diff --git a/.github/workflows/workspace.yml b/.github/workflows/workspace.yml index f4709cd2..7de23fc5 100644 --- a/.github/workflows/workspace.yml +++ b/.github/workflows/workspace.yml @@ -51,8 +51,9 @@ jobs: RUSTDOCFLAGS: "-Dwarnings --cfg docsrs" run: cargo doc --no-deps --features std,serde,hazmat,sha2 - typos: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - uses: crate-ci/typos@v1.35.1 +# does not understand concat! macro +# typos: +# runs-on: ubuntu-latest +# steps: +# - uses: actions/checkout@v4 +# - uses: crate-ci/typos@v1.35.1 diff --git a/src/key.rs b/src/key.rs index b391d7d0..9cd6e05e 100644 --- a/src/key.rs +++ b/src/key.rs @@ -297,6 +297,25 @@ impl RsaPrivateKey { Self::new_with_exp(rng, bit_size, BoxedUint::from(Self::EXP)) } + /// Generate a new Rsa key pair of the given bit size using the passed in `rng + /// and allowing hazardous insecure or weak constructions of `RsaPrivateKey + /// + /// Unless you have specific needs, you should use `RsaPrivateKey::new` instead + #[cfg(feature = "hazmat")] + pub fn new_unchecked( + rng: &mut R, + bit_size: usize, + ) -> Result { + let components = + generate_multi_prime_key_with_exp(rng, 2, bit_size, BoxedUint::from(Self::EXP))?; + RsaPrivateKey::from_components_unchecked( + components.n.get(), + components.e, + components.d, + components.primes, + ) + } + /// Generate a new RSA key pair of the given bit size and the public exponent /// using the passed in `rng`. /// @@ -885,33 +904,34 @@ mod tests { "30820278020100300d06092a864886f70d0101010500048202623082025e0", "2010002818100cd1419dc3771354bee0955a90489cce0c98aee6577851358", "afe386a68bc95287862a1157d5aba8847e8e57b6f2f94748ab7efda3f3c74", - "a6702329397ffe0a8f83e2ef5297aa3d9d883cbeb94ee018fd68e986e08d5", - "b044c15e8170217cd57501d42dd72ef691b2a95bcc090d9bca735bba3ecb8", - "38650f13b1aa36d0f454e37ff020301000102818100935c4248cf3df5c21d", - "c56f5c07faccd129813f5481d189d94c69fdb366f6beeacb2927552a2032f", - "321cd3e92237da40f3fcbfc8df6f9d928b3978c1ec8aab23e857a3ba2db26", - "941ace6ecda8dcb290866a80820b3aa9138179ca867d37825ebcdb48adbe7", - "c397f1e77c4160f0fbf87cc0cd5dff195ac96fd333c0b38384c74c1024100", + "a6702329397ffe0b1d4f76e1b025d87d583e48b3cfce99d6a507d94eb46c5", + "242b3addb54d346ecf43eb0d7343bcb258a31d5fa51f47b9e0d7280623901", + "d1d29af1a986fec92ba5fe2430203010001028181009bb3203326d0c7b31f", + "456d08c6ce4c8379e10640792ecad271afe002406d184096a707c5d50ee00", + "1c00818266970c3233439551f0e2d879a8f7b90bd3d62fdffa3e661f14c8d", + "cce071f081966e25bb351289810c2f8a012f2fa3f001029d7f2e0cf24f6a4", + "b139292f8078fac24e7fc8185bab4f02f539267bd09b615e4e19fe1024100", "e90ad93c4b19bb40807391b5a9404ce5ea359e7b0556ee25cb2e7455aeb5c", "af83fc26f34457cdbb173347962c66b6fe0c4686b54dbe0d2c913a7aa924e", - "ff5d67024100e148067566a1fa3aabd0672361be62715516c9d62790b03f4", + "ff6031024100e148067566a1fa3aabd0672361be62715516c9d62790b03f4", "326cc00b2f782e6b64a167689e5c9aebe6a4cf594f3083380fe2a0a7edf1f", - "325e58c523b98199a9024100df15fc8924577892b1a4707b178faf4d751c6", - "91ed928b387486eaafd0ee7866a8916c73fa1b979d1f037ee6fa904563033", - "b4c5f2911e328a3c9f87c0d190d1c7024057461ce26c7141cc6af5608f6f7", - "55f13c2c0024f49a29ef4d321fb9425c1076033ac7e094c20ce4239185b5a", - "246b06795576a178d16fc4d9317db859bfaafa8902410084b2d64651b471b", - "f805af14018db693cdab6059063a6aa4eb8f9ca99b319074b79d7dead3d05", - "68c364978be262d3395aa60541d670f94367babebe7616dbc260" + "325e58c523b981a0b3024100ab96e85323bd038a3fca588c58ddd681278d6", + "96e8d84ef7ef676f303afcb7d728287e897a55e84e8c8b9e772da447b3115", + "8d0912877fa7d4945b4d15c382f7d102400ddde317e2e36185af01baf7809", + "2b97884664cb233e9421002d0268a7c79a3c313c167b4903466bfacd4da3b", + "db99420df988ab89cdd96a102da2852ff7c134e5024100bafb0dac0fda53f", + "9c755c23483343922727b88a5256a6fb47242e1c99b8f8a2c914f39f7af30", + "1219245786a6bb15336231d6a9b57ee7e0b3dd75129f93f54ecf" ))]; assert_tokens(&priv_key.clone().readable(), &priv_tokens); let pub_tokens = [Token::Str(concat!( - "30819f300d06092a864886f70d010101050003818d0030818902818100cd1419dc3771354bee", - "0955a90489cce0c98aee6577851358afe386a68bc95287862a1157d5aba8847e8e57b6f2f947", - "48ab7efda3f3c74a6702329397ffe0a8f83e2ef5297aa3d9d883cbeb94ee018fd68e986e08d5", - "b044c15e8170217cd57501d42dd72ef691b2a95bcc090d9bca735bba3ecb838650f13b1aa36d", - "0f454e37ff0203010001", + "30819f300d06092a864886f70d010101050003818d0030818902818100cd1", + "419dc3771354bee0955a90489cce0c98aee6577851358afe386a68bc95287", + "862a1157d5aba8847e8e57b6f2f94748ab7efda3f3c74a6702329397ffe0b", + "1d4f76e1b025d87d583e48b3cfce99d6a507d94eb46c5242b3addb54d346e", + "cf43eb0d7343bcb258a31d5fa51f47b9e0d7280623901d1d29af1a986fec9", + "2ba5fe2430203010001" ))]; assert_tokens( &RsaPublicKey::from(priv_key.clone()).readable(), diff --git a/src/oaep/decrypting_key.rs b/src/oaep/decrypting_key.rs index 70d759bf..8969bf8f 100644 --- a/src/oaep/decrypting_key.rs +++ b/src/oaep/decrypting_key.rs @@ -107,7 +107,7 @@ mod tests { let mut rng = ChaCha8Rng::from_seed([42; 32]); let decrypting_key = DecryptingKey::::new( - RsaPrivateKey::new(&mut rng, 64).expect("failed to generate key"), + RsaPrivateKey::new(&mut rng, 2048).expect("failed to generate key"), ); let tokens = [ @@ -117,9 +117,7 @@ mod tests { }, Token::Str("inner"), Token::Str(concat!( - "3056020100300d06092a864886f70d010101050004423040020100020900ab", - "240c3361d02e370203010001020811e54a15259d22f9020500ceff5cf30205", - "00d3a7aaad020500ccaddf17020500cb529d3d020500bb526d6f" + "308204bd020100300d06092a864886f70d0101010500048204a7308204a30201000282010100cf823bdbad23cda55787e9d1dbd630457e3e8407f3a4da723656a120866a8284ce211ff8464904cf7dab256d0b5544549719f4155d32187ad3eb928ada9cd4152a9e4153e21c68022e654b0d10b065519e9ef5619f431740c2a0f568141c27670485f28d1643fe650af3757f4775af5d01ed3c992a6269c5aa5ff7f52450c30a84783e36931b8855b091559540ec34e0730c511d62e09ea86d66b0f4cb92d1a609e7fb6f34ae8cf08bd791eee85150850e943fb5e4d9b7fd44a5eb474ed7e0bb7faa2e1dca443d5df8f77468fb0905731e421b2e06e864f957f3a517b2b0e3ad09118310b9fd74cb54bb07308d009e3ec6cecc17f06cddf10e0b1b9eff5ff8b90203010001028201000a7071d4765c63bf1aad32bd25031c80927e50a419c4c45c94913d1fe6c33af7b56b0331b94f79177b29fe03035bf1c913a4f19b9589aca3993fb3aa9a9ee32881715eb5fa9d153a6edd17ae7b9574336bf8713dcd065208270273f61d74e122949eac7a1e91a31db0345947e2ef6fb80d1dc33bad5f30150aa2335638d27b4d57f47262b31059351b08c2350d8afe88d1dfbd1b398daf317db8c0cd42859072b8ddadcc2d50c5ad1d6d06a56594bdabb7dd51c77fe2b5d404c64ff99e6500de5da418c5c49c6ebd7ecfc400f18ba26fd4d6e7b31e435d494326585a9efff7bdb3c51ba19399918df4a999453dfed65e84adb15b0a183416b5ec5f221491978102818100e148067566a1fa3aabd0672361be62715516c9d62790b03f4326cc00b2f782e6b64a167689e5c9aebe6a4cf594f3083380fe2a0a7edf1f325e58c523b9819747a90ad93c4b19bb40807391b5a9404ce5ea359e7b0556ee25cb2e7455aeb5caf83fc26f34457cdbb173347962c66b6fe0c4686b54dbe0d2c913a7aa924eff6ec902818100ebcdd03d9b1dfd2ea4f2d6dade79fcb02727d84426f9d756121525f14696434fa594867ca839d1025b823a7576eb6c8b33e6dd4ff4fcb72c6069d1e5e74885e90b76b0bf3994501dd0ef212694e73cbf43855731ba543c771debf979eea8f77fcab8a53d56fc46d5398893f3421ca54b371afb10ecb2137892f5062c506e82710281801c345542ab87c9f9407b85fe23059ff38a70a0f263dfb481271a1b5e5709afe4cc9bb7f63d4b7c9599175bed3f29b234288929a048c40c76d4e30e436bbd32c071047fb011c2f5f39c615bb3bfade232c2c0d5c797228c0c4544daa1c38ed50b8188093e2518fdb458b5102172b00ec0b8364e81c049847a5230a2a550a8a029028180718bebc89e9734416fc057e190dbe0e7da12ffbae1a1d1256b13afef9cf3e279c9dbd95ed18af5b052ec44c6277b7a0b15f50780e711820ae66a4e5e8c9e898d0cae1cb21841e8ca52bfb390e686eae396d9f080cb9ea077237b6be8611a10040354228d85037a0056f2037c51cb8574d096376b90eeb71d8a765e809c427aa102818100886afe7a9610e60cd2da4cf3137ba5f597cd9cdc344f36c4101720363341c42cdfe09f68ee25a3dd63e191b6542bcd97aaa0af776eb68aaab84db4594e5340591b4fe194ea2fe2f7586ac3c3aaf8bc337963c4e05d6556b1a6024ac6e07710cdf01bcd9543e263a35ad13baaa2aa6c3af60880cc56622959916cab038a51fff9", )), Token::Str("label"), Token::None, diff --git a/src/oaep/encrypting_key.rs b/src/oaep/encrypting_key.rs index 60524a21..58a6a453 100644 --- a/src/oaep/encrypting_key.rs +++ b/src/oaep/encrypting_key.rs @@ -80,7 +80,7 @@ mod tests { use serde_test::{assert_tokens, Configure, Token}; let mut rng = ChaCha8Rng::from_seed([42; 32]); - let priv_key = crate::RsaPrivateKey::new(&mut rng, 64).expect("failed to generate key"); + let priv_key = crate::RsaPrivateKey::new(&mut rng, 2048).expect("failed to generate key"); let encrypting_key = EncryptingKey::::new(priv_key.to_public_key()); let tokens = [ @@ -90,7 +90,7 @@ mod tests { }, Token::Str("inner"), Token::Str( - "3024300d06092a864886f70d01010105000313003010020900ab240c3361d02e370203010001", + "30820122300d06092a864886f70d01010105000382010f003082010a0282010100cf823bdbad23cda55787e9d1dbd630457e3e8407f3a4da723656a120866a8284ce211ff8464904cf7dab256d0b5544549719f4155d32187ad3eb928ada9cd4152a9e4153e21c68022e654b0d10b065519e9ef5619f431740c2a0f568141c27670485f28d1643fe650af3757f4775af5d01ed3c992a6269c5aa5ff7f52450c30a84783e36931b8855b091559540ec34e0730c511d62e09ea86d66b0f4cb92d1a609e7fb6f34ae8cf08bd791eee85150850e943fb5e4d9b7fd44a5eb474ed7e0bb7faa2e1dca443d5df8f77468fb0905731e421b2e06e864f957f3a517b2b0e3ad09118310b9fd74cb54bb07308d009e3ec6cecc17f06cddf10e0b1b9eff5ff8b90203010001", ), Token::Str("label"), Token::None, diff --git a/src/pkcs1v15.rs b/src/pkcs1v15.rs index b3608e95..49502a28 100644 --- a/src/pkcs1v15.rs +++ b/src/pkcs1v15.rs @@ -268,24 +268,14 @@ mod tests { use crate::{RsaPrivateKey, RsaPublicKey}; fn get_private_key() -> RsaPrivateKey { - // In order to generate new test vectors you'll need the PEM form of this key: - // -----BEGIN RSA PRIVATE KEY----- - // MIIBOgIBAAJBALKZD0nEffqM1ACuak0bijtqE2QrI/KLADv7l3kK3ppMyCuLKoF0 - // fd7Ai2KW5ToIwzFofvJcS/STa6HA5gQenRUCAwEAAQJBAIq9amn00aS0h/CrjXqu - // /ThglAXJmZhOMPVn4eiu7/ROixi9sex436MaVeMqSNf7Ex9a8fRNfWss7Sqd9eWu - // RTUCIQDasvGASLqmjeffBNLTXV2A5g4t+kLVCpsEIZAycV5GswIhANEPLmax0ME/ - // EO+ZJ79TJKN5yiGBRsv5yvx5UiHxajEXAiAhAol5N4EUyq6I9w1rYdhPMGpLfk7A - // IU2snfRJ6Nq2CQIgFrPsWRCkV+gOYcajD17rEqmuLrdIRexpg8N1DOSXoJ8CIGlS - // tAboUGBxTDq3ZroNism3DaMIbKPyYrAqhKov1h5V - // -----END RSA PRIVATE KEY----- - + // https://github.com/C2SP/wycheproof/blob/main/testvectors/rsa_oaep_misc_test.json RsaPrivateKey::from_components( - BoxedUint::from_be_hex("B2990F49C47DFA8CD400AE6A4D1B8A3B6A13642B23F28B003BFB97790ADE9A4CC82B8B2A81747DDEC08B6296E53A08C331687EF25C4BF4936BA1C0E6041E9D15", 512).unwrap(), + BoxedUint::from_be_hex("d0941e63a980fa92fb25ed4c7b3307f827023034ae7f1a7491f0699ca7607285e62ad8e994bac21b8b6e305e334f4874067d28e304230dca7f0e85f7ce595770b6e054c9f844ba86c0696eeba0769d8d4a347e8fe85c724ac1c44994af18a39e719f721f1bc50c46a39e6c075fcd1649f01f22608ce7dc6955502258336987d9", 1024).unwrap(), BoxedUint::from(65_537u64), - BoxedUint::from_be_hex("8ABD6A69F4D1A4B487F0AB8D7AAEFD38609405C999984E30F567E1E8AEEFF44E8B18BDB1EC78DFA31A55E32A48D7FB131F5AF1F44D7D6B2CED2A9DF5E5AE4535", 512).unwrap(), + BoxedUint::from_be_hex("5ff4a47e690ea338573e3d8b3fea5c32378ff4296855a51017cba86a9f3de9b1dc0fbe36c76b9bbd1c4a170a5f448c2a8489b3f3ac858be4aacb3daaa14dccc183622eedd3ae6f0427a2a298b51b97818a5430f13705f42d8b25476f939c935e389e30d9ade5d0180920135f5aef0c5fecd15f00b83b51dab8ba930d88826801", 1024).unwrap(), vec![ - BoxedUint::from_be_hex("DAB2F18048BAA68DE7DF04D2D35D5D80E60E2DFA42D50A9B04219032715E46B3", 256).unwrap(), - BoxedUint::from_be_hex("D10F2E66B1D0C13F10EF9927BF5324A379CA218146CBF9CAFC795221F16A3117", 256).unwrap() + BoxedUint::from_be_hex("e882d12d5f0be26a80359f13c08210bdcbf759dfee695313efa8886919659b064e3c656a267af6275ed1af89a5dfe9e25b31a02bafbd59445b7507a22989a681", 512).unwrap(), + BoxedUint::from_be_hex("e5a65cfa668bd857d59135a78c18c8adb7c222368e9d74abad8e83299f7ac3c2ad7aa44ddb05deea6d9b20dbaf09a8615284a17c72d3723240334685ea7e2559", 512).unwrap(), ], ).unwrap() } @@ -296,19 +286,19 @@ mod tests { let tests = [ [ - "gIcUIoVkD6ATMBk/u/nlCZCCWRKdkfjCgFdo35VpRXLduiKXhNz1XupLLzTXAybEq15juc+EgY5o0DHv/nt3yg==", + "f0f4qsNunKxRgsag5/p3AER7uoqs/Gupe33kuJWGAkLjobLsLszxp7uwVngeoxpDi87rTcJ9y0Sbu2QfnV/KvwEHiuQ8NL1FCRt4ujwgNtQms9XHjkTeLUX9tapoxdA0QhLsjblZFdb3fAvZXHGKPTBdHkxHut6LHG37SxbHeQY=", "x", ], [ - "Y7TOCSqofGhkRb+jaVRLzK8xw2cSo1IVES19utzv6hwvx+M8kFsoWQm5DzBeJCZTCVDPkTpavUuEbgp8hnUGDw==", + "l+L4+CdrgcFJ9LngppA+o7pZAKmZs4Gu5cRsum7OAji0+XNamTaPKxgtAio5A8ltRLJxrfZnRFOIOyn4964vMIB2YfVG/Vak//kLIn/rbgaVGndmWxQuR6ykEruOuqn5JUqv4JHaW30aDzEkCbpXWpFJ7dhfrWZdSv4XKpt9cY4=", "testing.", ], [ - "arReP9DJtEVyV2Dg3dDp4c/PSk1O6lxkoJ8HcFupoRorBZG+7+1fDAwT1olNddFnQMjmkb8vxwmNMoTAT/BFjQ==", + "JtlpY3lTeCmkRRrIgfuOXH0ubMOL1U/n6nM6r6kF2iuRiFIPapfEzHF2WSvrbxZXa8gzJo1PuAJiJ6Vy90vOWbP43VEXLk5wyGZPePwHQ1WwOcE+6okZ9j9zmAmAnQUyaUjPfhwyDC64ObjiSKeIPCYSsdURy/Z67lcTZ6JJ8+8=", "testing.\n", ], [ - "WtaBXIoGC54+vH0NH0CHHE+dRDOsMc/6BrfFu2lEqcKL9+uDuWaf+Xj9mrbQCjjZcpQuX733zyok/jsnqe/Ftw==", + "TcyqI5jrGyln5AspqnvWShPIjKIZtXbNApf9TqAZrsl31RS+k6blEJy6YVZeow9QKis+UyIcz08nMGX/D3lm/JA4bwpyBFAvSFr2MNjNpGh9QqEcGryI0CpLA1fy56x7YGB/Y0eJZXnSj91udGubJTEI9ULTouoFAKxoWq7ioTc=", "01234567890123456789012345678901234567890123456789012", ], ]; @@ -352,19 +342,19 @@ mod tests { let tests = [ [ - "gIcUIoVkD6ATMBk/u/nlCZCCWRKdkfjCgFdo35VpRXLduiKXhNz1XupLLzTXAybEq15juc+EgY5o0DHv/nt3yg==", + "f0f4qsNunKxRgsag5/p3AER7uoqs/Gupe33kuJWGAkLjobLsLszxp7uwVngeoxpDi87rTcJ9y0Sbu2QfnV/KvwEHiuQ8NL1FCRt4ujwgNtQms9XHjkTeLUX9tapoxdA0QhLsjblZFdb3fAvZXHGKPTBdHkxHut6LHG37SxbHeQY=", "x", ], [ - "Y7TOCSqofGhkRb+jaVRLzK8xw2cSo1IVES19utzv6hwvx+M8kFsoWQm5DzBeJCZTCVDPkTpavUuEbgp8hnUGDw==", + "l+L4+CdrgcFJ9LngppA+o7pZAKmZs4Gu5cRsum7OAji0+XNamTaPKxgtAio5A8ltRLJxrfZnRFOIOyn4964vMIB2YfVG/Vak//kLIn/rbgaVGndmWxQuR6ykEruOuqn5JUqv4JHaW30aDzEkCbpXWpFJ7dhfrWZdSv4XKpt9cY4=", "testing.", ], [ - "arReP9DJtEVyV2Dg3dDp4c/PSk1O6lxkoJ8HcFupoRorBZG+7+1fDAwT1olNddFnQMjmkb8vxwmNMoTAT/BFjQ==", + "JtlpY3lTeCmkRRrIgfuOXH0ubMOL1U/n6nM6r6kF2iuRiFIPapfEzHF2WSvrbxZXa8gzJo1PuAJiJ6Vy90vOWbP43VEXLk5wyGZPePwHQ1WwOcE+6okZ9j9zmAmAnQUyaUjPfhwyDC64ObjiSKeIPCYSsdURy/Z67lcTZ6JJ8+8=", "testing.\n", ], [ - "WtaBXIoGC54+vH0NH0CHHE+dRDOsMc/6BrfFu2lEqcKL9+uDuWaf+Xj9mrbQCjjZcpQuX733zyok/jsnqe/Ftw==", + "TcyqI5jrGyln5AspqnvWShPIjKIZtXbNApf9TqAZrsl31RS+k6blEJy6YVZeow9QKis+UyIcz08nMGX/D3lm/JA4bwpyBFAvSFr2MNjNpGh9QqEcGryI0CpLA1fy56x7YGB/Y0eJZXnSj91udGubJTEI9ULTouoFAKxoWq7ioTc=", "01234567890123456789012345678901234567890123456789012", ], ]; @@ -413,24 +403,21 @@ mod tests { let tests = [( "Test.\n", - hex!( - "a4f3fa6ea93bcdd0c57be020c1193ecbfd6f200a3d95c409769b029578fa0e33" - "6ad9a347600e40d3ae823b8c7e6bad88cc07c1d54c3a1523cbbb6d58efc362ae" - ), + hex!("2c5954065af5f8c651cc46c49af719507648947a6100ef5c37294939a396c529551bd65c90c4aae0417cd3e621bcfb1d40630b6593a14589b94943efa50342310c23b07aa7acd102dc0b922272db0908509467d56ae3edc5d4ec71ba072f509d0f83d7bc1d88174c0c39a3587963c8625e606c3b99cf9a202da0c0b3677a082d"), )]; for (text, expected) in &tests { let digest = Sha1::digest(text.as_bytes()).to_vec(); let out = priv_key.sign(Pkcs1v15Sign::new::(), &digest).unwrap(); - assert_ne!(out, digest); - assert_eq!(out, expected); + assert_ne!(hex::encode(&out), hex::encode(&digest)); + assert_eq!(hex::encode(&out), hex::encode(&expected)); let mut rng = ChaCha8Rng::from_seed([42; 32]); let out2 = priv_key .sign_with_rng(&mut rng, Pkcs1v15Sign::new::(), &digest) .unwrap(); - assert_eq!(out2, expected); + assert_eq!(hex::encode(&out2), hex::encode(&expected)); } } @@ -440,10 +427,7 @@ mod tests { let tests = [( "Test.\n", - hex!( - "a4f3fa6ea93bcdd0c57be020c1193ecbfd6f200a3d95c409769b029578fa0e33" - "6ad9a347600e40d3ae823b8c7e6bad88cc07c1d54c3a1523cbbb6d58efc362ae" - ), + hex!("2c5954065af5f8c651cc46c49af719507648947a6100ef5c37294939a396c529551bd65c90c4aae0417cd3e621bcfb1d40630b6593a14589b94943efa50342310c23b07aa7acd102dc0b922272db0908509467d56ae3edc5d4ec71ba072f509d0f83d7bc1d88174c0c39a3587963c8625e606c3b99cf9a202da0c0b3677a082d"), )]; let signing_key = SigningKey::::new(priv_key); @@ -452,7 +436,7 @@ mod tests { let out = signing_key.sign(text.as_bytes()).to_bytes(); assert_ne!(out.as_ref(), text.as_bytes()); assert_ne!(out.as_ref(), &Sha1::digest(text.as_bytes()).to_vec()); - assert_eq!(out.as_ref(), expected); + assert_eq!(hex::encode(out.as_ref()), hex::encode(&expected)); let mut rng = ChaCha8Rng::from_seed([42; 32]); let out2 = signing_key @@ -468,10 +452,7 @@ mod tests { let tests = [( "Test.\n", - hex!( - "2ffae3f3e130287b3a1dcb320e46f52e8f3f7969b646932273a7e3a6f2a182ea" - "02d42875a7ffa4a148aa311f9e4b562e4e13a2223fb15f4e5bf5f2b206d9451b" - ), + hex!("506ea024cfef1a98540d98da07d50a3c08bf03e09f9503e211dada539cd99bcb31e1d439d19182e4ec195496602180874ee1300282f62c74f7d57b9b619ac6092eebb47fedeca1d5d0e63bb5e1f630b06e170a1409fd310e265409b29bb741c37f5400524a6cf18e396ebda1190bc585086e214586d97f0ff822907796bc3879"), )]; let signing_key = SigningKey::::new(priv_key); @@ -479,7 +460,7 @@ mod tests { for (text, expected) in &tests { let out = signing_key.sign(text.as_bytes()).to_bytes(); assert_ne!(out.as_ref(), text.as_bytes()); - assert_eq!(out.as_ref(), expected); + assert_eq!(hex::encode(out.as_ref()), hex::encode(&expected)); let mut rng = ChaCha8Rng::from_seed([42; 32]); let out2 = signing_key @@ -495,10 +476,7 @@ mod tests { let tests = [( "Test.\n", - hex!( - "55e9fba3354dfb51d2c8111794ea552c86afc2cab154652c03324df8c2c51ba7" - "2ff7c14de59a6f9ba50d90c13a7537cc3011948369f1f0ec4a49d21eb7e723f9" - ), + hex!("54e376075e2dfb2c98329102f932f44bc3ae993184742f6572dc5bb86da6d33c966164e377735056e9c56847cf8905ee2f8fd326468571502b3119b8ec8cd30c25a479f2ae204cddff3a0ecc206ce27eca4fdf5d26bad83ef891f9ebb443c6150cae5718ef567f9a8056c8819aad6134ee1d06ed8f150ff573c7938ec568efa1"), )]; let signing_key = SigningKey::::new(priv_key); @@ -506,7 +484,7 @@ mod tests { for (text, expected) in &tests { let out = signing_key.sign(text.as_bytes()).to_bytes(); assert_ne!(out.as_ref(), text.as_bytes()); - assert_eq!(out.as_ref(), expected); + assert_eq!(hex::encode(out.as_ref()), hex::encode(&expected)); let mut rng = ChaCha8Rng::from_seed([42; 32]); let out2 = signing_key @@ -522,10 +500,7 @@ mod tests { let tests = [( "Test.\n", - hex!( - "a4f3fa6ea93bcdd0c57be020c1193ecbfd6f200a3d95c409769b029578fa0e33" - "6ad9a347600e40d3ae823b8c7e6bad88cc07c1d54c3a1523cbbb6d58efc362ae" - ), + hex!("2c5954065af5f8c651cc46c49af719507648947a6100ef5c37294939a396c529551bd65c90c4aae0417cd3e621bcfb1d40630b6593a14589b94943efa50342310c23b07aa7acd102dc0b922272db0908509467d56ae3edc5d4ec71ba072f509d0f83d7bc1d88174c0c39a3587963c8625e606c3b99cf9a202da0c0b3677a082d"), )]; let signing_key = SigningKey::new(priv_key); @@ -555,18 +530,12 @@ mod tests { let tests = [ ( "Test.\n", - hex!( - "a4f3fa6ea93bcdd0c57be020c1193ecbfd6f200a3d95c409769b029578fa0e33" - "6ad9a347600e40d3ae823b8c7e6bad88cc07c1d54c3a1523cbbb6d58efc362ae" - ), + hex!("2c5954065af5f8c651cc46c49af719507648947a6100ef5c37294939a396c529551bd65c90c4aae0417cd3e621bcfb1d40630b6593a14589b94943efa50342310c23b07aa7acd102dc0b922272db0908509467d56ae3edc5d4ec71ba072f509d0f83d7bc1d88174c0c39a3587963c8625e606c3b99cf9a202da0c0b3677a082d"), true, ), ( "Test.\n", - hex!( - "a4f3fa6ea93bcdd0c57be020c1193ecbfd6f200a3d95c409769b029578fa0e33" - "6ad9a347600e40d3ae823b8c7e6bad88cc07c1d54c3a1523cbbb6d58efc362af" - ), + hex!("7919de0402424f7b00f16bda36bb7b4d83dd7fb2cb315d9083f60457063393948dc991cfc8161c7b1266ec373b69bc47554a833f95edab8266385a3a36786fe90f172a9882eddc451f3f678a85ed09c60b26300490dd69ef601849c1f4c01f78046bb8351f3a7888b8ce2213790ab11c5402c4a279cbc9a52e4bc76c4cc41600"), false, ), ]; @@ -574,8 +543,8 @@ mod tests { for (text, sig, expected) in &tests { let digest = Sha1::digest(text.as_bytes()).to_vec(); - let result = pub_key.verify(Pkcs1v15Sign::new::(), &digest, sig); + match expected { true => result.expect("failed to verify"), false => { @@ -592,18 +561,12 @@ mod tests { let tests = [ ( "Test.\n", - hex!( - "a4f3fa6ea93bcdd0c57be020c1193ecbfd6f200a3d95c409769b029578fa0e33" - "6ad9a347600e40d3ae823b8c7e6bad88cc07c1d54c3a1523cbbb6d58efc362ae" - ), + hex!("2c5954065af5f8c651cc46c49af719507648947a6100ef5c37294939a396c529551bd65c90c4aae0417cd3e621bcfb1d40630b6593a14589b94943efa50342310c23b07aa7acd102dc0b922272db0908509467d56ae3edc5d4ec71ba072f509d0f83d7bc1d88174c0c39a3587963c8625e606c3b99cf9a202da0c0b3677a082d"), true, ), ( "Test.\n", - hex!( - "a4f3fa6ea93bcdd0c57be020c1193ecbfd6f200a3d95c409769b029578fa0e33" - "6ad9a347600e40d3ae823b8c7e6bad88cc07c1d54c3a1523cbbb6d58efc362af" - ), + hex!("2c5954065af5f8c651cc46c49af719507648947a6100ef5c37294939a396c529551bd65c90c4aae0417cd3e621bcfb1d40630b6593a14589b94943efa50342310c23b07aa7acd102dc0b922272db0908509467d56ae3edc5d4ec71ba072f509d0f83d7bc1d88174c0c39a3587963c8625e606c3b99cf9a202da0c0b3677a0800"), false, ), ]; @@ -631,18 +594,12 @@ mod tests { let tests = [ ( "Test.\n", - hex!( - "a4f3fa6ea93bcdd0c57be020c1193ecbfd6f200a3d95c409769b029578fa0e33" - "6ad9a347600e40d3ae823b8c7e6bad88cc07c1d54c3a1523cbbb6d58efc362ae" - ), + hex!("2c5954065af5f8c651cc46c49af719507648947a6100ef5c37294939a396c529551bd65c90c4aae0417cd3e621bcfb1d40630b6593a14589b94943efa50342310c23b07aa7acd102dc0b922272db0908509467d56ae3edc5d4ec71ba072f509d0f83d7bc1d88174c0c39a3587963c8625e606c3b99cf9a202da0c0b3677a082d"), true, ), ( "Test.\n", - hex!( - "a4f3fa6ea93bcdd0c57be020c1193ecbfd6f200a3d95c409769b029578fa0e33" - "6ad9a347600e40d3ae823b8c7e6bad88cc07c1d54c3a1523cbbb6d58efc362af" - ), + hex!("2c5954065af5f8c651cc46c49af719507648947a6100ef5c37294939a396c529551bd65c90c4aae0417cd3e621bcfb1d40630b6593a14589b94943efa50342310c23b07aa7acd102dc0b922272db0908509467d56ae3edc5d4ec71ba072f509d0f83d7bc1d88174c0c39a3587963c8625e606c3b99cf9a202da0c0b3677a0800"), false, ), ]; @@ -652,6 +609,7 @@ mod tests { for (text, sig, expected) in &tests { let mut digest = Sha1::new(); digest.update(text.as_bytes()); + let result = verifying_key.verify_digest(digest, &Signature::try_from(sig.as_slice()).unwrap()); match expected { @@ -666,11 +624,14 @@ mod tests { #[test] fn test_unpadded_signature() { let msg = b"Thu Dec 19 18:06:16 EST 2013\n"; - let expected_sig = Base64::decode_vec("pX4DR8azytjdQ1rtUiC040FjkepuQut5q2ZFX1pTjBrOVKNjgsCDyiJDGZTCNoh9qpXYbhl7iEym30BWWwuiZg==").unwrap(); + let expected_sig = Base64::decode_vec("E3O2B8toxZitc013ZK0TRP4uo47Clpm/Me/o+Yv5qpU7ZP6x9gFUc8IVv2LkX7kUtkgPl/85f/ehJhcXCsoRoOEbcio8PR3JCt/uPJSzokTvNx7bmYxXTJox6oF3kM3+NI+21jh8CZVyk81lTtFulLfmzAsH4L4w5QJcwWtNJpE=").unwrap(); let priv_key = get_private_key(); let sig = priv_key.sign(Pkcs1v15Sign::new_unprefixed(), msg).unwrap(); - assert_eq!(expected_sig, sig); + assert_eq!( + Base64::encode_string(&expected_sig), + Base64::encode_string(&sig) + ); let pub_key: RsaPublicKey = priv_key.into(); pub_key @@ -681,7 +642,7 @@ mod tests { #[test] fn test_unpadded_signature_hazmat() { let msg = b"Thu Dec 19 18:06:16 EST 2013\n"; - let expected_sig = Base64::decode_vec("pX4DR8azytjdQ1rtUiC040FjkepuQut5q2ZFX1pTjBrOVKNjgsCDyiJDGZTCNoh9qpXYbhl7iEym30BWWwuiZg==").unwrap(); + let expected_sig = Base64::decode_vec("E3O2B8toxZitc013ZK0TRP4uo47Clpm/Me/o+Yv5qpU7ZP6x9gFUc8IVv2LkX7kUtkgPl/85f/ehJhcXCsoRoOEbcio8PR3JCt/uPJSzokTvNx7bmYxXTJox6oF3kM3+NI+21jh8CZVyk81lTtFulLfmzAsH4L4w5QJcwWtNJpE=").unwrap(); let priv_key = get_private_key(); let signing_key = SigningKey::::new_unprefixed(priv_key); @@ -689,7 +650,10 @@ mod tests { .sign_prehash(msg) .expect("Failure during sign") .to_bytes(); - assert_eq!(sig.as_ref(), expected_sig); + assert_eq!( + Base64::encode_string(sig.as_ref()), + Base64::encode_string(&expected_sig) + ); let verifying_key = signing_key.verifying_key(); verifying_key diff --git a/src/pkcs1v15/decrypting_key.rs b/src/pkcs1v15/decrypting_key.rs index f5c36922..2c67a450 100644 --- a/src/pkcs1v15/decrypting_key.rs +++ b/src/pkcs1v15/decrypting_key.rs @@ -64,7 +64,7 @@ mod tests { let mut rng = ChaCha8Rng::from_seed([42; 32]); let decrypting_key = - DecryptingKey::new(RsaPrivateKey::new(&mut rng, 64).expect("failed to generate key")); + DecryptingKey::new(RsaPrivateKey::new(&mut rng, 1024).expect("failed to generate key")); let tokens = [ Token::Struct { @@ -73,9 +73,27 @@ mod tests { }, Token::Str("inner"), Token::Str(concat!( - "3056020100300d06092a864886f70d010101050004423040020100020900ab", - "240c3361d02e370203010001020811e54a15259d22f9020500ceff5cf30205", - "00d3a7aaad020500ccaddf17020500cb529d3d020500bb526d6f" + "30820278020100300d06092a864886f70d0101010500048202623082025e0", + "2010002818100cd1419dc3771354bee0955a90489cce0c98aee6577851358", + "afe386a68bc95287862a1157d5aba8847e8e57b6f2f94748ab7efda3f3c74", + "a6702329397ffe0b1d4f76e1b025d87d583e48b3cfce99d6a507d94eb46c5", + "242b3addb54d346ecf43eb0d7343bcb258a31d5fa51f47b9e0d7280623901", + "d1d29af1a986fec92ba5fe2430203010001028181009bb3203326d0c7b31f", + "456d08c6ce4c8379e10640792ecad271afe002406d184096a707c5d50ee00", + "1c00818266970c3233439551f0e2d879a8f7b90bd3d62fdffa3e661f14c8d", + "cce071f081966e25bb351289810c2f8a012f2fa3f001029d7f2e0cf24f6a4", + "b139292f8078fac24e7fc8185bab4f02f539267bd09b615e4e19fe1024100", + "e90ad93c4b19bb40807391b5a9404ce5ea359e7b0556ee25cb2e7455aeb5c", + "af83fc26f34457cdbb173347962c66b6fe0c4686b54dbe0d2c913a7aa924e", + "ff6031024100e148067566a1fa3aabd0672361be62715516c9d62790b03f4", + "326cc00b2f782e6b64a167689e5c9aebe6a4cf594f3083380fe2a0a7edf1f", + "325e58c523b981a0b3024100ab96e85323bd038a3fca588c58ddd681278d6", + "96e8d84ef7ef676f303afcb7d728287e897a55e84e8c8b9e772da447b3115", + "8d0912877fa7d4945b4d15c382f7d102400ddde317e2e36185af01baf7809", + "2b97884664cb233e9421002d0268a7c79a3c313c167b4903466bfacd4da3b", + "db99420df988ab89cdd96a102da2852ff7c134e5024100bafb0dac0fda53f", + "9c755c23483343922727b88a5256a6fb47242e1c99b8f8a2c914f39f7af30", + "1219245786a6bb15336231d6a9b57ee7e0b3dd75129f93f54ecf" )), Token::StructEnd, ]; diff --git a/src/pkcs1v15/encrypting_key.rs b/src/pkcs1v15/encrypting_key.rs index 0999f88b..2419bd4c 100644 --- a/src/pkcs1v15/encrypting_key.rs +++ b/src/pkcs1v15/encrypting_key.rs @@ -37,7 +37,7 @@ mod tests { use serde_test::{assert_tokens, Configure, Token}; let mut rng = ChaCha8Rng::from_seed([42; 32]); - let priv_key = crate::RsaPrivateKey::new(&mut rng, 64).expect("failed to generate key"); + let priv_key = crate::RsaPrivateKey::new(&mut rng, 1024).expect("failed to generate key"); let encrypting_key = EncryptingKey::new(priv_key.to_public_key()); let tokens = [ @@ -46,9 +46,13 @@ mod tests { len: 1, }, Token::Str("inner"), - Token::Str( - "3024300d06092a864886f70d01010105000313003010020900ab240c3361d02e370203010001", - ), + Token::Str(concat!( + "30819f300d06092a864886f70d010101050003818d0030818902818100cd1419dc3771354bee", + "0955a90489cce0c98aee6577851358afe386a68bc95287862a1157d5aba8847e8e57b6f2f947", + "48ab7efda3f3c74a6702329397ffe0b1d4f76e1b025d87d583e48b3cfce99d6a507d94eb46c5", + "242b3addb54d346ecf43eb0d7343bcb258a31d5fa51f47b9e0d7280623901d1d29af1a986fec", + "92ba5fe2430203010001", + )), Token::StructEnd, ]; assert_tokens(&encrypting_key.clone().readable(), &tokens); diff --git a/src/pkcs1v15/signing_key.rs b/src/pkcs1v15/signing_key.rs index 2bb6e72b..efad3a43 100644 --- a/src/pkcs1v15/signing_key.rs +++ b/src/pkcs1v15/signing_key.rs @@ -327,13 +327,30 @@ mod tests { use sha2::Sha256; let mut rng = ChaCha8Rng::from_seed([42; 32]); - let priv_key = crate::RsaPrivateKey::new(&mut rng, 64).expect("failed to generate key"); + let priv_key = crate::RsaPrivateKey::new(&mut rng, 1024).expect("failed to generate key"); let signing_key = SigningKey::::new(priv_key); let tokens = [Token::Str(concat!( - "3056020100300d06092a864886f70d010101050004423040020100020900ab240c", - "3361d02e370203010001020811e54a15259d22f9020500ceff5cf3020500d3a7aa", - "ad020500ccaddf17020500cb529d3d020500bb526d6f", + "30820278020100300d06092a864886f70d0101010500048202623082025e020100", + "02818100cd1419dc3771354bee0955a90489cce0c98aee6577851358afe386a68b", + "c95287862a1157d5aba8847e8e57b6f2f94748ab7efda3f3c74a6702329397ffe0", + "b1d4f76e1b025d87d583e48b3cfce99d6a507d94eb46c5242b3addb54d346ecf43", + "eb0d7343bcb258a31d5fa51f47b9e0d7280623901d1d29af1a986fec92ba5fe243", + "0203010001028181009bb3203326d0c7b31f456d08c6ce4c8379e10640792ecad2", + "71afe002406d184096a707c5d50ee001c00818266970c3233439551f0e2d879a8f", + "7b90bd3d62fdffa3e661f14c8dcce071f081966e25bb351289810c2f8a012f2fa3", + "f001029d7f2e0cf24f6a4b139292f8078fac24e7fc8185bab4f02f539267bd09b6", + "15e4e19fe1024100e90ad93c4b19bb40807391b5a9404ce5ea359e7b0556ee25cb", + "2e7455aeb5caf83fc26f34457cdbb173347962c66b6fe0c4686b54dbe0d2c913a7", + "aa924eff6031024100e148067566a1fa3aabd0672361be62715516c9d62790b03f", + "4326cc00b2f782e6b64a167689e5c9aebe6a4cf594f3083380fe2a0a7edf1f325e", + "58c523b981a0b3024100ab96e85323bd038a3fca588c58ddd681278d696e8d84ef", + "7ef676f303afcb7d728287e897a55e84e8c8b9e772da447b31158d0912877fa7d4", + "945b4d15c382f7d102400ddde317e2e36185af01baf78092b97884664cb233e942", + "1002d0268a7c79a3c313c167b4903466bfacd4da3bdb99420df988ab89cdd96a10", + "2da2852ff7c134e5024100bafb0dac0fda53f9c755c23483343922727b88a5256a", + "6fb47242e1c99b8f8a2c914f39f7af301219245786a6bb15336231d6a9b57ee7e0", + "b3dd75129f93f54ecf", ))]; assert_tokens(&signing_key.readable(), &tokens); diff --git a/src/pkcs1v15/verifying_key.rs b/src/pkcs1v15/verifying_key.rs index f6150c93..080cabc7 100644 --- a/src/pkcs1v15/verifying_key.rs +++ b/src/pkcs1v15/verifying_key.rs @@ -249,13 +249,17 @@ mod tests { use sha2::Sha256; let mut rng = ChaCha8Rng::from_seed([42; 32]); - let priv_key = crate::RsaPrivateKey::new(&mut rng, 64).expect("failed to generate key"); + let priv_key = crate::RsaPrivateKey::new(&mut rng, 1024).expect("failed to generate key"); let pub_key = priv_key.to_public_key(); let verifying_key = VerifyingKey::::new(pub_key); - let tokens = [Token::Str( - "3024300d06092a864886f70d01010105000313003010020900ab240c3361d02e370203010001", - )]; + let tokens = [Token::Str(concat!( + "30819f300d06092a864886f70d010101050003818d0030818902818100cd1419dc3771354bee", + "0955a90489cce0c98aee6577851358afe386a68bc95287862a1157d5aba8847e8e57b6f2f947", + "48ab7efda3f3c74a6702329397ffe0b1d4f76e1b025d87d583e48b3cfce99d6a507d94eb46c5", + "242b3addb54d346ecf43eb0d7343bcb258a31d5fa51f47b9e0d7280623901d1d29af1a986fec", + "92ba5fe2430203010001", + ))]; assert_tokens(&verifying_key.readable(), &tokens); } diff --git a/src/pss.rs b/src/pss.rs index 3ef0e429..f31682b8 100644 --- a/src/pss.rs +++ b/src/pss.rs @@ -269,26 +269,21 @@ mod test { use signature::{DigestVerifier, Keypair, RandomizedDigestSigner, RandomizedSigner, Verifier}; fn get_private_key() -> RsaPrivateKey { - // In order to generate new test vectors you'll need the PEM form of this key: - // -----BEGIN RSA PRIVATE KEY----- - // MIIBOgIBAAJBALKZD0nEffqM1ACuak0bijtqE2QrI/KLADv7l3kK3ppMyCuLKoF0 - // fd7Ai2KW5ToIwzFofvJcS/STa6HA5gQenRUCAwEAAQJBAIq9amn00aS0h/CrjXqu - // /ThglAXJmZhOMPVn4eiu7/ROixi9sex436MaVeMqSNf7Ex9a8fRNfWss7Sqd9eWu - // RTUCIQDasvGASLqmjeffBNLTXV2A5g4t+kLVCpsEIZAycV5GswIhANEPLmax0ME/ - // EO+ZJ79TJKN5yiGBRsv5yvx5UiHxajEXAiAhAol5N4EUyq6I9w1rYdhPMGpLfk7A - // IU2snfRJ6Nq2CQIgFrPsWRCkV+gOYcajD17rEqmuLrdIRexpg8N1DOSXoJ8CIGlS - // tAboUGBxTDq3ZroNism3DaMIbKPyYrAqhKov1h5V - // -----END RSA PRIVATE KEY----- - let pem = r#" -----BEGIN RSA PRIVATE KEY----- -MIIBOgIBAAJBALKZD0nEffqM1ACuak0bijtqE2QrI/KLADv7l3kK3ppMyCuLKoF0 -fd7Ai2KW5ToIwzFofvJcS/STa6HA5gQenRUCAwEAAQJBAIq9amn00aS0h/CrjXqu -/ThglAXJmZhOMPVn4eiu7/ROixi9sex436MaVeMqSNf7Ex9a8fRNfWss7Sqd9eWu -RTUCIQDasvGASLqmjeffBNLTXV2A5g4t+kLVCpsEIZAycV5GswIhANEPLmax0ME/ -EO+ZJ79TJKN5yiGBRsv5yvx5UiHxajEXAiAhAol5N4EUyq6I9w1rYdhPMGpLfk7A -IU2snfRJ6Nq2CQIgFrPsWRCkV+gOYcajD17rEqmuLrdIRexpg8N1DOSXoJ8CIGlS -tAboUGBxTDq3ZroNism3DaMIbKPyYrAqhKov1h5V +MIICXQIBAAKBgQDQlB5jqYD6kvsl7Ux7Mwf4JwIwNK5/GnSR8Gmcp2ByheYq2OmU +usIbi24wXjNPSHQGfSjjBCMNyn8OhffOWVdwtuBUyfhEuobAaW7roHadjUo0fo/o +XHJKwcRJlK8Yo55xn3IfG8UMRqOebAdfzRZJ8B8iYIzn3GlVUCJYM2mH2QIDAQAB +AoGAX/SkfmkOozhXPj2LP+pcMjeP9CloVaUQF8uoap896bHcD742x2ubvRxKFwpf +RIwqhImz86yFi+Sqyz2qoU3MwYNiLu3Trm8EJ6KimLUbl4GKVDDxNwX0LYslR2+T +nJNeOJ4w2a3l0BgJIBNfWu8MX+zRXwC4O1HauLqTDYiCaAECQQDogtEtXwviaoA1 +nxPAghC9y/dZ3+5pUxPvqIhpGWWbBk48ZWomevYnXtGviaXf6eJbMaArr71ZRFt1 +B6IpiaaBAkEA5aZc+maL2FfVkTWnjBjIrbfCIjaOnXSrrY6DKZ96w8KteqRN2wXe +6m2bINuvCahhUoShfHLTcjJAM0aF6n4lWQJBAKMnyOjxnUFQQo9eBVo86sqEahnj +DUVTStYNiUtWyvmxvwyajZZbCogt/S4UhRVO5cvgUujU9SXC1fqVVLGZKgECQQCR +8XzrQRokfgVih/eXh/SYucwtFADkPc4QuR3P6OMK34CCDULRK1T0JH3Oju4ZNCHN +YC6EOTD5RMgaDfpzAIHZAkB1kVpFR3C0kIJCN2EkTM7GWm5IrplmNEtnVhD6ytkW +L6W9HMUQjDIsL7PBRPgHdzosfQl/Y+XI072M6O+sKt4E -----END RSA PRIVATE KEY-----"#; RsaPrivateKey::from_pkcs1_pem(pem).unwrap() @@ -301,22 +296,16 @@ tAboUGBxTDq3ZroNism3DaMIbKPyYrAqhKov1h5V let tests = [ ( "test\n", - hex!( - "6f86f26b14372b2279f79fb6807c49889835c204f71e38249b4c5601462da8ae" - "30f26ffdd9c13f1c75eee172bebe7b7c89f2f1526c722833b9737d6c172a962f" - ), + hex!("699c0fa19964fe6db15b04e78f99d720d8b5d4aa7febd262e1177afed16340f8619583e3bb8e6489753ae60e83053a2c146a60bdd1be17ba952abf53499cc5ea71b092058cba4e3ad5a8740ecf77ba2ee42410fc4642b5d56f9ba075ec87f9c08c90f11e052efde3675a79e6fe4b2a6e73ebcfab277532b138d709e0618b1939"), true, ), ( "test\n", - hex!( - "6f86f26b14372b2279f79fb6807c49889835c204f71e38249b4c5601462da8ae" - "30f26ffdd9c13f1c75eee172bebe7b7c89f2f1526c722833b9737d6c172a962e" - ), + hex!("699c0fa19964fe6db15b04e78f99d720d8b5d4aa7febd262e1177afed16340f8619583e3bb8e6489753ae60e83053a2c146a60bdd1be17ba952abf53499cc5ea71b092058cba4e3ad5a8740ecf77ba2ee42410fc4642b5d56f9ba075ec87f9c08c90f11e052efde3675a79e6fe4b2a6e73ebcfab277532b138d709e0618b1900"), false, ), ]; - let pub_key: RsaPublicKey = priv_key.into(); + let pub_key: RsaPublicKey = priv_key.clone().into(); for (text, sig, expected) in &tests { let digest = Sha1::digest(text.as_bytes()).to_vec(); @@ -338,22 +327,16 @@ tAboUGBxTDq3ZroNism3DaMIbKPyYrAqhKov1h5V let tests = [ ( "test\n", - hex!( - "6f86f26b14372b2279f79fb6807c49889835c204f71e38249b4c5601462da8ae" - "30f26ffdd9c13f1c75eee172bebe7b7c89f2f1526c722833b9737d6c172a962f" - ), + hex!("699c0fa19964fe6db15b04e78f99d720d8b5d4aa7febd262e1177afed16340f8619583e3bb8e6489753ae60e83053a2c146a60bdd1be17ba952abf53499cc5ea71b092058cba4e3ad5a8740ecf77ba2ee42410fc4642b5d56f9ba075ec87f9c08c90f11e052efde3675a79e6fe4b2a6e73ebcfab277532b138d709e0618b1939"), true, ), ( "test\n", - hex!( - "6f86f26b14372b2279f79fb6807c49889835c204f71e38249b4c5601462da8ae" - "30f26ffdd9c13f1c75eee172bebe7b7c89f2f1526c722833b9737d6c172a962e" - ), + hex!("699c0fa19964fe6db15b04e78f99d720d8b5d4aa7febd262e1177afed16340f8619583e3bb8e6489753ae60e83053a2c146a60bdd1be17ba952abf53499cc5ea71b092058cba4e3ad5a8740ecf77ba2ee42410fc4642b5d56f9ba075ec87f9c08c90f11e052efde3675a79e6fe4b2a6e73ebcfab277532b138d709e0618b1900"), false, ), ]; - let pub_key: RsaPublicKey = priv_key.into(); + let pub_key: RsaPublicKey = priv_key.clone().into(); let verifying_key: VerifyingKey = VerifyingKey::new(pub_key); for (text, sig, expected) in &tests { @@ -377,27 +360,22 @@ tAboUGBxTDq3ZroNism3DaMIbKPyYrAqhKov1h5V let tests = [ ( "test\n", - hex!( - "6f86f26b14372b2279f79fb6807c49889835c204f71e38249b4c5601462da8ae" - "30f26ffdd9c13f1c75eee172bebe7b7c89f2f1526c722833b9737d6c172a962f" - ), + hex!("699c0fa19964fe6db15b04e78f99d720d8b5d4aa7febd262e1177afed16340f8619583e3bb8e6489753ae60e83053a2c146a60bdd1be17ba952abf53499cc5ea71b092058cba4e3ad5a8740ecf77ba2ee42410fc4642b5d56f9ba075ec87f9c08c90f11e052efde3675a79e6fe4b2a6e73ebcfab277532b138d709e0618b1939"), true, ), ( "test\n", - hex!( - "6f86f26b14372b2279f79fb6807c49889835c204f71e38249b4c5601462da8ae" - "30f26ffdd9c13f1c75eee172bebe7b7c89f2f1526c722833b9737d6c172a962e" - ), + hex!("699c0fa19964fe6db15b04e78f99d720d8b5d4aa7febd262e1177afed16340f8619583e3bb8e6489753ae60e83053a2c146a60bdd1be17ba952abf53499cc5ea71b092058cba4e3ad5a8740ecf77ba2ee42410fc4642b5d56f9ba075ec87f9c08c90f11e052efde3675a79e6fe4b2a6e73ebcfab277532b138d709e0618b1900"), false, ), ]; - let pub_key: RsaPublicKey = priv_key.into(); + let pub_key: RsaPublicKey = priv_key.clone().into(); let verifying_key = VerifyingKey::new(pub_key); for (text, sig, expected) in &tests { let mut digest = Sha1::new(); digest.update(text.as_bytes()); + let result = verifying_key.verify_digest(digest, &Signature::try_from(sig.as_slice()).unwrap()); match expected { @@ -534,18 +512,12 @@ tAboUGBxTDq3ZroNism3DaMIbKPyYrAqhKov1h5V let tests = [ ( Sha1::digest("test\n"), - hex!( - "6f86f26b14372b2279f79fb6807c49889835c204f71e38249b4c5601462da8ae" - "30f26ffdd9c13f1c75eee172bebe7b7c89f2f1526c722833b9737d6c172a962f" - ), + hex!("699c0fa19964fe6db15b04e78f99d720d8b5d4aa7febd262e1177afed16340f8619583e3bb8e6489753ae60e83053a2c146a60bdd1be17ba952abf53499cc5ea71b092058cba4e3ad5a8740ecf77ba2ee42410fc4642b5d56f9ba075ec87f9c08c90f11e052efde3675a79e6fe4b2a6e73ebcfab277532b138d709e0618b1939"), true, ), ( Sha1::digest("test\n"), - hex!( - "6f86f26b14372b2279f79fb6807c49889835c204f71e38249b4c5601462da8ae" - "30f26ffdd9c13f1c75eee172bebe7b7c89f2f1526c722833b9737d6c172a962e" - ), + hex!("699c0fa19964fe6db15b04e78f99d720d8b5d4aa7febd262e1177afed16340f8619583e3bb8e6489753ae60e83053a2c146a60bdd1be17ba952abf53499cc5ea71b092058cba4e3ad5a8740ecf77ba2ee42410fc4642b5d56f9ba075ec87f9c08c90f11e052efde3675a79e6fe4b2a6e73ebcfab277532b138d709e0618b1900"), false, ), ]; diff --git a/src/pss/blinded_signing_key.rs b/src/pss/blinded_signing_key.rs index 3c1b7a66..e1e0d809 100644 --- a/src/pss/blinded_signing_key.rs +++ b/src/pss/blinded_signing_key.rs @@ -288,13 +288,11 @@ mod tests { let mut rng = ChaCha8Rng::from_seed([42; 32]); let signing_key = BlindedSigningKey::::new( - RsaPrivateKey::new(&mut rng, 64).expect("failed to generate key"), + RsaPrivateKey::new(&mut rng, 2048).expect("failed to generate key"), ); let tokens = [Token::Str(concat!( - "3056020100300d06092a864886f70d010101050004423040020100020900ab240c", - "3361d02e370203010001020811e54a15259d22f9020500ceff5cf3020500d3a7aa", - "ad020500ccaddf17020500cb529d3d020500bb526d6f" + "308204bd020100300d06092a864886f70d0101010500048204a7308204a30201000282010100cf823bdbad23cda55787e9d1dbd630457e3e8407f3a4da723656a120866a8284ce211ff8464904cf7dab256d0b5544549719f4155d32187ad3eb928ada9cd4152a9e4153e21c68022e654b0d10b065519e9ef5619f431740c2a0f568141c27670485f28d1643fe650af3757f4775af5d01ed3c992a6269c5aa5ff7f52450c30a84783e36931b8855b091559540ec34e0730c511d62e09ea86d66b0f4cb92d1a609e7fb6f34ae8cf08bd791eee85150850e943fb5e4d9b7fd44a5eb474ed7e0bb7faa2e1dca443d5df8f77468fb0905731e421b2e06e864f957f3a517b2b0e3ad09118310b9fd74cb54bb07308d009e3ec6cecc17f06cddf10e0b1b9eff5ff8b90203010001028201000a7071d4765c63bf1aad32bd25031c80927e50a419c4c45c94913d1fe6c33af7b56b0331b94f79177b29fe03035bf1c913a4f19b9589aca3993fb3aa9a9ee32881715eb5fa9d153a6edd17ae7b9574336bf8713dcd065208270273f61d74e122949eac7a1e91a31db0345947e2ef6fb80d1dc33bad5f30150aa2335638d27b4d57f47262b31059351b08c2350d8afe88d1dfbd1b398daf317db8c0cd42859072b8ddadcc2d50c5ad1d6d06a56594bdabb7dd51c77fe2b5d404c64ff99e6500de5da418c5c49c6ebd7ecfc400f18ba26fd4d6e7b31e435d494326585a9efff7bdb3c51ba19399918df4a999453dfed65e84adb15b0a183416b5ec5f221491978102818100e148067566a1fa3aabd0672361be62715516c9d62790b03f4326cc00b2f782e6b64a167689e5c9aebe6a4cf594f3083380fe2a0a7edf1f325e58c523b9819747a90ad93c4b19bb40807391b5a9404ce5ea359e7b0556ee25cb2e7455aeb5caf83fc26f34457cdbb173347962c66b6fe0c4686b54dbe0d2c913a7aa924eff6ec902818100ebcdd03d9b1dfd2ea4f2d6dade79fcb02727d84426f9d756121525f14696434fa594867ca839d1025b823a7576eb6c8b33e6dd4ff4fcb72c6069d1e5e74885e90b76b0bf3994501dd0ef212694e73cbf43855731ba543c771debf979eea8f77fcab8a53d56fc46d5398893f3421ca54b371afb10ecb2137892f5062c506e82710281801c345542ab87c9f9407b85fe23059ff38a70a0f263dfb481271a1b5e5709afe4cc9bb7f63d4b7c9599175bed3f29b234288929a048c40c76d4e30e436bbd32c071047fb011c2f5f39c615bb3bfade232c2c0d5c797228c0c4544daa1c38ed50b8188093e2518fdb458b5102172b00ec0b8364e81c049847a5230a2a550a8a029028180718bebc89e9734416fc057e190dbe0e7da12ffbae1a1d1256b13afef9cf3e279c9dbd95ed18af5b052ec44c6277b7a0b15f50780e711820ae66a4e5e8c9e898d0cae1cb21841e8ca52bfb390e686eae396d9f080cb9ea077237b6be8611a10040354228d85037a0056f2037c51cb8574d096376b90eeb71d8a765e809c427aa102818100886afe7a9610e60cd2da4cf3137ba5f597cd9cdc344f36c4101720363341c42cdfe09f68ee25a3dd63e191b6542bcd97aaa0af776eb68aaab84db4594e5340591b4fe194ea2fe2f7586ac3c3aaf8bc337963c4e05d6556b1a6024ac6e07710cdf01bcd9543e263a35ad13baaa2aa6c3af60880cc56622959916cab038a51fff9", ))]; assert_tokens(&signing_key.readable(), &tokens); } diff --git a/src/pss/signing_key.rs b/src/pss/signing_key.rs index b67d86d4..c2676393 100644 --- a/src/pss/signing_key.rs +++ b/src/pss/signing_key.rs @@ -320,13 +320,30 @@ mod tests { use sha2::Sha256; let mut rng = ChaCha8Rng::from_seed([42; 32]); - let priv_key = crate::RsaPrivateKey::new(&mut rng, 64).expect("failed to generate key"); + let priv_key = crate::RsaPrivateKey::new(&mut rng, 1024).expect("failed to generate key"); let signing_key = SigningKey::::new(priv_key); let tokens = [Token::Str(concat!( - "3056020100300d06092a864886f70d010101050004423040020100020900ab240c", - "3361d02e370203010001020811e54a15259d22f9020500ceff5cf3020500d3a7aa", - "ad020500ccaddf17020500cb529d3d020500bb526d6f" + "30820278020100300d06092a864886f70d0101010500048202623082025e020100", + "02818100cd1419dc3771354bee0955a90489cce0c98aee6577851358afe386a68b", + "c95287862a1157d5aba8847e8e57b6f2f94748ab7efda3f3c74a6702329397ffe0", + "b1d4f76e1b025d87d583e48b3cfce99d6a507d94eb46c5242b3addb54d346ecf43", + "eb0d7343bcb258a31d5fa51f47b9e0d7280623901d1d29af1a986fec92ba5fe243", + "0203010001028181009bb3203326d0c7b31f456d08c6ce4c8379e10640792ecad2", + "71afe002406d184096a707c5d50ee001c00818266970c3233439551f0e2d879a8f", + "7b90bd3d62fdffa3e661f14c8dcce071f081966e25bb351289810c2f8a012f2fa3", + "f001029d7f2e0cf24f6a4b139292f8078fac24e7fc8185bab4f02f539267bd09b6", + "15e4e19fe1024100e90ad93c4b19bb40807391b5a9404ce5ea359e7b0556ee25cb", + "2e7455aeb5caf83fc26f34457cdbb173347962c66b6fe0c4686b54dbe0d2c913a7", + "aa924eff6031024100e148067566a1fa3aabd0672361be62715516c9d62790b03f", + "4326cc00b2f782e6b64a167689e5c9aebe6a4cf594f3083380fe2a0a7edf1f325e", + "58c523b981a0b3024100ab96e85323bd038a3fca588c58ddd681278d696e8d84ef", + "7ef676f303afcb7d728287e897a55e84e8c8b9e772da447b31158d0912877fa7d4", + "945b4d15c382f7d102400ddde317e2e36185af01baf78092b97884664cb233e942", + "1002d0268a7c79a3c313c167b4903466bfacd4da3bdb99420df988ab89cdd96a10", + "2da2852ff7c134e5024100bafb0dac0fda53f9c755c23483343922727b88a5256a", + "6fb47242e1c99b8f8a2c914f39f7af301219245786a6bb15336231d6a9b57ee7e0", + "b3dd75129f93f54ecf" ))]; assert_tokens(&signing_key.readable(), &tokens); diff --git a/src/pss/verifying_key.rs b/src/pss/verifying_key.rs index de96a1f5..9989a9ec 100644 --- a/src/pss/verifying_key.rs +++ b/src/pss/verifying_key.rs @@ -234,13 +234,17 @@ mod tests { use sha2::Sha256; let mut rng = ChaCha8Rng::from_seed([42; 32]); - let priv_key = crate::RsaPrivateKey::new(&mut rng, 64).expect("failed to generate key"); + let priv_key = crate::RsaPrivateKey::new(&mut rng, 1024).expect("failed to generate key"); let pub_key = priv_key.to_public_key(); let verifying_key = VerifyingKey::::new(pub_key); - let tokens = [Token::Str( - "3024300d06092a864886f70d01010105000313003010020900ab240c3361d02e370203010001", - )]; + let tokens = [Token::Str(concat!( + "30819f300d06092a864886f70d010101050003818d0030818902818100cd1419dc", + "3771354bee0955a90489cce0c98aee6577851358afe386a68bc95287862a1157d5", + "aba8847e8e57b6f2f94748ab7efda3f3c74a6702329397ffe0b1d4f76e1b025d87", + "d583e48b3cfce99d6a507d94eb46c5242b3addb54d346ecf43eb0d7343bcb258a3", + "1d5fa51f47b9e0d7280623901d1d29af1a986fec92ba5fe2430203010001", + ))]; assert_tokens(&verifying_key.readable(), &tokens); } diff --git a/tests/proptests.rs b/tests/proptests.rs index eaeeebea..992467b0 100644 --- a/tests/proptests.rs +++ b/tests/proptests.rs @@ -1,3 +1,4 @@ +#![cfg(feature = "hazmat")] //! Property-based tests. use proptest::prelude::*; @@ -14,7 +15,7 @@ prop_compose! { // WARNING: do *NOT* copy and paste this code. It's insecure and optimized for test speed. fn private_key()(seed in any::<[u8; 32]>()) -> RsaPrivateKey { let mut rng = ChaCha8Rng::from_seed(seed); - RsaPrivateKey::new(&mut rng, 512).unwrap() + RsaPrivateKey::new_unchecked(&mut rng, 521).unwrap() } }