search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Revert "Reland c91b178b07b0d - Delete dead signin code (SigninGlobalError)"
[chromium-blink-merge.git] / net / cert / internal / verify_signed_data_unittest.cc
blob99e449c26a2dd077276a4772e81f800d9374169e
1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/cert/internal/verify_signed_data.h"
6
7 #include <set>
8
9 #include "net/cert/internal/signature_algorithm.h"
10 #include "net/cert/internal/signature_policy.h"
11 #include "net/cert/internal/test_helpers.h"
12 #include "net/der/input.h"
13 #include "net/der/parse_values.h"
14 #include "net/der/parser.h"
15 #include "testing/gtest/include/gtest/gtest.h"
16
17 #if defined(USE_OPENSSL)
18 #include <openssl/obj.h>
19 #endif
20
21 namespace net {
22
23 namespace {
24
25 enum VerifyResult {
26 SUCCESS,
27 FAILURE,
28 };
29
30 // Reads test data from |file_name| and runs VerifySignedData() over its
31 // inputs, using |policy|.
32 //
33 // If expected_result was SUCCESS then the test will only succeed if
34 // VerifySignedData() returns true.
35 //
36 // If expected_result was FAILURE then the test will only succeed if
37 // VerifySignedData() returns false.
38 void RunTestCaseUsingPolicy(VerifyResult expected_result,
39 const char* file_name,
40 const SignaturePolicy* policy) {
41 #if !defined(USE_OPENSSL)
42 LOG(INFO) << "Skipping test, only implemented for BoringSSL";
43 return;
44 #endif
45
46 std::string path =
47 std::string("net/data/verify_signed_data_unittest/") + file_name;
48
49 std::string public_key;
50 std::string algorithm;
51 std::string signed_data;
52 std::string signature_value;
53
54 const PemBlockMapping mappings[] = {
55 {"PUBLIC KEY", &public_key},
56 {"ALGORITHM", &algorithm},
57 {"DATA", &signed_data},
58 {"SIGNATURE", &signature_value},
59 };
60
61 ASSERT_TRUE(ReadTestDataFromPemFile(path, mappings));
62
63 scoped_ptr<SignatureAlgorithm> signature_algorithm =
64 SignatureAlgorithm::CreateFromDer(InputFromString(&algorithm));
65 ASSERT_TRUE(signature_algorithm);
66
67 der::BitString signature_value_bit_string;
68 der::Parser signature_value_parser(InputFromString(&signature_value));
69 ASSERT_TRUE(signature_value_parser.ReadBitString(&signature_value_bit_string))
70 << "The signature value is not a valid BIT STRING";
71
72 bool expected_result_bool = expected_result == SUCCESS;
73
74 EXPECT_EQ(
75 expected_result_bool,
76 VerifySignedData(*signature_algorithm, InputFromString(&signed_data),
77 signature_value_bit_string, InputFromString(&public_key),
78 policy));
79 }
80
81 // RunTestCase() is the same as RunTestCaseUsingPolicy(), only it uses a
82 // default policy. This policy will accept a basic profile of signature
83 // algorithms (including ANY sized RSA key >= 1024).
84 void RunTestCase(VerifyResult expected_result, const char* file_name) {
85 SimpleSignaturePolicy policy(1024);
86 return RunTestCaseUsingPolicy(expected_result, file_name, &policy);
87 }
88
89 // Read the descriptions in the test files themselves for details on what is
90 // being tested.
91
92 TEST(VerifySignedDataTest, RsaPkcs1Sha1) {
93 RunTestCase(SUCCESS, "rsa-pkcs1-sha1.pem");
94 }
95
96 TEST(VerifySignedDataTest, RsaPkcs1Sha256) {
97 RunTestCase(SUCCESS, "rsa-pkcs1-sha256.pem");
98 }
99
100 TEST(VerifySignedDataTest, Rsa2048Pkcs1Sha512) {
101 RunTestCase(SUCCESS, "rsa2048-pkcs1-sha512.pem");
102 }
103
104 TEST(VerifySignedDataTest, RsaPkcs1Sha256KeyEncodedBer) {
105 // TODO(eroman): This should fail! (SPKI should be DER-encoded).
106 RunTestCase(SUCCESS, "rsa-pkcs1-sha256-key-encoded-ber.pem");
107 }
108
109 TEST(VerifySignedDataTest, EcdsaSecp384r1Sha256) {
110 RunTestCase(SUCCESS, "ecdsa-secp384r1-sha256.pem");
111 }
112
113 TEST(VerifySignedDataTest, EcdsaPrime256v1Sha512) {
114 RunTestCase(SUCCESS, "ecdsa-prime256v1-sha512.pem");
115 }
116
117 TEST(VerifySignedDataTest, RsaPssSha1) {
118 RunTestCase(SUCCESS, "rsa-pss-sha1-salt20.pem");
119 }
120
121 TEST(VerifySignedDataTest, RsaPssSha256Mgf1Sha512Salt33) {
122 RunTestCase(SUCCESS, "rsa-pss-sha256-mgf1-sha512-salt33.pem");
123 }
124
125 TEST(VerifySignedDataTest, RsaPssSha256) {
126 RunTestCase(SUCCESS, "rsa-pss-sha256-salt10.pem");
127 }
128
129 TEST(VerifySignedDataTest, RsaPssSha1WrongSalt) {
130 RunTestCase(FAILURE, "rsa-pss-sha1-wrong-salt.pem");
131 }
132
133 TEST(VerifySignedDataTest, EcdsaSecp384r1Sha256CorruptedData) {
134 RunTestCase(FAILURE, "ecdsa-secp384r1-sha256-corrupted-data.pem");
135 }
136
137 TEST(VerifySignedDataTest, RsaPkcs1Sha1WrongAlgorithm) {
138 RunTestCase(FAILURE, "rsa-pkcs1-sha1-wrong-algorithm.pem");
139 }
140
141 TEST(VerifySignedDataTest, EcdsaPrime256v1Sha512WrongSignatureFormat) {
142 RunTestCase(FAILURE, "ecdsa-prime256v1-sha512-wrong-signature-format.pem");
143 }
144
145 TEST(VerifySignedDataTest, EcdsaUsingRsaKey) {
146 RunTestCase(FAILURE, "ecdsa-using-rsa-key.pem");
147 }
148
149 TEST(VerifySignedDataTest, RsaUsingEcKey) {
150 RunTestCase(FAILURE, "rsa-using-ec-key.pem");
151 }
152
153 TEST(VerifySignedDataTest, RsaPkcs1Sha1BadKeyDerNull) {
154 RunTestCase(FAILURE, "rsa-pkcs1-sha1-bad-key-der-null.pem");
155 }
156
157 TEST(VerifySignedDataTest, RsaPkcs1Sha1BadKeyDerLength) {
158 RunTestCase(FAILURE, "rsa-pkcs1-sha1-bad-key-der-length.pem");
159 }
160
161 TEST(VerifySignedDataTest, RsaPkcs1Sha256UsingEcdsaAlgorithm) {
162 RunTestCase(FAILURE, "rsa-pkcs1-sha256-using-ecdsa-algorithm.pem");
163 }
164
165 TEST(VerifySignedDataTest, EcdsaPrime256v1Sha512UsingRsaAlgorithm) {
166 RunTestCase(FAILURE, "ecdsa-prime256v1-sha512-using-rsa-algorithm.pem");
167 }
168
169 TEST(VerifySignedDataTest, EcdsaPrime256v1Sha512UsingEcdhKey) {
170 RunTestCase(FAILURE, "ecdsa-prime256v1-sha512-using-ecdh-key.pem");
171 }
172
173 TEST(VerifySignedDataTest, EcdsaPrime256v1Sha512UsingEcmqvKey) {
174 RunTestCase(FAILURE, "ecdsa-prime256v1-sha512-using-ecmqv-key.pem");
175 }
176
177 TEST(VerifySignedDataTest, RsaPkcs1Sha1KeyParamsAbsent) {
178 // TODO(eroman): This should fail! (key algoritm parsing is too permissive)
179 RunTestCase(SUCCESS, "rsa-pkcs1-sha1-key-params-absent.pem");
180 }
181
182 TEST(VerifySignedDataTest, RsaPssSha1Salt20UsingPssKeyNoParams) {
183 // TODO(eroman): This should pass! (rsaPss not currently supported in key
184 // algorithm).
185 RunTestCase(FAILURE, "rsa-pss-sha1-salt20-using-pss-key-no-params.pem");
186 }
187
188 TEST(VerifySignedDataTest, RsaPkcs1Sha1UsingPssKeyNoParams) {
189 RunTestCase(FAILURE, "rsa-pkcs1-sha1-using-pss-key-no-params.pem");
190 }
191
192 TEST(VerifySignedDataTest, RsaPssSha256Salt10UsingPssKeyWithParams) {
193 // TODO(eroman): This should pass! (rsaPss not currently supported in key
194 // algorithm).
195 RunTestCase(FAILURE, "rsa-pss-sha256-salt10-using-pss-key-with-params.pem");
196 }
197
198 TEST(VerifySignedDataTest, RsaPssSha256Salt10UsingPssKeyWithWrongParams) {
199 RunTestCase(FAILURE,
200 "rsa-pss-sha256-salt10-using-pss-key-with-wrong-params.pem");
201 }
202
203 TEST(VerifySignedDataTest, RsaPssSha256Salt12UsingPssKeyWithNullParams) {
204 RunTestCase(FAILURE,
205 "rsa-pss-sha1-salt20-using-pss-key-with-null-params.pem");
206 }
207
208 TEST(VerifySignedDataTest, EcdsaPrime256v1Sha512SpkiParamsNull) {
209 RunTestCase(FAILURE, "ecdsa-prime256v1-sha512-spki-params-null.pem");
210 }
211
212 TEST(VerifySignedDataTest, RsaPkcs1Sha256UsingIdEaRsa) {
213 // TODO(eroman): This should fail! (shouldn't recognize this weird OID).
214 RunTestCase(SUCCESS, "rsa-pkcs1-sha256-using-id-ea-rsa.pem");
215 }
216
217 TEST(VerifySignedDataTest, RsaPkcs1Sha256SpkiNonNullParams) {
218 // TODO(eroman): This should fail! (shouldn't recognize bogus params in rsa
219 // SPKI).
220 RunTestCase(SUCCESS, "rsa-pkcs1-sha256-spki-non-null-params.pem");
221 }
222
223 TEST(VerifySignedDataTest, EcdsaPrime256v1Sha512UnusedBitsSignature) {
224 RunTestCase(FAILURE, "ecdsa-prime256v1-sha512-unused-bits-signature.pem");
225 }
226
227 // This policy rejects specifically secp384r1 curves.
228 class RejectSecp384r1Policy : public SignaturePolicy {
229 public:
230 bool IsAcceptableCurveForEcdsa(int curve_nid) const override {
231 #if defined(USE_OPENSSL)
232 if (curve_nid == NID_secp384r1)
233 return false;
234 #endif
235 return true;
236 }
237 };
238
239 TEST(VerifySignedDataTest, PolicyIsAcceptableCurveForEcdsa) {
240 // Using the regular policy both secp384r1 and secp256r1 should be accepted.
241 RunTestCase(SUCCESS, "ecdsa-secp384r1-sha256.pem");
242 RunTestCase(SUCCESS, "ecdsa-prime256v1-sha512.pem");
243
244 // However when using a policy that specifically rejects secp384r1, only
245 // prime256v1 should be accepted.
246 RejectSecp384r1Policy policy;
247 RunTestCaseUsingPolicy(FAILURE, "ecdsa-secp384r1-sha256.pem", &policy);
248 RunTestCaseUsingPolicy(SUCCESS, "ecdsa-prime256v1-sha512.pem", &policy);
249 }
250
251 TEST(VerifySignedDataTest, PolicyIsAcceptableModulusLengthForRsa) {
252 // Using the regular policy both 1024-bit and 2048-bit RSA keys should be
253 // accepted.
254 SimpleSignaturePolicy policy_1024(1024);
255 RunTestCaseUsingPolicy(SUCCESS, "rsa-pkcs1-sha256.pem", &policy_1024);
256 RunTestCaseUsingPolicy(SUCCESS, "rsa2048-pkcs1-sha512.pem", &policy_1024);
257
258 // However when using a policy that rejects any keys less than 2048-bits, only
259 // one of the tests will pass.
260 SimpleSignaturePolicy policy_2048(2048);
261 RunTestCaseUsingPolicy(FAILURE, "rsa-pkcs1-sha256.pem", &policy_2048);
262 RunTestCaseUsingPolicy(SUCCESS, "rsa2048-pkcs1-sha512.pem", &policy_2048);
263 }
264
265 // This policy rejects the use of SHA-512.
266 class RejectSha512 : public SignaturePolicy {
267 public:
268 RejectSha512() : SignaturePolicy() {}
269
270 bool IsAcceptableSignatureAlgorithm(
271 const SignatureAlgorithm& algorithm) const override {
272 if (algorithm.algorithm() == SignatureAlgorithmId::RsaPss &&
273 algorithm.ParamsForRsaPss()->mgf1_hash() == DigestAlgorithm::Sha512) {
274 return false;
275 }
276
277 return algorithm.digest() != DigestAlgorithm::Sha512;
278 }
279
280 bool IsAcceptableModulusLengthForRsa(
281 size_t modulus_length_bits) const override {
282 return true;
283 }
284 };
285
286 TEST(VerifySignedDataTest, PolicyIsAcceptableDigestAlgorithm) {
287 // Using the regular policy use of either SHA256 or SHA512 should work
288 // (whether as the main digest, or the MGF1 for RSASSA-PSS)
289 RunTestCase(SUCCESS, "rsa2048-pkcs1-sha512.pem");
290 RunTestCase(SUCCESS, "ecdsa-prime256v1-sha512.pem");
291 RunTestCase(SUCCESS, "ecdsa-secp384r1-sha256.pem");
292 RunTestCase(SUCCESS, "rsa-pkcs1-sha256.pem");
293 RunTestCase(SUCCESS, "rsa-pss-sha256-salt10.pem");
294 // This one uses both SHA256 and SHA512
295 RunTestCase(SUCCESS, "rsa-pss-sha256-mgf1-sha512-salt33.pem");
296
297 // The tests using SHA512 should fail when using a policy that rejects SHA512.
298 // Everything else should pass.
299 RejectSha512 policy;
300 RunTestCaseUsingPolicy(FAILURE, "rsa2048-pkcs1-sha512.pem", &policy);
301 RunTestCaseUsingPolicy(FAILURE, "ecdsa-prime256v1-sha512.pem", &policy);
302 RunTestCaseUsingPolicy(SUCCESS, "ecdsa-secp384r1-sha256.pem", &policy);
303 RunTestCaseUsingPolicy(SUCCESS, "rsa-pkcs1-sha256.pem", &policy);
304 RunTestCaseUsingPolicy(SUCCESS, "rsa-pss-sha256-salt10.pem", &policy);
305 RunTestCaseUsingPolicy(FAILURE, "rsa-pss-sha256-mgf1-sha512-salt33.pem",
306 &policy);
307 }
308
309 } // namespace
310
311 } // namespace net