Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(85)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/internal/signature_algorithm_unittest.cc

Issue 1690123002: Reduce Certificate Parsing Strictness (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Removing 21 octet weakness. Created 4 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/cert/internal/signature_algorithm.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/internal/signature_algorithm.h" 5 #include "net/cert/internal/signature_algorithm.h"
6 6
7 #include "base/files/file_util.h" 7 #include "base/files/file_util.h"
8 #include "base/strings/string_number_conversions.h" 8 #include "base/strings/string_number_conversions.h"
9 #include "net/base/test_data_directory.h" 9 #include "net/base/test_data_directory.h"
10 #include "net/cert/pem_tokenizer.h" 10 #include "net/cert/pem_tokenizer.h"
(...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after
65 // OBJECT IDENTIFIER 1.2.840.113549.1.1.5 65 // OBJECT IDENTIFIER 1.2.840.113549.1.1.5
66 TEST(SignatureAlgorithmTest, ParseDerSha1WithRSAEncryptionNoParams) { 66 TEST(SignatureAlgorithmTest, ParseDerSha1WithRSAEncryptionNoParams) {
67 // clang-format off 67 // clang-format off
68 const uint8_t kData[] = { 68 const uint8_t kData[] = {
69 0x30, 0x0B, // SEQUENCE (11 bytes) 69 0x30, 0x0B, // SEQUENCE (11 bytes)
70 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes) 70 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes)
71 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, 71 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05,
72 }; 72 };
73 // clang-format on 73 // clang-format on
74 scoped_ptr<SignatureAlgorithm> algorithm; 74 scoped_ptr<SignatureAlgorithm> algorithm;
75 ASSERT_FALSE(ParseDer(kData, &algorithm)); 75 ASSERT_TRUE(ParseDer(kData, &algorithm));
76
77 EXPECT_EQ(SignatureAlgorithmId::RsaPkcs1, algorithm->algorithm());
78 EXPECT_EQ(DigestAlgorithm::Sha1, algorithm->digest());
76 } 79 }
77 80
78 // Parses a sha1WithRSAEncryption which contains an unexpected parameters 81 // Parses a sha1WithRSAEncryption which contains an unexpected parameters
79 // field. Instead of being NULL it is an integer. 82 // field. Instead of being NULL it is an integer.
80 // 83 //
81 // SEQUENCE (2 elem) 84 // SEQUENCE (2 elem)
82 // OBJECT IDENTIFIER 1.2.840.113549.1.1.5 85 // OBJECT IDENTIFIER 1.2.840.113549.1.1.5
83 // INTEGER 0 86 // INTEGER 0
84 TEST(SignatureAlgorithmTest, ParseDerSha1WithRSAEncryptionNonNullParams) { 87 TEST(SignatureAlgorithmTest, ParseDerSha1WithRSAEncryptionNonNullParams) {
85 // clang-format off 88 // clang-format off
(...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after
121 // OBJECT IDENTIFIER 1.3.14.3.2.29 124 // OBJECT IDENTIFIER 1.3.14.3.2.29
122 TEST(SignatureAlgorithmTest, ParseDerSha1WithRSASignatureNoParams) { 125 TEST(SignatureAlgorithmTest, ParseDerSha1WithRSASignatureNoParams) {
123 // clang-format off 126 // clang-format off
124 const uint8_t kData[] = { 127 const uint8_t kData[] = {
125 0x30, 0x07, // SEQUENCE (7 bytes) 128 0x30, 0x07, // SEQUENCE (7 bytes)
126 0x06, 0x05, // OBJECT IDENTIFIER (5 bytes) 129 0x06, 0x05, // OBJECT IDENTIFIER (5 bytes)
127 0x2b, 0x0e, 0x03, 0x02, 0x1d, 130 0x2b, 0x0e, 0x03, 0x02, 0x1d,
128 }; 131 };
129 // clang-format on 132 // clang-format on
130 scoped_ptr<SignatureAlgorithm> algorithm; 133 scoped_ptr<SignatureAlgorithm> algorithm;
131 ASSERT_FALSE(ParseDer(kData, &algorithm)); 134 ASSERT_TRUE(ParseDer(kData, &algorithm));
135
136 EXPECT_EQ(SignatureAlgorithmId::RsaPkcs1, algorithm->algorithm());
137 EXPECT_EQ(DigestAlgorithm::Sha1, algorithm->digest());
132 } 138 }
133 139
134 // Parses a sha1WithRSAEncryption which contains values after the sequence. 140 // Parses a sha1WithRSAEncryption which contains values after the sequence.
135 // 141 //
136 // SEQUENCE (2 elem) 142 // SEQUENCE (2 elem)
137 // OBJECT IDENTIFIER 1.2.840.113549.1.1.5 143 // OBJECT IDENTIFIER 1.2.840.113549.1.1.5
138 // NULL 144 // NULL
139 // INTEGER 0 145 // INTEGER 0
140 TEST(SignatureAlgorithmTest, ParseDerSha1WithRsaEncryptionDataAfterSequence) { 146 TEST(SignatureAlgorithmTest, ParseDerSha1WithRsaEncryptionDataAfterSequence) {
141 // clang-format off 147 // clang-format off
(...skipping 91 matching lines...) Expand 10 before | Expand all | Expand 10 after
233 // OBJECT IDENTIFIER 1.2.840.113549.1.1.11 239 // OBJECT IDENTIFIER 1.2.840.113549.1.1.11
234 TEST(SignatureAlgorithmTest, ParseDerSha256WithRSAEncryptionNoParams) { 240 TEST(SignatureAlgorithmTest, ParseDerSha256WithRSAEncryptionNoParams) {
235 // clang-format off 241 // clang-format off
236 const uint8_t kData[] = { 242 const uint8_t kData[] = {
237 0x30, 0x0B, // SEQUENCE (11 bytes) 243 0x30, 0x0B, // SEQUENCE (11 bytes)
238 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes) 244 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes)
239 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 245 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b,
240 }; 246 };
241 // clang-format on 247 // clang-format on
242 scoped_ptr<SignatureAlgorithm> algorithm; 248 scoped_ptr<SignatureAlgorithm> algorithm;
243 ASSERT_FALSE(ParseDer(kData, &algorithm)); 249 ASSERT_TRUE(ParseDer(kData, &algorithm));
250
251 EXPECT_EQ(SignatureAlgorithmId::RsaPkcs1, algorithm->algorithm());
252 EXPECT_EQ(DigestAlgorithm::Sha256, algorithm->digest());
244 } 253 }
245 254
246 // Parses a sha384WithRSAEncryption which contains a NULL parameters field. 255 // Parses a sha384WithRSAEncryption which contains a NULL parameters field.
247 // 256 //
248 // SEQUENCE (2 elem) 257 // SEQUENCE (2 elem)
249 // OBJECT IDENTIFIER 1.2.840.113549.1.1.12 258 // OBJECT IDENTIFIER 1.2.840.113549.1.1.12
250 // NULL 259 // NULL
251 TEST(SignatureAlgorithmTest, ParseDerSha384WithRSAEncryptionNullParams) { 260 TEST(SignatureAlgorithmTest, ParseDerSha384WithRSAEncryptionNullParams) {
252 // clang-format off 261 // clang-format off
253 const uint8_t kData[] = { 262 const uint8_t kData[] = {
(...skipping 16 matching lines...) Expand all
270 // OBJECT IDENTIFIER 1.2.840.113549.1.1.12 279 // OBJECT IDENTIFIER 1.2.840.113549.1.1.12
271 TEST(SignatureAlgorithmTest, ParseDerSha384WithRSAEncryptionNoParams) { 280 TEST(SignatureAlgorithmTest, ParseDerSha384WithRSAEncryptionNoParams) {
272 // clang-format off 281 // clang-format off
273 const uint8_t kData[] = { 282 const uint8_t kData[] = {
274 0x30, 0x0B, // SEQUENCE (11 bytes) 283 0x30, 0x0B, // SEQUENCE (11 bytes)
275 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes) 284 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes)
276 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0c, 285 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0c,
277 }; 286 };
278 // clang-format on 287 // clang-format on
279 scoped_ptr<SignatureAlgorithm> algorithm; 288 scoped_ptr<SignatureAlgorithm> algorithm;
280 ASSERT_FALSE(ParseDer(kData, &algorithm)); 289 ASSERT_TRUE(ParseDer(kData, &algorithm));
290
291 EXPECT_EQ(SignatureAlgorithmId::RsaPkcs1, algorithm->algorithm());
292 EXPECT_EQ(DigestAlgorithm::Sha384, algorithm->digest());
281 } 293 }
282 294
283 // Parses a sha512WithRSAEncryption which contains a NULL parameters field. 295 // Parses a sha512WithRSAEncryption which contains a NULL parameters field.
284 // 296 //
285 // SEQUENCE (2 elem) 297 // SEQUENCE (2 elem)
286 // OBJECT IDENTIFIER 1.2.840.113549.1.1.13 298 // OBJECT IDENTIFIER 1.2.840.113549.1.1.13
287 // NULL 299 // NULL
288 TEST(SignatureAlgorithmTest, ParseDerSha512WithRSAEncryptionNullParams) { 300 TEST(SignatureAlgorithmTest, ParseDerSha512WithRSAEncryptionNullParams) {
289 // clang-format off 301 // clang-format off
290 const uint8_t kData[] = { 302 const uint8_t kData[] = {
(...skipping 16 matching lines...) Expand all
307 // OBJECT IDENTIFIER 1.2.840.113549.1.1.13 319 // OBJECT IDENTIFIER 1.2.840.113549.1.1.13
308 TEST(SignatureAlgorithmTest, ParseDerSha512WithRSAEncryptionNoParams) { 320 TEST(SignatureAlgorithmTest, ParseDerSha512WithRSAEncryptionNoParams) {
309 // clang-format off 321 // clang-format off
310 const uint8_t kData[] = { 322 const uint8_t kData[] = {
311 0x30, 0x0B, // SEQUENCE (11 bytes) 323 0x30, 0x0B, // SEQUENCE (11 bytes)
312 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes) 324 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes)
313 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0d, 325 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0d,
314 }; 326 };
315 // clang-format on 327 // clang-format on
316 scoped_ptr<SignatureAlgorithm> algorithm; 328 scoped_ptr<SignatureAlgorithm> algorithm;
317 ASSERT_FALSE(ParseDer(kData, &algorithm)); 329 ASSERT_TRUE(ParseDer(kData, &algorithm));
330
331 EXPECT_EQ(SignatureAlgorithmId::RsaPkcs1, algorithm->algorithm());
332 EXPECT_EQ(DigestAlgorithm::Sha512, algorithm->digest());
318 } 333 }
319 334
320 // Parses a sha224WithRSAEncryption which contains a NULL parameters field. 335 // Parses a sha224WithRSAEncryption which contains a NULL parameters field.
321 // This fails because the parsing code does not enumerate this OID (even though 336 // This fails because the parsing code does not enumerate this OID (even though
322 // it is in fact valid). 337 // it is in fact valid).
323 // 338 //
324 // SEQUENCE (2 elem) 339 // SEQUENCE (2 elem)
325 // OBJECT IDENTIFIER 1.2.840.113549.1.1.14 340 // OBJECT IDENTIFIER 1.2.840.113549.1.1.14
326 // NULL 341 // NULL
327 TEST(SignatureAlgorithmTest, ParseDerSha224WithRSAEncryptionNullParams) { 342 TEST(SignatureAlgorithmTest, ParseDerSha224WithRSAEncryptionNullParams) {
(...skipping 703 matching lines...) Expand 10 before | Expand all | Expand 10 after
1031 const RsaPssParameters* params = algorithm->ParamsForRsaPss(); 1046 const RsaPssParameters* params = algorithm->ParamsForRsaPss();
1032 1047
1033 ASSERT_TRUE(params); 1048 ASSERT_TRUE(params);
1034 EXPECT_EQ(DigestAlgorithm::Sha256, params->mgf1_hash()); 1049 EXPECT_EQ(DigestAlgorithm::Sha256, params->mgf1_hash());
1035 EXPECT_EQ(10u, params->salt_length()); 1050 EXPECT_EQ(10u, params->salt_length());
1036 } 1051 }
1037 1052
1038 } // namespace 1053 } // namespace
1039 1054
1040 } // namespace net 1055 } // namespace net
OLDNEW
« no previous file with comments | « net/cert/internal/signature_algorithm.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698