From f5ce8d27223bfcb5b8982887c3f067eec729962b Mon Sep 17 00:00:00 2001 From: Daniel Neus Date: Thu, 16 Feb 2017 14:01:59 +0100 Subject: Fix rsa_blinding tests if emsa_raw is missing and add tests for rsa_blinding while encrypting/decrypting --- src/tests/test_rsa.cpp | 49 ++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 46 insertions(+), 3 deletions(-) diff --git a/src/tests/test_rsa.cpp b/src/tests/test_rsa.cpp index a375e90a3..e3ac2f608 100644 --- a/src/tests/test_rsa.cpp +++ b/src/tests/test_rsa.cpp @@ -5,6 +5,7 @@ */ #include "tests.h" +#include "test_rng.h" #if defined(BOTAN_HAS_RSA) #include @@ -138,7 +139,11 @@ class RSA_Blinding_Tests : public Test { Test::Result result("RSA blinding"); -#if defined(BOTAN_HAS_EME_RAW) +#if defined(BOTAN_HAS_EMSA_RAW) || defined(BOTAN_HAS_EME_RAW) + Botan::RSA_PrivateKey rsa(Test::rng(), 1024); +#endif + +#if defined(BOTAN_HAS_EMSA_RAW) /* * The blinder chooses a new starting point BOTAN_BLINDING_REINIT_INTERVAL @@ -148,8 +153,6 @@ class RSA_Blinding_Tests : public Test * are used as an additional test on the blinders. */ - Botan::RSA_PrivateKey rsa(Test::rng(), 1024); - Botan::PK_Signer signer(rsa, Test::rng(), "Raw"); // don't try this at home Botan::PK_Verifier verifier(rsa, "Raw"); @@ -169,6 +172,46 @@ class RSA_Blinding_Tests : public Test } #endif +#if defined(BOTAN_HAS_EME_RAW) + + /* + * The blinder chooses a new starting point BOTAN_BLINDING_REINIT_INTERVAL + * so decrypt several times that with a single key. + * + * Very small values (padding/hashing disabled, only low byte set on input) + * are used as an additional test on the blinders. + */ + + Botan::PK_Encryptor_EME encryptor(rsa, Test::rng(), "Raw"); // don't try this at home + + // test blinding reinit interval + // Seed Fixed_Output_RNG only with enough bytes for the initial blinder initialization + Botan_Tests::Fixed_Output_RNG fixed_rng(Botan::unlock(Test::rng().random_vec(rsa.get_n().bytes()))); + Botan::PK_Decryptor_EME decryptor(rsa, fixed_rng, "Raw"); + + for(size_t i = 1; i <= BOTAN_BLINDING_REINIT_INTERVAL ; ++i) + { + std::vector input(16); + input[ input.size() - 1 ] = static_cast(i); + + std::vector ciphertext = encryptor.encrypt(input, Test::rng()); + + std::vector plaintext = Botan::unlock(decryptor.decrypt(ciphertext)); + plaintext.insert(plaintext.begin(), input.size() - 1, 0); + + // assert RNG is not called in this situation + result.test_eq("Successfull decryption", plaintext, input); + } + + // one more decryption should trigger a blinder reinitialization + result.test_throws("", [&decryptor,&encryptor]() + { + std::vector ciphertext = encryptor.encrypt(std::vector(16), Test::rng()); + decryptor.decrypt(ciphertext); + }); + +#endif + return std::vector{result}; } }; -- cgit v1.2.3