Skip to content

Commit c809f7a

Browse files
peterdettmanpeterdettman
committed
Add RSA test case for CVE-2017-15361 vulnerability
1 parent 4f72d35 commit c809f7a

File tree

1 file changed

+99
-1
lines changed

1 file changed

+99
-1
lines changed

crypto/test/src/crypto/test/RsaTest.cs

Lines changed: 99 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,84 @@ namespace Org.BouncyCastle.Crypto.Tests
2020
public class RsaTest
2121
: SimpleTest
2222
{
23-
static BigInteger mod = new BigInteger("b259d2d6e627a768c94be36164c2d9fc79d97aab9253140e5bf17751197731d6f7540d2509e7b9ffee0a70a6e26d56e92d2edd7f85aba85600b69089f35f6bdbf3c298e05842535d9f064e6b0391cb7d306e0a2d20c4dfb4e7b49a9640bdea26c10ad69c3f05007ce2513cee44cfe01998e62b6c3637d3fc0391079b26ee36d5", 16);
23+
/*
24+
* Based on https://github.com/crocs-muni/roca/blob/master/java/BrokenKey.java
25+
* Credits: ported to Java by Martin Paljak
26+
*/
27+
internal static class BrokenKey_CVE_2017_15361
28+
{
29+
private static readonly int[] prims = new int[]{ 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61,
30+
67, 71, 73, 79, 83, 89, 97, 101, 103, 107, 109, 113, 127, 131, 137, 139, 149, 151, 157, 163, 167 };
31+
private static readonly BigInteger[] primes = new BigInteger[prims.Length];
32+
33+
static BrokenKey_CVE_2017_15361()
34+
{
35+
for (int i = 0; i < prims.Length; i++)
36+
{
37+
primes[i] = BigInteger.ValueOf(prims[i]);
38+
}
39+
}
40+
41+
private static readonly BigInteger[] markers = new BigInteger[]
42+
{
43+
new BigInteger("6"),
44+
new BigInteger("30"),
45+
new BigInteger("126"),
46+
new BigInteger("1026"),
47+
new BigInteger("5658"),
48+
new BigInteger("107286"),
49+
new BigInteger("199410"),
50+
new BigInteger("8388606"),
51+
new BigInteger("536870910"),
52+
new BigInteger("2147483646"),
53+
new BigInteger("67109890"),
54+
new BigInteger("2199023255550"),
55+
new BigInteger("8796093022206"),
56+
new BigInteger("140737488355326"),
57+
new BigInteger("5310023542746834"),
58+
new BigInteger("576460752303423486"),
59+
new BigInteger("1455791217086302986"),
60+
new BigInteger("147573952589676412926"),
61+
new BigInteger("20052041432995567486"),
62+
new BigInteger("6041388139249378920330"),
63+
new BigInteger("207530445072488465666"),
64+
new BigInteger("9671406556917033397649406"),
65+
new BigInteger("618970019642690137449562110"),
66+
new BigInteger("79228162521181866724264247298"),
67+
new BigInteger("2535301200456458802993406410750"),
68+
new BigInteger("1760368345969468176824550810518"),
69+
new BigInteger("50079290986288516948354744811034"),
70+
new BigInteger("473022961816146413042658758988474"),
71+
new BigInteger("10384593717069655257060992658440190"),
72+
new BigInteger("144390480366845522447407333004847678774"),
73+
new BigInteger("2722258935367507707706996859454145691646"),
74+
new BigInteger("174224571863520493293247799005065324265470"),
75+
new BigInteger("696898287454081973172991196020261297061886"),
76+
new BigInteger("713623846352979940529142984724747568191373310"),
77+
new BigInteger("1800793591454480341970779146165214289059119882"),
78+
new BigInteger("126304807362733370595828809000324029340048915994"),
79+
new BigInteger("11692013098647223345629478661730264157247460343806"),
80+
new BigInteger("187072209578355573530071658587684226515959365500926")
81+
};
82+
83+
public static bool IsAffected(RsaKeyParameters publicKey)
84+
{
85+
BigInteger modulus = publicKey.Modulus;
86+
87+
for (int i = 0; i < primes.Length; i++)
88+
{
89+
int remainder = modulus.Remainder(primes[i]).IntValue;
90+
if (!markers[i].TestBit(remainder))
91+
{
92+
return false;
93+
}
94+
}
95+
96+
return true;
97+
}
98+
}
99+
100+
static BigInteger mod = new BigInteger("b259d2d6e627a768c94be36164c2d9fc79d97aab9253140e5bf17751197731d6f7540d2509e7b9ffee0a70a6e26d56e92d2edd7f85aba85600b69089f35f6bdbf3c298e05842535d9f064e6b0391cb7d306e0a2d20c4dfb4e7b49a9640bdea26c10ad69c3f05007ce2513cee44cfe01998e62b6c3637d3fc0391079b26ee36d5", 16);
24101
static BigInteger pubExp = new BigInteger("11", 16);
25102
static BigInteger privExp = new BigInteger("92e08f83cc9920746989ca5034dcb384a094fb9c5a6288fcc4304424ab8f56388f72652d8fafc65a4b9020896f2cde297080f2a540e7b7ce5af0b3446e1258d1dd7f245cf54124b4c6e17da21b90a0ebd22605e6f45c9f136d7a13eaac1c0f7487de8bd6d924972408ebb58af71e76fd7b012a8d0e165f3ae2e5077a8648e619", 16);
26103
static BigInteger p = new BigInteger("f75e80839b9b9379f1cf1128f321639757dba514642c206bbbd99f9a4846208b3e93fbbe5e0527cc59b1d4b929d9555853004c7c8b30ee6a213c3d1bb7415d03", 16);
@@ -355,6 +432,26 @@ private void testZeroBlock(ICipherParameters encParameters, ICipherParameters de
355432
}
356433
}
357434

435+
private void doTest_CVE_2017_15361()
436+
{
437+
SecureRandom random = new SecureRandom();
438+
RsaKeyPairGenerator pGen = new RsaKeyPairGenerator();
439+
BigInteger e = BigInteger.ValueOf(0x11);
440+
441+
for (int strength = 512; strength <= 2048; strength += 32)
442+
{
443+
pGen.Init(new RsaKeyGenerationParameters(
444+
e, random, strength, 100));
445+
446+
RsaKeyParameters pubKey = (RsaKeyParameters)pGen.GenerateKeyPair().Public;
447+
448+
if (BrokenKey_CVE_2017_15361.IsAffected(pubKey))
449+
{
450+
Fail("failed CVE-2017-15361 vulnerability test for generated RSA key");
451+
}
452+
}
453+
}
454+
358455
public override void PerformTest()
359456
{
360457
RsaKeyParameters pubParameters = new RsaKeyParameters(false, mod, pubExp);
@@ -634,6 +731,7 @@ public override void PerformTest()
634731
doTestMissingDataPkcs1Block(pubParameters, privParameters);
635732
doTestTruncatedPkcs1Block(pubParameters, privParameters);
636733
doTestWrongPaddingPkcs1Block(pubParameters, privParameters);
734+
doTest_CVE_2017_15361();
637735

638736
try
639737
{

0 commit comments

Comments
 (0)