xref: /aosp_15_r20/external/tink/go/internal/signature/rsa_test.go (revision e7b1675dde1b92d52ec075b0a92829627f2c52a5) 
1// Copyright 2022 Google LLC
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//      http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14//
15////////////////////////////////////////////////////////////////////////////////
16
17package signature_test
18
19import (
20	"crypto/rand"
21	"crypto/rsa"
22	"math/big"
23	"testing"
24
25	internal "github.com/google/tink/go/internal/signature"
26)
27
28func TestValidatePublicExponent(t *testing.T) {
29	if err := internal.RSAValidPublicExponent(65537); err != nil {
30		t.Errorf("ValidPublicExponent(65537) err = %v, want nil", err)
31	}
32}
33
34func TestValidateInvalidPublicExponentFails(t *testing.T) {
35	if err := internal.RSAValidPublicExponent(3); err == nil {
36		t.Errorf("ValidPublicExponent(3) err = nil, want error")
37	}
38}
39
40func TestValidateModulusSizeInBits(t *testing.T) {
41	if err := internal.RSAValidModulusSizeInBits(2048); err != nil {
42		t.Errorf("ValidModulusSizeInBits(2048) err = %v, want nil", err)
43	}
44}
45
46func TestValidateInvalidModulusSizeInBitsFails(t *testing.T) {
47	if err := internal.RSAValidModulusSizeInBits(1024); err == nil {
48		t.Errorf("ValidModulusSizeInBits(1024) err = nil, want error")
49	}
50}
51
52func TestHashSafeForSignature(t *testing.T) {
53	for _, h := range []string{
54		"SHA256",
55		"SHA384",
56		"SHA512",
57	} {
58		t.Run(h, func(t *testing.T) {
59			if err := internal.HashSafeForSignature(h); err != nil {
60				t.Errorf("HashSafeForSignature(%q)  err = %v, want nil", h, err)
61			}
62		})
63	}
64}
65
66func TestHashNotSafeForSignatureFails(t *testing.T) {
67	for _, h := range []string{
68		"SHA1",
69		"SHA224",
70		"MD5",
71	} {
72		t.Run(h, func(t *testing.T) {
73			if err := internal.HashSafeForSignature(h); err == nil {
74				t.Errorf("HashSafeForSignature(%q)  err = nil, want error", h)
75			}
76		})
77	}
78}
79
80func TestRSAKeySelfTestWithCorruptedKeysFails(t *testing.T) {
81	validPrivKey, err := rsa.GenerateKey(rand.Reader, 3072)
82	if err != nil {
83		t.Fatalf("rsa.GenerateKey(rand.Reader, 3072) err = %v, want nil", err)
84	}
85	if err := internal.Validate_RSA_SSA_PKCS1("SHA256", validPrivKey); err != nil {
86		t.Errorf("internal.Validate_RSA_SSA_PKCS1('SHA256', validPrivKey) err = %v, want nil", err)
87	}
88	saltLen := 0
89	if err := internal.Validate_RSA_SSA_PSS("SHA256", saltLen, validPrivKey); err != nil {
90		t.Errorf("internal.Validate_RSA_SSA_PSS('SHA256', saltLen, validPrivKey) err = %v, want nil", err)
91	}
92	type testCase struct {
93		tag  string
94		key  *rsa.PrivateKey
95		hash string
96	}
97	for _, tc := range []testCase{
98		{
99			tag: "modify public modulus",
100			key: &rsa.PrivateKey{
101				D:           validPrivKey.D,
102				Primes:      validPrivKey.Primes,
103				Precomputed: validPrivKey.Precomputed,
104				PublicKey: rsa.PublicKey{
105					N: validPrivKey.N.Add(validPrivKey.N, big.NewInt(500)),
106					E: validPrivKey.E,
107				},
108			},
109		},
110		{
111			tag: "modify public exponent",
112			key: &rsa.PrivateKey{
113				D:           validPrivKey.D,
114				Primes:      validPrivKey.Primes,
115				Precomputed: validPrivKey.Precomputed,
116				PublicKey: rsa.PublicKey{
117					N: validPrivKey.N,
118					E: validPrivKey.E + 5,
119				},
120			},
121		},
122		{
123			tag: "one byte shift in Q",
124			key: &rsa.PrivateKey{
125				PublicKey:   validPrivKey.PublicKey,
126				D:           validPrivKey.D,
127				Precomputed: validPrivKey.Precomputed,
128				Primes: []*big.Int{
129					func() *big.Int {
130						p := validPrivKey.Primes[0].Bytes()
131						p[4] = byte(uint8(p[4] + 1))
132						return new(big.Int).SetBytes(p)
133					}(),
134					validPrivKey.Primes[1],
135				},
136			},
137			hash: "SHA256",
138		},
139		{
140			tag: "removing one byte from P",
141			key: &rsa.PrivateKey{
142				PublicKey:   validPrivKey.PublicKey,
143				D:           validPrivKey.D,
144				Precomputed: validPrivKey.Precomputed,
145				Primes: []*big.Int{
146					validPrivKey.Primes[0],
147					func() *big.Int {
148						p := validPrivKey.Primes[1].Bytes()
149						return new(big.Int).SetBytes(p[:len(p)-2])
150					}(),
151				},
152			},
153			hash: "SHA256",
154		},
155	} {
156		t.Run(tc.tag, func(t *testing.T) {
157			if err := internal.Validate_RSA_SSA_PKCS1(tc.hash, tc.key); err == nil {
158				t.Errorf("internal.Validate_RSA_SSA_PKCS1(hash = %q, key) err = nil, want error", tc.hash)
159			}
160			if err := internal.Validate_RSA_SSA_PSS(tc.hash, saltLen, tc.key); err == nil {
161				t.Errorf("internal.Validate_RSA_SSA_PSS(hash = %d saltLen = %q, key) err = nil, want error", saltLen, tc.hash)
162			}
163		})
164	}
165}
166