[ruby/openssl] pkey: allow setting algorithm-specific options in #sign and #verify

Similarly to OpenSSL::PKey.generate_key and .generate_parameters, let OpenSSL::PKey::PKey#sign and #verify take an optional parameter for specifying control strings for EVP_PKEY_CTX_ctrl_str(). https://github.com/ruby/openssl/commit/faf85d7c1d
author: Kazuki Yamaguchi <[email protected]> 2020-07-18 20:40:39 +0900
committer: Kazuki Yamaguchi <[email protected]> 2021-07-18 17:44:46 +0900
commit: 8cfe92b8a249465457ebef1d49b9e14a9fdaaddd (patch)
tree: 612f89dd1a5aeccb0e92793d89be6dbfd551b95c /test
parent: e2014d03542b7d1a9d4a624f82fb94c9a8119fdb (diff)
1 files changed, 14 insertions, 20 deletions
diff --git a/test/openssl/test_pkey_rsa.rb b/test/openssl/test_pkey_rsa.rb
index 88164c3b52..d1e68dbc9f 100644
--- a/test/openssl/test_pkey_rsa.rb
+++ b/test/openssl/test_pkey_rsa.rb
@@ -117,27 +117,21 @@ class OpenSSL::TestPKeyRSA < OpenSSL::PKeyTestCase
     assert_equal false, rsa1024.verify("SHA256", signature1, data)
   end
 
-  def test_digest_state_irrelevant_sign
+  def test_sign_verify_options
     key = Fixtures.pkey("rsa1024")
-    digest1 = OpenSSL::Digest.new('SHA1')
-    digest2 = OpenSSL::Digest.new('SHA1')
-    data = 'Sign me!'
-    digest1 << 'Change state of digest1'
-    sig1 = key.sign(digest1, data)
-    sig2 = key.sign(digest2, data)
-    assert_equal(sig1, sig2)
-  end
-
-  def test_digest_state_irrelevant_verify
-    key = Fixtures.pkey("rsa1024")
-    digest1 = OpenSSL::Digest.new('SHA1')
-    digest2 = OpenSSL::Digest.new('SHA1')
-    data = 'Sign me!'
-    sig = key.sign(digest1, data)
-    digest1.reset
-    digest1 << 'Change state of digest1'
-    assert(key.verify(digest1, sig, data))
-    assert(key.verify(digest2, sig, data))
+    data = "Sign me!"
+    pssopts = {
+      "rsa_padding_mode" => "pss",
+      "rsa_pss_saltlen" => 20,
+      "rsa_mgf1_md" => "SHA1"
+    }
+    sig_pss = key.sign("SHA256", data, pssopts)
+    assert_equal 128, sig_pss.bytesize
+    assert_equal true, key.verify("SHA256", sig_pss, data, pssopts)
+    assert_equal true, key.verify_pss("SHA256", sig_pss, data,
+                                      salt_length: 20, mgf1_hash: "SHA1")
+    # Defaults to PKCS #1 v1.5 padding => verification failure
+    assert_equal false, key.verify("SHA256", sig_pss, data)
   end
 
   def test_verify_empty_rsa
author	Kazuki Yamaguchi <[email protected]>	2020-07-18 20:40:39 +0900
committer	Kazuki Yamaguchi <[email protected]>	2021-07-18 17:44:46 +0900
commit	8cfe92b8a249465457ebef1d49b9e14a9fdaaddd (patch)
tree	612f89dd1a5aeccb0e92793d89be6dbfd551b95c /test
parent	e2014d03542b7d1a9d4a624f82fb94c9a8119fdb (diff)