1require_relative 'utils' 2require 'base64' 3 4if defined?(OpenSSL) 5 6class OpenSSL::TestPKeyDSA < Test::Unit::TestCase 7 def test_private 8 key = OpenSSL::PKey::DSA.new(256) 9 assert(key.private?) 10 key2 = OpenSSL::PKey::DSA.new(key.to_der) 11 assert(key2.private?) 12 key3 = key.public_key 13 assert(!key3.private?) 14 key4 = OpenSSL::PKey::DSA.new(key3.to_der) 15 assert(!key4.private?) 16 end 17 18 def test_new 19 key = OpenSSL::PKey::DSA.new 256 20 pem = key.public_key.to_pem 21 OpenSSL::PKey::DSA.new pem 22 assert_equal([], OpenSSL.errors) 23 end 24 25 def test_new_break 26 assert_nil(OpenSSL::PKey::DSA.new(512) { break }) 27 assert_raise(RuntimeError) do 28 OpenSSL::PKey::DSA.new(512) { raise } 29 end 30 end 31 32 def test_sys_sign_verify 33 key = OpenSSL::TestUtils::TEST_KEY_DSA256 34 data = 'Sign me!' 35 digest = OpenSSL::Digest::SHA1.digest(data) 36 sig = key.syssign(digest) 37 assert(key.sysverify(digest, sig)) 38 end 39 40 def test_sign_verify 41 check_sign_verify(OpenSSL::Digest::DSS1.new) 42 end 43 44if (OpenSSL::OPENSSL_VERSION_NUMBER > 0x10000000) 45 def test_sign_verify_sha1 46 check_sign_verify(OpenSSL::Digest::SHA1.new) 47 end 48 49 def test_sign_verify_sha256 50 check_sign_verify(OpenSSL::Digest::SHA256.new) 51 end 52end 53 54 def test_digest_state_irrelevant_verify 55 key = OpenSSL::TestUtils::TEST_KEY_DSA256 56 digest1 = OpenSSL::Digest::DSS1.new 57 digest2 = OpenSSL::Digest::DSS1.new 58 data = 'Sign me!' 59 sig = key.sign(digest1, data) 60 digest1.reset 61 digest1 << 'Change state of digest1' 62 assert(key.verify(digest1, sig, data)) 63 assert(key.verify(digest2, sig, data)) 64 end 65 66 def test_read_DSA_PUBKEY 67 p = 7188211954100152441468596248707152960171255279130004340103875772401008316444412091945435731597638374542374929457672178957081124632837356913990200866056699 68 q = 957032439192465935099784319494405376402293318491 69 g = 122928973717064636255205666162891733518376475981809749897454444301389338825906076467196186192907631719698166056821519884939865041993585844526937010746285 70 y = 1235756183583465414789073313502727057075641172514181938731172021825149551960029708596057102104063395063907739571546165975727369183495540798749742124846271 71 algo = OpenSSL::ASN1::ObjectId.new('DSA') 72 params = OpenSSL::ASN1::Sequence.new([OpenSSL::ASN1::Integer.new(p), 73 OpenSSL::ASN1::Integer.new(q), 74 OpenSSL::ASN1::Integer.new(g)]) 75 algo_id = OpenSSL::ASN1::Sequence.new ([algo, params]) 76 pub_key = OpenSSL::ASN1::Integer.new(y) 77 seq = OpenSSL::ASN1::Sequence.new([algo_id, OpenSSL::ASN1::BitString.new(pub_key.to_der)]) 78 key = OpenSSL::PKey::DSA.new(seq.to_der) 79 assert(key.public?) 80 assert(!key.private?) 81 assert_equal(p, key.p) 82 assert_equal(q, key.q) 83 assert_equal(g, key.g) 84 assert_equal(y, key.pub_key) 85 assert_equal(nil, key.priv_key) 86 assert_equal([], OpenSSL.errors) 87 end 88 89 def test_read_DSAPublicKey_pem 90 p = 12260055936871293565827712385212529106400444521449663325576634579961635627321079536132296996623400607469624537382977152381984332395192110731059176842635699 91 q = 979494906553787301107832405790107343409973851677 92 g = 3731695366899846297271147240305742456317979984190506040697507048095553842519347835107669437969086119948785140453492839427038591924536131566350847469993845 93 y = 10505239074982761504240823422422813362721498896040719759460296306305851824586095328615844661273887569281276387605297130014564808567159023649684010036304695 94 pem = <<-EOF 95-----BEGIN DSA PUBLIC KEY----- 96MIHfAkEAyJSJ+g+P/knVcgDwwTzC7Pwg/pWs2EMd/r+lYlXhNfzg0biuXRul8VR4 97VUC/phySExY0PdcqItkR/xYAYNMbNwJBAOoV57X0FxKO/PrNa/MkoWzkCKV/hzhE 98p0zbFdsicw+hIjJ7S6Sd/FlDlo89HQZ2FuvWJ6wGLM1j00r39+F2qbMCFQCrkhIX 99SG+is37hz1IaBeEudjB2HQJAR0AloavBvtsng8obsjLb7EKnB+pSeHr/BdIQ3VH7 100fWLOqqkzFeRrYMDzUpl36XktY6Yq8EJYlW9pCMmBVNy/dQ== 101-----END DSA PUBLIC KEY----- 102 EOF 103 key = OpenSSL::PKey::DSA.new(pem) 104 assert(key.public?) 105 assert(!key.private?) 106 assert_equal(p, key.p) 107 assert_equal(q, key.q) 108 assert_equal(g, key.g) 109 assert_equal(y, key.pub_key) 110 assert_equal(nil, key.priv_key) 111 assert_equal([], OpenSSL.errors) 112 end 113 114 def test_read_DSA_PUBKEY_pem 115 p = 12260055936871293565827712385212529106400444521449663325576634579961635627321079536132296996623400607469624537382977152381984332395192110731059176842635699 116 q = 979494906553787301107832405790107343409973851677 117 g = 3731695366899846297271147240305742456317979984190506040697507048095553842519347835107669437969086119948785140453492839427038591924536131566350847469993845 118 y = 10505239074982761504240823422422813362721498896040719759460296306305851824586095328615844661273887569281276387605297130014564808567159023649684010036304695 119 pem = <<-EOF 120-----BEGIN PUBLIC KEY----- 121MIHxMIGoBgcqhkjOOAQBMIGcAkEA6hXntfQXEo78+s1r8yShbOQIpX+HOESnTNsV 1222yJzD6EiMntLpJ38WUOWjz0dBnYW69YnrAYszWPTSvf34XapswIVAKuSEhdIb6Kz 123fuHPUhoF4S52MHYdAkBHQCWhq8G+2yeDyhuyMtvsQqcH6lJ4ev8F0hDdUft9Ys6q 124qTMV5GtgwPNSmXfpeS1jpirwQliVb2kIyYFU3L91A0QAAkEAyJSJ+g+P/knVcgDw 125wTzC7Pwg/pWs2EMd/r+lYlXhNfzg0biuXRul8VR4VUC/phySExY0PdcqItkR/xYA 126YNMbNw== 127-----END PUBLIC KEY----- 128 EOF 129 key = OpenSSL::PKey::DSA.new(pem) 130 assert(key.public?) 131 assert(!key.private?) 132 assert_equal(p, key.p) 133 assert_equal(q, key.q) 134 assert_equal(g, key.g) 135 assert_equal(y, key.pub_key) 136 assert_equal(nil, key.priv_key) 137 assert_equal([], OpenSSL.errors) 138 end 139 140 def test_export_format_is_DSA_PUBKEY_pem 141 key = OpenSSL::TestUtils::TEST_KEY_DSA256 142 pem = key.public_key.to_pem 143 pem.gsub!(/^-+(\w|\s)+-+$/, "") # eliminate --------BEGIN...------- 144 asn1 = OpenSSL::ASN1.decode(Base64.decode64(pem)) 145 assert_equal(OpenSSL::ASN1::SEQUENCE, asn1.tag) 146 assert_equal(2, asn1.value.size) 147 seq = asn1.value 148 assert_equal(OpenSSL::ASN1::SEQUENCE, seq[0].tag) 149 assert_equal(2, seq[0].value.size) 150 algo_id = seq[0].value 151 assert_equal(OpenSSL::ASN1::OBJECT, algo_id[0].tag) 152 assert_equal('DSA', algo_id[0].value) 153 assert_equal(OpenSSL::ASN1::SEQUENCE, algo_id[1].tag) 154 assert_equal(3, algo_id[1].value.size) 155 params = algo_id[1].value 156 assert_equal(OpenSSL::ASN1::INTEGER, params[0].tag) 157 assert_equal(key.p, params[0].value) 158 assert_equal(OpenSSL::ASN1::INTEGER, params[1].tag) 159 assert_equal(key.q, params[1].value) 160 assert_equal(OpenSSL::ASN1::INTEGER, params[2].tag) 161 assert_equal(key.g, params[2].value) 162 assert_equal(OpenSSL::ASN1::BIT_STRING, seq[1].tag) 163 assert_equal(0, seq[1].unused_bits) 164 pub_key = OpenSSL::ASN1.decode(seq[1].value) 165 assert_equal(OpenSSL::ASN1::INTEGER, pub_key.tag) 166 assert_equal(key.pub_key, pub_key.value) 167 assert_equal([], OpenSSL.errors) 168 end 169 170 def test_read_private_key_der 171 key = OpenSSL::TestUtils::TEST_KEY_DSA256 172 der = key.to_der 173 key2 = OpenSSL::PKey.read(der) 174 assert(key2.private?) 175 assert_equal(der, key2.to_der) 176 assert_equal([], OpenSSL.errors) 177 end 178 179 def test_read_private_key_pem 180 key = OpenSSL::TestUtils::TEST_KEY_DSA256 181 pem = key.to_pem 182 key2 = OpenSSL::PKey.read(pem) 183 assert(key2.private?) 184 assert_equal(pem, key2.to_pem) 185 assert_equal([], OpenSSL.errors) 186 end 187 188 def test_read_public_key_der 189 key = OpenSSL::TestUtils::TEST_KEY_DSA256.public_key 190 der = key.to_der 191 key2 = OpenSSL::PKey.read(der) 192 assert(!key2.private?) 193 assert_equal(der, key2.to_der) 194 assert_equal([], OpenSSL.errors) 195 end 196 197 def test_read_public_key_pem 198 key = OpenSSL::TestUtils::TEST_KEY_DSA256.public_key 199 pem = key.to_pem 200 key2 = OpenSSL::PKey.read(pem) 201 assert(!key2.private?) 202 assert_equal(pem, key2.to_pem) 203 assert_equal([], OpenSSL.errors) 204 end 205 206 def test_read_private_key_pem_pw 207 key = OpenSSL::TestUtils::TEST_KEY_DSA256 208 pem = key.to_pem(OpenSSL::Cipher.new('AES-128-CBC'), 'secret') 209 #callback form for password 210 key2 = OpenSSL::PKey.read(pem) do 211 'secret' 212 end 213 assert(key2.private?) 214 # pass password directly 215 key2 = OpenSSL::PKey.read(pem, 'secret') 216 assert(key2.private?) 217 #omit pem equality check, will be different due to cipher iv 218 assert_equal([], OpenSSL.errors) 219 end 220 221 def test_export_password_length 222 key = OpenSSL::TestUtils::TEST_KEY_DSA256 223 assert_raise(OpenSSL::OpenSSLError) do 224 key.export(OpenSSL::Cipher.new('AES-128-CBC'), 'sec') 225 end 226 pem = key.export(OpenSSL::Cipher.new('AES-128-CBC'), 'secr') 227 assert(pem) 228 end 229 230 private 231 232 def check_sign_verify(digest) 233 key = OpenSSL::TestUtils::TEST_KEY_DSA256 234 data = 'Sign me!' 235 sig = key.sign(digest, data) 236 assert(key.verify(digest, sig, data)) 237 end 238end 239 240end 241