blob: dd222a418a6f2ad12ff3739f570bc76375deacd1 [file] [log] [blame]
// Copyright 2017 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "net/cert/internal/simple_path_builder_delegate.h"
#include <memory>
#include <set>
#include "net/cert/internal/cert_errors.h"
#include "net/cert/internal/signature_algorithm.h"
#include "net/cert/internal/test_helpers.h"
#include "net/cert/internal/verify_signed_data.h"
#include "net/der/input.h"
#include "net/der/parse_values.h"
#include "net/der/parser.h"
#include "testing/gtest/include/gtest/gtest.h"
#include "third_party/boringssl/src/include/openssl/nid.h"
namespace net {
namespace {
// Reads the public key and algorithm from the test data at |file_name|.
void ReadTestCase(const char* file_name,
std::unique_ptr<SignatureAlgorithm>* signature_algorithm,
bssl::UniquePtr<EVP_PKEY>* public_key) {
std::string path =
std::string("net/data/verify_signed_data_unittest/") + file_name;
std::string public_key_str;
std::string algorithm_str;
const PemBlockMapping mappings[] = {
{"PUBLIC KEY", &public_key_str}, {"ALGORITHM", &algorithm_str},
};
ASSERT_TRUE(ReadTestDataFromPemFile(path, mappings));
CertErrors algorithm_errors;
*signature_algorithm =
SignatureAlgorithm::Create(der::Input(&algorithm_str), &algorithm_errors);
ASSERT_TRUE(*signature_algorithm) << algorithm_errors.ToDebugString();
ASSERT_TRUE(ParsePublicKey(der::Input(&public_key_str), public_key));
}
class SimplePathBuilderDelegate1024SuccessTest
: public ::testing::TestWithParam<const char*> {};
const char* kSuccess1024Filenames[] = {
"rsa-pkcs1-sha1.pem",
"rsa-pkcs1-sha256.pem",
"rsa2048-pkcs1-sha512.pem",
"ecdsa-secp384r1-sha256.pem",
"ecdsa-prime256v1-sha512.pem",
"rsa-pss-sha1-salt20.pem",
"rsa-pss-sha256-mgf1-sha512-salt33.pem",
"rsa-pss-sha256-salt10.pem",
"ecdsa-secp384r1-sha256.pem",
"ecdsa-prime256v1-sha512.pem",
};
INSTANTIATE_TEST_CASE_P(,
SimplePathBuilderDelegate1024SuccessTest,
::testing::ValuesIn(kSuccess1024Filenames));
TEST_P(SimplePathBuilderDelegate1024SuccessTest, IsAcceptableSignatureAndKey) {
std::unique_ptr<SignatureAlgorithm> signature_algorithm;
bssl::UniquePtr<EVP_PKEY> public_key;
ReadTestCase(GetParam(), &signature_algorithm, &public_key);
ASSERT_TRUE(signature_algorithm);
ASSERT_TRUE(public_key);
CertErrors errors;
SimplePathBuilderDelegate delegate(
1024, SimplePathBuilderDelegate::DigestPolicy::kWeakAllowSha1);
EXPECT_TRUE(
delegate.IsSignatureAlgorithmAcceptable(*signature_algorithm, &errors));
EXPECT_TRUE(delegate.IsPublicKeyAcceptable(public_key.get(), &errors));
}
class SimplePathBuilderDelegate2048FailTest
: public ::testing::TestWithParam<const char*> {};
const char* kFail2048Filenames[] = {"rsa-pkcs1-sha1.pem",
"rsa-pkcs1-sha256.pem"};
INSTANTIATE_TEST_CASE_P(,
SimplePathBuilderDelegate2048FailTest,
::testing::ValuesIn(kFail2048Filenames));
TEST_P(SimplePathBuilderDelegate2048FailTest, RsaKeySmallerThan2048) {
std::unique_ptr<SignatureAlgorithm> signature_algorithm;
bssl::UniquePtr<EVP_PKEY> public_key;
ReadTestCase(GetParam(), &signature_algorithm, &public_key);
ASSERT_TRUE(signature_algorithm);
ASSERT_TRUE(public_key);
CertErrors errors;
SimplePathBuilderDelegate delegate(
2048, SimplePathBuilderDelegate::DigestPolicy::kWeakAllowSha1);
EXPECT_TRUE(
delegate.IsSignatureAlgorithmAcceptable(*signature_algorithm, &errors));
EXPECT_FALSE(delegate.IsPublicKeyAcceptable(public_key.get(), &errors));
}
} // namespace
} // namespace net