Skip to content

Commit

Permalink
Tested local seems ed25519 also returned 253 as bit size
Browse files Browse the repository at this point in the history
  • Loading branch information
@Antrapol
Antrapol committed Nov 14, 2023
1 parent 370b2f1 commit fb17bc9
Showing 1 changed file with 113 additions and 118 deletions.
231 changes: 113 additions & 118 deletions test/openssl/test_pkey.rb
View file
Original file line number Diff line number Diff line change
@@ -1,84 +1,85 @@
# frozen_string_literal: true
require_relative "utils"

require_relative 'utils'

class OpenSSL::TestPKey < OpenSSL::PKeyTestCase
def test_generic_oid_inspect
# RSA private key
rsa = Fixtures.pkey("rsa-1")
rsa = Fixtures.pkey('rsa-1')
assert_instance_of OpenSSL::PKey::RSA, rsa
assert_equal "rsaEncryption", rsa.oid
assert_match %r{oid=rsaEncryption}, rsa.inspect
assert_equal 'rsaEncryption', rsa.oid
assert_match(/oid=rsaEncryption/, rsa.inspect)

# X25519 private key
x25519_pem = <<~EOF
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VuBCIEIHcHbQpzGKV9PBbBclGyZkXfTC+H68CZKrF3+6UduSwq
-----END PRIVATE KEY-----
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VuBCIEIHcHbQpzGKV9PBbBclGyZkXfTC+H68CZKrF3+6UduSwq
-----END PRIVATE KEY-----
EOF
begin
x25519 = OpenSSL::PKey.read(x25519_pem)
rescue OpenSSL::PKey::PKeyError
# OpenSSL < 1.1.0
pend "X25519 is not implemented"
pend 'X25519 is not implemented'
end
assert_instance_of OpenSSL::PKey::PKey, x25519
assert_equal "X25519", x25519.oid
assert_match %r{oid=X25519}, x25519.inspect
assert_equal 'X25519', x25519.oid
assert_match(/oid=X25519/, x25519.inspect)
end

def test_s_generate_parameters
pkey = OpenSSL::PKey.generate_parameters("EC", {
"ec_paramgen_curve" => "secp384r1",
})
pkey = OpenSSL::PKey.generate_parameters('EC', {
'ec_paramgen_curve' => 'secp384r1'
})
assert_instance_of OpenSSL::PKey::EC, pkey
assert_equal "secp384r1", pkey.group.curve_name
assert_equal 'secp384r1', pkey.group.curve_name
assert_equal nil, pkey.private_key

# Invalid options are checked
assert_raise(OpenSSL::PKey::PKeyError) {
OpenSSL::PKey.generate_parameters("EC", "invalid" => "option")
}
assert_raise(OpenSSL::PKey::PKeyError) do
OpenSSL::PKey.generate_parameters('EC', 'invalid' => 'option')
end

# Parameter generation callback is called
if openssl?(3, 0, 0, 0) && !openssl?(3, 0, 0, 6)
# Errors in BN_GENCB were not properly handled. This special pend is to
# suppress failures on Ubuntu 22.04, which uses OpenSSL 3.0.2.
pend "unstable test on OpenSSL 3.0.[0-5]"
pend 'unstable test on OpenSSL 3.0.[0-5]'
end
cb_called = []
assert_raise(RuntimeError) {
OpenSSL::PKey.generate_parameters("DSA") { |*args|
assert_raise(RuntimeError) do
OpenSSL::PKey.generate_parameters('DSA') do |*args|
cb_called << args
raise "exit!" if cb_called.size == 3
}
}
raise 'exit!' if cb_called.size == 3
end
end
assert_not_empty cb_called
end

def test_s_generate_key
assert_raise(OpenSSL::PKey::PKeyError) {
assert_raise(OpenSSL::PKey::PKeyError) do
# DSA key pair cannot be generated without parameters
OpenSSL::PKey.generate_key("DSA")
}
pkey_params = OpenSSL::PKey.generate_parameters("EC", {
"ec_paramgen_curve" => "secp384r1",
})
OpenSSL::PKey.generate_key('DSA')
end
pkey_params = OpenSSL::PKey.generate_parameters('EC', {
'ec_paramgen_curve' => 'secp384r1'
})
pkey = OpenSSL::PKey.generate_key(pkey_params)
assert_instance_of OpenSSL::PKey::EC, pkey
assert_equal "secp384r1", pkey.group.curve_name
assert_equal 'secp384r1', pkey.group.curve_name
assert_not_equal nil, pkey.private_key
end

def test_hmac_sign_verify
pkey = OpenSSL::PKey.generate_key("HMAC", { "key" => "abcd" })
pkey = OpenSSL::PKey.generate_key('HMAC', { 'key' => 'abcd' })

hmac = OpenSSL::HMAC.new("abcd", "SHA256").update("data").digest
assert_equal hmac, pkey.sign("SHA256", "data")
hmac = OpenSSL::HMAC.new('abcd', 'SHA256').update('data').digest
assert_equal hmac, pkey.sign('SHA256', 'data')

# EVP_PKEY_HMAC does not support verify
assert_raise(OpenSSL::PKey::PKeyError) {
pkey.verify("SHA256", "data", hmac)
}
assert_raise(OpenSSL::PKey::PKeyError) do
pkey.verify('SHA256', 'data', hmac)
end
end

def test_ed25519
Expand All @@ -87,21 +88,21 @@ def test_ed25519

# Test vector from RFC 8032 Section 7.1 TEST 2
priv_pem = <<~EOF
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEIEzNCJso/5banbbDRuwRTg9bijGfNaumJNqM9u1PuKb7
-----END PRIVATE KEY-----
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEIEzNCJso/5banbbDRuwRTg9bijGfNaumJNqM9u1PuKb7
-----END PRIVATE KEY-----
EOF
pub_pem = <<~EOF
-----BEGIN PUBLIC KEY-----
MCowBQYDK2VwAyEAPUAXw+hDiVqStwqnTRt+vJyYLM8uxJaMwM1V8Sr0Zgw=
-----END PUBLIC KEY-----
-----BEGIN PUBLIC KEY-----
MCowBQYDK2VwAyEAPUAXw+hDiVqStwqnTRt+vJyYLM8uxJaMwM1V8Sr0Zgw=
-----END PUBLIC KEY-----
EOF
begin
priv = OpenSSL::PKey.read(priv_pem)
pub = OpenSSL::PKey.read(pub_pem)
rescue OpenSSL::PKey::PKeyError => e
# OpenSSL < 1.1.1
pend "Ed25519 is not implemented" unless openssl?(1, 1, 1)
pend 'Ed25519 is not implemented' unless openssl?(1, 1, 1)

raise e
end
Expand All @@ -112,33 +113,33 @@ def test_ed25519
assert_equal pub_pem, pub.public_to_pem

begin
assert_equal "4ccd089b28ff96da9db6c346ec114e0f5b8a319f35aba624da8cf6ed4fb8a6fb",
priv.raw_private_key.unpack1("H*")
assert_equal OpenSSL::PKey.new_raw_private_key("ED25519", priv.raw_private_key).private_to_pem,
priv.private_to_pem
assert_equal "3d4017c3e843895a92b70aa74d1b7ebc9c982ccf2ec4968cc0cd55f12af4660c",
priv.raw_public_key.unpack1("H*")
assert_equal OpenSSL::PKey.new_raw_public_key("ED25519", priv.raw_public_key).public_to_pem,
pub.public_to_pem
assert_equal '4ccd089b28ff96da9db6c346ec114e0f5b8a319f35aba624da8cf6ed4fb8a6fb',
priv.raw_private_key.unpack1('H*')
assert_equal OpenSSL::PKey.new_raw_private_key('ED25519', priv.raw_private_key).private_to_pem,
priv.private_to_pem
assert_equal '3d4017c3e843895a92b70aa74d1b7ebc9c982ccf2ec4968cc0cd55f12af4660c',
priv.raw_public_key.unpack1('H*')
assert_equal OpenSSL::PKey.new_raw_public_key('ED25519', priv.raw_public_key).public_to_pem,
pub.public_to_pem
rescue NoMethodError
pend "running OpenSSL version does not have raw public key support"
pend 'running OpenSSL version does not have raw public key support'
end

sig = [<<~EOF.gsub(/[^0-9a-f]/, "")].pack("H*")
92a009a9f0d4cab8720e820b5f642540
a2b27b5416503f8fb3762223ebdb69da
085ac1e43e15996e458f3613d0f11d8c
387b2eaeb4302aeeb00d291612bb0c00
sig = [<<~EOF.gsub(/[^0-9a-f]/, '')].pack('H*')
92a009a9f0d4cab8720e820b5f642540
a2b27b5416503f8fb3762223ebdb69da
085ac1e43e15996e458f3613d0f11d8c
387b2eaeb4302aeeb00d291612bb0c00
EOF
data = ["72"].pack("H*")
data = ['72'].pack('H*')
assert_equal sig, priv.sign(nil, data)
assert_equal true, priv.verify(nil, sig, data)
assert_equal true, pub.verify(nil, sig, data)
assert_equal false, pub.verify(nil, sig, data.succ)

# PureEdDSA wants nil as the message digest
assert_raise(OpenSSL::PKey::PKeyError) { priv.sign("SHA512", data) }
assert_raise(OpenSSL::PKey::PKeyError) { pub.verify("SHA512", sig, data) }
assert_raise(OpenSSL::PKey::PKeyError) { priv.sign('SHA512', data) }
assert_raise(OpenSSL::PKey::PKeyError) { pub.verify('SHA512', sig, data) }

# Ed25519 pkey type does not support key derivation
assert_raise(OpenSSL::PKey::PKeyError) { priv.derive(pub) }
Expand All @@ -156,14 +157,12 @@ def test_ed25519_not_approved_on_fips
# See also
# https://github.com/openssl/openssl/issues/20758#issuecomment-1639658102
# for details.
unless openssl?(3, 1, 0, 0)
omit 'Ed25519 is allowed in the OpenSSL 3.0 FIPS code as a kind of bug'
end
omit 'Ed25519 is allowed in the OpenSSL 3.0 FIPS code as a kind of bug' unless openssl?(3, 1, 0, 0)

priv_pem = <<~EOF
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEIEzNCJso/5banbbDRuwRTg9bijGfNaumJNqM9u1PuKb7
-----END PRIVATE KEY-----
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEIEzNCJso/5banbbDRuwRTg9bijGfNaumJNqM9u1PuKb7
-----END PRIVATE KEY-----
EOF
assert_raise(OpenSSL::PKey::PKeyError) do
OpenSSL::PKey.read(priv_pem)
Expand All @@ -173,60 +172,60 @@ def test_ed25519_not_approved_on_fips
def test_x25519
# Test vector from RFC 7748 Section 6.1
alice_pem = <<~EOF
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VuBCIEIHcHbQpzGKV9PBbBclGyZkXfTC+H68CZKrF3+6UduSwq
-----END PRIVATE KEY-----
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VuBCIEIHcHbQpzGKV9PBbBclGyZkXfTC+H68CZKrF3+6UduSwq
-----END PRIVATE KEY-----
EOF
bob_pem = <<~EOF
-----BEGIN PUBLIC KEY-----
MCowBQYDK2VuAyEA3p7bfXt9wbTTW2HC7OQ1Nz+DQ8hbeGdNrfx+FG+IK08=
-----END PUBLIC KEY-----
-----BEGIN PUBLIC KEY-----
MCowBQYDK2VuAyEA3p7bfXt9wbTTW2HC7OQ1Nz+DQ8hbeGdNrfx+FG+IK08=
-----END PUBLIC KEY-----
EOF
shared_secret = "4a5d9d5ba4ce2de1728e3bf480350f25e07e21c947d19e3376f09b3c1e161742"
shared_secret = '4a5d9d5ba4ce2de1728e3bf480350f25e07e21c947d19e3376f09b3c1e161742'
begin
alice = OpenSSL::PKey.read(alice_pem)
bob = OpenSSL::PKey.read(bob_pem)
rescue OpenSSL::PKey::PKeyError
# OpenSSL < 1.1.0
pend "X25519 is not implemented"
pend 'X25519 is not implemented'
end
assert_instance_of OpenSSL::PKey::PKey, alice
assert_equal alice_pem, alice.private_to_pem
assert_equal bob_pem, bob.public_to_pem
assert_equal [shared_secret].pack("H*"), alice.derive(bob)
assert_equal [shared_secret].pack('H*'), alice.derive(bob)
begin
alice_private = OpenSSL::PKey.new_raw_private_key("X25519", alice.raw_private_key)
bob_public = OpenSSL::PKey.new_raw_public_key("X25519", bob.raw_public_key)
alice_private_raw = alice.raw_private_key.unpack1("H*")
bob_public_raw = bob.raw_public_key.unpack1("H*")
alice_private = OpenSSL::PKey.new_raw_private_key('X25519', alice.raw_private_key)
bob_public = OpenSSL::PKey.new_raw_public_key('X25519', bob.raw_public_key)
alice_private_raw = alice.raw_private_key.unpack1('H*')
bob_public_raw = bob.raw_public_key.unpack1('H*')
rescue NoMethodError
# OpenSSL < 1.1.1
pend "running OpenSSL version does not have raw public key support"
pend 'running OpenSSL version does not have raw public key support'
end
assert_equal alice_private.private_to_pem,
alice.private_to_pem
alice.private_to_pem
assert_equal bob_public.public_to_pem,
bob.public_to_pem
assert_equal "77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a",
alice_private_raw
assert_equal "de9edb7d7b7dc1b4d35b61c2ece435373f8343c85b78674dadfc7e146f882b4f",
bob_public_raw
bob.public_to_pem
assert_equal '77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a',
alice_private_raw
assert_equal 'de9edb7d7b7dc1b4d35b61c2ece435373f8343c85b78674dadfc7e146f882b4f',
bob_public_raw
end

def raw_initialize
pend "Ed25519 is not implemented" unless openssl?(1, 1, 1) # >= v1.1.1
pend 'Ed25519 is not implemented' unless openssl?(1, 1, 1) # >= v1.1.1

assert_raise(OpenSSL::PKey::PKeyError) { OpenSSL::PKey.new_raw_private_key("foo123", "xxx") }
assert_raise(OpenSSL::PKey::PKeyError) { OpenSSL::PKey.new_raw_private_key("ED25519", "xxx") }
assert_raise(OpenSSL::PKey::PKeyError) { OpenSSL::PKey.new_raw_public_key("foo123", "xxx") }
assert_raise(OpenSSL::PKey::PKeyError) { OpenSSL::PKey.new_raw_public_key("ED25519", "xxx") }
assert_raise(OpenSSL::PKey::PKeyError) { OpenSSL::PKey.new_raw_private_key('foo123', 'xxx') }
assert_raise(OpenSSL::PKey::PKeyError) { OpenSSL::PKey.new_raw_private_key('ED25519', 'xxx') }
assert_raise(OpenSSL::PKey::PKeyError) { OpenSSL::PKey.new_raw_public_key('foo123', 'xxx') }
assert_raise(OpenSSL::PKey::PKeyError) { OpenSSL::PKey.new_raw_public_key('ED25519', 'xxx') }
end

def test_compare?
key1 = Fixtures.pkey("rsa1024")
key2 = Fixtures.pkey("rsa1024")
key3 = Fixtures.pkey("rsa2048")
key4 = Fixtures.pkey("dh-1")
key1 = Fixtures.pkey('rsa1024')
key2 = Fixtures.pkey('rsa1024')
key3 = Fixtures.pkey('rsa2048')
key4 = Fixtures.pkey('dh-1')

assert_equal(true, key1.compare?(key2))
assert_equal(true, key1.public_key.compare?(key2))
Expand All @@ -241,51 +240,50 @@ def test_compare?
end

def test_to_text
rsa = Fixtures.pkey("rsa1024")
assert_include rsa.to_text, "publicExponent"
rsa = Fixtures.pkey('rsa1024')
assert_include rsa.to_text, 'publicExponent'
end

def test_keysize_in_bits
# Test vector from RFC 7748 Section 6.1
alice_pem = <<~EOF
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VuBCIEIHcHbQpzGKV9PBbBclGyZkXfTC+H68CZKrF3+6UduSwq
-----END PRIVATE KEY-----
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VuBCIEIHcHbQpzGKV9PBbBclGyZkXfTC+H68CZKrF3+6UduSwq
-----END PRIVATE KEY-----
EOF
bob_pem = <<~EOF
-----BEGIN PUBLIC KEY-----
MCowBQYDK2VuAyEA3p7bfXt9wbTTW2HC7OQ1Nz+DQ8hbeGdNrfx+FG+IK08=
-----END PUBLIC KEY-----
-----BEGIN PUBLIC KEY-----
MCowBQYDK2VuAyEA3p7bfXt9wbTTW2HC7OQ1Nz+DQ8hbeGdNrfx+FG+IK08=
-----END PUBLIC KEY-----
EOF
begin
alice = OpenSSL::PKey.read(alice_pem)
bob = OpenSSL::PKey.read(bob_pem)

assert_equal 253, alice.keysize_in_bits
assert_equal 253, bob.keysize_in_bits

rescue OpenSSL::PKey::PKeyError
# OpenSSL < 1.1.0
pend "X25519 is not implemented"
pend 'X25519 is not implemented'
end

# Test vector from RFC 8032 Section 7.1 TEST 2
priv_pem = <<~EOF
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEIEzNCJso/5banbbDRuwRTg9bijGfNaumJNqM9u1PuKb7
-----END PRIVATE KEY-----
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEIEzNCJso/5banbbDRuwRTg9bijGfNaumJNqM9u1PuKb7
-----END PRIVATE KEY-----
EOF
pub_pem = <<~EOF
-----BEGIN PUBLIC KEY-----
MCowBQYDK2VwAyEAPUAXw+hDiVqStwqnTRt+vJyYLM8uxJaMwM1V8Sr0Zgw=
-----END PUBLIC KEY-----
-----BEGIN PUBLIC KEY-----
MCowBQYDK2VwAyEAPUAXw+hDiVqStwqnTRt+vJyYLM8uxJaMwM1V8Sr0Zgw=
-----END PUBLIC KEY-----
EOF
begin
priv = OpenSSL::PKey.read(priv_pem)
pub = OpenSSL::PKey.read(pub_pem)

if openssl?(1,1,1)
# for some reason OpenSSL v1.1.1 returns 253 as value while
if openssl?(1, 1, 1) or openssl?(3, 0, 0)
# for some reason OpenSSL v1.1.1 returns 253 as value while
# all other versions returned 256 as value
# Cannot find actual key size in bit for ED25519 private key
# but public key seems to be 256 bits
Expand All @@ -295,12 +293,9 @@ def test_keysize_in_bits
assert_equal 256, priv.keysize_in_bits
assert_equal 256, pub.keysize_in_bits
end

rescue OpenSSL::PKey::PKeyError => e
# OpenSSL < 1.1.1
pend "Ed25519 is not implemented" unless openssl?(1, 1, 1)
pend 'Ed25519 is not implemented' unless openssl?(1, 1, 1)
end

end

end

0 comments on commit fb17bc9

Please sign in to comment.