tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

rsa_unittest.cc (3146B)

      1 // This Source Code Form is subject to the terms of the Mozilla Public
      2 // License, v. 2.0. If a copy of the MPL was not distributed with this file,
      3 // You can obtain one at http://mozilla.org/MPL/2.0/.
      4 
      5 #include "gtest/gtest.h"
      6 
      7 #include <stdint.h>
      8 #include <memory>
      9 
     10 #include "blapi.h"
     11 #include "secitem.h"
     12 
     13 template <class T>
     14 struct ScopedDelete {
     15  void operator()(T* ptr) {
     16    if (ptr) {
     17      PORT_FreeArena(ptr->arena, PR_TRUE);
     18    }
     19  }
     20 };
     21 
     22 typedef std::unique_ptr<RSAPrivateKey, ScopedDelete<RSAPrivateKey>>
     23    ScopedRSAPrivateKey;
     24 
     25 class RSATest : public ::testing::Test {
     26 protected:
     27  RSAPrivateKey* CreateKeyWithExponent(int keySizeInBits,
     28                                       unsigned char publicExponent) {
     29    SECItem exp = {siBuffer, 0, 0};
     30    unsigned char pubExp[1] = {publicExponent};
     31    exp.data = pubExp;
     32    exp.len = 1;
     33 
     34    return RSA_NewKey(keySizeInBits, &exp);
     35  }
     36 };
     37 
     38 TEST_F(RSATest, expOneTest) {
     39  ScopedRSAPrivateKey key(CreateKeyWithExponent(2048, 0x01));
     40  ASSERT_TRUE(key == nullptr);
     41 }
     42 TEST_F(RSATest, expTwoTest) {
     43  ScopedRSAPrivateKey key(CreateKeyWithExponent(2048, 0x02));
     44  ASSERT_TRUE(key == nullptr);
     45 }
     46 TEST_F(RSATest, expFourTest) {
     47  ScopedRSAPrivateKey key(CreateKeyWithExponent(2048, 0x04));
     48  ASSERT_TRUE(key == nullptr);
     49 }
     50 TEST_F(RSATest, WrongKeysizeTest) {
     51  ScopedRSAPrivateKey key(CreateKeyWithExponent(2047, 0x03));
     52  ASSERT_TRUE(key == nullptr);
     53 }
     54 
     55 TEST_F(RSATest, expThreeTest) {
     56  ScopedRSAPrivateKey key(CreateKeyWithExponent(2048, 0x03));
     57 #ifdef NSS_FIPS_DISABLED
     58  ASSERT_TRUE(key != nullptr);
     59 #else
     60  ASSERT_TRUE(key == nullptr);
     61 #endif
     62 }
     63 
     64 TEST_F(RSATest, DecryptBlockTestErrors) {
     65  unsigned char pubExp[3] = {0x01, 0x00, 0x01};
     66  SECItem exp = {siBuffer, pubExp, 3};
     67  ScopedRSAPrivateKey key(RSA_NewKey(2048, &exp));
     68  ASSERT_TRUE(key);
     69  uint8_t out[10] = {0};
     70  uint8_t in_small[100] = {0};
     71  unsigned int outputLen = 0;
     72  unsigned int maxOutputLen = sizeof(out);
     73 
     74  // This should fail because input the same size as the modulus (256).
     75  SECStatus rv = RSA_DecryptBlock(key.get(), out, &outputLen, maxOutputLen,
     76                                  in_small, sizeof(in_small));
     77  EXPECT_EQ(SECFailure, rv);
     78 
     79  uint8_t in[256] = {0};
     80  // This should fail because the padding checks will fail,
     81  // however, mitigations for Bleichenbacher attacks transform failures
     82  // to a different output.
     83  rv = RSA_DecryptBlock(key.get(), out, &outputLen, maxOutputLen, in,
     84                        sizeof(in));
     85  EXPECT_EQ(SECSuccess, rv);
     86  // outputLen should <= 256-11=245.
     87  EXPECT_LE(outputLen, 245u);
     88 
     89  // This should fail because the padding checks will fail,
     90  // however, mitigations for Bleichenbacher attacks transform failures
     91  // to a different output.
     92  uint8_t out_long[260] = {0};
     93  maxOutputLen = sizeof(out_long);
     94  rv = RSA_DecryptBlock(key.get(), out_long, &outputLen, maxOutputLen, in,
     95                        sizeof(in));
     96  EXPECT_EQ(SECSuccess, rv);
     97  // outputLen should <= 256-11=245.
     98  EXPECT_LE(outputLen, 245u);
     99  // Everything over 256 must be 0 in the output.
    100  uint8_t out_long_test[4] = {0};
    101  EXPECT_EQ(0, memcmp(out_long_test, &out_long[256], 4));
    102 }