summaryrefslogtreecommitdiffstats
path: root/security/nss/gtests/freebl_gtest
diff options
context:
space:
mode:
Diffstat (limited to 'security/nss/gtests/freebl_gtest')
-rw-r--r--security/nss/gtests/freebl_gtest/ecl_unittest.cc2
-rw-r--r--security/nss/gtests/freebl_gtest/mpi_unittest.cc82
-rw-r--r--security/nss/gtests/freebl_gtest/rsa_unittest.cc48
3 files changed, 121 insertions, 11 deletions
diff --git a/security/nss/gtests/freebl_gtest/ecl_unittest.cc b/security/nss/gtests/freebl_gtest/ecl_unittest.cc
index fbad0246f..36074be82 100644
--- a/security/nss/gtests/freebl_gtest/ecl_unittest.cc
+++ b/security/nss/gtests/freebl_gtest/ecl_unittest.cc
@@ -7,7 +7,7 @@
#include <stdint.h>
#include "blapi.h"
-#include "scoped_ptrs.h"
+#include "nss_scoped_ptrs.h"
#include "secerr.h"
namespace nss_test {
diff --git a/security/nss/gtests/freebl_gtest/mpi_unittest.cc b/security/nss/gtests/freebl_gtest/mpi_unittest.cc
index 4fed1a40e..2ccb8c351 100644
--- a/security/nss/gtests/freebl_gtest/mpi_unittest.cc
+++ b/security/nss/gtests/freebl_gtest/mpi_unittest.cc
@@ -15,7 +15,7 @@
#include "mpi.h"
namespace nss_test {
-void gettime(struct timespec *tp) {
+void gettime(struct timespec* tp) {
#ifdef __MACH__
clock_serv_t cclock;
mach_timespec_t mts;
@@ -69,6 +69,39 @@ class MPITest : public ::testing::Test {
mp_clear(&b);
mp_clear(&c);
}
+
+ void dump(const std::string& prefix, const uint8_t* buf, size_t len) {
+ auto flags = std::cerr.flags();
+ std::cerr << prefix << ": [" << std::dec << len << "] ";
+ for (size_t i = 0; i < len; ++i) {
+ std::cerr << std::hex << std::setw(2) << std::setfill('0')
+ << static_cast<int>(buf[i]);
+ }
+ std::cerr << std::endl << std::resetiosflags(flags);
+ }
+
+ void TestToFixedOctets(const std::vector<uint8_t>& ref, size_t len) {
+ mp_int a;
+ ASSERT_EQ(MP_OKAY, mp_init(&a));
+ ASSERT_EQ(MP_OKAY, mp_read_unsigned_octets(&a, ref.data(), ref.size()));
+ uint8_t buf[len];
+ ASSERT_EQ(MP_OKAY, mp_to_fixlen_octets(&a, buf, len));
+ size_t compare;
+ if (len > ref.size()) {
+ for (size_t i = 0; i < len - ref.size(); ++i) {
+ ASSERT_EQ(0U, buf[i]) << "index " << i << " should be zero";
+ }
+ compare = ref.size();
+ } else {
+ compare = len;
+ }
+ dump("value", ref.data(), ref.size());
+ dump("output", buf, len);
+ ASSERT_EQ(0, memcmp(buf + len - compare, ref.data() + ref.size() - compare,
+ compare))
+ << "comparing " << compare << " octets";
+ mp_clear(&a);
+ }
};
TEST_F(MPITest, MpiCmp01Test) { TestCmp("0", "1", -1); }
@@ -113,6 +146,47 @@ TEST_F(MPITest, MpiCmpUnalignedTest) {
}
#endif
+TEST_F(MPITest, MpiFixlenOctetsZero) {
+ std::vector<uint8_t> zero = {0};
+ TestToFixedOctets(zero, 1);
+ TestToFixedOctets(zero, 2);
+ TestToFixedOctets(zero, sizeof(mp_digit));
+ TestToFixedOctets(zero, sizeof(mp_digit) + 1);
+}
+
+TEST_F(MPITest, MpiFixlenOctetsVarlen) {
+ std::vector<uint8_t> packed;
+ for (size_t i = 0; i < sizeof(mp_digit) * 2; ++i) {
+ packed.push_back(0xa4); // Any non-zero value will do.
+ TestToFixedOctets(packed, packed.size());
+ TestToFixedOctets(packed, packed.size() + 1);
+ TestToFixedOctets(packed, packed.size() + sizeof(mp_digit));
+ }
+}
+
+TEST_F(MPITest, MpiFixlenOctetsTooSmall) {
+ uint8_t buf[sizeof(mp_digit) * 3];
+ std::vector<uint8_t> ref;
+ for (size_t i = 0; i < sizeof(mp_digit) * 2; i++) {
+ ref.push_back(3); // Any non-zero value will do.
+ dump("ref", ref.data(), ref.size());
+
+ mp_int a;
+ ASSERT_EQ(MP_OKAY, mp_init(&a));
+ ASSERT_EQ(MP_OKAY, mp_read_unsigned_octets(&a, ref.data(), ref.size()));
+#ifdef DEBUG
+ // ARGCHK maps to assert() in a debug build.
+ EXPECT_DEATH(mp_to_fixlen_octets(&a, buf, ref.size() - 1), "");
+#else
+ EXPECT_EQ(MP_BADARG, mp_to_fixlen_octets(&a, buf, ref.size() - 1));
+#endif
+ ASSERT_EQ(MP_OKAY, mp_to_fixlen_octets(&a, buf, ref.size()));
+ ASSERT_EQ(0, memcmp(buf, ref.data(), ref.size()));
+
+ mp_clear(&a);
+ }
+}
+
// This test is slow. Disable it by default so we can run these tests on CI.
class DISABLED_MPITest : public ::testing::Test {};
@@ -127,17 +201,17 @@ TEST_F(DISABLED_MPITest, MpiCmpConstTest) {
mp_read_radix(
&a,
- const_cast<char *>(
+ const_cast<char*>(
"FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551"),
16);
mp_read_radix(
&b,
- const_cast<char *>(
+ const_cast<char*>(
"FF0FFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551"),
16);
mp_read_radix(
&c,
- const_cast<char *>(
+ const_cast<char*>(
"FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632550"),
16);
diff --git a/security/nss/gtests/freebl_gtest/rsa_unittest.cc b/security/nss/gtests/freebl_gtest/rsa_unittest.cc
index 5c667a1d1..a1453168f 100644
--- a/security/nss/gtests/freebl_gtest/rsa_unittest.cc
+++ b/security/nss/gtests/freebl_gtest/rsa_unittest.cc
@@ -21,7 +21,7 @@ struct ScopedDelete {
typedef std::unique_ptr<RSAPrivateKey, ScopedDelete<RSAPrivateKey>>
ScopedRSAPrivateKey;
-class RSANewKeyTest : public ::testing::Test {
+class RSATest : public ::testing::Test {
protected:
RSAPrivateKey* CreateKeyWithExponent(int keySizeInBits,
unsigned char publicExponent) {
@@ -34,24 +34,24 @@ class RSANewKeyTest : public ::testing::Test {
}
};
-TEST_F(RSANewKeyTest, expOneTest) {
+TEST_F(RSATest, expOneTest) {
ScopedRSAPrivateKey key(CreateKeyWithExponent(2048, 0x01));
ASSERT_TRUE(key == nullptr);
}
-TEST_F(RSANewKeyTest, expTwoTest) {
+TEST_F(RSATest, expTwoTest) {
ScopedRSAPrivateKey key(CreateKeyWithExponent(2048, 0x02));
ASSERT_TRUE(key == nullptr);
}
-TEST_F(RSANewKeyTest, expFourTest) {
+TEST_F(RSATest, expFourTest) {
ScopedRSAPrivateKey key(CreateKeyWithExponent(2048, 0x04));
ASSERT_TRUE(key == nullptr);
}
-TEST_F(RSANewKeyTest, WrongKeysizeTest) {
+TEST_F(RSATest, WrongKeysizeTest) {
ScopedRSAPrivateKey key(CreateKeyWithExponent(2047, 0x03));
ASSERT_TRUE(key == nullptr);
}
-TEST_F(RSANewKeyTest, expThreeTest) {
+TEST_F(RSATest, expThreeTest) {
ScopedRSAPrivateKey key(CreateKeyWithExponent(2048, 0x03));
#ifdef NSS_FIPS_DISABLED
ASSERT_TRUE(key != nullptr);
@@ -59,3 +59,39 @@ TEST_F(RSANewKeyTest, expThreeTest) {
ASSERT_TRUE(key == nullptr);
#endif
}
+
+TEST_F(RSATest, DecryptBlockTestErrors) {
+ unsigned char pubExp[3] = {0x01, 0x00, 0x01};
+ SECItem exp = {siBuffer, pubExp, 3};
+ ScopedRSAPrivateKey key(RSA_NewKey(2048, &exp));
+ ASSERT_TRUE(key);
+ uint8_t out[10] = {0};
+ uint8_t in_small[100] = {0};
+ unsigned int outputLen = 0;
+ unsigned int maxOutputLen = sizeof(out);
+
+ // This should fail because input the same size as the modulus (256).
+ SECStatus rv = RSA_DecryptBlock(key.get(), out, &outputLen, maxOutputLen,
+ in_small, sizeof(in_small));
+ EXPECT_EQ(SECFailure, rv);
+
+ uint8_t in[256] = {0};
+ // This should fail because the padding checks will fail.
+ rv = RSA_DecryptBlock(key.get(), out, &outputLen, maxOutputLen, in,
+ sizeof(in));
+ EXPECT_EQ(SECFailure, rv);
+ // outputLen should be maxOutputLen.
+ EXPECT_EQ(maxOutputLen, outputLen);
+
+ // This should fail because the padding checks will fail.
+ uint8_t out_long[260] = {0};
+ maxOutputLen = sizeof(out_long);
+ rv = RSA_DecryptBlock(key.get(), out_long, &outputLen, maxOutputLen, in,
+ sizeof(in));
+ EXPECT_EQ(SECFailure, rv);
+ // outputLen should <= 256-11=245.
+ EXPECT_LE(outputLen, 245u);
+ // Everything over 256 must be 0 in the output.
+ uint8_t out_long_test[4] = {0};
+ EXPECT_EQ(0, memcmp(out_long_test, &out_long[256], 4));
+}