| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/internal/verify_signed_data.h" | 5 #include "net/cert/internal/verify_signed_data.h" |
| 6 | 6 |
| 7 #include <set> | 7 #include <set> |
| 8 | 8 |
| 9 #include "base/base_paths.h" | |
| 10 #include "base/files/file_util.h" | |
| 11 #include "base/path_service.h" | |
| 12 #include "net/cert/internal/signature_algorithm.h" | 9 #include "net/cert/internal/signature_algorithm.h" |
| 13 #include "net/cert/internal/signature_policy.h" | 10 #include "net/cert/internal/signature_policy.h" |
| 14 #include "net/cert/pem_tokenizer.h" | 11 #include "net/cert/internal/test_helpers.h" |
| 15 #include "net/der/input.h" | 12 #include "net/der/input.h" |
| 16 #include "net/der/parse_values.h" | 13 #include "net/der/parse_values.h" |
| 17 #include "net/der/parser.h" | 14 #include "net/der/parser.h" |
| 18 #include "testing/gtest/include/gtest/gtest.h" | 15 #include "testing/gtest/include/gtest/gtest.h" |
| 19 | 16 |
| 20 #if defined(USE_OPENSSL) | 17 #if defined(USE_OPENSSL) |
| 21 #include <openssl/obj.h> | 18 #include <openssl/obj.h> |
| 22 #endif | 19 #endif |
| 23 | 20 |
| 24 namespace net { | 21 namespace net { |
| 25 | 22 |
| 26 namespace { | 23 namespace { |
| 27 | 24 |
| 28 // Creates a der::Input from an std::string. The lifetimes are a bit subtle | |
| 29 // when using this function: | |
| 30 // | |
| 31 // The returned der::Input() is only valid so long as the input string is alive | |
| 32 // and is not mutated. | |
| 33 // | |
| 34 // Note that the input parameter has been made a pointer to prevent callers | |
| 35 // from accidentally passing an r-value. | |
| 36 der::Input InputFromString(const std::string* s) { | |
| 37 return der::Input(reinterpret_cast<const uint8_t*>(s->data()), s->size()); | |
| 38 } | |
| 39 | |
| 40 // Reads a signature verification test file. | |
| 41 // | |
| 42 // The test file is a series of PEM blocks (PEM is just base64 data) with | |
| 43 // headings of: | |
| 44 // | |
| 45 // "PUBLIC KEY" - DER encoding of the SubjectPublicKeyInfo | |
| 46 // "ALGORITHM" - DER encoding of the AlgorithmIdentifier for the signature | |
| 47 // algorithm (signatureAlgorithm in X.509) | |
| 48 // "DATA" - The data that was signed (tbsCertificate in X.509) | |
| 49 // "SIGNATURE" - The result of signing DATA. | |
| 50 ::testing::AssertionResult ParseTestDataFile(const std::string& file_data, | |
| 51 std::string* public_key, | |
| 52 std::string* algorithm, | |
| 53 std::string* signed_data, | |
| 54 std::string* signature_value) { | |
| 55 const char kPublicKeyBlock[] = "PUBLIC KEY"; | |
| 56 const char kAlgorithmBlock[] = "ALGORITHM"; | |
| 57 const char kSignedDataBlock[] = "DATA"; | |
| 58 const char kSignatureBlock[] = "SIGNATURE"; | |
| 59 | |
| 60 std::vector<std::string> pem_headers; | |
| 61 pem_headers.push_back(kPublicKeyBlock); | |
| 62 pem_headers.push_back(kAlgorithmBlock); | |
| 63 pem_headers.push_back(kSignedDataBlock); | |
| 64 pem_headers.push_back(kSignatureBlock); | |
| 65 | |
| 66 // Keep track of which blocks have been encountered (by elimination). | |
| 67 std::set<std::string> remaining_blocks(pem_headers.begin(), | |
| 68 pem_headers.end()); | |
| 69 | |
| 70 PEMTokenizer pem_tokenizer(file_data, pem_headers); | |
| 71 while (pem_tokenizer.GetNext()) { | |
| 72 const std::string& block_type = pem_tokenizer.block_type(); | |
| 73 if (block_type == kPublicKeyBlock) { | |
| 74 public_key->assign(pem_tokenizer.data()); | |
| 75 } else if (block_type == kAlgorithmBlock) { | |
| 76 algorithm->assign(pem_tokenizer.data()); | |
| 77 } else if (block_type == kSignedDataBlock) { | |
| 78 signed_data->assign(pem_tokenizer.data()); | |
| 79 } else if (block_type == kSignatureBlock) { | |
| 80 signature_value->assign(pem_tokenizer.data()); | |
| 81 } | |
| 82 | |
| 83 if (remaining_blocks.erase(block_type) != 1u) { | |
| 84 return ::testing::AssertionFailure() | |
| 85 << "PEM block defined multiple times: " << block_type; | |
| 86 } | |
| 87 } | |
| 88 | |
| 89 if (!remaining_blocks.empty()) { | |
| 90 // Print one of the missing PEM blocks. | |
| 91 return ::testing::AssertionFailure() << "PEM block missing: " | |
| 92 << *remaining_blocks.begin(); | |
| 93 } | |
| 94 | |
| 95 return ::testing::AssertionSuccess(); | |
| 96 } | |
| 97 | |
| 98 // Returns a path to the file |file_name| within the unittest data directory. | |
| 99 base::FilePath GetTestFilePath(const char* file_name) { | |
| 100 base::FilePath src_root; | |
| 101 PathService::Get(base::DIR_SOURCE_ROOT, &src_root); | |
| 102 return src_root.Append( | |
| 103 FILE_PATH_LITERAL("net/data/verify_signed_data_unittest")) | |
| 104 .AppendASCII(file_name); | |
| 105 } | |
| 106 | |
| 107 enum VerifyResult { | 25 enum VerifyResult { |
| 108 SUCCESS, | 26 SUCCESS, |
| 109 FAILURE, | 27 FAILURE, |
| 110 }; | 28 }; |
| 111 | 29 |
| 112 // Reads test data from |file_name| and runs VerifySignedData() over its | 30 // Reads test data from |file_name| and runs VerifySignedData() over its |
| 113 // inputs, using |policy|. | 31 // inputs, using |policy|. |
| 114 // | 32 // |
| 115 // If expected_result was SUCCESS then the test will only succeed if | 33 // If expected_result was SUCCESS then the test will only succeed if |
| 116 // VerifySignedData() returns true. | 34 // VerifySignedData() returns true. |
| 117 // | 35 // |
| 118 // If expected_result was FAILURE then the test will only succeed if | 36 // If expected_result was FAILURE then the test will only succeed if |
| 119 // VerifySignedData() returns false. | 37 // VerifySignedData() returns false. |
| 120 void RunTestCaseUsingPolicy(VerifyResult expected_result, | 38 void RunTestCaseUsingPolicy(VerifyResult expected_result, |
| 121 const char* file_name, | 39 const char* file_name, |
| 122 const SignaturePolicy* policy) { | 40 const SignaturePolicy* policy) { |
| 123 #if !defined(USE_OPENSSL) | 41 #if !defined(USE_OPENSSL) |
| 124 LOG(INFO) << "Skipping test, only implemented for BoringSSL"; | 42 LOG(INFO) << "Skipping test, only implemented for BoringSSL"; |
| 125 return; | 43 return; |
| 126 #endif | 44 #endif |
| 127 | 45 |
| 128 base::FilePath test_file_path = GetTestFilePath(file_name); | 46 std::string path = |
| 129 | 47 std::string("net/data/verify_signed_data_unittest/") + file_name; |
| 130 std::string file_data; | |
| 131 ASSERT_TRUE(base::ReadFileToString(test_file_path, &file_data)) | |
| 132 << "Couldn't read file: " << test_file_path.value(); | |
| 133 | 48 |
| 134 std::string public_key; | 49 std::string public_key; |
| 135 std::string algorithm; | 50 std::string algorithm; |
| 136 std::string signed_data; | 51 std::string signed_data; |
| 137 std::string signature_value; | 52 std::string signature_value; |
| 138 | 53 |
| 139 ASSERT_TRUE(ParseTestDataFile(file_data, &public_key, &algorithm, | 54 const PemBlockMapping mappings[] = { |
| 140 &signed_data, &signature_value)); | 55 {"PUBLIC KEY", &public_key}, |
| 56 {"ALGORITHM", &algorithm}, |
| 57 {"DATA", &signed_data}, |
| 58 {"SIGNATURE", &signature_value}, |
| 59 }; |
| 60 |
| 61 ASSERT_TRUE(ReadTestDataFromPemFile(path, mappings)); |
| 141 | 62 |
| 142 scoped_ptr<SignatureAlgorithm> signature_algorithm = | 63 scoped_ptr<SignatureAlgorithm> signature_algorithm = |
| 143 SignatureAlgorithm::CreateFromDer(InputFromString(&algorithm)); | 64 SignatureAlgorithm::CreateFromDer(InputFromString(&algorithm)); |
| 144 ASSERT_TRUE(signature_algorithm); | 65 ASSERT_TRUE(signature_algorithm); |
| 145 | 66 |
| 146 der::BitString signature_value_bit_string; | 67 der::BitString signature_value_bit_string; |
| 147 der::Parser signature_value_parser(InputFromString(&signature_value)); | 68 der::Parser signature_value_parser(InputFromString(&signature_value)); |
| 148 ASSERT_TRUE(signature_value_parser.ReadBitString(&signature_value_bit_string)) | 69 ASSERT_TRUE(signature_value_parser.ReadBitString(&signature_value_bit_string)) |
| 149 << "The signature value is not a valid BIT STRING"; | 70 << "The signature value is not a valid BIT STRING"; |
| 150 | 71 |
| (...skipping 230 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 381 RunTestCaseUsingPolicy(SUCCESS, "ecdsa-secp384r1-sha256.pem", &policy); | 302 RunTestCaseUsingPolicy(SUCCESS, "ecdsa-secp384r1-sha256.pem", &policy); |
| 382 RunTestCaseUsingPolicy(SUCCESS, "rsa-pkcs1-sha256.pem", &policy); | 303 RunTestCaseUsingPolicy(SUCCESS, "rsa-pkcs1-sha256.pem", &policy); |
| 383 RunTestCaseUsingPolicy(SUCCESS, "rsa-pss-sha256-salt10.pem", &policy); | 304 RunTestCaseUsingPolicy(SUCCESS, "rsa-pss-sha256-salt10.pem", &policy); |
| 384 RunTestCaseUsingPolicy(FAILURE, "rsa-pss-sha256-mgf1-sha512-salt33.pem", | 305 RunTestCaseUsingPolicy(FAILURE, "rsa-pss-sha256-mgf1-sha512-salt33.pem", |
| 385 &policy); | 306 &policy); |
| 386 } | 307 } |
| 387 | 308 |
| 388 } // namespace | 309 } // namespace |
| 389 | 310 |
| 390 } // namespace net | 311 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1290553002:
[refactor] Extract some test helpers for certificate verification unittests. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@cert_mapper