OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/internal/verify_signed_data.h" | 5 #include "net/cert/internal/verify_signed_data.h" |
6 | 6 |
7 #include <set> | 7 #include <set> |
8 | 8 |
9 #include "net/cert/internal/signature_algorithm.h" | 9 #include "net/cert/internal/signature_algorithm.h" |
10 #include "net/cert/internal/signature_policy.h" | 10 #include "net/cert/internal/signature_policy.h" |
11 #include "net/cert/internal/test_helpers.h" | 11 #include "net/cert/internal/test_helpers.h" |
12 #include "net/der/input.h" | 12 #include "net/der/input.h" |
13 #include "net/der/parse_values.h" | 13 #include "net/der/parse_values.h" |
14 #include "net/der/parser.h" | 14 #include "net/der/parser.h" |
15 #include "testing/gtest/include/gtest/gtest.h" | 15 #include "testing/gtest/include/gtest/gtest.h" |
16 | 16 |
17 #if defined(USE_OPENSSL) | |
18 #include <openssl/obj.h> | 17 #include <openssl/obj.h> |
19 #endif | |
20 | 18 |
21 namespace net { | 19 namespace net { |
22 | 20 |
23 namespace { | 21 namespace { |
24 | 22 |
25 enum VerifyResult { | 23 enum VerifyResult { |
26 SUCCESS, | 24 SUCCESS, |
27 FAILURE, | 25 FAILURE, |
28 }; | 26 }; |
29 | 27 |
30 // Reads test data from |file_name| and runs VerifySignedData() over its | 28 // Reads test data from |file_name| and runs VerifySignedData() over its |
31 // inputs, using |policy|. | 29 // inputs, using |policy|. |
32 // | 30 // |
33 // If expected_result was SUCCESS then the test will only succeed if | 31 // If expected_result was SUCCESS then the test will only succeed if |
34 // VerifySignedData() returns true. | 32 // VerifySignedData() returns true. |
35 // | 33 // |
36 // If expected_result was FAILURE then the test will only succeed if | 34 // If expected_result was FAILURE then the test will only succeed if |
37 // VerifySignedData() returns false. | 35 // VerifySignedData() returns false. |
38 void RunTestCaseUsingPolicy(VerifyResult expected_result, | 36 void RunTestCaseUsingPolicy(VerifyResult expected_result, |
39 const char* file_name, | 37 const char* file_name, |
40 const SignaturePolicy* policy) { | 38 const SignaturePolicy* policy) { |
41 #if !defined(USE_OPENSSL) | |
42 LOG(INFO) << "Skipping test, only implemented for BoringSSL"; | |
43 return; | |
44 #endif | |
45 | |
46 std::string path = | 39 std::string path = |
47 std::string("net/data/verify_signed_data_unittest/") + file_name; | 40 std::string("net/data/verify_signed_data_unittest/") + file_name; |
48 | 41 |
49 std::string public_key; | 42 std::string public_key; |
50 std::string algorithm; | 43 std::string algorithm; |
51 std::string signed_data; | 44 std::string signed_data; |
52 std::string signature_value; | 45 std::string signature_value; |
53 | 46 |
54 const PemBlockMapping mappings[] = { | 47 const PemBlockMapping mappings[] = { |
55 {"PUBLIC KEY", &public_key}, | 48 {"PUBLIC KEY", &public_key}, |
(...skipping 159 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
215 } | 208 } |
216 | 209 |
217 TEST(VerifySignedDataTest, EcdsaPrime256v1Sha512UnusedBitsSignature) { | 210 TEST(VerifySignedDataTest, EcdsaPrime256v1Sha512UnusedBitsSignature) { |
218 RunTestCase(FAILURE, "ecdsa-prime256v1-sha512-unused-bits-signature.pem"); | 211 RunTestCase(FAILURE, "ecdsa-prime256v1-sha512-unused-bits-signature.pem"); |
219 } | 212 } |
220 | 213 |
221 // This policy rejects specifically secp384r1 curves. | 214 // This policy rejects specifically secp384r1 curves. |
222 class RejectSecp384r1Policy : public SignaturePolicy { | 215 class RejectSecp384r1Policy : public SignaturePolicy { |
223 public: | 216 public: |
224 bool IsAcceptableCurveForEcdsa(int curve_nid) const override { | 217 bool IsAcceptableCurveForEcdsa(int curve_nid) const override { |
225 #if defined(USE_OPENSSL) | |
226 if (curve_nid == NID_secp384r1) | 218 if (curve_nid == NID_secp384r1) |
227 return false; | 219 return false; |
228 #endif | |
229 return true; | 220 return true; |
230 } | 221 } |
231 }; | 222 }; |
232 | 223 |
233 TEST(VerifySignedDataTest, PolicyIsAcceptableCurveForEcdsa) { | 224 TEST(VerifySignedDataTest, PolicyIsAcceptableCurveForEcdsa) { |
234 // Using the regular policy both secp384r1 and secp256r1 should be accepted. | 225 // Using the regular policy both secp384r1 and secp256r1 should be accepted. |
235 RunTestCase(SUCCESS, "ecdsa-secp384r1-sha256.pem"); | 226 RunTestCase(SUCCESS, "ecdsa-secp384r1-sha256.pem"); |
236 RunTestCase(SUCCESS, "ecdsa-prime256v1-sha512.pem"); | 227 RunTestCase(SUCCESS, "ecdsa-prime256v1-sha512.pem"); |
237 | 228 |
238 // However when using a policy that specifically rejects secp384r1, only | 229 // However when using a policy that specifically rejects secp384r1, only |
(...skipping 57 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
296 RunTestCaseUsingPolicy(SUCCESS, "ecdsa-secp384r1-sha256.pem", &policy); | 287 RunTestCaseUsingPolicy(SUCCESS, "ecdsa-secp384r1-sha256.pem", &policy); |
297 RunTestCaseUsingPolicy(SUCCESS, "rsa-pkcs1-sha256.pem", &policy); | 288 RunTestCaseUsingPolicy(SUCCESS, "rsa-pkcs1-sha256.pem", &policy); |
298 RunTestCaseUsingPolicy(SUCCESS, "rsa-pss-sha256-salt10.pem", &policy); | 289 RunTestCaseUsingPolicy(SUCCESS, "rsa-pss-sha256-salt10.pem", &policy); |
299 RunTestCaseUsingPolicy(FAILURE, "rsa-pss-sha256-mgf1-sha512-salt33.pem", | 290 RunTestCaseUsingPolicy(FAILURE, "rsa-pss-sha256-mgf1-sha512-salt33.pem", |
300 &policy); | 291 &policy); |
301 } | 292 } |
302 | 293 |
303 } // namespace | 294 } // namespace |
304 | 295 |
305 } // namespace net | 296 } // namespace net |
OLD | NEW |