[Cryptech-Commits] [sw/pkcs11] branch master updated: Add regression test for borked or missing PKCS #1.5 DigestInfo.

git at cryptech.is git at cryptech.is
Wed Aug 10 16:45:58 UTC 2016


This is an automated email from the git hooks/post-receive script.

sra at hactrn.net pushed a commit to branch master
in repository sw/pkcs11.

The following commit(s) were added to refs/heads/master by this push:
       new  133bb39   Add regression test for borked or missing PKCS #1.5 DigestInfo.
133bb39 is described below

commit 133bb3907f478e3ccc1dc8f8fb15e924f37a0d97
Author: Rob Austein <sra at hactrn.net>
AuthorDate: Wed Aug 10 12:38:36 2016 -0400

    Add regression test for borked or missing PKCS #1.5 DigestInfo.
    
    Oleg found a cute bug where C_SignUpdate() and C_SignFinal() would
    generate an incorrect signature which C_VerifyUpdate() and
    C_VerifyFinal() would think was fine because the verification code had
    essentially the same bug as the signature code.  None of this applied
    to the (much) more commonly used C_Sign() and C_Verify() functions,
    which is why nobody noticed until now.
    
    Bug fixed in sw/libhal commit 36dfaf0adbddbb9f1f7852911228b3ab24ba01aa
    but we need a regression test to make sure we don't reintroduce the
    bug.  So we add a test which computes the signature both ways, then
    verifies it with PyCrypto as well as both ways with our own code.
    
    We should probably be doing more comparisons of RSA results with
    PyCrypto.  For ECDSA with non-deterministic signatures it's a bit
    harder, but more checking against the Python ecdsa library would still
    be a good idea.
---
 unit_tests.py | 34 ++++++++++++++++++++++++++++++++--
 1 file changed, 32 insertions(+), 2 deletions(-)

diff --git a/unit_tests.py b/unit_tests.py
index fb8446f..c9d3886 100644
--- a/unit_tests.py
+++ b/unit_tests.py
@@ -13,8 +13,10 @@ from py11 import *
 from py11.mutex import MutexDB
 
 try:
-    from Crypto.Util.number import inverse
-    from Crypto.PublicKey   import RSA
+    from Crypto.Util.number     import inverse
+    from Crypto.PublicKey       import RSA
+    from Crypto.Signature       import PKCS1_v1_5
+    from Crypto.Hash            import SHA256
     pycrypto_loaded = True
 except ImportError:
     pycrypto_loaded = False
@@ -560,6 +562,34 @@ class TestKeys(TestCase):
         p11.C_VerifyInit(self.session, CKM_SHA512_RSA_PKCS, public_key)
         p11.C_Verify(self.session, hamster, sig)
 
+    @unittest.skipUnless(pycrypto_loaded, "requires PyCrypto")
+    def test_load_sign_verify_rsa_1024_with_rpki_data(self):
+        "Load/sign/verify with RSA-1024-SHA-256, externally-supplied key"
+        public_key, private_key = self._load_rsa_keypair(rsa_1024_pem, "RSA-1024")
+        tbs = '''
+            31 6B 30 1A 06 09 2A 86 48 86 F7 0D 01 09 03 31
+            0D 06 0B 2A 86 48 86 F7 0D 01 09 10 01 1A 30 1C
+            06 09 2A 86 48 86 F7 0D 01 09 05 31 0F 17 0D 31
+            36 30 37 31 36 30 39 35 32 35 37 5A 30 2F 06 09
+            2A 86 48 86 F7 0D 01 09 04 31 22 04 20 11 A2 E6
+            0F 1F 86 AF 45 25 4D 8F E1 1F C9 EA B3 83 4A 41
+            17 C1 42 B7 43 AD 51 5E F5 A2 F8 E3 25
+        '''
+        tbs = "".join(chr(int(i, 16)) for i in tbs.split())
+        p11.C_SignInit(self.session, CKM_SHA256_RSA_PKCS, private_key)
+        p11.C_SignUpdate(self.session, tbs)
+        sig = p11.C_SignFinal(self.session)
+        self.assertIsInstance(sig, str)
+        p11.C_VerifyInit(self.session, CKM_SHA256_RSA_PKCS, public_key)
+        p11.C_Verify(self.session, tbs, sig)
+        verifier = PKCS1_v1_5.new(RSA.importKey(rsa_1024_pem))
+        digest = SHA256.new(tbs)
+        self.assertTrue(verifier.verify(digest, sig))
+        p11.C_SignInit(self.session, CKM_SHA256_RSA_PKCS, private_key)
+        self.assertEqual(sig, p11.C_Sign(self.session, tbs))
+        p11.C_VerifyInit(self.session, CKM_SHA256_RSA_PKCS, public_key)
+        p11.C_VerifyUpdate(self.session, tbs)
+        p11.C_VerifyFinal(self.session, sig)
 
 # Keys for preload tests, here rather than inline because they're
 # bulky.  These are in PKCS #8 format, see PyCrypto or the "pkey" and

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.


More information about the Commits mailing list