1*e7b1675dSTing-Kang Chang// Copyright 2022 Google LLC 2*e7b1675dSTing-Kang Chang// 3*e7b1675dSTing-Kang Chang// Licensed under the Apache License, Version 2.0 (the "License"); 4*e7b1675dSTing-Kang Chang// you may not use this file except in compliance with the License. 5*e7b1675dSTing-Kang Chang// You may obtain a copy of the License at 6*e7b1675dSTing-Kang Chang// 7*e7b1675dSTing-Kang Chang// http://www.apache.org/licenses/LICENSE-2.0 8*e7b1675dSTing-Kang Chang// 9*e7b1675dSTing-Kang Chang// Unless required by applicable law or agreed to in writing, software 10*e7b1675dSTing-Kang Chang// distributed under the License is distributed on an "AS IS" BASIS, 11*e7b1675dSTing-Kang Chang// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12*e7b1675dSTing-Kang Chang// See the License for the specific language governing permissions and 13*e7b1675dSTing-Kang Chang// limitations under the License. 14*e7b1675dSTing-Kang Chang// 15*e7b1675dSTing-Kang Chang//////////////////////////////////////////////////////////////////////////////// 16*e7b1675dSTing-Kang Chang 17*e7b1675dSTing-Kang Changpackage signature_test 18*e7b1675dSTing-Kang Chang 19*e7b1675dSTing-Kang Changimport ( 20*e7b1675dSTing-Kang Chang "crypto/rand" 21*e7b1675dSTing-Kang Chang "crypto/rsa" 22*e7b1675dSTing-Kang Chang "math/big" 23*e7b1675dSTing-Kang Chang "testing" 24*e7b1675dSTing-Kang Chang 25*e7b1675dSTing-Kang Chang internal "github.com/google/tink/go/internal/signature" 26*e7b1675dSTing-Kang Chang) 27*e7b1675dSTing-Kang Chang 28*e7b1675dSTing-Kang Changfunc TestValidatePublicExponent(t *testing.T) { 29*e7b1675dSTing-Kang Chang if err := internal.RSAValidPublicExponent(65537); err != nil { 30*e7b1675dSTing-Kang Chang t.Errorf("ValidPublicExponent(65537) err = %v, want nil", err) 31*e7b1675dSTing-Kang Chang } 32*e7b1675dSTing-Kang Chang} 33*e7b1675dSTing-Kang Chang 34*e7b1675dSTing-Kang Changfunc TestValidateInvalidPublicExponentFails(t *testing.T) { 35*e7b1675dSTing-Kang Chang if err := internal.RSAValidPublicExponent(3); err == nil { 36*e7b1675dSTing-Kang Chang t.Errorf("ValidPublicExponent(3) err = nil, want error") 37*e7b1675dSTing-Kang Chang } 38*e7b1675dSTing-Kang Chang} 39*e7b1675dSTing-Kang Chang 40*e7b1675dSTing-Kang Changfunc TestValidateModulusSizeInBits(t *testing.T) { 41*e7b1675dSTing-Kang Chang if err := internal.RSAValidModulusSizeInBits(2048); err != nil { 42*e7b1675dSTing-Kang Chang t.Errorf("ValidModulusSizeInBits(2048) err = %v, want nil", err) 43*e7b1675dSTing-Kang Chang } 44*e7b1675dSTing-Kang Chang} 45*e7b1675dSTing-Kang Chang 46*e7b1675dSTing-Kang Changfunc TestValidateInvalidModulusSizeInBitsFails(t *testing.T) { 47*e7b1675dSTing-Kang Chang if err := internal.RSAValidModulusSizeInBits(1024); err == nil { 48*e7b1675dSTing-Kang Chang t.Errorf("ValidModulusSizeInBits(1024) err = nil, want error") 49*e7b1675dSTing-Kang Chang } 50*e7b1675dSTing-Kang Chang} 51*e7b1675dSTing-Kang Chang 52*e7b1675dSTing-Kang Changfunc TestHashSafeForSignature(t *testing.T) { 53*e7b1675dSTing-Kang Chang for _, h := range []string{ 54*e7b1675dSTing-Kang Chang "SHA256", 55*e7b1675dSTing-Kang Chang "SHA384", 56*e7b1675dSTing-Kang Chang "SHA512", 57*e7b1675dSTing-Kang Chang } { 58*e7b1675dSTing-Kang Chang t.Run(h, func(t *testing.T) { 59*e7b1675dSTing-Kang Chang if err := internal.HashSafeForSignature(h); err != nil { 60*e7b1675dSTing-Kang Chang t.Errorf("HashSafeForSignature(%q) err = %v, want nil", h, err) 61*e7b1675dSTing-Kang Chang } 62*e7b1675dSTing-Kang Chang }) 63*e7b1675dSTing-Kang Chang } 64*e7b1675dSTing-Kang Chang} 65*e7b1675dSTing-Kang Chang 66*e7b1675dSTing-Kang Changfunc TestHashNotSafeForSignatureFails(t *testing.T) { 67*e7b1675dSTing-Kang Chang for _, h := range []string{ 68*e7b1675dSTing-Kang Chang "SHA1", 69*e7b1675dSTing-Kang Chang "SHA224", 70*e7b1675dSTing-Kang Chang "MD5", 71*e7b1675dSTing-Kang Chang } { 72*e7b1675dSTing-Kang Chang t.Run(h, func(t *testing.T) { 73*e7b1675dSTing-Kang Chang if err := internal.HashSafeForSignature(h); err == nil { 74*e7b1675dSTing-Kang Chang t.Errorf("HashSafeForSignature(%q) err = nil, want error", h) 75*e7b1675dSTing-Kang Chang } 76*e7b1675dSTing-Kang Chang }) 77*e7b1675dSTing-Kang Chang } 78*e7b1675dSTing-Kang Chang} 79*e7b1675dSTing-Kang Chang 80*e7b1675dSTing-Kang Changfunc TestRSAKeySelfTestWithCorruptedKeysFails(t *testing.T) { 81*e7b1675dSTing-Kang Chang validPrivKey, err := rsa.GenerateKey(rand.Reader, 3072) 82*e7b1675dSTing-Kang Chang if err != nil { 83*e7b1675dSTing-Kang Chang t.Fatalf("rsa.GenerateKey(rand.Reader, 3072) err = %v, want nil", err) 84*e7b1675dSTing-Kang Chang } 85*e7b1675dSTing-Kang Chang if err := internal.Validate_RSA_SSA_PKCS1("SHA256", validPrivKey); err != nil { 86*e7b1675dSTing-Kang Chang t.Errorf("internal.Validate_RSA_SSA_PKCS1('SHA256', validPrivKey) err = %v, want nil", err) 87*e7b1675dSTing-Kang Chang } 88*e7b1675dSTing-Kang Chang saltLen := 0 89*e7b1675dSTing-Kang Chang if err := internal.Validate_RSA_SSA_PSS("SHA256", saltLen, validPrivKey); err != nil { 90*e7b1675dSTing-Kang Chang t.Errorf("internal.Validate_RSA_SSA_PSS('SHA256', saltLen, validPrivKey) err = %v, want nil", err) 91*e7b1675dSTing-Kang Chang } 92*e7b1675dSTing-Kang Chang type testCase struct { 93*e7b1675dSTing-Kang Chang tag string 94*e7b1675dSTing-Kang Chang key *rsa.PrivateKey 95*e7b1675dSTing-Kang Chang hash string 96*e7b1675dSTing-Kang Chang } 97*e7b1675dSTing-Kang Chang for _, tc := range []testCase{ 98*e7b1675dSTing-Kang Chang { 99*e7b1675dSTing-Kang Chang tag: "modify public modulus", 100*e7b1675dSTing-Kang Chang key: &rsa.PrivateKey{ 101*e7b1675dSTing-Kang Chang D: validPrivKey.D, 102*e7b1675dSTing-Kang Chang Primes: validPrivKey.Primes, 103*e7b1675dSTing-Kang Chang Precomputed: validPrivKey.Precomputed, 104*e7b1675dSTing-Kang Chang PublicKey: rsa.PublicKey{ 105*e7b1675dSTing-Kang Chang N: validPrivKey.N.Add(validPrivKey.N, big.NewInt(500)), 106*e7b1675dSTing-Kang Chang E: validPrivKey.E, 107*e7b1675dSTing-Kang Chang }, 108*e7b1675dSTing-Kang Chang }, 109*e7b1675dSTing-Kang Chang }, 110*e7b1675dSTing-Kang Chang { 111*e7b1675dSTing-Kang Chang tag: "modify public exponent", 112*e7b1675dSTing-Kang Chang key: &rsa.PrivateKey{ 113*e7b1675dSTing-Kang Chang D: validPrivKey.D, 114*e7b1675dSTing-Kang Chang Primes: validPrivKey.Primes, 115*e7b1675dSTing-Kang Chang Precomputed: validPrivKey.Precomputed, 116*e7b1675dSTing-Kang Chang PublicKey: rsa.PublicKey{ 117*e7b1675dSTing-Kang Chang N: validPrivKey.N, 118*e7b1675dSTing-Kang Chang E: validPrivKey.E + 5, 119*e7b1675dSTing-Kang Chang }, 120*e7b1675dSTing-Kang Chang }, 121*e7b1675dSTing-Kang Chang }, 122*e7b1675dSTing-Kang Chang { 123*e7b1675dSTing-Kang Chang tag: "one byte shift in Q", 124*e7b1675dSTing-Kang Chang key: &rsa.PrivateKey{ 125*e7b1675dSTing-Kang Chang PublicKey: validPrivKey.PublicKey, 126*e7b1675dSTing-Kang Chang D: validPrivKey.D, 127*e7b1675dSTing-Kang Chang Precomputed: validPrivKey.Precomputed, 128*e7b1675dSTing-Kang Chang Primes: []*big.Int{ 129*e7b1675dSTing-Kang Chang func() *big.Int { 130*e7b1675dSTing-Kang Chang p := validPrivKey.Primes[0].Bytes() 131*e7b1675dSTing-Kang Chang p[4] = byte(uint8(p[4] + 1)) 132*e7b1675dSTing-Kang Chang return new(big.Int).SetBytes(p) 133*e7b1675dSTing-Kang Chang }(), 134*e7b1675dSTing-Kang Chang validPrivKey.Primes[1], 135*e7b1675dSTing-Kang Chang }, 136*e7b1675dSTing-Kang Chang }, 137*e7b1675dSTing-Kang Chang hash: "SHA256", 138*e7b1675dSTing-Kang Chang }, 139*e7b1675dSTing-Kang Chang { 140*e7b1675dSTing-Kang Chang tag: "removing one byte from P", 141*e7b1675dSTing-Kang Chang key: &rsa.PrivateKey{ 142*e7b1675dSTing-Kang Chang PublicKey: validPrivKey.PublicKey, 143*e7b1675dSTing-Kang Chang D: validPrivKey.D, 144*e7b1675dSTing-Kang Chang Precomputed: validPrivKey.Precomputed, 145*e7b1675dSTing-Kang Chang Primes: []*big.Int{ 146*e7b1675dSTing-Kang Chang validPrivKey.Primes[0], 147*e7b1675dSTing-Kang Chang func() *big.Int { 148*e7b1675dSTing-Kang Chang p := validPrivKey.Primes[1].Bytes() 149*e7b1675dSTing-Kang Chang return new(big.Int).SetBytes(p[:len(p)-2]) 150*e7b1675dSTing-Kang Chang }(), 151*e7b1675dSTing-Kang Chang }, 152*e7b1675dSTing-Kang Chang }, 153*e7b1675dSTing-Kang Chang hash: "SHA256", 154*e7b1675dSTing-Kang Chang }, 155*e7b1675dSTing-Kang Chang } { 156*e7b1675dSTing-Kang Chang t.Run(tc.tag, func(t *testing.T) { 157*e7b1675dSTing-Kang Chang if err := internal.Validate_RSA_SSA_PKCS1(tc.hash, tc.key); err == nil { 158*e7b1675dSTing-Kang Chang t.Errorf("internal.Validate_RSA_SSA_PKCS1(hash = %q, key) err = nil, want error", tc.hash) 159*e7b1675dSTing-Kang Chang } 160*e7b1675dSTing-Kang Chang if err := internal.Validate_RSA_SSA_PSS(tc.hash, saltLen, tc.key); err == nil { 161*e7b1675dSTing-Kang Chang t.Errorf("internal.Validate_RSA_SSA_PSS(hash = %d saltLen = %q, key) err = nil, want error", saltLen, tc.hash) 162*e7b1675dSTing-Kang Chang } 163*e7b1675dSTing-Kang Chang }) 164*e7b1675dSTing-Kang Chang } 165*e7b1675dSTing-Kang Chang} 166