Adding test vectors and tests for DSA with P1363 encoding.
Splitting DSA test vectors into several files depending on key size and hash.
I'm only adding files for DSA parameters that are supported by libraries that are used in google3. Most projects now prefer ECDSA.
Tests with additional parameters (e.g. 4096-bit keys or other hash functions) can be added, if there is a reason for doing so.
Tested providers:
jdk8 supports DSA with ASN encoding.
jdk11 supports DSA with ASN and P1363 encoding.
BouncyCastle only supports DSA with ASN encoding.
(P1363 format is only supported for ECDSA).
ConsCrypt does not support DSA at all.
b/33446454: The tests ignore this issue to avoid missing bigger mistakes.
NOKEYCHECK=True
PiperOrigin-RevId: 281068296
GitOrigin-RevId: 7c4178527d940fccbcfcfdd88f1cb850a17746db
This commit is contained in:
@@ -316,6 +316,7 @@ public class JsonSignatureTest {
|
||||
int verifiedSignatures = 0;
|
||||
int errors = 0;
|
||||
int skippedKeys = 0;
|
||||
int skippedAlgorithms = 0;
|
||||
int supportedKeys = 0;
|
||||
Set<String> skippedGroups = new HashSet<String>();
|
||||
for (JsonElement g : test.getAsJsonArray("testGroups")) {
|
||||
@@ -343,7 +344,7 @@ public class JsonSignatureTest {
|
||||
if (!allowSkippingKeys) {
|
||||
throw ex;
|
||||
}
|
||||
skippedKeys++;
|
||||
skippedAlgorithms++;
|
||||
continue;
|
||||
}
|
||||
supportedKeys++;
|
||||
@@ -427,12 +428,14 @@ public class JsonSignatureTest {
|
||||
}
|
||||
// Prints some information if tests were skipped. This avoids giving
|
||||
// the impression that algorithms are supported.
|
||||
if (skippedKeys > 0 || verifiedSignatures == 0) {
|
||||
if (skippedKeys > 0 || skippedAlgorithms > 0 || verifiedSignatures == 0) {
|
||||
System.out.println(
|
||||
"File:"
|
||||
+ filename
|
||||
+ " number of skipped keys:"
|
||||
+ skippedKeys
|
||||
+ " number of skipped algorithms:"
|
||||
+ skippedAlgorithms
|
||||
+ " number of supported keys:"
|
||||
+ supportedKeys
|
||||
+ " verified signatures:"
|
||||
@@ -442,7 +445,7 @@ public class JsonSignatureTest {
|
||||
}
|
||||
}
|
||||
assertEquals(0, errors);
|
||||
if (skippedKeys == 0) {
|
||||
if (skippedKeys == 0 && skippedAlgorithms == 0) {
|
||||
assertEquals(numTests, cntTests);
|
||||
}
|
||||
}
|
||||
@@ -887,17 +890,77 @@ public class JsonSignatureTest {
|
||||
testVerification("ed448_test.json", "ED448", Format.RAW, true);
|
||||
}
|
||||
|
||||
// Testing DSA signatures.
|
||||
@NoPresubmitTest(
|
||||
providers = {ProviderType.OPENJDK},
|
||||
bugs = {"b/33446454"}
|
||||
)
|
||||
// DSA
|
||||
// Two signature encodings for DSA are tested below: ASN encoded signatures
|
||||
// and P1363 encoded signatures.
|
||||
@ExcludedTest(
|
||||
providers = {ProviderType.CONSCRYPT},
|
||||
comment = "Conscrypt does not support DSA.")
|
||||
@Test
|
||||
public void testDsa() throws Exception {
|
||||
testVerification("dsa_test.json", "DSA", Format.ASN, false);
|
||||
public void testDsa2048Sha224() throws Exception {
|
||||
testVerification("dsa_2048_224_sha224_test.json", "DSA", Format.ASN, true);
|
||||
}
|
||||
|
||||
// NIST allows 2048-bit DSA keys with either a 224-bit q or a 256-bit q.
|
||||
// In both cases the security level is 112-bit.
|
||||
// Jdk generates DSA keys with a 224-bit q (unless specified).
|
||||
@ExcludedTest(
|
||||
providers = {ProviderType.CONSCRYPT},
|
||||
comment = "Conscrypt does not support DSA.")
|
||||
@Test
|
||||
public void testDsa2048JdkSha256() throws Exception {
|
||||
testVerification("dsa_2048_224_sha256_test.json", "DSA", Format.ASN, true);
|
||||
}
|
||||
|
||||
// OpenSSL generates DSA keys with a 256-bit q (unless specified).
|
||||
@ExcludedTest(
|
||||
providers = {ProviderType.CONSCRYPT},
|
||||
comment = "Conscrypt does not support DSA.")
|
||||
@Test
|
||||
public void testDsa2048Sha256() throws Exception {
|
||||
testVerification("dsa_2048_256_sha256_test.json", "DSA", Format.ASN, true);
|
||||
}
|
||||
|
||||
@ExcludedTest(
|
||||
providers = {ProviderType.CONSCRYPT},
|
||||
comment = "Conscrypt does not support DSA.")
|
||||
@Test
|
||||
public void testDsa3072Sha256() throws Exception {
|
||||
testVerification("dsa_3072_256_sha256_test.json", "DSA", Format.ASN, true);
|
||||
}
|
||||
|
||||
// DSA tests using P1363 formated signatures.
|
||||
@ExcludedTest(
|
||||
providers = {ProviderType.CONSCRYPT},
|
||||
comment = "Conscrypt does not support DSA.")
|
||||
@Test
|
||||
public void testDsa2048Sha224inP1363Format() throws Exception {
|
||||
testVerification("dsa_2048_224_sha224_p1363_test.json", "DSA", Format.P1363, true);
|
||||
}
|
||||
|
||||
@ExcludedTest(
|
||||
providers = {ProviderType.CONSCRYPT},
|
||||
comment = "Conscrypt does not support DSA.")
|
||||
@Test
|
||||
public void testDsa2048JdkSha256inP1363Format() throws Exception {
|
||||
testVerification("dsa_2048_224_sha256_p1363_test.json", "DSA", Format.P1363, true);
|
||||
}
|
||||
|
||||
@ExcludedTest(
|
||||
providers = {ProviderType.CONSCRYPT},
|
||||
comment = "Conscrypt does not support DSA.")
|
||||
@Test
|
||||
public void testDsa2048Sha256inP1363Format() throws Exception {
|
||||
testVerification("dsa_2048_256_sha256_p1363_test.json", "DSA", Format.P1363, true);
|
||||
}
|
||||
|
||||
@ExcludedTest(
|
||||
providers = {ProviderType.CONSCRYPT},
|
||||
comment = "Conscrypt does not support DSA.")
|
||||
@Test
|
||||
public void testDsa3072Sha256inP1363Format() throws Exception {
|
||||
testVerification("dsa_3072_256_sha256_p1363_test.json", "DSA", Format.P1363, true);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
@@ -0,0 +1,151 @@
|
||||
{
|
||||
"type": "object",
|
||||
"definitions": {
|
||||
"DsaP1363TestGroup": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"type": {
|
||||
"enum": [
|
||||
"DsaP1363Verify"
|
||||
]
|
||||
},
|
||||
"key": {
|
||||
"$ref": "#/definitions/DsaPublicKey",
|
||||
"description": "unencoded EC public key"
|
||||
},
|
||||
"keyDer": {
|
||||
"type": "string",
|
||||
"format": "Der",
|
||||
"description": "DER encoded public key"
|
||||
},
|
||||
"keyPem": {
|
||||
"type": "string",
|
||||
"format": "Pem",
|
||||
"description": "Pem encoded public key"
|
||||
},
|
||||
"sha": {
|
||||
"type": "string",
|
||||
"format": "MdName",
|
||||
"description": "the hash function used for DSA"
|
||||
},
|
||||
"tests": {
|
||||
"type": "array",
|
||||
"items": {
|
||||
"$ref": "#/definitions/SignatureTestVector"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"DsaPublicKey": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"g": {
|
||||
"type": "string",
|
||||
"format": "BigInt",
|
||||
"description": "the generator of the multiplicative subgroup"
|
||||
},
|
||||
"keySize": {
|
||||
"type": "integer",
|
||||
"description": "the key size in bits"
|
||||
},
|
||||
"p": {
|
||||
"type": "string",
|
||||
"format": "BigInt",
|
||||
"description": "the modulus p"
|
||||
},
|
||||
"q": {
|
||||
"type": "string",
|
||||
"format": "BigInt",
|
||||
"description": "the order of the generator g"
|
||||
},
|
||||
"type": {
|
||||
"type": "string",
|
||||
"description": "the key type",
|
||||
"enum": [
|
||||
"DsaPublicKey"
|
||||
]
|
||||
},
|
||||
"y": {
|
||||
"type": "string",
|
||||
"format": "BigInt",
|
||||
"description": "the public key value"
|
||||
}
|
||||
}
|
||||
},
|
||||
"SignatureTestVector": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"tcId": {
|
||||
"type": "integer",
|
||||
"description": "Identifier of the test case"
|
||||
},
|
||||
"comment": {
|
||||
"type": "string",
|
||||
"description": "A brief description of the test case"
|
||||
},
|
||||
"msg": {
|
||||
"type": "string",
|
||||
"format": "HexBytes",
|
||||
"description": "The message to sign"
|
||||
},
|
||||
"sig": {
|
||||
"type": "string",
|
||||
"format": "HexBytes",
|
||||
"description": "A signature for msg"
|
||||
},
|
||||
"result": {
|
||||
"type": "string",
|
||||
"description": "Test result",
|
||||
"enum": [
|
||||
"valid",
|
||||
"invalid",
|
||||
"acceptable"
|
||||
]
|
||||
},
|
||||
"flags": {
|
||||
"type": "array",
|
||||
"items": {
|
||||
"type": "string"
|
||||
},
|
||||
"description": "A list of flags"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"properties": {
|
||||
"algorithm": {
|
||||
"type": "string",
|
||||
"description": "the primitive tested in the test file"
|
||||
},
|
||||
"generatorVersion": {
|
||||
"type": "string",
|
||||
"description": "the version of the test vectors."
|
||||
},
|
||||
"header": {
|
||||
"type": "array",
|
||||
"items": {
|
||||
"type": "string"
|
||||
},
|
||||
"description": "additional documentation"
|
||||
},
|
||||
"notes": {
|
||||
"type": "object",
|
||||
"description": "a description of the labels used in the test vectors"
|
||||
},
|
||||
"numberOfTests": {
|
||||
"type": "integer",
|
||||
"description": "the number of test vectors in this test"
|
||||
},
|
||||
"schema": {
|
||||
"enum": [
|
||||
"dsa_p1363_verify_schema.json"
|
||||
]
|
||||
},
|
||||
"testGroups": {
|
||||
"type": "array",
|
||||
"items": {
|
||||
"$ref": "#/definitions/DsaP1363TestGroup"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
Reference in New Issue
Block a user