From 0777a3ef7af115b8acedc03a4e33c3637ec3ea68 Mon Sep 17 00:00:00 2001 From: rajpreetcodes Date: Tue, 26 May 2026 01:46:03 +0530 Subject: [PATCH] fix(cipher/diffiehellman): use valid random private keys in key-exchange test The key-exchange test generated "random" private keys via rsa.GenerateKey(rand.Reader, 31) and read .D.Int64(). Go 1.24 added a minimum RSA key size of 1024 bits, so GenerateKey now returns "rsa: key too small" and a nil key. The test ignored that error and dereferenced the nil key, causing a nil-pointer panic on Go >= 1.24 (the version CI's "^1.18" spec resolves to). Generate the private keys directly with crypto/rand in the valid Diffie-Hellman range [1, primeNumber-1] instead. This removes the broken RSA dependency and also makes the test meaningful: the previous .D.Int64() could be negative, which drove modularExponentiation down a degenerate path so the assertion held even for invalid inputs. --- .../diffiehellmankeyexchange_test.go | 28 +++++++++++++------ 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/cipher/diffiehellman/diffiehellmankeyexchange_test.go b/cipher/diffiehellman/diffiehellmankeyexchange_test.go index 7fe5ca7b9..ec5a76700 100644 --- a/cipher/diffiehellman/diffiehellmankeyexchange_test.go +++ b/cipher/diffiehellman/diffiehellmankeyexchange_test.go @@ -2,10 +2,22 @@ package diffiehellman import ( "crypto/rand" - "crypto/rsa" + "math/big" "testing" ) +// randomPrivateKey returns a uniformly random private key in the range +// [1, primeNumber-1], which is the valid range for a Diffie-Hellman secret. +func randomPrivateKey(t *testing.T) int64 { + t.Helper() + // rand.Int returns a value in [0, primeNumber-1); shift by 1 to get [1, primeNumber-1]. + n, err := rand.Int(rand.Reader, big.NewInt(primeNumber-1)) + if err != nil { + t.Fatalf("failed to generate random private key: %v", err) + } + return n.Int64() + 1 +} + func TestDiffieHellmanKeyExchange(t *testing.T) { t.Run("Test 1: modularExponentiation", func(t *testing.T) { var want int64 = 9 // (3^5)mod13 = 243mod13 = 9 @@ -20,19 +32,19 @@ func TestDiffieHellmanKeyExchange(t *testing.T) { }) t.Run("Test 2: Key Exchange", func(t *testing.T) { - // generating a small sized rsa_cipher key for testing - alicePrvKey, _ := rsa.GenerateKey(rand.Reader, 31) - bobPrvKey, _ := rsa.GenerateKey(rand.Reader, 31) + // alice and bob each pick a private key + alicePrvKey := randomPrivateKey(t) + bobPrvKey := randomPrivateKey(t) // alice and bob generates their respective share key with their privateKey - shareKeyByAlice := GenerateShareKey(alicePrvKey.D.Int64()) - shareKeyByBob := GenerateShareKey(bobPrvKey.D.Int64()) + shareKeyByAlice := GenerateShareKey(alicePrvKey) + shareKeyByBob := GenerateShareKey(bobPrvKey) // generated share key now can be exchanged even via insecure channel // mutualKey can be computed using shared key - mutualKeyComputedByAlice := GenerateMutualKey(alicePrvKey.D.Int64(), shareKeyByBob) - mutualKeyComputedByBob := GenerateMutualKey(bobPrvKey.D.Int64(), shareKeyByAlice) + mutualKeyComputedByAlice := GenerateMutualKey(alicePrvKey, shareKeyByBob) + mutualKeyComputedByBob := GenerateMutualKey(bobPrvKey, shareKeyByAlice) if mutualKeyComputedByAlice != mutualKeyComputedByBob { t.Errorf("mutual key computed by alice and bob should be same, but got un-equal")