OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/internal/verify_signed_data.h" | 5 #include "net/cert/internal/verify_signed_data.h" |
6 | 6 |
7 #include <memory> | 7 #include <memory> |
8 #include <set> | 8 #include <set> |
9 | 9 |
10 #include "net/cert/internal/signature_algorithm.h" | 10 #include "net/cert/internal/signature_algorithm.h" |
11 #include "net/cert/internal/signature_policy.h" | 11 #include "net/cert/internal/signature_policy.h" |
12 #include "net/cert/internal/test_helpers.h" | 12 #include "net/cert/internal/test_helpers.h" |
13 #include "net/der/input.h" | 13 #include "net/der/input.h" |
14 #include "net/der/parse_values.h" | 14 #include "net/der/parse_values.h" |
15 #include "net/der/parser.h" | 15 #include "net/der/parser.h" |
16 #include "testing/gtest/include/gtest/gtest.h" | 16 #include "testing/gtest/include/gtest/gtest.h" |
17 | 17 |
18 #if defined(USE_OPENSSL) | |
19 #include <openssl/obj.h> | 18 #include <openssl/obj.h> |
20 #endif | |
21 | 19 |
22 namespace net { | 20 namespace net { |
23 | 21 |
24 namespace { | 22 namespace { |
25 | 23 |
26 enum VerifyResult { | 24 enum VerifyResult { |
27 SUCCESS, | 25 SUCCESS, |
28 FAILURE, | 26 FAILURE, |
29 }; | 27 }; |
30 | 28 |
31 // Reads test data from |file_name| and runs VerifySignedData() over its | 29 // Reads test data from |file_name| and runs VerifySignedData() over its |
32 // inputs, using |policy|. | 30 // inputs, using |policy|. |
33 // | 31 // |
34 // If expected_result was SUCCESS then the test will only succeed if | 32 // If expected_result was SUCCESS then the test will only succeed if |
35 // VerifySignedData() returns true. | 33 // VerifySignedData() returns true. |
36 // | 34 // |
37 // If expected_result was FAILURE then the test will only succeed if | 35 // If expected_result was FAILURE then the test will only succeed if |
38 // VerifySignedData() returns false. | 36 // VerifySignedData() returns false. |
39 void RunTestCaseUsingPolicy(VerifyResult expected_result, | 37 void RunTestCaseUsingPolicy(VerifyResult expected_result, |
40 const char* file_name, | 38 const char* file_name, |
41 const SignaturePolicy* policy) { | 39 const SignaturePolicy* policy) { |
42 #if !defined(USE_OPENSSL) | |
43 LOG(INFO) << "Skipping test, only implemented for BoringSSL"; | |
44 return; | |
45 #endif | |
46 | |
47 std::string path = | 40 std::string path = |
48 std::string("net/data/verify_signed_data_unittest/") + file_name; | 41 std::string("net/data/verify_signed_data_unittest/") + file_name; |
49 | 42 |
50 std::string public_key; | 43 std::string public_key; |
51 std::string algorithm; | 44 std::string algorithm; |
52 std::string signed_data; | 45 std::string signed_data; |
53 std::string signature_value; | 46 std::string signature_value; |
54 | 47 |
55 const PemBlockMapping mappings[] = { | 48 const PemBlockMapping mappings[] = { |
56 {"PUBLIC KEY", &public_key}, | 49 {"PUBLIC KEY", &public_key}, |
(...skipping 159 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
216 } | 209 } |
217 | 210 |
218 TEST(VerifySignedDataTest, EcdsaPrime256v1Sha512UnusedBitsSignature) { | 211 TEST(VerifySignedDataTest, EcdsaPrime256v1Sha512UnusedBitsSignature) { |
219 RunTestCase(FAILURE, "ecdsa-prime256v1-sha512-unused-bits-signature.pem"); | 212 RunTestCase(FAILURE, "ecdsa-prime256v1-sha512-unused-bits-signature.pem"); |
220 } | 213 } |
221 | 214 |
222 // This policy rejects specifically secp384r1 curves. | 215 // This policy rejects specifically secp384r1 curves. |
223 class RejectSecp384r1Policy : public SignaturePolicy { | 216 class RejectSecp384r1Policy : public SignaturePolicy { |
224 public: | 217 public: |
225 bool IsAcceptableCurveForEcdsa(int curve_nid) const override { | 218 bool IsAcceptableCurveForEcdsa(int curve_nid) const override { |
226 #if defined(USE_OPENSSL) | |
227 if (curve_nid == NID_secp384r1) | 219 if (curve_nid == NID_secp384r1) |
228 return false; | 220 return false; |
229 #endif | |
230 return true; | 221 return true; |
231 } | 222 } |
232 }; | 223 }; |
233 | 224 |
234 TEST(VerifySignedDataTest, PolicyIsAcceptableCurveForEcdsa) { | 225 TEST(VerifySignedDataTest, PolicyIsAcceptableCurveForEcdsa) { |
235 // Using the regular policy both secp384r1 and secp256r1 should be accepted. | 226 // Using the regular policy both secp384r1 and secp256r1 should be accepted. |
236 RunTestCase(SUCCESS, "ecdsa-secp384r1-sha256.pem"); | 227 RunTestCase(SUCCESS, "ecdsa-secp384r1-sha256.pem"); |
237 RunTestCase(SUCCESS, "ecdsa-prime256v1-sha512.pem"); | 228 RunTestCase(SUCCESS, "ecdsa-prime256v1-sha512.pem"); |
238 | 229 |
239 // However when using a policy that specifically rejects secp384r1, only | 230 // However when using a policy that specifically rejects secp384r1, only |
(...skipping 57 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
297 RunTestCaseUsingPolicy(SUCCESS, "ecdsa-secp384r1-sha256.pem", &policy); | 288 RunTestCaseUsingPolicy(SUCCESS, "ecdsa-secp384r1-sha256.pem", &policy); |
298 RunTestCaseUsingPolicy(SUCCESS, "rsa-pkcs1-sha256.pem", &policy); | 289 RunTestCaseUsingPolicy(SUCCESS, "rsa-pkcs1-sha256.pem", &policy); |
299 RunTestCaseUsingPolicy(SUCCESS, "rsa-pss-sha256-salt10.pem", &policy); | 290 RunTestCaseUsingPolicy(SUCCESS, "rsa-pss-sha256-salt10.pem", &policy); |
300 RunTestCaseUsingPolicy(FAILURE, "rsa-pss-sha256-mgf1-sha512-salt33.pem", | 291 RunTestCaseUsingPolicy(FAILURE, "rsa-pss-sha256-mgf1-sha512-salt33.pem", |
301 &policy); | 292 &policy); |
302 } | 293 } |
303 | 294 |
304 } // namespace | 295 } // namespace |
305 | 296 |
306 } // namespace net | 297 } // namespace net |
OLD | NEW |