From a4405bb9d6b638084df478fa4ac60a410332c2d8 Mon Sep 17 00:00:00 2001
From: "David I. Lehn" <dlehn@digitalbazaar.com>
Date: Tue, 15 Mar 2022 22:51:59 -0400
Subject: [PATCH] Improve signature verification tests.

- Attribute tests to Moosa Yahyazadeh (moosa-yahyazadeh@uiowa.edu)
- Add some details from initial report until it can be included in full.
- Line wrap test data.
---
 tests/unit/rsa.js | 247 +++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 234 insertions(+), 13 deletions(-)

diff --git a/tests/unit/rsa.js b/tests/unit/rsa.js
index def5c2d7..f1493545 100644
--- a/tests/unit/rsa.js
+++ b/tests/unit/rsa.js
@@ -775,7 +775,12 @@ var UTIL = require('../../lib/util');
       }
     })();
 
-    describe('bad data', function() {
+    describe('signature verification', function() {
+
+      // NOTE: Tests in this section, and associated fixes, are largely derived
+      // from a detailed vulnerability report provided by Moosa Yahyazadeh
+      // (moosa-yahyazadeh@uiowa.edu).
+
       // params for tests
 
       // public modulus / 256 bytes
@@ -844,64 +849,244 @@ var UTIL = require('../../lib/util');
 
       it('should check DigestInfo structure', function() {
         var publicKey = RSA.setPublicKey(N, e);
+        // 0xff bytes stolen from padding
+        // unchecked portion of PKCS#1 encoded message used to forge a
+        // signature when low public exponent is being used.
+        // See "Bleichenbacher's RSA signature forgery based on implementation
+        // error" by Hal Finney
+        // https://mailarchive.ietf.org/arch/msg/openpgp/5rnE9ZRN1AokBVj3VqblGlP63QE/
+
+        // 91 garbage byte injected as the value of a TLV replaced digest
+        // algorithm structure
+        var I = UTIL.binary.hex.decode(
+          '0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff' +
+          'ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff' +
+          'ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff' +
+          'ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0030' +
+          '7f065b8888888888888888888888888888888888888888888888888888888888' +
+          '8888888888888888888888888888888888888888888888888888888888888888' +
+          '8888888888888888888888888888888888888888888888888888888888880420' +
+          '7509e5bda0c762d2bac7f90d758b5b2263fa01ccbc542ab5e3df163be08e6ca9');
         var S = UTIL.binary.hex.decode(
-          'e7410e05bdc38d1c72fab784be41df3d3de2ae83894d9ec86cb5fe343d5dc7d45df2a36fc60363faf32f0d37ab457648af40a48a6c53ae7af0575e92cb1ffc236d55e1325af8c71b3ac313f2630fb498b8e1546093aca1ed56026a96cb525d991159a2d6ccbfd5ef63ae718f8ace2469e357ccf3f6a048bbf9760f5fb36b9dd38fb330eab504f05078b83f5d8bd95dce8fccc6b46babd56f678300f2b39083e53e04e79f503358a6222f8dd66b561fea3a51ecf3be16c9e2ea6ba8aaed9fbe6ba510ff752e4529385f759d4d6120b15f65534248ed5bbb1307a7d0a9838329697f5fbae91f48e478dcbb77190f0d173b6cb8b1299cf4202570d25d11a7862b47');
+          'e7410e05bdc38d1c72fab784be41df3d3de2ae83894d9ec86cb5fe343d5dc7d4' +
+          '5df2a36fc60363faf32f0d37ab457648af40a48a6c53ae7af0575e92cb1ffc23' +
+          '6d55e1325af8c71b3ac313f2630fb498b8e1546093aca1ed56026a96cb525d99' +
+          '1159a2d6ccbfd5ef63ae718f8ace2469e357ccf3f6a048bbf9760f5fb36b9dd3' +
+          '8fb330eab504f05078b83f5d8bd95dce8fccc6b46babd56f678300f2b39083e5' +
+          '3e04e79f503358a6222f8dd66b561fea3a51ecf3be16c9e2ea6ba8aaed9fbe6b' +
+          'a510ff752e4529385f759d4d6120b15f65534248ed5bbb1307a7d0a983832969' +
+          '7f5fbae91f48e478dcbb77190f0d173b6cb8b1299cf4202570d25d11a7862b47');
 
         _checkBadDigestInfo(publicKey, S);
       });
 
       it('should check tailing garbage and DigestInfo [1]', function() {
         var publicKey = RSA.setPublicKey(N, e);
+        // bytes stolen from padding and unchecked tailing bytes used to forge
+        // a signature when low public exponent is used
+
+        // 204 tailing garbage bytes injected after DigestInfo structure
+        var I = UTIL.binary.hex.decode(
+          '000100302f300b060960864801650304020104207509e5bda0c762d2bac7f90d' +
+          '758b5b2263fa01ccbc542ab5e3df163be08e6ca9888888888888888888888888' +
+          '8888888888888888888888888888888888888888888888888888888888888888' +
+          '8888888888888888888888888888888888888888888888888888888888888888' +
+          '8888888888888888888888888888888888888888888888888888888888888888' +
+          '8888888888888888888888888888888888888888888888888888888888888888' +
+          '8888888888888888888888888888888888888888888888888888888888888888' +
+          '8888888888888888888888888888888888888888888888888888888888888888');
         var S = UTIL.binary.hex.decode(
-          'c2ad2fa23c246ee98c453d69023e7ec05956b48bd0e287341ba9d342ad49b0fff2bcbb9adc50f1ccbfc54106305cc74a88db89ff94901a08359893a08426373e7949a8794798233445af6c48bc6ccbe278bdeb62c31e40c3bf0014af2faadcc9ed7885756789a5b95c2a355fbb3f04412f42e0f9ed335ab51af8f091a62aaaaf6577422220917daaece3ca2f4e66dc4e0574356762592052b406768c31c25cf4c1754e6da9dc3440e238c4f9b25cccc174dd1b17b027e0f9ce2763b86f0e6871690ddd018d2e774bc968c9c6e907a000daf5044ba31a0b9eefbd7b4b1ec466d20bc1dd3f020cb1091af6b476416da3024ea046b09fbbbc4d2355da9a2bc6ddb9');
+          'c2ad2fa23c246ee98c453d69023e7ec05956b48bd0e287341ba9d342ad49b0ff' +
+          'f2bcbb9adc50f1ccbfc54106305cc74a88db89ff94901a08359893a08426373e' +
+          '7949a8794798233445af6c48bc6ccbe278bdeb62c31e40c3bf0014af2faadcc9' +
+          'ed7885756789a5b95c2a355fbb3f04412f42e0f9ed335ab51af8f091a62aaaaf' +
+          '6577422220917daaece3ca2f4e66dc4e0574356762592052b406768c31c25cf4' +
+          'c1754e6da9dc3440e238c4f9b25cccc174dd1b17b027e0f9ce2763b86f0e6871' +
+          '690ddd018d2e774bc968c9c6e907a000daf5044ba31a0b9eefbd7b4b1ec466d2' +
+          '0bc1dd3f020cb1091af6b476416da3024ea046b09fbbbc4d2355da9a2bc6ddb9');
 
         _checkBadTailingGarbage(publicKey, S);
         _checkBadDigestInfo(publicKey, S, true);
       });
 
-      it('should check tailing garbage and DigestIfno [2]', function() {
+      it('should check tailing garbage and DigestInfo [2]', function() {
         var publicKey = RSA.setPublicKey(N, e);
+        // bytes stolen from padding and unchecked tailing bytes used to forge
+        // a signature when low public exponent is used
+
+        // 215 tailing garbage bytes injected after DigestInfo structure
+        // unchecked digest algorithm structure
+        // combined with earlier issue
+        var I = UTIL.binary.hex.decode(
+          '0001003024010004207509e5bda0c762d2bac7f90d758b5b2263fa01ccbc542a' +
+          'b5e3df163be08e6ca98888888888888888888888888888888888888888888888' +
+          '8888888888888888888888888888888888888888888888888888888888888888' +
+          '8888888888888888888888888888888888888888888888888888888888888888' +
+          '8888888888888888888888888888888888888888888888888888888888888888' +
+          '8888888888888888888888888888888888888888888888888888888888888888' +
+          '8888888888888888888888888888888888888888888888888888888888888888' +
+          '8888888888888888888888888888888888888888888888888888888888888888');
         var S = UTIL.binary.hex.decode(
-          'a7c5812d7fc0eef766a481aac18c8c48483daf9b5ffb6614bd98ebe4ecb746dd493cf5dd2cbe16ecaa0b52109b744930eda49316605fc823fd57a68b5b2c62e8c1b158b26e1547a2e33cdd79427d7c513f07d02261ffe43db197d8cddca2b5b43c1df85aaed6e91aadd44a46bff7f5c70f1acc1a193917e3908444632f30e69cfe95d8036d3b6ad318eefd3952804f16613c969e6d13604bb4e723dfad24c42c8d9b5b16a9f5a4b40dcf17b167d319017740f9cc0836436c14d51c3d8a697f1fa2b65196deb5c21b1559c7dea7f598007fa7320909825009f8bf376491c298d8155a382e967042db952e995d14b2f961e1b22f911d1b77895def1c7ef229c87e');
+          'a7c5812d7fc0eef766a481aac18c8c48483daf9b5ffb6614bd98ebe4ecb746dd' +
+          '493cf5dd2cbe16ecaa0b52109b744930eda49316605fc823fd57a68b5b2c62e8' +
+          'c1b158b26e1547a2e33cdd79427d7c513f07d02261ffe43db197d8cddca2b5b4' +
+          '3c1df85aaed6e91aadd44a46bff7f5c70f1acc1a193917e3908444632f30e69c' +
+          'fe95d8036d3b6ad318eefd3952804f16613c969e6d13604bb4e723dfad24c42c' +
+          '8d9b5b16a9f5a4b40dcf17b167d319017740f9cc0836436c14d51c3d8a697f1f' +
+          'a2b65196deb5c21b1559c7dea7f598007fa7320909825009f8bf376491c298d8' +
+          '155a382e967042db952e995d14b2f961e1b22f911d1b77895def1c7ef229c87e');
 
         _checkBadTailingGarbage(publicKey, S);
         _checkBadDigestInfo(publicKey, S, true);
       });
 
       it('should check tailing garbage and DigestInfo [e=3]', function() {
+        // signature forged without knowledge of private key for given message
+        // and low exponent e=3
+
+        // test data computed from a script
         var N = new JSBN.BigInteger(
-          '29438513389594867490232201282478838726734464161887801289068585100507839535636256317277708295678804401391394313946142335874609638666081950936114152574870224034382561784743283763961349980806819078028975594777103388280272392844112380900374508170221075553517641170327441791034393719271744724924194371070527213991317221667249077972700842199037403799480569910844701030644322616045408039715278394572328099192023924503077673178227614549351191204851805076359472439160130994385433568113626206477097769842080459156024112389406200687233341779381667082591421496870666931268548504674362230725756397511775557878046572472650613407143');
+          '2943851338959486749023220128247883872673446416188780128906858510' +
+          '0507839535636256317277708295678804401391394313946142335874609638' +
+          '6660819509361141525748702240343825617847432837639613499808068190' +
+          '7802897559477710338828027239284411238090037450817022107555351764' +
+          '1170327441791034393719271744724924194371070527213991317221667249' +
+          '0779727008421990374037994805699108447010306443226160454080397152' +
+          '7839457232809919202392450307767317822761454935119120485180507635' +
+          '9472439160130994385433568113626206477097769842080459156024112389' +
+          '4062006872333417793816670825914214968706669312685485046743622307' +
+          '25756397511775557878046572472650613407143');
         var e = new JSBN.BigInteger('3');
         var publicKey = RSA.setPublicKey(N, e);
 
         var S = UTIL.binary.hex.decode(
-          '0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002853ccc2cd32a8d430dd3bde37e70782ac82cdb7bce3c044219b50aefd689c20d3b840299f28e2fde6c67c8a7f9e528ac222fae947a6dee0d812e3c3b3452171717396e8bedc3132d92d8317e3593642640d1431ef');
+          '0000000000000000000000000000000000000000000000000000000000000000' +
+          '0000000000000000000000000000000000000000000000000000000000000000' +
+          '0000000000000000000000000000000000000000000000000000000000000000' +
+          '0000000000000000000000000000000000000000000000000000000000000000' +
+          '0000000000000000000000000000000000000000000000000000000000000000' +
+          '00000000000000000000002853ccc2cd32a8d430dd3bde37e70782ac82cdb7bc' +
+          'e3c044219b50aefd689c20d3b840299f28e2fde6c67c8a7f9e528ac222fae947' +
+          'a6dee0d812e3c3b3452171717396e8bedc3132d92d8317e3593642640d1431ef');
 
         _checkBadTailingGarbage(publicKey, S);
         _checkBadDigestInfo(publicKey, S, true);
       });
 
       it('should check tailing garbage and DigestInfo [e=5]', function() {
+        // signature forged without knowledge of private key for given message
+        // and low exponent e=5
+
+        // test data computed from a script
         var N = new JSBN.BigInteger(
-          '29438513389594867490232201282478838726734464161887801289068585100507839535636256317277708295678804401391394313946142335874609638666081950936114152574870224034382561784743283763961349980806819078028975594777103388280272392844112380900374508170221075553517641170327441791034393719271744724924194371070527213991317221667249077972700842199037403799480569910844701030644322616045408039715278394572328099192023924503077673178227614549351191204851805076359472439160130994385433568113626206477097769842080459156024112389406200687233341779381667082591421496870666931268548504674362230725756397511775557878046572472650613407143');
+          '2943851338959486749023220128247883872673446416188780128906858510' +
+          '0507839535636256317277708295678804401391394313946142335874609638' +
+          '6660819509361141525748702240343825617847432837639613499808068190' +
+          '7802897559477710338828027239284411238090037450817022107555351764' +
+          '1170327441791034393719271744724924194371070527213991317221667249' +
+          '0779727008421990374037994805699108447010306443226160454080397152' +
+          '7839457232809919202392450307767317822761454935119120485180507635' +
+          '9472439160130994385433568113626206477097769842080459156024112389' +
+          '4062006872333417793816670825914214968706669312685485046743622307' +
+          '25756397511775557878046572472650613407143');
         var e = new JSBN.BigInteger('5');
         var publicKey = RSA.setPublicKey(N, e);
 
         var S = UTIL.binary.hex.decode(
-          '000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005475fe2681d7125972bd2c2f2c7ab7b8003b03d4a487d6dee07c14eb5212a9fe0071b93f84ba5bb4b0cfaf20c976b11d902013');
+          '0000000000000000000000000000000000000000000000000000000000000000' +
+          '0000000000000000000000000000000000000000000000000000000000000000' +
+          '0000000000000000000000000000000000000000000000000000000000000000' +
+          '0000000000000000000000000000000000000000000000000000000000000000' +
+          '0000000000000000000000000000000000000000000000000000000000000000' +
+          '0000000000000000000000000000000000000000000000000000000000000000' +
+          '000000000000000000000000005475fe2681d7125972bd2c2f2c7ab7b8003b03' +
+          'd4a487d6dee07c14eb5212a9fe0071b93f84ba5bb4b0cfaf20c976b11d902013');
 
         _checkBadTailingGarbage(publicKey, S);
         _checkBadDigestInfo(publicKey, S, true);
       });
 
       it('should check tailing garbage and DigestInfo [e=17]', function() {
+        // signature forged without knowledge of private key for given message
+        // and low exponent e=17
+
+        // test data computed from a script
         var N = new JSBN.BigInteger(
-          '928365641661298526294114382771769657905695995680009680444002258089796055192245321020911051590379097587133341820043795407471021630328875171430160513961779154294247563032373839871165519961382202811828883364651574763124699947662060849683176689286181021501400261976653416725246403933613615758181648971537689642956474563961490989544033629566558036444831495046301215543198107208071526376318961481739278769122885031686763776874806317352741548232110892401401727195758835975800106904020775937891505819798776295294696516670437057465296389148672556848624501468669295285428387365416747516180652630054765393335211528084329716917821726670549155619986875030049107668205064454104328601041931972319966348825621299693193542460060799067674344247887198933507132592770898312271636011037138984729256515515185153334743685479709085410902269777563691615719884708908509618352792737826421059819474305949001978916949447029010362775778664826653636547333219983468955600305523140183269580452792812503399042201081785972707218144968460623663922470814889738564730816412201128810370324070680245854669130551872958017494277468722193869883705529583737211815974801292292728082721785855274147991979220001018156560009927148374995236030383474031418802554714043680969417015155298092390680188406177667101020936206754551985229636814788735090951246816765035721775759652424641736739668936540450232814857289312589998505627375553038062765493408460941597629291231866042662108291164359496334978563287523685872262509560463225096226739991402761266388226652661345282274508037924611589455395655512013078629375186805951823181371561289129616028768733583565439798508002546685505512478002960132511531323264596144585611962969372672455541953777622436993987703564293487820434112162562492086865147598436647725445230861246093950020099084994990632102506848190196407855705745530407617253129971665939853842224965079537303198339986953399517682750248394628026225887174258267456078564070387327653989505416943226163989004419377363130466566387761757272563996086708621913140580687414698126490572618509858141748692837570235128900627675422927964369356691123905362222855545719945605604307263252851081309622569225811979426856464673233875589085773616373798857001344093594417138323005260179781153950803127773817702016534081581157881295739782000814998795398671806283018844936919299070562538763900037469485135699677248580365379125702903186174995651938469412191388327852955727869345476087173047665259892129895247785416834855450881318585909376917039');
+          '9283656416612985262941143827717696579056959956800096804440022580' +
+          '8979605519224532102091105159037909758713334182004379540747102163' +
+          '0328875171430160513961779154294247563032373839871165519961382202' +
+          '8118288833646515747631246999476620608496831766892861810215014002' +
+          '6197665341672524640393361361575818164897153768964295647456396149' +
+          '0989544033629566558036444831495046301215543198107208071526376318' +
+          '9614817392787691228850316867637768748063173527415482321108924014' +
+          '0172719575883597580010690402077593789150581979877629529469651667' +
+          '0437057465296389148672556848624501468669295285428387365416747516' +
+          '1806526300547653933352115280843297169178217266705491556199868750' +
+          '3004910766820506445410432860104193197231996634882562129969319354' +
+          '2460060799067674344247887198933507132592770898312271636011037138' +
+          '9847292565155151851533347436854797090854109022697775636916157198' +
+          '8470890850961835279273782642105981947430594900197891694944702901' +
+          '0362775778664826653636547333219983468955600305523140183269580452' +
+          '7928125033990422010817859727072181449684606236639224708148897385' +
+          '6473081641220112881037032407068024585466913055187295801749427746' +
+          '8722193869883705529583737211815974801292292728082721785855274147' +
+          '9919792200010181565600099271483749952360303834740314188025547140' +
+          '4368096941701515529809239068018840617766710102093620675455198522' +
+          '9636814788735090951246816765035721775759652424641736739668936540' +
+          '4502328148572893125899985056273755530380627654934084609415976292' +
+          '9123186604266210829116435949633497856328752368587226250956046322' +
+          '5096226739991402761266388226652661345282274508037924611589455395' +
+          '6555120130786293751868059518231813715612891296160287687335835654' +
+          '3979850800254668550551247800296013251153132326459614458561196296' +
+          '9372672455541953777622436993987703564293487820434112162562492086' +
+          '8651475984366477254452308612460939500200990849949906321025068481' +
+          '9019640785570574553040761725312997166593985384222496507953730319' +
+          '8339986953399517682750248394628026225887174258267456078564070387' +
+          '3276539895054169432261639890044193773631304665663877617572725639' +
+          '9608670862191314058068741469812649057261850985814174869283757023' +
+          '5128900627675422927964369356691123905362222855545719945605604307' +
+          '2632528510813096225692258119794268564646732338755890857736163737' +
+          '9885700134409359441713832300526017978115395080312777381770201653' +
+          '4081581157881295739782000814998795398671806283018844936919299070' +
+          '5625387639000374694851356996772485803653791257029031861749956519' +
+          '3846941219138832785295572786934547608717304766525989212989524778' +
+          '5416834855450881318585909376917039');
         var e = new JSBN.BigInteger('17');
         var publicKey = RSA.setPublicKey(N, e);
 
         var S = UTIL.binary.hex.decode(
-          '00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001eb90acbec1bf590ba1e50960db8381fb5bdc363d46379d09956560a616b88616ce7fa4309dc45f47f5fa47d61bf66baa3d11732ce71768ded295f962');
+          '0000000000000000000000000000000000000000000000000000000000000000' +
+          '0000000000000000000000000000000000000000000000000000000000000000' +
+          '0000000000000000000000000000000000000000000000000000000000000000' +
+          '0000000000000000000000000000000000000000000000000000000000000000' +
+          '0000000000000000000000000000000000000000000000000000000000000000' +
+          '0000000000000000000000000000000000000000000000000000000000000000' +
+          '0000000000000000000000000000000000000000000000000000000000000000' +
+          '0000000000000000000000000000000000000000000000000000000000000000' +
+          '0000000000000000000000000000000000000000000000000000000000000000' +
+          '0000000000000000000000000000000000000000000000000000000000000000' +
+          '0000000000000000000000000000000000000000000000000000000000000000' +
+          '0000000000000000000000000000000000000000000000000000000000000000' +
+          '0000000000000000000000000000000000000000000000000000000000000000' +
+          '0000000000000000000000000000000000000000000000000000000000000000' +
+          '0000000000000000000000000000000000000000000000000000000000000000' +
+          '0000000000000000000000000000000000000000000000000000000000000000' +
+          '0000000000000000000000000000000000000000000000000000000000000000' +
+          '0000000000000000000000000000000000000000000000000000000000000000' +
+          '0000000000000000000000000000000000000000000000000000000000000000' +
+          '0000000000000000000000000000000000000000000000000000000000000000' +
+          '0000000000000000000000000000000000000000000000000000000000000000' +
+          '0000000000000000000000000000000000000000000000000000000000000000' +
+          '0000000000000000000000000000000000000000000000000000000000000000' +
+          '0000000000000000000000000000000000000000000000000000000000000000' +
+          '0000000000000000000000000000000000000000000000000000000000000000' +
+          '0000000000000000000000000000000000000000000000000000000000000000' +
+          '0000000000000000000000000000000000000000000000000000000000000000' +
+          '0000000000000000000000000000000000000000000000000000000000000000' +
+          '0000000000000000000000000000000000000000000000000000000000000000' +
+          '0000000000000000000000000000000000000000000000000000000000000000' +
+          '00000001eb90acbec1bf590ba1e50960db8381fb5bdc363d46379d09956560a6' +
+          '16b88616ce7fa4309dc45f47f5fa47d61bf66baa3d11732ce71768ded295f962');
 
         _checkBadTailingGarbage(publicKey, S);
         _checkBadDigestInfo(publicKey, S, true);
@@ -909,16 +1094,52 @@ var UTIL = require('../../lib/util');
 
       it('should check DigestInfo type octet [1]', function() {
         var publicKey = RSA.setPublicKey(N, e);
+        // incorrect value for digest algorithm's type octet
+        // 0x0c instead of correct 0x06
+        var I = UTIL.binary.hex.decode(
+          '0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff' +
+          'ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff' +
+          'ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff' +
+          'ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff' +
+          'ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff' +
+          'ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff' +
+          'ffffffffffffffffffffffff0030310c0d060960864801650304020105000420' +
+          '7509e5bda0c762d2bac7f90d758b5b2263fa01ccbc542ab5e3df163be08e6ca9');
         var S = UTIL.binary.hex.decode(
-          'd8298a199e1b6ac18f3c0067a004bd9ff7af87be6ad857d73cc3d24ef06195b82aaddb0194f8e61fc31453b9163062255e8baf9c480200d0991a5f764f63d5f6afd283b9cd6afe54f0b7f738707b4eb6b8807539bb627e74db87a50413ab18e504e37975aad1edc612bc8ecad53b81ea249deb5a2acc27e6419c61ab9acec6608f5ae6a2985ba0b6f42d831bc6cce4b044864154b935cf179967d129e0ad8eda9bfbb638121c3ff13c64d439632e62250d4be928a3deb112ef76a025c5d918051e601878eac0049fc9d82be9ae3475deb7ca515c830c20b91b7bedf2184fef66aea0bde62ccd1659afbfd1342322b095309451b1a87e007e640e368fb68a13c9');
+          'd8298a199e1b6ac18f3c0067a004bd9ff7af87be6ad857d73cc3d24ef06195b8' +
+          '2aaddb0194f8e61fc31453b9163062255e8baf9c480200d0991a5f764f63d5f6' +
+          'afd283b9cd6afe54f0b7f738707b4eb6b8807539bb627e74db87a50413ab18e5' +
+          '04e37975aad1edc612bc8ecad53b81ea249deb5a2acc27e6419c61ab9acec660' +
+          '8f5ae6a2985ba0b6f42d831bc6cce4b044864154b935cf179967d129e0ad8eda' +
+          '9bfbb638121c3ff13c64d439632e62250d4be928a3deb112ef76a025c5d91805' +
+          '1e601878eac0049fc9d82be9ae3475deb7ca515c830c20b91b7bedf2184fef66' +
+          'aea0bde62ccd1659afbfd1342322b095309451b1a87e007e640e368fb68a13c9');
 
         _checkBadDigestInfo(publicKey, S);
       });
 
       it('should check DigestInfo type octet [2]', function() {
         var publicKey = RSA.setPublicKey(N, e);
+        // incorrect value for hash value's type octet
+        // 0x0a instead of correct 0x04
+        var I = UTIL.binary.hex.decode(
+          '0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff' +
+          'ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff' +
+          'ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff' +
+          'ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff' +
+          'ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff' +
+          'ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff' +
+          'ffffffffffffffffffffffff003031300d060960864801650304020105000a20' +
+          '7509e5bda0c762d2bac7f90d758b5b2263fa01ccbc542ab5e3df163be08e6ca9');
         var S = UTIL.binary.hex.decode(
-          'c1acdd3aef5f0439c254980295fc0d81b628df00726310a1041d79b5dd94c11d3bcaf0236763c77c25d9ab49522ed2a7d6ea3a4e483a29838acd48f2d60a790275f4cd46e4b1d09c527a426ec373e8a21746ad3ea541d3b85ba4c303ff793ea8a0a3458e93a7ec42ed66f675d7c299b0817ac95f7f45b2f48c09b3c070171f31a33ac789da9943da5dabcda1c95b42531d45484ac1efde0fe0519077debb93183e63de8f80d7f3cbfecb03cbb44ac4a2d56699e33fca0663b79ca627755fc4fc684b4ab358a0b4ac5b7e9d0cc18b6ab6300b40781502a1c03d34f31dd19d81195f8a44bc03a2595a706f06f0cb39b8e3f4afe06675fe7439b057f1200a06f4fd');
+          'c1acdd3aef5f0439c254980295fc0d81b628df00726310a1041d79b5dd94c11d' +
+          '3bcaf0236763c77c25d9ab49522ed2a7d6ea3a4e483a29838acd48f2d60a7902' +
+          '75f4cd46e4b1d09c527a426ec373e8a21746ad3ea541d3b85ba4c303ff793ea8' +
+          'a0a3458e93a7ec42ed66f675d7c299b0817ac95f7f45b2f48c09b3c070171f31' +
+          'a33ac789da9943da5dabcda1c95b42531d45484ac1efde0fe0519077debb9318' +
+          '3e63de8f80d7f3cbfecb03cbb44ac4a2d56699e33fca0663b79ca627755fc4fc' +
+          '684b4ab358a0b4ac5b7e9d0cc18b6ab6300b40781502a1c03d34f31dd19d8119' +
+          '5f8a44bc03a2595a706f06f0cb39b8e3f4afe06675fe7439b057f1200a06f4fd');
 
         _checkBadDigestInfo(publicKey, S);
       });