| blob | 726b7dbf7e6114de9bfc57ad7b8d65db60093175 |
1 # frozen_string_literal: true
2 require_relative 'utils'
4 if defined?(OpenSSL) && defined?(OpenSSL::PKey::DSA)
6 class OpenSSL::TestPKeyDSA < OpenSSL::PKeyTestCase
7 def test_private
8 key = Fixtures.pkey("dsa1024")
9 assert_equal true, key.private?
10 key2 = OpenSSL::PKey::DSA.new(key.to_der)
11 assert_equal true, key2.private?
12 key3 = key.public_key
13 assert_equal false, key3.private?
14 key4 = OpenSSL::PKey::DSA.new(key3.to_der)
15 assert_equal false, key4.private?
16 end
18 def test_new
19 key = OpenSSL::PKey::DSA.new(2048)
20 pem = key.public_key.to_pem
21 OpenSSL::PKey::DSA.new pem
22 end
24 def test_new_break
25 assert_nil(OpenSSL::PKey::DSA.new(2048) { break })
26 assert_raise(RuntimeError) do
27 OpenSSL::PKey::DSA.new(2048) { raise }
28 end
29 end
31 def test_sign_verify
32 dsa512 = Fixtures.pkey("dsa512")
33 data = "Sign me!"
34 if defined?(OpenSSL::Digest::DSS1)
35 signature = dsa512.sign(OpenSSL::Digest.new('DSS1'), data)
36 assert_equal true, dsa512.verify(OpenSSL::Digest.new('DSS1'), signature, data)
37 end
39 signature = dsa512.sign("SHA1", data)
40 assert_equal true, dsa512.verify("SHA1", signature, data)
42 signature0 = (<<~'end;').unpack("m")[0]
43 MCwCFH5h40plgU5Fh0Z4wvEEpz0eE9SnAhRPbkRB8ggsN/vsSEYMXvJwjGg/
44 6g==
45 end;
46 assert_equal true, dsa512.verify("SHA256", signature0, data)
47 signature1 = signature0.succ
48 assert_equal false, dsa512.verify("SHA256", signature1, data)
49 end
51 def test_sign_verify_raw
52 key = Fixtures.pkey("dsa512")
53 data = 'Sign me!'
54 digest = OpenSSL::Digest.digest('SHA1', data)
56 invalid_sig = key.sign_raw(nil, digest.succ)
57 malformed_sig = "*" * invalid_sig.bytesize
59 # Sign by #syssign
60 sig = key.syssign(digest)
61 assert_equal true, key.sysverify(digest, sig)
62 assert_equal false, key.sysverify(digest, invalid_sig)
63 assert_raise(OpenSSL::PKey::DSAError) { key.sysverify(digest, malformed_sig) }
64 assert_equal true, key.verify_raw(nil, sig, digest)
65 assert_equal false, key.verify_raw(nil, invalid_sig, digest)
66 assert_raise(OpenSSL::PKey::PKeyError) { key.verify_raw(nil, malformed_sig, digest) }
68 # Sign by #sign_raw
69 sig = key.sign_raw(nil, digest)
70 assert_equal true, key.sysverify(digest, sig)
71 assert_equal false, key.sysverify(digest, invalid_sig)
72 assert_raise(OpenSSL::PKey::DSAError) { key.sysverify(digest, malformed_sig) }
73 assert_equal true, key.verify_raw(nil, sig, digest)
74 assert_equal false, key.verify_raw(nil, invalid_sig, digest)
75 assert_raise(OpenSSL::PKey::PKeyError) { key.verify_raw(nil, malformed_sig, digest) }
76 end
78 def test_DSAPrivateKey
79 # OpenSSL DSAPrivateKey format; similar to RSAPrivateKey
80 dsa512 = Fixtures.pkey("dsa512")
81 asn1 = OpenSSL::ASN1::Sequence([
82 OpenSSL::ASN1::Integer(0),
83 OpenSSL::ASN1::Integer(dsa512.p),
84 OpenSSL::ASN1::Integer(dsa512.q),
85 OpenSSL::ASN1::Integer(dsa512.g),
86 OpenSSL::ASN1::Integer(dsa512.pub_key),
87 OpenSSL::ASN1::Integer(dsa512.priv_key)
88 ])
89 key = OpenSSL::PKey::DSA.new(asn1.to_der)
90 assert_predicate key, :private?
91 assert_same_dsa dsa512, key
93 pem = <<~EOF
94 -----BEGIN DSA PRIVATE KEY-----
95 MIH4AgEAAkEA5lB4GvEwjrsMlGDqGsxrbqeFRh6o9OWt6FgTYiEEHaOYhkIxv0Ok
96 RZPDNwOG997mDjBnvDJ1i56OmS3MbTnovwIVAJgub/aDrSDB4DZGH7UyarcaGy6D
97 AkB9HdFw/3td8K4l1FZHv7TCZeJ3ZLb7dF3TWoGUP003RCqoji3/lHdKoVdTQNuR
98 S/m6DlCwhjRjiQ/lBRgCLCcaAkEAjN891JBjzpMj4bWgsACmMggFf57DS0Ti+5++
99 Q1VB8qkJN7rA7/2HrCR3gTsWNb1YhAsnFsoeRscC+LxXoXi9OAIUBG98h4tilg6S
100 55jreJD3Se3slps=
101 -----END DSA PRIVATE KEY-----
102 EOF
103 key = OpenSSL::PKey::DSA.new(pem)
104 assert_same_dsa dsa512, key
106 assert_equal asn1.to_der, dsa512.to_der
107 assert_equal pem, dsa512.export
108 end
110 def test_DSAPrivateKey_encrypted
111 # key = abcdef
112 dsa512 = Fixtures.pkey("dsa512")
113 pem = <<~EOF
114 -----BEGIN DSA PRIVATE KEY-----
115 Proc-Type: 4,ENCRYPTED
116 DEK-Info: AES-128-CBC,F8BB7BFC7EAB9118AC2E3DA16C8DB1D9
118 D2sIzsM9MLXBtlF4RW42u2GB9gX3HQ3prtVIjWPLaKBYoToRUiv8WKsjptfZuLSB
119 74ZPdMS7VITM+W1HIxo/tjS80348Cwc9ou8H/E6WGat8ZUk/igLOUEII+coQS6qw
120 QpuLMcCIavevX0gjdjEIkojBB81TYDofA1Bp1z1zDI/2Zhw822xapI79ZF7Rmywt
121 OSyWzFaGipgDpdFsGzvT6//z0jMr0AuJVcZ0VJ5lyPGQZAeVBlbYEI4T72cC5Cz7
122 XvLiaUtum6/sASD2PQqdDNpgx/WA6Vs1Po2kIUQIM5TIwyJI0GdykZcYm6xIK/ta
123 Wgx6c8K+qBAIVrilw3EWxw==
124 -----END DSA PRIVATE KEY-----
125 EOF
126 key = OpenSSL::PKey::DSA.new(pem, "abcdef")
127 assert_same_dsa dsa512, key
128 key = OpenSSL::PKey::DSA.new(pem) { "abcdef" }
129 assert_same_dsa dsa512, key
131 cipher = OpenSSL::Cipher.new("aes-128-cbc")
132 exported = dsa512.to_pem(cipher, "abcdef\0\1")
133 assert_same_dsa dsa512, OpenSSL::PKey::DSA.new(exported, "abcdef\0\1")
134 assert_raise(OpenSSL::PKey::DSAError) {
135 OpenSSL::PKey::DSA.new(exported, "abcdef")
136 }
137 end
139 def test_PUBKEY
140 dsa512 = Fixtures.pkey("dsa512")
141 dsa512pub = OpenSSL::PKey::DSA.new(dsa512.public_to_der)
143 asn1 = OpenSSL::ASN1::Sequence([
144 OpenSSL::ASN1::Sequence([
145 OpenSSL::ASN1::ObjectId("DSA"),
146 OpenSSL::ASN1::Sequence([
147 OpenSSL::ASN1::Integer(dsa512.p),
148 OpenSSL::ASN1::Integer(dsa512.q),
149 OpenSSL::ASN1::Integer(dsa512.g)
150 ])
151 ]),
152 OpenSSL::ASN1::BitString(
153 OpenSSL::ASN1::Integer(dsa512.pub_key).to_der
154 )
155 ])
156 key = OpenSSL::PKey::DSA.new(asn1.to_der)
157 assert_not_predicate key, :private?
158 assert_same_dsa dsa512pub, key
160 pem = <<~EOF
161 -----BEGIN PUBLIC KEY-----
162 MIHxMIGoBgcqhkjOOAQBMIGcAkEA5lB4GvEwjrsMlGDqGsxrbqeFRh6o9OWt6FgT
163 YiEEHaOYhkIxv0OkRZPDNwOG997mDjBnvDJ1i56OmS3MbTnovwIVAJgub/aDrSDB
164 4DZGH7UyarcaGy6DAkB9HdFw/3td8K4l1FZHv7TCZeJ3ZLb7dF3TWoGUP003RCqo
165 ji3/lHdKoVdTQNuRS/m6DlCwhjRjiQ/lBRgCLCcaA0QAAkEAjN891JBjzpMj4bWg
166 sACmMggFf57DS0Ti+5++Q1VB8qkJN7rA7/2HrCR3gTsWNb1YhAsnFsoeRscC+LxX
167 oXi9OA==
168 -----END PUBLIC KEY-----
169 EOF
170 key = OpenSSL::PKey::DSA.new(pem)
171 assert_same_dsa dsa512pub, key
173 assert_equal asn1.to_der, key.to_der
174 assert_equal pem, key.export
176 assert_equal asn1.to_der, dsa512.public_to_der
177 assert_equal asn1.to_der, key.public_to_der
178 assert_equal pem, dsa512.public_to_pem
179 assert_equal pem, key.public_to_pem
180 end
182 def test_read_DSAPublicKey_pem
183 # TODO: where is the standard? PKey::DSA.new can read only PEM
184 p = 12260055936871293565827712385212529106400444521449663325576634579961635627321079536132296996623400607469624537382977152381984332395192110731059176842635699
185 q = 979494906553787301107832405790107343409973851677
186 g = 3731695366899846297271147240305742456317979984190506040697507048095553842519347835107669437969086119948785140453492839427038591924536131566350847469993845
187 y = 10505239074982761504240823422422813362721498896040719759460296306305851824586095328615844661273887569281276387605297130014564808567159023649684010036304695
188 pem = <<-EOF
189 -----BEGIN DSA PUBLIC KEY-----
190 MIHfAkEAyJSJ+g+P/knVcgDwwTzC7Pwg/pWs2EMd/r+lYlXhNfzg0biuXRul8VR4
191 VUC/phySExY0PdcqItkR/xYAYNMbNwJBAOoV57X0FxKO/PrNa/MkoWzkCKV/hzhE
192 p0zbFdsicw+hIjJ7S6Sd/FlDlo89HQZ2FuvWJ6wGLM1j00r39+F2qbMCFQCrkhIX
193 SG+is37hz1IaBeEudjB2HQJAR0AloavBvtsng8obsjLb7EKnB+pSeHr/BdIQ3VH7
194 fWLOqqkzFeRrYMDzUpl36XktY6Yq8EJYlW9pCMmBVNy/dQ==
195 -----END DSA PUBLIC KEY-----
196 EOF
197 key = OpenSSL::PKey::DSA.new(pem)
198 assert(key.public?)
199 assert(!key.private?)
200 assert_equal(p, key.p)
201 assert_equal(q, key.q)
202 assert_equal(g, key.g)
203 assert_equal(y, key.pub_key)
204 assert_equal(nil, key.priv_key)
205 end
207 def test_dup
208 key = Fixtures.pkey("dsa1024")
209 key2 = key.dup
210 assert_equal key.params, key2.params
212 # PKey is immutable in OpenSSL >= 3.0
213 if !openssl?(3, 0, 0)
214 key2.set_pqg(key2.p + 1, key2.q, key2.g)
215 assert_not_equal key.params, key2.params
216 end
217 end
219 def test_marshal
220 key = Fixtures.pkey("dsa1024")
221 deserialized = Marshal.load(Marshal.dump(key))
223 assert_equal key.to_der, deserialized.to_der
224 end
226 private
227 def assert_same_dsa(expected, key)
228 check_component(expected, key, [:p, :q, :g, :pub_key, :priv_key])
229 end
230 end
232 end