906553787301107832405790107343409973851677
92    g = 3731695366899846297271147240305742456317979984190506040697507048095553842519347835107669437969086119948785140453492839427038591924536131566350847469993845
93    y = 10505239074982761504240823422422813362721498896040719759460296306305851824586095328615844661273887569281276387605297130014564808567159023649684010036304695
94    pem = <<-EOF
95-----BEGIN DSA PUBLIC KEY-----
96MIHfAkEAyJSJ+g+P/knVcgDwwTzC7Pwg/pWs2EMd/r+lYlXhNfzg0biuXRul8VR4
97VUC/phySExY0PdcqItkR/xYAYNMbNwJBAOoV57X0FxKO/PrNa/MkoWzkCKV/hzhE
98p0zbFdsicw+hIjJ7S6Sd/FlDlo89HQZ2FuvWJ6wGLM1j00r39+F2qbMCFQCrkhIX
99SG+is37hz1IaBeEudjB2HQJAR0AloavBvtsng8obsjLb7EKnB+pSeHr/BdIQ3VH7
100fWLOqqkzFeRrYMDzUpl36XktY6Yq8EJYlW9pCMmBVNy/dQ==
101-----END DSA PUBLIC KEY-----
102    EOF
103    key = OpenSSL::PKey::DSA.new(pem)
104    assert(key.public?)
105    assert(!key.private?)
106    assert_equal(p, key.p)
107    assert_equal(q, key.q)
108    assert_equal(g, key.g)
109    assert_equal(y, key.pub_key)
110    assert_equal(nil, key.priv_key)
111    assert_equal([], OpenSSL.errors)
112  end
113
114  def test_read_DSA_PUBKEY_pem
115    p = 12260055936871293565827712385212529106400444521449663325576634579961635627321079536132296996623400607469624537382977152381984332395192110731059176842635699
116    q = 979494906553787301107832405790107343409973851677
117    g = 3731695366899846297271147240305742456317979984190506040697507048095553842519347835107669437969086119948785140453492839427038591924536131566350847469993845
118    y = 10505239074982761504240823422422813362721498896040719759460296306305851824586095328615844661273887569281276387605297130014564808567159023649684010036304695
119    pem = <<-EOF
120-----BEGIN PUBLIC KEY-----
121MIHxMIGoBgcqhkjOOAQBMIGcAkEA6hXntfQXEo78+s1r8yShbOQIpX+HOESnTNsV
1222yJzD6EiMntLpJ38WUOWjz0dBnYW69YnrAYszWPTSvf34XapswIVAKuSEhdIb6Kz
123fuHPUhoF4S52MHYdAkBHQCWhq8G+2yeDyhuyMtvsQqcH6lJ4ev8F0hDdUft9Ys6q
124qTMV5GtgwPNSmXfpeS1jpirwQliVb2kIyYFU3L91A0QAAkEAyJSJ+g+P/knVcgDw
125wTzC7Pwg/pWs2EMd/r+lYlXhNfzg0biuXRul8VR4VUC/phySExY0PdcqItkR/xYA
126YNMbNw==
127-----END PUBLIC KEY-----
128    EOF
129    key = OpenSSL::PKey::DSA.new(pem)
130    assert(key.public?)
131    assert(!key.private?)
132    assert_equal(p, key.p)
133    assert_equal(q, key.q)
134    assert_equal(g, key.g)
135    assert_equal(y, key.pub_key)
136    assert_equal(nil, key.priv_key)
137    assert_equal([], OpenSSL.errors)
138  end
139
140  def test_export_format_is_DSA_PUBKEY_pem
141    key = OpenSSL::TestUtils::TEST_KEY_DSA256
142    pem = key.public_key.to_pem
143    pem.gsub!(/^-+(\w|\s)+-+$/, "") # eliminate --------BEGIN...-------
144    asn1 = OpenSSL::ASN1.decode(Base64.decode64(pem))
145    assert_equal(OpenSSL::ASN1::SEQUENCE, asn1.tag)
146    assert_equal(2, asn1.value.size)
147    seq = asn1.value
148    assert_equal(OpenSSL::ASN1::SEQUENCE, seq[0].tag)
149    assert_equal(2, seq[0].value.size)
150    algo_id = seq[0].value
151    assert_equal(OpenSSL::ASN1::OBJECT, algo_id[0].tag)
152    assert_equal('DSA', algo_id[0].value)
153    assert_equal(OpenSSL::ASN1::SEQUENCE, algo_id[1].tag)
154    assert_equal(3, algo_id[1].value.size)
155    params = algo_id[1].value
156    assert_equal(OpenSSL::ASN1::INTEGER, params[0].tag)
157    assert_equal(key.p, params[0].value)
158    assert_equal(OpenSSL::ASN1::INTEGER, params[1].tag)
159    assert_equal(key.q, params[1].value)
160    assert_equal(OpenSSL::ASN1::INTEGER, params[2].tag)
161    assert_equal(key.g, params[2].value)
162    assert_equal(OpenSSL::ASN1::BIT_STRING, seq[1].tag)
163    assert_equal(0, seq[1].unused_bits)
164    pub_key = OpenSSL::ASN1.decode(seq[1].value)
165    assert_equal(OpenSSL::ASN1::INTEGER, pub_key.tag)
166    assert_equal(key.pub_key, pub_key.value)
167    assert_equal([], OpenSSL.errors)
168  end
169
170  def test_read_private_key_der
171    key = OpenSSL::TestUtils::TEST_KEY_DSA256
172    der = key.to_der
173    key2 = OpenSSL::PKey.read(der)
174    assert(key2.private?)
175    assert_equal(der, key2.to_der)
176    assert_equal([], OpenSSL.errors)
177  end
178
179  def test_read_private_key_pem
180    key = OpenSSL::TestUtils::TEST_KEY_DSA256
181    pem = key.to_pem
182    key2 = OpenSSL::PKey.read(pem)
183    assert(key2.private?)
184    assert_equal(pem, key2.to_pem)
185    assert_equal([], OpenSSL.errors)
186  end
187
188  def test_read_public_key_der
189    key = OpenSSL::TestUtils::TEST_KEY_DSA256.public_key
190    der = key.to_der
191    key2 = OpenSSL::PKey.read(der)
192    assert(!key2.private?)
193    assert_equal(der, key2.to_der)
194    assert_equal([], OpenSSL.errors)
195  end
196
197  def test_read_public_key_pem
198    key = OpenSSL::TestUtils::TEST_KEY_DSA256.public_key
199    pem = key.to_pem
200    key2 = OpenSSL::PKey.read(pem)
201    assert(!key2.private?)
202    assert_equal(pem, key2.to_pem)
203    assert_equal([], OpenSSL.errors)
204  end
205
206  def test_read_private_key_pem_pw
207    key = OpenSSL::TestUtils::TEST_KEY_DSA256
208    pem = key.to_pem(OpenSSL::Cipher.new('AES-128-CBC'), 'secret')
209    #callback form for password
210    key2 = OpenSSL::PKey.read(pem) do
211      'secret'
212    end
213    assert(key2.private?)
214    # pass password directly
215    key2 = OpenSSL::PKey.read(pem, 'secret')
216    assert(key2.private?)
217    #omit pem equality check, will be different due to cipher iv
218    assert_equal([], OpenSSL.errors)
219  end
220
221  def test_export_password_length
222    key = OpenSSL::TestUtils::TEST_KEY_DSA256
223    assert_raise(OpenSSL::OpenSSLError) do
224      key.export(OpenSSL::Cipher.new('AES-128-CBC'), 'sec')
225    end
226    pem = key.export(OpenSSL::Cipher.new('AES-128-CBC'), 'secr')
227    assert(pem)
228  end
229
230  private
231
232  def check_sign_verify(digest)
233    key = OpenSSL::TestUtils::TEST_KEY_DSA256
234    data = 'Sign me!'
235    sig = key.sign(digest, data)
236    assert(key.verify(digest, sig, data))
237  end
238end
239
240end
241