tests: Add CAVP test vectors for RSA/PKCS #1 v1.5 signature validation

author Jouni Malinen <j@w1.fi>

Mon, 19 May 2014 20:22:49 +0000 (23:22 +0300)

committer Jouni Malinen <j@w1.fi>

Tue, 20 May 2014 16:52:57 +0000 (19:52 +0300)
author Jouni Malinen <j@w1.fi>
Mon, 19 May 2014 20:22:49 +0000 (23:22 +0300)
committer Jouni Malinen <j@w1.fi>
Tue, 20 May 2014 16:52:57 +0000 (19:52 +0300)
diff --git a/tests/Makefile b/tests/Makefile

index c395b7720365d6406e8aeac7b90256a54e6f974f..33fec20d1c51fb637eb4a15c539b8f76773f54d4 100644 (file)
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -1,6 +1,7 @@
  TESTS=test-base64 test-md4 test-md5 test-milenage test-ms_funcs \
         test-bitfield \
         test-printf \
+       test-rsa-sig-ver \
         test-sha1 \
         test-sha256 test-aes test-asn1 test-x509 test-x509v3 test-list test-rc4
  
@@ -78,6 +79,9 @@ test-printf: test-printf.o $(LIBS)
  test-rc4: test-rc4.o $(LIBS)
         $(LDO) $(LDFLAGS) -o $@ $^ $(LLIBS)
  
+test-rsa-sig-ver: test-rsa-sig-ver.o $(LIBS)
+       $(LDO) $(LDFLAGS) -o $@ $< $(LLIBS)
+
  test-sha1: test-sha1.o $(LIBS)
         $(LDO) $(LDFLAGS) -o $@ $^ $(LLIBS)
  
@@ -99,6 +103,7 @@ run-tests: $(TESTS)
         ./test-md5
         ./test-milenage
         ./test-printf
+       ./test-rsa-sig-ver
         ./test-sha1
         ./test-sha256
         @echo
diff --git a/tests/test-rsa-sig-ver.c b/tests/test-rsa-sig-ver.c

new file mode 100644 (file)

index 0000000..13a8d48
--- /dev/null
+++ b/tests/test-rsa-sig-ver.c
@@ -0,0 +1,189 @@
+/*
+ * Testing tool for RSA PKCS #1 v1.5 signature verification
+ * Copyright (c) 2014, Jouni Malinen <j@w1.fi>
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#include "utils/includes.h"
+
+#include "utils/common.h"
+#include "crypto/crypto.h"
+#include "tls/rsa.h"
+#include "tls/asn1.h"
+#include "tls/pkcs1.h"
+
+
+static int cavp_rsa_sig_ver(const char *fname)
+{
+       FILE *f;
+       int ret = 0;
+       char buf[15000], *pos, *pos2;
+       u8 msg[200], n[512], s[512], em[512], e[512];
+       size_t msg_len = 0, n_len = 0, s_len = 0, em_len, e_len = 0;
+       size_t tmp_len;
+       char sha_alg[20];
+       int ok = 0;
+
+       printf("CAVP RSA SigVer test vectors from %s\n", fname);
+
+       f = fopen(fname, "r");
+       if (f == NULL) {
+               printf("%s does not exist - cannot validate CAVP RSA SigVer test vectors\n",
+                       fname);
+               return 0;
+       }
+
+       while (fgets(buf, sizeof(buf), f)) {
+               pos = os_strchr(buf, '=');
+               if (pos == NULL)
+                       continue;
+               pos2 = pos - 1;
+               while (pos2 >= buf && *pos2 == ' ')
+                       *pos2-- = '\0';
+               *pos++ = '\0';
+               while (*pos == ' ')
+                       *pos++ = '\0';
+               pos2 = os_strchr(pos, '\r');
+               if (!pos2)
+                       pos2 = os_strchr(pos, '\n');
+               if (pos2)
+                       *pos2 = '\0';
+               else
+                       pos2 = pos + os_strlen(pos);
+
+               if (os_strcmp(buf, "SHAAlg") == 0) {
+                       os_strlcpy(sha_alg, pos, sizeof(sha_alg));
+               } else if (os_strcmp(buf, "Msg") == 0) {
+                       tmp_len = os_strlen(pos);
+                       if (tmp_len > sizeof(msg) * 2) {
+                               printf("Too long Msg\n");
+                               return -1;
+                       }
+                       msg_len = tmp_len / 2;
+                       if (hexstr2bin(pos, msg, msg_len) < 0) {
+                               printf("Invalid hex string '%s'\n", pos);
+                               ret++;
+                               break;
+                       }
+               } else if (os_strcmp(buf, "n") == 0) {
+                       tmp_len = os_strlen(pos);
+                       if (tmp_len > sizeof(n) * 2) {
+                               printf("Too long n\n");
+                               return -1;
+                       }
+                       n_len = tmp_len / 2;
+                       if (hexstr2bin(pos, n, n_len) < 0) {
+                               printf("Invalid hex string '%s'\n", pos);
+                               ret++;
+                               break;
+                       }
+               } else if (os_strcmp(buf, "e") == 0) {
+                       tmp_len = os_strlen(pos);
+                       if (tmp_len > sizeof(e) * 2) {
+                               printf("Too long e\n");
+                               return -1;
+                       }
+                       e_len = tmp_len / 2;
+                       if (hexstr2bin(pos, e, e_len) < 0) {
+                               printf("Invalid hex string '%s'\n", pos);
+                               ret++;
+                               break;
+                       }
+               } else if (os_strcmp(buf, "S") == 0) {
+                       tmp_len = os_strlen(pos);
+                       if (tmp_len > sizeof(s) * 2) {
+                               printf("Too long S\n");
+                               return -1;
+                       }
+                       s_len = tmp_len / 2;
+                       if (hexstr2bin(pos, s, s_len) < 0) {
+                               printf("Invalid hex string '%s'\n", pos);
+                               ret++;
+                               break;
+                       }
+               } else if (os_strncmp(buf, "EM", 2) == 0) {
+                       tmp_len = os_strlen(pos);
+                       if (tmp_len > sizeof(em) * 2)
+                               return -1;
+                       em_len = tmp_len / 2;
+                       if (hexstr2bin(pos, em, em_len) < 0) {
+                               printf("Invalid hex string '%s'\n", pos);
+                               ret++;
+                               break;
+                       }
+               } else if (os_strcmp(buf, "Result") == 0) {
+                       const u8 *addr[1];
+                       size_t len[1];
+                       struct crypto_public_key *pk;
+                       int res;
+                       u8 hash[32];
+                       size_t hash_len;
+                       const struct asn1_oid *alg;
+
+                       addr[0] = msg;
+                       len[0] = msg_len;
+                       if (os_strcmp(sha_alg, "SHA1") == 0) {
+                               if (sha1_vector(1, addr, len, hash) < 0)
+                                       return -1;
+                               hash_len = 20;
+                               alg = &asn1_sha1_oid;
+                       } else if (os_strcmp(sha_alg, "SHA256") == 0) {
+                               if (sha256_vector(1, addr, len, hash) < 0)
+                                       return -1;
+                               hash_len = 32;
+                               alg = &asn1_sha256_oid;
+                       } else {
+                               continue;
+                       }
+
+                       printf("\nExpected result: %s\n", pos);
+                       wpa_hexdump(MSG_INFO, "Hash(Msg)", hash, hash_len);
+
+                       pk = crypto_public_key_import_parts(n, n_len,
+                                                           e, e_len);
+                       if (pk == NULL) {
+                               printf("Failed to import public key\n");
+                               ret++;
+                               continue;
+                       }
+
+                       res = pkcs1_v15_sig_ver(pk, s, s_len, alg,
+                                               hash, hash_len);
+                       crypto_public_key_free(pk);
+                       if ((*pos == 'F' && !res) || (*pos != 'F' && res)) {
+                               printf("FAIL\n");
+                               ret++;
+                               continue;
+                       }
+
+                       printf("PASS\n");
+                       ok++;
+               }
+       }
+
+       fclose(f);
+
+       if (ret)
+               printf("Test case failed\n");
+       else
+               printf("%d test vectors OK\n", ok);
+
+       return ret;
+}
+
+
+int main(int argc, char *argv[])
+{
+       int ret = 0;
+
+       wpa_debug_level = 0;
+
+       if (cavp_rsa_sig_ver("CAVP/SigVer15_186-3.rsp"))
+               ret++;
+       if (cavp_rsa_sig_ver("CAVP/SigVer15EMTest.txt"))
+               ret++;
+
+       return ret;
+}
author	Jouni Malinen <j@w1.fi>
	Mon, 19 May 2014 20:22:49 +0000 (23:22 +0300)
committer	Jouni Malinen <j@w1.fi>
	Tue, 20 May 2014 16:52:57 +0000 (19:52 +0300)
tests/Makefile		patch \| blob \| blame \| history
tests/test-rsa-sig-ver.c	[new file with mode: 0644]	patch \| blob