1require_relative 'utils' 2 3if defined?(OpenSSL::PKey::EC) 4 5class OpenSSL::TestEC < Test::Unit::TestCase 6 def setup 7 @data1 = 'foo' 8 @data2 = 'bar' * 1000 # data too long for DSA sig 9 10 @groups = [] 11 @keys = [] 12 13 OpenSSL::PKey::EC.builtin_curves.each do |curve, comment| 14 next if curve.start_with?("Oakley") # Oakley curves are not suitable for ECDSA 15 group = OpenSSL::PKey::EC::Group.new(curve) 16 17 key = OpenSSL::PKey::EC.new(group) 18 key.generate_key 19 20 @groups << group 21 @keys << key 22 end 23 end 24 25 def compare_keys(k1, k2) 26 assert_equal(k1.to_pem, k2.to_pem) 27 end 28 29 def test_builtin_curves 30 assert(!OpenSSL::PKey::EC.builtin_curves.empty?) 31 end 32 33 def test_curve_names 34 @groups.each_with_index do |group, idx| 35 key = @keys[idx] 36 assert_equal(group.curve_name, key.group.curve_name) 37 end 38 end 39 40 def test_check_key 41 for key in @keys 42 assert_equal(key.check_key, true) 43 assert_equal(key.private_key?, true) 44 assert_equal(key.public_key?, true) 45 end 46 end 47 48 def test_group_encoding 49 for group in @groups 50 for meth in [:to_der, :to_pem] 51 txt = group.send(meth) 52 gr = OpenSSL::PKey::EC::Group.new(txt) 53 54 assert_equal(txt, gr.send(meth)) 55 56 assert_equal(group.generator.to_bn, gr.generator.to_bn) 57 assert_equal(group.cofactor, gr.cofactor) 58 assert_equal(group.order, gr.order) 59 assert_equal(group.seed, gr.seed) 60 assert_equal(group.degree, gr.degree) 61 end 62 end 63 end 64 65 def test_key_encoding 66 for key in @keys 67 group = key.group 68 69 for meth in [:to_der, :to_pem] 70 txt = key.send(meth) 71 assert_equal(txt, OpenSSL::PKey::EC.new(txt).send(meth)) 72 end 73 74 bn = key.public_key.to_bn 75 assert_equal(bn, OpenSSL::PKey::EC::Point.new(group, bn).to_bn) 76 end 77 end 78 79 def test_set_keys 80 for key in @keys 81 k = OpenSSL::PKey::EC.new 82 k.group = key.group 83 k.private_key = key.private_key 84 k.public_key = key.public_key 85 86 compare_keys(key, k) 87 end 88 end 89 90 def test_dsa_sign_verify 91 for key in @keys 92 sig = key.dsa_sign_asn1(@data1) 93 assert(key.dsa_verify_asn1(@data1, sig)) 94 end 95 end 96 97 def test_dsa_sign_asn1_FIPS186_3 98 for key in @keys 99 size = key.group.order.num_bits / 8 + 1 100 dgst = (1..size).to_a.pack('C*') 101 begin 102 sig = key.dsa_sign_asn1(dgst) 103 # dgst is auto-truncated according to FIPS186-3 after openssl-0.9.8m 104 assert(key.dsa_verify_asn1(dgst + "garbage", sig)) 105 rescue OpenSSL::PKey::ECError => e 106 # just an exception for longer dgst before openssl-0.9.8m 107 assert_equal('ECDSA_sign: data too large for key size', e.message) 108 # no need to do following tests 109 return 110 end 111 end 112 end 113 114 def test_dh_compute_key 115 for key in @keys 116 k = OpenSSL::PKey::EC.new(key.group) 117 k.generate_key 118 119 puba = key.public_key 120 pubb = k.public_key 121 a = key.dh_compute_key(pubb) 122 b = k.dh_compute_key(puba) 123 assert_equal(a, b) 124 end 125 end 126 127 def test_read_private_key_der 128 ec = OpenSSL::TestUtils::TEST_KEY_EC_P256V1 129 der = ec.to_der 130 ec2 = OpenSSL::PKey.read(der) 131 assert(ec2.private_key?) 132 assert_equal(der, ec2.to_der) 133 assert_equal([], OpenSSL.errors) 134 end 135 136 def test_read_private_key_pem 137 ec = OpenSSL::TestUtils::TEST_KEY_EC_P256V1 138 pem = ec.to_pem 139 ec2 = OpenSSL::PKey.read(pem) 140 assert(ec2.private_key?) 141 assert_equal(pem, ec2.to_pem) 142 assert_equal([], OpenSSL.errors) 143 end 144 145 def test_read_public_key_der 146 ec = OpenSSL::TestUtils::TEST_KEY_EC_P256V1 147 ec2 = OpenSSL::PKey::EC.new(ec.group) 148 ec2.public_key = ec.public_key 149 der = ec2.to_der 150 ec3 = OpenSSL::PKey.read(der) 151 assert(!ec3.private_key?) 152 assert_equal(der, ec3.to_der) 153 assert_equal([], OpenSSL.errors) 154 end 155 156 def test_read_public_key_pem 157 ec = OpenSSL::TestUtils::TEST_KEY_EC_P256V1 158 ec2 = OpenSSL::PKey::EC.new(ec.group) 159 ec2.public_key = ec.public_key 160 pem = ec2.to_pem 161 ec3 = OpenSSL::PKey.read(pem) 162 assert(!ec3.private_key?) 163 assert_equal(pem, ec3.to_pem) 164 assert_equal([], OpenSSL.errors) 165 end 166 167 def test_read_private_key_pem_pw 168 ec = OpenSSL::TestUtils::TEST_KEY_EC_P256V1 169 pem = ec.to_pem(OpenSSL::Cipher.new('AES-128-CBC'), 'secret') 170 #callback form for password 171 ec2 = OpenSSL::PKey.read(pem) do 172 'secret' 173 end 174 assert(ec2.private_key?) 175 # pass password directly 176 ec2 = OpenSSL::PKey.read(pem, 'secret') 177 assert(ec2.private_key?) 178 #omit pem equality check, will be different due to cipher iv 179 assert_equal([], OpenSSL.errors) 180 end 181 182 def test_export_password_length 183 key = OpenSSL::TestUtils::TEST_KEY_EC_P256V1 184 assert_raise(OpenSSL::OpenSSLError) do 185 key.export(OpenSSL::Cipher.new('AES-128-CBC'), 'sec') 186 end 187 pem = key.export(OpenSSL::Cipher.new('AES-128-CBC'), 'secr') 188 assert(pem) 189 end 190 191 def test_ec_point_mul 192 ec = OpenSSL::TestUtils::TEST_KEY_EC_P256V1 193 p1 = ec.public_key 194 bn1 = OpenSSL::BN.new('10') 195 bn2 = OpenSSL::BN.new('20') 196 197 p2 = p1.mul(bn1) 198 assert(p1.group == p2.group) 199 p2 = p1.mul(bn1, bn2) 200 assert(p1.group == p2.group) 201 p2 = p1.mul([bn1, bn2], [p1]) 202 assert(p1.group == p2.group) 203 p2 = p1.mul([bn1, bn2], [p1], bn2) 204 assert(p1.group == p2.group) 205 end 206 207# test Group: asn1_flag, point_conversion 208 209end 210 211end 212