Merge Chromium + Blink git repositories
[chromium-blink-merge.git] / net / cert / internal / verify_signed_data_unittest.cc
bloba718c779a51dcd736fe7821556ad685f187c52b9
1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "net/cert/internal/verify_signed_data.h"
7 #include <set>
9 #include "net/cert/internal/signature_algorithm.h"
10 #include "net/cert/internal/signature_policy.h"
11 #include "net/cert/internal/test_helpers.h"
12 #include "net/der/input.h"
13 #include "net/der/parse_values.h"
14 #include "net/der/parser.h"
15 #include "testing/gtest/include/gtest/gtest.h"
17 #if defined(USE_OPENSSL)
18 #include <openssl/obj.h>
19 #endif
21 namespace net {
23 namespace {
25 enum VerifyResult {
26 SUCCESS,
27 FAILURE,
30 // Reads test data from |file_name| and runs VerifySignedData() over its
31 // inputs, using |policy|.
33 // If expected_result was SUCCESS then the test will only succeed if
34 // VerifySignedData() returns true.
36 // If expected_result was FAILURE then the test will only succeed if
37 // VerifySignedData() returns false.
38 void RunTestCaseUsingPolicy(VerifyResult expected_result,
39 const char* file_name,
40 const SignaturePolicy* policy) {
41 #if !defined(USE_OPENSSL)
42 LOG(INFO) << "Skipping test, only implemented for BoringSSL";
43 return;
44 #endif
46 std::string path =
47 std::string("net/data/verify_signed_data_unittest/") + file_name;
49 std::string public_key;
50 std::string algorithm;
51 std::string signed_data;
52 std::string signature_value;
54 const PemBlockMapping mappings[] = {
55 {"PUBLIC KEY", &public_key},
56 {"ALGORITHM", &algorithm},
57 {"DATA", &signed_data},
58 {"SIGNATURE", &signature_value},
61 ASSERT_TRUE(ReadTestDataFromPemFile(path, mappings));
63 scoped_ptr<SignatureAlgorithm> signature_algorithm =
64 SignatureAlgorithm::CreateFromDer(InputFromString(&algorithm));
65 ASSERT_TRUE(signature_algorithm);
67 der::BitString signature_value_bit_string;
68 der::Parser signature_value_parser(InputFromString(&signature_value));
69 ASSERT_TRUE(signature_value_parser.ReadBitString(&signature_value_bit_string))
70 << "The signature value is not a valid BIT STRING";
72 bool expected_result_bool = expected_result == SUCCESS;
74 EXPECT_EQ(
75 expected_result_bool,
76 VerifySignedData(*signature_algorithm, InputFromString(&signed_data),
77 signature_value_bit_string, InputFromString(&public_key),
78 policy));
81 // RunTestCase() is the same as RunTestCaseUsingPolicy(), only it uses a
82 // default policy. This policy will accept a basic profile of signature
83 // algorithms (including ANY sized RSA key >= 1024).
84 void RunTestCase(VerifyResult expected_result, const char* file_name) {
85 SimpleSignaturePolicy policy(1024);
86 return RunTestCaseUsingPolicy(expected_result, file_name, &policy);
89 // Read the descriptions in the test files themselves for details on what is
90 // being tested.
92 TEST(VerifySignedDataTest, RsaPkcs1Sha1) {
93 RunTestCase(SUCCESS, "rsa-pkcs1-sha1.pem");
96 TEST(VerifySignedDataTest, RsaPkcs1Sha256) {
97 RunTestCase(SUCCESS, "rsa-pkcs1-sha256.pem");
100 TEST(VerifySignedDataTest, Rsa2048Pkcs1Sha512) {
101 RunTestCase(SUCCESS, "rsa2048-pkcs1-sha512.pem");
104 TEST(VerifySignedDataTest, RsaPkcs1Sha256KeyEncodedBer) {
105 // TODO(eroman): This should fail! (SPKI should be DER-encoded). See
106 // https://crbug.com/522228
107 RunTestCase(SUCCESS, "rsa-pkcs1-sha256-key-encoded-ber.pem");
110 TEST(VerifySignedDataTest, EcdsaSecp384r1Sha256) {
111 RunTestCase(SUCCESS, "ecdsa-secp384r1-sha256.pem");
114 TEST(VerifySignedDataTest, EcdsaPrime256v1Sha512) {
115 RunTestCase(SUCCESS, "ecdsa-prime256v1-sha512.pem");
118 TEST(VerifySignedDataTest, RsaPssSha1) {
119 RunTestCase(SUCCESS, "rsa-pss-sha1-salt20.pem");
122 TEST(VerifySignedDataTest, RsaPssSha256Mgf1Sha512Salt33) {
123 RunTestCase(SUCCESS, "rsa-pss-sha256-mgf1-sha512-salt33.pem");
126 TEST(VerifySignedDataTest, RsaPssSha256) {
127 RunTestCase(SUCCESS, "rsa-pss-sha256-salt10.pem");
130 TEST(VerifySignedDataTest, RsaPssSha1WrongSalt) {
131 RunTestCase(FAILURE, "rsa-pss-sha1-wrong-salt.pem");
134 TEST(VerifySignedDataTest, EcdsaSecp384r1Sha256CorruptedData) {
135 RunTestCase(FAILURE, "ecdsa-secp384r1-sha256-corrupted-data.pem");
138 TEST(VerifySignedDataTest, RsaPkcs1Sha1WrongAlgorithm) {
139 RunTestCase(FAILURE, "rsa-pkcs1-sha1-wrong-algorithm.pem");
142 TEST(VerifySignedDataTest, EcdsaPrime256v1Sha512WrongSignatureFormat) {
143 RunTestCase(FAILURE, "ecdsa-prime256v1-sha512-wrong-signature-format.pem");
146 TEST(VerifySignedDataTest, EcdsaUsingRsaKey) {
147 RunTestCase(FAILURE, "ecdsa-using-rsa-key.pem");
150 TEST(VerifySignedDataTest, RsaUsingEcKey) {
151 RunTestCase(FAILURE, "rsa-using-ec-key.pem");
154 TEST(VerifySignedDataTest, RsaPkcs1Sha1BadKeyDerNull) {
155 RunTestCase(FAILURE, "rsa-pkcs1-sha1-bad-key-der-null.pem");
158 TEST(VerifySignedDataTest, RsaPkcs1Sha1BadKeyDerLength) {
159 RunTestCase(FAILURE, "rsa-pkcs1-sha1-bad-key-der-length.pem");
162 TEST(VerifySignedDataTest, RsaPkcs1Sha256UsingEcdsaAlgorithm) {
163 RunTestCase(FAILURE, "rsa-pkcs1-sha256-using-ecdsa-algorithm.pem");
166 TEST(VerifySignedDataTest, EcdsaPrime256v1Sha512UsingRsaAlgorithm) {
167 RunTestCase(FAILURE, "ecdsa-prime256v1-sha512-using-rsa-algorithm.pem");
170 TEST(VerifySignedDataTest, EcdsaPrime256v1Sha512UsingEcdhKey) {
171 RunTestCase(FAILURE, "ecdsa-prime256v1-sha512-using-ecdh-key.pem");
174 TEST(VerifySignedDataTest, EcdsaPrime256v1Sha512UsingEcmqvKey) {
175 RunTestCase(FAILURE, "ecdsa-prime256v1-sha512-using-ecmqv-key.pem");
178 TEST(VerifySignedDataTest, RsaPkcs1Sha1KeyParamsAbsent) {
179 // TODO(eroman): This should fail! (key algoritm parsing is too permissive)
180 // See https://crbug.com/522228
181 RunTestCase(SUCCESS, "rsa-pkcs1-sha1-key-params-absent.pem");
184 TEST(VerifySignedDataTest, RsaPssSha1Salt20UsingPssKeyNoParams) {
185 // TODO(eroman): This should pass! (rsaPss not currently supported in key
186 // algorithm). See https://crbug.com/522232
187 RunTestCase(FAILURE, "rsa-pss-sha1-salt20-using-pss-key-no-params.pem");
190 TEST(VerifySignedDataTest, RsaPkcs1Sha1UsingPssKeyNoParams) {
191 RunTestCase(FAILURE, "rsa-pkcs1-sha1-using-pss-key-no-params.pem");
194 TEST(VerifySignedDataTest, RsaPssSha256Salt10UsingPssKeyWithParams) {
195 // TODO(eroman): This should pass! (rsaPss not currently supported in key
196 // algorithm). See https://crbug.com/522232
197 RunTestCase(FAILURE, "rsa-pss-sha256-salt10-using-pss-key-with-params.pem");
200 TEST(VerifySignedDataTest, RsaPssSha256Salt10UsingPssKeyWithWrongParams) {
201 RunTestCase(FAILURE,
202 "rsa-pss-sha256-salt10-using-pss-key-with-wrong-params.pem");
205 TEST(VerifySignedDataTest, RsaPssSha256Salt12UsingPssKeyWithNullParams) {
206 RunTestCase(FAILURE,
207 "rsa-pss-sha1-salt20-using-pss-key-with-null-params.pem");
210 TEST(VerifySignedDataTest, EcdsaPrime256v1Sha512SpkiParamsNull) {
211 RunTestCase(FAILURE, "ecdsa-prime256v1-sha512-spki-params-null.pem");
214 TEST(VerifySignedDataTest, RsaPkcs1Sha256UsingIdEaRsa) {
215 // TODO(eroman): This should fail! (shouldn't recognize this weird OID).
216 // See https://crbug.com/522228
217 RunTestCase(SUCCESS, "rsa-pkcs1-sha256-using-id-ea-rsa.pem");
220 TEST(VerifySignedDataTest, RsaPkcs1Sha256SpkiNonNullParams) {
221 // TODO(eroman): This should fail! (shouldn't recognize bogus params in rsa
222 // SPKI). See https://crbug.com/522228
223 RunTestCase(SUCCESS, "rsa-pkcs1-sha256-spki-non-null-params.pem");
226 TEST(VerifySignedDataTest, EcdsaPrime256v1Sha512UnusedBitsSignature) {
227 RunTestCase(FAILURE, "ecdsa-prime256v1-sha512-unused-bits-signature.pem");
230 // This policy rejects specifically secp384r1 curves.
231 class RejectSecp384r1Policy : public SignaturePolicy {
232 public:
233 bool IsAcceptableCurveForEcdsa(int curve_nid) const override {
234 #if defined(USE_OPENSSL)
235 if (curve_nid == NID_secp384r1)
236 return false;
237 #endif
238 return true;
242 TEST(VerifySignedDataTest, PolicyIsAcceptableCurveForEcdsa) {
243 // Using the regular policy both secp384r1 and secp256r1 should be accepted.
244 RunTestCase(SUCCESS, "ecdsa-secp384r1-sha256.pem");
245 RunTestCase(SUCCESS, "ecdsa-prime256v1-sha512.pem");
247 // However when using a policy that specifically rejects secp384r1, only
248 // prime256v1 should be accepted.
249 RejectSecp384r1Policy policy;
250 RunTestCaseUsingPolicy(FAILURE, "ecdsa-secp384r1-sha256.pem", &policy);
251 RunTestCaseUsingPolicy(SUCCESS, "ecdsa-prime256v1-sha512.pem", &policy);
254 TEST(VerifySignedDataTest, PolicyIsAcceptableModulusLengthForRsa) {
255 // Using the regular policy both 1024-bit and 2048-bit RSA keys should be
256 // accepted.
257 SimpleSignaturePolicy policy_1024(1024);
258 RunTestCaseUsingPolicy(SUCCESS, "rsa-pkcs1-sha256.pem", &policy_1024);
259 RunTestCaseUsingPolicy(SUCCESS, "rsa2048-pkcs1-sha512.pem", &policy_1024);
261 // However when using a policy that rejects any keys less than 2048-bits, only
262 // one of the tests will pass.
263 SimpleSignaturePolicy policy_2048(2048);
264 RunTestCaseUsingPolicy(FAILURE, "rsa-pkcs1-sha256.pem", &policy_2048);
265 RunTestCaseUsingPolicy(SUCCESS, "rsa2048-pkcs1-sha512.pem", &policy_2048);
268 // This policy rejects the use of SHA-512.
269 class RejectSha512 : public SignaturePolicy {
270 public:
271 RejectSha512() : SignaturePolicy() {}
273 bool IsAcceptableSignatureAlgorithm(
274 const SignatureAlgorithm& algorithm) const override {
275 if (algorithm.algorithm() == SignatureAlgorithmId::RsaPss &&
276 algorithm.ParamsForRsaPss()->mgf1_hash() == DigestAlgorithm::Sha512) {
277 return false;
280 return algorithm.digest() != DigestAlgorithm::Sha512;
283 bool IsAcceptableModulusLengthForRsa(
284 size_t modulus_length_bits) const override {
285 return true;
289 TEST(VerifySignedDataTest, PolicyIsAcceptableDigestAlgorithm) {
290 // Using the regular policy use of either SHA256 or SHA512 should work
291 // (whether as the main digest, or the MGF1 for RSASSA-PSS)
292 RunTestCase(SUCCESS, "rsa2048-pkcs1-sha512.pem");
293 RunTestCase(SUCCESS, "ecdsa-prime256v1-sha512.pem");
294 RunTestCase(SUCCESS, "ecdsa-secp384r1-sha256.pem");
295 RunTestCase(SUCCESS, "rsa-pkcs1-sha256.pem");
296 RunTestCase(SUCCESS, "rsa-pss-sha256-salt10.pem");
297 // This one uses both SHA256 and SHA512
298 RunTestCase(SUCCESS, "rsa-pss-sha256-mgf1-sha512-salt33.pem");
300 // The tests using SHA512 should fail when using a policy that rejects SHA512.
301 // Everything else should pass.
302 RejectSha512 policy;
303 RunTestCaseUsingPolicy(FAILURE, "rsa2048-pkcs1-sha512.pem", &policy);
304 RunTestCaseUsingPolicy(FAILURE, "ecdsa-prime256v1-sha512.pem", &policy);
305 RunTestCaseUsingPolicy(SUCCESS, "ecdsa-secp384r1-sha256.pem", &policy);
306 RunTestCaseUsingPolicy(SUCCESS, "rsa-pkcs1-sha256.pem", &policy);
307 RunTestCaseUsingPolicy(SUCCESS, "rsa-pss-sha256-salt10.pem", &policy);
308 RunTestCaseUsingPolicy(FAILURE, "rsa-pss-sha256-mgf1-sha512-salt33.pem",
309 &policy);
312 } // namespace
314 } // namespace net