1 package club.wpia.gigi.crypto.key;
3 import static org.junit.Assert.*;
5 import java.io.IOException;
6 import java.security.GeneralSecurityException;
7 import java.security.PublicKey;
11 import club.wpia.gigi.GigiApiException;
13 // Vulnerable keys for this test taken from
14 // @link https://misissued.com/batch/28/
15 public class KeyCheckROCATest {
18 public void testROCASaneKey() throws GeneralSecurityException, IOException {
20 // Normal public key generated with OpenSSL:
21 // openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048
22 // -pkeyopt rsa_keygen_pubexp:7331 2>/dev/null |
23 // openssl pkey -pubout -outform pem
24 String sfk = "-----BEGIN PUBLIC KEY-----\n" + //
25 "MIIBITANBgkqhkiG9w0BAQEFAAOCAQ4AMIIBCQKCAQEArcAPmy3RnXdwyFg3V9k1\n" + //
26 "RaFR/peHa3hLsmh25BInRVArbaMctSBaJBVZwQIgBdqjyITQQZP38i6k+WdsETn9\n" + //
27 "J491UDLKU3E3UG60ZS3BzcJllNdpn4g0IZROxmmUz2JlAXkGtIglmWWDx14qHSNj\n" + //
28 "ON58mc3ihfn/oWkPk2hk/csDxGQq5jSaBUwa9THBg9UQHHBqQbhp2nGfa5a5VRlI\n" + //
29 "0QeIy+8GmKlXYMchReUI25ksLOzaqETD0UXiAPyt+vpvkKCDjWGc3kjabn6OkuTt\n" + //
30 "na7N/52qrEC2ImuanYlzR5gv9jkbFF2PiMIEBD+3B0842rLx0X/lbXhRr1MtuHtN\n" + //
32 "-----END PUBLIC KEY-----\n";
34 PublicKey pk = KeyCheckTest.pkFromString(sfk);
36 KeyCheck c = new KeyCheckROCA();
38 } catch (GigiApiException gae) {
39 throw new Error("Valid key (not vulnerable to ROCA vulnerability) rejected.", gae);
45 public void testROCAVulnerable1() throws GeneralSecurityException, IOException {
47 // D-TRUST Qualified Root CA 1 2014:PN
48 // https://crt.sh/?id=26311918&opt=cablint
49 String sfk = "-----BEGIN PUBLIC KEY-----\n" + //
50 "MIIBJDANBgkqhkiG9w0BAQEFAAOCAREAMIIBDAKCAQEAlT2Gi8cR+hX+0iYaYH0e\n" + //
51 "Pmxrqq1tNKlvcesp1wwIeixqeQ2/QJkFMEAVq3hX45Cri7Z/p9ch8+Nd7eva80Ym\n" + //
52 "nn0llfQ2kJDhi1fOTfodR7IN24105y5D6Lf3zre6J2FOxqPH/q0dDJAbTbuaO4kS\n" + //
53 "yI9xUEhvHo8oZ0L3SGq6VyeeOBXDoBg4xp6xp1w6cZ76/3HhuBc26sgoO9AvDRzp\n" + //
54 "M74wvzGBSVaA8+SU1O46plY4os4GlHEdcZM/0NcHeiWwJvycPKkurVL9AxDBq9Iw\n" + //
55 "Dox/+zQzxcS7txvrJeI1ahQwPpzYdJEwFQ6/rCt43KALWt+OoAIvW5TVYllaF62Z\n" + //
57 "-----END PUBLIC KEY-----\n";
59 PublicKey pk = KeyCheckTest.pkFromString(sfk);
61 KeyCheck c = new KeyCheckROCA();
63 fail("Invalid key (ROCA vulnerable) accepted.");
64 } catch (GigiApiException gae) {
71 public void testROCAVulnerable2() throws GeneralSecurityException, IOException {
73 // D-TRUST Qualified Root CA 2 2014:PN
74 // https://crt.sh/?id=26310640&opt=cablint
75 String sfk = "-----BEGIN PUBLIC KEY-----\n" + //
76 "MIIBJDANBgkqhkiG9w0BAQEFAAOCAREAMIIBDAKCAQEAmDbSRazHfc1YoqH6dXWz\n" + //
77 "k2zBJadliqHgpft1Z5HqXF6AzXQ8duHLN3Db+SSDUWP+fDv1Ti69wmH5HqrdSGcl\n" + //
78 "EvoNStTRjFpnzj/7c5AkALWeZlRzcrBjeIFTtSdZvgluA14BnQXmRViC3tgOFMyU\n" + //
79 "I72wqCGuf7Y8cW/DSfSzBWFTO+A9uoj0oMKEaaLd1iVF4mctKf/atrHzy3Ny1/d9\n" + //
80 "WgbLLxiGtrNxVh78j9HCS4rs17AEC3OZnosUE3jCzLCHyQjwI+frkmINj5Qy4L3j\n" + //
81 "GJqxtIBBb9LwaCkkuV3g679/V4BhWKpDt6YIo/YYINRu42GhXSB9x13KhSMGe9vn\n" + //
83 "-----END PUBLIC KEY-----\n";
85 PublicKey pk = KeyCheckTest.pkFromString(sfk);
87 KeyCheck c = new KeyCheckROCA();
89 fail("Invalid key (ROCA vulnerable) accepted.");
90 } catch (GigiApiException gae) {
97 public void testROCAVulnerable3() throws GeneralSecurityException, IOException {
99 // D-TRUST Qualified Root CA 3 2014:PN
100 // https://crt.sh/?id=26310642&opt=cablint
101 String sfk = "-----BEGIN PUBLIC KEY-----\n" + //
102 "MIIBJDANBgkqhkiG9w0BAQEFAAOCAREAMIIBDAKCAQEAlpwnRwC1ogIM/Wywu3ys\n" + //
103 "HhREKeT56eDAMO+68dvz/mWL7dzFhIFHdehRpSpICx06tb7YpK6/XX9/0okTKajt\n" + //
104 "K0paM3mqZWNilpZnCzItFjwYjxKZL8Bgxww0ztqGD/2oHtmviZNO6yeaLYmm2Eqv\n" + //
105 "hXCVPUCcE17BPjybSZaW3ULaTiIQFYcCB5/utyXu3RT8ss2NBNoD9D4S5r3dMMJY\n" + //
106 "qUE/oojbg/4Y955M0S+yEUuv2dfbE+BCkZqgM05yk/wNr9L8F2f7cG2h/qjFUBE5\n" + //
107 "91kZXZ0g3lBhbKx9SUM8/Vq3WMmfDDpV2qk9wXC0sMgVAwTYLN1J3LWow/C+4Ffo\n" + //
108 "xQIFAI0kKjs=\n" + //
109 "-----END PUBLIC KEY-----\n";
111 PublicKey pk = KeyCheckTest.pkFromString(sfk);
113 KeyCheck c = new KeyCheckROCA();
115 fail("Invalid key (ROCA vulnerable) accepted.");
116 } catch (GigiApiException gae) {