From 59a71779ad7c644fcaefd3582ea244f1ff60349a Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 8 Dec 2016 19:23:18 -0500 Subject: Fix off by one in PKCS #1 v1.5 decryption decoding When the code was changed in b8966d0f89e, the offset was not changed, so it would reject ciphertexts with exactly 8 bytes of random padding (the required minimum). Found by pkcs1 fuzzer which also had problems due to not having been updated at the same time. Add a test suite for decoding of PK decryption padding to cover the problem cases. --- src/tests/data/pk_pad_eme/pkcs1.vec | 46 +++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 src/tests/data/pk_pad_eme/pkcs1.vec (limited to 'src/tests/data/pk_pad_eme') diff --git a/src/tests/data/pk_pad_eme/pkcs1.vec b/src/tests/data/pk_pad_eme/pkcs1.vec new file mode 100644 index 000000000..48b732d95 --- /dev/null +++ b/src/tests/data/pk_pad_eme/pkcs1.vec @@ -0,0 +1,46 @@ +[PKCS1v15] +RawCiphertext = +ValidInput = false + +RawCiphertext = 00 +ValidInput = false + +RawCiphertext = 0000 +ValidInput = false + +RawCiphertext = FF +ValidInput = false + +RawCiphertext = FF02 +ValidInput = false + +RawCiphertext = 0002DEDE24212121DEDEDE5EDEDEDEDE0A5EDE00000000DEDEDE010000000000 +Plaintext = 000000DEDEDE010000000000 +ValidInput = true + +RawCiphertext = 022C2C4018181818181818181818183A18181818181818180000002C022C00010A2C2C2C2C2C022C +ValidInput = false + +RawCiphertext = 00022C2C4018181818181818181818183A18181818181818180000002C022C00010A2C2C2C2C2C022C +Plaintext = 00002C022C00010A2C2C2C2C2C022C +ValidInput = true + +RawCiphertext = 0002FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF010100000021FFFFFFFFFFFFBC +Plaintext = 000021FFFFFFFFFFFFBC +ValidInput = true + +RawCiphertext = 0002F9CCFFFFCCCCCCCCCCCCCCCC4E0000CCFFFFCCCCCCCCCCCCCCCCCCCCCCCCCC06 +Plaintext = 00CCFFFFCCCCCCCCCCCCCCCCCCCCCCCCCC06 +ValidInput = true + +RawCiphertext = 000253FFC43B5253FF0A53DE0000FD +Plaintext = 00FD +ValidInput = true + +RawCiphertext = 0002FFFF06FFFFFFFFFF00000000000000000000000000000000000000000000000000000000FF0A +Plaintext = 000000000000000000000000000000000000000000000000000000FF0A +ValidInput = true + +# Padding only 7 bytes +RawCiphertext = 0002FFFFFFFFFFFFFF000113131313131388 +ValidInput = false -- cgit v1.2.3