Switch SignatureVerifier to taking an algorithm enum.

crypto/signature_verifier_unittest.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "crypto/signature_verifier.h"
 
 #include <stddef.h>
 #include <stdint.h>
 
 #include "base/macros.h"
 #include "base/numerics/safe_conversions.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
 TEST(SignatureVerifierTest, BasicTest) {
   // The input data in this test comes from real certificates.
   //
-  // tbs_certificate ("to-be-signed certificate", the part of a certificate
-  // that is signed), signature_algorithm, and algorithm come from the
-  // certificate of bugs.webkit.org.
+  // tbs_certificate ("to-be-signed certificate", the part of a certificate that
+  // is signed), signature, and algorithm come from the certificate of
+  // bugs.webkit.org.
   //
   // public_key_info comes from the certificate of the issuer, Go Daddy Secure
   // Certification Authority.
   //
   // The bytes in the array initializers are formatted to expose the DER
   // encoding of the ASN.1 structures.
 
   // The data that is signed is the following ASN.1 structure:
   //    TBSCertificate  ::=  SEQUENCE  {
   //        ...  -- omitted, not important
@@ skipping 79 matching lines @@
       0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x48,
       0xdf, 0x60, 0x32, 0xcc, 0x89, 0x01, 0xb6, 0xdc, 0x2f, 0xe3, 0x73, 0xb5,
       0x9c, 0x16, 0x58, 0x32, 0x68, 0xa9, 0xc3, 0x30, 0x1f, 0x06, 0x03, 0x55,
       0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xfd, 0xac, 0x61, 0x32,
       0x93, 0x6c, 0x45, 0xd6, 0xe2, 0xee, 0x85, 0x5f, 0x9a, 0xba, 0xe7, 0x76,
       0x99, 0x68, 0xcc, 0xe7, 0x30, 0x23, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04,
       0x1c, 0x30, 0x1a, 0x82, 0x0c, 0x2a, 0x2e, 0x77, 0x65, 0x62, 0x6b, 0x69,
       0x74, 0x2e, 0x6f, 0x72, 0x67, 0x82, 0x0a, 0x77, 0x65, 0x62, 0x6b, 0x69,
       0x74, 0x2e, 0x6f, 0x72, 0x67};
 
-  // The signature algorithm is specified as the following ASN.1 structure:
-  //    AlgorithmIdentifier  ::=  SEQUENCE  {
-  //        algorithm               OBJECT IDENTIFIER,
-  //        parameters              ANY DEFINED BY algorithm OPTIONAL  }
-  //
-  const uint8_t signature_algorithm[15] = {
-      0x30, 0x0d,  // a SEQUENCE of length 13 (0xd)
-      0x06, 0x09,  // an OBJECT IDENTIFIER of length 9
-      // 1.2.840.113549.1.1.5 - sha1WithRSAEncryption
-      0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05,
-      0x00,  // a NULL of length 0
-  };
-
   // RSA signature, a big integer in the big-endian byte order.
   const uint8_t signature[256] = {
       0x1e, 0x6a, 0xe7, 0xe0, 0x4f, 0xe7, 0x4d, 0xd0, 0x69, 0x7c, 0xf8, 0x8f,
       0x99, 0xb4, 0x18, 0x95, 0x36, 0x24, 0x0f, 0x0e, 0xa3, 0xea, 0x34, 0x37,
       0xf4, 0x7d, 0xd5, 0x92, 0x35, 0x53, 0x72, 0x76, 0x3f, 0x69, 0xf0, 0x82,
       0x56, 0xe3, 0x94, 0x7a, 0x1d, 0x1a, 0x81, 0xaf, 0x9f, 0xc7, 0x43, 0x01,
       0x64, 0xd3, 0x7c, 0x0d, 0xc8, 0x11, 0x4e, 0x4a, 0xe6, 0x1a, 0xc3, 0x01,
       0x74, 0xe8, 0x35, 0x87, 0x5c, 0x61, 0xaa, 0x8a, 0x46, 0x06, 0xbe, 0x98,
       0x95, 0x24, 0x9e, 0x01, 0xe3, 0xe6, 0xa0, 0x98, 0xee, 0x36, 0x44, 0x56,
       0x8d, 0x23, 0x9c, 0x65, 0xea, 0x55, 0x6a, 0xdf, 0x66, 0xee, 0x45, 0xe8,
@@ skipping 53 matching lines @@
       0xa3, 0x3f, 0x84, 0x0d, 0x4f,
       // public exponent
       0x02, 0x03,  // an INTEGER of length 3
       0x01, 0x00, 0x01};
 
   // We use the signature verifier to perform four signature verification
   // tests.
   crypto::SignatureVerifier verifier;
   bool ok;
 
-  // Test 1: feed all of the data to the verifier at once (a single
+  // Test  1: feed all of the data to the verifier at once (a single
   // VerifyUpdate call).
-  ok = verifier.VerifyInit(signature_algorithm,
-                           sizeof(signature_algorithm),
-                           signature, sizeof(signature),
-                           public_key_info, sizeof(public_key_info));
+  ok = verifier.VerifyInit(crypto::SignatureVerifier::RSA_PKCS1_SHA1, signature,
+                           sizeof(signature), public_key_info,
+                           sizeof(public_key_info));
   EXPECT_TRUE(ok);
   verifier.VerifyUpdate(tbs_certificate, sizeof(tbs_certificate));
   ok = verifier.VerifyFinal();
   EXPECT_TRUE(ok);
 
   // Test 2: feed the data to the verifier in three parts (three VerifyUpdate
   // calls).
-  ok = verifier.VerifyInit(signature_algorithm,
-                           sizeof(signature_algorithm),
-                           signature, sizeof(signature),
-                           public_key_info, sizeof(public_key_info));
+  ok = verifier.VerifyInit(crypto::SignatureVerifier::RSA_PKCS1_SHA1, signature,
+                           sizeof(signature), public_key_info,
+                           sizeof(public_key_info));
   EXPECT_TRUE(ok);
-  verifier.VerifyUpdate(tbs_certificate,       256);
+  verifier.VerifyUpdate(tbs_certificate, 256);
   verifier.VerifyUpdate(tbs_certificate + 256, 256);
   verifier.VerifyUpdate(tbs_certificate + 512, sizeof(tbs_certificate) - 512);
   ok = verifier.VerifyFinal();
   EXPECT_TRUE(ok);
 
   // Test 3: verify the signature with incorrect data.
   uint8_t bad_tbs_certificate[sizeof(tbs_certificate)];
   memcpy(bad_tbs_certificate, tbs_certificate, sizeof(tbs_certificate));
   bad_tbs_certificate[10] += 1;  // Corrupt one byte of the data.
-  ok = verifier.VerifyInit(signature_algorithm,
-                           sizeof(signature_algorithm),
-                           signature, sizeof(signature),
-                           public_key_info, sizeof(public_key_info));
+  ok = verifier.VerifyInit(crypto::SignatureVerifier::RSA_PKCS1_SHA1, signature,
+                           sizeof(signature), public_key_info,
+                           sizeof(public_key_info));
   EXPECT_TRUE(ok);
   verifier.VerifyUpdate(bad_tbs_certificate, sizeof(bad_tbs_certificate));
   ok = verifier.VerifyFinal();
   EXPECT_FALSE(ok);
 
   // Test 4: verify a bad signature.
   uint8_t bad_signature[sizeof(signature)];
   memcpy(bad_signature, signature, sizeof(signature));
   bad_signature[10] += 1;  // Corrupt one byte of the signature.
-  ok = verifier.VerifyInit(signature_algorithm,
-                           sizeof(signature_algorithm),
+  ok = verifier.VerifyInit(crypto::SignatureVerifier::RSA_PKCS1_SHA1,
                            bad_signature, sizeof(bad_signature),
                            public_key_info, sizeof(public_key_info));
 
   // A crypto library (e.g., NSS) may detect that the signature is corrupted
   // and cause VerifyInit to return false, so it is fine for 'ok' to be false.
   if (ok) {
     verifier.VerifyUpdate(tbs_certificate, sizeof(tbs_certificate));
     ok = verifier.VerifyFinal();
     EXPECT_FALSE(ok);
   }
 
   // Test 5: import an invalid key.
   uint8_t bad_public_key_info[sizeof(public_key_info)];
   memcpy(bad_public_key_info, public_key_info, sizeof(public_key_info));
   bad_public_key_info[0] += 1;  // Corrupt part of the SPKI syntax.
-  ok = verifier.VerifyInit(signature_algorithm,
-                           sizeof(signature_algorithm),
-                           signature, sizeof(signature),
-                           bad_public_key_info, sizeof(bad_public_key_info));
+  ok = verifier.VerifyInit(crypto::SignatureVerifier::RSA_PKCS1_SHA1, signature,
+                           sizeof(signature), bad_public_key_info,
+                           sizeof(bad_public_key_info));
   EXPECT_FALSE(ok);
 
   // Test 6: import a key with extra data.
   uint8_t long_public_key_info[sizeof(public_key_info) + 5];
   memset(long_public_key_info, 0, sizeof(long_public_key_info));
   memcpy(long_public_key_info, public_key_info, sizeof(public_key_info));
-  ok = verifier.VerifyInit(signature_algorithm,
-                           sizeof(signature_algorithm),
-                           signature, sizeof(signature),
-                           long_public_key_info, sizeof(long_public_key_info));
+  ok = verifier.VerifyInit(crypto::SignatureVerifier::RSA_PKCS1_SHA1, signature,
+                           sizeof(signature), long_public_key_info,
+                           sizeof(long_public_key_info));
   EXPECT_FALSE(ok);
 }
 
 //////////////////////////////////////////////////////////////////////
 //
 // RSA-PSS signature verification known answer test
 //
 //////////////////////////////////////////////////////////////////////
 
 // The following RSA-PSS signature test vectors come from the pss-vect.txt
@@ skipping 728 matching lines @@
 }
 
 static bool EncodeRSAPublicKey(const std::vector<uint8_t>& modulus_n,
                                const std::vector<uint8_t>& public_exponent_e,
                                std::vector<uint8_t>* public_key_info) {
   // The public key is specified as the following ASN.1 structure:
   //   SubjectPublicKeyInfo  ::=  SEQUENCE  {
   //       algorithm            AlgorithmIdentifier,
   //       subjectPublicKey     BIT STRING  }
   //
-  // The signature algorithm is specified as the following ASN.1 structure:
+  // The algorithm is specified as the following ASN.1 structure:
   //    AlgorithmIdentifier  ::=  SEQUENCE  {
   //        algorithm               OBJECT IDENTIFIER,
   //        parameters              ANY DEFINED BY algorithm OPTIONAL  }
   //
   // An RSA public key is specified as the following ASN.1 structure:
   //    RSAPublicKey ::= SEQUENCE {
   //        modulus           INTEGER,  -- n
   //        publicExponent    INTEGER   -- e
   //    }
   static const uint8_t kIntegerTag = 0x02;
@@ skipping 118 matching lines @@
                                      &public_key_info[0],
                                      public_key_info.size());
       signature[0] -= 1;
       ASSERT_TRUE(ok);
       verifier.VerifyUpdate(&message[0], message.size());
       ok = verifier.VerifyFinal();
       EXPECT_FALSE(ok);
     }
   }
 }