rsa_unittest.cc - mozsearch

Enable keyboard shortcuts

// This Source Code Form is subject to the terms of the Mozilla Public

// License, v. 2.0. If a copy of the MPL was not distributed with this file,

// You can obtain one at http://mozilla.org/MPL/2.0/.

#include "gtest/gtest.h"

#include <stdint.h>

#include <memory>

#include "blapi.h"

#include "secitem.h"

template <class T>

struct ScopedDelete {

  void operator()(T* ptr) {

    if (ptr) {

      PORT_FreeArena(ptr->arena, PR_TRUE);

};

typedef std::unique_ptr<RSAPrivateKey, ScopedDelete<RSAPrivateKey>>

    ScopedRSAPrivateKey;

class RSATest : public ::testing::Test {

 protected:

  RSAPrivateKey* CreateKeyWithExponent(int keySizeInBits,

                                       unsigned char publicExponent) {

    SECItem exp = {siBuffer, 0, 0};

    unsigned char pubExp[1] = {publicExponent};

    exp.data = pubExp;

    exp.len = 1;

    return RSA_NewKey(keySizeInBits, &exp);

};

TEST_F(RSATest, expOneTest) {

  ScopedRSAPrivateKey key(CreateKeyWithExponent(2048, 0x01));

  ASSERT_TRUE(key == nullptr);

TEST_F(RSATest, expTwoTest) {

  ScopedRSAPrivateKey key(CreateKeyWithExponent(2048, 0x02));

  ASSERT_TRUE(key == nullptr);

TEST_F(RSATest, expFourTest) {

  ScopedRSAPrivateKey key(CreateKeyWithExponent(2048, 0x04));

  ASSERT_TRUE(key == nullptr);

TEST_F(RSATest, WrongKeysizeTest) {

  ScopedRSAPrivateKey key(CreateKeyWithExponent(2047, 0x03));

  ASSERT_TRUE(key == nullptr);

TEST_F(RSATest, expThreeTest) {

  ScopedRSAPrivateKey key(CreateKeyWithExponent(2048, 0x03));

#ifdef NSS_FIPS_DISABLED

  ASSERT_TRUE(key != nullptr);

#else

  ASSERT_TRUE(key == nullptr);

#endif

TEST_F(RSATest, DecryptBlockTestErrors) {

  unsigned char pubExp[3] = {0x01, 0x00, 0x01};

  SECItem exp = {siBuffer, pubExp, 3};

  ScopedRSAPrivateKey key(RSA_NewKey(2048, &exp));

  ASSERT_TRUE(key);

  uint8_t out[10] = {0};

  uint8_t in_small[100] = {0};

  unsigned int outputLen = 0;

  unsigned int maxOutputLen = sizeof(out);

  // This should fail because input the same size as the modulus (256).

  SECStatus rv = RSA_DecryptBlock(key.get(), out, &outputLen, maxOutputLen,

                                  in_small, sizeof(in_small));

  EXPECT_EQ(SECFailure, rv);

  uint8_t in[256] = {0};

  // This should fail because the padding checks will fail,

  // however, mitigations for Bleichenbacher attacks transform failures

  // to a different output.

  rv = RSA_DecryptBlock(key.get(), out, &outputLen, maxOutputLen, in,

                        sizeof(in));

  EXPECT_EQ(SECSuccess, rv);

  // outputLen should <= 256-11=245.

  EXPECT_LE(outputLen, 245u);

  // This should fail because the padding checks will fail,

  // however, mitigations for Bleichenbacher attacks transform failures

  // to a different output.

  uint8_t out_long[260] = {0};

  maxOutputLen = sizeof(out_long);

  rv = RSA_DecryptBlock(key.get(), out_long, &outputLen, maxOutputLen, in,

                        sizeof(in));

  EXPECT_EQ(SECSuccess, rv);

  // outputLen should <= 256-11=245.

  EXPECT_LE(outputLen, 245u);

  // Everything over 256 must be 0 in the output.

  uint8_t out_long_test[4] = {0};

  EXPECT_EQ(0, memcmp(out_long_test, &out_long[256], 4));