diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2020-05-22 16:10:35 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2021-07-18 17:44:58 +0900 |
commit | 4ebff35971d499f4ddd13f48bff0444f77d63421 (patch) | |
tree | 528fa77adf94975df77bc359f911070a47784cce /test/openssl/test_pkey_ec.rb | |
parent | cbc560e38f9127c723f6b91734abbc0a1b0c14cc (diff) | |
download | ruby-4ebff35971d499f4ddd13f48bff0444f77d63421.tar.gz |
[ruby/openssl] pkey: implement PKey#sign_raw, #verify_raw, and #verify_recover
Add a variant of PKey#sign and #verify that do not hash the data
automatically.
Sometimes the caller has the hashed data only, but not the plaintext
to be signed. In that case, users would have to use the low-level API
such as RSA#private_encrypt or #public_decrypt directly.
OpenSSL 1.0.0 and later supports EVP_PKEY_sign() and EVP_PKEY_verify()
which provide the same functionality as part of the EVP API. This patch
adds wrappers for them.
https://github.com/ruby/openssl/commit/16cca4e0c4
Diffstat (limited to 'test/openssl/test_pkey_ec.rb')
-rw-r--r-- | test/openssl/test_pkey_ec.rb | 21 |
1 files changed, 19 insertions, 2 deletions
diff --git a/test/openssl/test_pkey_ec.rb b/test/openssl/test_pkey_ec.rb index 80ae9ffdf1..0a460bd536 100644 --- a/test/openssl/test_pkey_ec.rb +++ b/test/openssl/test_pkey_ec.rb @@ -109,13 +109,30 @@ class OpenSSL::TestEC < OpenSSL::PKeyTestCase assert_equal a.derive(b), a.dh_compute_key(b.public_key) end - def test_dsa_sign_verify + def test_sign_verify_raw + key = Fixtures.pkey("p256") data1 = "foo" data2 = "bar" - key = OpenSSL::PKey::EC.new("prime256v1").generate_key! + + malformed_sig = "*" * 30 + + # Sign by #dsa_sign_asn1 sig = key.dsa_sign_asn1(data1) assert_equal true, key.dsa_verify_asn1(data1, sig) assert_equal false, key.dsa_verify_asn1(data2, sig) + assert_raise(OpenSSL::PKey::ECError) { key.dsa_verify_asn1(data1, malformed_sig) } + assert_equal true, key.verify_raw(nil, sig, data1) + assert_equal false, key.verify_raw(nil, sig, data2) + assert_raise(OpenSSL::PKey::PKeyError) { key.verify_raw(nil, malformed_sig, data1) } + + # Sign by #sign_raw + sig = key.sign_raw(nil, data1) + assert_equal true, key.dsa_verify_asn1(data1, sig) + assert_equal false, key.dsa_verify_asn1(data2, sig) + assert_raise(OpenSSL::PKey::ECError) { key.dsa_verify_asn1(data1, malformed_sig) } + assert_equal true, key.verify_raw(nil, sig, data1) + assert_equal false, key.verify_raw(nil, sig, data2) + assert_raise(OpenSSL::PKey::PKeyError) { key.verify_raw(nil, malformed_sig, data1) } end def test_dsa_sign_asn1_FIPS186_3 |