Chromium Code Reviews Chromium Code Reviews
Issue 1690123002:
Reduce Certificate Parsing Strictness (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/internal/signature_algorithm.h" | 5 #include "net/cert/internal/signature_algorithm.h" |
| 6 | 6 |
| 7 #include "base/files/file_util.h" | 7 #include "base/files/file_util.h" |
| 8 #include "base/strings/string_number_conversions.h" | 8 #include "base/strings/string_number_conversions.h" |
| 9 #include "net/base/test_data_directory.h" | 9 #include "net/base/test_data_directory.h" |
| 10 #include "net/cert/pem_tokenizer.h" | 10 #include "net/cert/pem_tokenizer.h" |
| (...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 65 // OBJECT IDENTIFIER 1.2.840.113549.1.1.5 | 65 // OBJECT IDENTIFIER 1.2.840.113549.1.1.5 |
| 66 TEST(SignatureAlgorithmTest, ParseDerSha1WithRSAEncryptionNoParams) { | 66 TEST(SignatureAlgorithmTest, ParseDerSha1WithRSAEncryptionNoParams) { |
| 67 // clang-format off | 67 // clang-format off |
| 68 const uint8_t kData[] = { | 68 const uint8_t kData[] = { |
| 69 0x30, 0x0B, // SEQUENCE (11 bytes) | 69 0x30, 0x0B, // SEQUENCE (11 bytes) |
| 70 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes) | 70 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes) |
| 71 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, | 71 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, |
| 72 }; | 72 }; |
| 73 // clang-format on | 73 // clang-format on |
| 74 scoped_ptr<SignatureAlgorithm> algorithm; | 74 scoped_ptr<SignatureAlgorithm> algorithm; |
| 75 ASSERT_FALSE(ParseDer(kData, &algorithm)); | 75 ASSERT_TRUE(ParseDer(kData, &algorithm)); |
|
eroman
2016/02/12 21:09:44
Check the values of |algorithm| now that this expe
svaldez
2016/02/12 22:00:11
Done.
| |
| 76 } | 76 } |
| 77 | 77 |
| 78 // Parses a sha1WithRSAEncryption which contains an unexpected parameters | 78 // Parses a sha1WithRSAEncryption which contains an unexpected parameters |
| 79 // field. Instead of being NULL it is an integer. | 79 // field. Instead of being NULL it is an integer. |
| 80 // | 80 // |
| 81 // SEQUENCE (2 elem) | 81 // SEQUENCE (2 elem) |
| 82 // OBJECT IDENTIFIER 1.2.840.113549.1.1.5 | 82 // OBJECT IDENTIFIER 1.2.840.113549.1.1.5 |
| 83 // INTEGER 0 | 83 // INTEGER 0 |
| 84 TEST(SignatureAlgorithmTest, ParseDerSha1WithRSAEncryptionNonNullParams) { | 84 TEST(SignatureAlgorithmTest, ParseDerSha1WithRSAEncryptionNonNullParams) { |
| 85 // clang-format off | 85 // clang-format off |
| (...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 121 // OBJECT IDENTIFIER 1.3.14.3.2.29 | 121 // OBJECT IDENTIFIER 1.3.14.3.2.29 |
| 122 TEST(SignatureAlgorithmTest, ParseDerSha1WithRSASignatureNoParams) { | 122 TEST(SignatureAlgorithmTest, ParseDerSha1WithRSASignatureNoParams) { |
| 123 // clang-format off | 123 // clang-format off |
| 124 const uint8_t kData[] = { | 124 const uint8_t kData[] = { |
| 125 0x30, 0x07, // SEQUENCE (7 bytes) | 125 0x30, 0x07, // SEQUENCE (7 bytes) |
| 126 0x06, 0x05, // OBJECT IDENTIFIER (5 bytes) | 126 0x06, 0x05, // OBJECT IDENTIFIER (5 bytes) |
| 127 0x2b, 0x0e, 0x03, 0x02, 0x1d, | 127 0x2b, 0x0e, 0x03, 0x02, 0x1d, |
| 128 }; | 128 }; |
| 129 // clang-format on | 129 // clang-format on |
| 130 scoped_ptr<SignatureAlgorithm> algorithm; | 130 scoped_ptr<SignatureAlgorithm> algorithm; |
| 131 ASSERT_FALSE(ParseDer(kData, &algorithm)); | 131 ASSERT_TRUE(ParseDer(kData, &algorithm)); |
|
eroman
2016/02/12 21:09:44
Same here.
svaldez
2016/02/12 22:00:11
Done.
| |
| 132 } | 132 } |
| 133 | 133 |
| 134 // Parses a sha1WithRSAEncryption which contains values after the sequence. | 134 // Parses a sha1WithRSAEncryption which contains values after the sequence. |
| 135 // | 135 // |
| 136 // SEQUENCE (2 elem) | 136 // SEQUENCE (2 elem) |
| 137 // OBJECT IDENTIFIER 1.2.840.113549.1.1.5 | 137 // OBJECT IDENTIFIER 1.2.840.113549.1.1.5 |
| 138 // NULL | 138 // NULL |
| 139 // INTEGER 0 | 139 // INTEGER 0 |
| 140 TEST(SignatureAlgorithmTest, ParseDerSha1WithRsaEncryptionDataAfterSequence) { | 140 TEST(SignatureAlgorithmTest, ParseDerSha1WithRsaEncryptionDataAfterSequence) { |
| 141 // clang-format off | 141 // clang-format off |
| (...skipping 91 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 233 // OBJECT IDENTIFIER 1.2.840.113549.1.1.11 | 233 // OBJECT IDENTIFIER 1.2.840.113549.1.1.11 |
| 234 TEST(SignatureAlgorithmTest, ParseDerSha256WithRSAEncryptionNoParams) { | 234 TEST(SignatureAlgorithmTest, ParseDerSha256WithRSAEncryptionNoParams) { |
| 235 // clang-format off | 235 // clang-format off |
| 236 const uint8_t kData[] = { | 236 const uint8_t kData[] = { |
| 237 0x30, 0x0B, // SEQUENCE (11 bytes) | 237 0x30, 0x0B, // SEQUENCE (11 bytes) |
| 238 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes) | 238 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes) |
| 239 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, | 239 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, |
| 240 }; | 240 }; |
| 241 // clang-format on | 241 // clang-format on |
| 242 scoped_ptr<SignatureAlgorithm> algorithm; | 242 scoped_ptr<SignatureAlgorithm> algorithm; |
| 243 ASSERT_FALSE(ParseDer(kData, &algorithm)); | 243 ASSERT_TRUE(ParseDer(kData, &algorithm)); |
|
eroman
2016/02/12 21:09:44
Same here.
svaldez
2016/02/12 22:00:11
Done.
| |
| 244 } | 244 } |
| 245 | 245 |
| 246 // Parses a sha384WithRSAEncryption which contains a NULL parameters field. | 246 // Parses a sha384WithRSAEncryption which contains a NULL parameters field. |
| 247 // | 247 // |
| 248 // SEQUENCE (2 elem) | 248 // SEQUENCE (2 elem) |
| 249 // OBJECT IDENTIFIER 1.2.840.113549.1.1.12 | 249 // OBJECT IDENTIFIER 1.2.840.113549.1.1.12 |
| 250 // NULL | 250 // NULL |
| 251 TEST(SignatureAlgorithmTest, ParseDerSha384WithRSAEncryptionNullParams) { | 251 TEST(SignatureAlgorithmTest, ParseDerSha384WithRSAEncryptionNullParams) { |
| 252 // clang-format off | 252 // clang-format off |
| 253 const uint8_t kData[] = { | 253 const uint8_t kData[] = { |
| (...skipping 16 matching lines...) Expand all Loading... | |
| 270 // OBJECT IDENTIFIER 1.2.840.113549.1.1.12 | 270 // OBJECT IDENTIFIER 1.2.840.113549.1.1.12 |
| 271 TEST(SignatureAlgorithmTest, ParseDerSha384WithRSAEncryptionNoParams) { | 271 TEST(SignatureAlgorithmTest, ParseDerSha384WithRSAEncryptionNoParams) { |
| 272 // clang-format off | 272 // clang-format off |
| 273 const uint8_t kData[] = { | 273 const uint8_t kData[] = { |
| 274 0x30, 0x0B, // SEQUENCE (11 bytes) | 274 0x30, 0x0B, // SEQUENCE (11 bytes) |
| 275 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes) | 275 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes) |
| 276 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0c, | 276 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0c, |
| 277 }; | 277 }; |
| 278 // clang-format on | 278 // clang-format on |
| 279 scoped_ptr<SignatureAlgorithm> algorithm; | 279 scoped_ptr<SignatureAlgorithm> algorithm; |
| 280 ASSERT_FALSE(ParseDer(kData, &algorithm)); | 280 ASSERT_TRUE(ParseDer(kData, &algorithm)); |
|
eroman
2016/02/12 21:09:44
And here.
svaldez
2016/02/12 22:00:11
Done.
| |
| 281 } | 281 } |
| 282 | 282 |
| 283 // Parses a sha512WithRSAEncryption which contains a NULL parameters field. | 283 // Parses a sha512WithRSAEncryption which contains a NULL parameters field. |
| 284 // | 284 // |
| 285 // SEQUENCE (2 elem) | 285 // SEQUENCE (2 elem) |
| 286 // OBJECT IDENTIFIER 1.2.840.113549.1.1.13 | 286 // OBJECT IDENTIFIER 1.2.840.113549.1.1.13 |
| 287 // NULL | 287 // NULL |
| 288 TEST(SignatureAlgorithmTest, ParseDerSha512WithRSAEncryptionNullParams) { | 288 TEST(SignatureAlgorithmTest, ParseDerSha512WithRSAEncryptionNullParams) { |
| 289 // clang-format off | 289 // clang-format off |
| 290 const uint8_t kData[] = { | 290 const uint8_t kData[] = { |
| (...skipping 16 matching lines...) Expand all Loading... | |
| 307 // OBJECT IDENTIFIER 1.2.840.113549.1.1.13 | 307 // OBJECT IDENTIFIER 1.2.840.113549.1.1.13 |
| 308 TEST(SignatureAlgorithmTest, ParseDerSha512WithRSAEncryptionNoParams) { | 308 TEST(SignatureAlgorithmTest, ParseDerSha512WithRSAEncryptionNoParams) { |
| 309 // clang-format off | 309 // clang-format off |
| 310 const uint8_t kData[] = { | 310 const uint8_t kData[] = { |
| 311 0x30, 0x0B, // SEQUENCE (11 bytes) | 311 0x30, 0x0B, // SEQUENCE (11 bytes) |
| 312 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes) | 312 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes) |
| 313 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0d, | 313 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0d, |
| 314 }; | 314 }; |
| 315 // clang-format on | 315 // clang-format on |
| 316 scoped_ptr<SignatureAlgorithm> algorithm; | 316 scoped_ptr<SignatureAlgorithm> algorithm; |
| 317 ASSERT_FALSE(ParseDer(kData, &algorithm)); | 317 ASSERT_TRUE(ParseDer(kData, &algorithm)); |
|
eroman
2016/02/12 21:09:44
...
svaldez
2016/02/12 22:00:11
Done.
| |
| 318 } | 318 } |
| 319 | 319 |
| 320 // Parses a sha224WithRSAEncryption which contains a NULL parameters field. | 320 // Parses a sha224WithRSAEncryption which contains a NULL parameters field. |
| 321 // This fails because the parsing code does not enumerate this OID (even though | 321 // This fails because the parsing code does not enumerate this OID (even though |
| 322 // it is in fact valid). | 322 // it is in fact valid). |
| 323 // | 323 // |
| 324 // SEQUENCE (2 elem) | 324 // SEQUENCE (2 elem) |
| 325 // OBJECT IDENTIFIER 1.2.840.113549.1.1.14 | 325 // OBJECT IDENTIFIER 1.2.840.113549.1.1.14 |
| 326 // NULL | 326 // NULL |
| 327 TEST(SignatureAlgorithmTest, ParseDerSha224WithRSAEncryptionNullParams) { | 327 TEST(SignatureAlgorithmTest, ParseDerSha224WithRSAEncryptionNullParams) { |
| (...skipping 703 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1031 const RsaPssParameters* params = algorithm->ParamsForRsaPss(); | 1031 const RsaPssParameters* params = algorithm->ParamsForRsaPss(); |
| 1032 | 1032 |
| 1033 ASSERT_TRUE(params); | 1033 ASSERT_TRUE(params); |
| 1034 EXPECT_EQ(DigestAlgorithm::Sha256, params->mgf1_hash()); | 1034 EXPECT_EQ(DigestAlgorithm::Sha256, params->mgf1_hash()); |
| 1035 EXPECT_EQ(10u, params->salt_length()); | 1035 EXPECT_EQ(10u, params->salt_length()); |
| 1036 } | 1036 } |
| 1037 | 1037 |
| 1038 } // namespace | 1038 } // namespace |
| 1039 | 1039 |
| 1040 } // namespace net | 1040 } // namespace net |
| OLD | NEW |
