From 787119904b84ce389332edd71794691e12e5522e Mon Sep 17 00:00:00 2001 From: Tobias Kronthaler Date: Sat, 23 Aug 2025 21:41:19 +0200 Subject: [PATCH] Enhance tests: Negative assertions on invalid signatures Follow-up on a93b61c48fb587855f64a9ec11ad7b60e867cb15 --- tests/Algorithm/Signature/ECDSA/ECDSATest.php | 24 ++++++++++++++++++ tests/Algorithm/Signature/EdDSA/EdDSATest.php | 25 +++++++++++++++++++ 2 files changed, 49 insertions(+) diff --git a/tests/Algorithm/Signature/ECDSA/ECDSATest.php b/tests/Algorithm/Signature/ECDSA/ECDSATest.php index 7acffd1..3ea70ac 100644 --- a/tests/Algorithm/Signature/ECDSA/ECDSATest.php +++ b/tests/Algorithm/Signature/ECDSA/ECDSATest.php @@ -260,4 +260,28 @@ public static function getVectors(): iterable ), ]; } + + #[Test] + public function anInvalidSignatureCannotBeVerified(): void + { + // Given + $algorithm = ES256::create(); + $key = Ec2Key::create([ + Ec2Key::DATA_X => hex2bin('60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6'), + Ec2Key::DATA_Y => hex2bin('7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299'), + Ec2Key::DATA_D => hex2bin('C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721'), + Ec2Key::DATA_CURVE => Ec2Key::CURVE_P256, + Ec2Key::TYPE => Ec2Key::TYPE_EC2, + ]); + $data = 'sample'; + $signature = hex2bin( + 'EFD48B2AACB6A8FD1140DD9CD45E81D69D2C877B56AAF991C34D0EA84EAF3716F7CB1C942D657C41D436C7A1B6E29F65F3E900DBB9AFF4064DC4AB2F843ACDA8' + ); + $invalidSignature = $signature; + $invalidSignature[0] = $invalidSignature[0] ^ "\x01"; // Corrupt the signature + // When + $isValid = $algorithm->verify($data, $key, $invalidSignature); + // Then + static::assertFalse($isValid); + } } diff --git a/tests/Algorithm/Signature/EdDSA/EdDSATest.php b/tests/Algorithm/Signature/EdDSA/EdDSATest.php index c403e82..676d3f0 100644 --- a/tests/Algorithm/Signature/EdDSA/EdDSATest.php +++ b/tests/Algorithm/Signature/EdDSA/EdDSATest.php @@ -94,4 +94,29 @@ public static function getVectors(): iterable ), ]; } + + #[Test] + public function anInvalidSignatureCannotBeVerified(): void + { + // Given + $algorithm = Ed25519::create(); + + $key = OkpKey::create([ + OkpKey::DATA_X => base64_decode('11qYAYKxCrfVS/7TyWQHOg7hcvPapiMlrwIaaPcHURo', true), + OkpKey::DATA_D => base64_decode('nWGxne/9WmC6hEr0kuwsxERJxWl7MmkZcDusAxyuf2A', true), + OkpKey::DATA_CURVE => OkpKey::CURVE_ED25519, + OkpKey::TYPE => OkpKey::TYPE_OKP, + ]); + $data = 'eyJhbGciOiJFZERTQSJ9.RXhhbXBsZSBvZiBFZDI1NTE5IHNpZ25pbmc'; + $signature = base64_decode( + 'hgyY0il/MGCjP0JzlnLWG1PPOt7+09PGcvMg3AIbQR6dWbhijcNR4ki4iylGjg5BhVsPt9g7sVvpAr/MuM0KAg', + true + ); + $invalidSignature = $signature; + $invalidSignature[0] = $invalidSignature[0] ^ "\x01"; // Corrupt the signature + // When + $isValid = $algorithm->verify($data, $key, $invalidSignature); + // Then + static::assertFalse($isValid); + } }