diff options
author | bleichen <bleichen@google.com> | 2023-03-01 06:45:17 -0800 |
---|---|---|
committer | Copybara-Service <copybara-worker@google.com> | 2023-03-01 06:46:01 -0800 |
commit | 40b295d26f9d3ef62eec19cee2be766781336d88 (patch) | |
tree | a62cf1f65bf1305815b3f2cf74082fee185e9aa2 | |
parent | b063b4aedae951c69df014cd25fa6d69ae9e8cb9 (diff) | |
download | wycheproof-40b295d26f9d3ef62eec19cee2be766781336d88.tar.gz |
Adding test vectors for malformed ECDSA signatures and psychic ECDSA
signatures.
Both Nimbus-Jose and jose4j do not check the size of ECDSA signatures.
The effect is signature malleability.
Sometimes standards are a bit fuzzy about accepting alternative encodings.
Here, RFC 7518, section 3.4 requires that ES256 signatures are exactly 64 bytes
long.
NOKEYCHECK=True
PiperOrigin-RevId: 513222124
3 files changed, 207 insertions, 4 deletions
diff --git a/java/com/google/security/wycheproof/jose4j/JsonWebSignatureTest.java b/java/com/google/security/wycheproof/jose4j/JsonWebSignatureTest.java index 185bc6a..4f67048 100644 --- a/java/com/google/security/wycheproof/jose4j/JsonWebSignatureTest.java +++ b/java/com/google/security/wycheproof/jose4j/JsonWebSignatureTest.java @@ -76,8 +76,11 @@ public class JsonWebSignatureTest { "base64_InvalidCharacterInPayload_tcId371", "base64_InvalidCharacterInsertedInHeader_tcId372", "base64_InvalidCharacterInsertedInPayload_tcId373", - "base64_MacOfIncorrectlyEncodedMessage_tcId375" - ); + "base64_MacOfIncorrectlyEncodedMessage_tcId375", + // jose4j does not check the size of the signature and accepts signatures with + // leading Zeros. + "SpecialCaseEs256_SignatureTooLong_tcId379", + "SpecialCaseEs256_BufferOverflow_tcId385"); } /** A JsonWebCryptoTestGroup that contains key information and tests against those keys. */ diff --git a/java/com/google/security/wycheproof/nimbusjose/NimbusJoseJwsTest.java b/java/com/google/security/wycheproof/nimbusjose/NimbusJoseJwsTest.java index d72cf52..b726de7 100644 --- a/java/com/google/security/wycheproof/nimbusjose/NimbusJoseJwsTest.java +++ b/java/com/google/security/wycheproof/nimbusjose/NimbusJoseJwsTest.java @@ -76,7 +76,14 @@ public class NimbusJoseJwsTest { "base64_InvalidCharacterInPayload_tcId371", "base64_InvalidCharacterInsertedInHeader_tcId372", "base64_InvalidCharacterInsertedInPayload_tcId373", - "base64_MacOfIncorrectlyEncodedMessage_tcId375"); + "base64_MacOfIncorrectlyEncodedMessage_tcId375", + // NimbusJose does not check the size of the signature and accepts signatures with + // leading zeros. This means that signatures are malleable. (Existing signatures + // can be modified but the that was signed does not change.) A comparable + // bug is for example CVE 2020-13822. + // RFC 7518 specifies in section 3.4 that ES256 signatures must be 64 bytes long. + "SpecialCaseEs256_SignatureTooLong_tcId379", + "SpecialCaseEs256_BufferOverflow_tcId385"); } /** A JsonWebCryptoTestGroup that contains key information and tests against those keys. */ diff --git a/testvectors/json_web_signature_test.json b/testvectors/json_web_signature_test.json index c0afad1..ce00264 100644 --- a/testvectors/json_web_signature_test.json +++ b/testvectors/json_web_signature_test.json @@ -1,6 +1,6 @@ { "generatorVersion" : "0.3", - "numberOfTests" : 375, + "numberOfTests" : 401, "header" : [ "Test vectors of type JsonWebSignature are intended for tests that check the ", "verification operation of a JSON Web Signature library." @@ -3717,6 +3717,199 @@ "result": "valid" } ] + }, + { + "type": "JsonWebSignature", + "comment": "SpecialCaseEs256", + "private": { + "alg": "ES256", + "use": "sig", + "x": "04N0xi21hshyvBp7I167sbE_bXqyqkAPfefdklMO7wY", + "y": "UI8exy-C06a7DUnjIdENkxeFtHM4-l_41LqEw9nVgmw", + "crv": "P-256", + "d": "yy49oPcINGK2ps0LmtxpB6UTEOiITghHBif6wDqmJ3c", + "kid": "kid-ec-sign", + "kty": "EC" + }, + "public": { + "alg": "ES256", + "use": "sig", + "x": "04N0xi21hshyvBp7I167sbE_bXqyqkAPfefdklMO7wY", + "y": "UI8exy-C06a7DUnjIdENkxeFtHM4-l_41LqEw9nVgmw", + "crv": "P-256", + "kid": "kid-ec-sign", + "kty": "EC" + }, + "tests": [ + { + "tcId": 378, + "comment": "valid", + "jws": "eyJhbGciOiJFUzI1NiIsImtpZCI6ImtpZC1lYy1zaWduIn0.Zm9v.5cA0OHyMP7ezamUd5c9kV-FrGxdx4hbGXOdplQkutrppUShFwBW_Qj7IqhFOtNrIXLLKXS5CSZmERxmnjeyoiQ", + "result": "valid", + "flags": [] + }, + { + "tcId": 379, + "comment": "SignatureTooLong", + "jws": "eyJhbGciOiJFUzI1NiIsImtpZCI6ImtpZC1lYy1zaWduIn0.Zm9v.AOXANDh8jD-3s2plHeXPZFfhaxsXceIWxlznaZUJLra6AJau17k_6kC-wTdV7rFLJTdgNDBQeNVU629ysRtudnzI", + "result": "invalid", + "flags": [] + }, + { + "tcId": 380, + "comment": "TrailingZeros", + "jws": "eyJhbGciOiJFUzI1NiIsImtpZCI6ImtpZC1lYy1zaWduIn0.Zm9v.5cA0OHyMP7ezamUd5c9kV-FrGxdx4hbGXOdplQkutroAlq7XuT_qQL7BN1XusUslN2A0MFB41VTrb3KxG252fMgA", + "result": "invalid", + "flags": [] + }, + { + "tcId": 381, + "comment": "RisTooBig", + "jws": "eyJhbGciOiJFUzI1NiIsImtpZCI6ImtpZC1lYy1zaWduIn0.Zm9v.AeXANDd8jD-4s2plHeXPZFeeUhXFGPm1S1ChNFgFkdwLAJau17k_6kC-wTdV7rFLJTdgNDBQeNVU629ysRtudnzI", + "result": "invalid", + "flags": [] + }, + { + "tcId": 382, + "comment": "SisTooBig", + "jws": "eyJhbGciOiJFUzI1NiIsImtpZCI6ImtpZC1lYy1zaWduIn0.Zm9v.AOXANDh8jD-3s2plHeXPZFfhaxsXceIWxlznaZUJLra6AZau17g_6kC_wTdV7rFLJTcdGyr-H-zzcGMse95q2aIZ", + "result": "invalid", + "flags": [] + }, + { + "tcId": 383, + "comment": "IntegerOverflow", + "jws": "eyJhbGciOiJFUzI1NiIsImtpZCI6ImtpZC1lYy1zaWduIn0.Zm9v.AeXANDh8jD-3s2plHeXPZFfhaxsXceIWxlznaZUJLra6AJau17k_6kC-wTdV7rFLJTdgNDBQeNVU629ysRtudnzI", + "result": "invalid", + "flags": [] + }, + { + "tcId": 384, + "comment": "IntegerOverflow", + "jws": "eyJhbGciOiJFUzI1NiIsImtpZCI6ImtpZC1lYy1zaWduIn0.Zm9v.AOXANDh8jD-3s2plHeXPZFfhaxsXceIWxlznaZUJLra6AZau17k_6kC-wTdV7rFLJTdgNDBQeNVU629ysRtudnzI", + "result": "invalid", + "flags": [] + }, + { + "tcId": 385, + "comment": "BufferOverflow", + "jws": "eyJhbGciOiJFUzI1NiIsImtpZCI6ImtpZC1lYy1zaWduIn0.Zm9v.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA5cA0OHyMP7ezamUd5c9kV-FrGxdx4hbGXOdplQkutroAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACWrte5P-pAvsE3Ve6xSyU3YDQwUHjVVOtvcrEbbnZ8yA", + "result": "invalid", + "flags": [] + }, + { + "tcId": 386, + "comment": "rIsZero_sIsZero", + "jws": "eyJhbGciOiJFUzI1NiIsImtpZCI6ImtpZC1lYy1zaWduIn0.Zm9v.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", + "result": "invalid", + "flags": [] + }, + { + "tcId": 387, + "comment": "rIsZero_sIsOne", + "jws": "eyJhbGciOiJFUzI1NiIsImtpZCI6ImtpZC1lYy1zaWduIn0.Zm9v.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQ", + "result": "invalid", + "flags": [] + }, + { + "tcId": 388, + "comment": "rIsZero_sIsNminus1", + "jws": "eyJhbGciOiJFUzI1NiIsImtpZCI6ImtpZC1lYy1zaWduIn0.Zm9v.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD_____AAAAAP__________vOb6racXnoTzucrC_GMlUA", + "result": "invalid", + "flags": [] + }, + { + "tcId": 389, + "comment": "rIsZero_sIsN", + "jws": "eyJhbGciOiJFUzI1NiIsImtpZCI6ImtpZC1lYy1zaWduIn0.Zm9v.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD_____AAAAAP__________vOb6racXnoTzucrC_GMlUQ", + "result": "invalid", + "flags": [] + }, + { + "tcId": 390, + "comment": "rIsOne_sIsZero", + "jws": "eyJhbGciOiJFUzI1NiIsImtpZCI6ImtpZC1lYy1zaWduIn0.Zm9v.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", + "result": "invalid", + "flags": [] + }, + { + "tcId": 391, + "comment": "rIsOne_sIsOne", + "jws": "eyJhbGciOiJFUzI1NiIsImtpZCI6ImtpZC1lYy1zaWduIn0.Zm9v.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQ", + "result": "invalid", + "flags": [] + }, + { + "tcId": 392, + "comment": "rIsOne_sIsNminus1", + "jws": "eyJhbGciOiJFUzI1NiIsImtpZCI6ImtpZC1lYy1zaWduIn0.Zm9v.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH_____AAAAAP__________vOb6racXnoTzucrC_GMlUA", + "result": "invalid", + "flags": [] + }, + { + "tcId": 393, + "comment": "rIsOne_sIsN", + "jws": "eyJhbGciOiJFUzI1NiIsImtpZCI6ImtpZC1lYy1zaWduIn0.Zm9v.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH_____AAAAAP__________vOb6racXnoTzucrC_GMlUQ", + "result": "invalid", + "flags": [] + }, + { + "tcId": 394, + "comment": "rIsNminus1_sIsZero", + "jws": "eyJhbGciOiJFUzI1NiIsImtpZCI6ImtpZC1lYy1zaWduIn0.Zm9v._____wAAAAD__________7zm-q2nF56E87nKwvxjJVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", + "result": "invalid", + "flags": [] + }, + { + "tcId": 395, + "comment": "rIsNminus1_sIsOne", + "jws": "eyJhbGciOiJFUzI1NiIsImtpZCI6ImtpZC1lYy1zaWduIn0.Zm9v._____wAAAAD__________7zm-q2nF56E87nKwvxjJVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQ", + "result": "invalid", + "flags": [] + }, + { + "tcId": 396, + "comment": "rIsNminus1_sIsNminus1", + "jws": "eyJhbGciOiJFUzI1NiIsImtpZCI6ImtpZC1lYy1zaWduIn0.Zm9v._____wAAAAD__________7zm-q2nF56E87nKwvxjJVD_____AAAAAP__________vOb6racXnoTzucrC_GMlUA", + "result": "invalid", + "flags": [] + }, + { + "tcId": 397, + "comment": "rIsNminus1_sIsN", + "jws": "eyJhbGciOiJFUzI1NiIsImtpZCI6ImtpZC1lYy1zaWduIn0.Zm9v._____wAAAAD__________7zm-q2nF56E87nKwvxjJVD_____AAAAAP__________vOb6racXnoTzucrC_GMlUQ", + "result": "invalid", + "flags": [] + }, + { + "tcId": 398, + "comment": "rIsN_sIsZero", + "jws": "eyJhbGciOiJFUzI1NiIsImtpZCI6ImtpZC1lYy1zaWduIn0.Zm9v._____wAAAAD__________7zm-q2nF56E87nKwvxjJVEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", + "result": "invalid", + "flags": [] + }, + { + "tcId": 399, + "comment": "rIsN_sIsOne", + "jws": "eyJhbGciOiJFUzI1NiIsImtpZCI6ImtpZC1lYy1zaWduIn0.Zm9v._____wAAAAD__________7zm-q2nF56E87nKwvxjJVEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQ", + "result": "invalid", + "flags": [] + }, + { + "tcId": 400, + "comment": "rIsN_sIsNminus1", + "jws": "eyJhbGciOiJFUzI1NiIsImtpZCI6ImtpZC1lYy1zaWduIn0.Zm9v._____wAAAAD__________7zm-q2nF56E87nKwvxjJVH_____AAAAAP__________vOb6racXnoTzucrC_GMlUA", + "result": "invalid", + "flags": [] + }, + { + "tcId": 401, + "comment": "rIsN_sIsN", + "jws": "eyJhbGciOiJFUzI1NiIsImtpZCI6ImtpZC1lYy1zaWduIn0.Zm9v._____wAAAAD__________7zm-q2nF56E87nKwvxjJVH_____AAAAAP__________vOb6racXnoTzucrC_GMlUQ", + "result": "invalid", + "flags": [] + } + ] } ] } |