diff options
Diffstat (limited to 'test/test_cipher.rb')
| -rw-r--r-- | test/test_cipher.rb | 90 |
1 files changed, 79 insertions, 11 deletions
diff --git a/test/test_cipher.rb b/test/test_cipher.rb index ec14f46..74c5394 100644 --- a/test/test_cipher.rb +++ b/test/test_cipher.rb @@ -5,16 +5,12 @@ if defined?(OpenSSL::TestUtils) class OpenSSL::TestCipher < OpenSSL::TestCase + @ciphers = OpenSSL::Cipher.ciphers + class << self def has_cipher?(name) - ciphers = OpenSSL::Cipher.ciphers - # redefine method so we can use the cached ciphers value from the closure - # and need not recompute the list each time - define_singleton_method :has_cipher? do |name| - ciphers.include?(name) - end - has_cipher?(name) + @ciphers.include?(name) end def has_ciphers?(list) @@ -24,7 +20,7 @@ class OpenSSL::TestCipher < OpenSSL::TestCase end def setup - @c1 = OpenSSL::Cipher::Cipher.new("DES-EDE3-CBC") + @c1 = OpenSSL::Cipher.new("DES-EDE3-CBC") @c2 = OpenSSL::Cipher::DES.new(:EDE3, "CBC") @key = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" @iv = "\0\0\0\0\0\0\0\0" @@ -118,10 +114,9 @@ class OpenSSL::TestCipher < OpenSSL::TestCase OpenSSL::Cipher.ciphers.each{|name| next if /netbsd/ =~ RUBY_PLATFORM && /idea|rc5/i =~ name begin - assert_kind_of(OpenSSL::Cipher::Cipher, OpenSSL::Cipher::Cipher.new(name)) + assert_kind_of(OpenSSL::Cipher, OpenSSL::Cipher.new(name)) rescue OpenSSL::Cipher::CipherError => e - next if /wrap/ =~ name and e.message == 'wrap mode not allowed' - raise + raise unless /wrap/ =~ name and /wrap mode not allowed/ =~ e.message end } end @@ -247,8 +242,81 @@ class OpenSSL::TestCipher < OpenSSL::TestCase end end + def test_aes_gcm_variable_iv_len + pt = "You should all use Authenticated Encryption!" + cipher = OpenSSL::Cipher.new("aes-128-gcm").encrypt + cipher.key = "x" * 16 + assert_equal(12, cipher.iv_len) + cipher.iv = "a" * 12 + ct1 = cipher.update(pt) << cipher.final + tag1 = cipher.auth_tag + + cipher = OpenSSL::Cipher.new("aes-128-gcm").encrypt + cipher.key = "x" * 16 + cipher.iv_len = 10 + assert_equal(10, cipher.iv_len) + cipher.iv = "a" * 10 + ct2 = cipher.update(pt) << cipher.final + tag2 = cipher.auth_tag + + assert_not_equal ct1, ct2 + assert_not_equal tag1, tag2 + + decipher = OpenSSL::Cipher.new("aes-128-gcm").decrypt + decipher.auth_tag = tag1 + decipher.key = "x" * 16 + decipher.iv_len = 12 + decipher.iv = "a" * 12 + assert_equal(pt, decipher.update(ct1) << decipher.final) + + decipher.reset + decipher.auth_tag = tag2 + assert_raise(OpenSSL::Cipher::CipherError) { + decipher.update(ct2) << decipher.final + } + + decipher.reset + decipher.auth_tag = tag2 + decipher.iv_len = 10 + decipher.iv = "a" * 10 + assert_equal(pt, decipher.update(ct2) << decipher.final) + end + end + def test_aes_ocb_tag_len + pt = "You should all use Authenticated Encryption!" + cipher = OpenSSL::Cipher.new("aes-128-ocb").encrypt + cipher.auth_tag_len = 14 + cipher.iv_len = 8 + key = cipher.random_key + iv = cipher.random_iv + cipher.auth_data = "aad" + ct = cipher.update(pt) + cipher.final + tag = cipher.auth_tag + assert_equal(14, tag.size) + + decipher = OpenSSL::Cipher.new("aes-128-ocb").decrypt + decipher.auth_tag_len = 14 + decipher.auth_tag = tag + decipher.iv_len = 8 + decipher.key = key + decipher.iv = iv + decipher.auth_data = "aad" + assert_equal(pt, decipher.update(ct) + decipher.final) + + decipher = OpenSSL::Cipher.new("aes-128-ocb").decrypt + decipher.auth_tag_len = 9 + decipher.auth_tag = tag[0, 9] + decipher.iv_len = 8 + decipher.key = key + decipher.iv = iv + decipher.auth_data = "aad" + assert_raise(OpenSSL::Cipher::CipherError) { + decipher.update(ct) + decipher.final + } + end if has_cipher?("aes-128-ocb") + private def new_encryptor(algo) |