Files
wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_rsa_pkcs1v15.rs
T
2026-04-17 15:52:07 -04:00

82 lines
2.6 KiB
Rust

#![cfg(all(feature = "signature", rsa, random))]
mod common;
use signature::{Keypair, SignerMut, Verifier};
use wolfssl_wolfcrypt::random::RNG;
#[test]
#[cfg(all(sha256, rsa_keygen))]
fn test_rsa2048_sha256_sign_verify() {
use wolfssl_wolfcrypt::rsa_pkcs1v15::{Sha256, Signature, SigningKey, VerifyingKey};
common::setup();
let rng = RNG::new().expect("RNG");
let mut sk: SigningKey<Sha256, 256> = SigningKey::generate(rng).expect("generate 2048");
let msg = b"rsa pkcs1v15 sha256 signature trait test";
let sig: Signature<256> = sk.sign(msg);
// Encoding round-trip.
let bytes = sig.to_bytes();
assert_eq!(bytes.len(), 256);
let sig2 = Signature::<256>::try_from(bytes.as_ref()).expect("parse sig");
assert_eq!(sig, sig2);
// Wrong length must fail.
assert!(Signature::<256>::try_from(&bytes[..255]).is_err());
// Keypair gives a matching verifying key.
let vk: VerifyingKey<Sha256, 256> = sk.verifying_key();
vk.verify(msg, &sig).expect("verify");
// Tampered message fails.
let mut tampered = *msg;
tampered[0] ^= 0x01;
assert!(vk.verify(&tampered, &sig).is_err());
// VerifyingKey rebuilt from raw components still verifies.
let vk_copy = VerifyingKey::<Sha256, 256>::from_components(vk.modulus(), vk.exponent())
.expect("from_components");
assert_eq!(vk, vk_copy);
vk_copy.verify(msg, &sig).expect("verify via rebuilt vk");
}
#[test]
#[cfg(all(sha384, rsa_keygen))]
fn test_rsa3072_sha384_sign_verify() {
use wolfssl_wolfcrypt::rsa_pkcs1v15::{Sha384, Signature, SigningKey, VerifyingKey};
common::setup();
let rng = RNG::new().expect("RNG");
let mut sk: SigningKey<Sha384, 384> = SigningKey::generate(rng).expect("generate 3072");
let msg = b"rsa pkcs1v15 sha384 signature trait test";
let sig: Signature<384> = sk.sign(msg);
assert_eq!(sig.to_bytes().len(), 384);
let vk: VerifyingKey<Sha384, 384> = sk.verifying_key();
vk.verify(msg, &sig).expect("verify");
let mut tampered = *msg;
tampered[2] ^= 0x10;
assert!(vk.verify(&tampered, &sig).is_err());
}
#[test]
#[cfg(all(sha256, rsa_keygen))]
fn test_modulus_size_mismatch_rejected() {
use wolfssl_wolfcrypt::rsa::RSA;
use wolfssl_wolfcrypt::rsa_pkcs1v15::{Sha256, SigningKey};
common::setup();
let mut rng = RNG::new().expect("RNG");
let rsa2048 = RSA::generate(2048, 65537, &mut rng).expect("generate");
// Attempt to adopt a 2048-bit key as if it were 3072.
let result: Result<SigningKey<Sha256, 384>, _> = SigningKey::from_rsa(rsa2048, rng);
assert!(result.is_err(), "modulus size mismatch must be rejected");
}