Port RSA test from wip/combined-codebase-staging

ueno · ueno · commit ac2a11f6b949 · 2023-04-25T12:43:23.000+09:00
Signed-off-by: Daiki Ueno &lt;dueno@redhat.com&gt;
diff --git a/openssl/rsa_test.go b/openssl/rsa_test.go
@@ -6,11 +6,14 @@ package openssl_test
 import (
 	"bytes"
 	"crypto"
+	"crypto/rsa"
 	"encoding/hex"
-	"github.com/golang-fips/openssl-fips/openssl"
-	"github.com/golang-fips/openssl-fips/openssl/bbig"
 	"math/big"
+	"strconv"
 	"testing"
+
+	"github.com/golang-fips/openssl-fips/openssl"
+	"github.com/golang-fips/openssl-fips/openssl/bbig"
 )
 
 func fromBase16(base16 string) openssl.BigInt {
@@ -167,3 +170,218 @@ func TestKeyGeneration(t *testing.T) {
 		}
 	}
 }
+
+func TestRSAKeyGeneration(t *testing.T) {
+	for _, size := range []int{2048, 3072} {
+		t.Run(strconv.Itoa(size), func(t *testing.T) {
+			t.Parallel()
+			priv, pub := newRSAKey(t, size)
+			msg := []byte("hi!")
+			enc, err := openssl.EncryptRSAPKCS1(pub, msg)
+			if err != nil {
+				t.Fatalf("EncryptPKCS1v15: %v", err)
+			}
+			dec, err := openssl.DecryptRSAPKCS1(priv, enc)
+			if err != nil {
+				t.Fatalf("DecryptPKCS1v15: %v", err)
+			}
+			if !bytes.Equal(dec, msg) {
+				t.Fatalf("got:%x want:%x", dec, msg)
+			}
+		})
+	}
+}
+
+func TestEncryptDecryptOAEP(t *testing.T) {
+	sha256 := openssl.NewSHA256()
+	msg := []byte("hi!")
+	label := []byte("ho!")
+	priv, pub := newRSAKey(t, 2048)
+	enc, err := openssl.EncryptRSAOAEP(sha256, pub, msg, label)
+	if err != nil {
+		t.Fatal(err)
+	}
+	dec, err := openssl.DecryptRSAOAEP(sha256, priv, enc, label)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if !bytes.Equal(dec, msg) {
+		t.Errorf("got:%x want:%x", dec, msg)
+	}
+}
+
+func TestEncryptDecryptOAEP_WrongLabel(t *testing.T) {
+	sha256 := openssl.NewSHA256()
+	msg := []byte("hi!")
+	priv, pub := newRSAKey(t, 2048)
+	enc, err := openssl.EncryptRSAOAEP(sha256, pub, msg, []byte("ho!"))
+	if err != nil {
+		t.Fatal(err)
+	}
+	dec, err := openssl.DecryptRSAOAEP(sha256, priv, enc, []byte("wrong!"))
+	if err == nil {
+		t.Errorf("error expected")
+	}
+	if dec != nil {
+		t.Errorf("got:%x want: nil", dec)
+	}
+}
+
+func TestEncryptDecryptNoPadding(t *testing.T) {
+	msg := make([]byte, 2048/8)
+	priv, pub := newRSAKey(t, 2048)
+	enc, err := openssl.EncryptRSANoPadding(pub, msg)
+	if err != nil {
+		t.Fatal(err)
+	}
+	dec, err := openssl.DecryptRSANoPadding(priv, enc)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if !bytes.Equal(dec, msg) {
+		t.Errorf("got:%x want:%x", dec, msg)
+	}
+}
+
+func TestSignVerifyPKCS1v15(t *testing.T) {
+	sha256 := openssl.NewSHA256()
+	priv, pub := newRSAKey(t, 2048)
+	msg := []byte("hi!")
+	sha256.Write(msg)
+	hashed := sha256.Sum(nil)
+	signed, err := openssl.SignRSAPKCS1v15(priv, crypto.SHA256, hashed, true)
+	if err != nil {
+		t.Fatal(err)
+	}
+	signed2, err := openssl.SignRSAPKCS1v15(priv, crypto.SHA256, msg, false)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if !bytes.Equal(signed, signed2) {
+		t.Fatalf("got:%x want:%x", signed, signed2)
+	}
+	err = openssl.VerifyRSAPKCS1v15(pub, crypto.SHA256, hashed, signed, true)
+	if err != nil {
+		t.Fatal(err)
+	}
+	err = openssl.VerifyRSAPKCS1v15(pub, crypto.SHA256, msg, signed2, false)
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestSignVerifyPKCS1v15_Unhashed(t *testing.T) {
+	msg := []byte("hi!")
+	priv, pub := newRSAKey(t, 2048)
+	signed, err := openssl.SignRSAPKCS1v15(priv, 0, msg, false)
+	if err != nil {
+		t.Fatal(err)
+	}
+	err = openssl.VerifyRSAPKCS1v15(pub, 0, msg, signed, false)
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestSignVerifyPKCS1v15_Invalid(t *testing.T) {
+	sha256 := openssl.NewSHA256()
+	msg := []byte("hi!")
+	priv, pub := newRSAKey(t, 2048)
+	sha256.Write(msg)
+	hashed := sha256.Sum(nil)
+	signed, err := openssl.SignRSAPKCS1v15(priv, crypto.SHA256, hashed, true)
+	if err != nil {
+		t.Fatal(err)
+	}
+	err = openssl.VerifyRSAPKCS1v15(pub, crypto.SHA256, msg, signed, true)
+	if err == nil {
+		t.Fatal("error expected")
+	}
+}
+
+func TestSignVerifyRSAPSS(t *testing.T) {
+	// Test cases taken from
+	// https://github.com/golang/go/blob/54182ff54a687272dd7632c3a963e036ce03cb7c/src/crypto/rsa/pss_test.go#L200.
+	const keyBits = 2048
+	var saltLengthCombinations = []struct {
+		signSaltLength, verifySaltLength int
+		good                             bool
+	}{
+		{rsa.PSSSaltLengthAuto, rsa.PSSSaltLengthAuto, true},
+		{rsa.PSSSaltLengthEqualsHash, rsa.PSSSaltLengthAuto, true},
+		{rsa.PSSSaltLengthEqualsHash, rsa.PSSSaltLengthEqualsHash, true},
+		{rsa.PSSSaltLengthEqualsHash, 8, false},
+		{rsa.PSSSaltLengthAuto, rsa.PSSSaltLengthEqualsHash, false},
+		{8, 8, true},
+		{rsa.PSSSaltLengthAuto, keyBits/8 - 2 - 32, true}, // simulate Go PSSSaltLengthAuto algorithm (32 = sha256 size)
+		{rsa.PSSSaltLengthAuto, 20, false},
+		{rsa.PSSSaltLengthAuto, -2, false},
+	}
+	sha256 := openssl.NewSHA256()
+	priv, pub := newRSAKey(t, keyBits)
+	sha256.Write([]byte("testing"))
+	hashed := sha256.Sum(nil)
+	for i, test := range saltLengthCombinations {
+		signed, err := openssl.SignRSAPSS(priv, crypto.SHA256, hashed, test.signSaltLength)
+		if err != nil {
+			t.Errorf("#%d: error while signing: %s", i, err)
+			continue
+		}
+		err = openssl.VerifyRSAPSS(pub, crypto.SHA256, hashed, signed, test.verifySaltLength)
+		if (err == nil) != test.good {
+			t.Errorf("#%d: bad result, wanted: %t, got: %s", i, test.good, err)
+		}
+	}
+}
+
+func newRSAKey(t *testing.T, size int) (*openssl.PrivateKeyRSA, *openssl.PublicKeyRSA) {
+	t.Helper()
+	N, E, D, P, Q, Dp, Dq, Qinv, err := openssl.GenerateKeyRSA(size)
+	if err != nil {
+		t.Fatalf("GenerateKeyRSA(%d): %v", size, err)
+	}
+	priv, err := openssl.NewPrivateKeyRSA(N, E, D, P, Q, Dp, Dq, Qinv)
+	if err != nil {
+		t.Fatalf("NewPrivateKeyRSA(%d): %v", size, err)
+	}
+	pub, err := openssl.NewPublicKeyRSA(N, E)
+	if err != nil {
+		t.Fatalf("NewPublicKeyRSA(%d): %v", size, err)
+	}
+	return priv, pub
+}
+
+func fromBase36(base36 string) *big.Int {
+	i, ok := new(big.Int).SetString(base36, 36)
+	if !ok {
+		panic("bad number: " + base36)
+	}
+	return i
+}
+
+func BenchmarkEncryptRSAPKCS1(b *testing.B) {
+	b.StopTimer()
+	// Public key length should be at least of 2048 bits, else OpenSSL will report an error when running in FIPS mode.
+	n := fromBase36("14314132931241006650998084889274020608918049032671858325988396851334124245188214251956198731333464217832226406088020736932173064754214329009979944037640912127943488972644697423190955557435910767690712778463524983667852819010259499695177313115447116110358524558307947613422897787329221478860907963827160223559690523660574329011927531289655711860504630573766609239332569210831325633840174683944553667352219670930408593321661375473885147973879086994006440025257225431977751512374815915392249179976902953721486040787792801849818254465486633791826766873076617116727073077821584676715609985777563958286637185868165868520557")
+	test2048PubKey, err := openssl.NewPublicKeyRSA(bbig.Enc(n), bbig.Enc(big.NewInt(3)))
+	if err != nil {
+		b.Fatal(err)
+	}
+	b.StartTimer()
+	b.ReportAllocs()
+	for i := 0; i < b.N; i++ {
+		if _, err := openssl.EncryptRSAPKCS1(test2048PubKey, []byte("testing")); err != nil {
+			b.Fatal(err)
+		}
+	}
+}
+
+func BenchmarkGenerateKeyRSA(b *testing.B) {
+	b.ReportAllocs()
+	for i := 0; i < b.N; i++ {
+		_, _, _, _, _, _, _, _, err := openssl.GenerateKeyRSA(2048)
+		if err != nil {
+			b.Fatal(err)
+		}
+	}
+}
