From 5e2d0c929c240bb5401ab2146b70a06aa614c687 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Tue, 21 Mar 2017 17:25:32 -0400 Subject: [PATCH] Add some more RSA-PSS verification tests. Playing around with the code, we seem to have sufficient positive test vectors for the logic around the high bits, but not negative test vectors. Add some. Also add a negative test vector for the trailing byte. (For future reference, use openssl rsautl -raw for raw RSA operations and openssl pkeyutil for EVP_PKEY_sign.) Change-Id: I36eddf048e51e037fd924902cd13dcb3c62bfd02 Reviewed-on: https://boringssl-review.googlesource.com/14325 Commit-Queue: David Benjamin Commit-Queue: Steven Valdez Reviewed-by: Steven Valdez CQ-Verified: CQ bot account: commit-bot@chromium.org --- crypto/evp/evp_tests.txt | 50 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) diff --git a/crypto/evp/evp_tests.txt b/crypto/evp/evp_tests.txt index 48121f9c..b614a5fb 100644 --- a/crypto/evp/evp_tests.txt +++ b/crypto/evp/evp_tests.txt @@ -27,6 +27,11 @@ PrivateKey = RSA-512 Type = RSA Input = 30820154020100300d06092a864886f70d01010105000482013e3082013a020100024100dd20403d976a38c9d79152d87b5c8e9f05033eadd7b7de709bf5b0c4a5182a97d18483526b02362b992e154a9f37faa396ca2685cdab8fec09877ebe705f4dd70203010001024055bebcca655d7e39de8a6eaa9d636db682161907064039544755c53eeb99ec618c03a210dbc61471eaba10c5c365c9726d6b7a96f54d455f7d168d49367270e1022100f21a05d9fd6817301ce49ce10448f9bdd44f5ef5b7557cd7d83155db46382ae7022100e9d1f7157783db2feab1936954ddc4e83aa365695868144cda1be6813b61d791022100d6001eb0040920860ce41fafdf23ca6dfbdf74e6e9f98cf3164cf5c16f9e727d02206f6f73f4b52b10517be6f9bc5f87fa0a3bb817e2e711636b651f9af1c85d4f21022063eff2e57f5b4ca20342cfe793e25526624e3692f192461f9e1ce7f13f2d72c8 +# RSA 515 bit key. +PrivateKey = RSA-515 +Type = RSA +Input = 30820157020100300d06092a864886f70d0101010500048201413082013d0201000241054fa166e205e658bbe8a2dc35311c0c2b75b7e4569fd9642c8bae809279271fc824f26baa1166ea46298ca63379ea76adbada2b61e5066820a35beaec1aca227f020301000102410266c972be0d30e53ac2acb1aa13b4bd0401cccf212452a66b4615f7e943831f67b4ca48560582d0ca886044aaaaf87945252a848c1947944186e6eb83969bf91102210309e631761842cc8a2ccfd372c20a9cba21de1a199c30ab440bc6b51079f4e825022101bf715c1db432627ca7c29a293b9210f2eff1e92d12f306ebaa5334f8ee03dcd30221018ac58a765f2b8f37d434081fe5ff92b81735ead2f263f4968ccf63d61fbe3d0d0221015b247a1159a2d5a25d0db049593c6405f77f3a278c521d066e290c2a2d8fb59d0221026224aa31fd95c14d24fd03b8a195bba4cc88df7c37f5370a5ab19f882f1404d6 + # EC P-256 key PrivateKey = P-256 Type = EC @@ -285,6 +290,51 @@ Input = "0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF" Output = 457001d9ca50a93385fc5ec721c9dbbe7a0f2e9e4a2f846a30a8811dde66347b83901c7492039243537c7a667fafffd69049bcbd36afd0010d9b425e2d8785c1 Error = DATA_TOO_LARGE +# Sample RSA-515 signature. +Verify = RSA-515 +RSAPadding = PSS +PSSSaltLength = 0 +Digest = SHA256 +Input = "0123456789ABCDEF0123456789ABCDEF" +Output = 00c5926600f160f85e7fe950cfe123908384211cd8fe25c90cb8e8cc0593308e9aa2efe3acbf100ec1658ded8f72f506525fc2c44f06251b08d896e7bb3f05b135 + +# The above, but with too few leading zeros. +Verify = RSA-515 +RSAPadding = PSS +PSSSaltLength = 0 +Digest = SHA256 +Input = "0123456789ABCDEF0123456789ABCDEF" +Output = c5926600f160f85e7fe950cfe123908384211cd8fe25c90cb8e8cc0593308e9aa2efe3acbf100ec1658ded8f72f506525fc2c44f06251b08d896e7bb3f05b135 +Error = DATA_LEN_NOT_EQUAL_TO_MOD_LEN + +# The above, but with too many leading zeros. +Verify = RSA-515 +RSAPadding = PSS +PSSSaltLength = 0 +Digest = SHA256 +Input = "0123456789ABCDEF0123456789ABCDEF" +Output = 0000c5926600f160f85e7fe950cfe123908384211cd8fe25c90cb8e8cc0593308e9aa2efe3acbf100ec1658ded8f72f506525fc2c44f06251b08d896e7bb3f05b135 +Error = DATA_LEN_NOT_EQUAL_TO_MOD_LEN + +# The above with an invalid leading byte. The top few bits of EM are required to +# be cleared. +Verify = RSA-515 +RSAPadding = PSS +PSSSaltLength = 0 +Digest = SHA256 +Input = "0123456789ABCDEF0123456789ABCDEF" +Output = 007f803c832a2090aea04013d9fa9c1630732a1625232826d235f0950f7050d3fb0eb06ef9ea8b260fad68e1165a2d770a8c7fc7a8aaa68620b021fc19c97e0041 +Error = FIRST_OCTET_INVALID + +# The above with an invalid trailing byte. +Verify = RSA-515 +RSAPadding = PSS +PSSSaltLength = 0 +Digest = SHA256 +Input = "0123456789ABCDEF0123456789ABCDEF" +Output = 03e68555035891eb08d96c0967db22328cd892ad2856d88516ecb946bfdba732bb029b5c0dfa2119ed7349897d2324e95e86d91d0c4afc82700a36db8933abbf58 +Error = LAST_OCTET_INVALID + # RSA decrypt