Add some more RSA-PSS verification tests.
Playing around with the code, we seem to have sufficient positive test vectors for the logic around the high bits, but not negative test vectors. Add some. Also add a negative test vector for the trailing byte. (For future reference, use openssl rsautl -raw for raw RSA operations and openssl pkeyutil for EVP_PKEY_sign.) Change-Id: I36eddf048e51e037fd924902cd13dcb3c62bfd02 Reviewed-on: https://boringssl-review.googlesource.com/14325 Commit-Queue: David Benjamin <davidben@google.com> Commit-Queue: Steven Valdez <svaldez@google.com> Reviewed-by: Steven Valdez <svaldez@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
This commit is contained in:
parent
57e81e666a
commit
5e2d0c929c
@ -27,6 +27,11 @@ PrivateKey = RSA-512
|
||||
Type = RSA
|
||||
Input = 30820154020100300d06092a864886f70d01010105000482013e3082013a020100024100dd20403d976a38c9d79152d87b5c8e9f05033eadd7b7de709bf5b0c4a5182a97d18483526b02362b992e154a9f37faa396ca2685cdab8fec09877ebe705f4dd70203010001024055bebcca655d7e39de8a6eaa9d636db682161907064039544755c53eeb99ec618c03a210dbc61471eaba10c5c365c9726d6b7a96f54d455f7d168d49367270e1022100f21a05d9fd6817301ce49ce10448f9bdd44f5ef5b7557cd7d83155db46382ae7022100e9d1f7157783db2feab1936954ddc4e83aa365695868144cda1be6813b61d791022100d6001eb0040920860ce41fafdf23ca6dfbdf74e6e9f98cf3164cf5c16f9e727d02206f6f73f4b52b10517be6f9bc5f87fa0a3bb817e2e711636b651f9af1c85d4f21022063eff2e57f5b4ca20342cfe793e25526624e3692f192461f9e1ce7f13f2d72c8
|
||||
|
||||
# RSA 515 bit key.
|
||||
PrivateKey = RSA-515
|
||||
Type = RSA
|
||||
Input = 30820157020100300d06092a864886f70d0101010500048201413082013d0201000241054fa166e205e658bbe8a2dc35311c0c2b75b7e4569fd9642c8bae809279271fc824f26baa1166ea46298ca63379ea76adbada2b61e5066820a35beaec1aca227f020301000102410266c972be0d30e53ac2acb1aa13b4bd0401cccf212452a66b4615f7e943831f67b4ca48560582d0ca886044aaaaf87945252a848c1947944186e6eb83969bf91102210309e631761842cc8a2ccfd372c20a9cba21de1a199c30ab440bc6b51079f4e825022101bf715c1db432627ca7c29a293b9210f2eff1e92d12f306ebaa5334f8ee03dcd30221018ac58a765f2b8f37d434081fe5ff92b81735ead2f263f4968ccf63d61fbe3d0d0221015b247a1159a2d5a25d0db049593c6405f77f3a278c521d066e290c2a2d8fb59d0221026224aa31fd95c14d24fd03b8a195bba4cc88df7c37f5370a5ab19f882f1404d6
|
||||
|
||||
# EC P-256 key
|
||||
PrivateKey = P-256
|
||||
Type = EC
|
||||
@ -285,6 +290,51 @@ Input = "0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF"
|
||||
Output = 457001d9ca50a93385fc5ec721c9dbbe7a0f2e9e4a2f846a30a8811dde66347b83901c7492039243537c7a667fafffd69049bcbd36afd0010d9b425e2d8785c1
|
||||
Error = DATA_TOO_LARGE
|
||||
|
||||
# Sample RSA-515 signature.
|
||||
Verify = RSA-515
|
||||
RSAPadding = PSS
|
||||
PSSSaltLength = 0
|
||||
Digest = SHA256
|
||||
Input = "0123456789ABCDEF0123456789ABCDEF"
|
||||
Output = 00c5926600f160f85e7fe950cfe123908384211cd8fe25c90cb8e8cc0593308e9aa2efe3acbf100ec1658ded8f72f506525fc2c44f06251b08d896e7bb3f05b135
|
||||
|
||||
# The above, but with too few leading zeros.
|
||||
Verify = RSA-515
|
||||
RSAPadding = PSS
|
||||
PSSSaltLength = 0
|
||||
Digest = SHA256
|
||||
Input = "0123456789ABCDEF0123456789ABCDEF"
|
||||
Output = c5926600f160f85e7fe950cfe123908384211cd8fe25c90cb8e8cc0593308e9aa2efe3acbf100ec1658ded8f72f506525fc2c44f06251b08d896e7bb3f05b135
|
||||
Error = DATA_LEN_NOT_EQUAL_TO_MOD_LEN
|
||||
|
||||
# The above, but with too many leading zeros.
|
||||
Verify = RSA-515
|
||||
RSAPadding = PSS
|
||||
PSSSaltLength = 0
|
||||
Digest = SHA256
|
||||
Input = "0123456789ABCDEF0123456789ABCDEF"
|
||||
Output = 0000c5926600f160f85e7fe950cfe123908384211cd8fe25c90cb8e8cc0593308e9aa2efe3acbf100ec1658ded8f72f506525fc2c44f06251b08d896e7bb3f05b135
|
||||
Error = DATA_LEN_NOT_EQUAL_TO_MOD_LEN
|
||||
|
||||
# The above with an invalid leading byte. The top few bits of EM are required to
|
||||
# be cleared.
|
||||
Verify = RSA-515
|
||||
RSAPadding = PSS
|
||||
PSSSaltLength = 0
|
||||
Digest = SHA256
|
||||
Input = "0123456789ABCDEF0123456789ABCDEF"
|
||||
Output = 007f803c832a2090aea04013d9fa9c1630732a1625232826d235f0950f7050d3fb0eb06ef9ea8b260fad68e1165a2d770a8c7fc7a8aaa68620b021fc19c97e0041
|
||||
Error = FIRST_OCTET_INVALID
|
||||
|
||||
# The above with an invalid trailing byte.
|
||||
Verify = RSA-515
|
||||
RSAPadding = PSS
|
||||
PSSSaltLength = 0
|
||||
Digest = SHA256
|
||||
Input = "0123456789ABCDEF0123456789ABCDEF"
|
||||
Output = 03e68555035891eb08d96c0967db22328cd892ad2856d88516ecb946bfdba732bb029b5c0dfa2119ed7349897d2324e95e86d91d0c4afc82700a36db8933abbf58
|
||||
Error = LAST_OCTET_INVALID
|
||||
|
||||
|
||||
# RSA decrypt
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user