Index: ext/openssl/ossl_pkey_ec.c =================================================================== --- ext/openssl/ossl_pkey_ec.c (revision 47624) +++ ext/openssl/ossl_pkey_ec.c (working copy) @@ -1598,7 +1598,9 @@ rb_define_method(cEC, "public_key", ossl_ec_key_get_public_key, 0); rb_define_method(cEC, "public_key=", ossl_ec_key_set_public_key, 1); rb_define_method(cEC, "private_key?", ossl_ec_key_is_private_key, 0); + rb_define_alias(cEC, "private?", "private_key?"); rb_define_method(cEC, "public_key?", ossl_ec_key_is_public_key, 0); + rb_define_alias(cEC, "public?", "public_key?"); /* rb_define_method(cEC, "", ossl_ec_key_get_, 0); rb_define_method(cEC, "=", ossl_ec_key_set_ 1); set/get enc_flags Index: test/openssl/test_pkey_ec.rb =================================================================== --- test/openssl/test_pkey_ec.rb (revision 47624) +++ test/openssl/test_pkey_ec.rb (working copy) @@ -42,6 +42,8 @@ assert_equal(key.check_key, true) assert_equal(key.private_key?, true) assert_equal(key.public_key?, true) + assert_equal(key.private?, true) + assert_equal(key.public?, true) end end Index: test/openssl/test_x509cert.rb =================================================================== --- test/openssl/test_x509cert.rb (revision 47624) +++ test/openssl/test_x509cert.rb (working copy) @@ -8,6 +8,11 @@ @rsa2048 = OpenSSL::TestUtils::TEST_KEY_RSA2048 @dsa256 = OpenSSL::TestUtils::TEST_KEY_DSA256 @dsa512 = OpenSSL::TestUtils::TEST_KEY_DSA512 + + if defined?(OpenSSL::PKey::EC) + @ec256 = OpenSSL::TestUtils::TEST_KEY_EC_P256V1 + end + @ca = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=CA") @ee1 = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=EE1") @ee2 = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=EE2") @@ -40,16 +45,28 @@ sha1 = OpenSSL::Digest::SHA1.new dsa_digest = OpenSSL::TestUtils::DSA_SIGNATURE_DIGEST.new - [ - [@rsa1024, sha1], [@rsa2048, sha1], [@dsa256, dsa_digest], [@dsa512, dsa_digest] - ].each{|pk, digest| - cert = issue_cert(@ca, pk, 1, Time.now, Time.now+3600, exts, + combinations = [ + [@rsa1024, @rsa1024.public_key, sha1], + [@rsa2048, @rsa2048.public_key, sha1], + [@dsa256, @dsa256.public_key, dsa_digest], + [@dsa512, @dsa512.public_key, dsa_digest] + ] + + if defined?(OpenSSL::PKey::EC) + public_key = OpenSSL::PKey::EC.new(@ec256) + public_key.private_key = nil + combinations << [@ec256, public_key, sha1] + end + + combinations.each{|private_key, public_key, digest| + cert = issue_cert(@ca, private_key, 1, Time.now, Time.now+3600, exts, nil, nil, digest) assert_equal(cert.extensions.sort_by(&:to_s)[2].value, OpenSSL::TestUtils.get_subject_key_id(cert)) cert = OpenSSL::X509::Certificate.new(cert.to_der) assert_equal(cert.extensions.sort_by(&:to_s)[2].value, OpenSSL::TestUtils.get_subject_key_id(cert)) + assert_equal(cert.public_key.to_pem, public_key.to_pem) } end @@ -179,6 +196,30 @@ } end + if defined?(OpenSSL::PKey::EC) + + def test_sign_and_verify_ec_sha1 + cert = issue_cert(@ca, @ec256, 1, Time.now, Time.now+3600, [], + nil, nil, OpenSSL::Digest::SHA1.new) + assert_equal(true, cert.verify(@ec256)) + assert_equal(false, certificate_error_returns_false { cert.verify(@dsa256) }) + assert_equal(false, certificate_error_returns_false { cert.verify(@dsa512) }) + cert.serial = 2 + assert_equal(false, cert.verify(@ec256)) + end + + def test_sign_and_verify_ec_sha2 + cert = issue_cert(@ca, @ec256, 1, Time.now, Time.now+3600, [], + nil, nil, OpenSSL::Digest::SHA256.new) + assert_equal(true, cert.verify(@ec256)) + assert_equal(false, certificate_error_returns_false { cert.verify(@dsa256) }) + assert_equal(false, certificate_error_returns_false { cert.verify(@dsa512) }) + cert.serial = 2 + assert_equal(false, cert.verify(@ec256)) + end + + end + def test_dsig_algorithm_mismatch assert_raise(OpenSSL::X509::CertificateError) do issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, [], Index: test/openssl/test_x509crl.rb =================================================================== --- test/openssl/test_x509crl.rb (revision 47624) +++ test/openssl/test_x509crl.rb (working copy) @@ -8,6 +8,11 @@ @rsa2048 = OpenSSL::TestUtils::TEST_KEY_RSA2048 @dsa256 = OpenSSL::TestUtils::TEST_KEY_DSA256 @dsa512 = OpenSSL::TestUtils::TEST_KEY_DSA512 + + if defined?(OpenSSL::PKey::EC) + @ec256 = OpenSSL::TestUtils::TEST_KEY_EC_P256V1 + end + @ca = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=CA") @ee1 = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=EE1") @ee2 = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=EE2") @@ -206,6 +211,18 @@ assert_equal(true, crl.verify(@dsa512)) crl.version = 0 assert_equal(false, crl.verify(@dsa512)) + + if defined?(OpenSSL::PKey::EC) + cert = issue_cert(@ca, @ec256, 1, Time.now, Time.now+3600, [], + nil, nil, OpenSSL::TestUtils::DSA_SIGNATURE_DIGEST.new) + crl = issue_crl([], 1, Time.now, Time.now+1600, [], + cert, @ec256, OpenSSL::TestUtils::DSA_SIGNATURE_DIGEST.new) + assert_equal(false, crl_error_returns_false { crl.verify(@rsa1024) }) + assert_equal(false, crl_error_returns_false { crl.verify(@rsa2048) }) + assert_equal(true, crl.verify(@ec256)) + crl.version = 0 + assert_equal(false, crl.verify(@ec256)) + end end private Index: test/openssl/test_x509req.rb =================================================================== --- test/openssl/test_x509req.rb (revision 47624) +++ test/openssl/test_x509req.rb (working copy) @@ -8,6 +8,11 @@ @rsa2048 = OpenSSL::TestUtils::TEST_KEY_RSA2048 @dsa256 = OpenSSL::TestUtils::TEST_KEY_DSA256 @dsa512 = OpenSSL::TestUtils::TEST_KEY_DSA512 + + if defined?(OpenSSL::PKey::EC) + @ec256 = OpenSSL::TestUtils::TEST_KEY_EC_P256V1 + end + @dn = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=GOTOU Yuuzou") end @@ -15,7 +20,11 @@ req = OpenSSL::X509::Request.new req.version = ver req.subject = dn - req.public_key = key.public_key + if key.is_a?(OpenSSL::PKey::EC) + req.public_key = key + else + req.public_key = key.public_key + end req.sign(key, digest) req end @@ -146,6 +155,28 @@ issue_csr(0, @dn, @dsa512, OpenSSL::Digest::MD5.new) } end + if defined?(OpenSSL::PKey::EC) + + def test_sign_and_verify_ec + req = issue_csr(0, @dn, @ec256, OpenSSL::TestUtils::DSA_SIGNATURE_DIGEST.new) + assert_equal(false, request_error_returns_false { req.verify(@rsa1024) }) + assert_equal(false, request_error_returns_false { req.verify(@rsa2048) }) + assert_equal(true, req.verify(@ec256)) + req.public_key = @rsa1024.public_key + assert_equal(false, req.verify(@ec256)) + end + + def test_sign_and_verify_ec_sha2 + req = issue_csr(0, @dn, @ec256, OpenSSL::Digest::SHA256.new) + assert_equal(false, request_error_returns_false { req.verify(@rsa1024) }) + assert_equal(false, request_error_returns_false { req.verify(@rsa2048) }) + assert_equal(true, req.verify(@ec256)) + req.public_key = @rsa1024.public_key + assert_equal(false, req.verify(@ec256)) + end + + end + private def request_error_returns_false Index: test/openssl/utils.rb =================================================================== --- test/openssl/utils.rb (revision 47624) +++ test/openssl/utils.rb (working copy) @@ -129,7 +129,11 @@ cert.serial = serial cert.subject = dn cert.issuer = issuer.subject - cert.public_key = key.public_key + if key.is_a?(OpenSSL::PKey::EC) + cert.public_key = key + else + cert.public_key = key.public_key + end cert.not_before = not_before cert.not_after = not_after ef = OpenSSL::X509::ExtensionFactory.new