diff options
author | Thai Duong <thaidn@gmail.com> | 2016-12-13 03:17:31 -0800 |
---|---|---|
committer | Thai Duong <thaidn@gmail.com> | 2016-12-13 03:17:31 -0800 |
commit | 223332fde6f83c6421c605189abe48a332da6a31 (patch) | |
tree | 9eeca2b20baddb8df1b05a4cca22a27d278afa73 /java/com/google/security/wycheproof/testcases/DsaTest.java | |
parent | 75efe2b665f6a05d8855ba727a69dc2f1469232b (diff) | |
download | wycheproof-223332fde6f83c6421c605189abe48a332da6a31.tar.gz |
Some last minute changes before public announcement.
Diffstat (limited to 'java/com/google/security/wycheproof/testcases/DsaTest.java')
-rw-r--r-- | java/com/google/security/wycheproof/testcases/DsaTest.java | 163 |
1 files changed, 67 insertions, 96 deletions
diff --git a/java/com/google/security/wycheproof/testcases/DsaTest.java b/java/com/google/security/wycheproof/testcases/DsaTest.java index d2e4f94..e466900 100644 --- a/java/com/google/security/wycheproof/testcases/DsaTest.java +++ b/java/com/google/security/wycheproof/testcases/DsaTest.java @@ -15,6 +15,7 @@ */ // TODO(bleichen): +// - add tests for signature malleability and ASN parsing. // - add tests for SHA1WithDSA with wrong key // - add tests for "alternative" algorithm names // - convert tests for deterministic DSA variants. @@ -53,19 +54,6 @@ import junit.framework.TestCase; * * @author bleichen@google.com (Daniel Bleichenbacher) */ -// Tested providers: -// "SUN": -// - allows some alternative BER encodings of signatures -// - does not check whether the ASN sequence contains two elements -// and throws runtime exceptions when the sequence is too short. -// - does not support 3072 bit keys. -// "BC": -// - allows some alternaitve BER encodings -// - accepts signatures with additional arguments -// - key generation is slow, maybe because BouncyCastle tries to generate -// new parameters for each key. -// - KeyPairGenerator.getInstance("DSA") generates keys with 160 bit q -// independent of the size of p. public class DsaTest extends TestCase { static final String MESSAGE = "Hello"; @@ -123,70 +111,31 @@ public class DsaTest extends TestCase { + "021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe8786236", }; - // The following test vectors check for signature malleability and bugs. - // That means the test vectors are derived from a valid signature - // by modifying the ASN encoding. A correct implementation of DSA - // should only accept correct DER encoding and properly handle the others. - // Allowing alternative BER encodings is in many cases benign. - // An example where this kind of signature malleability was a problem - // https://en.bitcoin.it/wiki/Transaction_Malleability - static final String[] INVALID_SIGNATURES = { - // encodings that were obtained by leaving some arguments out - "301f021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe87862" + "36", - "301e021c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9cd", - "", - // encodings that were obtained by leaving some parts empty - "30210200021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813fe8" + "786236", - "3020021c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9cd" + "0200", - "3000", - // encodings with sizes that overflow 32 or 64 bit integers - "30420285010000001c1e41b479ad576905b960fe14eadb91b0ccf34843dab916" - + "173bb8c9cd021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813f" - + "e8786236", - "3046028901000000000000001c1e41b479ad576905b960fe14eadb91b0ccf348" - + "43dab916173bb8c9cd021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf" - + "3365813fe8786236", - "3042021c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9cd" - + "0285010000001d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813f" - + "e8786236", - "3046021c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9cd" - + "028901000000000000001d00ade65988d237d30f9ef41dd424a4e1c8f16967cf" - + "3365813fe8786236", - "3085010000003d021c1e41b479ad576905b960fe14eadb91b0ccf34843dab916" - + "173bb8c9cd021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813f" - + "e8786236", - "308901000000000000003d021c1e41b479ad576905b960fe14eadb91b0ccf348" - + "43dab916173bb8c9cd021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf" - + "3365813fe8786236", - // encodings where numbers were replace by an encoding of infinity - "3022090180021d00ade65988d237d30f9ef41dd424a4e1c8f16967cf3365813f" + "e8786236", - "3021021c1e41b479ad576905b960fe14eadb91b0ccf34843dab916173bb8c9cd" + "090180", - // Signatures with special case values for r and s. - // E.g. r=1, s=0 are values that can lead to forgeries if the DSA implementation - // does not check boundaries and computes s^(-1) == 0. - "300402000200", - "30050200020101", - "300502000201ff", - "30210200021d00baf696a68578f7dfdee7fa67c977c785ef32b233bae580c0bc" + "d5695d", - "30210200021d00baf696a68578f7dfdee7fa67c977c785ef32b233bae580c0bc" + "d5695e", - "30210200021d0100000000000000000000000000000000000000000000000000" + "000000", - "30820107020002820101008f7935d9b9aae9bfabed887acf4951b6f32ec59e3b" - + "af3718e8eac4961f3efd3606e74351a9c4183339b809e7c2ae1c539ba7475b85" - + "d011adb8b47987754984695cac0e8f14b3360828a22ffa27110a3d62a9934534" - + "09a0fe696c4658f84bdd20819c3709a01057b195adcd00233dba5484b6291f9d" - + "648ef883448677979cec04b434a6ac2e75e9985de23db0292fc1118c9ffa9d81" - + "81e7338db792b730d7b9e349592f68099872153915ea3d6b8b4653c633458f80" - + "3b32a4c2e0f27290256e4e3f8a3b0838a1c450e4e18c1a29a37ddf5ea143de4b" - + "66ff04903ed5cf1623e158d487c608e97f211cd81dca23cb6e380765f822e342" - + "be484c05763939601cd667", - "30070200090380fe01", - "30050201010200", + // Signatures with special case values for r and s. E.g. r=1, s=0 are values that can lead to + // forgeries if the DSA implementation does not check boundaries and computes s^(-1) == 0. + "3022020100021dff450969597a870820211805983688387a10cd4dcc451a7f3f432a96a3", + "3006020100020101", + "30060201000201ff", + "3022020100021d00baf696a68578f7dfdee7fa67c977c785ef32b233bae580c0bcd5695d", + "3022020100021d00baf696a68578f7dfdee7fa67c977c785ef32b233bae580c0bcd5695e", + "3022020100021d0100000000000000000000000000000000000000000000000000000000", + "3082010802010002820101008f7935d9b9aae9bfabed887acf4951b6f32ec59e" + + "3baf3718e8eac4961f3efd3606e74351a9c4183339b809e7c2ae1c539ba7475b" + + "85d011adb8b47987754984695cac0e8f14b3360828a22ffa27110a3d62a99345" + + "3409a0fe696c4658f84bdd20819c3709a01057b195adcd00233dba5484b6291f" + + "9d648ef883448677979cec04b434a6ac2e75e9985de23db0292fc1118c9ffa9d" + + "8181e7338db792b730d7b9e349592f68099872153915ea3d6b8b4653c633458f" + + "803b32a4c2e0f27290256e4e3f8a3b0838a1c450e4e18c1a29a37ddf5ea143de" + + "4b66ff04903ed5cf1623e158d487c608e97f211cd81dca23cb6e380765f822e3" + + "42be484c05763939601cd667", + "3008020100090380fe01", + "3022020101021dff450969597a870820211805983688387a10cd4dcc451a7f3f432a96a3", "3006020101020101", "30060201010201ff", - "3022020101021d00baf696a68578f7dfdee7fa67c977c785ef32b233bae580c0" + "bcd5695d", - "3022020101021d00baf696a68578f7dfdee7fa67c977c785ef32b233bae580c0" + "bcd5695e", - "3022020101021d01000000000000000000000000000000000000000000000000" + "00000000", + "3022020101021d00baf696a68578f7dfdee7fa67c977c785ef32b233bae580c0bcd5695d", + "3022020101021d00baf696a68578f7dfdee7fa67c977c785ef32b233bae580c0bcd5695e", + "3022020101021d0100000000000000000000000000000000000000000000000000000000", "3082010802010102820101008f7935d9b9aae9bfabed887acf4951b6f32ec59e" + "3baf3718e8eac4961f3efd3606e74351a9c4183339b809e7c2ae1c539ba7475b" + "85d011adb8b47987754984695cac0e8f14b3360828a22ffa27110a3d62a99345" @@ -197,12 +146,12 @@ public class DsaTest extends TestCase { + "4b66ff04903ed5cf1623e158d487c608e97f211cd81dca23cb6e380765f822e3" + "42be484c05763939601cd667", "3008020101090380fe01", - "30050201ff0200", + "30220201ff021dff450969597a870820211805983688387a10cd4dcc451a7f3f432a96a3", "30060201ff020101", "30060201ff0201ff", - "30220201ff021d00baf696a68578f7dfdee7fa67c977c785ef32b233bae580c0" + "bcd5695d", - "30220201ff021d00baf696a68578f7dfdee7fa67c977c785ef32b233bae580c0" + "bcd5695e", - "30220201ff021d01000000000000000000000000000000000000000000000000" + "00000000", + "30220201ff021d00baf696a68578f7dfdee7fa67c977c785ef32b233bae580c0bcd5695d", + "30220201ff021d00baf696a68578f7dfdee7fa67c977c785ef32b233bae580c0bcd5695e", + "30220201ff021d0100000000000000000000000000000000000000000000000000000000", "308201080201ff02820101008f7935d9b9aae9bfabed887acf4951b6f32ec59e" + "3baf3718e8eac4961f3efd3606e74351a9c4183339b809e7c2ae1c539ba7475b" + "85d011adb8b47987754984695cac0e8f14b3360828a22ffa27110a3d62a99345" @@ -213,9 +162,11 @@ public class DsaTest extends TestCase { + "4b66ff04903ed5cf1623e158d487c608e97f211cd81dca23cb6e380765f822e3" + "42be484c05763939601cd667", "30080201ff090380fe01", - "3021021d00baf696a68578f7dfdee7fa67c977c785ef32b233bae580c0bcd569" + "5d0200", - "3022021d00baf696a68578f7dfdee7fa67c977c785ef32b233bae580c0bcd569" + "5d020101", - "3022021d00baf696a68578f7dfdee7fa67c977c785ef32b233bae580c0bcd569" + "5d0201ff", + "303e021d00baf696a68578f7dfdee7fa67c977c785ef32b233bae580c0bcd569" + + "5d021dff450969597a870820211805983688387a10cd4dcc451a7f3f432a96a3", + "3022021d00baf696a68578f7dfdee7fa67c977c785ef32b233bae580c0bcd5695d020100", + "3022021d00baf696a68578f7dfdee7fa67c977c785ef32b233bae580c0bcd5695d020101", + "3022021d00baf696a68578f7dfdee7fa67c977c785ef32b233bae580c0bcd5695d0201ff", "303e021d00baf696a68578f7dfdee7fa67c977c785ef32b233bae580c0bcd569" + "5d021d00baf696a68578f7dfdee7fa67c977c785ef32b233bae580c0bcd5695d", "303e021d00baf696a68578f7dfdee7fa67c977c785ef32b233bae580c0bcd569" @@ -232,10 +183,12 @@ public class DsaTest extends TestCase { + "c2e0f27290256e4e3f8a3b0838a1c450e4e18c1a29a37ddf5ea143de4b66ff04" + "903ed5cf1623e158d487c608e97f211cd81dca23cb6e380765f822e342be484c" + "05763939601cd667", - "3024021d00baf696a68578f7dfdee7fa67c977c785ef32b233bae580c0bcd569" + "5d090380fe01", - "3021021d00baf696a68578f7dfdee7fa67c977c785ef32b233bae580c0bcd569" + "5e0200", - "3022021d00baf696a68578f7dfdee7fa67c977c785ef32b233bae580c0bcd569" + "5e020101", - "3022021d00baf696a68578f7dfdee7fa67c977c785ef32b233bae580c0bcd569" + "5e0201ff", + "3024021d00baf696a68578f7dfdee7fa67c977c785ef32b233bae580c0bcd5695d090380fe01", + "303e021d00baf696a68578f7dfdee7fa67c977c785ef32b233bae580c0bcd569" + + "5e021dff450969597a870820211805983688387a10cd4dcc451a7f3f432a96a3", + "3022021d00baf696a68578f7dfdee7fa67c977c785ef32b233bae580c0bcd5695e020100", + "3022021d00baf696a68578f7dfdee7fa67c977c785ef32b233bae580c0bcd5695e020101", + "3022021d00baf696a68578f7dfdee7fa67c977c785ef32b233bae580c0bcd5695e0201ff", "303e021d00baf696a68578f7dfdee7fa67c977c785ef32b233bae580c0bcd569" + "5e021d00baf696a68578f7dfdee7fa67c977c785ef32b233bae580c0bcd5695d", "303e021d00baf696a68578f7dfdee7fa67c977c785ef32b233bae580c0bcd569" @@ -252,10 +205,12 @@ public class DsaTest extends TestCase { + "c2e0f27290256e4e3f8a3b0838a1c450e4e18c1a29a37ddf5ea143de4b66ff04" + "903ed5cf1623e158d487c608e97f211cd81dca23cb6e380765f822e342be484c" + "05763939601cd667", - "3024021d00baf696a68578f7dfdee7fa67c977c785ef32b233bae580c0bcd569" + "5e090380fe01", - "3021021d01000000000000000000000000000000000000000000000000000000" + "000200", - "3022021d01000000000000000000000000000000000000000000000000000000" + "00020101", - "3022021d01000000000000000000000000000000000000000000000000000000" + "000201ff", + "3024021d00baf696a68578f7dfdee7fa67c977c785ef32b233bae580c0bcd5695e090380fe01", + "303e021d01000000000000000000000000000000000000000000000000000000" + + "00021dff450969597a870820211805983688387a10cd4dcc451a7f3f432a96a3", + "3022021d0100000000000000000000000000000000000000000000000000000000020100", + "3022021d0100000000000000000000000000000000000000000000000000000000020101", + "3022021d01000000000000000000000000000000000000000000000000000000000201ff", "303e021d01000000000000000000000000000000000000000000000000000000" + "00021d00baf696a68578f7dfdee7fa67c977c785ef32b233bae580c0bcd5695d", "303e021d01000000000000000000000000000000000000000000000000000000" @@ -272,8 +227,18 @@ public class DsaTest extends TestCase { + "c2e0f27290256e4e3f8a3b0838a1c450e4e18c1a29a37ddf5ea143de4b66ff04" + "903ed5cf1623e158d487c608e97f211cd81dca23cb6e380765f822e342be484c" + "05763939601cd667", - "3024021d01000000000000000000000000000000000000000000000000000000" + "00090380fe01", - "3082010702820101008f7935d9b9aae9bfabed887acf4951b6f32ec59e3baf37" + "3024021d0100000000000000000000000000000000000000000000000000000000090380fe01", + "3082012402820101008f7935d9b9aae9bfabed887acf4951b6f32ec59e3baf37" + + "18e8eac4961f3efd3606e74351a9c4183339b809e7c2ae1c539ba7475b85d011" + + "adb8b47987754984695cac0e8f14b3360828a22ffa27110a3d62a993453409a0" + + "fe696c4658f84bdd20819c3709a01057b195adcd00233dba5484b6291f9d648e" + + "f883448677979cec04b434a6ac2e75e9985de23db0292fc1118c9ffa9d8181e7" + + "338db792b730d7b9e349592f68099872153915ea3d6b8b4653c633458f803b32" + + "a4c2e0f27290256e4e3f8a3b0838a1c450e4e18c1a29a37ddf5ea143de4b66ff" + + "04903ed5cf1623e158d487c608e97f211cd81dca23cb6e380765f822e342be48" + + "4c05763939601cd667021dff450969597a870820211805983688387a10cd4dcc" + + "451a7f3f432a96a3", + "3082010802820101008f7935d9b9aae9bfabed887acf4951b6f32ec59e3baf37" + "18e8eac4961f3efd3606e74351a9c4183339b809e7c2ae1c539ba7475b85d011" + "adb8b47987754984695cac0e8f14b3360828a22ffa27110a3d62a993453409a0" + "fe696c4658f84bdd20819c3709a01057b195adcd00233dba5484b6291f9d648e" @@ -281,7 +246,7 @@ public class DsaTest extends TestCase { + "338db792b730d7b9e349592f68099872153915ea3d6b8b4653c633458f803b32" + "a4c2e0f27290256e4e3f8a3b0838a1c450e4e18c1a29a37ddf5ea143de4b66ff" + "04903ed5cf1623e158d487c608e97f211cd81dca23cb6e380765f822e342be48" - + "4c05763939601cd6670200", + + "4c05763939601cd667020100", "3082010802820101008f7935d9b9aae9bfabed887acf4951b6f32ec59e3baf37" + "18e8eac4961f3efd3606e74351a9c4183339b809e7c2ae1c539ba7475b85d011" + "adb8b47987754984695cac0e8f14b3360828a22ffa27110a3d62a993453409a0" @@ -356,12 +321,13 @@ public class DsaTest extends TestCase { + "a4c2e0f27290256e4e3f8a3b0838a1c450e4e18c1a29a37ddf5ea143de4b66ff" + "04903ed5cf1623e158d487c608e97f211cd81dca23cb6e380765f822e342be48" + "4c05763939601cd667090380fe01", - "3007090380fe010200", + "3024090380fe01021dff450969597a870820211805983688387a10cd4dcc451a7f3f432a96a3", + "3008090380fe01020100", "3008090380fe01020101", "3008090380fe010201ff", - "3024090380fe01021d00baf696a68578f7dfdee7fa67c977c785ef32b233bae5" + "80c0bcd5695d", - "3024090380fe01021d00baf696a68578f7dfdee7fa67c977c785ef32b233bae5" + "80c0bcd5695e", - "3024090380fe01021d0100000000000000000000000000000000000000000000" + "000000000000", + "3024090380fe01021d00baf696a68578f7dfdee7fa67c977c785ef32b233bae580c0bcd5695d", + "3024090380fe01021d00baf696a68578f7dfdee7fa67c977c785ef32b233bae580c0bcd5695e", + "3024090380fe01021d0100000000000000000000000000000000000000000000000000000000", "3082010a090380fe0102820101008f7935d9b9aae9bfabed887acf4951b6f32e" + "c59e3baf3718e8eac4961f3efd3606e74351a9c4183339b809e7c2ae1c539ba7" + "475b85d011adb8b47987754984695cac0e8f14b3360828a22ffa27110a3d62a9" @@ -421,6 +387,11 @@ public class DsaTest extends TestCase { VALID_SIGNATURES, publicKey1, "Hello", "SHA224WithDSA", "Valid DSA signature", true); } + public void testInvalidSignatures() throws Exception { + testVectors( + INVALID_SIGNATURES, publicKey1, "Hello", "SHA224WithDSA", "Invalid DSA signature", false); + } + // Extract the integer r from a DSA signature. // This method implicitely assumes that the DSA signature is DER encoded. BigInteger extractR(byte[] signature) throws Exception { |