1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "net/cert/internal/verify_signed_data.h"
9 #include "net/cert/internal/signature_algorithm.h"
10 #include "net/cert/internal/signature_policy.h"
11 #include "net/cert/internal/test_helpers.h"
12 #include "net/der/input.h"
13 #include "net/der/parse_values.h"
14 #include "net/der/parser.h"
15 #include "testing/gtest/include/gtest/gtest.h"
17 #if defined(USE_OPENSSL)
18 #include <openssl/obj.h>
30 // Reads test data from |file_name| and runs VerifySignedData() over its
31 // inputs, using |policy|.
33 // If expected_result was SUCCESS then the test will only succeed if
34 // VerifySignedData() returns true.
36 // If expected_result was FAILURE then the test will only succeed if
37 // VerifySignedData() returns false.
38 void RunTestCaseUsingPolicy(VerifyResult expected_result
,
39 const char* file_name
,
40 const SignaturePolicy
* policy
) {
41 #if !defined(USE_OPENSSL)
42 LOG(INFO
) << "Skipping test, only implemented for BoringSSL";
47 std::string("net/data/verify_signed_data_unittest/") + file_name
;
49 std::string public_key
;
50 std::string algorithm
;
51 std::string signed_data
;
52 std::string signature_value
;
54 const PemBlockMapping mappings
[] = {
55 {"PUBLIC KEY", &public_key
},
56 {"ALGORITHM", &algorithm
},
57 {"DATA", &signed_data
},
58 {"SIGNATURE", &signature_value
},
61 ASSERT_TRUE(ReadTestDataFromPemFile(path
, mappings
));
63 scoped_ptr
<SignatureAlgorithm
> signature_algorithm
=
64 SignatureAlgorithm::CreateFromDer(InputFromString(&algorithm
));
65 ASSERT_TRUE(signature_algorithm
);
67 der::BitString signature_value_bit_string
;
68 der::Parser
signature_value_parser(InputFromString(&signature_value
));
69 ASSERT_TRUE(signature_value_parser
.ReadBitString(&signature_value_bit_string
))
70 << "The signature value is not a valid BIT STRING";
72 bool expected_result_bool
= expected_result
== SUCCESS
;
76 VerifySignedData(*signature_algorithm
, InputFromString(&signed_data
),
77 signature_value_bit_string
, InputFromString(&public_key
),
81 // RunTestCase() is the same as RunTestCaseUsingPolicy(), only it uses a
82 // default policy. This policy will accept a basic profile of signature
83 // algorithms (including ANY sized RSA key >= 1024).
84 void RunTestCase(VerifyResult expected_result
, const char* file_name
) {
85 SimpleSignaturePolicy
policy(1024);
86 return RunTestCaseUsingPolicy(expected_result
, file_name
, &policy
);
89 // Read the descriptions in the test files themselves for details on what is
92 TEST(VerifySignedDataTest
, RsaPkcs1Sha1
) {
93 RunTestCase(SUCCESS
, "rsa-pkcs1-sha1.pem");
96 TEST(VerifySignedDataTest
, RsaPkcs1Sha256
) {
97 RunTestCase(SUCCESS
, "rsa-pkcs1-sha256.pem");
100 TEST(VerifySignedDataTest
, Rsa2048Pkcs1Sha512
) {
101 RunTestCase(SUCCESS
, "rsa2048-pkcs1-sha512.pem");
104 TEST(VerifySignedDataTest
, RsaPkcs1Sha256KeyEncodedBer
) {
105 // TODO(eroman): This should fail! (SPKI should be DER-encoded). See
106 // https://crbug.com/522228
107 RunTestCase(SUCCESS
, "rsa-pkcs1-sha256-key-encoded-ber.pem");
110 TEST(VerifySignedDataTest
, EcdsaSecp384r1Sha256
) {
111 RunTestCase(SUCCESS
, "ecdsa-secp384r1-sha256.pem");
114 TEST(VerifySignedDataTest
, EcdsaPrime256v1Sha512
) {
115 RunTestCase(SUCCESS
, "ecdsa-prime256v1-sha512.pem");
118 TEST(VerifySignedDataTest
, RsaPssSha1
) {
119 RunTestCase(SUCCESS
, "rsa-pss-sha1-salt20.pem");
122 TEST(VerifySignedDataTest
, RsaPssSha256Mgf1Sha512Salt33
) {
123 RunTestCase(SUCCESS
, "rsa-pss-sha256-mgf1-sha512-salt33.pem");
126 TEST(VerifySignedDataTest
, RsaPssSha256
) {
127 RunTestCase(SUCCESS
, "rsa-pss-sha256-salt10.pem");
130 TEST(VerifySignedDataTest
, RsaPssSha1WrongSalt
) {
131 RunTestCase(FAILURE
, "rsa-pss-sha1-wrong-salt.pem");
134 TEST(VerifySignedDataTest
, EcdsaSecp384r1Sha256CorruptedData
) {
135 RunTestCase(FAILURE
, "ecdsa-secp384r1-sha256-corrupted-data.pem");
138 TEST(VerifySignedDataTest
, RsaPkcs1Sha1WrongAlgorithm
) {
139 RunTestCase(FAILURE
, "rsa-pkcs1-sha1-wrong-algorithm.pem");
142 TEST(VerifySignedDataTest
, EcdsaPrime256v1Sha512WrongSignatureFormat
) {
143 RunTestCase(FAILURE
, "ecdsa-prime256v1-sha512-wrong-signature-format.pem");
146 TEST(VerifySignedDataTest
, EcdsaUsingRsaKey
) {
147 RunTestCase(FAILURE
, "ecdsa-using-rsa-key.pem");
150 TEST(VerifySignedDataTest
, RsaUsingEcKey
) {
151 RunTestCase(FAILURE
, "rsa-using-ec-key.pem");
154 TEST(VerifySignedDataTest
, RsaPkcs1Sha1BadKeyDerNull
) {
155 RunTestCase(FAILURE
, "rsa-pkcs1-sha1-bad-key-der-null.pem");
158 TEST(VerifySignedDataTest
, RsaPkcs1Sha1BadKeyDerLength
) {
159 RunTestCase(FAILURE
, "rsa-pkcs1-sha1-bad-key-der-length.pem");
162 TEST(VerifySignedDataTest
, RsaPkcs1Sha256UsingEcdsaAlgorithm
) {
163 RunTestCase(FAILURE
, "rsa-pkcs1-sha256-using-ecdsa-algorithm.pem");
166 TEST(VerifySignedDataTest
, EcdsaPrime256v1Sha512UsingRsaAlgorithm
) {
167 RunTestCase(FAILURE
, "ecdsa-prime256v1-sha512-using-rsa-algorithm.pem");
170 TEST(VerifySignedDataTest
, EcdsaPrime256v1Sha512UsingEcdhKey
) {
171 RunTestCase(FAILURE
, "ecdsa-prime256v1-sha512-using-ecdh-key.pem");
174 TEST(VerifySignedDataTest
, EcdsaPrime256v1Sha512UsingEcmqvKey
) {
175 RunTestCase(FAILURE
, "ecdsa-prime256v1-sha512-using-ecmqv-key.pem");
178 TEST(VerifySignedDataTest
, RsaPkcs1Sha1KeyParamsAbsent
) {
179 // TODO(eroman): This should fail! (key algoritm parsing is too permissive)
180 // See https://crbug.com/522228
181 RunTestCase(SUCCESS
, "rsa-pkcs1-sha1-key-params-absent.pem");
184 TEST(VerifySignedDataTest
, RsaPssSha1Salt20UsingPssKeyNoParams
) {
185 // TODO(eroman): This should pass! (rsaPss not currently supported in key
186 // algorithm). See https://crbug.com/522232
187 RunTestCase(FAILURE
, "rsa-pss-sha1-salt20-using-pss-key-no-params.pem");
190 TEST(VerifySignedDataTest
, RsaPkcs1Sha1UsingPssKeyNoParams
) {
191 RunTestCase(FAILURE
, "rsa-pkcs1-sha1-using-pss-key-no-params.pem");
194 TEST(VerifySignedDataTest
, RsaPssSha256Salt10UsingPssKeyWithParams
) {
195 // TODO(eroman): This should pass! (rsaPss not currently supported in key
196 // algorithm). See https://crbug.com/522232
197 RunTestCase(FAILURE
, "rsa-pss-sha256-salt10-using-pss-key-with-params.pem");
200 TEST(VerifySignedDataTest
, RsaPssSha256Salt10UsingPssKeyWithWrongParams
) {
202 "rsa-pss-sha256-salt10-using-pss-key-with-wrong-params.pem");
205 TEST(VerifySignedDataTest
, RsaPssSha256Salt12UsingPssKeyWithNullParams
) {
207 "rsa-pss-sha1-salt20-using-pss-key-with-null-params.pem");
210 TEST(VerifySignedDataTest
, EcdsaPrime256v1Sha512SpkiParamsNull
) {
211 RunTestCase(FAILURE
, "ecdsa-prime256v1-sha512-spki-params-null.pem");
214 TEST(VerifySignedDataTest
, RsaPkcs1Sha256UsingIdEaRsa
) {
215 // TODO(eroman): This should fail! (shouldn't recognize this weird OID).
216 // See https://crbug.com/522228
217 RunTestCase(SUCCESS
, "rsa-pkcs1-sha256-using-id-ea-rsa.pem");
220 TEST(VerifySignedDataTest
, RsaPkcs1Sha256SpkiNonNullParams
) {
221 // TODO(eroman): This should fail! (shouldn't recognize bogus params in rsa
222 // SPKI). See https://crbug.com/522228
223 RunTestCase(SUCCESS
, "rsa-pkcs1-sha256-spki-non-null-params.pem");
226 TEST(VerifySignedDataTest
, EcdsaPrime256v1Sha512UnusedBitsSignature
) {
227 RunTestCase(FAILURE
, "ecdsa-prime256v1-sha512-unused-bits-signature.pem");
230 // This policy rejects specifically secp384r1 curves.
231 class RejectSecp384r1Policy
: public SignaturePolicy
{
233 bool IsAcceptableCurveForEcdsa(int curve_nid
) const override
{
234 #if defined(USE_OPENSSL)
235 if (curve_nid
== NID_secp384r1
)
242 TEST(VerifySignedDataTest
, PolicyIsAcceptableCurveForEcdsa
) {
243 // Using the regular policy both secp384r1 and secp256r1 should be accepted.
244 RunTestCase(SUCCESS
, "ecdsa-secp384r1-sha256.pem");
245 RunTestCase(SUCCESS
, "ecdsa-prime256v1-sha512.pem");
247 // However when using a policy that specifically rejects secp384r1, only
248 // prime256v1 should be accepted.
249 RejectSecp384r1Policy policy
;
250 RunTestCaseUsingPolicy(FAILURE
, "ecdsa-secp384r1-sha256.pem", &policy
);
251 RunTestCaseUsingPolicy(SUCCESS
, "ecdsa-prime256v1-sha512.pem", &policy
);
254 TEST(VerifySignedDataTest
, PolicyIsAcceptableModulusLengthForRsa
) {
255 // Using the regular policy both 1024-bit and 2048-bit RSA keys should be
257 SimpleSignaturePolicy
policy_1024(1024);
258 RunTestCaseUsingPolicy(SUCCESS
, "rsa-pkcs1-sha256.pem", &policy_1024
);
259 RunTestCaseUsingPolicy(SUCCESS
, "rsa2048-pkcs1-sha512.pem", &policy_1024
);
261 // However when using a policy that rejects any keys less than 2048-bits, only
262 // one of the tests will pass.
263 SimpleSignaturePolicy
policy_2048(2048);
264 RunTestCaseUsingPolicy(FAILURE
, "rsa-pkcs1-sha256.pem", &policy_2048
);
265 RunTestCaseUsingPolicy(SUCCESS
, "rsa2048-pkcs1-sha512.pem", &policy_2048
);
268 // This policy rejects the use of SHA-512.
269 class RejectSha512
: public SignaturePolicy
{
271 RejectSha512() : SignaturePolicy() {}
273 bool IsAcceptableSignatureAlgorithm(
274 const SignatureAlgorithm
& algorithm
) const override
{
275 if (algorithm
.algorithm() == SignatureAlgorithmId::RsaPss
&&
276 algorithm
.ParamsForRsaPss()->mgf1_hash() == DigestAlgorithm::Sha512
) {
280 return algorithm
.digest() != DigestAlgorithm::Sha512
;
283 bool IsAcceptableModulusLengthForRsa(
284 size_t modulus_length_bits
) const override
{
289 TEST(VerifySignedDataTest
, PolicyIsAcceptableDigestAlgorithm
) {
290 // Using the regular policy use of either SHA256 or SHA512 should work
291 // (whether as the main digest, or the MGF1 for RSASSA-PSS)
292 RunTestCase(SUCCESS
, "rsa2048-pkcs1-sha512.pem");
293 RunTestCase(SUCCESS
, "ecdsa-prime256v1-sha512.pem");
294 RunTestCase(SUCCESS
, "ecdsa-secp384r1-sha256.pem");
295 RunTestCase(SUCCESS
, "rsa-pkcs1-sha256.pem");
296 RunTestCase(SUCCESS
, "rsa-pss-sha256-salt10.pem");
297 // This one uses both SHA256 and SHA512
298 RunTestCase(SUCCESS
, "rsa-pss-sha256-mgf1-sha512-salt33.pem");
300 // The tests using SHA512 should fail when using a policy that rejects SHA512.
301 // Everything else should pass.
303 RunTestCaseUsingPolicy(FAILURE
, "rsa2048-pkcs1-sha512.pem", &policy
);
304 RunTestCaseUsingPolicy(FAILURE
, "ecdsa-prime256v1-sha512.pem", &policy
);
305 RunTestCaseUsingPolicy(SUCCESS
, "ecdsa-secp384r1-sha256.pem", &policy
);
306 RunTestCaseUsingPolicy(SUCCESS
, "rsa-pkcs1-sha256.pem", &policy
);
307 RunTestCaseUsingPolicy(SUCCESS
, "rsa-pss-sha256-salt10.pem", &policy
);
308 RunTestCaseUsingPolicy(FAILURE
, "rsa-pss-sha256-mgf1-sha512-salt33.pem",