mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-10 20:30:50 +02:00
add signature negative verify tests
This commit is contained in:
@@ -117,6 +117,16 @@ int test_wc_DsaSignVerify(void)
|
||||
ExpectIntEQ(wc_DsaVerify(hash, signature, NULL, &answer), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
|
||||
ExpectIntEQ(wc_DsaVerify(hash, signature, &key, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
|
||||
|
||||
{
|
||||
byte badHash[WC_SHA_DIGEST_SIZE];
|
||||
|
||||
XMEMCPY(badHash, hash, sizeof(badHash));
|
||||
badHash[0] ^= 0x01;
|
||||
answer = 1;
|
||||
ExpectIntEQ(wc_DsaVerify(badHash, signature, &key, &answer), 0);
|
||||
ExpectIntEQ(answer, 0);
|
||||
}
|
||||
|
||||
#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) && defined(WOLFSSL_PUBLIC_MP)
|
||||
/* hard set q to 0 and test fail case */
|
||||
mp_free(&key.q);
|
||||
|
||||
@@ -491,6 +491,65 @@ int test_wc_RsaPSS_Verify(void)
|
||||
return EXPECT_RESULT();
|
||||
} /* END test_wc_RsaPSS_Verify */
|
||||
|
||||
int test_wc_RsaPSS_BadTerminator(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_SELFTEST) && \
|
||||
!defined(HAVE_FIPS) && defined(WC_RSA_BLINDING) && defined(WC_RSA_PSS) && \
|
||||
(defined(WC_RSA_DIRECT) || defined(WC_RSA_NO_PADDING) || \
|
||||
defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
|
||||
RsaKey key;
|
||||
WC_RNG rng;
|
||||
const char* msg = "This is the string to be signed";
|
||||
unsigned char sig[2048/8];
|
||||
unsigned char em[2048/8];
|
||||
unsigned char badSig[2048/8];
|
||||
unsigned char verifyOut[2048/8];
|
||||
int sigLen = 0;
|
||||
word32 emSz = sizeof(em);
|
||||
word32 badSigSz = sizeof(badSig);
|
||||
|
||||
XMEMSET(&key, 0, sizeof(RsaKey));
|
||||
XMEMSET(&rng, 0, sizeof(WC_RNG));
|
||||
XMEMSET(em, 0, sizeof(em));
|
||||
XMEMSET(sig, 0, sizeof(sig));
|
||||
XMEMSET(badSig, 0, sizeof(badSig));
|
||||
|
||||
ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0);
|
||||
ExpectIntEQ(wc_InitRng(&rng), 0);
|
||||
ExpectIntEQ(wc_RsaSetRNG(&key, &rng), 0);
|
||||
ExpectIntEQ(wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng), 0);
|
||||
|
||||
ExpectIntGT(sigLen = wc_RsaPSS_Sign((const byte*)msg,
|
||||
(word32)XSTRLEN(msg) + 1, sig, sizeof(sig),
|
||||
WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng), 0);
|
||||
|
||||
ExpectIntGT(wc_RsaDirect(sig, (word32)sigLen, em, &emSz, &key,
|
||||
RSA_PUBLIC_DECRYPT, NULL), 0);
|
||||
|
||||
ExpectTrue(emSz > 0);
|
||||
if (emSz > 0) {
|
||||
ExpectIntEQ((int)em[emSz - 1], 0xbc);
|
||||
}
|
||||
|
||||
if (emSz > 0 && em[emSz - 1] == 0xbc) {
|
||||
em[emSz - 1] = 0xbd;
|
||||
|
||||
ExpectIntGT(wc_RsaDirect(em, emSz, badSig, &badSigSz, &key,
|
||||
RSA_PRIVATE_ENCRYPT, &rng), 0);
|
||||
|
||||
ExpectIntEQ(wc_RsaPSS_Verify(badSig, badSigSz, verifyOut,
|
||||
sizeof(verifyOut),
|
||||
WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key),
|
||||
WC_NO_ERR_TRACE(BAD_PADDING_E));
|
||||
}
|
||||
|
||||
DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
|
||||
DoExpectIntEQ(wc_FreeRng(&rng), 0);
|
||||
#endif
|
||||
return EXPECT_RESULT();
|
||||
} /* END test_wc_RsaPSS_BadTerminator */
|
||||
|
||||
/*
|
||||
* Testing wc_RsaPSS_VerifyCheck()
|
||||
*/
|
||||
|
||||
@@ -32,6 +32,7 @@ int test_wc_RsaPrivateKeyDecodeRaw(void);
|
||||
int test_wc_MakeRsaKey(void);
|
||||
int test_wc_CheckProbablePrime(void);
|
||||
int test_wc_RsaPSS_Verify(void);
|
||||
int test_wc_RsaPSS_BadTerminator(void);
|
||||
int test_wc_RsaPSS_VerifyCheck(void);
|
||||
int test_wc_RsaPSS_VerifyCheckInline(void);
|
||||
int test_wc_RsaKeyToDer(void);
|
||||
@@ -53,6 +54,7 @@ int test_wc_RsaKeyToDer_SizeOverflow(void);
|
||||
TEST_DECL_GROUP("rsa", test_wc_MakeRsaKey), \
|
||||
TEST_DECL_GROUP("rsa", test_wc_CheckProbablePrime), \
|
||||
TEST_DECL_GROUP("rsa", test_wc_RsaPSS_Verify), \
|
||||
TEST_DECL_GROUP("rsa", test_wc_RsaPSS_BadTerminator), \
|
||||
TEST_DECL_GROUP("rsa", test_wc_RsaPSS_VerifyCheck), \
|
||||
TEST_DECL_GROUP("rsa", test_wc_RsaPSS_VerifyCheckInline), \
|
||||
TEST_DECL_GROUP("rsa", test_wc_RsaKeyToDer), \
|
||||
|
||||
Reference in New Issue
Block a user