tests/club/wpia/gigi/crypto/key/KeyCheckROCATest.java

   1 package club.wpia.gigi.crypto.key;
   2
   3 import static org.junit.Assert.*;
   4
   5 import java.io.IOException;
   6 import java.security.GeneralSecurityException;
   7 import java.security.PublicKey;
   8
   9 import org.junit.Test;
  10
  11 import club.wpia.gigi.GigiApiException;
  12
  13 // Vulnerable keys for this test taken from
  14 // @link https://misissued.com/batch/28/
  15 public class KeyCheckROCATest {
  16
  17     @Test
  18     public void testROCASaneKey() throws GeneralSecurityException, IOException {
  19
  20         // Normal public key generated with OpenSSL:
  21         // openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048
  22         // -pkeyopt rsa_keygen_pubexp:7331 2>/dev/null |
  23         // openssl pkey -pubout -outform pem
  24         String sfk = "-----BEGIN PUBLIC KEY-----\n" + //
  25                 "MIIBITANBgkqhkiG9w0BAQEFAAOCAQ4AMIIBCQKCAQEArcAPmy3RnXdwyFg3V9k1\n" + //
  26                 "RaFR/peHa3hLsmh25BInRVArbaMctSBaJBVZwQIgBdqjyITQQZP38i6k+WdsETn9\n" + //
  27                 "J491UDLKU3E3UG60ZS3BzcJllNdpn4g0IZROxmmUz2JlAXkGtIglmWWDx14qHSNj\n" + //
  28                 "ON58mc3ihfn/oWkPk2hk/csDxGQq5jSaBUwa9THBg9UQHHBqQbhp2nGfa5a5VRlI\n" + //
  29                 "0QeIy+8GmKlXYMchReUI25ksLOzaqETD0UXiAPyt+vpvkKCDjWGc3kjabn6OkuTt\n" + //
  30                 "na7N/52qrEC2ImuanYlzR5gv9jkbFF2PiMIEBD+3B0842rLx0X/lbXhRr1MtuHtN\n" + //
  31                 "tQICHKM=\n" + //
  32                 "-----END PUBLIC KEY-----\n";
  33
  34         PublicKey pk = KeyCheckTest.pkFromString(sfk);
  35         try {
  36             KeyCheck c = new KeyCheckROCA();
  37             c.check(pk);
  38         } catch (GigiApiException gae) {
  39             throw new Error("Valid key (not vulnerable to ROCA vulnerability) rejected.", gae);
  40         }
  41
  42     }
  43
  44     @Test
  45     public void testROCAVulnerable1() throws GeneralSecurityException, IOException {
  46
  47         // D-TRUST Qualified Root CA 1 2014:PN
  48         // https://crt.sh/?id=26311918&opt=cablint
  49         String sfk = "-----BEGIN PUBLIC KEY-----\n" + //
  50                 "MIIBJDANBgkqhkiG9w0BAQEFAAOCAREAMIIBDAKCAQEAlT2Gi8cR+hX+0iYaYH0e\n" + //
  51                 "Pmxrqq1tNKlvcesp1wwIeixqeQ2/QJkFMEAVq3hX45Cri7Z/p9ch8+Nd7eva80Ym\n" + //
  52                 "nn0llfQ2kJDhi1fOTfodR7IN24105y5D6Lf3zre6J2FOxqPH/q0dDJAbTbuaO4kS\n" + //
  53                 "yI9xUEhvHo8oZ0L3SGq6VyeeOBXDoBg4xp6xp1w6cZ76/3HhuBc26sgoO9AvDRzp\n" + //
  54                 "M74wvzGBSVaA8+SU1O46plY4os4GlHEdcZM/0NcHeiWwJvycPKkurVL9AxDBq9Iw\n" + //
  55                 "Dox/+zQzxcS7txvrJeI1ahQwPpzYdJEwFQ6/rCt43KALWt+OoAIvW5TVYllaF62Z\n" + //
  56                 "XwIFAJLK1sU=\n" + //
  57                 "-----END PUBLIC KEY-----\n";
  58
  59         PublicKey pk = KeyCheckTest.pkFromString(sfk);
  60         try {
  61             KeyCheck c = new KeyCheckROCA();
  62             c.check(pk);
  63             fail("Invalid key (ROCA vulnerable) accepted.");
  64         } catch (GigiApiException gae) {
  65             // expected
  66         }
  67
  68     }
  69
  70     @Test
  71     public void testROCAVulnerable2() throws GeneralSecurityException, IOException {
  72
  73         // D-TRUST Qualified Root CA 2 2014:PN
  74         // https://crt.sh/?id=26310640&opt=cablint
  75         String sfk = "-----BEGIN PUBLIC KEY-----\n" + //
  76                 "MIIBJDANBgkqhkiG9w0BAQEFAAOCAREAMIIBDAKCAQEAmDbSRazHfc1YoqH6dXWz\n" + //
  77                 "k2zBJadliqHgpft1Z5HqXF6AzXQ8duHLN3Db+SSDUWP+fDv1Ti69wmH5HqrdSGcl\n" + //
  78                 "EvoNStTRjFpnzj/7c5AkALWeZlRzcrBjeIFTtSdZvgluA14BnQXmRViC3tgOFMyU\n" + //
  79                 "I72wqCGuf7Y8cW/DSfSzBWFTO+A9uoj0oMKEaaLd1iVF4mctKf/atrHzy3Ny1/d9\n" + //
  80                 "WgbLLxiGtrNxVh78j9HCS4rs17AEC3OZnosUE3jCzLCHyQjwI+frkmINj5Qy4L3j\n" + //
  81                 "GJqxtIBBb9LwaCkkuV3g679/V4BhWKpDt6YIo/YYINRu42GhXSB9x13KhSMGe9vn\n" + //
  82                 "eQIFAKY6EqM=\n" + //
  83                 "-----END PUBLIC KEY-----\n";
  84
  85         PublicKey pk = KeyCheckTest.pkFromString(sfk);
  86         try {
  87             KeyCheck c = new KeyCheckROCA();
  88             c.check(pk);
  89             fail("Invalid key (ROCA vulnerable) accepted.");
  90         } catch (GigiApiException gae) {
  91             // expected
  92         }
  93
  94     }
  95
  96     @Test
  97     public void testROCAVulnerable3() throws GeneralSecurityException, IOException {
  98
  99         // D-TRUST Qualified Root CA 3 2014:PN
 100         // https://crt.sh/?id=26310642&opt=cablint
 101         String sfk = "-----BEGIN PUBLIC KEY-----\n" + //
 102                 "MIIBJDANBgkqhkiG9w0BAQEFAAOCAREAMIIBDAKCAQEAlpwnRwC1ogIM/Wywu3ys\n" + //
 103                 "HhREKeT56eDAMO+68dvz/mWL7dzFhIFHdehRpSpICx06tb7YpK6/XX9/0okTKajt\n" + //
 104                 "K0paM3mqZWNilpZnCzItFjwYjxKZL8Bgxww0ztqGD/2oHtmviZNO6yeaLYmm2Eqv\n" + //
 105                 "hXCVPUCcE17BPjybSZaW3ULaTiIQFYcCB5/utyXu3RT8ss2NBNoD9D4S5r3dMMJY\n" + //
 106                 "qUE/oojbg/4Y955M0S+yEUuv2dfbE+BCkZqgM05yk/wNr9L8F2f7cG2h/qjFUBE5\n" + //
 107                 "91kZXZ0g3lBhbKx9SUM8/Vq3WMmfDDpV2qk9wXC0sMgVAwTYLN1J3LWow/C+4Ffo\n" + //
 108                 "xQIFAI0kKjs=\n" + //
 109                 "-----END PUBLIC KEY-----\n";
 110
 111         PublicKey pk = KeyCheckTest.pkFromString(sfk);
 112         try {
 113             KeyCheck c = new KeyCheckROCA();
 114             c.check(pk);
 115             fail("Invalid key (ROCA vulnerable) accepted.");
 116         } catch (GigiApiException gae) {
 117             // expected
 118         }
 119
 120     }
 121
 122 }