Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cache dynamically generated RSA keys in tests #75995

Closed
wants to merge 1 commit into from
Closed

Cache dynamically generated RSA keys in tests #75995

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
57 changes: 25 additions & 32 deletions .../Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/EncryptDecrypt.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
// The .NET Foundation licenses this file to you under the MIT license.

using System.Collections.Generic;
using System.Security.Cryptography.Tests;
using Test.Cryptography;
using Microsoft.DotNet.XUnitExtensions;
using Xunit;
Expand All @@ -18,8 +19,9 @@ protected override byte[] Decrypt(RSA rsa, byte[] data, RSAEncryptionPadding pad
[Fact]
public void NullArray_Throws()
{
using (RSA rsa = RSAFactory.Create())
using (RSALease lease = RSAFactory.CreateIdempotent())
{
RSA rsa = lease.Key;
AssertExtensions.Throws<ArgumentNullException>("data", () => rsa.Encrypt(null, RSAEncryptionPadding.OaepSHA1));
AssertExtensions.Throws<ArgumentNullException>("data", () => rsa.Decrypt(null, RSAEncryptionPadding.OaepSHA1));
}
Expand All @@ -37,8 +39,9 @@ public abstract class EncryptDecrypt
[Fact]
public void NullPadding_Throws()
{
using (RSA rsa = RSAFactory.Create())
using (RSALease lease = RSAFactory.CreateIdempotent())
{
RSA rsa = lease.Key;
AssertExtensions.Throws<ArgumentNullException>("padding", () => Encrypt(rsa, TestData.HelloBytes, null));
AssertExtensions.Throws<ArgumentNullException>("padding", () => Decrypt(rsa, TestData.HelloBytes, null));
}
Expand Down Expand Up @@ -87,9 +90,8 @@ public void DecryptSavedAnswer()

byte[] output;

using (RSA rsa = RSAFactory.Create())
using (RSA rsa = RSAFactory.Create(TestData.RSA1024Params))
{
rsa.ImportParameters(TestData.RSA1024Params);
output = Decrypt(rsa, cipherBytes, RSAEncryptionPadding.OaepSHA1);
}

Expand Down Expand Up @@ -150,10 +152,8 @@ public void DecryptSavedAnswer_OaepSHA256()

byte[] output;

using (RSA rsa = RSAFactory.Create())
using (RSA rsa = RSAFactory.Create(TestData.RSA2048Params))
{
rsa.ImportParameters(TestData.RSA2048Params);

if (RSAFactory.SupportsSha2Oaep)
Comment on lines 154 to 157
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I went through every call to RSAFactory.Create or RSA.Create to find out if they could be changed to pooled keys, or not. All the ones that did ImportParameters as their first line are from .NET Core 1.0 (hi, former self!), before we had accelerators for that. They generally got changed over so they a) didn't look like false positives and b) can suggest other key parameter values that are worth pooling as well-known keys.

{
output = Decrypt(rsa, cipherBytes, RSAEncryptionPadding.OaepSHA256);
Expand Down Expand Up @@ -211,10 +211,8 @@ public void DecryptSavedAnswer_OaepSHA384()

byte[] output;

using (RSA rsa = RSAFactory.Create())
using (RSA rsa = RSAFactory.Create(TestData.RSA2048Params))
{
rsa.ImportParameters(TestData.RSA2048Params);

if (RSAFactory.SupportsSha2Oaep)
{
output = Decrypt(rsa, cipherBytes, RSAEncryptionPadding.OaepSHA384);
Expand Down Expand Up @@ -246,10 +244,8 @@ public void DecryptSavedAnswer_OaepSHA512()

byte[] output;

using (RSA rsa = RSAFactory.Create())
using (RSA rsa = RSAFactory.Create(TestData.RSA2048Params))
{
rsa.ImportParameters(TestData.RSA2048Params);

if (RSAFactory.SupportsSha2Oaep)
{
output = Decrypt(rsa, cipherBytes, RSAEncryptionPadding.OaepSHA512);
Expand Down Expand Up @@ -291,9 +287,8 @@ public void DecryptSavedAnswerUnusualExponent()

byte[] output;

using (RSA rsa = RSAFactory.Create())
using (RSA rsa = RSAFactory.Create(TestData.UnusualExponentParameters))
{
rsa.ImportParameters(TestData.UnusualExponentParameters);
output = Decrypt(rsa, cipherBytes, RSAEncryptionPadding.OaepSHA1);
}

Expand All @@ -320,18 +315,18 @@ private void RsaCryptRoundtrip(RSAEncryptionPadding paddingMode, bool expectSucc
byte[] crypt;
byte[] output;

using (RSA rsa = RSAFactory.Create(2048))
using (RSALease lease= RSAFactory.CreateIdempotent(2048))
{
if (!expectSuccess)
{
Assert.ThrowsAny<CryptographicException>(
() => Encrypt(rsa, TestData.HelloBytes, paddingMode));
() => Encrypt(lease.Key, TestData.HelloBytes, paddingMode));

return;
}

crypt = Encrypt(rsa, TestData.HelloBytes, paddingMode);
output = Decrypt(rsa, crypt, paddingMode);
crypt = Encrypt(lease.Key, TestData.HelloBytes, paddingMode);
output = Decrypt(lease.Key, crypt, paddingMode);
}

Assert.NotEqual(crypt, output);
Expand Down Expand Up @@ -617,13 +612,13 @@ public void RsaDecryptAfterExport()
{
byte[] output;

using (RSA rsa = RSAFactory.Create())
using (RSALease lease = RSAFactory.CreateIdempotent())
{
byte[] crypt = Encrypt(rsa, TestData.HelloBytes, RSAEncryptionPadding.OaepSHA1);
byte[] crypt = Encrypt(lease.Key, TestData.HelloBytes, RSAEncryptionPadding.OaepSHA1);

// Export the key, this should not clear/destroy the key.
rsa.ExportParameters(true);
output = Decrypt(rsa, crypt, RSAEncryptionPadding.OaepSHA1);
lease.Key.ExportParameters(true);
output = Decrypt(lease.Key, crypt, RSAEncryptionPadding.OaepSHA1);
}

Assert.Equal(TestData.HelloBytes, output);
Expand Down Expand Up @@ -662,10 +657,8 @@ public void UnusualExponentCryptRoundtrip()
byte[] crypt;
byte[] output;

using (RSA rsa = RSAFactory.Create())
using (RSA rsa = RSAFactory.Create(TestData.UnusualExponentParameters))
{
rsa.ImportParameters(TestData.UnusualExponentParameters);

crypt = Encrypt(rsa, TestData.HelloBytes, RSAEncryptionPadding.OaepSHA1);
output = Decrypt(rsa, crypt, RSAEncryptionPadding.OaepSHA1);
}
Expand All @@ -681,10 +674,10 @@ public void NonPowerOfTwoKeySizeOaepRoundtrip(RSAEncryptionPadding oaepPaddingMo
byte[] crypt;
byte[] output;

using (RSA rsa = RSAFactory.Create(3072))
using (RSALease lease = RSAFactory.CreateIdempotent(3072))
{
crypt = Encrypt(rsa, TestData.HelloBytes, oaepPaddingMode);
output = Decrypt(rsa, crypt, oaepPaddingMode);
crypt = Encrypt(lease.Key, TestData.HelloBytes, oaepPaddingMode);
output = Decrypt(lease.Key, crypt, oaepPaddingMode);
}

Assert.NotEqual(crypt, output);
Expand All @@ -694,10 +687,10 @@ public void NonPowerOfTwoKeySizeOaepRoundtrip(RSAEncryptionPadding oaepPaddingMo
[Fact]
public void NotSupportedValueMethods()
{
using (RSA rsa = RSAFactory.Create())
using (RSALease lease = RSAFactory.CreateIdempotent())
{
Assert.Throws<NotSupportedException>(() => rsa.DecryptValue(null));
Assert.Throws<NotSupportedException>(() => rsa.EncryptValue(null));
Assert.Throws<NotSupportedException>(() => lease.Key.DecryptValue(null));
Assert.Throws<NotSupportedException>(() => lease.Key.EncryptValue(null));
}
}

Expand Down
20 changes: 10 additions & 10 deletions ...ts/System/Security/Cryptography/AlgorithmImplementations/RSA/EncryptDecrypt.netcoreapp.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
// The .NET Foundation licenses this file to you under the MIT license.

using System.Linq;
using System.Security.Cryptography.Tests;
using Xunit;

namespace System.Security.Cryptography.Rsa.Tests
Expand Down Expand Up @@ -71,9 +72,8 @@ private static byte[] TryWithOutputArray(Func<byte[], (bool, int)> func)
[Fact]
public void Decrypt_VariousSizeSpans_Success()
{
using (RSA rsa = RSAFactory.Create())
using (RSA rsa = RSAFactory.Create(TestData.RSA1024Params))
{
rsa.ImportParameters(TestData.RSA1024Params);
byte[] cipherBytes = Encrypt(rsa, TestData.HelloBytes, RSAEncryptionPadding.OaepSHA1);
byte[] actual;
int bytesWritten;
Expand Down Expand Up @@ -103,9 +103,8 @@ public void Decrypt_VariousSizeSpans_Success()
[Fact]
public void Encrypt_VariousSizeSpans_Success()
{
using (RSA rsa = RSAFactory.Create())
using (RSA rsa = RSAFactory.Create(TestData.RSA1024Params))
{
rsa.ImportParameters(TestData.RSA1024Params);
byte[] cipherBytes = Encrypt(rsa, TestData.HelloBytes, RSAEncryptionPadding.OaepSHA1);
byte[] actual;
int bytesWritten;
Expand Down Expand Up @@ -148,8 +147,9 @@ public void Decrypt_WrongKey_OAEP_SHA256()
[Fact]
public static void EncryptDefaultSpan()
{
using (RSA rsa = RSAFactory.Create())
using (RSALease lease = RSAFactory.CreateIdempotent())
{
RSA rsa = lease.Key;
byte[] dest = new byte[rsa.KeySize / 8];

Assert.True(
Expand All @@ -166,11 +166,11 @@ public static void EncryptDefaultSpan()

private static void Decrypt_WrongKey(RSAEncryptionPadding padding)
{
using (RSA rsa1 = RSAFactory.Create())
using (RSA rsa2 = RSAFactory.Create())
using (RSALease rsa1 = RSAFactory.CreateIdempotent())
using (RSALease rsa2 = RSAFactory.CreateIdempotent())
{
byte[] input = TestData.HelloBytes;
byte[] encrypted = rsa1.Encrypt(input, padding);
byte[] encrypted = rsa1.Key.Encrypt(input, padding);
byte[] buf = new byte[encrypted.Length];
buf.AsSpan().Fill(0xCA);

Expand All @@ -196,7 +196,7 @@ private static void Decrypt_WrongKey(RSAEncryptionPadding padding)
// false should never be returned.
//
// But if the padding doesn't work out (109384 out of 109385, see above) we'll throw.
bool decrypted = rsa2.TryDecrypt(encrypted, buf, padding, out bytesWritten);
bool decrypted = rsa2.Key.TryDecrypt(encrypted, buf, padding, out bytesWritten);
Assert.True(decrypted, "Pkcs1 TryDecrypt succeeded with a large buffer");

// If bytesWritten != input.Length, we got back gibberish, which is good.
Expand All @@ -211,7 +211,7 @@ private static void Decrypt_WrongKey(RSAEncryptionPadding padding)
//
// For RSA-1024 (less freedom) it's 1 in 5.363e19, so like 1.6 trillion years.

if (rsa2.TryDecrypt(encrypted, buf, padding, out bytesWritten)
if (rsa2.Key.TryDecrypt(encrypted, buf, padding, out bytesWritten)
&& bytesWritten == input.Length)
{
// We'll get -here- 1 in 111014 runs (RSA-2048 Pkcs1).
Expand Down
20 changes: 6 additions & 14 deletions ...es/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/ImportExport.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,9 +58,8 @@ public static void PaddedExport()
RSAParameters diminishedDPParameters = TestData.DiminishedDPParameters;
RSAParameters exported;

using (RSA rsa = RSAFactory.Create())
using (RSA rsa = RSAFactory.Create(diminishedDPParameters))
{
rsa.ImportParameters(diminishedDPParameters);
exported = rsa.ExportParameters(true);
}

Expand Down Expand Up @@ -111,9 +110,8 @@ public static void UnusualExponentImportExport()
RSAParameters unusualExponentParameters = TestData.UnusualExponentParameters;
RSAParameters exported;

using (RSA rsa = RSAFactory.Create())
using (RSA rsa = RSAFactory.Create(unusualExponentParameters))
{
rsa.ImportParameters(unusualExponentParameters);
exported = rsa.ExportParameters(true);
}

Expand All @@ -129,9 +127,8 @@ public static void ImportExport1032()
RSAParameters exported;
RSAParameters exportedPublic;

using (RSA rsa = RSAFactory.Create())
using (RSA rsa = RSAFactory.Create(imported))
{
rsa.ImportParameters(imported);
exported = rsa.ExportParameters(true);
exportedPublic = rsa.ExportParameters(false);
}
Expand Down Expand Up @@ -178,10 +175,8 @@ public static void ImportPrivateExportPublic()
{
RSAParameters imported = TestData.RSA1024Params;

using (RSA rsa = RSAFactory.Create())
using (RSA rsa = RSAFactory.Create(imported))
{
rsa.ImportParameters(imported);

RSAParameters exportedPublic = rsa.ExportParameters(false);

Assert.Equal(imported.Modulus, exportedPublic.Modulus);
Expand All @@ -196,10 +191,8 @@ public static void MultiExport()
{
RSAParameters imported = TestData.RSA1024Params;

using (RSA rsa = RSAFactory.Create())
using (RSA rsa = RSAFactory.Create(imported))
{
rsa.ImportParameters(imported);

RSAParameters exportedPrivate = rsa.ExportParameters(true);
RSAParameters exportedPrivate2 = rsa.ExportParameters(true);
RSAParameters exportedPublic = rsa.ExportParameters(false);
Expand Down Expand Up @@ -231,9 +224,8 @@ public static void PublicOnlyPrivateExport()
Exponent = TestData.RSA1024Params.Exponent,
};

using (RSA rsa = RSAFactory.Create())
using (RSA rsa = RSAFactory.Create(imported))
{
rsa.ImportParameters(imported);
Assert.ThrowsAny<CryptographicException>(() => rsa.ExportParameters(true));
}
}
Expand Down
33 changes: 33 additions & 0 deletions ...ries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/RSAFactory.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
// Licensed to the .NET Foundation under one or more agreements.
// The .NET Foundation licenses this file to you under the MIT license.

using System.Security.Cryptography.Tests;

namespace System.Security.Cryptography.Rsa.Tests
{
public interface IRSAProvider
Expand Down Expand Up @@ -33,6 +35,37 @@ public static RSA Create(RSAParameters rsaParameters)
return rsa;
}

internal static RSALease CreateIdempotent()
{
RSALease? lease = null;
CreateIdempotent(ref lease);

if (lease != null)
{
return lease.Value;
}

RSA key = Create();
return new RSALease(key, key);
}

internal static RSALease CreateIdempotent(int keySize)
{
RSALease? lease = null;
CreateIdempotent(keySize, ref lease);

if (lease != null)
{
return lease.Value;
}

RSA key = Create(keySize);
return new RSALease(key, key);
}

static partial void CreateIdempotent(ref RSALease? lease);
static partial void CreateIdempotent(int keySize, ref RSALease? lease);

public static bool Supports384PrivateKey => s_provider.Supports384PrivateKey;

public static bool SupportsLargeExponent => s_provider.SupportsLargeExponent;
Expand Down
Loading