xref: /aosp_15_r20/external/tink/cc/signature/rsa_ssa_pkcs1_verify_key_manager_test.cc (revision e7b1675dde1b92d52ec075b0a92829627f2c52a5) 
1 // Copyright 2018 Google Inc.
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 //      http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 //
15 ////////////////////////////////////////////////////////////////////////////////
16 
17 #include "tink/signature/rsa_ssa_pkcs1_verify_key_manager.h"
18 
19 #include <string>
20 
21 #include "gmock/gmock.h"
22 #include "gtest/gtest.h"
23 #include "absl/status/status.h"
24 #include "absl/strings/escaping.h"
25 #include "openssl/bn.h"
26 #include "openssl/rsa.h"
27 #include "tink/internal/bn_util.h"
28 #include "tink/internal/rsa_util.h"
29 #include "tink/internal/ssl_unique_ptr.h"
30 #include "tink/public_key_sign.h"
31 #include "tink/public_key_verify.h"
32 #include "tink/signature/rsa_ssa_pkcs1_sign_key_manager.h"
33 #include "tink/subtle/rsa_ssa_pkcs1_sign_boringssl.h"
34 #include "tink/util/secret_data.h"
35 #include "tink/util/status.h"
36 #include "tink/util/statusor.h"
37 #include "tink/util/test_matchers.h"
38 #include "tink/util/test_util.h"
39 #include "proto/rsa_ssa_pkcs1.pb.h"
40 #include "proto/tink.pb.h"
41 
42 namespace crypto {
43 namespace tink {
44 
45 using ::crypto::tink::test::IsOk;
46 using ::crypto::tink::test::StatusIs;
47 using ::crypto::tink::util::StatusOr;
48 using ::google::crypto::tink::HashType;
49 using ::google::crypto::tink::KeyData;
50 using ::google::crypto::tink::RsaSsaPkcs1KeyFormat;
51 using ::google::crypto::tink::RsaSsaPkcs1PrivateKey;
52 using ::google::crypto::tink::RsaSsaPkcs1PublicKey;
53 using ::testing::Eq;
54 using ::testing::HasSubstr;
55 using ::testing::Not;
56 
57 namespace {
58 
TEST(RsaSsaPkcs1VerifyKeyManagerTest,Basics)59 TEST(RsaSsaPkcs1VerifyKeyManagerTest, Basics) {
60   EXPECT_THAT(RsaSsaPkcs1VerifyKeyManager().get_version(), Eq(0));
61   EXPECT_THAT(RsaSsaPkcs1VerifyKeyManager().key_material_type(),
62               Eq(KeyData::ASYMMETRIC_PUBLIC));
63   EXPECT_THAT(
64       RsaSsaPkcs1VerifyKeyManager().get_key_type(),
65       Eq("type.googleapis.com/google.crypto.tink.RsaSsaPkcs1PublicKey"));
66 }
67 
TEST(RsaSsaPkcs1VerifyKeyManagerTest,ValidateEmptyKey)68 TEST(RsaSsaPkcs1VerifyKeyManagerTest, ValidateEmptyKey) {
69   EXPECT_THAT(RsaSsaPkcs1VerifyKeyManager().ValidateKey(RsaSsaPkcs1PublicKey()),
70               Not(IsOk()));
71 }
72 
CreateKeyFormat(HashType hash_type,int modulus_size_in_bits,int public_exponent)73 RsaSsaPkcs1KeyFormat CreateKeyFormat(HashType hash_type,
74                                      int modulus_size_in_bits,
75                                      int public_exponent) {
76   RsaSsaPkcs1KeyFormat key_format;
77   auto params = key_format.mutable_params();
78   params->set_hash_type(hash_type);
79   key_format.set_modulus_size_in_bits(modulus_size_in_bits);
80   internal::SslUniquePtr<BIGNUM> e(BN_new());
81   BN_set_word(e.get(), public_exponent);
82   key_format.set_public_exponent(
83       internal::BignumToString(e.get(), BN_num_bytes(e.get())).value());
84   return key_format;
85 }
86 
ValidKeyFormat()87 RsaSsaPkcs1KeyFormat ValidKeyFormat() {
88   return CreateKeyFormat(HashType::SHA256, 3072, RSA_F4);
89 }
90 
CreateValidPrivateKey()91 RsaSsaPkcs1PrivateKey CreateValidPrivateKey() {
92   return RsaSsaPkcs1SignKeyManager().CreateKey(ValidKeyFormat()).value();
93 }
94 
CreateValidPublicKey()95 RsaSsaPkcs1PublicKey CreateValidPublicKey() {
96   return RsaSsaPkcs1SignKeyManager()
97       .GetPublicKey(CreateValidPrivateKey())
98       .value();
99 }
100 
101 // Checks that a public key generaed by the SignKeyManager is considered valid.
TEST(RsaSsaPkcs1VerifyKeyManagerTest,PublicKeyValid)102 TEST(RsaSsaPkcs1VerifyKeyManagerTest, PublicKeyValid) {
103   RsaSsaPkcs1PublicKey key = CreateValidPublicKey();
104   EXPECT_THAT(RsaSsaPkcs1VerifyKeyManager().ValidateKey(key), IsOk());
105 }
106 
TEST(RsaSsaPkcs1VerifyKeyManagerTest,PublicKeyWrongVersion)107 TEST(RsaSsaPkcs1VerifyKeyManagerTest, PublicKeyWrongVersion) {
108   RsaSsaPkcs1PublicKey key = CreateValidPublicKey();
109   key.set_version(1);
110   EXPECT_THAT(RsaSsaPkcs1VerifyKeyManager().ValidateKey(key), Not(IsOk()));
111 }
112 
TEST(RsaSsaPkcs1VerifyKeyManagerTest,PublicKeyUnkownHashDisallowed)113 TEST(RsaSsaPkcs1VerifyKeyManagerTest, PublicKeyUnkownHashDisallowed) {
114   RsaSsaPkcs1PublicKey key = CreateValidPublicKey();
115   key.mutable_params()->set_hash_type(HashType::UNKNOWN_HASH);
116   EXPECT_THAT(RsaSsaPkcs1VerifyKeyManager().ValidateKey(key), Not(IsOk()));
117 }
118 
TEST(RsaSsaPkcs1VerifyKeyManagerTest,ValidateKeyFormatSmallModulusDisallowed)119 TEST(RsaSsaPkcs1VerifyKeyManagerTest, ValidateKeyFormatSmallModulusDisallowed) {
120   RsaSsaPkcs1PublicKey key = CreateValidPublicKey();
121   key.set_n("\x23");
122   key.set_e("\x3");
123   EXPECT_THAT(RsaSsaPkcs1VerifyKeyManager().ValidateKey(key),
124               StatusIs(absl::StatusCode::kInvalidArgument,
125                        HasSubstr("only modulus size >= 2048")));
126 }
127 
TEST(RsaSsaPkcs1SignKeyManagerTest,Create)128 TEST(RsaSsaPkcs1SignKeyManagerTest, Create) {
129   RsaSsaPkcs1KeyFormat key_format =
130       CreateKeyFormat(HashType::SHA256, 3072, RSA_F4);
131   StatusOr<RsaSsaPkcs1PrivateKey> private_key_or =
132       RsaSsaPkcs1SignKeyManager().CreateKey(key_format);
133   ASSERT_THAT(private_key_or, IsOk());
134   RsaSsaPkcs1PrivateKey private_key = private_key_or.value();
135   RsaSsaPkcs1PublicKey public_key =
136       RsaSsaPkcs1SignKeyManager().GetPublicKey(private_key).value();
137 
138   internal::RsaPrivateKey private_key_subtle;
139   private_key_subtle.n = private_key.public_key().n();
140   private_key_subtle.e = private_key.public_key().e();
141   private_key_subtle.d = util::SecretDataFromStringView(private_key.d());
142   private_key_subtle.p = util::SecretDataFromStringView(private_key.p());
143   private_key_subtle.q = util::SecretDataFromStringView(private_key.q());
144   private_key_subtle.dp = util::SecretDataFromStringView(private_key.dp());
145   private_key_subtle.dq = util::SecretDataFromStringView(private_key.dq());
146   private_key_subtle.crt = util::SecretDataFromStringView(private_key.crt());
147 
148   auto direct_signer_or = subtle::RsaSsaPkcs1SignBoringSsl::New(
149       private_key_subtle, {crypto::tink::subtle::HashType::SHA256});
150 
151   auto verifier_or =
152       RsaSsaPkcs1VerifyKeyManager().GetPrimitive<PublicKeyVerify>(public_key);
153   ASSERT_THAT(verifier_or, IsOk());
154 
155   std::string message = "Some message";
156   EXPECT_THAT(verifier_or.value()->Verify(
157                   direct_signer_or.value()->Sign(message).value(), message),
158               IsOk());
159 }
160 
TEST(RsaSsaPkcs1VerifyKeyManagerTest,NistTestVector)161 TEST(RsaSsaPkcs1VerifyKeyManagerTest, NistTestVector) {
162   // Test vector from
163   // https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/Digital-Signatures
164   struct NistTestVector {
165     std::string n;
166     std::string e;
167     std::string message;
168     std::string signature;
169     HashType hash_type;
170   };
171 
172   const NistTestVector nist_test_vector{
173       absl::HexStringToBytes(
174           "c9548608087bed6be0a4623b9d849aa0b4b4b6114ad0a7d82578076ceefe26ce48d1"
175           "448e16d69963510e1e5fc658f3cf8f32a489b62d93fec1cdea6e1dde3feba04bb6a0"
176           "34518d83fd6138ea999982ab95d6a03517688ab6f8411c4a96b3e79d4141b8f68338"
177           "a9baa99f4e2c7845b573981061c5fd29d5fc21833ff1b030b2deb651e51a291168e2"
178           "b45ab4202dcd97b891925c75338e0e648d9d9ad325c10884e1fcdccc1c547b4a9c36"
179           "aef939e8802b62405d6e3d358ffa88f206b976b87f8b12b827b0ee7823f9d1955f47"
180           "f8678f7843b4cd03777e46717060e82bf149b36d4cf3d0bc7e4d0effde51a72f4ced"
181           "8e8e5b11bdb135825ff08873e2f776929abb"),
182       absl::HexStringToBytes("3c7bf9"),
183       absl::HexStringToBytes(
184           "bf082fa4b79f32849e8fae692696fc978ccb648c6e278d9bde4338d7b4632e3228b4"
185           "77e6a0d2cd14c68d51abdeed7c8c577457ec9fa2eff93cbf03c019d4014e1dfb3115"
186           "02d82f9265689e2d19f91b61c17a701c9ef50a69a55aae4cd57e67edc763c3f987ba"
187           "3e46a2a6ffb680c3c25df46716e61228c832419e9f43916a4959"),
188       absl::HexStringToBytes(
189           "621120a71ff2a182dd2997beb2480f54be516b79a4c202d1d6f59270f8e4d4dbd625"
190           "ac52fe0e49c5fd69dc0d15fb19ec58c9312a8161a61cb878abcb11399937f28ff080"
191           "3877c239ce0b7c4cbc1e23eca22746b071b2716475424c12944660b929b6240aebe8"
192           "47fcb94f63d212f3aa538515dc061e9810fdb0adeb374d0f69d24fd52c94e42668a4"
193           "8fc0a57819952a40efb732cfa08b3d2b371780aea97be34efb5239994d7ee7c6ab91"
194           "34b76711e76813ad5f5c3a5c95399e907650534dbfafec900c21be1308ddff6eda52"
195           "5f35e4fb3d275de46250ea1e4b96b60bd125b85f6c52b5419a725cd69b10cefd0901"
196           "abe7f9e15940594cf811e34c60f38768244c"),
197       HashType::SHA256};
198 
199   RsaSsaPkcs1PublicKey key;
200   key.mutable_params()->set_hash_type(nist_test_vector.hash_type);
201   key.set_version(0);
202   key.set_n(nist_test_vector.n);
203   key.set_e(nist_test_vector.e);
204   auto result =
205       RsaSsaPkcs1VerifyKeyManager().GetPrimitive<PublicKeyVerify>(key);
206   EXPECT_THAT(result, IsOk());
207   EXPECT_THAT(result.value()->Verify(nist_test_vector.signature,
208                                      nist_test_vector.message),
209               IsOk());
210 }
211 
212 }  // namespace
213 }  // namespace tink
214 }  // namespace crypto
215