Skip to content

Commit 4112075

Browse files
mrdominomrdomino
authored
dsa: decouple precise RNG state from tests (#1139)
The `signature` test was too tightly coupled with the precise RNG output, in effect not just testing the DSA signature/verification logic but also testing that the exact bit sequence was produced by the dependent crate. We already have tests against deterministic keys and signatures at `tests/deterministic.rs`, so modify `tests/signature.rs` to instead generate a random keypair using the system RNG, then generate a signature with that keypair, and then verify that signature. The existing hard-coded signatures have been left in place as they are used to test PKCS decoding and encoding.
1 parent ab591d8 commit 4112075

3 files changed

Lines changed: 18 additions & 41 deletions

File tree

Cargo.lock

Lines changed: 1 addition & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

dsa/Cargo.toml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -37,6 +37,7 @@ proptest = "1"
3737
getrandom = { version = "0.4.0-rc.0", features = ["sys_rng"] }
3838
sha1 = "0.11.0-rc.2"
3939
der = { version = "0.8.0-rc.10", features = ["derive"] }
40+
rand_core = "0.10.0-rc-3"
4041

4142
[features]
4243
default = ["pkcs8"]

dsa/tests/signature.rs

Lines changed: 16 additions & 41 deletions
Original file line numberDiff line numberDiff line change
@@ -1,34 +1,28 @@
11
#![cfg(feature = "hazmat")]
22
#![allow(deprecated)]
33

4-
use chacha20::{ChaCha8Rng, rand_core::SeedableRng};
54
use digest::Digest;
65
use dsa::{Components, KeySize, Signature, SigningKey};
7-
use getrandom::rand_core::CryptoRng;
86
use hex_literal::hex;
97
use pkcs8::der::{Decode, Encode};
8+
use rand_core::TryRngCore;
109
use sha2::Sha256;
1110
use signature::{
1211
DigestVerifier, RandomizedDigestSigner, Signer, Verifier,
1312
hazmat::{PrehashSigner, PrehashVerifier},
1413
};
1514

16-
/// Seed used for the ChaCha8 RNG
17-
const SEED: u64 = 0x2103_1949;
18-
1915
/// Message to be signed/verified
2016
const MESSAGE: &[u8] = b"test";
2117

22-
/// Message signed by this crate using the keys generated by this CSPRNG
23-
///
24-
/// This signature was generated using the keys generated by this CSPRNG (the per-message `k` component was also generated using the CSPRNG)
18+
/// Message signed by this crate
2519
const MESSAGE_SIGNATURE_CRATE_ASN1: &[u8] = &[
2620
0x30, 0x2c, 0x2, 0x14, 0x4e, 0x12, 0x27, 0x75, 0x18, 0xf6, 0x40, 0xe3, 0x3a, 0xdb, 0x80, 0x6d,
2721
0xe7, 0x98, 0xd3, 0xa3, 0x40, 0xf5, 0x9d, 0xf, 0x2, 0x14, 0x17, 0x78, 0x1e, 0xc8, 0x53, 0x58,
2822
0x91, 0xe0, 0x3f, 0x2d, 0x36, 0x27, 0x36, 0x6b, 0xac, 0x8e, 0xd7, 0xf9, 0xa4, 0xcf,
2923
];
3024

31-
/// Message signed by OpenSSL using the keys generated by this CSPRNG
25+
/// Message signed by OpenSSL
3226
///
3327
/// This signature was generated using the SHA-256 digest
3428
const MESSAGE_SIGNATURE_OPENSSL_ASN1: &[u8] = &hex!(
@@ -37,14 +31,9 @@ const MESSAGE_SIGNATURE_OPENSSL_ASN1: &[u8] = &hex!(
3731
9925 a1d1 7bb8 c835 ca27 0931 ca6a"
3832
);
3933

40-
/// Get the seeded CSPRNG
41-
fn seeded_csprng() -> impl CryptoRng {
42-
ChaCha8Rng::seed_from_u64(SEED)
43-
}
44-
45-
/// Generate a DSA keypair using a seeded CSPRNG
46-
fn generate_deterministic_keypair() -> SigningKey {
47-
let mut rng = seeded_csprng();
34+
/// Generate a random DSA keypair
35+
fn generate_random_keypair() -> SigningKey {
36+
let mut rng = getrandom::SysRng.unwrap_err();
4837
let components = Components::generate(&mut rng, KeySize::DSA_1024_160);
4938
SigningKey::generate(&mut rng, components)
5039
}
@@ -69,43 +58,29 @@ fn decode_encode_signature() {
6958
}
7059

7160
#[test]
72-
fn sign_message() {
73-
let signing_key = generate_deterministic_keypair();
74-
let generated_signature = signing_key
75-
.sign_digest_with_rng(&mut seeded_csprng(), |digest: &mut Sha256| {
76-
digest.update(MESSAGE)
77-
});
78-
79-
let expected_signature =
80-
Signature::from_der(MESSAGE_SIGNATURE_CRATE_ASN1).expect("Failed to decode signature");
81-
82-
assert_eq!(generated_signature, expected_signature);
83-
}
84-
85-
#[test]
86-
fn verify_signature() {
87-
let signing_key = generate_deterministic_keypair();
88-
let verifying_key = signing_key.verifying_key();
89-
90-
let signature = Signature::from_der(MESSAGE_SIGNATURE_OPENSSL_ASN1)
91-
.expect("Failed to parse ASN.1 representation of the test signature");
61+
fn sign_verify_message() {
62+
let signing_key = generate_random_keypair();
63+
let mut rng = getrandom::SysRng.unwrap_err();
64+
let generated_signature =
65+
signing_key.sign_digest_with_rng(&mut rng, |digest: &mut Sha256| digest.update(MESSAGE));
9266

9367
assert!(
94-
verifying_key
68+
signing_key
69+
.verifying_key()
9570
.verify_digest(
9671
|digest: &mut Sha256| {
9772
digest.update(MESSAGE);
9873
Ok(())
9974
},
100-
&signature
75+
&generated_signature
10176
)
10277
.is_ok()
10378
);
10479
}
10580

10681
#[test]
10782
fn signer_verifier_signature() {
108-
let signing_key = generate_deterministic_keypair();
83+
let signing_key = generate_random_keypair();
10984
let verifying_key = signing_key.verifying_key();
11085
let message = b"Hello world! This is the message signed as part of the testing process.";
11186

@@ -135,7 +110,7 @@ fn signer_verifier_signature() {
135110
fn verify_signature_precision() {
136111
use der::{Sequence, asn1::Uint};
137112

138-
let signing_key = generate_deterministic_keypair();
113+
let signing_key = generate_random_keypair();
139114
let verifying_key = signing_key.verifying_key();
140115

141116
#[derive(Sequence)]

0 commit comments

Comments
 (0)