| Index: net/cert/internal/signature_algorithm_unittest.cc
|
| diff --git a/net/cert/internal/signature_algorithm_unittest.cc b/net/cert/internal/signature_algorithm_unittest.cc
|
| new file mode 100644
|
| index 0000000000000000000000000000000000000000..feff6921fccc91c86079eb8cb314116567498850
|
| --- /dev/null
|
| +++ b/net/cert/internal/signature_algorithm_unittest.cc
|
| @@ -0,0 +1,368 @@
|
| +// Copyright 2015 The Chromium Authors. All rights reserved.
|
| +// Use of this source code is governed by a BSD-style license that can be
|
| +// found in the LICENSE file.
|
| +
|
| +#include "net/cert/internal/signature_algorithm.h"
|
| +
|
| +#include "base/files/file_util.h"
|
| +#include "base/strings/string_number_conversions.h"
|
| +#include "net/base/test_data_directory.h"
|
| +#include "net/cert/pem_tokenizer.h"
|
| +#include "net/der/input.h"
|
| +#include "net/der/parser.h"
|
| +#include "testing/gtest/include/gtest/gtest.h"
|
| +
|
| +namespace net {
|
| +
|
| +namespace {
|
| +
|
| +// Try parsing a SignatureAlgorithm given an empty DER input.
|
| +TEST(SignatureAlgorithmTest, ParseInvalidDer_Empty) {
|
| + SignatureAlgorithm algorithm;
|
| + ASSERT_FALSE(algorithm.AssignFromDer(der::Input()));
|
| +}
|
| +
|
| +// Try parsing a SignatureAlgorithm given invalid DER input.
|
| +TEST(SignatureAlgorithmTest, ParseInvalidDer_Bogus) {
|
| + const uint8_t kData[] = {0x00};
|
| + SignatureAlgorithm algorithm;
|
| + ASSERT_FALSE(algorithm.AssignFromDer(der::Input(kData)));
|
| +}
|
| +
|
| +// Parses a sha-1WithRSAEncryption which contains no parameters field.
|
| +//
|
| +// SEQUENCE (1 elem)
|
| +// OBJECT IDENTIFIER 1.2.840.113549.1.1.5
|
| +TEST(SignatureAlgorithmTest, ParseDer_sha1WithRSAEncryption_NoParams) {
|
| + const uint8_t kData[] = {0x30,
|
| + 0x0B,
|
| + 0x06,
|
| + 0x09,
|
| + 0x2A,
|
| + 0x86,
|
| + 0x48,
|
| + 0x86,
|
| + 0xF7,
|
| + 0x0D,
|
| + 0x01,
|
| + 0x01,
|
| + 0x05};
|
| + SignatureAlgorithm algorithm;
|
| + ASSERT_TRUE(algorithm.AssignFromDer(der::Input(kData)));
|
| +
|
| + EXPECT_EQ(SignatureAlgorithmId::RsaPkcs1_5, algorithm.algorithm);
|
| + EXPECT_EQ(DigestAlgorithmId::Sha1, algorithm.digest);
|
| +}
|
| +
|
| +// Parses a sha-1WithRSAEncryption which contains a NULL parameters field.
|
| +//
|
| +// SEQUENCE (2 elem)
|
| +// OBJECT IDENTIFIER 1.2.840.113549.1.1.5
|
| +// NULL
|
| +TEST(SignatureAlgorithmTest, ParseDer_sha1WithRSAEncryption_NullParams) {
|
| + const uint8_t kData[] = {0x30,
|
| + 0x0D,
|
| + 0x06,
|
| + 0x09,
|
| + 0x2A,
|
| + 0x86,
|
| + 0x48,
|
| + 0x86,
|
| + 0xF7,
|
| + 0x0D,
|
| + 0x01,
|
| + 0x01,
|
| + 0x05,
|
| + 0x05,
|
| + 0x00};
|
| + SignatureAlgorithm algorithm;
|
| + ASSERT_TRUE(algorithm.AssignFromDer(der::Input(kData)));
|
| +
|
| + EXPECT_EQ(SignatureAlgorithmId::RsaPkcs1_5, algorithm.algorithm);
|
| + EXPECT_EQ(DigestAlgorithmId::Sha1, algorithm.digest);
|
| +}
|
| +
|
| +// Parses a sha-1WithRSAEncryption which contains an unexpected parameters
|
| +// field. Instead of being NULL or omitted, it is an integer.
|
| +//
|
| +// SEQUENCE (2 elem)
|
| +// OBJECT IDENTIFIER 1.2.840.113549.1.1.5
|
| +// INTEGER 0
|
| +TEST(SignatureAlgorithmTest,
|
| + ParseInvalidDer_sha1WithRSAEncryption_NonNullParams) {
|
| + const uint8_t kData[] = {0x30,
|
| + 0x0E,
|
| + 0x06,
|
| + 0x09,
|
| + 0x2A,
|
| + 0x86,
|
| + 0x48,
|
| + 0x86,
|
| + 0xF7,
|
| + 0x0D,
|
| + 0x01,
|
| + 0x01,
|
| + 0x05,
|
| + 0x02,
|
| + 0x01,
|
| + 0x00};
|
| + SignatureAlgorithm algorithm;
|
| + ASSERT_FALSE(algorithm.AssignFromDer(der::Input(kData)));
|
| +}
|
| +
|
| +// Parses a sha-1WithRSAEncryption which contains a bad NULL parameters field.
|
| +// Normally NULL is encoded as {0x05, 0x00} (tag for NULL and length of 0). Here
|
| +// NULL is encoded as having a length of 1 instead, followed by data 0x09.
|
| +//
|
| +// SEQUENCE (2 elem)
|
| +// OBJECT IDENTIFIER 1.2.840.113549.1.1.5
|
| +// NULL
|
| +TEST(SignatureAlgorithmTest,
|
| + ParseInvalidDer_sha1WithRSAEncryption_BadNullParams) {
|
| + const uint8_t kData[] = {0x30,
|
| + 0x0E,
|
| + 0x06,
|
| + 0x09,
|
| + 0x2A,
|
| + 0x86,
|
| + 0x48,
|
| + 0x86,
|
| + 0xF7,
|
| + 0x0D,
|
| + 0x01,
|
| + 0x01,
|
| + 0x05,
|
| + 0x05,
|
| + 0x01,
|
| + 0x09};
|
| + SignatureAlgorithm algorithm;
|
| + ASSERT_FALSE(algorithm.AssignFromDer(der::Input(kData)));
|
| +}
|
| +
|
| +// Parses a sha-1WithRSAEncryption which contains a NULL parameters field,
|
| +// followed by an integer.
|
| +//
|
| +// SEQUENCE (3 elem)
|
| +// OBJECT IDENTIFIER 1.2.840.113549.1.1.5
|
| +// NULL
|
| +// INTEGER 0
|
| +TEST(SignatureAlgorithmTest,
|
| + ParseInvalidDer_sha1WithRSAEncryption_NullParamsThenInteger) {
|
| + const uint8_t kData[] = {0x30,
|
| + 0x10,
|
| + 0x06,
|
| + 0x09,
|
| + 0x2A,
|
| + 0x86,
|
| + 0x48,
|
| + 0x86,
|
| + 0xF7,
|
| + 0x0D,
|
| + 0x01,
|
| + 0x01,
|
| + 0x05,
|
| + 0x05,
|
| + 0x00,
|
| + 0x02,
|
| + 0x01,
|
| + 0x00};
|
| + SignatureAlgorithm algorithm;
|
| + ASSERT_FALSE(algorithm.AssignFromDer(der::Input(kData)));
|
| +}
|
| +
|
| +// Try parsing a SignatureAlgorithm given DER which does not encode a sequence.
|
| +//
|
| +// INTEGER 0
|
| +TEST(SignatureAlgorithmTest, ParseInvalidDer_NotASequence) {
|
| + const uint8_t kData[] = {
|
| + 0x02, 0x01, 0x00,
|
| + };
|
| + SignatureAlgorithm algorithm;
|
| + ASSERT_FALSE(algorithm.AssignFromDer(der::Input(kData)));
|
| +}
|
| +
|
| +// Parses a sha256WithRSAEncryption which contains no parameters field.
|
| +//
|
| +// SEQUENCE (1 elem)
|
| +// OBJECT IDENTIFIER 1.2.840.113549.1.1.11
|
| +TEST(SignatureAlgorithmTest, ParseDer_sha256WithRSAEncryption_NoParams) {
|
| + const uint8_t kData[] = {0x30,
|
| + 0x0B,
|
| + 0x06,
|
| + 0x09,
|
| + 0x2a,
|
| + 0x86,
|
| + 0x48,
|
| + 0x86,
|
| + 0xf7,
|
| + 0x0d,
|
| + 0x01,
|
| + 0x01,
|
| + 0x0b};
|
| + SignatureAlgorithm algorithm;
|
| + ASSERT_TRUE(algorithm.AssignFromDer(der::Input(kData)));
|
| +
|
| + EXPECT_EQ(SignatureAlgorithmId::RsaPkcs1_5, algorithm.algorithm);
|
| + EXPECT_EQ(DigestAlgorithmId::Sha256, algorithm.digest);
|
| +}
|
| +
|
| +// Parses a sha384WithRSAEncryption which contains no parameters field.
|
| +//
|
| +// SEQUENCE (1 elem)
|
| +// OBJECT IDENTIFIER 1.2.840.113549.1.1.12
|
| +TEST(SignatureAlgorithmTest, ParseDer_sha384WithRSAEncryption_NoParams) {
|
| + const uint8_t kData[] = {0x30,
|
| + 0x0B,
|
| + 0x06,
|
| + 0x09,
|
| + 0x2a,
|
| + 0x86,
|
| + 0x48,
|
| + 0x86,
|
| + 0xf7,
|
| + 0x0d,
|
| + 0x01,
|
| + 0x01,
|
| + 0x0c};
|
| + SignatureAlgorithm algorithm;
|
| + ASSERT_TRUE(algorithm.AssignFromDer(der::Input(kData)));
|
| +
|
| + EXPECT_EQ(SignatureAlgorithmId::RsaPkcs1_5, algorithm.algorithm);
|
| + EXPECT_EQ(DigestAlgorithmId::Sha384, algorithm.digest);
|
| +}
|
| +
|
| +// Parses a sha512WithRSAEncryption which contains no parameters field.
|
| +//
|
| +// SEQUENCE (1 elem)
|
| +// OBJECT IDENTIFIER 1.2.840.113549.1.1.13
|
| +TEST(SignatureAlgorithmTest, ParseDer_sha512WithRSAEncryption_NoParams) {
|
| + const uint8_t kData[] = {0x30,
|
| + 0x0B,
|
| + 0x06,
|
| + 0x09,
|
| + 0x2a,
|
| + 0x86,
|
| + 0x48,
|
| + 0x86,
|
| + 0xf7,
|
| + 0x0d,
|
| + 0x01,
|
| + 0x01,
|
| + 0x0d};
|
| + SignatureAlgorithm algorithm;
|
| + ASSERT_TRUE(algorithm.AssignFromDer(der::Input(kData)));
|
| +
|
| + EXPECT_EQ(SignatureAlgorithmId::RsaPkcs1_5, algorithm.algorithm);
|
| + EXPECT_EQ(DigestAlgorithmId::Sha512, algorithm.digest);
|
| +}
|
| +
|
| +// Parses a sha224WithRSAEncryption which contains no parameters field. This
|
| +// fails because the parsing code does not enumerate this OID (even though it is
|
| +// in fact valid).
|
| +//
|
| +// SEQUENCE (1 elem)
|
| +// OBJECT IDENTIFIER 1.2.840.113549.1.1.14
|
| +TEST(SignatureAlgorithmTest, ParseDer_sha224WithRSAEncryption_NoParams) {
|
| + const uint8_t kData[] = {0x30,
|
| + 0x0B,
|
| + 0x06,
|
| + 0x09,
|
| + 0x2a,
|
| + 0x86,
|
| + 0x48,
|
| + 0x86,
|
| + 0xf7,
|
| + 0x0d,
|
| + 0x01,
|
| + 0x01,
|
| + 0x0e};
|
| + SignatureAlgorithm algorithm;
|
| + ASSERT_FALSE(algorithm.AssignFromDer(der::Input(kData)));
|
| +}
|
| +
|
| +// Parses a ecdsa-with-SHA1 which contains no parameters field.
|
| +//
|
| +// SEQUENCE (1 elem)
|
| +// OBJECT IDENTIFIER 1.2.840.10045.4.1
|
| +TEST(SignatureAlgorithmTest, ParseDer_ecdsaWithSHA1_NoParams) {
|
| + const uint8_t kData[] = {
|
| + 0x30, 0x09, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x01};
|
| + SignatureAlgorithm algorithm;
|
| + ASSERT_TRUE(algorithm.AssignFromDer(der::Input(kData)));
|
| +
|
| + EXPECT_EQ(SignatureAlgorithmId::Ecdsa, algorithm.algorithm);
|
| + EXPECT_EQ(DigestAlgorithmId::Sha1, algorithm.digest);
|
| +}
|
| +
|
| +// Parses a ecdsa-with-SHA256 which contains no parameters field.
|
| +//
|
| +// SEQUENCE (1 elem)
|
| +// OBJECT IDENTIFIER 1.2.840.10045.4.2
|
| +TEST(SignatureAlgorithmTest, ParseDer_ecdsaWithSHA256_NoParams) {
|
| + const uint8_t kData[] = {
|
| + 0x30, 0x0A, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02};
|
| + SignatureAlgorithm algorithm;
|
| + ASSERT_TRUE(algorithm.AssignFromDer(der::Input(kData)));
|
| +
|
| + EXPECT_EQ(SignatureAlgorithmId::Ecdsa, algorithm.algorithm);
|
| + EXPECT_EQ(DigestAlgorithmId::Sha256, algorithm.digest);
|
| +}
|
| +
|
| +// Parses a ecdsa-with-SHA384 which contains no parameters field.
|
| +//
|
| +// SEQUENCE (1 elem)
|
| +// OBJECT IDENTIFIER 1.2.840.10045.4.3
|
| +TEST(SignatureAlgorithmTest, ParseDer_ecdsaWithSHA384_NoParams) {
|
| + const uint8_t kData[] = {
|
| + 0x30, 0x0A, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x03};
|
| + SignatureAlgorithm algorithm;
|
| + ASSERT_TRUE(algorithm.AssignFromDer(der::Input(kData)));
|
| +
|
| + EXPECT_EQ(SignatureAlgorithmId::Ecdsa, algorithm.algorithm);
|
| + EXPECT_EQ(DigestAlgorithmId::Sha384, algorithm.digest);
|
| +}
|
| +
|
| +// Parses a ecdsa-with-SHA512 which contains no parameters field.
|
| +//
|
| +// SEQUENCE (1 elem)
|
| +// OBJECT IDENTIFIER 1.2.840.10045.4.4
|
| +TEST(SignatureAlgorithmTest, ParseDer_ecdsaWithSHA512_NoParams) {
|
| + const uint8_t kData[] = {
|
| + 0x30, 0x0A, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x04};
|
| + SignatureAlgorithm algorithm;
|
| + ASSERT_TRUE(algorithm.AssignFromDer(der::Input(kData)));
|
| +
|
| + EXPECT_EQ(SignatureAlgorithmId::Ecdsa, algorithm.algorithm);
|
| + EXPECT_EQ(DigestAlgorithmId::Sha512, algorithm.digest);
|
| +}
|
| +
|
| +TEST(SignatureAlgorithmTest, Equals_DigestMismatch) {
|
| + SignatureAlgorithm alg1 = {SignatureAlgorithmId::RsaPkcs1_5,
|
| + DigestAlgorithmId::Sha1};
|
| + SignatureAlgorithm alg2 = {SignatureAlgorithmId::RsaPkcs1_5,
|
| + DigestAlgorithmId::Sha256};
|
| +
|
| + ASSERT_FALSE(alg1.Equals(alg2));
|
| +}
|
| +
|
| +TEST(SignatureAlgorithmTest, Equals_AlgorithmMismatch) {
|
| + SignatureAlgorithm alg1 = {SignatureAlgorithmId::Ecdsa,
|
| + DigestAlgorithmId::Sha256};
|
| + SignatureAlgorithm alg2 = {SignatureAlgorithmId::RsaPkcs1_5,
|
| + DigestAlgorithmId::Sha256};
|
| +
|
| + ASSERT_FALSE(alg1.Equals(alg2));
|
| +}
|
| +
|
| +TEST(SignatureAlgorithmTest, Equals_Match) {
|
| + SignatureAlgorithm alg1 = {SignatureAlgorithmId::Ecdsa,
|
| + DigestAlgorithmId::Sha256};
|
| + SignatureAlgorithm alg2 = {SignatureAlgorithmId::Ecdsa,
|
| + DigestAlgorithmId::Sha256};
|
| +
|
| + ASSERT_TRUE(alg1.Equals(alg2));
|
| +}
|
| +
|
| +} // namespace
|
| +
|
| +} // namespace net
|
|
|
Chromium Code Reviews
Issue 1218753002:
Add DER parsing of AlgorithmId for signatures. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master