Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Bug 1612260 - Add Wycheproof vectors for RSA PKCS1 and PSS signing, P…
…KCS1 and OEAP decryption. r=bbeurdouche

This patch updates the Wycheproof script to build RSA test vectors (covering PKCS1 decryption/verification, as well as PSS and OAEP) and adds the appropriate test drivers.

Differential Revision: https://phabricator.services.mozilla.com/D69847

--HG--
extra : moz-landing-system : lando
  • Loading branch information
Kevin Jacobs committed Apr 6, 2020
1 parent f4952cf commit 6627d90
Show file tree
Hide file tree
Showing 39 changed files with 153,233 additions and 104 deletions.
2 changes: 1 addition & 1 deletion gtests/common/testvectors/curve25519-vectors.h
Expand Up @@ -74,7 +74,7 @@ const EcdhTestVectorStr kCurve25519Vectors[] = {
false,
false}};

const EcdhTestVectorStr kCurve25519WycheproofVectors[] = {
const EcdhTestVector kCurve25519WycheproofVectors[] = {

// Comment: normal case
{1,
Expand Down
2 changes: 1 addition & 1 deletion gtests/common/testvectors/p256ecdh-vectors.h
Expand Up @@ -12,7 +12,7 @@

#include "testvectors_base/test-structs.h"

const EcdhTestVectorStr kP256EcdhWycheproofVectors[] = {
const EcdhTestVector kP256EcdhWycheproofVectors[] = {

// Comment: normal case
// tcID: 1
Expand Down
2 changes: 1 addition & 1 deletion gtests/common/testvectors/p384ecdh-vectors.h
Expand Up @@ -12,7 +12,7 @@

#include "testvectors_base/test-structs.h"

const EcdhTestVectorStr kP384EcdhWycheproofVectors[] = {
const EcdhTestVector kP384EcdhWycheproofVectors[] = {

// Comment: normal case
// tcID: 1
Expand Down
2 changes: 1 addition & 1 deletion gtests/common/testvectors/p521ecdh-vectors.h
Expand Up @@ -12,7 +12,7 @@

#include "testvectors_base/test-structs.h"

const EcdhTestVectorStr kP521EcdhWycheproofVectors[] = {
const EcdhTestVector kP521EcdhWycheproofVectors[] = {

// Comment: normal case
// tcID: 1
Expand Down
1,283 changes: 1,283 additions & 0 deletions gtests/common/testvectors/rsa_oaep_2048_sha1_mgf1sha1-vectors.h

Large diffs are not rendered by default.

1,049 changes: 1,049 additions & 0 deletions gtests/common/testvectors/rsa_oaep_2048_sha256_mgf1sha1-vectors.h

Large diffs are not rendered by default.

1,222 changes: 1,222 additions & 0 deletions gtests/common/testvectors/rsa_oaep_2048_sha256_mgf1sha256-vectors.h

Large diffs are not rendered by default.

1,047 changes: 1,047 additions & 0 deletions gtests/common/testvectors/rsa_oaep_2048_sha384_mgf1sha1-vectors.h

Large diffs are not rendered by default.

1,090 changes: 1,090 additions & 0 deletions gtests/common/testvectors/rsa_oaep_2048_sha384_mgf1sha384-vectors.h

Large diffs are not rendered by default.

1,044 changes: 1,044 additions & 0 deletions gtests/common/testvectors/rsa_oaep_2048_sha512_mgf1sha1-vectors.h

Large diffs are not rendered by default.

1,019 changes: 1,019 additions & 0 deletions gtests/common/testvectors/rsa_oaep_2048_sha512_mgf1sha512-vectors.h

Large diffs are not rendered by default.

5,676 changes: 5,676 additions & 0 deletions gtests/common/testvectors/rsa_pkcs1_2048_test-vectors.h

Large diffs are not rendered by default.

8,217 changes: 8,217 additions & 0 deletions gtests/common/testvectors/rsa_pkcs1_3072_test-vectors.h

Large diffs are not rendered by default.

10,708 changes: 10,708 additions & 0 deletions gtests/common/testvectors/rsa_pkcs1_4096_test-vectors.h

Large diffs are not rendered by default.

2,650 changes: 2,650 additions & 0 deletions gtests/common/testvectors/rsa_pss_2048_sha1_mgf1_20-vectors.h

Large diffs are not rendered by default.

3,226 changes: 3,226 additions & 0 deletions gtests/common/testvectors/rsa_pss_2048_sha256_mgf1_0-vectors.h

Large diffs are not rendered by default.

3,297 changes: 3,297 additions & 0 deletions gtests/common/testvectors/rsa_pss_2048_sha256_mgf1_32-vectors.h

Large diffs are not rendered by default.

4,355 changes: 4,355 additions & 0 deletions gtests/common/testvectors/rsa_pss_3072_sha256_mgf1_32-vectors.h

Large diffs are not rendered by default.

5,485 changes: 5,485 additions & 0 deletions gtests/common/testvectors/rsa_pss_4096_sha256_mgf1_32-vectors.h

Large diffs are not rendered by default.

9,089 changes: 9,089 additions & 0 deletions gtests/common/testvectors/rsa_pss_4096_sha512_mgf1_32-vectors.h

Large diffs are not rendered by default.

4,844 changes: 4,844 additions & 0 deletions gtests/common/testvectors/rsa_pss_misc-vectors.h

Large diffs are not rendered by default.

11,891 changes: 11,891 additions & 0 deletions gtests/common/testvectors/rsa_signature-vectors.h

Large diffs are not rendered by default.

7,256 changes: 7,256 additions & 0 deletions gtests/common/testvectors/rsa_signature_2048_sha224-vectors.h

Large diffs are not rendered by default.

7,280 changes: 7,280 additions & 0 deletions gtests/common/testvectors/rsa_signature_2048_sha256-vectors.h

Large diffs are not rendered by default.

7,253 changes: 7,253 additions & 0 deletions gtests/common/testvectors/rsa_signature_2048_sha512-vectors.h

Large diffs are not rendered by default.

9,625 changes: 9,625 additions & 0 deletions gtests/common/testvectors/rsa_signature_3072_sha256-vectors.h

Large diffs are not rendered by default.

9,588 changes: 9,588 additions & 0 deletions gtests/common/testvectors/rsa_signature_3072_sha384-vectors.h

Large diffs are not rendered by default.

9,665 changes: 9,665 additions & 0 deletions gtests/common/testvectors/rsa_signature_3072_sha512-vectors.h

Large diffs are not rendered by default.

12,215 changes: 12,215 additions & 0 deletions gtests/common/testvectors/rsa_signature_4096_sha384-vectors.h

Large diffs are not rendered by default.

12,215 changes: 12,215 additions & 0 deletions gtests/common/testvectors/rsa_signature_4096_sha512-vectors.h

Large diffs are not rendered by default.

52 changes: 52 additions & 0 deletions gtests/common/testvectors_base/rsa_signature-vectors_base.txt
@@ -0,0 +1,52 @@
// kSpki is an RSA public key in an X.509 SubjectPublicKeyInfo.
const uint8_t kSpki[] = {
0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81,
0x89, 0x02, 0x81, 0x81, 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9,
0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb,
0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0,
0xa6, 0x85, 0x15, 0x34, 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef,
0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa,
0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76,
0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25,
0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79,
0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49,
0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd,
0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61,
0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
};
// kHash is the SHA-256 hash of {1,2,3,4}.
const uint8_t kHash[] = {
0x9f, 0x64, 0xa7, 0x47, 0xe1, 0xb9, 0x7f, 0x13, 0x1f, 0xab, 0xb6,
0xb4, 0x47, 0x29, 0x6c, 0x9b, 0x6f, 0x02, 0x01, 0xe7, 0x9f, 0xb3,
0xc5, 0x35, 0x6e, 0x6c, 0x77, 0xe8, 0x9b, 0x6a, 0x80, 0x6a,
};
// kSignature is the signature of kHash with RSASSA-PKCS1-v1_5.
const uint8_t kSignature[] = {
0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
};
// kSignature is an invalid signature of kHash with RSASSA-PKCS1-v1_5 with the
// NULL parameter omitted.
const uint8_t kSignatureInvalid[] = {
0x71, 0x6c, 0x24, 0x4e, 0xc9, 0x9b, 0x19, 0xc7, 0x49, 0x29, 0xb8, 0xd4,
0xfb, 0x26, 0x23, 0xc0, 0x96, 0x18, 0xcd, 0x1e, 0x60, 0xe8, 0x88, 0x94,
0x8c, 0x59, 0xfb, 0x58, 0x5c, 0x61, 0x58, 0x7a, 0xae, 0xcc, 0xeb, 0xee,
0x1e, 0x85, 0x7d, 0x83, 0xa9, 0xdc, 0x6f, 0x4c, 0x34, 0x5c, 0xcb, 0xd9,
0xde, 0x58, 0x76, 0xdf, 0x1f, 0x5e, 0xd4, 0x57, 0x5b, 0xeb, 0xaf, 0x4f,
0x7a, 0xa7, 0x6b, 0x21, 0xf1, 0x0a, 0x96, 0x78, 0xc7, 0xa8, 0x02, 0x7a,
0xc2, 0x06, 0xd3, 0x18, 0x79, 0x72, 0x6b, 0xfe, 0x2d, 0xec, 0xd8, 0x8e,
0x98, 0x86, 0x89, 0xf4, 0x67, 0x14, 0x2b, 0xac, 0x6d, 0xd7, 0x04, 0xd8,
0xab, 0x05, 0xe6, 0x51, 0xf6, 0xee, 0x58, 0x63, 0xef, 0x6a, 0x3e, 0x89,
0x99, 0x2a, 0x1c, 0x10, 0xc2, 0xd0, 0x41, 0x9e, 0x1e, 0x9a, 0x9a, 0x57,
0x32, 0x0f, 0x49, 0xb4, 0x57, 0x37, 0xa4, 0x26,
};
41 changes: 41 additions & 0 deletions gtests/common/testvectors_base/test-structs.h
Expand Up @@ -12,6 +12,8 @@

#include <string>
#include <vector>
#include "secoidt.h"
#include "pkcs11t.h"

typedef struct AesCbcTestVectorStr {
uint32_t id;
Expand Down Expand Up @@ -64,4 +66,43 @@ typedef struct EcdhTestVectorStr {
bool valid;
} EcdhTestVector;

typedef struct RsaSignatureTestVectorStr {
SECOidTag hash_oid;
uint32_t id;
std::vector<uint8_t> sig;
std::vector<uint8_t> public_key;
std::vector<uint8_t> msg;
bool valid;
} RsaSignatureTestVector;

typedef struct RsaDecryptTestVectorStr {
uint32_t id;
std::vector<uint8_t> msg;
std::vector<uint8_t> ct;
std::vector<uint8_t> priv_key;
bool valid;
} RsaDecryptTestVector;

typedef struct RsaOaepTestVectorStr {
SECOidTag hash_oid;
CK_RSA_PKCS_MGF_TYPE mgf_hash;
uint32_t id;
std::vector<uint8_t> msg;
std::vector<uint8_t> ct;
std::vector<uint8_t> label;
std::vector<uint8_t> priv_key;
bool valid;
} RsaOaepTestVector;

typedef struct RsaPssTestVectorStr {
SECOidTag hash_oid;
CK_RSA_PKCS_MGF_TYPE mgf_hash;
uint32_t id;
unsigned long sLen;
std::vector<uint8_t> sig;
std::vector<uint8_t> public_key;
std::vector<uint8_t> msg;
bool valid;
} RsaPssTestVector;

#endif // test_structs_h__

0 comments on commit 6627d90

Please sign in to comment.