test/test_pkey_*: refine sign/verify teststopic/test-static-test-vector

20a88ace0778 ("test: refactor PKey::PKey#{sign,verify} tests",
2016-07-07) was not a good idea in the sense of readability. So, let's
revert it. Also, static test vectors generated by BouncyCastle are added
to ensure #verify correctly accept valid signatures and reject invalid
signatures.

4 files changed, 56 insertions, 56 deletions

diff --git a/test/test_pkey.rb b/test/test_pkey.rb
deleted file mode 100644
index ba61fa26..00000000
--- a/test/test_pkey.rb
+++ /dev/null
@@ -1,56 +0,0 @@
-# frozen_string_literal: false
-require_relative "utils"
-
-if defined?(OpenSSL::TestUtils)
-
-class OpenSSL::TestPKey < OpenSSL::PKeyTestCase
-  PKEYS = {
-    OpenSSL::PKey::RSA => {
-      key: OpenSSL::TestUtils::TEST_KEY_RSA1024,
-      digest: OpenSSL::Digest::SHA1,
-    },
-    OpenSSL::PKey::DSA => {
-      key: OpenSSL::TestUtils::TEST_KEY_DSA512,
-      digest: OpenSSL::TestUtils::DSA_SIGNATURE_DIGEST,
-    },
-  }
-  if defined?(OpenSSL::PKey::EC)
-    PKEYS[OpenSSL::PKey::EC] = {
-      key: OpenSSL::TestUtils::TEST_KEY_EC_P256V1,
-      digest: OpenSSL::Digest::SHA1,
-    }
-  end
-
-  def test_sign_verify
-    data = "Sign me!"
-    invalid_data = "Sign me?"
-    PKEYS.each do |klass, prop|
-      key = prop[:key]
-      pub_key = dup_public(prop[:key])
-      digest = prop[:digest].new
-      signature = key.sign(digest, data)
-      assert_equal(true, pub_key.verify(digest, signature, data))
-      assert_equal(false, pub_key.verify(digest, signature, invalid_data))
-      # digest state is irrelevant
-      digest << "unya"
-      assert_equal(true, pub_key.verify(digest, signature, data))
-      assert_equal(false, pub_key.verify(digest, signature, invalid_data))
-
-      if OpenSSL::OPENSSL_VERSION_NUMBER > 0x10000000
-        digest = OpenSSL::Digest::SHA256.new
-        signature = key.sign(digest, data)
-        assert_equal(true, pub_key.verify(digest, signature, data))
-        assert_equal(false, pub_key.verify(digest, signature, invalid_data))
-      end
-    end
-  end
-
-  def test_verify_empty_rsa
-    rsa = OpenSSL::PKey::RSA.new
-    assert_raise(OpenSSL::PKey::PKeyError, "[Bug #12783]") {
-      rsa.verify("SHA1", "a", "b")
-    }
-  end
-end
-
-end
diff --git a/test/test_pkey_dsa.rb b/test/test_pkey_dsa.rb
index d0ba8ec0..a4ccd1d8 100644
--- a/test/test_pkey_dsa.rb
+++ b/test/test_pkey_dsa.rb
@@ -36,6 +36,26 @@ class OpenSSL::TestPKeyDSA < OpenSSL::PKeyTestCase
     end
   end
 
+  def test_sign_verify
+    data = "Sign me!"
+    if defined?(OpenSSL::Digest::DSS1)
+      signature = DSA512.sign(OpenSSL::Digest::DSS1.new, data)
+      assert_equal true, DSA512.verify(OpenSSL::Digest::DSS1.new, signature, data)
+    end
+
+    return if OpenSSL::OPENSSL_VERSION_NUMBER <= 0x010000000
+    signature = DSA512.sign("SHA1", data)
+    assert_equal true, DSA512.verify("SHA1", signature, data)
+
+    signature0 = (<<~'end;').unpack("m")[0]
+      MCwCFH5h40plgU5Fh0Z4wvEEpz0eE9SnAhRPbkRB8ggsN/vsSEYMXvJwjGg/
+      6g==
+    end;
+    assert_equal true, DSA512.verify("SHA256", signature0, data)
+    signature1 = signature0.succ
+    assert_equal false, DSA512.verify("SHA256", signature1, data)
+  end
+
   def test_sys_sign_verify
     key = OpenSSL::TestUtils::TEST_KEY_DSA256
     data = 'Sign me!'
diff --git a/test/test_pkey_ec.rb b/test/test_pkey_ec.rb
index 53aa5a10..dc205290 100644
--- a/test/test_pkey_ec.rb
+++ b/test/test_pkey_ec.rb
@@ -73,6 +73,20 @@ class OpenSSL::TestEC < OpenSSL::PKeyTestCase
     assert_raise(OpenSSL::PKey::ECError) { key2.check_key }
   end
 
+  def test_sign_verify
+    data = "Sign me!"
+    signature = P256.sign("SHA1", data)
+    assert_equal true, P256.verify("SHA1", signature, data)
+
+    signature0 = (<<~'end;').unpack("m")[0]
+      MEQCIEOTY/hD7eI8a0qlzxkIt8LLZ8uwiaSfVbjX2dPAvN11AiAQdCYx56Fq
+      QdBp1B4sxJoA8jvODMMklMyBKVmudboA6A==
+    end;
+    assert_equal true, P256.verify("SHA256", signature0, data)
+    signature1 = signature0.succ
+    assert_equal false, P256.verify("SHA256", signature1, data)
+  end
+
   def test_dsa_sign_verify
     data1 = "foo"
     data2 = "bar"
diff --git a/test/test_pkey_rsa.rb b/test/test_pkey_rsa.rb
index e211faa6..b24f1d55 100644
--- a/test/test_pkey_rsa.rb
+++ b/test/test_pkey_rsa.rb
@@ -70,6 +70,21 @@ class OpenSSL::TestPKeyRSA < OpenSSL::PKeyTestCase
     end
   end
 
+  def test_sign_verify
+    data = "Sign me!"
+    signature = RSA1024.sign("SHA1", data)
+    assert_equal true, RSA1024.verify("SHA1", signature, data)
+
+    signature0 = (<<~'end;').unpack("m")[0]
+      oLCgbprPvfhM4pjFQiDTFeWI9Sk+Og7Nh9TmIZ/xSxf2CGXQrptlwo7NQ28+
+      WA6YQo8jPH4hSuyWIM4Gz4qRYiYRkl5TDMUYob94zm8Si1HxEiS9354tzvqS
+      zS8MLW2BtNPuTubMxTItHGTnOzo9sUg0LAHVFt8kHG2NfKAw/gQ=
+    end;
+    assert_equal true, RSA1024.verify("SHA256", signature0, data)
+    signature1 = signature0.succ
+    assert_equal false, RSA1024.verify("SHA256", signature1, data)
+  end
+
   def test_digest_state_irrelevant_sign
     key = RSA1024
     digest1 = OpenSSL::Digest::SHA1.new
@@ -93,6 +108,13 @@ class OpenSSL::TestPKeyRSA < OpenSSL::PKeyTestCase
     assert(key.verify(digest2, sig, data))
   end
 
+  def test_verify_empty_rsa
+    rsa = OpenSSL::PKey::RSA.new
+    assert_raise(OpenSSL::PKey::PKeyError, "[Bug #12783]") {
+      rsa.verify("SHA1", "a", "b")
+    }
+  end
+
   def test_RSAPrivateKey
     asn1 = OpenSSL::ASN1::Sequence([
       OpenSSL::ASN1::Integer(0),