diff options
author | slontis <shane.lontis@oracle.com> | 2023-02-06 14:26:23 +1000 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2023-02-08 16:19:02 +0100 |
commit | 416a9286859d444e5a77bbdcc73f0c35b34e574b (patch) | |
tree | 7d10a9f0e9a634e572164e3f799f411165be392e /test/rsa_test.c | |
parent | 23e65561e28f705f8f59128470aaf89bdbdb84fa (diff) |
Add Tests for RSA_sign_ASN1_OCTET_STRING & RSA_verify_ASN1_OCTET_STRING
Note: Internally RSA_sign_ASN1_OCTET_STRING() is used with
RSA signing only when the digest is MDC2,
and RSA_verify_ASN1_OCTET_STRING() is unused.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20220)
Diffstat (limited to 'test/rsa_test.c')
-rw-r--r-- | test/rsa_test.c | 204 |
1 files changed, 204 insertions, 0 deletions
diff --git a/test/rsa_test.c b/test/rsa_test.c index 62a54df74d..82c3097085 100644 --- a/test/rsa_test.c +++ b/test/rsa_test.c @@ -391,10 +391,214 @@ err: return r; } +static RSA *load_key(int priv) +{ + RSA *rsa = NULL; + BIGNUM *pn = NULL, *pe = NULL, *pd= NULL; + + /* RSA key extracted using > openssl genpkey -algorithm RSA -text */ + static const unsigned char n[] = { + 0x00, 0xbe, 0x24, 0x14, 0xf2, 0x39, 0xde, 0x19, 0xb3, 0xd7, 0x86, 0x1e, 0xf8, 0xd3, 0x97, + 0x9f, 0x78, 0x28, 0x4c, 0xbf, 0xef, 0x03, 0x29, 0xc5, 0xeb, 0x97, 0x18, 0xdb, 0xa5, 0x17, + 0x07, 0x57, 0x96, 0xe2, 0x45, 0x91, 0x2b, 0xd2, 0x9e, 0x28, 0x61, 0xa7, 0x8f, 0x39, 0xaa, + 0xde, 0x94, 0x6d, 0x2b, 0x39, 0xde, 0xbe, 0xcf, 0xd7, 0x29, 0x16, 0x3a, 0x1a, 0x86, 0x2f, + 0xff, 0x7a, 0x2f, 0x12, 0xc4, 0x8a, 0x32, 0x06, 0x6f, 0x40, 0x42, 0x37, 0xaa, 0x5f, 0xaf, + 0x40, 0x77, 0xa5, 0x73, 0x09, 0xbf, 0xc5, 0x85, 0x79, 0xc0, 0x38, 0xd6, 0xb7, 0x2f, 0x77, + 0xf0, 0x5a, 0xaf, 0xaf, 0xc3, 0x63, 0x4b, 0xea, 0xa2, 0x0c, 0x27, 0xcd, 0x7c, 0x77, 0xf4, + 0x29, 0x5a, 0x69, 0xbd, 0xfe, 0x17, 0xb6, 0xc5, 0xd7, 0xc0, 0x40, 0xf9, 0x29, 0x46, 0x1f, + 0xc0, 0x4b, 0xcf, 0x4e, 0x8f, 0x74, 0xd9, 0xc8, 0xd0, 0xde, 0x9c, 0x48, 0x57, 0xcc, 0x30, + 0xbc, 0x06, 0x47, 0x4a, 0x8e, 0x40, 0x8a, 0xa1, 0x2a, 0x09, 0x8d, 0xe8, 0x41, 0x3d, 0x21, + 0x52, 0xdc, 0x9c, 0xa9, 0x43, 0x63, 0x01, 0x44, 0xb3, 0xec, 0x22, 0x06, 0x29, 0xf6, 0xd8, + 0xf6, 0x6b, 0xc3, 0x36, 0x25, 0xb0, 0x9b, 0xdb, 0x9a, 0x22, 0x51, 0x13, 0x42, 0xbd, 0x28, + 0x0b, 0xd8, 0x5e, 0xac, 0xc7, 0x71, 0x6e, 0x78, 0xfc, 0xf4, 0x1d, 0x74, 0x9b, 0x1a, 0x19, + 0x13, 0x56, 0x04, 0xb4, 0x33, 0x4e, 0xed, 0x54, 0x59, 0x7f, 0x71, 0x5d, 0x24, 0x18, 0x91, + 0x51, 0x20, 0x39, 0x78, 0x4e, 0x33, 0x73, 0x96, 0xa8, 0x12, 0x2f, 0xff, 0x48, 0xc2, 0x11, + 0x33, 0x95, 0xe5, 0xcc, 0x1a, 0xe2, 0x39, 0xd5, 0x57, 0x44, 0x51, 0x59, 0xd1, 0x35, 0x62, + 0x16, 0x22, 0xf5, 0x52, 0x3d, 0xe0, 0x9b, 0x2d, 0x33, 0x34, 0x75, 0x13, 0x7d, 0x62, 0x70, + 0x53, 0x31 + }; + static const unsigned char e[] = { + 0x01, 0x00, 0x01 + }; + static const unsigned char d[] = { + 0x0b, 0xd3, 0x07, 0x7a, 0xb0, 0x0c, 0xb2, 0xe3, 0x5d, 0x49, 0x7f, 0xe0, 0xf4, 0x5b, 0x21, + 0x31, 0x96, 0x2b, 0x7e, 0x32, 0xdf, 0x5a, 0xec, 0x5e, 0x10, 0x14, 0x9d, 0x99, 0xaa, 0xd8, + 0xc3, 0xfa, 0x9c, 0x0e, 0x0c, 0x96, 0xe9, 0xa3, 0x58, 0x62, 0x68, 0xca, 0xba, 0x50, 0xc9, + 0x04, 0x58, 0xd4, 0xe3, 0xa5, 0x99, 0x8f, 0x08, 0x2b, 0xcb, 0xe0, 0x1f, 0x84, 0xc5, 0x64, + 0xbd, 0x48, 0xe2, 0xc1, 0x56, 0x51, 0x01, 0xb7, 0x8e, 0xca, 0xe3, 0x66, 0x70, 0xea, 0x7f, + 0x8f, 0x45, 0x3a, 0xa6, 0x02, 0x3f, 0x16, 0xc3, 0xad, 0x57, 0x97, 0x8a, 0x37, 0x2d, 0x6d, + 0xb4, 0xfd, 0x08, 0x98, 0x95, 0x72, 0xeb, 0xd7, 0xa9, 0x9a, 0xfa, 0xcf, 0x55, 0x10, 0x19, + 0xf7, 0x7f, 0x7c, 0x8f, 0x49, 0xf3, 0x1d, 0xc2, 0xf2, 0xd7, 0xb3, 0x8a, 0xfc, 0x9b, 0x76, + 0x40, 0x5c, 0xa7, 0x2f, 0x7a, 0x8a, 0x3d, 0xdf, 0xbc, 0x52, 0x69, 0x99, 0xf8, 0x4b, 0x7a, + 0xbf, 0x11, 0x5d, 0x31, 0x41, 0x5f, 0xa3, 0xb9, 0x74, 0xaf, 0xe4, 0x08, 0x19, 0x9f, 0x88, + 0xca, 0xfb, 0x8e, 0xab, 0xa4, 0x00, 0x31, 0xc9, 0xf1, 0x77, 0xe9, 0xe3, 0xf1, 0x98, 0xd9, + 0x04, 0x08, 0x0c, 0x38, 0x35, 0x4b, 0xcc, 0xab, 0x22, 0xdf, 0x84, 0xea, 0xe4, 0x2e, 0x57, + 0xa5, 0xc1, 0x91, 0x0c, 0x34, 0x3b, 0x88, 0xbc, 0x14, 0xee, 0x6e, 0xe3, 0xf0, 0xe0, 0xdc, + 0xae, 0xd6, 0x0c, 0x9b, 0xa0, 0x6d, 0xb6, 0x92, 0x6c, 0x7e, 0x05, 0x46, 0x02, 0xbc, 0x23, + 0xbc, 0x65, 0xe6, 0x62, 0x04, 0x19, 0xe6, 0x98, 0x67, 0x2d, 0x15, 0x0a, 0xc4, 0xea, 0xb5, + 0x62, 0xa0, 0x54, 0xed, 0x07, 0x45, 0x3e, 0x21, 0x93, 0x3e, 0x22, 0xd0, 0xc3, 0xca, 0x37, + 0x3c, 0xea, 0x90, 0xdd, 0xa6, 0xb1, 0x6c, 0x76, 0xce, 0x5a, 0xe1, 0xc2, 0x80, 0x1f, 0x32, + 0x21 + }; + + if (!TEST_ptr(rsa = RSA_new())) + return NULL; + pn = BN_bin2bn(n, sizeof(n), NULL); + pe = BN_bin2bn(e, sizeof(e), NULL); + if (priv) + pd = BN_bin2bn(d, sizeof(d), NULL); + if (!TEST_false(pn == NULL + || pe == NULL + || (priv && pd == NULL) + || !RSA_set0_key(rsa, pn, pe, pd))) { + BN_free(pn); + BN_free(pe); + BN_free(pd); + RSA_free(rsa); + rsa = NULL; + } + return rsa; +} + +static int test_rsa_saos(void) +{ + int ret = 0; + unsigned int siglen = 0; + RSA *rsa_priv = NULL, *rsa_pub = NULL; + static const unsigned char in[256] = { 0 }; + unsigned char sig[256]; + /* Maximum length allowed: The 3 relates to the octet byte 0x04 followed by a 2 byte length */ + unsigned int inlen = sizeof(in) - RSA_PKCS1_PADDING_SIZE - 3; + + /* A generated signature when in[inlen]= { 1 }. */ + static const unsigned char sig_mismatch[256] = { + 0x5f, 0x64, 0xab, 0xd3, 0x86, 0xdf, 0x6e, 0x91, + 0xa8, 0xdb, 0x9d, 0x36, 0x7a, 0x15, 0xe5, 0x75, + 0xe4, 0x27, 0xdf, 0xeb, 0x8d, 0xaf, 0xb0, 0x60, + 0xec, 0x36, 0x8b, 0x00, 0x36, 0xb4, 0x61, 0x38, + 0xfe, 0xfa, 0x49, 0x55, 0xcf, 0xb7, 0xff, 0xeb, + 0x25, 0xa5, 0x41, 0x1e, 0xaa, 0x74, 0x3d, 0x57, + 0xed, 0x5c, 0x4a, 0x01, 0x9e, 0xb2, 0x50, 0xbc, + 0x50, 0x15, 0xd5, 0x97, 0x93, 0x91, 0x97, 0xa3, + 0xff, 0x67, 0x2a, 0xe9, 0x04, 0xdd, 0x31, 0x6f, + 0x4b, 0x44, 0x4f, 0x04, 0xa0, 0x48, 0x6a, 0xc1, + 0x8d, 0xc2, 0xf3, 0xf7, 0xc4, 0x8c, 0x29, 0xcb, + 0x2c, 0x04, 0x8f, 0x30, 0x71, 0xbb, 0x5b, 0xf9, + 0xf9, 0x1b, 0xe8, 0xf0, 0xe8, 0xd1, 0xcf, 0x73, + 0xf6, 0x02, 0x45, 0x6f, 0x53, 0x25, 0x1e, 0x74, + 0x94, 0x6e, 0xf4, 0x0d, 0x36, 0x6c, 0xa3, 0xae, + 0x8f, 0x94, 0x05, 0xa9, 0xe9, 0x65, 0x26, 0x7f, + 0x07, 0xc5, 0x7e, 0xab, 0xd9, 0xe9, 0x09, 0x2d, + 0x19, 0x8c, 0x6a, 0xcc, 0xd5, 0x62, 0x04, 0xb4, + 0x9b, 0xaf, 0x99, 0x6a, 0x7a, 0x7b, 0xef, 0x01, + 0x9b, 0xc1, 0x46, 0x59, 0x88, 0xee, 0x8b, 0xd7, + 0xe5, 0x35, 0xad, 0x4c, 0xb2, 0x0d, 0x93, 0xdd, + 0x0e, 0x50, 0x36, 0x2b, 0x7b, 0x42, 0x9b, 0x59, + 0x95, 0xe7, 0xe1, 0x36, 0x50, 0x87, 0x7c, 0xac, + 0x47, 0x13, 0x9b, 0xa7, 0x36, 0xdf, 0x8a, 0xd7, + 0xee, 0x7d, 0x2e, 0xa6, 0xbb, 0x31, 0x32, 0xed, + 0x39, 0x77, 0xf2, 0x41, 0xf9, 0x2d, 0x29, 0xfc, + 0x6d, 0x32, 0x8e, 0x35, 0x99, 0x38, 0x8b, 0xd9, + 0xc6, 0x77, 0x09, 0xe3, 0xe3, 0x06, 0x98, 0xe1, + 0x96, 0xe9, 0x23, 0x11, 0xeb, 0x09, 0xa2, 0x6b, + 0x21, 0x52, 0x67, 0x94, 0x15, 0x72, 0x7e, 0xdd, + 0x66, 0x1c, 0xe7, 0xdb, 0x0e, 0x71, 0x5d, 0x95, + 0x9d, 0xf8, 0x8e, 0x65, 0x97, 0x2f, 0x1a, 0x86 + }; + /* The signature generated by RSA_private_encrypt of in[inlen] */ + static const unsigned char no_octet_sig[256] = { + 0x78, 0xaf, 0x3e, 0xd1, 0xbc, 0x99, 0xb3, 0x19, + 0xa8, 0xaa, 0x64, 0x56, 0x60, 0x95, 0xa0, 0x81, + 0xd8, 0xb4, 0xe1, 0x9c, 0xf8, 0x94, 0xfa, 0x31, + 0xb5, 0xde, 0x90, 0x75, 0xa7, 0xdb, 0xd4, 0x7e, + 0xda, 0x62, 0xde, 0x16, 0x78, 0x4f, 0x9b, 0xc2, + 0xa4, 0xd4, 0x5c, 0x17, 0x4f, 0x2d, 0xf2, 0x84, + 0x5b, 0x5d, 0x00, 0xa0, 0xcf, 0xda, 0x3f, 0xbc, + 0x40, 0xb4, 0x4e, 0xcb, 0x18, 0xeb, 0x4b, 0x0f, + 0xce, 0x95, 0x3a, 0x5a, 0x9c, 0x49, 0xb4, 0x63, + 0xd4, 0xde, 0xfb, 0xe2, 0xa8, 0xf3, 0x97, 0x52, + 0x36, 0x3e, 0xc0, 0xab, 0xc8, 0x1c, 0xef, 0xdd, + 0xf4, 0x37, 0xbc, 0xf3, 0xc3, 0x67, 0xf6, 0xc0, + 0x6e, 0x75, 0xa6, 0xf3, 0x7e, 0x37, 0x96, 0xf2, + 0xbb, 0x25, 0x3a, 0xa0, 0xa8, 0x8e, 0xce, 0xa0, + 0xce, 0x0f, 0x22, 0x2d, 0x9c, 0x30, 0x0d, 0x20, + 0x36, 0xc6, 0x9d, 0x36, 0x5d, 0x5b, 0x3e, 0xbc, + 0x7c, 0x55, 0x95, 0xb4, 0x69, 0x19, 0x27, 0xf6, + 0x63, 0x78, 0x21, 0x2d, 0xcf, 0x51, 0xb0, 0x46, + 0x44, 0x02, 0x29, 0x93, 0xa5, 0x1b, 0xda, 0x21, + 0xb3, 0x74, 0xf6, 0x4e, 0xd0, 0xdb, 0x3d, 0x59, + 0xfd, 0xd7, 0x88, 0xd0, 0x2f, 0x84, 0xf6, 0xb1, + 0xaa, 0xce, 0x3e, 0xa0, 0xdc, 0x1a, 0xd0, 0xe3, + 0x5f, 0x3c, 0xda, 0x96, 0xee, 0xce, 0xf9, 0x75, + 0xcf, 0x8d, 0xf3, 0x03, 0x28, 0xa7, 0x39, 0xbd, + 0x95, 0xaa, 0x73, 0xbe, 0xa5, 0x5f, 0x84, 0x33, + 0x07, 0x49, 0xbf, 0x03, 0xf8, 0x4b, 0x46, 0xbf, + 0x38, 0xd4, 0x9b, 0x14, 0xa7, 0x01, 0xb7, 0x1f, + 0x12, 0x08, 0x01, 0xed, 0xcd, 0x34, 0xf5, 0xb4, + 0x06, 0x47, 0xe0, 0x53, 0x1c, 0x7c, 0x3f, 0xb5, + 0x30, 0x59, 0xbb, 0xe3, 0xd6, 0x7c, 0x41, 0xcc, + 0xd2, 0x11, 0x73, 0x03, 0x77, 0x7f, 0x5f, 0xad, + 0x4a, 0x54, 0xdf, 0x17, 0x94, 0x97, 0x5c, 0x16 + }; + + if (!TEST_ptr(rsa_priv = load_key(1))) + goto err; + if (!TEST_ptr(rsa_pub = load_key(0))) + goto err; + if (!TEST_int_ge((int)sizeof(sig), RSA_size(rsa_priv))) + goto err; + + /* Test that a generated signature can be verified */ + if (!TEST_true(RSA_sign_ASN1_OCTET_STRING(0, in, inlen, sig, &siglen, + rsa_priv))) + goto err; + if (!TEST_true(RSA_verify_ASN1_OCTET_STRING(0, in, inlen, sig, siglen, rsa_pub))) + goto err; + + /* Test sign fails if the input is too large */ + if (!TEST_false(RSA_sign_ASN1_OCTET_STRING(0, in, inlen + 1, sig, &siglen, + rsa_priv))) + goto err; + + /* Fail if there is no private signing key */ + if (!TEST_false(RSA_sign_ASN1_OCTET_STRING(0, in, inlen, sig, &siglen, + rsa_pub))) + goto err; + + /* Fail if the signature is the wrong size */ + if (!TEST_false(RSA_verify_ASN1_OCTET_STRING(0, in, inlen, sig, siglen - 1, rsa_pub))) + goto err; + + /* Fail if the encrypted input is not octet encoded */ + if (!TEST_false(RSA_verify_ASN1_OCTET_STRING(0, in, inlen, (unsigned char *)no_octet_sig, + (unsigned int)sizeof(no_octet_sig), + rsa_pub))) + goto err; + + /* Fail if the signature does not match the input */ + if (!TEST_false(RSA_verify_ASN1_OCTET_STRING(0, in, inlen, (unsigned char *)sig_mismatch, + (unsigned int)sizeof(sig_mismatch), + rsa_pub))) + goto err; + + /* Fail if the signature is corrupt */ + sig[0]++; + if (!TEST_false(RSA_verify_ASN1_OCTET_STRING(0, in, inlen, sig, siglen, rsa_pub))) + goto err; + sig[0]--; + + ret = 1; +err: + RSA_free(rsa_priv); + RSA_free(rsa_pub); + return ret; +} + int setup_tests(void) { ADD_ALL_TESTS(test_rsa_pkcs1, 3); ADD_ALL_TESTS(test_rsa_oaep, 3); ADD_ALL_TESTS(test_rsa_security_bit, OSSL_NELEM(rsa_security_bits_cases)); + ADD_TEST(test_rsa_saos); return 1; } |