1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/cert/internal/signature_algorithm.h"
6
7 #include <memory>
8
9 #include "base/files/file_util.h"
10 #include "base/strings/string_number_conversions.h"
11 #include "net/cert/internal/cert_errors.h"
12 #include "net/cert/pem.h"
13 #include "net/der/input.h"
14 #include "net/der/parser.h"
15 #include "testing/gtest/include/gtest/gtest.h"
16
17 namespace net {
18
19 namespace {
20
21 // Creates a SignatureAlgorithm given the DER as a byte array. Returns true on
22 // success and fills |*out| with a non-null pointer.
23 template <size_t N>
ParseDer(const uint8_t (& data)[N],std::unique_ptr<SignatureAlgorithm> * out)24 bool ParseDer(const uint8_t (&data)[N],
25 std::unique_ptr<SignatureAlgorithm>* out) {
26 CertErrors errors;
27 *out = SignatureAlgorithm::Create(der::Input(data, N), &errors);
28 bool success = !!*out;
29
30 // TODO(crbug.com/634443): Test the errors.
31 // if (!success)
32 // EXPECT_FALSE(errors.empty());
33
34 return success;
35 }
36
37 // Parses a SignatureAlgorithm given an empty DER input.
TEST(SignatureAlgorithmTest,ParseDerEmpty)38 TEST(SignatureAlgorithmTest, ParseDerEmpty) {
39 CertErrors errors;
40 std::unique_ptr<SignatureAlgorithm> algorithm =
41 SignatureAlgorithm::Create(der::Input(), &errors);
42 ASSERT_FALSE(algorithm);
43 // TODO(crbug.com/634443): Test the errors.
44 // EXPECT_FALSE(errors.empty());
45 }
46
47 // Parses a SignatureAlgorithm given invalid DER input.
TEST(SignatureAlgorithmTest,ParseDerBogus)48 TEST(SignatureAlgorithmTest, ParseDerBogus) {
49 const uint8_t kData[] = {0x00};
50 std::unique_ptr<SignatureAlgorithm> algorithm;
51 ASSERT_FALSE(ParseDer(kData, &algorithm));
52 }
53
54 // Parses a sha1WithRSAEncryption which contains a NULL parameters field.
55 //
56 // SEQUENCE (2 elem)
57 // OBJECT IDENTIFIER 1.2.840.113549.1.1.5
58 // NULL
TEST(SignatureAlgorithmTest,ParseDerSha1WithRSAEncryptionNullParams)59 TEST(SignatureAlgorithmTest, ParseDerSha1WithRSAEncryptionNullParams) {
60 // clang-format off
61 const uint8_t kData[] = {
62 0x30, 0x0D, // SEQUENCE (13 bytes)
63 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes)
64 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05,
65 0x05, 0x00, // NULL (0 bytes)
66 };
67 // clang-format on
68 std::unique_ptr<SignatureAlgorithm> algorithm;
69 ASSERT_TRUE(ParseDer(kData, &algorithm));
70
71 EXPECT_EQ(SignatureAlgorithmId::RsaPkcs1, algorithm->algorithm());
72 EXPECT_EQ(DigestAlgorithm::Sha1, algorithm->digest());
73 }
74
75 // Parses a sha1WithRSAEncryption which contains no parameters field.
76 //
77 // SEQUENCE (1 elem)
78 // OBJECT IDENTIFIER 1.2.840.113549.1.1.5
TEST(SignatureAlgorithmTest,ParseDerSha1WithRSAEncryptionNoParams)79 TEST(SignatureAlgorithmTest, ParseDerSha1WithRSAEncryptionNoParams) {
80 // clang-format off
81 const uint8_t kData[] = {
82 0x30, 0x0B, // SEQUENCE (11 bytes)
83 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes)
84 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05,
85 };
86 // clang-format on
87 std::unique_ptr<SignatureAlgorithm> algorithm;
88 ASSERT_TRUE(ParseDer(kData, &algorithm));
89
90 EXPECT_EQ(SignatureAlgorithmId::RsaPkcs1, algorithm->algorithm());
91 EXPECT_EQ(DigestAlgorithm::Sha1, algorithm->digest());
92 }
93
94 // Parses a sha1WithRSAEncryption which contains an unexpected parameters
95 // field. Instead of being NULL it is an integer.
96 //
97 // SEQUENCE (2 elem)
98 // OBJECT IDENTIFIER 1.2.840.113549.1.1.5
99 // INTEGER 0
TEST(SignatureAlgorithmTest,ParseDerSha1WithRSAEncryptionNonNullParams)100 TEST(SignatureAlgorithmTest, ParseDerSha1WithRSAEncryptionNonNullParams) {
101 // clang-format off
102 const uint8_t kData[] = {
103 0x30, 0x0E, // SEQUENCE (14 bytes)
104 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes)
105 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05,
106 0x02, 0x01, 0x00, // INTEGER (1 byte)
107 };
108 // clang-format on
109 std::unique_ptr<SignatureAlgorithm> algorithm;
110 ASSERT_FALSE(ParseDer(kData, &algorithm));
111 }
112
113 // Parses a sha1WithRSASignature which contains a NULL parameters field.
114 //
115 // SEQUENCE (2 elem)
116 // OBJECT IDENTIFIER 1.3.14.3.2.29
117 // NULL
TEST(SignatureAlgorithmTest,ParseDerSha1WithRSASignatureNullParams)118 TEST(SignatureAlgorithmTest, ParseDerSha1WithRSASignatureNullParams) {
119 // clang-format off
120 const uint8_t kData[] = {
121 0x30, 0x09, // SEQUENCE (9 bytes)
122 0x06, 0x05, // OBJECT IDENTIFIER (5 bytes)
123 0x2b, 0x0e, 0x03, 0x02, 0x1d,
124 0x05, 0x00, // NULL (0 bytes)
125 };
126 // clang-format on
127 std::unique_ptr<SignatureAlgorithm> algorithm;
128 ASSERT_TRUE(ParseDer(kData, &algorithm));
129
130 EXPECT_EQ(SignatureAlgorithmId::RsaPkcs1, algorithm->algorithm());
131 EXPECT_EQ(DigestAlgorithm::Sha1, algorithm->digest());
132 }
133
134 // Parses a sha1WithRSASignature which contains no parameters field.
135 //
136 // SEQUENCE (1 elem)
137 // OBJECT IDENTIFIER 1.3.14.3.2.29
TEST(SignatureAlgorithmTest,ParseDerSha1WithRSASignatureNoParams)138 TEST(SignatureAlgorithmTest, ParseDerSha1WithRSASignatureNoParams) {
139 // clang-format off
140 const uint8_t kData[] = {
141 0x30, 0x07, // SEQUENCE (7 bytes)
142 0x06, 0x05, // OBJECT IDENTIFIER (5 bytes)
143 0x2b, 0x0e, 0x03, 0x02, 0x1d,
144 };
145 // clang-format on
146 std::unique_ptr<SignatureAlgorithm> algorithm;
147 ASSERT_TRUE(ParseDer(kData, &algorithm));
148
149 EXPECT_EQ(SignatureAlgorithmId::RsaPkcs1, algorithm->algorithm());
150 EXPECT_EQ(DigestAlgorithm::Sha1, algorithm->digest());
151 }
152
153 // Parses a sha1WithRSAEncryption which contains values after the sequence.
154 //
155 // SEQUENCE (2 elem)
156 // OBJECT IDENTIFIER 1.2.840.113549.1.1.5
157 // NULL
158 // INTEGER 0
TEST(SignatureAlgorithmTest,ParseDerSha1WithRsaEncryptionDataAfterSequence)159 TEST(SignatureAlgorithmTest, ParseDerSha1WithRsaEncryptionDataAfterSequence) {
160 // clang-format off
161 const uint8_t kData[] = {
162 0x30, 0x0D, // SEQUENCE (13 bytes)
163 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes)
164 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05,
165 0x05, 0x00, // NULL (0 bytes)
166 0x02, 0x01, 0x00, // INTEGER (1 byte)
167 };
168 // clang-format on
169 std::unique_ptr<SignatureAlgorithm> algorithm;
170 ASSERT_FALSE(ParseDer(kData, &algorithm));
171 }
172
173 // Parses a sha1WithRSAEncryption which contains a bad NULL parameters field.
174 // Normally NULL is encoded as {0x05, 0x00} (tag for NULL and length of 0). Here
175 // NULL is encoded as having a length of 1 instead, followed by data 0x09.
176 //
177 // SEQUENCE (2 elem)
178 // OBJECT IDENTIFIER 1.2.840.113549.1.1.5
179 // NULL
TEST(SignatureAlgorithmTest,ParseDerSha1WithRSAEncryptionBadNullParams)180 TEST(SignatureAlgorithmTest, ParseDerSha1WithRSAEncryptionBadNullParams) {
181 // clang-format off
182 const uint8_t kData[] = {
183 0x30, 0x0E, // SEQUENCE (13 bytes)
184 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes)
185 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05,
186 0x05, 0x01, 0x09, // NULL (1 byte)
187 };
188 // clang-format on
189 std::unique_ptr<SignatureAlgorithm> algorithm;
190 ASSERT_FALSE(ParseDer(kData, &algorithm));
191 }
192
193 // Parses a sha1WithRSAEncryption which contains a NULL parameters field,
194 // followed by an integer.
195 //
196 // SEQUENCE (3 elem)
197 // OBJECT IDENTIFIER 1.2.840.113549.1.1.5
198 // NULL
199 // INTEGER 0
TEST(SignatureAlgorithmTest,ParseDerSha1WithRSAEncryptionNullParamsThenInteger)200 TEST(SignatureAlgorithmTest,
201 ParseDerSha1WithRSAEncryptionNullParamsThenInteger) {
202 // clang-format off
203 const uint8_t kData[] = {
204 0x30, 0x10, // SEQUENCE (16 bytes)
205 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes)
206 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05,
207 0x05, 0x00, // NULL (0 bytes)
208 0x02, 0x01, 0x00, // INTEGER (1 byte)
209 };
210 // clang-format on
211 std::unique_ptr<SignatureAlgorithm> algorithm;
212 ASSERT_FALSE(ParseDer(kData, &algorithm));
213 }
214
215 // Parses a SignatureAlgorithm given DER which does not encode a sequence.
216 //
217 // INTEGER 0
TEST(SignatureAlgorithmTest,ParseDerNotASequence)218 TEST(SignatureAlgorithmTest, ParseDerNotASequence) {
219 // clang-format off
220 const uint8_t kData[] = {
221 0x02, 0x01, 0x00, // INTEGER (1 byte)
222 };
223 // clang-format on
224 std::unique_ptr<SignatureAlgorithm> algorithm;
225 ASSERT_FALSE(ParseDer(kData, &algorithm));
226 }
227
228 // Parses a sha256WithRSAEncryption which contains a NULL parameters field.
229 //
230 // SEQUENCE (2 elem)
231 // OBJECT IDENTIFIER 1.2.840.113549.1.1.11
232 // NULL
TEST(SignatureAlgorithmTest,ParseDerSha256WithRSAEncryptionNullParams)233 TEST(SignatureAlgorithmTest, ParseDerSha256WithRSAEncryptionNullParams) {
234 // clang-format off
235 const uint8_t kData[] = {
236 0x30, 0x0D, // SEQUENCE (13 bytes)
237 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes)
238 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b,
239 0x05, 0x00, // NULL (0 bytes)
240 };
241 // clang-format on
242 std::unique_ptr<SignatureAlgorithm> algorithm;
243 ASSERT_TRUE(ParseDer(kData, &algorithm));
244
245 EXPECT_EQ(SignatureAlgorithmId::RsaPkcs1, algorithm->algorithm());
246 EXPECT_EQ(DigestAlgorithm::Sha256, algorithm->digest());
247 }
248
249 // Parses a sha256WithRSAEncryption which contains no parameters field.
250 //
251 // SEQUENCE (1 elem)
252 // OBJECT IDENTIFIER 1.2.840.113549.1.1.11
TEST(SignatureAlgorithmTest,ParseDerSha256WithRSAEncryptionNoParams)253 TEST(SignatureAlgorithmTest, ParseDerSha256WithRSAEncryptionNoParams) {
254 // clang-format off
255 const uint8_t kData[] = {
256 0x30, 0x0B, // SEQUENCE (11 bytes)
257 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes)
258 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b,
259 };
260 // clang-format on
261 std::unique_ptr<SignatureAlgorithm> algorithm;
262 ASSERT_TRUE(ParseDer(kData, &algorithm));
263
264 EXPECT_EQ(SignatureAlgorithmId::RsaPkcs1, algorithm->algorithm());
265 EXPECT_EQ(DigestAlgorithm::Sha256, algorithm->digest());
266 }
267
268 // Parses a sha384WithRSAEncryption which contains a NULL parameters field.
269 //
270 // SEQUENCE (2 elem)
271 // OBJECT IDENTIFIER 1.2.840.113549.1.1.12
272 // NULL
TEST(SignatureAlgorithmTest,ParseDerSha384WithRSAEncryptionNullParams)273 TEST(SignatureAlgorithmTest, ParseDerSha384WithRSAEncryptionNullParams) {
274 // clang-format off
275 const uint8_t kData[] = {
276 0x30, 0x0D, // SEQUENCE (13 bytes)
277 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes)
278 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0c,
279 0x05, 0x00, // NULL (0 bytes)
280 };
281 // clang-format on
282 std::unique_ptr<SignatureAlgorithm> algorithm;
283 ASSERT_TRUE(ParseDer(kData, &algorithm));
284
285 EXPECT_EQ(SignatureAlgorithmId::RsaPkcs1, algorithm->algorithm());
286 EXPECT_EQ(DigestAlgorithm::Sha384, algorithm->digest());
287 }
288
289 // Parses a sha384WithRSAEncryption which contains no parameters field.
290 //
291 // SEQUENCE (1 elem)
292 // OBJECT IDENTIFIER 1.2.840.113549.1.1.12
TEST(SignatureAlgorithmTest,ParseDerSha384WithRSAEncryptionNoParams)293 TEST(SignatureAlgorithmTest, ParseDerSha384WithRSAEncryptionNoParams) {
294 // clang-format off
295 const uint8_t kData[] = {
296 0x30, 0x0B, // SEQUENCE (11 bytes)
297 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes)
298 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0c,
299 };
300 // clang-format on
301 std::unique_ptr<SignatureAlgorithm> algorithm;
302 ASSERT_TRUE(ParseDer(kData, &algorithm));
303
304 EXPECT_EQ(SignatureAlgorithmId::RsaPkcs1, algorithm->algorithm());
305 EXPECT_EQ(DigestAlgorithm::Sha384, algorithm->digest());
306 }
307
308 // Parses a sha512WithRSAEncryption which contains a NULL parameters field.
309 //
310 // SEQUENCE (2 elem)
311 // OBJECT IDENTIFIER 1.2.840.113549.1.1.13
312 // NULL
TEST(SignatureAlgorithmTest,ParseDerSha512WithRSAEncryptionNullParams)313 TEST(SignatureAlgorithmTest, ParseDerSha512WithRSAEncryptionNullParams) {
314 // clang-format off
315 const uint8_t kData[] = {
316 0x30, 0x0D, // SEQUENCE (13 bytes)
317 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes)
318 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0d,
319 0x05, 0x00, // NULL (0 bytes)
320 };
321 // clang-format on
322 std::unique_ptr<SignatureAlgorithm> algorithm;
323 ASSERT_TRUE(ParseDer(kData, &algorithm));
324
325 EXPECT_EQ(SignatureAlgorithmId::RsaPkcs1, algorithm->algorithm());
326 EXPECT_EQ(DigestAlgorithm::Sha512, algorithm->digest());
327 }
328
329 // Parses a sha512WithRSAEncryption which contains no parameters field.
330 //
331 // SEQUENCE (1 elem)
332 // OBJECT IDENTIFIER 1.2.840.113549.1.1.13
TEST(SignatureAlgorithmTest,ParseDerSha512WithRSAEncryptionNoParams)333 TEST(SignatureAlgorithmTest, ParseDerSha512WithRSAEncryptionNoParams) {
334 // clang-format off
335 const uint8_t kData[] = {
336 0x30, 0x0B, // SEQUENCE (11 bytes)
337 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes)
338 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0d,
339 };
340 // clang-format on
341 std::unique_ptr<SignatureAlgorithm> algorithm;
342 ASSERT_TRUE(ParseDer(kData, &algorithm));
343
344 EXPECT_EQ(SignatureAlgorithmId::RsaPkcs1, algorithm->algorithm());
345 EXPECT_EQ(DigestAlgorithm::Sha512, algorithm->digest());
346 }
347
348 // Parses a sha224WithRSAEncryption which contains a NULL parameters field.
349 // This fails because the parsing code does not enumerate this OID (even though
350 // it is in fact valid).
351 //
352 // SEQUENCE (2 elem)
353 // OBJECT IDENTIFIER 1.2.840.113549.1.1.14
354 // NULL
TEST(SignatureAlgorithmTest,ParseDerSha224WithRSAEncryptionNullParams)355 TEST(SignatureAlgorithmTest, ParseDerSha224WithRSAEncryptionNullParams) {
356 // clang-format off
357 const uint8_t kData[] = {
358 0x30, 0x0D, // SEQUENCE (13 bytes)
359 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes)
360 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0e,
361 0x05, 0x00, // NULL (0 bytes)
362 };
363 // clang-format on
364 std::unique_ptr<SignatureAlgorithm> algorithm;
365 ASSERT_FALSE(ParseDer(kData, &algorithm));
366 }
367
368 // Parses a ecdsa-with-SHA1 which contains no parameters field.
369 //
370 // SEQUENCE (1 elem)
371 // OBJECT IDENTIFIER 1.2.840.10045.4.1
TEST(SignatureAlgorithmTest,ParseDerEcdsaWithSHA1NoParams)372 TEST(SignatureAlgorithmTest, ParseDerEcdsaWithSHA1NoParams) {
373 // clang-format off
374 const uint8_t kData[] = {
375 0x30, 0x09, // SEQUENCE (9 bytes)
376 0x06, 0x07, // OBJECT IDENTIFIER (7 bytes)
377 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x01,
378 };
379 // clang-format on
380 std::unique_ptr<SignatureAlgorithm> algorithm;
381 ASSERT_TRUE(ParseDer(kData, &algorithm));
382
383 EXPECT_EQ(SignatureAlgorithmId::Ecdsa, algorithm->algorithm());
384 EXPECT_EQ(DigestAlgorithm::Sha1, algorithm->digest());
385 }
386
387 // Parses a ecdsa-with-SHA1 which contains a NULL parameters field.
388 //
389 // SEQUENCE (2 elem)
390 // OBJECT IDENTIFIER 1.2.840.10045.4.1
391 // NULL
TEST(SignatureAlgorithmTest,ParseDerEcdsaWithSHA1NullParams)392 TEST(SignatureAlgorithmTest, ParseDerEcdsaWithSHA1NullParams) {
393 // clang-format off
394 const uint8_t kData[] = {
395 0x30, 0x0B, // SEQUENCE (11 bytes)
396 0x06, 0x07, // OBJECT IDENTIFIER (7 bytes)
397 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x01,
398 0x05, 0x00, // NULL (0 bytes)
399 };
400 // clang-format on
401 std::unique_ptr<SignatureAlgorithm> algorithm;
402 ASSERT_FALSE(ParseDer(kData, &algorithm));
403 }
404
405 // Parses a ecdsa-with-SHA256 which contains no parameters field.
406 //
407 // SEQUENCE (1 elem)
408 // OBJECT IDENTIFIER 1.2.840.10045.4.3.2
TEST(SignatureAlgorithmTest,ParseDerEcdsaWithSHA256NoParams)409 TEST(SignatureAlgorithmTest, ParseDerEcdsaWithSHA256NoParams) {
410 // clang-format off
411 const uint8_t kData[] = {
412 0x30, 0x0A, // SEQUENCE (10 bytes)
413 0x06, 0x08, // OBJECT IDENTIFIER (8 bytes)
414 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02,
415 };
416 // clang-format on
417 std::unique_ptr<SignatureAlgorithm> algorithm;
418 ASSERT_TRUE(ParseDer(kData, &algorithm));
419
420 EXPECT_EQ(SignatureAlgorithmId::Ecdsa, algorithm->algorithm());
421 EXPECT_EQ(DigestAlgorithm::Sha256, algorithm->digest());
422 }
423
424 // Parses a ecdsa-with-SHA256 which contains a NULL parameters field.
425 //
426 // SEQUENCE (2 elem)
427 // OBJECT IDENTIFIER 1.2.840.10045.4.3.2
428 // NULL
TEST(SignatureAlgorithmTest,ParseDerEcdsaWithSHA256NullParams)429 TEST(SignatureAlgorithmTest, ParseDerEcdsaWithSHA256NullParams) {
430 // clang-format off
431 const uint8_t kData[] = {
432 0x30, 0x0C, // SEQUENCE (12 bytes)
433 0x06, 0x08, // OBJECT IDENTIFIER (8 bytes)
434 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02,
435 0x05, 0x00, // NULL (0 bytes)
436 };
437 // clang-format on
438 std::unique_ptr<SignatureAlgorithm> algorithm;
439 ASSERT_FALSE(ParseDer(kData, &algorithm));
440 }
441
442 // Parses a ecdsa-with-SHA384 which contains no parameters field.
443 //
444 // SEQUENCE (1 elem)
445 // OBJECT IDENTIFIER 1.2.840.10045.4.3.3
TEST(SignatureAlgorithmTest,ParseDerEcdsaWithSHA384NoParams)446 TEST(SignatureAlgorithmTest, ParseDerEcdsaWithSHA384NoParams) {
447 // clang-format off
448 const uint8_t kData[] = {
449 0x30, 0x0A, // SEQUENCE (10 bytes)
450 0x06, 0x08, // OBJECT IDENTIFIER (8 bytes)
451 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x03,
452 };
453 // clang-format on
454 std::unique_ptr<SignatureAlgorithm> algorithm;
455 ASSERT_TRUE(ParseDer(kData, &algorithm));
456
457 EXPECT_EQ(SignatureAlgorithmId::Ecdsa, algorithm->algorithm());
458 EXPECT_EQ(DigestAlgorithm::Sha384, algorithm->digest());
459 }
460
461 // Parses a ecdsa-with-SHA384 which contains a NULL parameters field.
462 //
463 // SEQUENCE (2 elem)
464 // OBJECT IDENTIFIER 1.2.840.10045.4.3.3
465 // NULL
TEST(SignatureAlgorithmTest,ParseDerEcdsaWithSHA384NullParams)466 TEST(SignatureAlgorithmTest, ParseDerEcdsaWithSHA384NullParams) {
467 // clang-format off
468 const uint8_t kData[] = {
469 0x30, 0x0C, // SEQUENCE (12 bytes)
470 0x06, 0x08, // OBJECT IDENTIFIER (8 bytes)
471 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x03,
472 0x05, 0x00, // NULL (0 bytes)
473 };
474 // clang-format on
475 std::unique_ptr<SignatureAlgorithm> algorithm;
476 ASSERT_FALSE(ParseDer(kData, &algorithm));
477 }
478
479 // Parses a ecdsa-with-SHA512 which contains no parameters field.
480 //
481 // SEQUENCE (1 elem)
482 // OBJECT IDENTIFIER 1.2.840.10045.4.3.4
TEST(SignatureAlgorithmTest,ParseDerEcdsaWithSHA512NoParams)483 TEST(SignatureAlgorithmTest, ParseDerEcdsaWithSHA512NoParams) {
484 // clang-format off
485 const uint8_t kData[] = {
486 0x30, 0x0A, // SEQUENCE (10 bytes)
487 0x06, 0x08, // OBJECT IDENTIFIER (8 bytes)
488 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x04,
489 };
490 // clang-format on
491 std::unique_ptr<SignatureAlgorithm> algorithm;
492 ASSERT_TRUE(ParseDer(kData, &algorithm));
493
494 EXPECT_EQ(SignatureAlgorithmId::Ecdsa, algorithm->algorithm());
495 EXPECT_EQ(DigestAlgorithm::Sha512, algorithm->digest());
496 }
497
498 // Parses a ecdsa-with-SHA512 which contains a NULL parameters field.
499 //
500 // SEQUENCE (2 elem)
501 // OBJECT IDENTIFIER 1.2.840.10045.4.3.4
502 // NULL
TEST(SignatureAlgorithmTest,ParseDerEcdsaWithSHA512NullParams)503 TEST(SignatureAlgorithmTest, ParseDerEcdsaWithSHA512NullParams) {
504 // clang-format off
505 const uint8_t kData[] = {
506 0x30, 0x0C, // SEQUENCE (12 bytes)
507 0x06, 0x08, // OBJECT IDENTIFIER (8 bytes)
508 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x04,
509 0x05, 0x00, // NULL (0 bytes)
510 };
511 // clang-format on
512 std::unique_ptr<SignatureAlgorithm> algorithm;
513 ASSERT_FALSE(ParseDer(kData, &algorithm));
514 }
515
516 // Tests that the parmeters returned for an ECDSA algorithm are null for
517 // non-ECDSA algorithms.
TEST(SignatureAlgorithmTest,ParamsAreNullForWrongTypeEcdsa)518 TEST(SignatureAlgorithmTest, ParamsAreNullForWrongTypeEcdsa) {
519 std::unique_ptr<SignatureAlgorithm> alg1 =
520 SignatureAlgorithm::CreateEcdsa(DigestAlgorithm::Sha1);
521
522 EXPECT_FALSE(alg1->ParamsForRsaPss());
523 }
524
525 // Tests that the parmeters returned for an RSA PKCS#1 v1.5 algorithm are null
526 // for non-RSA PKCS#1 v1.5 algorithms.
TEST(SignatureAlgorithmTest,ParamsAreNullForWrongTypeRsaPkcs1)527 TEST(SignatureAlgorithmTest, ParamsAreNullForWrongTypeRsaPkcs1) {
528 std::unique_ptr<SignatureAlgorithm> alg1 =
529 SignatureAlgorithm::CreateRsaPkcs1(DigestAlgorithm::Sha1);
530
531 EXPECT_FALSE(alg1->ParamsForRsaPss());
532 }
533
534 // Parses a rsaPss algorithm that uses SHA1 and a salt length of 20.
535 //
536 // SEQUENCE (2 elem)
537 // OBJECT IDENTIFIER 1.2.840.113549.1.1.10
538 // SEQUENCE (4 elem)
539 // [0] (1 elem)
540 // SEQUENCE (2 elem)
541 // OBJECT IDENTIFIER 1.3.14.3.2.26
542 // NULL
543 // [1] (1 elem)
544 // SEQUENCE (2 elem)
545 // OBJECT IDENTIFIER 1.2.840.113549.1.1.8
546 // SEQUENCE (2 elem)
547 // OBJECT IDENTIFIER 1.3.14.3.2.26
548 // NULL
549 // [2] (1 elem)
550 // INTEGER 20
551 // [3] (1 elem)
552 // INTEGER 1
TEST(SignatureAlgorithmTest,ParseDerRsaPss)553 TEST(SignatureAlgorithmTest, ParseDerRsaPss) {
554 // clang-format off
555 const uint8_t kData[] = {
556 0x30, 0x3E, // SEQUENCE (62 bytes)
557 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes)
558 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0A,
559 0x30, 0x31, // SEQUENCE (49 bytes)
560 0xA0, 0x0B, // [0] (11 bytes)
561 0x30, 0x09, // SEQUENCE (9 bytes)
562 0x06, 0x05, // OBJECT IDENTIFIER (5 bytes)
563 0x2B, 0x0E, 0x03, 0x02, 0x1A,
564 0x05, 0x00, // NULL (0 bytes)
565 0xA1, 0x18, // [1] (24 bytes)
566 0x30, 0x16, // SEQUENCE (22 bytes)
567 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes)
568 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x08,
569 0x30, 0x09, // SEQUENCE (9 bytes)
570 0x06, 0x05, // OBJECT IDENTIFIER (5 bytes)
571 0x2B, 0x0E, 0x03, 0x02, 0x1A,
572 0x05, 0x00, // NULL (0 bytes)
573 0xA2, 0x03, // [2] (3 bytes)
574 0x02, 0x01, // INTEGER (1 byte)
575 0x14,
576 0xA3, 0x03, // [3] (3 bytes)
577 0x02, 0x01, // INTEGER (1 byte)
578 0x01,
579 };
580 // clang-format on
581 std::unique_ptr<SignatureAlgorithm> algorithm;
582 ASSERT_TRUE(ParseDer(kData, &algorithm));
583
584 ASSERT_EQ(SignatureAlgorithmId::RsaPss, algorithm->algorithm());
585 EXPECT_EQ(DigestAlgorithm::Sha1, algorithm->digest());
586
587 const RsaPssParameters* params = algorithm->ParamsForRsaPss();
588
589 ASSERT_TRUE(params);
590 EXPECT_EQ(DigestAlgorithm::Sha1, params->mgf1_hash());
591 EXPECT_EQ(20u, params->salt_length());
592 }
593
594 // Parses a rsaPss algorithm that has an empty parameters. It should use all the
595 // default values (SHA1 and salt length of 20).
596 //
597 // SEQUENCE (2 elem)
598 // OBJECT IDENTIFIER 1.2.840.113549.1.1.10
599 // SEQUENCE (0 elem)
TEST(SignatureAlgorithmTest,ParseDerRsaPssEmptyParams)600 TEST(SignatureAlgorithmTest, ParseDerRsaPssEmptyParams) {
601 // clang-format off
602 const uint8_t kData[] = {
603 0x30, 0x0D, // SEQUENCE (13 bytes)
604 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes)
605 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0A,
606 0x30, 0x00, // SEQUENCE (0 bytes)
607 };
608 // clang-format on
609 std::unique_ptr<SignatureAlgorithm> algorithm;
610 ASSERT_TRUE(ParseDer(kData, &algorithm));
611
612 ASSERT_EQ(SignatureAlgorithmId::RsaPss, algorithm->algorithm());
613 EXPECT_EQ(DigestAlgorithm::Sha1, algorithm->digest());
614
615 const RsaPssParameters* params = algorithm->ParamsForRsaPss();
616
617 ASSERT_TRUE(params);
618 EXPECT_EQ(DigestAlgorithm::Sha1, params->mgf1_hash());
619 EXPECT_EQ(20u, params->salt_length());
620 }
621
622 // Parses a rsaPss algorithm that has NULL parameters. This fails.
623 //
624 // SEQUENCE (2 elem)
625 // OBJECT IDENTIFIER 1.2.840.113549.1.1.10
626 // NULL
TEST(SignatureAlgorithmTest,ParseDerRsaPssNullParams)627 TEST(SignatureAlgorithmTest, ParseDerRsaPssNullParams) {
628 // clang-format off
629 const uint8_t kData[] = {
630 0x30, 0x0D, // SEQUENCE (13 bytes)
631 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes)
632 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0A,
633 0x05, 0x00, // NULL (0 bytes)
634 };
635 // clang-format on
636 std::unique_ptr<SignatureAlgorithm> algorithm;
637 ASSERT_FALSE(ParseDer(kData, &algorithm));
638 }
639
640 // Parses a rsaPss algorithm that has no parameters. This fails.
641 //
642 // SEQUENCE (1 elem)
643 // OBJECT IDENTIFIER 1.2.840.113549.1.1.10
TEST(SignatureAlgorithmTest,ParseDerRsaPssNoParams)644 TEST(SignatureAlgorithmTest, ParseDerRsaPssNoParams) {
645 // clang-format off
646 const uint8_t kData[] = {
647 0x30, 0x0B, // SEQUENCE (11 bytes)
648 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes)
649 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0A,
650 };
651 // clang-format on
652 std::unique_ptr<SignatureAlgorithm> algorithm;
653 ASSERT_FALSE(ParseDer(kData, &algorithm));
654 }
655
656 // Parses a rsaPss algorithm that has data after the parameters sequence.
657 //
658 // SEQUENCE (3 elem)
659 // OBJECT IDENTIFIER 1.2.840.113549.1.1.10
660 // SEQUENCE (0 elem)
661 // NULL
TEST(SignatureAlgorithmTest,ParseDerRsaPssDataAfterParams)662 TEST(SignatureAlgorithmTest, ParseDerRsaPssDataAfterParams) {
663 // clang-format off
664 const uint8_t kData[] = {
665 0x30, 0x0F, // SEQUENCE (15 bytes)
666 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes)
667 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0A,
668 0x30, 0x00, // SEQUENCE (0 bytes)
669 0x05, 0x00, // NULL (0 bytes)
670 };
671 // clang-format on
672 std::unique_ptr<SignatureAlgorithm> algorithm;
673 ASSERT_FALSE(ParseDer(kData, &algorithm));
674 }
675
676 // Parses a rsaPss algorithm that uses defaults (by ommitting the values) for
677 // everything except the salt length.
678 //
679 // SEQUENCE (2 elem)
680 // OBJECT IDENTIFIER 1.2.840.113549.1.1.10
681 // SEQUENCE (1 elem)
682 // [2] (1 elem)
683 // INTEGER 23
TEST(SignatureAlgorithmTest,ParseDerRsaPssDefaultsExceptForSaltLength)684 TEST(SignatureAlgorithmTest, ParseDerRsaPssDefaultsExceptForSaltLength) {
685 // clang-format off
686 const uint8_t kData[] = {
687 0x30, 0x12, // SEQUENCE (62 bytes)
688 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes)
689 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0A,
690 0x30, 0x05, // SEQUENCE (5 bytes)
691 0xA2, 0x03, // [2] (3 bytes)
692 0x02, 0x01, // INTEGER (1 byte)
693 0x17,
694 };
695 // clang-format on
696 std::unique_ptr<SignatureAlgorithm> algorithm;
697 ASSERT_TRUE(ParseDer(kData, &algorithm));
698
699 ASSERT_EQ(SignatureAlgorithmId::RsaPss, algorithm->algorithm());
700 EXPECT_EQ(DigestAlgorithm::Sha1, algorithm->digest());
701
702 const RsaPssParameters* params = algorithm->ParamsForRsaPss();
703
704 ASSERT_TRUE(params);
705 EXPECT_EQ(DigestAlgorithm::Sha1, params->mgf1_hash());
706 EXPECT_EQ(23u, params->salt_length());
707 }
708
709 // Parses a rsaPss algorithm that has unrecognized data (NULL) within the
710 // parameters sequence.
711 //
712 // SEQUENCE (2 elem)
713 // OBJECT IDENTIFIER 1.2.840.113549.1.1.10
714 // SEQUENCE (2 elem)
715 // [2] (1 elem)
716 // INTEGER 23
717 // NULL
TEST(SignatureAlgorithmTest,ParseDerRsaPssNullInsideParams)718 TEST(SignatureAlgorithmTest, ParseDerRsaPssNullInsideParams) {
719 // clang-format off
720 const uint8_t kData[] = {
721 0x30, 0x14, // SEQUENCE (62 bytes)
722 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes)
723 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0A,
724 0x30, 0x07, // SEQUENCE (5 bytes)
725 0xA2, 0x03, // [2] (3 bytes)
726 0x02, 0x01, // INTEGER (1 byte)
727 0x17,
728 0x05, 0x00, // NULL (0 bytes)
729 };
730 // clang-format on
731 std::unique_ptr<SignatureAlgorithm> algorithm;
732 ASSERT_FALSE(ParseDer(kData, &algorithm));
733 }
734
735 // Parses a rsaPss algorithm that has an unsupported trailer value (2). Only
736 // trailer values of 1 are allowed by RFC 4055.
737 //
738 // SEQUENCE (2 elem)
739 // OBJECT IDENTIFIER 1.2.840.113549.1.1.10
740 // SEQUENCE (1 elem)
741 // [3] (1 elem)
742 // INTEGER 2
TEST(SignatureAlgorithmTest,ParseDerRsaPssUnsupportedTrailer)743 TEST(SignatureAlgorithmTest, ParseDerRsaPssUnsupportedTrailer) {
744 // clang-format off
745 const uint8_t kData[] = {
746 0x30, 0x12, // SEQUENCE (18 bytes)
747 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes)
748 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0A,
749 0x30, 0x05, // SEQUENCE (5 bytes)
750 0xA3, 0x03, // [3] (3 bytes)
751 0x02, 0x01, // INTEGER (1 byte)
752 0x02,
753 };
754 // clang-format on
755 std::unique_ptr<SignatureAlgorithm> algorithm;
756 ASSERT_FALSE(ParseDer(kData, &algorithm));
757 }
758
759 // Parses a rsaPss algorithm that has extra data appearing after the trailer in
760 // the [3] section.
761 //
762 // SEQUENCE (2 elem)
763 // OBJECT IDENTIFIER 1.2.840.113549.1.1.10
764 // SEQUENCE (1 elem)
765 // [3] (2 elem)
766 // INTEGER 1
767 // NULL
TEST(SignatureAlgorithmTest,ParseDerRsaPssBadTrailer)768 TEST(SignatureAlgorithmTest, ParseDerRsaPssBadTrailer) {
769 // clang-format off
770 const uint8_t kData[] = {
771 0x30, 0x14, // SEQUENCE (20 bytes)
772 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes)
773 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0A,
774 0x30, 0x07, // SEQUENCE (7 bytes)
775 0xA3, 0x05, // [3] (5 bytes)
776 0x02, 0x01, // INTEGER (1 byte)
777 0x01,
778 0x05, 0x00, // NULL (0 bytes)
779 };
780 // clang-format on
781 std::unique_ptr<SignatureAlgorithm> algorithm;
782 ASSERT_FALSE(ParseDer(kData, &algorithm));
783 }
784
785 // Parses a rsaPss algorithm that uses SHA384 for the hash, and leaves the rest
786 // as defaults (including the mask gen).
787 //
788 // SEQUENCE (2 elem)
789 // OBJECT IDENTIFIER 1.2.840.113549.1.1.10
790 // SEQUENCE (1 elem)
791 // [0] (1 elem)
792 // SEQUENCE (2 elem)
793 // OBJECT IDENTIFIER 2.16.840.1.101.3.4.2.2
794 // NULL
TEST(SignatureAlgorithmTest,ParseDerRsaPssNonDefaultHash)795 TEST(SignatureAlgorithmTest, ParseDerRsaPssNonDefaultHash) {
796 // clang-format off
797 const uint8_t kData[] = {
798 0x30, 0x1E, // SEQUENCE (30 bytes)
799 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes)
800 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0A,
801 0x30, 0x11, // SEQUENCE (17 bytes)
802 0xA0, 0x0F, // [0] (15 bytes)
803 0x30, 0x0D, // SEQUENCE (13 bytes)
804 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes)
805 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02,
806 0x05, 0x00, // NULL (0 bytes)
807 };
808 // clang-format on
809 std::unique_ptr<SignatureAlgorithm> algorithm;
810 ASSERT_TRUE(ParseDer(kData, &algorithm));
811
812 ASSERT_EQ(SignatureAlgorithmId::RsaPss, algorithm->algorithm());
813 EXPECT_EQ(DigestAlgorithm::Sha384, algorithm->digest());
814
815 const RsaPssParameters* params = algorithm->ParamsForRsaPss();
816
817 ASSERT_TRUE(params);
818 EXPECT_EQ(DigestAlgorithm::Sha1, params->mgf1_hash());
819 EXPECT_EQ(20u, params->salt_length());
820 }
821
822 // Parses a rsaPss algorithm that uses SHA384 for the hash, however in the
823 // AlgorithmIdentifier for the hash function the parameters are omitted instead
824 // of NULL.
825 //
826 // SEQUENCE (2 elem)
827 // OBJECT IDENTIFIER 1.2.840.113549.1.1.10
828 // SEQUENCE (1 elem)
829 // [0] (1 elem)
830 // SEQUENCE (1 elem)
831 // OBJECT IDENTIFIER 2.16.840.1.101.3.4.2.2
TEST(SignatureAlgorithmTest,ParseDerRsaPssNonDefaultHashAbsentParams)832 TEST(SignatureAlgorithmTest, ParseDerRsaPssNonDefaultHashAbsentParams) {
833 // clang-format off
834 const uint8_t kData[] = {
835 0x30, 0x1C, // SEQUENCE (28 bytes)
836 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes)
837 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0A,
838 0x30, 0x0F, // SEQUENCE (15 bytes)
839 0xA0, 0x0D, // [0] (13 bytes)
840 0x30, 0x0B, // SEQUENCE (11 bytes)
841 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes)
842 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02,
843 };
844 // clang-format on
845 std::unique_ptr<SignatureAlgorithm> algorithm;
846 ASSERT_TRUE(ParseDer(kData, &algorithm));
847
848 ASSERT_EQ(SignatureAlgorithmId::RsaPss, algorithm->algorithm());
849 EXPECT_EQ(DigestAlgorithm::Sha384, algorithm->digest());
850
851 const RsaPssParameters* params = algorithm->ParamsForRsaPss();
852
853 ASSERT_TRUE(params);
854 EXPECT_EQ(DigestAlgorithm::Sha1, params->mgf1_hash());
855 EXPECT_EQ(20u, params->salt_length());
856 }
857
858 // Parses a rsaPss algorithm that uses an invalid hash algorithm (twiddled the
859 // bytes for the SHA-384 OID a bit).
860 //
861 // SEQUENCE (2 elem)
862 // OBJECT IDENTIFIER 1.2.840.113549.1.1.10
863 // SEQUENCE (1 elem)
864 // [0] (1 elem)
865 // SEQUENCE (1 elem)
866 // OBJECT IDENTIFIER 2.16.840.2.103.19.4.2.2
TEST(SignatureAlgorithmTest,ParseDerRsaPssUnsupportedHashOid)867 TEST(SignatureAlgorithmTest, ParseDerRsaPssUnsupportedHashOid) {
868 // clang-format off
869 const uint8_t kData[] = {
870 0x30, 0x1C, // SEQUENCE (28 bytes)
871 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes)
872 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0A,
873 0x30, 0x0F, // SEQUENCE (15 bytes)
874 0xA0, 0x0D, // [0] (13 bytes)
875 0x30, 0x0B, // SEQUENCE (11 bytes)
876 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes)
877 0x60, 0x86, 0x48, 0x02, 0x67, 0x13, 0x04, 0x02, 0x02,
878 };
879 // clang-format on
880 std::unique_ptr<SignatureAlgorithm> algorithm;
881 ASSERT_FALSE(ParseDer(kData, &algorithm));
882 }
883
884 // Parses a rsaPss algorithm that uses SHA512 MGF1 for the mask gen, and
885 // defaults for the rest.
886 //
887 // SEQUENCE (2 elem)
888 // OBJECT IDENTIFIER 1.2.840.113549.1.1.10
889 // SEQUENCE (1 elem)
890 // [1] (1 elem)
891 // SEQUENCE (2 elem)
892 // OBJECT IDENTIFIER 1.2.840.113549.1.1.8
893 // SEQUENCE (2 elem)
894 // OBJECT IDENTIFIER 2.16.840.1.101.3.4.2.3
895 // NULL
TEST(SignatureAlgorithmTest,ParseDerRsaPssNonDefaultMaskGen)896 TEST(SignatureAlgorithmTest, ParseDerRsaPssNonDefaultMaskGen) {
897 // clang-format off
898 const uint8_t kData[] = {
899 0x30, 0x2B, // SEQUENCE (43 bytes)
900 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes)
901 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0A,
902 0x30, 0x1E, // SEQUENCE (30 bytes)
903 0xA1, 0x1C, // [1] (28 bytes)
904 0x30, 0x1A, // SEQUENCE (26 bytes)
905 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes)
906 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x08,
907 0x30, 0x0D, // SEQUENCE (13 bytes)
908 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes)
909 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03,
910 0x05, 0x00, // NULL (0 bytes)
911 };
912 // clang-format on
913 std::unique_ptr<SignatureAlgorithm> algorithm;
914 ASSERT_TRUE(ParseDer(kData, &algorithm));
915
916 ASSERT_EQ(SignatureAlgorithmId::RsaPss, algorithm->algorithm());
917 EXPECT_EQ(DigestAlgorithm::Sha1, algorithm->digest());
918
919 const RsaPssParameters* params = algorithm->ParamsForRsaPss();
920
921 ASSERT_TRUE(params);
922 EXPECT_EQ(DigestAlgorithm::Sha512, params->mgf1_hash());
923 EXPECT_EQ(20u, params->salt_length());
924 }
925
926 // Parses a rsaPss algorithm that uses a mask gen with an unrecognized OID
927 // (twiddled some of the bits).
928 //
929 // SEQUENCE (2 elem)
930 // OBJECT IDENTIFIER 1.2.840.113549.1.1.10
931 // SEQUENCE (1 elem)
932 // [1] (1 elem)
933 // SEQUENCE (2 elem)
934 // OBJECT IDENTIFIER 1.2.840.113618.1.2.8
935 // SEQUENCE (2 elem)
936 // OBJECT IDENTIFIER 2.16.840.1.101.3.4.2.3
937 // NULL
TEST(SignatureAlgorithmTest,ParseDerRsaPssUnsupportedMaskGen)938 TEST(SignatureAlgorithmTest, ParseDerRsaPssUnsupportedMaskGen) {
939 // clang-format off
940 const uint8_t kData[] = {
941 0x30, 0x2B, // SEQUENCE (43 bytes)
942 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes)
943 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0A,
944 0x30, 0x1E, // SEQUENCE (30 bytes)
945 0xA1, 0x1C, // [1] (28 bytes)
946 0x30, 0x1A, // SEQUENCE (26 bytes)
947 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes)
948 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x52, 0x01, 0x02, 0x08,
949 0x30, 0x0D, // SEQUENCE (13 bytes)
950 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes)
951 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03,
952 0x05, 0x00, // NULL (0 bytes)
953 };
954 // clang-format on
955 std::unique_ptr<SignatureAlgorithm> algorithm;
956 ASSERT_FALSE(ParseDer(kData, &algorithm));
957 }
958
959 // Parses a rsaPss algorithm that uses SHA256 for the hash, and SHA512 for the
960 // MGF1.
961 //
962 // SEQUENCE (2 elem)
963 // OBJECT IDENTIFIER 1.2.840.113549.1.1.10
964 // SEQUENCE (2 elem)
965 // [0] (1 elem)
966 // SEQUENCE (2 elem)
967 // OBJECT IDENTIFIER 2.16.840.1.101.3.4.2.1
968 // NULL
969 // [1] (1 elem)
970 // SEQUENCE (2 elem)
971 // OBJECT IDENTIFIER 1.2.840.113549.1.1.8
972 // SEQUENCE (2 elem)
973 // OBJECT IDENTIFIER 2.16.840.1.101.3.4.2.3
974 // NULL
TEST(SignatureAlgorithmTest,ParseDerRsaPssNonDefaultHashAndMaskGen)975 TEST(SignatureAlgorithmTest, ParseDerRsaPssNonDefaultHashAndMaskGen) {
976 // clang-format off
977 const uint8_t kData[] = {
978 0x30, 0x3C, // SEQUENCE (60 bytes)
979 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes)
980 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0A,
981 0x30, 0x2F, // SEQUENCE (47 bytes)
982 0xA0, 0x0F, // [0] (15 bytes)
983 0x30, 0x0D, // SEQUENCE (13 bytes)
984 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes)
985 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01,
986 0x05, 0x00, // NULL (0 bytes)
987 0xA1, 0x1C, // [1] (28 bytes)
988 0x30, 0x1A, // SEQUENCE (26 bytes)
989 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes)
990 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x08,
991 0x30, 0x0D, // SEQUENCE (13 bytes)
992 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes)
993 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03,
994 0x05, 0x00, // NULL (0 bytes)
995 };
996 // clang-format on
997 std::unique_ptr<SignatureAlgorithm> algorithm;
998 ASSERT_TRUE(ParseDer(kData, &algorithm));
999
1000 ASSERT_EQ(SignatureAlgorithmId::RsaPss, algorithm->algorithm());
1001 EXPECT_EQ(DigestAlgorithm::Sha256, algorithm->digest());
1002
1003 const RsaPssParameters* params = algorithm->ParamsForRsaPss();
1004
1005 ASSERT_TRUE(params);
1006 EXPECT_EQ(DigestAlgorithm::Sha512, params->mgf1_hash());
1007 EXPECT_EQ(20u, params->salt_length());
1008 }
1009
1010 // Parses a rsaPss algorithm that uses SHA256 for the hash, and SHA256 for the
1011 // MGF1, and a salt length of 10.
1012 //
1013 // SEQUENCE (2 elem)
1014 // OBJECT IDENTIFIER 1.2.840.113549.1.1.10
1015 // SEQUENCE (3 elem)
1016 // [0] (1 elem)
1017 // SEQUENCE (2 elem)
1018 // OBJECT IDENTIFIER 2.16.840.1.101.3.4.2.1
1019 // NULL
1020 // [1] (1 elem)
1021 // SEQUENCE (2 elem)
1022 // OBJECT IDENTIFIER 1.2.840.113549.1.1.8
1023 // SEQUENCE (2 elem)
1024 // OBJECT IDENTIFIER 2.16.840.1.101.3.4.2.1
1025 // NULL
1026 // [2] (1 elem)
1027 // INTEGER 10
TEST(SignatureAlgorithmTest,ParseDerRsaPssNonDefaultHashAndMaskGenAndSalt)1028 TEST(SignatureAlgorithmTest, ParseDerRsaPssNonDefaultHashAndMaskGenAndSalt) {
1029 // clang-format off
1030 const uint8_t kData[] = {
1031 0x30, 0x41, // SEQUENCE (65 bytes)
1032 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes)
1033 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0A,
1034 0x30, 0x34, // SEQUENCE (52 bytes)
1035 0xA0, 0x0F, // [0] (15 bytes)
1036 0x30, 0x0D, // SEQUENCE (13 bytes)
1037 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes)
1038 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01,
1039 0x05, 0x00, // NULL (0 bytes)
1040 0xA1, 0x1C, // [1] (28 bytes)
1041 0x30, 0x1A, // SEQUENCE (26 bytes)
1042 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes)
1043 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x08,
1044 0x30, 0x0D, // SEQUENCE (13 bytes)
1045 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes)
1046 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01,
1047 0x05, 0x00, // NULL (0 bytes)
1048 0xA2, 0x03, // [2] (3 bytes)
1049 0x02, 0x01, // INTEGER (1 byte)
1050 0x0A,
1051 };
1052 // clang-format on
1053 std::unique_ptr<SignatureAlgorithm> algorithm;
1054 ASSERT_TRUE(ParseDer(kData, &algorithm));
1055
1056 ASSERT_EQ(SignatureAlgorithmId::RsaPss, algorithm->algorithm());
1057 EXPECT_EQ(DigestAlgorithm::Sha256, algorithm->digest());
1058
1059 const RsaPssParameters* params = algorithm->ParamsForRsaPss();
1060
1061 ASSERT_TRUE(params);
1062 EXPECT_EQ(DigestAlgorithm::Sha256, params->mgf1_hash());
1063 EXPECT_EQ(10u, params->salt_length());
1064 }
1065
1066 // Parses a md5WithRSAEncryption which contains a NULL parameters field.
1067 //
1068 // SEQUENCE (2 elem)
1069 // OBJECT IDENTIFIER 1.2.840.113549.1.1.4
1070 // NULL
TEST(SignatureAlgorithmTest,ParseDerMd5WithRsaEncryptionNullParams)1071 TEST(SignatureAlgorithmTest, ParseDerMd5WithRsaEncryptionNullParams) {
1072 // clang-format off
1073 const uint8_t kData[] = {
1074 0x30, 0x0D, // SEQUENCE (13 bytes)
1075 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes)
1076 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x04,
1077 0x05, 0x00, // NULL (0 bytes)
1078 };
1079 // clang-format on
1080 std::unique_ptr<SignatureAlgorithm> algorithm;
1081 ASSERT_TRUE(ParseDer(kData, &algorithm));
1082
1083 EXPECT_EQ(SignatureAlgorithmId::RsaPkcs1, algorithm->algorithm());
1084 EXPECT_EQ(DigestAlgorithm::Md5, algorithm->digest());
1085 }
1086
1087 // Parses a md4WithRSAEncryption which contains a NULL parameters field.
1088 //
1089 // SEQUENCE (2 elem)
1090 // OBJECT IDENTIFIER 1.2.840.113549.1.1.3
1091 // NULL
TEST(SignatureAlgorithmTest,ParseDerMd4WithRsaEncryptionNullParams)1092 TEST(SignatureAlgorithmTest, ParseDerMd4WithRsaEncryptionNullParams) {
1093 // clang-format off
1094 const uint8_t kData[] = {
1095 0x30, 0x0D, // SEQUENCE (13 bytes)
1096 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes)
1097 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x03,
1098 0x05, 0x00, // NULL (0 bytes)
1099 };
1100 // clang-format on
1101 std::unique_ptr<SignatureAlgorithm> algorithm;
1102 ASSERT_TRUE(ParseDer(kData, &algorithm));
1103
1104 EXPECT_EQ(SignatureAlgorithmId::RsaPkcs1, algorithm->algorithm());
1105 EXPECT_EQ(DigestAlgorithm::Md4, algorithm->digest());
1106 }
1107
1108 // Parses a md2WithRSAEncryption which contains a NULL parameters field.
1109 //
1110 // SEQUENCE (2 elem)
1111 // OBJECT IDENTIFIER 1.2.840.113549.1.1.2
1112 // NULL
TEST(SignatureAlgorithmTest,ParseDerMd2WithRsaEncryptionNullParams)1113 TEST(SignatureAlgorithmTest, ParseDerMd2WithRsaEncryptionNullParams) {
1114 // clang-format off
1115 const uint8_t kData[] = {
1116 0x30, 0x0D, // SEQUENCE (13 bytes)
1117 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes)
1118 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x02,
1119 0x05, 0x00, // NULL (0 bytes)
1120 };
1121 // clang-format on
1122 std::unique_ptr<SignatureAlgorithm> algorithm;
1123 ASSERT_TRUE(ParseDer(kData, &algorithm));
1124
1125 EXPECT_EQ(SignatureAlgorithmId::RsaPkcs1, algorithm->algorithm());
1126 EXPECT_EQ(DigestAlgorithm::Md2, algorithm->digest());
1127 }
1128
1129 // Parses a dsaWithSha1 which contains no parameters field.
1130 //
1131 // SEQUENCE (1 elem)
1132 // OBJECT IDENTIFIER 1.2.840.10040.4.3
TEST(SignatureAlgorithmTest,ParseDerDsaWithSha1NoParams)1133 TEST(SignatureAlgorithmTest, ParseDerDsaWithSha1NoParams) {
1134 // clang-format off
1135 const uint8_t kData[] = {
1136 0x30, 0x09, // SEQUENCE (9 bytes)
1137 0x06, 0x07, // OBJECT IDENTIFIER (7 bytes)
1138 0x2a, 0x86, 0x48, 0xce, 0x38, 0x04, 0x03,
1139 };
1140 // clang-format on
1141 std::unique_ptr<SignatureAlgorithm> algorithm;
1142 ASSERT_TRUE(ParseDer(kData, &algorithm));
1143
1144 EXPECT_EQ(SignatureAlgorithmId::Dsa, algorithm->algorithm());
1145 EXPECT_EQ(DigestAlgorithm::Sha1, algorithm->digest());
1146 }
1147
1148 // Parses a dsaWithSha1 which contains a NULL parameters field.
1149 //
1150 // SEQUENCE (2 elem)
1151 // OBJECT IDENTIFIER 1.2.840.10040.4.3
1152 // NULL
TEST(SignatureAlgorithmTest,ParseDerDsaWithSha1NullParams)1153 TEST(SignatureAlgorithmTest, ParseDerDsaWithSha1NullParams) {
1154 // clang-format off
1155 const uint8_t kData[] = {
1156 0x30, 0x0B, // SEQUENCE (9 bytes)
1157 0x06, 0x07, // OBJECT IDENTIFIER (7 bytes)
1158 0x2a, 0x86, 0x48, 0xce, 0x38, 0x04, 0x03,
1159 0x05, 0x00, // NULL (0 bytes)
1160 };
1161 // clang-format on
1162 std::unique_ptr<SignatureAlgorithm> algorithm;
1163 ASSERT_TRUE(ParseDer(kData, &algorithm));
1164
1165 EXPECT_EQ(SignatureAlgorithmId::Dsa, algorithm->algorithm());
1166 EXPECT_EQ(DigestAlgorithm::Sha1, algorithm->digest());
1167 }
1168
1169 // Parses a dsaWithSha256 which contains no parameters field.
1170 //
1171 // SEQUENCE (1 elem)
1172 // OBJECT IDENTIFIER 2.16.840.1.101.3.4.3.2
TEST(SignatureAlgorithmTest,ParseDerDsaWithSha256NoParams)1173 TEST(SignatureAlgorithmTest, ParseDerDsaWithSha256NoParams) {
1174 // clang-format off
1175 const uint8_t kData[] = {
1176 0x30, 0x0B, // SEQUENCE (11 bytes)
1177 0x06, 0x09, // OBJECT IDENTIFIER (9 bytes)
1178 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x02
1179 };
1180 // clang-format on
1181 std::unique_ptr<SignatureAlgorithm> algorithm;
1182 ASSERT_TRUE(ParseDer(kData, &algorithm));
1183
1184 EXPECT_EQ(SignatureAlgorithmId::Dsa, algorithm->algorithm());
1185 EXPECT_EQ(DigestAlgorithm::Sha256, algorithm->digest());
1186 }
1187
1188 } // namespace
1189
1190 } // namespace net
1191