Skip to content

Commit

Permalink
Fix test_sign_verify.
Browse files Browse the repository at this point in the history 
Note that I created the signature text (`signature_encoded.txt`), that is used
as a text to create the `signature0` in the `test_sign_verify` by the following
steps with the `openssl` CLI on FIPS module.

```
$ OPENSSL_DIR="${HOME}/.local/openssl-3.4.0-dev-fips-debug-3c6e114959"
$ export OPENSSL_CONF="${OPENSSL_DIR}/ssl/openssl_fips.cnf"

$ echo -n "Sign me!" > data.txt
$ "${OPENSSL_DIR}/bin/openssl" dgst -sha256 -sign test/openssl/fixtures/pkey/rsa2048.pem data.txt > signature.txt
$ cat signature.txt | base64 > signature_encoded.txt
```
  • Loading branch information
@junaruga
junaruga committed Aug 8, 2024
1 parent 40b870b commit 0760426
Showing 1 changed file with 13 additions and 8 deletions.
21 changes: 13 additions & 8 deletions test/openssl/test_pkey_rsa.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,19 +84,24 @@ def test_new_break
end

def test_sign_verify
rsa1024 = Fixtures.pkey("rsa1024")
# The ossl_rsa_check_key_size called in ossl_pkey_sign requires more than
# equal 2048 bits on protect = 1 in FIPS.
# https://github.com/openssl/openssl/blob/3c6e11495975a4eda4cc5886080afed6203711ac/providers/common/securitycheck.c#L68-L69
rsa = Fixtures.pkey("rsa2048")
data = "Sign me!"
signature = rsa1024.sign("SHA256", data)
assert_equal true, rsa1024.verify("SHA256", signature, data)
signature = rsa.sign("SHA256", data)
assert_equal true, rsa.verify("SHA256", signature, data)

signature0 = (<<~'end;').unpack1("m")
oLCgbprPvfhM4pjFQiDTFeWI9Sk+Og7Nh9TmIZ/xSxf2CGXQrptlwo7NQ28+
WA6YQo8jPH4hSuyWIM4Gz4qRYiYRkl5TDMUYob94zm8Si1HxEiS9354tzvqS
zS8MLW2BtNPuTubMxTItHGTnOzo9sUg0LAHVFt8kHG2NfKAw/gQ=
ooy49i8aeFtkDYUU0RPDsEugGiNw4lZxpbQPnIwtdftEkka945IqKZ/MY3YSw7wKsvBZeaTy8GqL
lSWLThsRFDV+UUS9zUBbQ9ygNIT8OjdV+tNL63ZpKGprczSnw4F05MQIpajNRud/8jiI9rf+Wysi
WwXecjMl2FlXlLJHY4PFQZU5TiametB4VCQRMcjLo1uf26u/yRpiGaYyqn5vxs0SqNtUDM1UL6x4
NHCAdqLjuFRQPjYp1vGLD3eSl4061pS8x1NVap3YGbYfGUyzZO4VfwFwf1jPdhp/OX/uZw4dGB2H
gSK+q1JiDFwEE6yym5tdKovL1g1NhFYHF6gkZg==
end;
assert_equal true, rsa1024.verify("SHA256", signature0, data)
assert_equal true, rsa.verify("SHA256", signature0, data)
signature1 = signature0.succ
assert_equal false, rsa1024.verify("SHA256", signature1, data)
assert_equal false, rsa.verify("SHA256", signature1, data)
end

def test_sign_verify_options
Expand Down

0 comments on commit 0760426

Please sign in to comment.