Project

General

Profile

Bug #10257 ยป ec_x509.patch

jtdowney (John Downey), 09/18/2014 03:10 PM

View differences:

ext/openssl/ossl_pkey_ec.c (working copy)
1598 1598
    rb_define_method(cEC, "public_key", ossl_ec_key_get_public_key, 0);
1599 1599
    rb_define_method(cEC, "public_key=", ossl_ec_key_set_public_key, 1);
1600 1600
    rb_define_method(cEC, "private_key?", ossl_ec_key_is_private_key, 0);
1601
    rb_define_alias(cEC, "private?", "private_key?");
1601 1602
    rb_define_method(cEC, "public_key?", ossl_ec_key_is_public_key, 0);
1603
    rb_define_alias(cEC, "public?", "public_key?");
1602 1604
/*  rb_define_method(cEC, "", ossl_ec_key_get_, 0);
1603 1605
    rb_define_method(cEC, "=", ossl_ec_key_set_ 1);
1604 1606
    set/get enc_flags
test/openssl/test_pkey_ec.rb (working copy)
42 42
      assert_equal(key.check_key, true)
43 43
      assert_equal(key.private_key?, true)
44 44
      assert_equal(key.public_key?, true)
45
      assert_equal(key.private?, true)
46
      assert_equal(key.public?, true)
45 47
    end
46 48
  end
47 49

  
test/openssl/test_x509cert.rb (working copy)
8 8
    @rsa2048 = OpenSSL::TestUtils::TEST_KEY_RSA2048
9 9
    @dsa256  = OpenSSL::TestUtils::TEST_KEY_DSA256
10 10
    @dsa512  = OpenSSL::TestUtils::TEST_KEY_DSA512
11

  
12
    if defined?(OpenSSL::PKey::EC)
13
      @ec256 = OpenSSL::TestUtils::TEST_KEY_EC_P256V1
14
    end
15

  
11 16
    @ca = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=CA")
12 17
    @ee1 = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=EE1")
13 18
    @ee2 = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=EE2")
......
40 45
    sha1 = OpenSSL::Digest::SHA1.new
41 46
    dsa_digest = OpenSSL::TestUtils::DSA_SIGNATURE_DIGEST.new
42 47

  
43
    [
44
      [@rsa1024, sha1], [@rsa2048, sha1], [@dsa256, dsa_digest], [@dsa512, dsa_digest]
45
    ].each{|pk, digest|
46
      cert = issue_cert(@ca, pk, 1, Time.now, Time.now+3600, exts,
48
    combinations = [
49
      [@rsa1024, @rsa1024.public_key, sha1],
50
      [@rsa2048, @rsa2048.public_key, sha1],
51
      [@dsa256, @dsa256.public_key, dsa_digest],
52
      [@dsa512, @dsa512.public_key, dsa_digest]
53
    ]
54

  
55
    if defined?(OpenSSL::PKey::EC)
56
      public_key = OpenSSL::PKey::EC.new(@ec256)
57
      public_key.private_key = nil
58
      combinations << [@ec256, public_key, sha1]
59
    end
60

  
61
    combinations.each{|private_key, public_key, digest|
62
      cert = issue_cert(@ca, private_key, 1, Time.now, Time.now+3600, exts,
47 63
                        nil, nil, digest)
48 64
      assert_equal(cert.extensions.sort_by(&:to_s)[2].value,
49 65
                   OpenSSL::TestUtils.get_subject_key_id(cert))
50 66
      cert = OpenSSL::X509::Certificate.new(cert.to_der)
51 67
      assert_equal(cert.extensions.sort_by(&:to_s)[2].value,
52 68
                   OpenSSL::TestUtils.get_subject_key_id(cert))
69
      assert_equal(cert.public_key.to_pem, public_key.to_pem)
53 70
    }
54 71
  end
55 72

  
......
179 196
    }
180 197
  end
181 198

  
199
  if defined?(OpenSSL::PKey::EC)
200

  
201
    def test_sign_and_verify_ec_sha1
202
      cert = issue_cert(@ca, @ec256, 1, Time.now, Time.now+3600, [],
203
                        nil, nil, OpenSSL::Digest::SHA1.new)
204
      assert_equal(true,  cert.verify(@ec256))
205
      assert_equal(false, certificate_error_returns_false { cert.verify(@dsa256) })
206
      assert_equal(false, certificate_error_returns_false { cert.verify(@dsa512) })
207
      cert.serial = 2
208
      assert_equal(false, cert.verify(@ec256))
209
    end
210

  
211
    def test_sign_and_verify_ec_sha2
212
      cert = issue_cert(@ca, @ec256, 1, Time.now, Time.now+3600, [],
213
                        nil, nil, OpenSSL::Digest::SHA256.new)
214
      assert_equal(true,  cert.verify(@ec256))
215
      assert_equal(false, certificate_error_returns_false { cert.verify(@dsa256) })
216
      assert_equal(false, certificate_error_returns_false { cert.verify(@dsa512) })
217
      cert.serial = 2
218
      assert_equal(false, cert.verify(@ec256))
219
    end
220

  
221
  end
222

  
182 223
  def test_dsig_algorithm_mismatch
183 224
    assert_raise(OpenSSL::X509::CertificateError) do
184 225
      issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, [],
test/openssl/test_x509crl.rb (working copy)
8 8
    @rsa2048 = OpenSSL::TestUtils::TEST_KEY_RSA2048
9 9
    @dsa256  = OpenSSL::TestUtils::TEST_KEY_DSA256
10 10
    @dsa512  = OpenSSL::TestUtils::TEST_KEY_DSA512
11

  
12
    if defined?(OpenSSL::PKey::EC)
13
      @ec256 = OpenSSL::TestUtils::TEST_KEY_EC_P256V1
14
    end
15

  
11 16
    @ca = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=CA")
12 17
    @ee1 = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=EE1")
13 18
    @ee2 = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=EE2")
......
206 211
    assert_equal(true,  crl.verify(@dsa512))
207 212
    crl.version = 0
208 213
    assert_equal(false, crl.verify(@dsa512))
214

  
215
    if defined?(OpenSSL::PKey::EC)
216
      cert = issue_cert(@ca, @ec256, 1, Time.now, Time.now+3600, [],
217
                        nil, nil, OpenSSL::TestUtils::DSA_SIGNATURE_DIGEST.new)
218
      crl = issue_crl([], 1, Time.now, Time.now+1600, [],
219
                      cert, @ec256, OpenSSL::TestUtils::DSA_SIGNATURE_DIGEST.new)
220
      assert_equal(false, crl_error_returns_false { crl.verify(@rsa1024) })
221
      assert_equal(false, crl_error_returns_false { crl.verify(@rsa2048) })
222
      assert_equal(true,  crl.verify(@ec256))
223
      crl.version = 0
224
      assert_equal(false, crl.verify(@ec256))
225
    end
209 226
  end
210 227

  
211 228
  private
test/openssl/test_x509req.rb (working copy)
8 8
    @rsa2048 = OpenSSL::TestUtils::TEST_KEY_RSA2048
9 9
    @dsa256  = OpenSSL::TestUtils::TEST_KEY_DSA256
10 10
    @dsa512  = OpenSSL::TestUtils::TEST_KEY_DSA512
11

  
12
    if defined?(OpenSSL::PKey::EC)
13
      @ec256 = OpenSSL::TestUtils::TEST_KEY_EC_P256V1
14
    end
15

  
11 16
    @dn = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=GOTOU Yuuzou")
12 17
  end
13 18

  
......
15 20
    req = OpenSSL::X509::Request.new
16 21
    req.version = ver
17 22
    req.subject = dn
18
    req.public_key = key.public_key
23
    if key.is_a?(OpenSSL::PKey::EC)
24
      req.public_key = key
25
    else
26
      req.public_key = key.public_key
27
    end
19 28
    req.sign(key, digest)
20 29
    req
21 30
  end
......
146 155
      issue_csr(0, @dn, @dsa512, OpenSSL::Digest::MD5.new) }
147 156
  end
148 157

  
158
  if defined?(OpenSSL::PKey::EC)
159

  
160
    def test_sign_and_verify_ec
161
      req = issue_csr(0, @dn, @ec256, OpenSSL::TestUtils::DSA_SIGNATURE_DIGEST.new)
162
      assert_equal(false, request_error_returns_false { req.verify(@rsa1024) })
163
      assert_equal(false, request_error_returns_false { req.verify(@rsa2048) })
164
      assert_equal(true,  req.verify(@ec256))
165
      req.public_key = @rsa1024.public_key
166
      assert_equal(false, req.verify(@ec256))
167
    end
168

  
169
    def test_sign_and_verify_ec_sha2
170
      req = issue_csr(0, @dn, @ec256, OpenSSL::Digest::SHA256.new)
171
      assert_equal(false, request_error_returns_false { req.verify(@rsa1024) })
172
      assert_equal(false, request_error_returns_false { req.verify(@rsa2048) })
173
      assert_equal(true,  req.verify(@ec256))
174
      req.public_key = @rsa1024.public_key
175
      assert_equal(false, req.verify(@ec256))
176
    end
177

  
178
  end
179

  
149 180
  private
150 181

  
151 182
  def request_error_returns_false
test/openssl/utils.rb (working copy)
129 129
    cert.serial = serial
130 130
    cert.subject = dn
131 131
    cert.issuer = issuer.subject
132
    cert.public_key = key.public_key
132
    if key.is_a?(OpenSSL::PKey::EC)
133
      cert.public_key = key
134
    else
135
      cert.public_key = key.public_key
136
    end
133 137
    cert.not_before = not_before
134 138
    cert.not_after = not_after
135 139
    ef = OpenSSL::X509::ExtensionFactory.new