Add RSA PKCS1v1.5 signature verification tests from Wycheproof suite.

A set of carefully generated invalid signatures which are sometimes
accepted by implementations due to bugs in padding verification.

1 files changed, 29 insertions, 0 deletions

diff --git a/src/tests/test_pubkey.cpp b/src/tests/test_pubkey.cpp
index bc20da9d9..86d04169e 100644
--- a/src/tests/test_pubkey.cpp
+++ b/src/tests/test_pubkey.cpp
@@ -197,6 +197,35 @@ PK_Signature_Verification_Test::run_one_test(const std::string&, const VarMap& v
    }
 
 Test::Result
+PK_Signature_NonVerification_Test::run_one_test(const std::string&, const VarMap& vars)
+   {
+   const std::string padding = get_opt_str(vars, "Padding", default_padding(vars));
+   const std::vector<uint8_t> message   = get_req_bin(vars, "Msg");
+   std::unique_ptr<Botan::Public_Key> pubkey = load_public_key(vars);
+
+   const std::vector<uint8_t> invalid_signature = get_req_bin(vars, "InvalidSignature");
+
+   Test::Result result(algo_name() + "/" + padding + " verify invalid signature");
+
+   for(auto&& verify_provider : possible_pk_providers())
+      {
+      std::unique_ptr<Botan::PK_Verifier> verifier;
+
+      try
+         {
+         verifier.reset(new Botan::PK_Verifier(*pubkey, padding, Botan::IEEE_1363, verify_provider));
+         result.test_eq("incorrect signature rejected", verifier->verify_message(message, invalid_signature), false);
+         }
+      catch(Botan::Lookup_Error&)
+         {
+         result.test_note("Skipping verifying with " + verify_provider);
+         }
+      }
+
+   return result;
+   }
+
+Test::Result
 PK_Encryption_Decryption_Test::run_one_test(const std::string&, const VarMap& vars)
    {
    const std::vector<uint8_t> plaintext  = get_req_bin(vars, "Msg");