From a9ef251697602d6ab419094ed64654c6cd7c17ac Mon Sep 17 00:00:00 2001 From: Kazuki Yamaguchi Date: Sun, 16 Oct 2016 14:48:51 +0900 Subject: test/test_pkey_*: refine sign/verify tests 20a88ace0778 ("test: refactor PKey::PKey#{sign,verify} tests", 2016-07-07) was not a good idea in the sense of readability. So, let's revert it. Also, static test vectors generated by BouncyCastle are added to ensure #verify correctly accept valid signatures and reject invalid signatures. --- test/test_pkey.rb | 56 --------------------------------------------------- test/test_pkey_dsa.rb | 20 ++++++++++++++++++ test/test_pkey_ec.rb | 14 +++++++++++++ test/test_pkey_rsa.rb | 22 ++++++++++++++++++++ 4 files changed, 56 insertions(+), 56 deletions(-) delete mode 100644 test/test_pkey.rb (limited to 'test') diff --git a/test/test_pkey.rb b/test/test_pkey.rb deleted file mode 100644 index ba61fa26..00000000 --- a/test/test_pkey.rb +++ /dev/null @@ -1,56 +0,0 @@ -# frozen_string_literal: false -require_relative "utils" - -if defined?(OpenSSL::TestUtils) - -class OpenSSL::TestPKey < OpenSSL::PKeyTestCase - PKEYS = { - OpenSSL::PKey::RSA => { - key: OpenSSL::TestUtils::TEST_KEY_RSA1024, - digest: OpenSSL::Digest::SHA1, - }, - OpenSSL::PKey::DSA => { - key: OpenSSL::TestUtils::TEST_KEY_DSA512, - digest: OpenSSL::TestUtils::DSA_SIGNATURE_DIGEST, - }, - } - if defined?(OpenSSL::PKey::EC) - PKEYS[OpenSSL::PKey::EC] = { - key: OpenSSL::TestUtils::TEST_KEY_EC_P256V1, - digest: OpenSSL::Digest::SHA1, - } - end - - def test_sign_verify - data = "Sign me!" - invalid_data = "Sign me?" - PKEYS.each do |klass, prop| - key = prop[:key] - pub_key = dup_public(prop[:key]) - digest = prop[:digest].new - signature = key.sign(digest, data) - assert_equal(true, pub_key.verify(digest, signature, data)) - assert_equal(false, pub_key.verify(digest, signature, invalid_data)) - # digest state is irrelevant - digest << "unya" - assert_equal(true, pub_key.verify(digest, signature, data)) - assert_equal(false, pub_key.verify(digest, signature, invalid_data)) - - if OpenSSL::OPENSSL_VERSION_NUMBER > 0x10000000 - digest = OpenSSL::Digest::SHA256.new - signature = key.sign(digest, data) - assert_equal(true, pub_key.verify(digest, signature, data)) - assert_equal(false, pub_key.verify(digest, signature, invalid_data)) - end - end - end - - def test_verify_empty_rsa - rsa = OpenSSL::PKey::RSA.new - assert_raise(OpenSSL::PKey::PKeyError, "[Bug #12783]") { - rsa.verify("SHA1", "a", "b") - } - end -end - -end diff --git a/test/test_pkey_dsa.rb b/test/test_pkey_dsa.rb index d0ba8ec0..a4ccd1d8 100644 --- a/test/test_pkey_dsa.rb +++ b/test/test_pkey_dsa.rb @@ -36,6 +36,26 @@ class OpenSSL::TestPKeyDSA < OpenSSL::PKeyTestCase end end + def test_sign_verify + data = "Sign me!" + if defined?(OpenSSL::Digest::DSS1) + signature = DSA512.sign(OpenSSL::Digest::DSS1.new, data) + assert_equal true, DSA512.verify(OpenSSL::Digest::DSS1.new, signature, data) + end + + return if OpenSSL::OPENSSL_VERSION_NUMBER <= 0x010000000 + signature = DSA512.sign("SHA1", data) + assert_equal true, DSA512.verify("SHA1", signature, data) + + signature0 = (<<~'end;').unpack("m")[0] + MCwCFH5h40plgU5Fh0Z4wvEEpz0eE9SnAhRPbkRB8ggsN/vsSEYMXvJwjGg/ + 6g== + end; + assert_equal true, DSA512.verify("SHA256", signature0, data) + signature1 = signature0.succ + assert_equal false, DSA512.verify("SHA256", signature1, data) + end + def test_sys_sign_verify key = OpenSSL::TestUtils::TEST_KEY_DSA256 data = 'Sign me!' diff --git a/test/test_pkey_ec.rb b/test/test_pkey_ec.rb index 53aa5a10..dc205290 100644 --- a/test/test_pkey_ec.rb +++ b/test/test_pkey_ec.rb @@ -73,6 +73,20 @@ class OpenSSL::TestEC < OpenSSL::PKeyTestCase assert_raise(OpenSSL::PKey::ECError) { key2.check_key } end + def test_sign_verify + data = "Sign me!" + signature = P256.sign("SHA1", data) + assert_equal true, P256.verify("SHA1", signature, data) + + signature0 = (<<~'end;').unpack("m")[0] + MEQCIEOTY/hD7eI8a0qlzxkIt8LLZ8uwiaSfVbjX2dPAvN11AiAQdCYx56Fq + QdBp1B4sxJoA8jvODMMklMyBKVmudboA6A== + end; + assert_equal true, P256.verify("SHA256", signature0, data) + signature1 = signature0.succ + assert_equal false, P256.verify("SHA256", signature1, data) + end + def test_dsa_sign_verify data1 = "foo" data2 = "bar" diff --git a/test/test_pkey_rsa.rb b/test/test_pkey_rsa.rb index e211faa6..b24f1d55 100644 --- a/test/test_pkey_rsa.rb +++ b/test/test_pkey_rsa.rb @@ -70,6 +70,21 @@ class OpenSSL::TestPKeyRSA < OpenSSL::PKeyTestCase end end + def test_sign_verify + data = "Sign me!" + signature = RSA1024.sign("SHA1", data) + assert_equal true, RSA1024.verify("SHA1", signature, data) + + signature0 = (<<~'end;').unpack("m")[0] + oLCgbprPvfhM4pjFQiDTFeWI9Sk+Og7Nh9TmIZ/xSxf2CGXQrptlwo7NQ28+ + WA6YQo8jPH4hSuyWIM4Gz4qRYiYRkl5TDMUYob94zm8Si1HxEiS9354tzvqS + zS8MLW2BtNPuTubMxTItHGTnOzo9sUg0LAHVFt8kHG2NfKAw/gQ= + end; + assert_equal true, RSA1024.verify("SHA256", signature0, data) + signature1 = signature0.succ + assert_equal false, RSA1024.verify("SHA256", signature1, data) + end + def test_digest_state_irrelevant_sign key = RSA1024 digest1 = OpenSSL::Digest::SHA1.new @@ -93,6 +108,13 @@ class OpenSSL::TestPKeyRSA < OpenSSL::PKeyTestCase assert(key.verify(digest2, sig, data)) end + def test_verify_empty_rsa + rsa = OpenSSL::PKey::RSA.new + assert_raise(OpenSSL::PKey::PKeyError, "[Bug #12783]") { + rsa.verify("SHA1", "a", "b") + } + end + def test_RSAPrivateKey asn1 = OpenSSL::ASN1::Sequence([ OpenSSL::ASN1::Integer(0), -- cgit v1.2.3