diff options
| author | Kazuki Yamaguchi <k@rhe.jp> | 2016-08-12 16:11:56 +0900 |
|---|---|---|
| committer | Kazuki Yamaguchi <k@rhe.jp> | 2016-08-18 01:58:40 +0900 |
| commit | 12e12e1070b7447e228163062fa81e127f69e750 (patch) | |
| tree | b6a9b30c7db8ec12b3eda7f7365054b4409da1ab /test | |
| parent | feb8c261ad0ac6b4e85df48246681fe81cd8ece8 (diff) | |
| download | ruby-openssl-12e12e1070b7447e228163062fa81e127f69e750.tar.gz | |
test/test_pkey_ec: stop iterating all curves
It takes much time. All curves should work in the same way so we don't
need it. Also improve test coverage.
Diffstat (limited to 'test')
| -rw-r--r-- | test/test_pkey_ec.rb | 267 |
1 files changed, 134 insertions, 133 deletions
diff --git a/test/test_pkey_ec.rb b/test/test_pkey_ec.rb index bf2985a0..da72aafa 100644 --- a/test/test_pkey_ec.rb +++ b/test/test_pkey_ec.rb @@ -4,63 +4,43 @@ require_relative 'utils' if defined?(OpenSSL::TestUtils) && defined?(OpenSSL::PKey::EC) class OpenSSL::TestEC < OpenSSL::TestCase - def setup - @data1 = 'foo' - @data2 = 'bar' * 1000 # data too long for DSA sig + def test_ec_key + builtin_curves = OpenSSL::PKey::EC.builtin_curves + assert_not_empty builtin_curves - @groups = [] - @keys = [] + builtin_curves.each do |curve_name, comment| + # Oakley curves and X25519 are not suitable for signing and causes + # FIPS-selftest failure on some environment, so skip for now. + next if ["Oakley", "X25519"].any? { |n| curve_name.start_with?(n) } - OpenSSL::PKey::EC.builtin_curves.each do |curve, comment| - group = OpenSSL::PKey::EC::Group.new(curve) - - # Oakley curves and X25519 are not suitable for signing - next if ["Oakley", "X25519"].any? { |n| curve.start_with?(n) } - - key = OpenSSL::PKey::EC.new(group) + key = OpenSSL::PKey::EC.new(curve_name) key.generate_key! - @groups << group - @keys << key + assert_predicate key, :private? + assert_predicate key, :public? + assert_nothing_raised { key.check_key } end - end - def test_dup - key = OpenSSL::PKey::EC.new("prime256v1") - key.generate_key! - key2 = key.dup - assert_equal key.to_der, key2.to_der - key_tmp = OpenSSL::PKey::EC.new("prime256v1").generate_key! - key2.private_key = key_tmp.private_key - key2.public_key = key_tmp.public_key - assert_not_equal key.to_der, key2.to_der - - group = key.group - group2 = group.dup - assert_equal group.to_der, group2.to_der - group2.asn1_flag ^= OpenSSL::PKey::EC::NAMED_CURVE - assert_not_equal group.to_der, group2.to_der + key1 = OpenSSL::PKey::EC.new("prime256v1").generate_key! - point = key.public_key - point2 = point.dup - assert_equal point.to_bn, point2.to_bn - point2.invert! - assert_not_equal point.to_bn, point2.to_bn - end + key2 = OpenSSL::PKey::EC.new + key2.group = key1.group + key2.private_key = key1.private_key + key2.public_key = key1.public_key + assert_equal key1.to_der, key2.to_der - def compare_keys(k1, k2) - assert_equal(k1.to_pem, k2.to_pem) - end + key3 = OpenSSL::PKey::EC.new(key1) + assert_equal key1.to_der, key3.to_der - def test_builtin_curves - assert(!OpenSSL::PKey::EC.builtin_curves.empty?) - end + key4 = OpenSSL::PKey::EC.new(key1.to_der) + assert_equal key1.to_der, key4.to_der - def test_curve_names - @groups.each_with_index do |group, idx| - key = @keys[idx] - assert_equal(group.curve_name, key.group.curve_name) - end + key5 = key1.dup + assert_equal key1.to_der, key5.to_der + key_tmp = OpenSSL::PKey::EC.new("prime256v1").generate_key! + key5.private_key = key_tmp.private_key + key5.public_key = key_tmp.public_key + assert_not_equal key1.to_der, key5.to_der end def test_generate @@ -73,102 +53,58 @@ class OpenSSL::TestEC < OpenSSL::TestCase end def test_check_key - for key in @keys - assert_equal(true, key.check_key) - assert_equal(true, key.private?) - assert_equal(true, key.public?) - key2 = OpenSSL::PKey::EC.new(key.group) - assert_equal(false, key2.private?) - assert_equal(false, key2.public?) - key2.public_key = key.public_key - assert_equal(false, key2.private?) - assert_equal(true, key2.public?) - key2.private_key = key.private_key - assert_equal(true, key2.private?) - assert_equal(true, key2.public?) - assert_equal(true, key2.check_key) - key2.private_key += 1 - assert_raise(OpenSSL::PKey::ECError) { key2.check_key } - end - end - - def test_group_encoding - for group in @groups - for meth in [:to_der, :to_pem] - txt = group.send(meth) - gr = OpenSSL::PKey::EC::Group.new(txt) - - assert_equal(txt, gr.send(meth)) - - assert_equal(group.generator.to_bn, gr.generator.to_bn) - assert_equal(group.cofactor, gr.cofactor) - assert_equal(group.order, gr.order) - assert_equal(group.seed, gr.seed) - assert_equal(group.degree, gr.degree) - end - end - end - - def test_key_encoding - for key in @keys - group = key.group - - for meth in [:to_der, :to_pem] - txt = key.send(meth) - assert_equal(txt, OpenSSL::PKey::EC.new(txt).send(meth)) - end - - bn = key.public_key.to_bn - assert_equal(bn, OpenSSL::PKey::EC::Point.new(group, bn).to_bn) - end - end - - def test_set_keys - for key in @keys - k = OpenSSL::PKey::EC.new - k.group = key.group - k.private_key = key.private_key - k.public_key = key.public_key - - compare_keys(key, k) - end + key = OpenSSL::PKey::EC.new("prime256v1").generate_key! + assert_equal(true, key.check_key) + assert_equal(true, key.private?) + assert_equal(true, key.public?) + key2 = OpenSSL::PKey::EC.new(key.group) + assert_equal(false, key2.private?) + assert_equal(false, key2.public?) + key2.public_key = key.public_key + assert_equal(false, key2.private?) + assert_equal(true, key2.public?) + key2.private_key = key.private_key + assert_equal(true, key2.private?) + assert_equal(true, key2.public?) + assert_equal(true, key2.check_key) + key2.private_key += 1 + assert_raise(OpenSSL::PKey::ECError) { key2.check_key } end def test_dsa_sign_verify - for key in @keys - sig = key.dsa_sign_asn1(@data1) - assert(key.dsa_verify_asn1(@data1, sig)) - end + data1 = "foo" + data2 = "bar" + key = OpenSSL::PKey::EC.new("prime256v1").generate_key! + sig = key.dsa_sign_asn1(data1) + assert_equal true, key.dsa_verify_asn1(data1, sig) + assert_equal false, key.dsa_verify_asn1(data2, sig) end def test_dsa_sign_asn1_FIPS186_3 - for key in @keys - size = key.group.order.num_bits / 8 + 1 - dgst = (1..size).to_a.pack('C*') - begin - sig = key.dsa_sign_asn1(dgst) - # dgst is auto-truncated according to FIPS186-3 after openssl-0.9.8m - assert(key.dsa_verify_asn1(dgst + "garbage", sig)) - rescue OpenSSL::PKey::ECError => e - # just an exception for longer dgst before openssl-0.9.8m - assert_equal('ECDSA_sign: data too large for key size', e.message) - # no need to do following tests - return - end + key = OpenSSL::PKey::EC.new("prime256v1").generate_key! + size = key.group.order.num_bits / 8 + 1 + dgst = (1..size).to_a.pack('C*') + begin + sig = key.dsa_sign_asn1(dgst) + # dgst is auto-truncated according to FIPS186-3 after openssl-0.9.8m + assert(key.dsa_verify_asn1(dgst + "garbage", sig)) + rescue OpenSSL::PKey::ECError => e + # just an exception for longer dgst before openssl-0.9.8m + assert_equal('ECDSA_sign: data too large for key size', e.message) + # no need to do following tests + return end end def test_dh_compute_key - for key in @keys - k = OpenSSL::PKey::EC.new(key.group) - k.generate_key! - - puba = key.public_key - pubb = k.public_key - a = key.dh_compute_key(pubb) - b = k.dh_compute_key(puba) - assert_equal(a, b) - end + key_a = OpenSSL::PKey::EC.new("prime256v1").generate_key! + key_b = OpenSSL::PKey::EC.new(key_a.group).generate_key! + + pub_a = key_a.public_key + pub_b = key_b.public_key + a = key_a.dh_compute_key(pub_b) + b = key_b.dh_compute_key(pub_a) + assert_equal a, b end def test_read_private_key_der @@ -242,6 +178,71 @@ class OpenSSL::TestEC < OpenSSL::TestCase assert(key3.private_key?) end + def test_ec_group + group1 = OpenSSL::PKey::EC::Group.new("prime256v1") + key1 = OpenSSL::PKey::EC.new(group1) + assert_equal group1, key1.group + + group2 = OpenSSL::PKey::EC::Group.new(group1) + assert_equal group1.to_der, group2.to_der + assert_equal group1, group2 + group2.asn1_flag ^=OpenSSL::PKey::EC::NAMED_CURVE + assert_not_equal group1.to_der, group2.to_der + assert_equal group1, group2 + + group3 = group1.dup + assert_equal group1.to_der, group3.to_der + + assert group1.asn1_flag & OpenSSL::PKey::EC::NAMED_CURVE # our default + der = group1.to_der + group4 = OpenSSL::PKey::EC::Group.new(der) + group1.point_conversion_form = group4.point_conversion_form = :uncompressed + assert_equal :uncompressed, group1.point_conversion_form + assert_equal :uncompressed, group4.point_conversion_form + assert_equal group1, group4 + assert_equal group1.curve_name, group4.curve_name + assert_equal group1.generator.to_bn, group4.generator.to_bn + assert_equal group1.order, group4.order + assert_equal group1.cofactor, group4.cofactor + assert_equal group1.seed, group4.seed + assert_equal group1.degree, group4.degree + end + + def test_ec_point + group = OpenSSL::PKey::EC::Group.new("prime256v1") + key = OpenSSL::PKey::EC.new(group).generate_key! + point = key.public_key + + point2 = OpenSSL::PKey::EC::Point.new(group, point.to_bn) + assert_equal point, point2 + assert_equal point.to_bn, point2.to_bn + point2.invert! + assert_not_equal point.to_bn, point2.to_bn + + begin + group = OpenSSL::PKey::EC::Group.new(:GFp, 17, 2, 2) + group.point_conversion_form = :uncompressed + generator = OpenSSL::PKey::EC::Point.new(group, 0x040501.to_bn) + group.set_generator(generator, 19, 1) + point = OpenSSL::PKey::EC::Point.new(group, 0x040603.to_bn) + rescue OpenSSL::PKey::EC::Group::Error + pend "Patched OpenSSL rejected curve" if /unsupported field/ =~ $!.message + raise + end + + assert_equal 0x040603.to_bn, point.to_bn + assert_equal true, point.on_curve? + point.invert! # 8.5 + assert_equal 0x04060E.to_bn, point.to_bn + assert_equal true, point.on_curve? + + assert_equal false, point.infinity? + point.set_to_infinity! + assert_equal true, point.infinity? + assert_equal 0.to_bn, point.to_bn + assert_equal true, point.on_curve? + end + def test_ec_point_mul begin # y^2 = x^3 + 2x + 2 over F_17 |