Add the Shattered test vectors.

parent 4b3859dd
-----BEGIN PGP SIGNATURE-----
wsDzBAABAgAdFiEE0aZuGiOxgsmYD3iM+/zIKgFeczAFAl+uh1wACgkQ+/zIKgFe
czBqzAv9G9v98so++R88YSVMTGbfzq4fSh4C/DkfZCT9+j6H1IpYfjfouFQNtTE7
0ACiusd0cTxBdRKOqsbh9EW3yfv77+8XU+sNY0QZ2UgfbEW1USAP4BgACMkpSu5X
mlcE65jw7bhfdnnNsypOKORpH/uyLSMTAvBj3rrzFyikDjJwmSyLdJocjCawkr0U
aOQfDZfJVXhRCj9oXrRW2LBdB7HsLqwFvt/EIct8FYnTxriV8+xuVaihCbX357uE
NXqbT8x07xMAUws/iwrHptmPZP6sz4+bdekMXAMncY4hBR8J0NDh6vpq8yYRylpa
ebJ8mLGhujJPIcU12VOMimGE7+zpAwmlJgPQqdZsjS1ZuvQ/BS37hRIvdUTZljff
EXqqJq3SwZOvdvyRzTk3vciZhEzJ2aLSj0A4PY/k/6fZEdY3ZHRKdWP3btOU6GNF
b+BXPE/eNerLy0Y5BgMOKfsOaqPGz4bDJTNv83gsbYPyFXvhb0hTESRgyNeGC+rC
WOUcC767
=Ox9v
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNATURE-----
wsDzBAABAgAdFiEE0aZuGiOxgsmYD3iM+/zIKgFeczAFAl+uh3MACgkQ+/zIKgFe
czCqAgwAtNZWYfg3S2kytvaBjxW9nExtj5/Iacuxv08xUVdnJ8S+KZh0i3WXy4wo
d0ZhN2WlcoTY71Eof1QEvoSyoWJ1LaK9xsRiKoQCj0+NFXCzUzLoB08iYh+7hc9c
q0jn7m6Sp8BwKQ3fsE/ytR4bQPgWOY2FFRv4V6YUcmt5HdBzcIUyztyWTFIXt50S
68N4kcF+3qB51eIwvKPkKFLIOrIc5Ds1IgMjlu2jMZzsDkFQDr4rJ9efUMjuDGya
8fy5oCEtpxXcM9KUtiZSxMoKjisrBMFQV32rxu/W7EfvN280rgqz0G9j+8Ha0UX4
xQz+/ygkmf3aAHW4cx2iQC72UfuvfqW/07XRa7HDFYwfP/kr50LtyhxfV91nKdIo
i3pFKmM6DH9j+bDfeAvLhvRDBgjuhLQCbEu7pVEeLWoISh7F2TE2xz0XUz1YPQv7
p2Ma6X7buWPGX1Z9+26tdaU/7YWX33+PZ6QXDzmHCGba14Ya36RqE99tobislcIT
q4Z/4b0w
=p4TW
-----END PGP SIGNATURE-----
......@@ -10,6 +10,8 @@ use crate::{
},
};
mod shattered;
pub fn schedule(report: &mut Report) -> Result<()> {
use openpgp::types::HashAlgorithm::*;
......@@ -26,6 +28,7 @@ pub fn schedule(report: &mut Report) -> Result<()> {
openpgp::Cert::from_bytes(data::certificate("bob-secret.pgp"))?,
b"Hello, world!".to_vec().into_boxed_slice(), hash)?));
}
report.add(Box::new(shattered::Shattered::new()?));
Ok(())
}
use crate::{
Data,
OpenPGP,
Result,
data,
tests::{
ConsumerTest,
Expectation,
Test,
TestMatrix,
},
};
/// Explores whether SHA-1 signatures over colliding files are
/// considered valid.
pub struct Shattered {
}
impl Shattered {
pub fn new() -> Result<Shattered> {
Ok(Shattered {
})
}
}
impl Test for Shattered {
fn title(&self) -> String {
"Signature over the shattered collision".into()
}
fn description(&self) -> String {
"<p>This tests whether detached signatures using SHA-1 over
the collision from the paper <i>The first collision for full
SHA-1</i> are considered valid.</p>"
.into()
}
fn artifacts(&self) -> Vec<(String, Data)> {
vec![("Certificate".into(), data::certificate("bob.pgp").into())]
}
fn run(&self, implementations: &[Box<dyn OpenPGP + Sync>])
-> Result<TestMatrix> {
ConsumerTest::run(self, implementations)
}
}
impl ConsumerTest for Shattered {
fn produce(&self) -> Result<Vec<(String, Data, Option<Expectation>)>> {
Ok(vec![
("SIG-1 over PDF-1".into(),
data::message("shattered-1.pdf.asc").into(),
Some(Err("Attack must be mitigated".into()))),
("SIG-1 over PDF-2".into(),
data::message("shattered-1.pdf.asc").into(),
Some(Err("Attack must be mitigated".into()))),
("SIG-2 over PDF-1".into(),
data::message("shattered-2.pdf.asc").into(),
Some(Err("Attack must be mitigated".into()))),
("SIG-2 over PDF-2".into(),
data::message("shattered-2.pdf.asc").into(),
Some(Err("Attack must be mitigated".into()))),
])
}
fn consume(&self, i: usize, pgp: &mut dyn OpenPGP, artifact: &[u8])
-> Result<Data> {
let message = match i {
0 | 2 => data::message("shattered-1.pdf"),
1 | 3 => data::message("shattered-2.pdf"),
_ => unreachable!(),
};
pgp.verify_detached(data::certificate("bob.pgp"), message, artifact)
}
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment