diff --git a/src/algorithms/pad.rs b/src/algorithms/pad.rs index 9191e4a8..19f1fd85 100644 --- a/src/algorithms/pad.rs +++ b/src/algorithms/pad.rs @@ -19,14 +19,24 @@ fn left_pad(input: &[u8], padded_len: usize) -> Result> { } /// Converts input to the new vector of the given length, using BE and with 0s left padded. +/// In some cases BoxedUint might already have leading zeroes, this function removes them +/// before padding again. #[inline] pub(crate) fn uint_to_be_pad(input: BoxedUint, padded_len: usize) -> Result> { + let required_bits = input.bits(); + let input = input.shorten(required_bits); + left_pad(&input.to_be_bytes(), padded_len) } /// Converts input to the new vector of the given length, using BE and with 0s left padded. +/// In some cases BoxedUint might already have leading zeroes, this function removes them +/// before padding again. #[inline] pub(crate) fn uint_to_zeroizing_be_pad(input: BoxedUint, padded_len: usize) -> Result> { + let required_bits = input.bits(); + let input = input.shorten(required_bits); + let m = Zeroizing::new(input); let m = Zeroizing::new(m.to_be_bytes()); left_pad(&m, padded_len) diff --git a/src/algorithms/rsa.rs b/src/algorithms/rsa.rs index e24d6dd0..363bb013 100644 --- a/src/algorithms/rsa.rs +++ b/src/algorithms/rsa.rs @@ -166,7 +166,7 @@ fn blind( let blinded = { // r^e (mod n) - let mut rpowe = pow_mod_params(&r, &key.e(), n_params.clone()); + let mut rpowe = pow_mod_params(&r, key.e(), n_params.clone()); // c * r^e (mod n) let c = mul_mod_params(c, &rpowe, n_params.clone()); rpowe.zeroize(); diff --git a/src/oaep.rs b/src/oaep.rs index 35cd7a8a..42765b47 100644 --- a/src/oaep.rs +++ b/src/oaep.rs @@ -54,14 +54,17 @@ impl Oaep { /// ``` /// use sha1::Sha1; /// use sha2::Sha256; - /// use rsa::{BigUint, RsaPublicKey, Oaep, }; + /// use rsa::{RsaPublicKey, Oaep}; /// use base64ct::{Base64, Encoding}; + /// use crypto_bigint::BoxedUint; /// - /// let n = Base64::decode_vec("ALHgDoZmBQIx+jTmgeeHW6KsPOrj11f6CvWsiRleJlQpW77AwSZhd21ZDmlTKfaIHBSUxRUsuYNh7E2SHx8rkFVCQA2/gXkZ5GK2IUbzSTio9qXA25MWHvVxjMfKSL8ZAxZyKbrG94FLLszFAFOaiLLY8ECs7g+dXOriYtBwLUJK+lppbd+El+8ZA/zH0bk7vbqph5pIoiWggxwdq3mEz4LnrUln7r6dagSQzYErKewY8GADVpXcq5mfHC1xF2DFBub7bFjMVM5fHq7RK+pG5xjNDiYITbhLYrbVv3X0z75OvN0dY49ITWjM7xyvMWJXVJS7sJlgmCCL6RwWgP8PhcE=").unwrap(); - /// let e = Base64::decode_vec("AQAB").unwrap(); + /// let n_bytes = Base64::decode_vec("seAOhmYFAjH6NOaB54dboqw86uPXV/oK9ayJGV4mVClbvsDBJmF3bVkOaVMp9ogcFJTFFSy5g2HsTZIfHyuQVUJADb+BeRnkYrYhRvNJOKj2pcDbkxYe9XGMx8pIvxkDFnIpusb3gUsuzMUAU5qIstjwQKzuD51c6uJi0HAtQkr6Wmlt34SX7xkD/MfRuTu9uqmHmkiiJaCDHB2reYTPguetSWfuvp1qBJDNgSsp7BjwYANWldyrmZ8cLXEXYMUG5vtsWMxUzl8ertEr6kbnGM0OJghNuEtittW/dfTPvk683R1jj0hNaMzvHK8xYldUlLuwmWCYIIvpHBaA/w+FwQ==").unwrap(); + /// let e_bytes = Base64::decode_vec("AQAB").unwrap(); + /// let n = BoxedUint::from_be_slice(&n_bytes, 2048).unwrap(); + /// let e = BoxedUint::from_be_slice(&e_bytes, 32).unwrap(); /// /// let mut rng = rand::thread_rng(); - /// let key = RsaPublicKey::new(BigUint::from_bytes_be(&n), BigUint::from_bytes_be(&e)).unwrap(); + /// let key = RsaPublicKey::new(n, e).unwrap(); /// let padding = Oaep::new::(); /// let encrypted_data = key.encrypt(&mut rng, padding, b"secret").unwrap(); /// ``` @@ -91,14 +94,17 @@ impl Oaep { /// ``` /// use sha1::Sha1; /// use sha2::Sha256; - /// use rsa::{BigUint, RsaPublicKey, Oaep, }; + /// use rsa::{RsaPublicKey, Oaep}; /// use base64ct::{Base64, Encoding}; + /// use crypto_bigint::BoxedUint; /// - /// let n = Base64::decode_vec("ALHgDoZmBQIx+jTmgeeHW6KsPOrj11f6CvWsiRleJlQpW77AwSZhd21ZDmlTKfaIHBSUxRUsuYNh7E2SHx8rkFVCQA2/gXkZ5GK2IUbzSTio9qXA25MWHvVxjMfKSL8ZAxZyKbrG94FLLszFAFOaiLLY8ECs7g+dXOriYtBwLUJK+lppbd+El+8ZA/zH0bk7vbqph5pIoiWggxwdq3mEz4LnrUln7r6dagSQzYErKewY8GADVpXcq5mfHC1xF2DFBub7bFjMVM5fHq7RK+pG5xjNDiYITbhLYrbVv3X0z75OvN0dY49ITWjM7xyvMWJXVJS7sJlgmCCL6RwWgP8PhcE=").unwrap(); - /// let e = Base64::decode_vec("AQAB").unwrap(); + /// let n_bytes = Base64::decode_vec("seAOhmYFAjH6NOaB54dboqw86uPXV/oK9ayJGV4mVClbvsDBJmF3bVkOaVMp9ogcFJTFFSy5g2HsTZIfHyuQVUJADb+BeRnkYrYhRvNJOKj2pcDbkxYe9XGMx8pIvxkDFnIpusb3gUsuzMUAU5qIstjwQKzuD51c6uJi0HAtQkr6Wmlt34SX7xkD/MfRuTu9uqmHmkiiJaCDHB2reYTPguetSWfuvp1qBJDNgSsp7BjwYANWldyrmZ8cLXEXYMUG5vtsWMxUzl8ertEr6kbnGM0OJghNuEtittW/dfTPvk683R1jj0hNaMzvHK8xYldUlLuwmWCYIIvpHBaA/w+FwQ==").unwrap(); + /// let e_bytes = Base64::decode_vec("AQAB").unwrap(); + /// let n = BoxedUint::from_be_slice(&n_bytes, 2048).unwrap(); + /// let e = BoxedUint::from_be_slice(&e_bytes, 32).unwrap(); /// /// let mut rng = rand::thread_rng(); - /// let key = RsaPublicKey::new(BigUint::from_bytes_be(&n), BigUint::from_bytes_be(&e)).unwrap(); + /// let key = RsaPublicKey::new(n, e).unwrap(); /// let padding = Oaep::new_with_mgf_hash::(); /// let encrypted_data = key.encrypt(&mut rng, padding, b"secret").unwrap(); /// ``` diff --git a/tests/pkcs1.rs b/tests/pkcs1.rs index 9bc2c2d8..70b6fa0b 100644 --- a/tests/pkcs1.rs +++ b/tests/pkcs1.rs @@ -44,6 +44,11 @@ const RSA_2048_PUB_PEM: &str = include_str!("examples/pkcs1/rsa2048-pub.pem"); #[cfg(feature = "pem")] const RSA_4096_PUB_PEM: &str = include_str!("examples/pkcs1/rsa4096-pub.pem"); +#[cfg(test)] +use crypto_bigint::BoxedUint; +#[cfg(test)] +use subtle::ConstantTimeEq; + #[test] fn decode_rsa2048_priv_der() { let key = RsaPrivateKey::from_pkcs1_der(RSA_2048_PRIV_DER).unwrap(); @@ -63,7 +68,8 @@ fn decode_rsa2048_priv_der() { "90B44E3E095FA37058EA25B13F5E295CBEAC6DE838AB8C50AF61E298975B872F" ) ); - assert_eq!(&key.e().to_be_bytes()[..], &hex!("010001")); + let expected_e = BoxedUint::from_be_slice(&hex!("010001"), 128).unwrap(); + assert!(bool::from(key.e().ct_eq(&expected_e))); assert_eq!( &key.d().to_be_bytes()[..], &hex!( @@ -77,24 +83,29 @@ fn decode_rsa2048_priv_der() { "ABEB359CA2025268D004F9D66EB3D6F7ADC1139BAD40F16DDE639E11647376C1" ) ); - assert_eq!( - &key.primes()[0].to_be_bytes()[..], + let expected_prime = BoxedUint::from_be_slice( &hex!( "DCC061242D4E92AFAEE72AC513CA65B9F77036F9BD7E0E6E61461A7EF7654225" "EC153C7E5C31A6157A6E5A13FF6E178E8758C1CB33D9D6BBE3179EF18998E422" "ECDCBED78F4ECFDBE5F4FCD8AEC2C9D0DC86473CA9BD16D9D238D21FB5DDEFBE" "B143CA61D0BD6AA8D91F33A097790E9640DBC91085DC5F26343BA3138F6B2D67" - ) - ); - assert_eq!( - &key.primes()[1].to_be_bytes()[..], + ), + 1024, + ) + .unwrap(); + assert!(bool::from(key.primes()[0].ct_eq(&expected_prime))); + + let expected_prime = BoxedUint::from_be_slice( &hex!( "D3F314757E40E954836F92BE24236AF2F0DA04A34653C180AF67E960086D93FD" "E65CB23EFD9D09374762F5981E361849AF68CDD75394FF6A4E06EB69B209E422" "8DB2DFA70E40F7F9750A528176647B788D0E5777A2CB8B22E3CD267FF70B4F3B" "02D3AAFB0E18C590A564B03188B0AA5FC48156B07622214243BD1227EFA7F2F9" - ) - ); + ), + 1024, + ) + .unwrap(); + assert!(bool::from(key.primes()[1].ct_eq(&expected_prime))); } #[test] @@ -124,7 +135,8 @@ fn decode_rsa4096_priv_der() { "F319956F4DE3AAD00EFB9A147D66B3AC1A01D35B2CFB48D400B0E7A80DC97551" ) ); - assert_eq!(&key.e().to_be_bytes()[..], &hex!("010001")); + let expected_e = BoxedUint::from_be_slice(&hex!("010001"), 128).unwrap(); + assert!(bool::from(key.e().ct_eq(&expected_e))); assert_eq!( &key.d().to_be_bytes()[..], &hex!( @@ -146,8 +158,7 @@ fn decode_rsa4096_priv_der() { "EF6BE3364969E1337C91B29A07B9A913CDE40CE2D5530C900E73751685E65431" ) ); - assert_eq!( - &key.primes()[0].to_be_bytes()[..], + let expected_prime = BoxedUint::from_be_slice( &hex!( "D0213A79425B665B719118448893EC3275600F63DBF85B77F4E8E99EF302F6E8" "2596048F6DCA772DE6BBF1124DB84B0AFE61B03A8604AB0079ED53F3304797AD" @@ -157,10 +168,13 @@ fn decode_rsa4096_priv_der() { "1BE60761F19F74672489EAF9F215409F39956E77A82183F1F72BB2FEDDF1B9FB" "FC4AD89EA445809DDBD5BD595277990C0BE9366FBB2ECF7B057CC1C3DC8FB77B" "F8456D07BBC95B3C1815F48E62B81468C3D4D9D96C0F48DAB04993BE8D91EDE5" - ) - ); - assert_eq!( - &key.primes()[1].to_be_bytes()[..], + ), + 2048, + ) + .unwrap(); + assert!(bool::from(key.primes()[0].ct_eq(&expected_prime))); + + let expected_prime = BoxedUint::from_be_slice( &hex!( "CE36C6810522ABE5D6465F36EB137DA3B9EA4A5F1D27C6614729EB8E5E2E5CB8" "8E3EF1A473A21944B66557B3DC2CE462E4BF3446CB4990037E5672B1705CBAE8" @@ -170,8 +184,11 @@ fn decode_rsa4096_priv_der() { "4A15823F5107C89548EDDCB61DA5308C6CC834D4A0C16DFA6CA1D67B61A65677" "EB1719CD125D0EF0DB8802FB76CFC17577BCB2510AE294E1BF8A9173A2B85C16" "A6B508C98F2D770B7F3DE48D9E720C53E263680B57E7109410015745570652FD" - ) - ); + ), + 2048, + ) + .unwrap(); + assert!(bool::from(key.primes()[1].ct_eq(&expected_prime))); } #[test] @@ -194,7 +211,8 @@ fn decode_rsa2048_pub_der() { ) ); - assert_eq!(&key.e().to_be_bytes()[..], &hex!("010001")); + let expected_e = BoxedUint::from_be_slice(&hex!("010001"), 128).unwrap(); + assert!(bool::from(key.e().ct_eq(&expected_e))); } #[test] @@ -224,7 +242,8 @@ fn decode_rsa4096_pub_der() { "F319956F4DE3AAD00EFB9A147D66B3AC1A01D35B2CFB48D400B0E7A80DC97551" ) ); - assert_eq!(&key.e().to_be_bytes()[..], &hex!("010001")); + let expected_e = BoxedUint::from_be_slice(&hex!("010001"), 128).unwrap(); + assert!(bool::from(key.e().ct_eq(&expected_e))); } #[test] @@ -275,7 +294,8 @@ fn decode_rsa2048_priv_pem() { "90B44E3E095FA37058EA25B13F5E295CBEAC6DE838AB8C50AF61E298975B872F" ) ); - assert_eq!(&key.e().to_be_bytes()[..], &hex!("010001")); + let expected_e = BoxedUint::from_be_slice(&hex!("010001"), 128).unwrap(); + assert!(bool::from(key.e().ct_eq(&expected_e))); assert_eq!( &key.d().to_be_bytes()[..], &hex!( @@ -289,26 +309,29 @@ fn decode_rsa2048_priv_pem() { "ABEB359CA2025268D004F9D66EB3D6F7ADC1139BAD40F16DDE639E11647376C1" ) ); - assert_eq!( - &key.primes()[0].to_be_bytes()[..], + let expected_prime = BoxedUint::from_be_slice( &hex!( "DCC061242D4E92AFAEE72AC513CA65B9F77036F9BD7E0E6E61461A7EF7654225" "EC153C7E5C31A6157A6E5A13FF6E178E8758C1CB33D9D6BBE3179EF18998E422" "ECDCBED78F4ECFDBE5F4FCD8AEC2C9D0DC86473CA9BD16D9D238D21FB5DDEFBE" "B143CA61D0BD6AA8D91F33A097790E9640DBC91085DC5F26343BA3138F6B2D67" + ), + 1024, + ) + .unwrap(); + assert!(bool::from(key.primes()[0].ct_eq(&expected_prime))); - ) - ); - assert_eq!( - &key.primes()[1].to_be_bytes()[..], + let expected_prime = BoxedUint::from_be_slice( &hex!( "D3F314757E40E954836F92BE24236AF2F0DA04A34653C180AF67E960086D93FD" "E65CB23EFD9D09374762F5981E361849AF68CDD75394FF6A4E06EB69B209E422" "8DB2DFA70E40F7F9750A528176647B788D0E5777A2CB8B22E3CD267FF70B4F3B" "02D3AAFB0E18C590A564B03188B0AA5FC48156B07622214243BD1227EFA7F2F9" - - ) - ); + ), + 1024, + ) + .unwrap(); + assert!(bool::from(key.primes()[1].ct_eq(&expected_prime))); } #[test] @@ -340,7 +363,8 @@ fn decode_rsa4096_priv_pem() { ) ); - assert_eq!(&key.e().to_be_bytes()[..], &hex!("010001")); + let expected_e = BoxedUint::from_be_slice(&hex!("010001"), 128).unwrap(); + assert!(bool::from(key.e().ct_eq(&expected_e))); assert_eq!( &key.d().to_be_bytes()[..], &hex!( @@ -362,8 +386,7 @@ fn decode_rsa4096_priv_pem() { "EF6BE3364969E1337C91B29A07B9A913CDE40CE2D5530C900E73751685E65431" ) ); - assert_eq!( - &key.primes()[0].to_be_bytes()[..], + let expected_prime = BoxedUint::from_be_slice( &hex!( "D0213A79425B665B719118448893EC3275600F63DBF85B77F4E8E99EF302F6E8" "2596048F6DCA772DE6BBF1124DB84B0AFE61B03A8604AB0079ED53F3304797AD" @@ -373,10 +396,13 @@ fn decode_rsa4096_priv_pem() { "1BE60761F19F74672489EAF9F215409F39956E77A82183F1F72BB2FEDDF1B9FB" "FC4AD89EA445809DDBD5BD595277990C0BE9366FBB2ECF7B057CC1C3DC8FB77B" "F8456D07BBC95B3C1815F48E62B81468C3D4D9D96C0F48DAB04993BE8D91EDE5" - ) - ); - assert_eq!( - &key.primes()[1].to_be_bytes()[..], + ), + 2048, + ) + .unwrap(); + assert!(bool::from(key.primes()[0].ct_eq(&expected_prime))); + + let expected_prime = BoxedUint::from_be_slice( &hex!( "CE36C6810522ABE5D6465F36EB137DA3B9EA4A5F1D27C6614729EB8E5E2E5CB8" "8E3EF1A473A21944B66557B3DC2CE462E4BF3446CB4990037E5672B1705CBAE8" @@ -386,8 +412,11 @@ fn decode_rsa4096_priv_pem() { "4A15823F5107C89548EDDCB61DA5308C6CC834D4A0C16DFA6CA1D67B61A65677" "EB1719CD125D0EF0DB8802FB76CFC17577BCB2510AE294E1BF8A9173A2B85C16" "A6B508C98F2D770B7F3DE48D9E720C53E263680B57E7109410015745570652FD" - ) - ); + ), + 2048, + ) + .unwrap(); + assert!(bool::from(key.primes()[1].ct_eq(&expected_prime))); } #[test] @@ -410,7 +439,8 @@ fn decode_rsa2048_pub_pem() { "90B44E3E095FA37058EA25B13F5E295CBEAC6DE838AB8C50AF61E298975B872F" ) ); - assert_eq!(&key.e().to_be_bytes()[..], &hex!("010001")); + let expected_e = BoxedUint::from_be_slice(&hex!("010001"), 128).unwrap(); + assert!(bool::from(key.e().ct_eq(&expected_e))); } #[test] @@ -441,7 +471,8 @@ fn decode_rsa4096_pub_pem() { "F319956F4DE3AAD00EFB9A147D66B3AC1A01D35B2CFB48D400B0E7A80DC97551" ) ); - assert_eq!(&key.e().to_be_bytes()[..], &hex!("010001")); + let expected_e = BoxedUint::from_be_slice(&hex!("010001"), 128).unwrap(); + assert!(bool::from(key.e().ct_eq(&expected_e))); } #[test] diff --git a/tests/pkcs8.rs b/tests/pkcs8.rs index 2140bd3b..b7a7eb67 100644 --- a/tests/pkcs8.rs +++ b/tests/pkcs8.rs @@ -33,6 +33,11 @@ use sha2::Sha256; #[cfg(feature = "pem")] use rsa::pkcs8::LineEnding; +#[cfg(test)] +use crypto_bigint::BoxedUint; +#[cfg(test)] +use subtle::ConstantTimeEq; + #[test] fn decode_rsa2048_priv_der() { let key = RsaPrivateKey::from_pkcs8_der(RSA_2048_PRIV_DER).unwrap(); @@ -51,7 +56,8 @@ fn decode_rsa2048_priv_der() { "90B44E3E095FA37058EA25B13F5E295CBEAC6DE838AB8C50AF61E298975B872F" ) ); - assert_eq!(&key.e().to_be_bytes()[..], &hex!("010001")); + let expected_e = BoxedUint::from_be_slice(&hex!("010001"), 32).unwrap(); + assert!(bool::from(key.e().ct_eq(&expected_e))); assert_eq!( &key.d().to_be_bytes()[..], &hex!( @@ -65,24 +71,29 @@ fn decode_rsa2048_priv_der() { "ABEB359CA2025268D004F9D66EB3D6F7ADC1139BAD40F16DDE639E11647376C1" ) ); - assert_eq!( - &key.primes()[0].to_be_bytes()[..], + let expected_prime = BoxedUint::from_be_slice( &hex!( "DCC061242D4E92AFAEE72AC513CA65B9F77036F9BD7E0E6E61461A7EF7654225" "EC153C7E5C31A6157A6E5A13FF6E178E8758C1CB33D9D6BBE3179EF18998E422" "ECDCBED78F4ECFDBE5F4FCD8AEC2C9D0DC86473CA9BD16D9D238D21FB5DDEFBE" "B143CA61D0BD6AA8D91F33A097790E9640DBC91085DC5F26343BA3138F6B2D67" - ) - ); - assert_eq!( - &key.primes()[1].to_be_bytes()[..], + ), + 1024, + ) + .unwrap(); + assert!(bool::from(key.primes()[0].ct_eq(&expected_prime))); + + let expected_prime = BoxedUint::from_be_slice( &hex!( "D3F314757E40E954836F92BE24236AF2F0DA04A34653C180AF67E960086D93FD" "E65CB23EFD9D09374762F5981E361849AF68CDD75394FF6A4E06EB69B209E422" "8DB2DFA70E40F7F9750A528176647B788D0E5777A2CB8B22E3CD267FF70B4F3B" "02D3AAFB0E18C590A564B03188B0AA5FC48156B07622214243BD1227EFA7F2F9" - ) - ); + ), + 1024, + ) + .unwrap(); + assert!(bool::from(key.primes()[1].ct_eq(&expected_prime))); let _ = pkcs1v15::SigningKey::::from_pkcs8_der(RSA_2048_PRIV_DER).unwrap(); } @@ -105,7 +116,8 @@ fn decode_rsa2048_pub_der() { "90B44E3E095FA37058EA25B13F5E295CBEAC6DE838AB8C50AF61E298975B872F" ) ); - assert_eq!(&key.e().to_be_bytes()[..], &hex!("010001")); + let expected_e = BoxedUint::from_be_slice(&hex!("010001"), 128).unwrap(); + assert!(bool::from(key.e().ct_eq(&expected_e))); let _ = pkcs1v15::VerifyingKey::::from_public_key_der(RSA_2048_PUB_DER).unwrap(); } @@ -128,7 +140,8 @@ fn decode_rsa2048_pss_priv_der() { ) ); - assert_eq!(&key.e().to_be_bytes()[..], &hex!("010001")); + let expected_e = BoxedUint::from_be_slice(&hex!("010001"), 128).unwrap(); + assert!(bool::from(key.e().ct_eq(&expected_e))); assert_eq!( &key.d().to_be_bytes()[..], &hex!( @@ -142,25 +155,29 @@ fn decode_rsa2048_pss_priv_der() { "3783DA6236A07A0F332003D30748EC1C12556D7CA7587E8E07DCE1D95EC4A611" ) ); - assert_eq!( - &key.primes()[0].to_be_bytes()[..], + let expected_prime = BoxedUint::from_be_slice( &hex!( "E55FBA212239C846821579BE7E4D44336C700167A478F542032BEBF506D39453" "82670B7D5B08D48E1B4A46EB22E54ABE21867FB6AD96444E00B386FF14710CB6" "9D80111E3721CBE65CFA8A141A1492D5434BB7538481EBB27462D54EDD1EA55D" "C2230431EE63C4A3609EC28BA67ABEE0DCA1A12E8E796BB5485A331BD27DC509" + ), + 1024, + ) + .unwrap(); + assert!(bool::from(key.primes()[0].ct_eq(&expected_prime))); - ) - ); - assert_eq!( - &key.primes()[1].to_be_bytes()[..], + let expected_prime = BoxedUint::from_be_slice( &hex!( "C3EC0875ED7B5B96340A9869DD9674B8CF0E52AD4092B57620A6AEA981DA0F10" "13DF610CE1C8B630C111DA7214128E20FF8DA55B4CD8A2E145A8E370BF4F87C8" "EB203E9752A8A442E562E09F455769B8DA35CCBA2A134F5DE274020B6A7620F0" "3DE276FCBFDE2B0356438DD17DD40152AB80C1277B4849A643CB158AA07ADBC3" - ) - ); + ), + 1024, + ) + .unwrap(); + assert!(bool::from(key.primes()[1].ct_eq(&expected_prime))); let _ = pss::SigningKey::::from_pkcs8_der(RSA_2048_PSS_PRIV_DER).unwrap(); } @@ -182,7 +199,8 @@ fn decode_rsa2048_pss_pub_der() { "D502F266FB17433A9F4B08D08DE3C576A670CE90557AF94F67579A3273A5C8DB" ) ); - assert_eq!(&key.e().to_be_bytes()[..], &hex!("010001")); + let expected_e = BoxedUint::from_be_slice(&hex!("010001"), 128).unwrap(); + assert!(bool::from(key.e().ct_eq(&expected_e))); let _ = pss::VerifyingKey::::from_public_key_der(RSA_2048_PSS_PUB_DER).unwrap(); } @@ -229,7 +247,8 @@ fn decode_rsa2048_priv_pem() { "90B44E3E095FA37058EA25B13F5E295CBEAC6DE838AB8C50AF61E298975B872F" ) ); - assert_eq!(&key.e().to_be_bytes()[..], &hex!("010001")); + let expected_e = BoxedUint::from_be_slice(&hex!("010001"), 128).unwrap(); + assert!(bool::from(key.e().ct_eq(&expected_e))); assert_eq!( &key.d().to_be_bytes()[..], &hex!( @@ -243,24 +262,29 @@ fn decode_rsa2048_priv_pem() { "ABEB359CA2025268D004F9D66EB3D6F7ADC1139BAD40F16DDE639E11647376C1" ) ); - assert_eq!( - &key.primes()[0].to_be_bytes()[..], + let expected_prime = BoxedUint::from_be_slice( &hex!( "DCC061242D4E92AFAEE72AC513CA65B9F77036F9BD7E0E6E61461A7EF7654225" "EC153C7E5C31A6157A6E5A13FF6E178E8758C1CB33D9D6BBE3179EF18998E422" "ECDCBED78F4ECFDBE5F4FCD8AEC2C9D0DC86473CA9BD16D9D238D21FB5DDEFBE" "B143CA61D0BD6AA8D91F33A097790E9640DBC91085DC5F26343BA3138F6B2D67" - ) - ); - assert_eq!( - &key.primes()[1].to_be_bytes()[..], + ), + 1024, + ) + .unwrap(); + assert!(bool::from(key.primes()[0].ct_eq(&expected_prime))); + + let expected_prime = BoxedUint::from_be_slice( &hex!( "D3F314757E40E954836F92BE24236AF2F0DA04A34653C180AF67E960086D93FD" "E65CB23EFD9D09374762F5981E361849AF68CDD75394FF6A4E06EB69B209E422" "8DB2DFA70E40F7F9750A528176647B788D0E5777A2CB8B22E3CD267FF70B4F3B" "02D3AAFB0E18C590A564B03188B0AA5FC48156B07622214243BD1227EFA7F2F9" - ) - ); + ), + 1024, + ) + .unwrap(); + assert!(bool::from(key.primes()[1].ct_eq(&expected_prime))); let _ = pkcs1v15::SigningKey::::from_pkcs8_pem(RSA_2048_PRIV_PEM).unwrap(); } @@ -284,7 +308,8 @@ fn decode_rsa2048_pub_pem() { "90B44E3E095FA37058EA25B13F5E295CBEAC6DE838AB8C50AF61E298975B872F" ) ); - assert_eq!(&key.e().to_be_bytes()[..], &hex!("010001")); + let expected_e = BoxedUint::from_be_slice(&hex!("010001"), 128).unwrap(); + assert!(bool::from(key.e().ct_eq(&expected_e))); let _ = pkcs1v15::VerifyingKey::::from_public_key_pem(RSA_2048_PUB_PEM).unwrap(); }