diff --git a/testsuite/rsa-pss-sign-tr-test.c b/testsuite/rsa-pss-sign-tr-test.c index 2ba043c50cc790d6f3967fd8e1ea94c3fd34a522..6dfba734c6b758daea2d7dd16f1edd61000d4582 100644 --- a/testsuite/rsa-pss-sign-tr-test.c +++ b/testsuite/rsa-pss-sign-tr-test.c @@ -321,6 +321,35 @@ test_main(void) salt->length, salt->data, msg->length, msg->data, expected); + /* The public key n for this test is of size k = 1017 bits, and the + pss "em" value is limited to k - 1 = 1016 bits or 127 octets. The + alleged signature below results in a 1017 bit number during the + signature verification, which is too large, and used to result in + an assertion failure when attempting to convert the number to a + 127 octet string. + */ + mpz_set_str(pub.n, + "1d64559685aad3490e976b48aacf442ecee847268f882341eafe78" + "a0ca4ef88f66edbaf55b70e5285cc117aa9ceb322a4227c17e9e89" + "27bf38e5672faecf79e2983d92766fbb6624522f072ae0e4e46d37" + "052ce1e5745c2dd8fd67de3862e4711161e359b96bda85911ebf4e" + "6ce1bea625970269c77004a3cb03f9c382c5f79", 16); + mpz_set_str(pub.e, "10001", 16); + + ASSERT (rsa_public_key_prepare(&pub)); + + msg = SHEX("7f85e4909ff7bb29536e540a53031ef03ddcb129e553a43273fa1f" + "ed28c22a8b57c7bde101ff746f335ba69b29642019"); + /* Alleged signature, resulting in a too large m. */ + mpz_set_str(expected, + "000000000000000000000000000000000000000000000000000000" + "000000000000000000000000000000000000000000000005ffff05" + "000000000000000000000000000000000000000000000000000000" + "000000000000000000000000000000000000000000000000000000" + "0000000000000000000000000000000000000000", 16); + + ASSERT(!rsa_pss_sha384_verify_digest(&pub, 48, msg->data, expected)); + rsa_private_key_clear(&key); rsa_public_key_clear(&pub); mpz_clear(expected);