1 // Copyright 2015 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "verify_signed_data.h"
6
7 #include <memory>
8 #include <set>
9
10 #include <gtest/gtest.h>
11 #include <optional>
12 #include "cert_errors.h"
13 #include "input.h"
14 #include "mock_signature_verify_cache.h"
15 #include "parse_values.h"
16 #include "parser.h"
17 #include "signature_algorithm.h"
18 #include "test_helpers.h"
19
20 namespace bssl {
21
22 namespace {
23
24 enum VerifyResult {
25 SUCCESS,
26 FAILURE,
27 };
28
29 // Reads test data from |file_name| and runs VerifySignedData() over its
30 // inputs.
31 //
32 // If expected_result was SUCCESS then the test will only succeed if
33 // VerifySignedData() returns true.
34 //
35 // If expected_result was FAILURE then the test will only succeed if
36 // VerifySignedData() returns false.
RunTestCase(VerifyResult expected_result,const char * file_name,SignatureVerifyCache * cache)37 void RunTestCase(VerifyResult expected_result, const char *file_name,
38 SignatureVerifyCache *cache) {
39 std::string path =
40 std::string("testdata/verify_signed_data_unittest/") + file_name;
41
42 std::string public_key;
43 std::string algorithm;
44 std::string signed_data;
45 std::string signature_value;
46
47 const PemBlockMapping mappings[] = {
48 {"PUBLIC KEY", &public_key},
49 {"ALGORITHM", &algorithm},
50 {"DATA", &signed_data},
51 {"SIGNATURE", &signature_value},
52 };
53
54 ASSERT_TRUE(ReadTestDataFromPemFile(path, mappings));
55
56 std::optional<SignatureAlgorithm> signature_algorithm =
57 ParseSignatureAlgorithm(der::Input(algorithm));
58 ASSERT_TRUE(signature_algorithm);
59
60 der::Parser signature_value_parser((der::Input(signature_value)));
61 std::optional<der::BitString> signature_value_bit_string =
62 signature_value_parser.ReadBitString();
63 ASSERT_TRUE(signature_value_bit_string.has_value())
64 << "The signature value is not a valid BIT STRING";
65
66 bool expected_result_bool = expected_result == SUCCESS;
67
68 bool result = VerifySignedData(*signature_algorithm, der::Input(signed_data),
69 signature_value_bit_string.value(),
70 der::Input(public_key), cache);
71
72 EXPECT_EQ(expected_result_bool, result);
73 }
74
RunTestCase(VerifyResult expected_result,const char * file_name)75 void RunTestCase(VerifyResult expected_result, const char *file_name) {
76 RunTestCase(expected_result, file_name, /*cache=*/nullptr);
77 }
78
79 // Read the descriptions in the test files themselves for details on what is
80 // being tested.
81
TEST(VerifySignedDataTest,RsaPkcs1Sha1)82 TEST(VerifySignedDataTest, RsaPkcs1Sha1) {
83 RunTestCase(SUCCESS, "rsa-pkcs1-sha1.pem");
84 }
85
TEST(VerifySignedDataTest,RsaPkcs1Sha256)86 TEST(VerifySignedDataTest, RsaPkcs1Sha256) {
87 RunTestCase(SUCCESS, "rsa-pkcs1-sha256.pem");
88 }
89
TEST(VerifySignedDataTest,Rsa2048Pkcs1Sha512)90 TEST(VerifySignedDataTest, Rsa2048Pkcs1Sha512) {
91 RunTestCase(SUCCESS, "rsa2048-pkcs1-sha512.pem");
92 }
93
TEST(VerifySignedDataTest,RsaPkcs1Sha256KeyEncodedBer)94 TEST(VerifySignedDataTest, RsaPkcs1Sha256KeyEncodedBer) {
95 RunTestCase(FAILURE, "rsa-pkcs1-sha256-key-encoded-ber.pem");
96 }
97
TEST(VerifySignedDataTest,EcdsaSecp384r1Sha256)98 TEST(VerifySignedDataTest, EcdsaSecp384r1Sha256) {
99 RunTestCase(SUCCESS, "ecdsa-secp384r1-sha256.pem");
100 }
101
TEST(VerifySignedDataTest,EcdsaPrime256v1Sha512)102 TEST(VerifySignedDataTest, EcdsaPrime256v1Sha512) {
103 RunTestCase(SUCCESS, "ecdsa-prime256v1-sha512.pem");
104 }
105
TEST(VerifySignedDataTest,RsaPssSha256)106 TEST(VerifySignedDataTest, RsaPssSha256) {
107 RunTestCase(SUCCESS, "rsa-pss-sha256.pem");
108 }
109
TEST(VerifySignedDataTest,RsaPssSha256WrongSalt)110 TEST(VerifySignedDataTest, RsaPssSha256WrongSalt) {
111 RunTestCase(FAILURE, "rsa-pss-sha256-wrong-salt.pem");
112 }
113
TEST(VerifySignedDataTest,EcdsaSecp384r1Sha256CorruptedData)114 TEST(VerifySignedDataTest, EcdsaSecp384r1Sha256CorruptedData) {
115 RunTestCase(FAILURE, "ecdsa-secp384r1-sha256-corrupted-data.pem");
116 }
117
TEST(VerifySignedDataTest,RsaPkcs1Sha1WrongAlgorithm)118 TEST(VerifySignedDataTest, RsaPkcs1Sha1WrongAlgorithm) {
119 RunTestCase(FAILURE, "rsa-pkcs1-sha1-wrong-algorithm.pem");
120 }
121
TEST(VerifySignedDataTest,EcdsaPrime256v1Sha512WrongSignatureFormat)122 TEST(VerifySignedDataTest, EcdsaPrime256v1Sha512WrongSignatureFormat) {
123 RunTestCase(FAILURE, "ecdsa-prime256v1-sha512-wrong-signature-format.pem");
124 }
125
TEST(VerifySignedDataTest,EcdsaUsingRsaKey)126 TEST(VerifySignedDataTest, EcdsaUsingRsaKey) {
127 RunTestCase(FAILURE, "ecdsa-using-rsa-key.pem");
128 }
129
TEST(VerifySignedDataTest,RsaUsingEcKey)130 TEST(VerifySignedDataTest, RsaUsingEcKey) {
131 RunTestCase(FAILURE, "rsa-using-ec-key.pem");
132 }
133
TEST(VerifySignedDataTest,RsaPkcs1Sha1BadKeyDerNull)134 TEST(VerifySignedDataTest, RsaPkcs1Sha1BadKeyDerNull) {
135 RunTestCase(FAILURE, "rsa-pkcs1-sha1-bad-key-der-null.pem");
136 }
137
TEST(VerifySignedDataTest,RsaPkcs1Sha1BadKeyDerLength)138 TEST(VerifySignedDataTest, RsaPkcs1Sha1BadKeyDerLength) {
139 RunTestCase(FAILURE, "rsa-pkcs1-sha1-bad-key-der-length.pem");
140 }
141
TEST(VerifySignedDataTest,RsaPkcs1Sha256UsingEcdsaAlgorithm)142 TEST(VerifySignedDataTest, RsaPkcs1Sha256UsingEcdsaAlgorithm) {
143 RunTestCase(FAILURE, "rsa-pkcs1-sha256-using-ecdsa-algorithm.pem");
144 }
145
TEST(VerifySignedDataTest,EcdsaPrime256v1Sha512UsingRsaAlgorithm)146 TEST(VerifySignedDataTest, EcdsaPrime256v1Sha512UsingRsaAlgorithm) {
147 RunTestCase(FAILURE, "ecdsa-prime256v1-sha512-using-rsa-algorithm.pem");
148 }
149
TEST(VerifySignedDataTest,EcdsaPrime256v1Sha512UsingEcdhKey)150 TEST(VerifySignedDataTest, EcdsaPrime256v1Sha512UsingEcdhKey) {
151 RunTestCase(FAILURE, "ecdsa-prime256v1-sha512-using-ecdh-key.pem");
152 }
153
TEST(VerifySignedDataTest,EcdsaPrime256v1Sha512UsingEcmqvKey)154 TEST(VerifySignedDataTest, EcdsaPrime256v1Sha512UsingEcmqvKey) {
155 RunTestCase(FAILURE, "ecdsa-prime256v1-sha512-using-ecmqv-key.pem");
156 }
157
TEST(VerifySignedDataTest,RsaPkcs1Sha1KeyParamsAbsent)158 TEST(VerifySignedDataTest, RsaPkcs1Sha1KeyParamsAbsent) {
159 RunTestCase(FAILURE, "rsa-pkcs1-sha1-key-params-absent.pem");
160 }
161
TEST(VerifySignedDataTest,RsaPkcs1Sha1UsingPssKeyNoParams)162 TEST(VerifySignedDataTest, RsaPkcs1Sha1UsingPssKeyNoParams) {
163 RunTestCase(FAILURE, "rsa-pkcs1-sha1-using-pss-key-no-params.pem");
164 }
165
TEST(VerifySignedDataTest,RsaPssSha256UsingPssKeyWithParams)166 TEST(VerifySignedDataTest, RsaPssSha256UsingPssKeyWithParams) {
167 // We do not support RSA-PSS SPKIs.
168 RunTestCase(FAILURE, "rsa-pss-sha256-using-pss-key-with-params.pem");
169 }
170
TEST(VerifySignedDataTest,EcdsaPrime256v1Sha512SpkiParamsNull)171 TEST(VerifySignedDataTest, EcdsaPrime256v1Sha512SpkiParamsNull) {
172 RunTestCase(FAILURE, "ecdsa-prime256v1-sha512-spki-params-null.pem");
173 }
174
TEST(VerifySignedDataTest,RsaPkcs1Sha256UsingIdEaRsa)175 TEST(VerifySignedDataTest, RsaPkcs1Sha256UsingIdEaRsa) {
176 RunTestCase(FAILURE, "rsa-pkcs1-sha256-using-id-ea-rsa.pem");
177 }
178
TEST(VerifySignedDataTest,RsaPkcs1Sha256SpkiNonNullParams)179 TEST(VerifySignedDataTest, RsaPkcs1Sha256SpkiNonNullParams) {
180 RunTestCase(FAILURE, "rsa-pkcs1-sha256-spki-non-null-params.pem");
181 }
182
TEST(VerifySignedDataTest,EcdsaPrime256v1Sha512UnusedBitsSignature)183 TEST(VerifySignedDataTest, EcdsaPrime256v1Sha512UnusedBitsSignature) {
184 RunTestCase(FAILURE, "ecdsa-prime256v1-sha512-unused-bits-signature.pem");
185 }
186
TEST(VerifySignedDataTest,Ecdsa384)187 TEST(VerifySignedDataTest, Ecdsa384) {
188 // Using the regular policy both secp384r1 and secp256r1 should be accepted.
189 RunTestCase(SUCCESS, "ecdsa-secp384r1-sha256.pem");
190 RunTestCase(SUCCESS, "ecdsa-prime256v1-sha512.pem");
191 }
192
TEST(VerifySignedDataTestWithCache,TestVerifyCache)193 TEST(VerifySignedDataTestWithCache, TestVerifyCache) {
194 MockSignatureVerifyCache verify_cache;
195 // Trivially, with no cache, all stats should be 0.
196 RunTestCase(SUCCESS, "rsa-pss-sha256.pem", /*cache=*/nullptr);
197 EXPECT_EQ(verify_cache.CacheHits(), 0U);
198 EXPECT_EQ(verify_cache.CacheMisses(), 0U);
199 EXPECT_EQ(verify_cache.CacheStores(), 0U);
200 // Use the cache, with a successful verification should see a miss and a
201 // store.
202 RunTestCase(SUCCESS, "rsa-pss-sha256.pem", &verify_cache);
203 EXPECT_EQ(verify_cache.CacheHits(), 0U);
204 EXPECT_EQ(verify_cache.CacheMisses(), 1U);
205 EXPECT_EQ(verify_cache.CacheStores(), 1U);
206 // Repeating the previous successful verification should show cache hits.
207 RunTestCase(SUCCESS, "rsa-pss-sha256.pem", &verify_cache);
208 RunTestCase(SUCCESS, "rsa-pss-sha256.pem", &verify_cache);
209 RunTestCase(SUCCESS, "rsa-pss-sha256.pem", &verify_cache);
210 EXPECT_EQ(verify_cache.CacheHits(), 3U);
211 EXPECT_EQ(verify_cache.CacheMisses(), 1U);
212 EXPECT_EQ(verify_cache.CacheStores(), 1U);
213 // Failures which are not due to a failed signature check should have no
214 // effect as they must not be cached.
215 RunTestCase(FAILURE, "ecdsa-prime256v1-sha512-using-ecdh-key.pem",
216 &verify_cache);
217 EXPECT_EQ(verify_cache.CacheHits(), 3U);
218 EXPECT_EQ(verify_cache.CacheMisses(), 1U);
219 EXPECT_EQ(verify_cache.CacheStores(), 1U);
220 // Failures which are due to a failed signature check should see a miss and a
221 // store.
222 RunTestCase(FAILURE, "ecdsa-secp384r1-sha256-corrupted-data.pem",
223 &verify_cache);
224 EXPECT_EQ(verify_cache.CacheHits(), 3U);
225 EXPECT_EQ(verify_cache.CacheMisses(), 2U);
226 EXPECT_EQ(verify_cache.CacheStores(), 2U);
227 // Repeating the previous failed verification should show cache hits.
228 RunTestCase(FAILURE, "ecdsa-secp384r1-sha256-corrupted-data.pem",
229 &verify_cache);
230 RunTestCase(FAILURE, "ecdsa-secp384r1-sha256-corrupted-data.pem",
231 &verify_cache);
232 RunTestCase(FAILURE, "ecdsa-secp384r1-sha256-corrupted-data.pem",
233 &verify_cache);
234 EXPECT_EQ(verify_cache.CacheHits(), 6U);
235 EXPECT_EQ(verify_cache.CacheMisses(), 2U);
236 EXPECT_EQ(verify_cache.CacheStores(), 2U);
237 }
238
239 } // namespace
240
241 } // namespace bssl
242