102 lines
3.1 KiB
C++
102 lines
3.1 KiB
C++
// This Source Code Form is subject to the terms of the Mozilla Public
|
|
// License, v. 2.0. If a copy of the MPL was not distributed with this file,
|
|
// You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
|
|
#include "gtest/gtest.h"
|
|
|
|
#include <stdint.h>
|
|
#include <memory>
|
|
|
|
#include "blapi.h"
|
|
#include "secitem.h"
|
|
|
|
template <class T>
|
|
struct ScopedDelete {
|
|
void operator()(T* ptr) {
|
|
if (ptr) {
|
|
PORT_FreeArena(ptr->arena, PR_TRUE);
|
|
}
|
|
}
|
|
};
|
|
|
|
typedef std::unique_ptr<RSAPrivateKey, ScopedDelete<RSAPrivateKey>>
|
|
ScopedRSAPrivateKey;
|
|
|
|
class RSATest : public ::testing::Test {
|
|
protected:
|
|
RSAPrivateKey* CreateKeyWithExponent(int keySizeInBits,
|
|
unsigned char publicExponent) {
|
|
SECItem exp = {siBuffer, 0, 0};
|
|
unsigned char pubExp[1] = {publicExponent};
|
|
exp.data = pubExp;
|
|
exp.len = 1;
|
|
|
|
return RSA_NewKey(keySizeInBits, &exp);
|
|
}
|
|
};
|
|
|
|
TEST_F(RSATest, expOneTest) {
|
|
ScopedRSAPrivateKey key(CreateKeyWithExponent(2048, 0x01));
|
|
ASSERT_TRUE(key == nullptr);
|
|
}
|
|
TEST_F(RSATest, expTwoTest) {
|
|
ScopedRSAPrivateKey key(CreateKeyWithExponent(2048, 0x02));
|
|
ASSERT_TRUE(key == nullptr);
|
|
}
|
|
TEST_F(RSATest, expFourTest) {
|
|
ScopedRSAPrivateKey key(CreateKeyWithExponent(2048, 0x04));
|
|
ASSERT_TRUE(key == nullptr);
|
|
}
|
|
TEST_F(RSATest, WrongKeysizeTest) {
|
|
ScopedRSAPrivateKey key(CreateKeyWithExponent(2047, 0x03));
|
|
ASSERT_TRUE(key == nullptr);
|
|
}
|
|
|
|
TEST_F(RSATest, expThreeTest) {
|
|
ScopedRSAPrivateKey key(CreateKeyWithExponent(2048, 0x03));
|
|
#ifdef NSS_FIPS_DISABLED
|
|
ASSERT_TRUE(key != nullptr);
|
|
#else
|
|
ASSERT_TRUE(key == nullptr);
|
|
#endif
|
|
}
|
|
|
|
TEST_F(RSATest, DecryptBlockTestErrors) {
|
|
unsigned char pubExp[3] = {0x01, 0x00, 0x01};
|
|
SECItem exp = {siBuffer, pubExp, 3};
|
|
ScopedRSAPrivateKey key(RSA_NewKey(2048, &exp));
|
|
ASSERT_TRUE(key);
|
|
uint8_t out[10] = {0};
|
|
uint8_t in_small[100] = {0};
|
|
unsigned int outputLen = 0;
|
|
unsigned int maxOutputLen = sizeof(out);
|
|
|
|
// This should fail because input the same size as the modulus (256).
|
|
SECStatus rv = RSA_DecryptBlock(key.get(), out, &outputLen, maxOutputLen,
|
|
in_small, sizeof(in_small));
|
|
EXPECT_EQ(SECFailure, rv);
|
|
|
|
uint8_t in[256] = {0};
|
|
// This should fail because the padding checks will fail,
|
|
// however, mitigations for Bleichenbacher attacks transform failures
|
|
// to a different output.
|
|
rv = RSA_DecryptBlock(key.get(), out, &outputLen, maxOutputLen, in,
|
|
sizeof(in));
|
|
EXPECT_EQ(SECSuccess, rv);
|
|
// outputLen should <= 256-11=245.
|
|
EXPECT_LE(outputLen, 245u);
|
|
|
|
// This should fail because the padding checks will fail,
|
|
// however, mitigations for Bleichenbacher attacks transform failures
|
|
// to a different output.
|
|
uint8_t out_long[260] = {0};
|
|
maxOutputLen = sizeof(out_long);
|
|
rv = RSA_DecryptBlock(key.get(), out_long, &outputLen, maxOutputLen, in,
|
|
sizeof(in));
|
|
EXPECT_EQ(SECSuccess, rv);
|
|
// outputLen should <= 256-11=245.
|
|
EXPECT_LE(outputLen, 245u);
|
|
// Everything over 256 must be 0 in the output.
|
|
uint8_t out_long_test[4] = {0};
|
|
EXPECT_EQ(0, memcmp(out_long_test, &out_long[256], 4));
|
|
}
|