From 8fee269f9438da69b01da73067a40f98a5b91a0e Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Sun, 13 Sep 2020 09:44:41 -0400
Subject: [PATCH] llcrypto: tests for rsa kludge

---
 tor-llcrypto/src/pk/rsa.rs    |   5 +++++
 tor-llcrypto/src/util.rs      |  26 ++++++++++++++++++++++++++
 tor-llcrypto/testdata/tor.der | Bin 0 -> 583 bytes
 tor-llcrypto/testdata/tpo.der | Bin 0 -> 1633 bytes
 4 files changed, 31 insertions(+)
 create mode 100644 tor-llcrypto/testdata/tor.der
 create mode 100644 tor-llcrypto/testdata/tpo.der

diff --git a/tor-llcrypto/src/pk/rsa.rs b/tor-llcrypto/src/pk/rsa.rs
index 3cd51017d..0ee3ce0b9 100644
--- a/tor-llcrypto/src/pk/rsa.rs
+++ b/tor-llcrypto/src/pk/rsa.rs
@@ -8,6 +8,11 @@
 //! signatures, and encoding and decoding keys from DER.
 //!
 //! Currently missing is signing and RSA-OEAP.
+//!
+//! # Limitations:
+//!
+//! XXXX This module should expose RustCrypto trait-based wrappers,
+//! but the rsa crate didn't support them as of initial writing.
 use arrayref::array_ref;
 use std::fmt;
 use subtle::*;
diff --git a/tor-llcrypto/src/util.rs b/tor-llcrypto/src/util.rs
index 9cd98dc6a..58ac17dab 100644
--- a/tor-llcrypto/src/util.rs
+++ b/tor-llcrypto/src/util.rs
@@ -61,3 +61,29 @@ impl<'a> Asn1<'a> {
         }
     }
 }
+
+#[cfg(test)]
+mod tests {
+    // A cert generated by chutney
+    const CHUTNEY_CERT: &[u8] = include_bytes!("../testdata/tor.der");
+    // current (Sep 2020) certificate for www.torproject.org
+    const TPO_CERT: &[u8] = include_bytes!("../testdata/tpo.der");
+
+    #[test]
+    fn extract_rsa() {
+        use super::*;
+        use hex_literal::hex;
+        let pk = x509_extract_rsa_subject_kludge(CHUTNEY_CERT).unwrap();
+        assert_eq!(pk.bits(), 2048);
+        assert!(pk.exponent_is(65537));
+        assert_eq!(pk.to_der(), &hex!(
+            "3082010a028201010097a08af777515b03d99702a7e25382438ac93c1ba89601ece7b9ce1a1c5667ba6b97ef6c489c9e269da5f42b70ce09d6cf8c91b77bed2c66885be394f5de1c2e0a7e6464f5c9bc988dd5f3fd495af77041b64c7546930d99f3a5183186a5f188baa8f7ad579083d3bff0ce6508d1961d4f5da26fd84d1a693f903c47b1cfb3f6910843eafbcebafff58e74e6e737e4517514746880cb1b5b4fbf75243ca713c0fbd50176595e8d6e4b9bffb5434479ccbe6ed5cf1e22982826b60123eec3064e84f657da88312dcc5258320d52cfa3dda9fe372db38ebb2448e0411a26d3a95a35de9d617f8bf9ff2d9a099bf8123763229a3cd0ccd5c3c812c36c710bc0d3510203010001")[..]);
+
+        let pk = x509_extract_rsa_subject_kludge(TPO_CERT).unwrap();
+        assert_eq!(pk.bits(), 4096);
+        assert!(pk.exponent_is(65537));
+        assert_eq!(pk.to_der(), &hex!("3082020a0282020100c61b75da1b7641e506c98ac8d46f2056f9d828672d84ddd274a8c696c8edff741f32cf880a28c142af51a3c6371f59889ac8dd6670bf3f4163a20fcc75b36e451de581a03a721d7ef44e544ae992f5bb68a6b20a0888d68e87b7facdf63b1101eee544eec1217dc4155fe851ae2756fe6467d7139741837249efc13cba74fec73e93533101507445ee68119c64a0cb6bea4d3d84a681aad998a857cbfc26b8e42c5531e345e29943e9841b34bdd63e833542a76c0a1d1831825003baddd4ccb2ecedd5bf255f4e4928f92f8e82430b9a0b9c6318405c6ab4b6d36a3205d0bb0d9a6894754a9b025de883a30dc69c84bdd514318f5d07b7fd355c6a57bccba99f8586c6627f2ff52a5e1ce76c5afe6408d0a91da1d899d4828821469661719ee8acbbbe1682188bac7787077a3276300240ec89e1ddeed4ff6814aab13d7e2e8b700255672f92c3554129912e52c4d92acaf702309f6a0db398c9b91ebcc8c579ee2db44c6bea052b026779bdf609695f01b9d2dce0a9f0701450d7404949588f0642f290221e374d806fa595d8206f6caef19d97d79408d5d31611a8b1cd3eb1f2a83e951fedfd11e7ca637e37720f25dbf8ce99eb499f94e79433e511f50e5579327af487e92f2a42d89687cb61c2b8d7a4be46c1ed3b8fbaf0bdbc0363a2f828e73237300729daff58e840e079270a31b64140cea7ba58efc3d9e96aa9075d0203010001")[..]);
+
+        assert!(x509_extract_rsa_subject_kludge("hello world".as_bytes()).is_none());
+    }
+}
diff --git a/tor-llcrypto/testdata/tor.der b/tor-llcrypto/testdata/tor.der
new file mode 100644
index 0000000000000000000000000000000000000000..5a391a446ae98ec21d95578f8e5937e755ae7174
GIT binary patch
literal 583
zcmXqLVsbWUVqCL;nTe5!iIbuGl2*f;n9EBIc-c6$+C196^D;7WvoaW{7%CYkurY_S
zF!M;3mzV3AWhGW*8x@sgnCIqHniQFv=_Tjq8pw(B8d@3}8d?~DL6kVJk%6Iskr9+@
zAa5vZAPq4^1Y}BbnQ>KeqETjIc7=&vUTO)@B}&LPGqN%;H!<=v0L8hOniv@wrZ4FF
zULF|Dd~-U}@<+i<&Rr*Mq*qL1eDi$gIVqX2^j+E0-{*MDnWr{)=@;#SbDY=C_e|Vg
z{Z=QfBl_`_ulHp1xav|;zMkAOqxb6Pzn)Rw3mmukl)6pko%wmGgkjs#j~%;Kd|w+r
zq51Ou59d-jE>4s6k6o01!&fTPeu9nr#`BxMP2_NX_50ke|6lt`o;^2z5?CrylF@Kl
zI@*7Ksfx{V;RC;~GL}Wg_2zlc{=e1PrSi<aysPKslxAqCZDUk^cbLtu<y-iz4ny5D
zK@mp0LFX6WUHQ*kcXQuv6^{pwQfil1Mw#B5n^@od^S|ya&e=bN%#)R7*<3ht_3#Oy
z!#RcA2QCLPF*7nSB8Lz#ZkQVz8In5eGPMm}pL{v@#f7uHEw8r*ED9|@r?vIp{pe#)
z6?ZBm?ez^fUuXP^f4l$5?Fzj1jaPytn6$PU+~xfDqI;IehUJ3GCIy%5jdFTqaN@{6
zsZ)2hEoAeQyZHW|P-aAh#I?SdKMhx;UDd1;H>9v1|CIi-=h&vET~BVkV}7SFe~zWU
FGyvN^^p*es

literal 0
HcmV?d00001

diff --git a/tor-llcrypto/testdata/tpo.der b/tor-llcrypto/testdata/tpo.der
new file mode 100644
index 0000000000000000000000000000000000000000..5ce216707975004e3ac798208816edc681e31068
GIT binary patch
literal 1633
zcmZ`(do+}39R9v<z8TlyxaJZDxrcWqQfzW*$~Y>e(ddNQA>*=UjFH$V9}RIL<q~RL
zDn@H7vXwifNvKqAkyH{Ygvx3+b|&exXLtX5pXYtv-{n2e?*}k~H^A`J0vrM(h$6ZW
zG^jsRp>pe9c4^GmxbyOUKqN?+@?H3|L>QLAL%@|R1EdHzI!aJN=pJNMpezQ`N<=q*
zo>4f78p`BGad>2XpeyEaN*e#*NsbXb7MmN$iy|>r0qtc(3IH|~D*&vltSGz0kPIjy
z?h6E3WKE#H7)CKNGSY&_=5n~~Ab%#$g3S#87^3%mbub>nVTe2=;-wJ`fgz!0M4#q<
z$6>;q<d#l0$#bsPIKVt%;2}>S%xW25;OS8ACrKMOIbGUzR%oN+m6Y2uu#eNQ-jP`(
z-yU%#l&UoxS76K4ihaLjhwIph4>hdf3Tert?$pF<pYDFNQ-CLiH%v6?#x$$=j&8eX
z<T>vb(4&;?7|*3mHvLe|o4;*;(t`}U^QaRnh0}foZNaZMuS+P7yYTpwU}xK3hSy)N
zq?3oJFLIp65;U#qy6xkwok~KawbaO%JFa@5v%TW&cvpjg?-rWzoMkHJER!p9nyKcn
zJE-#NqaX^tqlTEv%7}2yL%c`h&k}{F6Y9E@$!Xpa*FIbC4%%7UR+@i=FZ}V4<p)!r
z<s%`x=KUl)O0^1mb2_mk-Hlm$!+septEpGT)KbbK6D6W4`vKzc_UQA0iOvO<@`dts
zu@)&DgdSjd;wIhEB;8_r^JCN2Sp?(<5wD!OQ>9(oaw}@WywWZBHQo#fh^qT273d3B
zJ$&-4^c_dpy~lw@W26zBrjP4s+iX6}KA+i3VuxIuI+NX#A=&jvRY6dG*S>sOV4tZo
z{#jw9l^JWpl{e`B<6h1iT7Jez#;Re34|4P<O7#20F-udY-mJv7y*IA+oU7m1G;Wtx
z{jRPS$1M88c!XjDBux4i7^4o)qKu@;R~;Shl~gk(Z$2IiDwXg?a4-a)#SoUr5q>~U
zWF#$l7+ye89D*+ZT4HQ~iVZAjMu72n2^{?GgaBFbwUStl0BBJxhpM8=jn5a<51yWv
zow?)VRx9_Updq7YE6@>(^-(pTdRSTD8pK3n2C82@SbMFQ>OVOncv}eAOOat1WrDrH
zVhID7ugBu?IJTCSY-TveA~2L^eqfbFh(9mfe{qz)Sl#lQ9^vbM)ieFMy#LW#E*7jH
z?hgB}(Qy+OOhT!^8AuWc0dcZ00s|X@jOZg!7#kGz4Fh9fxRe!vRW+8fa>D;r9R}kG
z(qEo-M<FPJ#(hNNW}qo(Kjc#qJ~!yuIP&{ymzWOPGfH%Nu53b~qGEztL{?lFl>tF;
zcx-H#I|QLPXcM3!B=#ppv0VE>xUB5l$Qjj5;oEz#H@-Uf*&@lZdm+d2Rv^02gGi~g
zd8q{rhU;6qN=eP)f#GIw`Kb{Iv!1foQTGUeBB2Uxe0xgK-DJ|1#C>ySRmldVfZ)DQ
zoRJEehxug6ai6bwZNKDo0UJe8M}v#j`G)e(6LV^Z@_rRGhWMnjGWtzVD(-@OQyy-b
z6iM2S#w6J&zL1Izkk4+tJG`Q?`QVt<kQST&aJkGaCE1_8-$tTciNjzRQccf8*T@+%
zGRNh-)Yb9MMitXFvo3;g&E86Fm#xUEc%z~;9|e-sE8DECKv6fZ@AYoUy-y2OT+ijx
zV~-7X4zkak3iN3;RP26d8lg^@8WdL7yqPxXUd`|<A+Gh)=%bID^f%8$_U^FOKbn91
z2BvQ4CTz~M%}7&XEsNuG_9a&!FJ0<a;)J<(Sfs-Bw62?HF5REqvtiq`zhR$VYI$NS
z?edg%i%Ub@xEH^!I$h@Dn|&u<*!)&SI|Mt{_xx<gjsBC3<GME#9q}r!u2NXDId(9o
vLw<UXAZLx;A?)zy9=ECxx{7d$o@y3$pnW0kX2x@iwyE`>Cgy5xXR7=SgOG!n

literal 0
HcmV?d00001