| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "net/cert/internal/signature_algorithm.h" |
| 6 |
| 7 #include "base/files/file_util.h" |
| 8 #include "base/strings/string_number_conversions.h" |
| 9 #include "net/base/test_data_directory.h" |
| 10 #include "net/cert/pem_tokenizer.h" |
| 11 #include "net/der/input.h" |
| 12 #include "net/der/parser.h" |
| 13 #include "testing/gtest/include/gtest/gtest.h" |
| 14 |
| 15 namespace net { |
| 16 |
| 17 namespace { |
| 18 |
| 19 // Try parsing a SignatureAlgorithm given an empty DER input. |
| 20 TEST(SignatureAlgorithmTest, ParseInvalidDer_Empty) { |
| 21 SignatureAlgorithm algorithm; |
| 22 ASSERT_FALSE(algorithm.AssignFromDer(der::Input())); |
| 23 } |
| 24 |
| 25 // Try parsing a SignatureAlgorithm given invalid DER input. |
| 26 TEST(SignatureAlgorithmTest, ParseInvalidDer_Bogus) { |
| 27 const uint8_t kData[] = {0x00}; |
| 28 SignatureAlgorithm algorithm; |
| 29 ASSERT_FALSE(algorithm.AssignFromDer(der::Input(kData))); |
| 30 } |
| 31 |
| 32 // Parses a sha-1WithRSAEncryption which contains no parameters field. |
| 33 // |
| 34 // SEQUENCE (1 elem) |
| 35 // OBJECT IDENTIFIER 1.2.840.113549.1.1.5 |
| 36 TEST(SignatureAlgorithmTest, ParseDer_sha1WithRSAEncryption_NoParams) { |
| 37 const uint8_t kData[] = {0x30, |
| 38 0x0B, |
| 39 0x06, |
| 40 0x09, |
| 41 0x2A, |
| 42 0x86, |
| 43 0x48, |
| 44 0x86, |
| 45 0xF7, |
| 46 0x0D, |
| 47 0x01, |
| 48 0x01, |
| 49 0x05}; |
| 50 SignatureAlgorithm algorithm; |
| 51 ASSERT_TRUE(algorithm.AssignFromDer(der::Input(kData))); |
| 52 |
| 53 EXPECT_EQ(SignatureAlgorithmId::RsaPkcs1_5, algorithm.algorithm); |
| 54 EXPECT_EQ(DigestAlgorithmId::Sha1, algorithm.digest); |
| 55 } |
| 56 |
| 57 // Parses a sha-1WithRSAEncryption which contains a NULL parameters field. |
| 58 // |
| 59 // SEQUENCE (2 elem) |
| 60 // OBJECT IDENTIFIER 1.2.840.113549.1.1.5 |
| 61 // NULL |
| 62 TEST(SignatureAlgorithmTest, ParseDer_sha1WithRSAEncryption_NullParams) { |
| 63 const uint8_t kData[] = {0x30, |
| 64 0x0D, |
| 65 0x06, |
| 66 0x09, |
| 67 0x2A, |
| 68 0x86, |
| 69 0x48, |
| 70 0x86, |
| 71 0xF7, |
| 72 0x0D, |
| 73 0x01, |
| 74 0x01, |
| 75 0x05, |
| 76 0x05, |
| 77 0x00}; |
| 78 SignatureAlgorithm algorithm; |
| 79 ASSERT_TRUE(algorithm.AssignFromDer(der::Input(kData))); |
| 80 |
| 81 EXPECT_EQ(SignatureAlgorithmId::RsaPkcs1_5, algorithm.algorithm); |
| 82 EXPECT_EQ(DigestAlgorithmId::Sha1, algorithm.digest); |
| 83 } |
| 84 |
| 85 // Parses a sha-1WithRSAEncryption which contains an unexpected parameters |
| 86 // field. Instead of being NULL or omitted, it is an integer. |
| 87 // |
| 88 // SEQUENCE (2 elem) |
| 89 // OBJECT IDENTIFIER 1.2.840.113549.1.1.5 |
| 90 // INTEGER 0 |
| 91 TEST(SignatureAlgorithmTest, |
| 92 ParseInvalidDer_sha1WithRSAEncryption_NonNullParams) { |
| 93 const uint8_t kData[] = {0x30, |
| 94 0x0E, |
| 95 0x06, |
| 96 0x09, |
| 97 0x2A, |
| 98 0x86, |
| 99 0x48, |
| 100 0x86, |
| 101 0xF7, |
| 102 0x0D, |
| 103 0x01, |
| 104 0x01, |
| 105 0x05, |
| 106 0x02, |
| 107 0x01, |
| 108 0x00}; |
| 109 SignatureAlgorithm algorithm; |
| 110 ASSERT_FALSE(algorithm.AssignFromDer(der::Input(kData))); |
| 111 } |
| 112 |
| 113 // Parses a sha-1WithRSAEncryption which contains a bad NULL parameters field. |
| 114 // Normally NULL is encoded as {0x05, 0x00} (tag for NULL and length of 0). Here |
| 115 // NULL is encoded as having a length of 1 instead, followed by data 0x09. |
| 116 // |
| 117 // SEQUENCE (2 elem) |
| 118 // OBJECT IDENTIFIER 1.2.840.113549.1.1.5 |
| 119 // NULL |
| 120 TEST(SignatureAlgorithmTest, |
| 121 ParseInvalidDer_sha1WithRSAEncryption_BadNullParams) { |
| 122 const uint8_t kData[] = {0x30, |
| 123 0x0E, |
| 124 0x06, |
| 125 0x09, |
| 126 0x2A, |
| 127 0x86, |
| 128 0x48, |
| 129 0x86, |
| 130 0xF7, |
| 131 0x0D, |
| 132 0x01, |
| 133 0x01, |
| 134 0x05, |
| 135 0x05, |
| 136 0x01, |
| 137 0x09}; |
| 138 SignatureAlgorithm algorithm; |
| 139 ASSERT_FALSE(algorithm.AssignFromDer(der::Input(kData))); |
| 140 } |
| 141 |
| 142 // Parses a sha-1WithRSAEncryption which contains a NULL parameters field, |
| 143 // followed by an integer. |
| 144 // |
| 145 // SEQUENCE (3 elem) |
| 146 // OBJECT IDENTIFIER 1.2.840.113549.1.1.5 |
| 147 // NULL |
| 148 // INTEGER 0 |
| 149 TEST(SignatureAlgorithmTest, |
| 150 ParseInvalidDer_sha1WithRSAEncryption_NullParamsThenInteger) { |
| 151 const uint8_t kData[] = {0x30, |
| 152 0x10, |
| 153 0x06, |
| 154 0x09, |
| 155 0x2A, |
| 156 0x86, |
| 157 0x48, |
| 158 0x86, |
| 159 0xF7, |
| 160 0x0D, |
| 161 0x01, |
| 162 0x01, |
| 163 0x05, |
| 164 0x05, |
| 165 0x00, |
| 166 0x02, |
| 167 0x01, |
| 168 0x00}; |
| 169 SignatureAlgorithm algorithm; |
| 170 ASSERT_FALSE(algorithm.AssignFromDer(der::Input(kData))); |
| 171 } |
| 172 |
| 173 // Try parsing a SignatureAlgorithm given DER which does not encode a sequence. |
| 174 // |
| 175 // INTEGER 0 |
| 176 TEST(SignatureAlgorithmTest, ParseInvalidDer_NotASequence) { |
| 177 const uint8_t kData[] = { |
| 178 0x02, 0x01, 0x00, |
| 179 }; |
| 180 SignatureAlgorithm algorithm; |
| 181 ASSERT_FALSE(algorithm.AssignFromDer(der::Input(kData))); |
| 182 } |
| 183 |
| 184 // Parses a sha256WithRSAEncryption which contains no parameters field. |
| 185 // |
| 186 // SEQUENCE (1 elem) |
| 187 // OBJECT IDENTIFIER 1.2.840.113549.1.1.11 |
| 188 TEST(SignatureAlgorithmTest, ParseDer_sha256WithRSAEncryption_NoParams) { |
| 189 const uint8_t kData[] = {0x30, |
| 190 0x0B, |
| 191 0x06, |
| 192 0x09, |
| 193 0x2a, |
| 194 0x86, |
| 195 0x48, |
| 196 0x86, |
| 197 0xf7, |
| 198 0x0d, |
| 199 0x01, |
| 200 0x01, |
| 201 0x0b}; |
| 202 SignatureAlgorithm algorithm; |
| 203 ASSERT_TRUE(algorithm.AssignFromDer(der::Input(kData))); |
| 204 |
| 205 EXPECT_EQ(SignatureAlgorithmId::RsaPkcs1_5, algorithm.algorithm); |
| 206 EXPECT_EQ(DigestAlgorithmId::Sha256, algorithm.digest); |
| 207 } |
| 208 |
| 209 // Parses a sha384WithRSAEncryption which contains no parameters field. |
| 210 // |
| 211 // SEQUENCE (1 elem) |
| 212 // OBJECT IDENTIFIER 1.2.840.113549.1.1.12 |
| 213 TEST(SignatureAlgorithmTest, ParseDer_sha384WithRSAEncryption_NoParams) { |
| 214 const uint8_t kData[] = {0x30, |
| 215 0x0B, |
| 216 0x06, |
| 217 0x09, |
| 218 0x2a, |
| 219 0x86, |
| 220 0x48, |
| 221 0x86, |
| 222 0xf7, |
| 223 0x0d, |
| 224 0x01, |
| 225 0x01, |
| 226 0x0c}; |
| 227 SignatureAlgorithm algorithm; |
| 228 ASSERT_TRUE(algorithm.AssignFromDer(der::Input(kData))); |
| 229 |
| 230 EXPECT_EQ(SignatureAlgorithmId::RsaPkcs1_5, algorithm.algorithm); |
| 231 EXPECT_EQ(DigestAlgorithmId::Sha384, algorithm.digest); |
| 232 } |
| 233 |
| 234 // Parses a sha512WithRSAEncryption which contains no parameters field. |
| 235 // |
| 236 // SEQUENCE (1 elem) |
| 237 // OBJECT IDENTIFIER 1.2.840.113549.1.1.13 |
| 238 TEST(SignatureAlgorithmTest, ParseDer_sha512WithRSAEncryption_NoParams) { |
| 239 const uint8_t kData[] = {0x30, |
| 240 0x0B, |
| 241 0x06, |
| 242 0x09, |
| 243 0x2a, |
| 244 0x86, |
| 245 0x48, |
| 246 0x86, |
| 247 0xf7, |
| 248 0x0d, |
| 249 0x01, |
| 250 0x01, |
| 251 0x0d}; |
| 252 SignatureAlgorithm algorithm; |
| 253 ASSERT_TRUE(algorithm.AssignFromDer(der::Input(kData))); |
| 254 |
| 255 EXPECT_EQ(SignatureAlgorithmId::RsaPkcs1_5, algorithm.algorithm); |
| 256 EXPECT_EQ(DigestAlgorithmId::Sha512, algorithm.digest); |
| 257 } |
| 258 |
| 259 // Parses a sha224WithRSAEncryption which contains no parameters field. This |
| 260 // fails because the parsing code does not enumerate this OID (even though it is |
| 261 // in fact valid). |
| 262 // |
| 263 // SEQUENCE (1 elem) |
| 264 // OBJECT IDENTIFIER 1.2.840.113549.1.1.14 |
| 265 TEST(SignatureAlgorithmTest, ParseDer_sha224WithRSAEncryption_NoParams) { |
| 266 const uint8_t kData[] = {0x30, |
| 267 0x0B, |
| 268 0x06, |
| 269 0x09, |
| 270 0x2a, |
| 271 0x86, |
| 272 0x48, |
| 273 0x86, |
| 274 0xf7, |
| 275 0x0d, |
| 276 0x01, |
| 277 0x01, |
| 278 0x0e}; |
| 279 SignatureAlgorithm algorithm; |
| 280 ASSERT_FALSE(algorithm.AssignFromDer(der::Input(kData))); |
| 281 } |
| 282 |
| 283 // Parses a ecdsa-with-SHA1 which contains no parameters field. |
| 284 // |
| 285 // SEQUENCE (1 elem) |
| 286 // OBJECT IDENTIFIER 1.2.840.10045.4.1 |
| 287 TEST(SignatureAlgorithmTest, ParseDer_ecdsaWithSHA1_NoParams) { |
| 288 const uint8_t kData[] = { |
| 289 0x30, 0x09, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x01}; |
| 290 SignatureAlgorithm algorithm; |
| 291 ASSERT_TRUE(algorithm.AssignFromDer(der::Input(kData))); |
| 292 |
| 293 EXPECT_EQ(SignatureAlgorithmId::Ecdsa, algorithm.algorithm); |
| 294 EXPECT_EQ(DigestAlgorithmId::Sha1, algorithm.digest); |
| 295 } |
| 296 |
| 297 // Parses a ecdsa-with-SHA256 which contains no parameters field. |
| 298 // |
| 299 // SEQUENCE (1 elem) |
| 300 // OBJECT IDENTIFIER 1.2.840.10045.4.2 |
| 301 TEST(SignatureAlgorithmTest, ParseDer_ecdsaWithSHA256_NoParams) { |
| 302 const uint8_t kData[] = { |
| 303 0x30, 0x0A, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02}; |
| 304 SignatureAlgorithm algorithm; |
| 305 ASSERT_TRUE(algorithm.AssignFromDer(der::Input(kData))); |
| 306 |
| 307 EXPECT_EQ(SignatureAlgorithmId::Ecdsa, algorithm.algorithm); |
| 308 EXPECT_EQ(DigestAlgorithmId::Sha256, algorithm.digest); |
| 309 } |
| 310 |
| 311 // Parses a ecdsa-with-SHA384 which contains no parameters field. |
| 312 // |
| 313 // SEQUENCE (1 elem) |
| 314 // OBJECT IDENTIFIER 1.2.840.10045.4.3 |
| 315 TEST(SignatureAlgorithmTest, ParseDer_ecdsaWithSHA384_NoParams) { |
| 316 const uint8_t kData[] = { |
| 317 0x30, 0x0A, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x03}; |
| 318 SignatureAlgorithm algorithm; |
| 319 ASSERT_TRUE(algorithm.AssignFromDer(der::Input(kData))); |
| 320 |
| 321 EXPECT_EQ(SignatureAlgorithmId::Ecdsa, algorithm.algorithm); |
| 322 EXPECT_EQ(DigestAlgorithmId::Sha384, algorithm.digest); |
| 323 } |
| 324 |
| 325 // Parses a ecdsa-with-SHA512 which contains no parameters field. |
| 326 // |
| 327 // SEQUENCE (1 elem) |
| 328 // OBJECT IDENTIFIER 1.2.840.10045.4.4 |
| 329 TEST(SignatureAlgorithmTest, ParseDer_ecdsaWithSHA512_NoParams) { |
| 330 const uint8_t kData[] = { |
| 331 0x30, 0x0A, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x04}; |
| 332 SignatureAlgorithm algorithm; |
| 333 ASSERT_TRUE(algorithm.AssignFromDer(der::Input(kData))); |
| 334 |
| 335 EXPECT_EQ(SignatureAlgorithmId::Ecdsa, algorithm.algorithm); |
| 336 EXPECT_EQ(DigestAlgorithmId::Sha512, algorithm.digest); |
| 337 } |
| 338 |
| 339 TEST(SignatureAlgorithmTest, Equals_DigestMismatch) { |
| 340 SignatureAlgorithm alg1 = {SignatureAlgorithmId::RsaPkcs1_5, |
| 341 DigestAlgorithmId::Sha1}; |
| 342 SignatureAlgorithm alg2 = {SignatureAlgorithmId::RsaPkcs1_5, |
| 343 DigestAlgorithmId::Sha256}; |
| 344 |
| 345 ASSERT_FALSE(alg1.Equals(alg2)); |
| 346 } |
| 347 |
| 348 TEST(SignatureAlgorithmTest, Equals_AlgorithmMismatch) { |
| 349 SignatureAlgorithm alg1 = {SignatureAlgorithmId::Ecdsa, |
| 350 DigestAlgorithmId::Sha256}; |
| 351 SignatureAlgorithm alg2 = {SignatureAlgorithmId::RsaPkcs1_5, |
| 352 DigestAlgorithmId::Sha256}; |
| 353 |
| 354 ASSERT_FALSE(alg1.Equals(alg2)); |
| 355 } |
| 356 |
| 357 TEST(SignatureAlgorithmTest, Equals_Match) { |
| 358 SignatureAlgorithm alg1 = {SignatureAlgorithmId::Ecdsa, |
| 359 DigestAlgorithmId::Sha256}; |
| 360 SignatureAlgorithm alg2 = {SignatureAlgorithmId::Ecdsa, |
| 361 DigestAlgorithmId::Sha256}; |
| 362 |
| 363 ASSERT_TRUE(alg1.Equals(alg2)); |
| 364 } |
| 365 |
| 366 } // namespace |
| 367 |
| 368 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1218753002:
Add DER parsing of AlgorithmId for signatures. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master