From 0b917bc206813156a4cc7f3f29118dfe15d35cde Mon Sep 17 00:00:00 2001 From: Jeremiah Mackey Date: Thu, 23 Apr 2026 16:18:33 +0000 Subject: [PATCH] add signature negative verify tests --- tests/api/test_dsa.c | 10 ++++++++ tests/api/test_rsa.c | 59 ++++++++++++++++++++++++++++++++++++++++++++ tests/api/test_rsa.h | 2 ++ 3 files changed, 71 insertions(+) diff --git a/tests/api/test_dsa.c b/tests/api/test_dsa.c index 4605d48abb..0813f727a1 100644 --- a/tests/api/test_dsa.c +++ b/tests/api/test_dsa.c @@ -117,6 +117,16 @@ int test_wc_DsaSignVerify(void) ExpectIntEQ(wc_DsaVerify(hash, signature, NULL, &answer), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_DsaVerify(hash, signature, &key, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + { + byte badHash[WC_SHA_DIGEST_SIZE]; + + XMEMCPY(badHash, hash, sizeof(badHash)); + badHash[0] ^= 0x01; + answer = 1; + ExpectIntEQ(wc_DsaVerify(badHash, signature, &key, &answer), 0); + ExpectIntEQ(answer, 0); + } + #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) && defined(WOLFSSL_PUBLIC_MP) /* hard set q to 0 and test fail case */ mp_free(&key.q); diff --git a/tests/api/test_rsa.c b/tests/api/test_rsa.c index 6179e76f3b..7678737573 100644 --- a/tests/api/test_rsa.c +++ b/tests/api/test_rsa.c @@ -491,6 +491,65 @@ int test_wc_RsaPSS_Verify(void) return EXPECT_RESULT(); } /* END test_wc_RsaPSS_Verify */ +int test_wc_RsaPSS_BadTerminator(void) +{ + EXPECT_DECLS; +#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_SELFTEST) && \ + !defined(HAVE_FIPS) && defined(WC_RSA_BLINDING) && defined(WC_RSA_PSS) && \ + (defined(WC_RSA_DIRECT) || defined(WC_RSA_NO_PADDING) || \ + defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) + RsaKey key; + WC_RNG rng; + const char* msg = "This is the string to be signed"; + unsigned char sig[2048/8]; + unsigned char em[2048/8]; + unsigned char badSig[2048/8]; + unsigned char verifyOut[2048/8]; + int sigLen = 0; + word32 emSz = sizeof(em); + word32 badSigSz = sizeof(badSig); + + XMEMSET(&key, 0, sizeof(RsaKey)); + XMEMSET(&rng, 0, sizeof(WC_RNG)); + XMEMSET(em, 0, sizeof(em)); + XMEMSET(sig, 0, sizeof(sig)); + XMEMSET(badSig, 0, sizeof(badSig)); + + ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(wc_RsaSetRNG(&key, &rng), 0); + ExpectIntEQ(wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng), 0); + + ExpectIntGT(sigLen = wc_RsaPSS_Sign((const byte*)msg, + (word32)XSTRLEN(msg) + 1, sig, sizeof(sig), + WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng), 0); + + ExpectIntGT(wc_RsaDirect(sig, (word32)sigLen, em, &emSz, &key, + RSA_PUBLIC_DECRYPT, NULL), 0); + + ExpectTrue(emSz > 0); + if (emSz > 0) { + ExpectIntEQ((int)em[emSz - 1], 0xbc); + } + + if (emSz > 0 && em[emSz - 1] == 0xbc) { + em[emSz - 1] = 0xbd; + + ExpectIntGT(wc_RsaDirect(em, emSz, badSig, &badSigSz, &key, + RSA_PRIVATE_ENCRYPT, &rng), 0); + + ExpectIntEQ(wc_RsaPSS_Verify(badSig, badSigSz, verifyOut, + sizeof(verifyOut), + WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), + WC_NO_ERR_TRACE(BAD_PADDING_E)); + } + + DoExpectIntEQ(wc_FreeRsaKey(&key), 0); + DoExpectIntEQ(wc_FreeRng(&rng), 0); +#endif + return EXPECT_RESULT(); +} /* END test_wc_RsaPSS_BadTerminator */ + /* * Testing wc_RsaPSS_VerifyCheck() */ diff --git a/tests/api/test_rsa.h b/tests/api/test_rsa.h index 028c76543f..7de2fd3532 100644 --- a/tests/api/test_rsa.h +++ b/tests/api/test_rsa.h @@ -32,6 +32,7 @@ int test_wc_RsaPrivateKeyDecodeRaw(void); int test_wc_MakeRsaKey(void); int test_wc_CheckProbablePrime(void); int test_wc_RsaPSS_Verify(void); +int test_wc_RsaPSS_BadTerminator(void); int test_wc_RsaPSS_VerifyCheck(void); int test_wc_RsaPSS_VerifyCheckInline(void); int test_wc_RsaKeyToDer(void); @@ -53,6 +54,7 @@ int test_wc_RsaKeyToDer_SizeOverflow(void); TEST_DECL_GROUP("rsa", test_wc_MakeRsaKey), \ TEST_DECL_GROUP("rsa", test_wc_CheckProbablePrime), \ TEST_DECL_GROUP("rsa", test_wc_RsaPSS_Verify), \ + TEST_DECL_GROUP("rsa", test_wc_RsaPSS_BadTerminator), \ TEST_DECL_GROUP("rsa", test_wc_RsaPSS_VerifyCheck), \ TEST_DECL_GROUP("rsa", test_wc_RsaPSS_VerifyCheckInline), \ TEST_DECL_GROUP("rsa", test_wc_RsaKeyToDer), \