RSA decryption tests with specific PKCS#1 valid/inalid values (#27)

* RSA decryption tests with specific PKCS#1 valid/inalid values * Typo (Hopefully nobody noticed this :-/)
author: Juraj Somorovsky <jurajsomorovsky@users.noreply.github.com> 2017-02-24 08:19:02 +0100
committer: Thai Duong <thaidn@users.noreply.github.com> 2017-02-23 23:19:02 -0800
commit: c89a32e2ce9e165423a632388513f8c972cdbdbb (patch)
tree: da15f3c49b06a255595c0f3381c641249f24853e
parent: e6b88724b30988656b074614cf5d3b4b4b08284b (diff)
download: wycheproof-c89a32e2ce9e165423a632388513f8c972cdbdbb.tar.gz
1 files changed, 89 insertions, 0 deletions
diff --git a/java/com/google/security/wycheproof/testcases/RsaEncryptionTest.java b/java/com/google/security/wycheproof/testcases/RsaEncryptionTest.java
index 0744b66..a15d45d 100644
--- a/java/com/google/security/wycheproof/testcases/RsaEncryptionTest.java
+++ b/java/com/google/security/wycheproof/testcases/RsaEncryptionTest.java
@@ -20,6 +20,7 @@ import java.security.KeyPair;
 import java.security.KeyPairGenerator;
 import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
+import java.util.Arrays;
 import java.util.HashSet;
 import javax.crypto.Cipher;
 import javax.crypto.NoSuchPaddingException;
@@ -114,6 +115,18 @@ public class RsaEncryptionTest extends TestCase {
         exceptions.add(ex.toString());
       }
     }
+    Cipher enc = Cipher.getInstance("RSA/ECB/NOPADDING");
+    enc.init(Cipher.ENCRYPT_MODE, keypair.getPublic());
+    c.init(Cipher.DECRYPT_MODE, keypair.getPrivate());
+    byte[][] paddedKeys = generatePkcs1Vectors(1024 / 8);
+    for (int i = 0; i < paddedKeys.length; i++) {
+      ciphertext = enc.doFinal(paddedKeys[i]);
+      try {
+        c.doFinal(ciphertext);
+      } catch (Exception ex) {
+        exceptions.add(ex.toString());
+      }
+    }
     if (exceptions.size() > 1) {
       System.out.println("Exceptions for " + algorithm);
       for (String s : exceptions) {
@@ -135,4 +148,80 @@ public class RsaEncryptionTest extends TestCase {
   public void testGetExceptionsOAEP() throws Exception {
     testExceptions("RSA/ECB/OAEPWITHSHA-1ANDMGF1PADDING");
   }
+  
+  /**
+   * Generates PKCS#1 invalid vectors
+   * @param rsaKeyLength
+   * @return 
+  */
+  private byte[][] generatePkcs1Vectors(int rsaKeyLength) {
+    // create plain padded keys
+    byte[][] plainPaddedKeys = new byte[13][];
+    // no 0x00 byte to deliver a symmetric key
+    plainPaddedKeys[0] = getEK_NoNullByte(rsaKeyLength);
+    // 0x00 too early in the padding
+    plainPaddedKeys[1] = getEK_NullByteInPadding(rsaKeyLength);
+    // 0x00 too early in the PKCS#1 padding
+    plainPaddedKeys[2] = getEK_NullByteInPkcsPadding(rsaKeyLength);
+    // decrypted ciphertext starting with 0x17 0x02
+    plainPaddedKeys[3] = getEK_WrongFirstByte(rsaKeyLength);
+    // decrypted ciphertext starting with 0x00 0x17
+    plainPaddedKeys[4] = getEK_WrongSecondByte(rsaKeyLength);
+    // different lengths of the decrypted unpadded key
+    plainPaddedKeys[5] = getPaddedKey(rsaKeyLength, 0);
+    plainPaddedKeys[6] = getPaddedKey(rsaKeyLength, 1);
+    plainPaddedKeys[7] = getPaddedKey(rsaKeyLength, 8);
+    plainPaddedKeys[8] = getPaddedKey(rsaKeyLength, 16);
+    plainPaddedKeys[9] = getPaddedKey(rsaKeyLength, 96);
+    // the decrypted padded plaintext is shorter than RSA key
+    plainPaddedKeys[10] = getPaddedKey(rsaKeyLength - 1, 16);
+    plainPaddedKeys[11] = getPaddedKey(rsaKeyLength - 2, 16);
+    // just 0x00 bytes
+    plainPaddedKeys[12] = new byte[rsaKeyLength];
+    return plainPaddedKeys;
+  }
+
+  private byte[] getPaddedKey(int rsaKeyLength, int symmetricKeyLength) {
+    byte[] key = new byte[rsaKeyLength];
+    // fill all the bytes with non-zero values
+    Arrays.fill(key, (byte) 42);
+    // set the first byte to 0x00
+    key[0] = 0x00;
+    // set the second byte to 0x02
+    key[1] = 0x02;
+    // set the separating byte
+    if(symmetricKeyLength != -1) {
+      key[rsaKeyLength - symmetricKeyLength - 1] = 0x00;
+    }    
+    return key;
+  }
+
+  private byte[] getEK_WrongFirstByte(int rsaKeyLength) {
+    byte[] key = getPaddedKey(rsaKeyLength, 16);
+    key[0] = 23;
+    return key;
+  }
+
+  private byte[] getEK_WrongSecondByte(int rsaKeyLength) {
+    byte[] key = getPaddedKey(rsaKeyLength, 16);
+    key[1] = 23;
+    return key;
+  }
+
+  private byte[] getEK_NoNullByte(int rsaKeyLength) {
+    byte[] key = getPaddedKey(rsaKeyLength, -1);
+    return key;
+  }
+
+  private byte[] getEK_NullByteInPkcsPadding(int rsaKeyLength) {
+    byte[] key = getPaddedKey(rsaKeyLength, 16);
+    key[3] = 0x00;
+    return key;
+  }
+
+  private byte[] getEK_NullByteInPadding(int rsaKeyLength) {
+    byte[] key = getPaddedKey(rsaKeyLength, 16);
+    key[11] = 0x00;
+    return key;
+  }
 }
author	Juraj Somorovsky <jurajsomorovsky@users.noreply.github.com>	2017-02-24 08:19:02 +0100
committer	Thai Duong <thaidn@users.noreply.github.com>	2017-02-23 23:19:02 -0800
commit	c89a32e2ce9e165423a632388513f8c972cdbdbb (patch)
tree	da15f3c49b06a255595c0f3381c641249f24853e
parent	e6b88724b30988656b074614cf5d3b4b4b08284b (diff)
download	wycheproof-c89a32e2ce9e165423a632388513f8c972cdbdbb.tar.gz