Chromium Code Reviews Chromium Code Reviews
Issue 1218753002:
Add DER parsing of AlgorithmId for signatures. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: net/cert/internal/signature_algorithm_unittest.cc |
| diff --git a/net/cert/internal/signature_algorithm_unittest.cc b/net/cert/internal/signature_algorithm_unittest.cc |
| new file mode 100644 |
| index 0000000000000000000000000000000000000000..feff6921fccc91c86079eb8cb314116567498850 |
| --- /dev/null |
| +++ b/net/cert/internal/signature_algorithm_unittest.cc |
| @@ -0,0 +1,368 @@ |
| +// Copyright 2015 The Chromium Authors. All rights reserved. |
| +// Use of this source code is governed by a BSD-style license that can be |
| +// found in the LICENSE file. |
| + |
| +#include "net/cert/internal/signature_algorithm.h" |
| + |
| +#include "base/files/file_util.h" |
| +#include "base/strings/string_number_conversions.h" |
| +#include "net/base/test_data_directory.h" |
| +#include "net/cert/pem_tokenizer.h" |
| +#include "net/der/input.h" |
| +#include "net/der/parser.h" |
| +#include "testing/gtest/include/gtest/gtest.h" |
| + |
| +namespace net { |
| + |
| +namespace { |
| + |
| +// Try parsing a SignatureAlgorithm given an empty DER input. |
| +TEST(SignatureAlgorithmTest, ParseInvalidDer_Empty) { |
| + SignatureAlgorithm algorithm; |
| + ASSERT_FALSE(algorithm.AssignFromDer(der::Input())); |
| +} |
| + |
| +// Try parsing a SignatureAlgorithm given invalid DER input. |
| +TEST(SignatureAlgorithmTest, ParseInvalidDer_Bogus) { |
| + const uint8_t kData[] = {0x00}; |
| + SignatureAlgorithm algorithm; |
| + ASSERT_FALSE(algorithm.AssignFromDer(der::Input(kData))); |
| +} |
| + |
| +// Parses a sha-1WithRSAEncryption which contains no parameters field. |
| +// |
| +// SEQUENCE (1 elem) |
| +// OBJECT IDENTIFIER 1.2.840.113549.1.1.5 |
| +TEST(SignatureAlgorithmTest, ParseDer_sha1WithRSAEncryption_NoParams) { |
| + const uint8_t kData[] = {0x30, |
| + 0x0B, |
| + 0x06, |
| + 0x09, |
| + 0x2A, |
| + 0x86, |
| + 0x48, |
| + 0x86, |
| + 0xF7, |
| + 0x0D, |
| + 0x01, |
| + 0x01, |
| + 0x05}; |
|
Ryan Sleevi
2015/06/29 14:45:24
See https://code.google.com/p/chromium/codesearch#
eroman
2015/06/29 15:19:00
I had used clang-format off in the earlier patchse
Ryan Sleevi
2015/06/29 16:36:28
On 2015/06/29 15:19:00, eroman wrote:
> My slight
eroman
2015/06/30 15:53:15
Done
|
| + SignatureAlgorithm algorithm; |
| + ASSERT_TRUE(algorithm.AssignFromDer(der::Input(kData))); |
| + |
| + EXPECT_EQ(SignatureAlgorithmId::RsaPkcs1_5, algorithm.algorithm); |
| + EXPECT_EQ(DigestAlgorithmId::Sha1, algorithm.digest); |
| +} |
| + |
| +// Parses a sha-1WithRSAEncryption which contains a NULL parameters field. |
| +// |
| +// SEQUENCE (2 elem) |
| +// OBJECT IDENTIFIER 1.2.840.113549.1.1.5 |
| +// NULL |
| +TEST(SignatureAlgorithmTest, ParseDer_sha1WithRSAEncryption_NullParams) { |
| + const uint8_t kData[] = {0x30, |
| + 0x0D, |
| + 0x06, |
| + 0x09, |
| + 0x2A, |
| + 0x86, |
| + 0x48, |
| + 0x86, |
| + 0xF7, |
| + 0x0D, |
| + 0x01, |
| + 0x01, |
| + 0x05, |
| + 0x05, |
| + 0x00}; |
| + SignatureAlgorithm algorithm; |
| + ASSERT_TRUE(algorithm.AssignFromDer(der::Input(kData))); |
| + |
| + EXPECT_EQ(SignatureAlgorithmId::RsaPkcs1_5, algorithm.algorithm); |
| + EXPECT_EQ(DigestAlgorithmId::Sha1, algorithm.digest); |
| +} |
| + |
| +// Parses a sha-1WithRSAEncryption which contains an unexpected parameters |
| +// field. Instead of being NULL or omitted, it is an integer. |
| +// |
| +// SEQUENCE (2 elem) |
| +// OBJECT IDENTIFIER 1.2.840.113549.1.1.5 |
| +// INTEGER 0 |
| +TEST(SignatureAlgorithmTest, |
| + ParseInvalidDer_sha1WithRSAEncryption_NonNullParams) { |
| + const uint8_t kData[] = {0x30, |
| + 0x0E, |
| + 0x06, |
| + 0x09, |
| + 0x2A, |
| + 0x86, |
| + 0x48, |
| + 0x86, |
| + 0xF7, |
| + 0x0D, |
| + 0x01, |
| + 0x01, |
| + 0x05, |
| + 0x02, |
| + 0x01, |
| + 0x00}; |
| + SignatureAlgorithm algorithm; |
| + ASSERT_FALSE(algorithm.AssignFromDer(der::Input(kData))); |
| +} |
| + |
| +// Parses a sha-1WithRSAEncryption which contains a bad NULL parameters field. |
| +// Normally NULL is encoded as {0x05, 0x00} (tag for NULL and length of 0). Here |
| +// NULL is encoded as having a length of 1 instead, followed by data 0x09. |
| +// |
| +// SEQUENCE (2 elem) |
| +// OBJECT IDENTIFIER 1.2.840.113549.1.1.5 |
| +// NULL |
| +TEST(SignatureAlgorithmTest, |
| + ParseInvalidDer_sha1WithRSAEncryption_BadNullParams) { |
| + const uint8_t kData[] = {0x30, |
| + 0x0E, |
| + 0x06, |
| + 0x09, |
| + 0x2A, |
| + 0x86, |
| + 0x48, |
| + 0x86, |
| + 0xF7, |
| + 0x0D, |
| + 0x01, |
| + 0x01, |
| + 0x05, |
| + 0x05, |
| + 0x01, |
| + 0x09}; |
| + SignatureAlgorithm algorithm; |
| + ASSERT_FALSE(algorithm.AssignFromDer(der::Input(kData))); |
| +} |
| + |
| +// Parses a sha-1WithRSAEncryption which contains a NULL parameters field, |
| +// followed by an integer. |
| +// |
| +// SEQUENCE (3 elem) |
| +// OBJECT IDENTIFIER 1.2.840.113549.1.1.5 |
| +// NULL |
| +// INTEGER 0 |
| +TEST(SignatureAlgorithmTest, |
| + ParseInvalidDer_sha1WithRSAEncryption_NullParamsThenInteger) { |
| + const uint8_t kData[] = {0x30, |
| + 0x10, |
| + 0x06, |
| + 0x09, |
| + 0x2A, |
| + 0x86, |
| + 0x48, |
| + 0x86, |
| + 0xF7, |
| + 0x0D, |
| + 0x01, |
| + 0x01, |
| + 0x05, |
| + 0x05, |
| + 0x00, |
| + 0x02, |
| + 0x01, |
| + 0x00}; |
| + SignatureAlgorithm algorithm; |
| + ASSERT_FALSE(algorithm.AssignFromDer(der::Input(kData))); |
| +} |
| + |
| +// Try parsing a SignatureAlgorithm given DER which does not encode a sequence. |
| +// |
| +// INTEGER 0 |
| +TEST(SignatureAlgorithmTest, ParseInvalidDer_NotASequence) { |
| + const uint8_t kData[] = { |
| + 0x02, 0x01, 0x00, |
| + }; |
| + SignatureAlgorithm algorithm; |
| + ASSERT_FALSE(algorithm.AssignFromDer(der::Input(kData))); |
| +} |
| + |
| +// Parses a sha256WithRSAEncryption which contains no parameters field. |
| +// |
| +// SEQUENCE (1 elem) |
| +// OBJECT IDENTIFIER 1.2.840.113549.1.1.11 |
| +TEST(SignatureAlgorithmTest, ParseDer_sha256WithRSAEncryption_NoParams) { |
| + const uint8_t kData[] = {0x30, |
| + 0x0B, |
| + 0x06, |
| + 0x09, |
| + 0x2a, |
| + 0x86, |
| + 0x48, |
| + 0x86, |
| + 0xf7, |
| + 0x0d, |
| + 0x01, |
| + 0x01, |
| + 0x0b}; |
| + SignatureAlgorithm algorithm; |
| + ASSERT_TRUE(algorithm.AssignFromDer(der::Input(kData))); |
| + |
| + EXPECT_EQ(SignatureAlgorithmId::RsaPkcs1_5, algorithm.algorithm); |
| + EXPECT_EQ(DigestAlgorithmId::Sha256, algorithm.digest); |
| +} |
| + |
| +// Parses a sha384WithRSAEncryption which contains no parameters field. |
| +// |
| +// SEQUENCE (1 elem) |
| +// OBJECT IDENTIFIER 1.2.840.113549.1.1.12 |
| +TEST(SignatureAlgorithmTest, ParseDer_sha384WithRSAEncryption_NoParams) { |
| + const uint8_t kData[] = {0x30, |
| + 0x0B, |
| + 0x06, |
| + 0x09, |
| + 0x2a, |
| + 0x86, |
| + 0x48, |
| + 0x86, |
| + 0xf7, |
| + 0x0d, |
| + 0x01, |
| + 0x01, |
| + 0x0c}; |
| + SignatureAlgorithm algorithm; |
| + ASSERT_TRUE(algorithm.AssignFromDer(der::Input(kData))); |
| + |
| + EXPECT_EQ(SignatureAlgorithmId::RsaPkcs1_5, algorithm.algorithm); |
| + EXPECT_EQ(DigestAlgorithmId::Sha384, algorithm.digest); |
| +} |
| + |
| +// Parses a sha512WithRSAEncryption which contains no parameters field. |
| +// |
| +// SEQUENCE (1 elem) |
| +// OBJECT IDENTIFIER 1.2.840.113549.1.1.13 |
| +TEST(SignatureAlgorithmTest, ParseDer_sha512WithRSAEncryption_NoParams) { |
| + const uint8_t kData[] = {0x30, |
| + 0x0B, |
| + 0x06, |
| + 0x09, |
| + 0x2a, |
| + 0x86, |
| + 0x48, |
| + 0x86, |
| + 0xf7, |
| + 0x0d, |
| + 0x01, |
| + 0x01, |
| + 0x0d}; |
| + SignatureAlgorithm algorithm; |
| + ASSERT_TRUE(algorithm.AssignFromDer(der::Input(kData))); |
| + |
| + EXPECT_EQ(SignatureAlgorithmId::RsaPkcs1_5, algorithm.algorithm); |
| + EXPECT_EQ(DigestAlgorithmId::Sha512, algorithm.digest); |
| +} |
| + |
| +// Parses a sha224WithRSAEncryption which contains no parameters field. This |
| +// fails because the parsing code does not enumerate this OID (even though it is |
| +// in fact valid). |
| +// |
| +// SEQUENCE (1 elem) |
| +// OBJECT IDENTIFIER 1.2.840.113549.1.1.14 |
| +TEST(SignatureAlgorithmTest, ParseDer_sha224WithRSAEncryption_NoParams) { |
| + const uint8_t kData[] = {0x30, |
| + 0x0B, |
| + 0x06, |
| + 0x09, |
| + 0x2a, |
| + 0x86, |
| + 0x48, |
| + 0x86, |
| + 0xf7, |
| + 0x0d, |
| + 0x01, |
| + 0x01, |
| + 0x0e}; |
| + SignatureAlgorithm algorithm; |
| + ASSERT_FALSE(algorithm.AssignFromDer(der::Input(kData))); |
| +} |
| + |
| +// Parses a ecdsa-with-SHA1 which contains no parameters field. |
| +// |
| +// SEQUENCE (1 elem) |
| +// OBJECT IDENTIFIER 1.2.840.10045.4.1 |
| +TEST(SignatureAlgorithmTest, ParseDer_ecdsaWithSHA1_NoParams) { |
| + const uint8_t kData[] = { |
| + 0x30, 0x09, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x01}; |
| + SignatureAlgorithm algorithm; |
| + ASSERT_TRUE(algorithm.AssignFromDer(der::Input(kData))); |
| + |
| + EXPECT_EQ(SignatureAlgorithmId::Ecdsa, algorithm.algorithm); |
| + EXPECT_EQ(DigestAlgorithmId::Sha1, algorithm.digest); |
| +} |
| + |
| +// Parses a ecdsa-with-SHA256 which contains no parameters field. |
| +// |
| +// SEQUENCE (1 elem) |
| +// OBJECT IDENTIFIER 1.2.840.10045.4.2 |
| +TEST(SignatureAlgorithmTest, ParseDer_ecdsaWithSHA256_NoParams) { |
| + const uint8_t kData[] = { |
| + 0x30, 0x0A, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02}; |
| + SignatureAlgorithm algorithm; |
| + ASSERT_TRUE(algorithm.AssignFromDer(der::Input(kData))); |
| + |
| + EXPECT_EQ(SignatureAlgorithmId::Ecdsa, algorithm.algorithm); |
| + EXPECT_EQ(DigestAlgorithmId::Sha256, algorithm.digest); |
| +} |
| + |
| +// Parses a ecdsa-with-SHA384 which contains no parameters field. |
| +// |
| +// SEQUENCE (1 elem) |
| +// OBJECT IDENTIFIER 1.2.840.10045.4.3 |
| +TEST(SignatureAlgorithmTest, ParseDer_ecdsaWithSHA384_NoParams) { |
| + const uint8_t kData[] = { |
| + 0x30, 0x0A, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x03}; |
| + SignatureAlgorithm algorithm; |
| + ASSERT_TRUE(algorithm.AssignFromDer(der::Input(kData))); |
| + |
| + EXPECT_EQ(SignatureAlgorithmId::Ecdsa, algorithm.algorithm); |
| + EXPECT_EQ(DigestAlgorithmId::Sha384, algorithm.digest); |
| +} |
| + |
| +// Parses a ecdsa-with-SHA512 which contains no parameters field. |
| +// |
| +// SEQUENCE (1 elem) |
| +// OBJECT IDENTIFIER 1.2.840.10045.4.4 |
| +TEST(SignatureAlgorithmTest, ParseDer_ecdsaWithSHA512_NoParams) { |
| + const uint8_t kData[] = { |
| + 0x30, 0x0A, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x04}; |
| + SignatureAlgorithm algorithm; |
| + ASSERT_TRUE(algorithm.AssignFromDer(der::Input(kData))); |
| + |
| + EXPECT_EQ(SignatureAlgorithmId::Ecdsa, algorithm.algorithm); |
| + EXPECT_EQ(DigestAlgorithmId::Sha512, algorithm.digest); |
| +} |
| + |
| +TEST(SignatureAlgorithmTest, Equals_DigestMismatch) { |
| + SignatureAlgorithm alg1 = {SignatureAlgorithmId::RsaPkcs1_5, |
| + DigestAlgorithmId::Sha1}; |
| + SignatureAlgorithm alg2 = {SignatureAlgorithmId::RsaPkcs1_5, |
| + DigestAlgorithmId::Sha256}; |
| + |
| + ASSERT_FALSE(alg1.Equals(alg2)); |
| +} |
| + |
| +TEST(SignatureAlgorithmTest, Equals_AlgorithmMismatch) { |
| + SignatureAlgorithm alg1 = {SignatureAlgorithmId::Ecdsa, |
| + DigestAlgorithmId::Sha256}; |
| + SignatureAlgorithm alg2 = {SignatureAlgorithmId::RsaPkcs1_5, |
| + DigestAlgorithmId::Sha256}; |
| + |
| + ASSERT_FALSE(alg1.Equals(alg2)); |
| +} |
| + |
| +TEST(SignatureAlgorithmTest, Equals_Match) { |
| + SignatureAlgorithm alg1 = {SignatureAlgorithmId::Ecdsa, |
| + DigestAlgorithmId::Sha256}; |
| + SignatureAlgorithm alg2 = {SignatureAlgorithmId::Ecdsa, |
| + DigestAlgorithmId::Sha256}; |
| + |
| + ASSERT_TRUE(alg1.Equals(alg2)); |
| +} |
| + |
| +} // namespace |
| + |
| +} // namespace net |
