[77] Improve test suite for RSAEncrypter/Decrypter

.gitignore

@@ -78,45 +78,4 @@ DerivedData/
 /*.gcno
 
 
-## Playgrounds
-timeline.xctimeline
-playground.xcworkspace
-
-# Swift Package Manager
-#
-# Add this line if you want to avoid checking in source code from Swift Package Manager dependencies.
-# Packages/
-# Package.pins
-.build/
-
-# CocoaPods
-#
-# We recommend against adding the Pods directory to your .gitignore. However
-# you should judge for yourself, the pros and cons are mentioned at:
-# https://guides.cocoapods.org/using/using-cocoapods.html#should-i-check-the-pods-directory-into-source-control
-#
-Pods/
-
-# Carthage
-#
-# Add this line if you want to avoid checking in source code from Carthage dependencies.
-# Carthage/Checkouts
-
-Carthage/Build
-
-# fastlane
-#
-# It is recommended to not store the screenshots in the git repo. Instead, use fastlane to re-generate the
-# screenshots whenever they are needed.
-# For more information about the recommended setup visit:
-# https://docs.fastlane.tools/best-practices/source-control/#source-control
-
-fastlane/report.xml
-fastlane/Preview.html
-fastlane/screenshots
-fastlane/test_output
-/test_output
-
-.idea/
-sonar-reports/
-/JOSESwift.xcworkspace/xcshareddata
+# End of https://www.gitignore.io/api/xcode,macos,carthage,cocoapods

Tests/EncrypterDecrypterInitializationTests.swift

@@ -29,19 +29,19 @@ class EncrypterDecrypterInitializationTests: CryptoTestCase {
     @available(*, deprecated)
     func testEncrypterDeprecatedRSAInitialization() {
         XCTAssertNotNil(
-            Encrypter(keyEncryptionAlgorithm: .RSA1_5, keyEncryptionKey: publicKey2048!, contentEncyptionAlgorithm: .A256CBCHS512)
+            Encrypter(keyEncryptionAlgorithm: .RSA1_5, keyEncryptionKey: publicKeyAlice2048!, contentEncyptionAlgorithm: .A256CBCHS512)
         )
     }
 
     func testEncrypterNewRSAInitialization() {
         XCTAssertNotNil(
-            Encrypter(keyEncryptionAlgorithm: .RSA1_5, encryptionKey: publicKey2048!, contentEncyptionAlgorithm: .A256CBCHS512)
+            Encrypter(keyEncryptionAlgorithm: .RSA1_5, encryptionKey: publicKeyAlice2048!, contentEncyptionAlgorithm: .A256CBCHS512)
         )
     }
 
     func testEncrypterRSAInitializationWrongAlgorithm() {
         XCTAssertNil(
-            Encrypter(keyEncryptionAlgorithm: .direct, encryptionKey: publicKey2048!, contentEncyptionAlgorithm: .A256CBCHS512)
+            Encrypter(keyEncryptionAlgorithm: .direct, encryptionKey: publicKeyAlice2048!, contentEncyptionAlgorithm: .A256CBCHS512)
         )
     }
 
@@ -53,26 +53,26 @@ class EncrypterDecrypterInitializationTests: CryptoTestCase {
 
     func testEncrypterDirectInitializationWrongKeyType() {
         XCTAssertNil(
-            Encrypter(keyEncryptionAlgorithm: .direct, encryptionKey: publicKey2048!, contentEncyptionAlgorithm: .A256CBCHS512)
+            Encrypter(keyEncryptionAlgorithm: .direct, encryptionKey: publicKeyAlice2048!, contentEncyptionAlgorithm: .A256CBCHS512)
         )
     }
 
     @available(*, deprecated)
     func testDecrypterDeprecatedRSAInitialization() {
         XCTAssertNotNil(
-            Decrypter(keyDecryptionAlgorithm: .RSA1_5, keyDecryptionKey: privateKey2048!, contentDecryptionAlgorithm: .A256CBCHS512)
+            Decrypter(keyDecryptionAlgorithm: .RSA1_5, keyDecryptionKey: privateKeyAlice2048!, contentDecryptionAlgorithm: .A256CBCHS512)
         )
     }
 
     func testDecrypterNewRSAInitialization() {
         XCTAssertNotNil(
-            Decrypter(keyDecryptionAlgorithm: .RSA1_5, decryptionKey: privateKey2048!, contentDecryptionAlgorithm: .A256CBCHS512)
+            Decrypter(keyDecryptionAlgorithm: .RSA1_5, decryptionKey: privateKeyAlice2048!, contentDecryptionAlgorithm: .A256CBCHS512)
         )
     }
 
     func testDecrypterRSAInitializationWrongAlgorithm() {
         XCTAssertNil(
-            Decrypter(keyDecryptionAlgorithm: .direct, decryptionKey: privateKey2048!, contentDecryptionAlgorithm: .A256CBCHS512)
+            Decrypter(keyDecryptionAlgorithm: .direct, decryptionKey: privateKeyAlice2048!, contentDecryptionAlgorithm: .A256CBCHS512)
         )
     }
 
@@ -84,7 +84,7 @@ class EncrypterDecrypterInitializationTests: CryptoTestCase {
 
     func testDecrypterDirectInitializationWrongKeyType() {
         XCTAssertNil(
-            Decrypter(keyDecryptionAlgorithm: .direct, decryptionKey: privateKey2048!, contentDecryptionAlgorithm: .A256CBCHS512)
+            Decrypter(keyDecryptionAlgorithm: .direct, decryptionKey: privateKeyAlice2048!, contentDecryptionAlgorithm: .A256CBCHS512)
         )
     }
 

Tests/JWEDirectEncryptionTests.swift

@@ -74,7 +74,7 @@ class JWEDirectEncryptionTests: CryptoTestCase {
     }
 
     func testDecryptWithCorrectAlgWrongKeyType() {
-        let privateKey = privateKey2048!
+        let privateKey = privateKeyAlice2048!
 
         let jwe = try! JWE(compactSerialization: serializationFromNimbus)
 
@@ -102,7 +102,7 @@ class JWEDirectEncryptionTests: CryptoTestCase {
             with: "eyJlbmMiOiJBMjU2Q0JDLUhTNTEyIiwiYWxnIjoiUlNBMV81In0"
         )
 
-        let privateKey = privateKey2048!
+        let privateKey = privateKeyAlice2048!
 
         let jwe = try! JWE(compactSerialization: serialization)
 

Tests/JWERSATests.swift

@@ -37,7 +37,7 @@ class JWETests: CryptoTestCase {
     func testJWERoundtrip() {
         let header = JWEHeader(algorithm: .RSA1_5, encryptionAlgorithm: .A256CBCHS512)
         let payload = Payload(message.data(using: .utf8)!)
-        let encrypter = Encrypter(keyEncryptionAlgorithm: .RSA1_5, keyEncryptionKey: publicKeyAlice2048!, contentEncyptionAlgorithm: .A256CBCHS512)!
+        let encrypter = Encrypter(keyEncryptionAlgorithm: .RSA1_5, encryptionKey: publicKeyAlice2048!, contentEncyptionAlgorithm: .A256CBCHS512)!
         let jweEnc = try! JWE(header: header, payload: payload, encrypter: encrypter)
 
         let jweDec = try! JWE(compactSerialization: jweEnc.compactSerializedData)
@@ -57,7 +57,7 @@ class JWETests: CryptoTestCase {
     func testDecryptFails() {
         let header = JWEHeader(algorithm: .RSA1_5, encryptionAlgorithm: .A256CBCHS512)
         let payload = Payload(message.data(using: .utf8)!)
-        let encrypter = Encrypter(keyEncryptionAlgorithm: .RSA1_5, keyEncryptionKey: publicKeyAlice2048!, contentEncyptionAlgorithm: .A256CBCHS512)!
+        let encrypter = Encrypter(keyEncryptionAlgorithm: .RSA1_5, encryptionKey: publicKeyAlice2048!, contentEncyptionAlgorithm: .A256CBCHS512)!
         let jweEnc = try! JWE(header: header, payload: payload, encrypter: encrypter)
 
         let attributes: [String: Any] = [

Tests/RSADecrypterTests.swift

@@ -119,7 +119,7 @@ sVyhqpFuZQ6hhklG9lJr6OBBuk/+pcJYdHuYEuLnJhPeKqF/9xgMOU0e0xLMtkQW+IfDMlm0oAVavHrx
         }
     }
 
-    func testCipherTextLengthTooShort() {
+    func testCipherTextLengthZero() {
         guard privateKeyAlice2048 != nil else {
             XCTFail()
             return
@@ -131,4 +131,56 @@ sVyhqpFuZQ6hhklG9lJr6OBBuk/+pcJYdHuYEuLnJhPeKqF/9xgMOU0e0xLMtkQW+IfDMlm0oAVavHrx
         }
     }
 
+    func testCipherTextLengthExactlyRight() {
+        guard privateKeyAlice2048 != nil else {
+            XCTFail()
+            return
+        }
+
+        // Length checking: If the length of the ciphertext C is not k octets
+        // (or if k < 11), output "decryption error" and stop.
+        // See 7.2.2 Decryption operation RSAES-PKCS1-V1_5-DECRYPT (K, C)
+        // https://tools.ietf.org/html/rfc3447#section-7.2.2
+        let cipherTextLengthInBytes = SecKeyGetBlockSize(privateKeyAlice2048!)
+        let testMessage = Data(count: cipherTextLengthInBytes)
+
+        let decrypter = RSADecrypter(algorithm: .RSA1_5, privateKey: privateKeyAlice2048!)
+
+        XCTAssertThrowsError(try decrypter.decrypt(testMessage)) { (error: Error) in
+            // Should throw "decryption failed", but
+            // should _not_ throw cipherTextLenghtNotSatisfied
+            XCTAssertNotEqual(error as? RSAError, RSAError.cipherTextLenghtNotSatisfied)
+        }
+    }
+
+    func testCipherTextLengthTooLongByOneByte() {
+        guard privateKeyAlice2048 != nil else {
+            XCTFail()
+            return
+        }
+
+        let cipherTextLengthInBytes = SecKeyGetBlockSize(privateKeyAlice2048!)
+        let testMessage = Data(count: cipherTextLengthInBytes + 1)
+
+        let decrypter = RSADecrypter(algorithm: .RSA1_5, privateKey: privateKeyAlice2048!)
+        XCTAssertThrowsError(try decrypter.decrypt(testMessage)) { (error: Error) in
+            XCTAssertEqual(error as? RSAError, RSAError.cipherTextLenghtNotSatisfied)
+        }
+    }
+
+    func testCipherTextLengthTooShortByOneByte() {
+        guard privateKeyAlice2048 != nil else {
+            XCTFail()
+            return
+        }
+
+        let cipherTextLengthInBytes = SecKeyGetBlockSize(privateKeyAlice2048!)
+        let testMessage = Data(count: cipherTextLengthInBytes - 1)
+
+        let decrypter = RSADecrypter(algorithm: .RSA1_5, privateKey: privateKeyAlice2048!)
+        XCTAssertThrowsError(try decrypter.decrypt(testMessage)) { (error: Error) in
+            XCTAssertEqual(error as? RSAError, RSAError.cipherTextLenghtNotSatisfied)
+        }
+    }
+
 }

Tests/RSAEncrypterTests.swift

@@ -146,4 +146,34 @@ class RSAEncrypterTests: CryptoTestCase {
         }
     }
 
+    func testMaximumPlainTextLength() {
+        guard publicKeyAlice2048 != nil else {
+            XCTFail()
+            return
+        }
+
+        // RSAES-PKCS1-v1_5 can operate on messages of length up to k - 11 octets (k = octet length of the RSA modulus)
+        // See https://tools.ietf.org/html/rfc3447#section-7.2
+        let maxMessageLengthInBytes = SecKeyGetBlockSize(publicKeyAlice2048!) - 11
+        let testMessage = Data(count: maxMessageLengthInBytes)
+
+        let encrypter = RSAEncrypter(algorithm: .RSA1_5, publicKey: publicKeyAlice2048!)
+        XCTAssertNoThrow(try encrypter.encrypt(testMessage))
+    }
+
+    func testMaximumPlainTextLengthPlusOne() {
+        guard publicKeyAlice2048 != nil else {
+            XCTFail()
+            return
+        }
+
+        let maxMessageLengthInBytes = SecKeyGetBlockSize(publicKeyAlice2048!) - 11
+        let testMessage = Data(count: maxMessageLengthInBytes + 1)
+
+        let encrypter = RSAEncrypter(algorithm: .RSA1_5, publicKey: publicKeyAlice2048!)
+        XCTAssertThrowsError(try encrypter.encrypt(testMessage)) { (error: Error) in
+            XCTAssertEqual(error as? RSAError, RSAError.plainTextLengthNotSatisfied)
+        }
+    }
+
 }