summaryrefslogtreecommitdiffstats
path: root/security/nss/gtests/freebl_gtest/rsa_unittest.cc
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 09:22:09 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 09:22:09 +0000
commit43a97878ce14b72f0981164f87f2e35e14151312 (patch)
tree620249daf56c0258faa40cbdcf9cfba06de2a846 /security/nss/gtests/freebl_gtest/rsa_unittest.cc
parentInitial commit. (diff)
downloadfirefox-43a97878ce14b72f0981164f87f2e35e14151312.tar.xz
firefox-43a97878ce14b72f0981164f87f2e35e14151312.zip
Adding upstream version 110.0.1.upstream/110.0.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'security/nss/gtests/freebl_gtest/rsa_unittest.cc')
-rw-r--r--security/nss/gtests/freebl_gtest/rsa_unittest.cc102
1 files changed, 102 insertions, 0 deletions
diff --git a/security/nss/gtests/freebl_gtest/rsa_unittest.cc b/security/nss/gtests/freebl_gtest/rsa_unittest.cc
new file mode 100644
index 0000000000..a896a38d46
--- /dev/null
+++ b/security/nss/gtests/freebl_gtest/rsa_unittest.cc
@@ -0,0 +1,102 @@
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this file,
+// You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#include "gtest/gtest.h"
+
+#include <stdint.h>
+#include <memory>
+
+#include "blapi.h"
+#include "secitem.h"
+
+template <class T>
+struct ScopedDelete {
+ void operator()(T* ptr) {
+ if (ptr) {
+ PORT_FreeArena(ptr->arena, PR_TRUE);
+ }
+ }
+};
+
+typedef std::unique_ptr<RSAPrivateKey, ScopedDelete<RSAPrivateKey>>
+ ScopedRSAPrivateKey;
+
+class RSATest : public ::testing::Test {
+ protected:
+ RSAPrivateKey* CreateKeyWithExponent(int keySizeInBits,
+ unsigned char publicExponent) {
+ SECItem exp = {siBuffer, 0, 0};
+ unsigned char pubExp[1] = {publicExponent};
+ exp.data = pubExp;
+ exp.len = 1;
+
+ return RSA_NewKey(keySizeInBits, &exp);
+ }
+};
+
+TEST_F(RSATest, expOneTest) {
+ ScopedRSAPrivateKey key(CreateKeyWithExponent(2048, 0x01));
+ ASSERT_TRUE(key == nullptr);
+}
+TEST_F(RSATest, expTwoTest) {
+ ScopedRSAPrivateKey key(CreateKeyWithExponent(2048, 0x02));
+ ASSERT_TRUE(key == nullptr);
+}
+TEST_F(RSATest, expFourTest) {
+ ScopedRSAPrivateKey key(CreateKeyWithExponent(2048, 0x04));
+ ASSERT_TRUE(key == nullptr);
+}
+TEST_F(RSATest, WrongKeysizeTest) {
+ ScopedRSAPrivateKey key(CreateKeyWithExponent(2047, 0x03));
+ ASSERT_TRUE(key == nullptr);
+}
+
+TEST_F(RSATest, expThreeTest) {
+ ScopedRSAPrivateKey key(CreateKeyWithExponent(2048, 0x03));
+#ifdef NSS_FIPS_DISABLED
+ ASSERT_TRUE(key != nullptr);
+#else
+ ASSERT_TRUE(key == nullptr);
+#endif
+}
+
+TEST_F(RSATest, DecryptBlockTestErrors) {
+ unsigned char pubExp[3] = {0x01, 0x00, 0x01};
+ SECItem exp = {siBuffer, pubExp, 3};
+ ScopedRSAPrivateKey key(RSA_NewKey(2048, &exp));
+ ASSERT_TRUE(key);
+ uint8_t out[10] = {0};
+ uint8_t in_small[100] = {0};
+ unsigned int outputLen = 0;
+ unsigned int maxOutputLen = sizeof(out);
+
+ // This should fail because input the same size as the modulus (256).
+ SECStatus rv = RSA_DecryptBlock(key.get(), out, &outputLen, maxOutputLen,
+ in_small, sizeof(in_small));
+ EXPECT_EQ(SECFailure, rv);
+
+ uint8_t in[256] = {0};
+ // This should fail because the padding checks will fail,
+ // however, mitigations for Bleichenbacher attacks transform failures
+ // to a different output.
+ rv = RSA_DecryptBlock(key.get(), out, &outputLen, maxOutputLen, in,
+ sizeof(in));
+ EXPECT_EQ(SECSuccess, rv);
+ // outputLen should <= 256-11=245.
+ EXPECT_LE(outputLen, 245u);
+
+ // This should fail because the padding checks will fail,
+ // however, mitigations for Bleichenbacher attacks transform failures
+ // to a different output.
+ uint8_t out_long[260] = {0};
+ maxOutputLen = sizeof(out_long);
+ rv = RSA_DecryptBlock(key.get(), out_long, &outputLen, maxOutputLen, in,
+ sizeof(in));
+ EXPECT_EQ(SECSuccess, rv);
+ // outputLen should <= 256-11=245.
+ EXPECT_LE(outputLen, 245u);
+ // Everything over 256 must be 0 in the output.
+ uint8_t out_long_test[4] = {0};
+ EXPECT_EQ(0, memcmp(out_long_test, &out_long[256], 4));
+}