security: tolerate invalid or unsupported public keys in PIB
Change-Id: I3c1dd9d3fe81d0895e2d1706f0b29a8e61940beb
diff --git a/tests/unit/security/transform/public-key.t.cpp b/tests/unit/security/transform/public-key.t.cpp
index e844293..e37cda5 100644
--- a/tests/unit/security/transform/public-key.t.cpp
+++ b/tests/unit/security/transform/public-key.t.cpp
@@ -113,23 +113,42 @@
BOOST_TEST(*os6.buf() == *pKeyPkcs8, boost::test_tools::per_element());
}
+BOOST_AUTO_TEST_CASE(LoadError)
+{
+ EcKeyTestData dataSet;
+ auto pkcs8Base64 = make_span(reinterpret_cast<const uint8_t*>(dataSet.pkcs8Base64.data()),
+ dataSet.pkcs8Base64.size());
+ OBufferStream os;
+ bufferSource(pkcs8Base64) >> base64Decode() >> streamSink(os);
+ auto pkcs8 = os.buf();
+
+ PublicKey pKey;
+ // empty
+ BOOST_CHECK_THROW(pKey.loadPkcs8(span<uint8_t>{}), PublicKey::Error);
+ BOOST_CHECK_THROW(pKey.loadPkcs8Base64(span<uint8_t>{}), PublicKey::Error);
+ // truncated
+ BOOST_CHECK_THROW(pKey.loadPkcs8(make_span(*pkcs8).first(10)), PublicKey::Error);
+ BOOST_CHECK_THROW(pKey.loadPkcs8Base64(pkcs8Base64.first(10)), PublicKey::Error);
+}
+
// NOTE: We cannot test RSA encryption by comparing the computed ciphertext to
// a known-good one, because OAEP padding is randomized and would produce
// different results every time. An encrypt/decrypt round-trip test is
// performed in private-key.t.cpp
-BOOST_AUTO_TEST_CASE(UnsupportedEcEncryption)
+BOOST_AUTO_TEST_CASE(UnsupportedEncryption)
{
- EcKeyTestData dataSet;
-
- PublicKey pKey;
- pKey.loadPkcs8Base64({reinterpret_cast<const uint8_t*>(dataSet.pkcs8Base64.data()),
- dataSet.pkcs8Base64.size()});
-
OBufferStream os;
bufferSource("Y2lhbyFob2xhIWhlbGxvIQ==") >> base64Decode() >> streamSink(os);
+ auto plain = os.buf();
- BOOST_CHECK_THROW(pKey.encrypt(*os.buf()), PublicKey::Error);
+ PublicKey pKey;
+ BOOST_CHECK_THROW(pKey.encrypt(*plain), PublicKey::Error);
+
+ EcKeyTestData dataSet;
+ pKey.loadPkcs8Base64({reinterpret_cast<const uint8_t*>(dataSet.pkcs8Base64.data()),
+ dataSet.pkcs8Base64.size()});
+ BOOST_CHECK_THROW(pKey.encrypt(*plain), PublicKey::Error);
}
BOOST_AUTO_TEST_SUITE_END() // TestPublicKey