xref: /aosp_15_r20/external/cronet/third_party/boringssl/src/pki/signature_algorithm_unittest.cc (revision 6777b5387eb2ff775bb5750e3f5d96f37fb7352b) 
1 // Copyright 2015 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #include "signature_algorithm.h"
6 
7 #include <memory>
8 
9 #include <gtest/gtest.h>
10 #include "input.h"
11 #include "parser.h"
12 
13 namespace bssl {
14 
15 namespace {
16 
17 // Parses a SignatureAlgorithm given an empty DER input.
TEST(SignatureAlgorithmTest,ParseDerEmpty)18 TEST(SignatureAlgorithmTest, ParseDerEmpty) {
19   EXPECT_FALSE(ParseSignatureAlgorithm(der::Input()));
20 }
21 
22 // Parses a SignatureAlgorithm given invalid DER input.
TEST(SignatureAlgorithmTest,ParseDerBogus)23 TEST(SignatureAlgorithmTest, ParseDerBogus) {
24   const uint8_t kData[] = {0x00};
25   EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData)));
26 }
27 
28 // Parses a SignatureAlgorithm with an unsupported algorithm OID.
29 //
30 //   SEQUENCE (2 elem)
31 //       OBJECT IDENTIFIER 66 (bogus)
TEST(SignatureAlgorithmTest,ParseDerRsaPssUnsupportedAlgorithmOid)32 TEST(SignatureAlgorithmTest, ParseDerRsaPssUnsupportedAlgorithmOid) {
33   // clang-format off
34   const uint8_t kData[] = {
35       0x30, 0x03,  // SEQUENCE (3 bytes)
36       0x06, 0x01,  // OBJECT IDENTIFIER (1 bytes)
37       0x42,
38   };
39   // clang-format on
40   EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData)));
41 }
42 
43 // Parses a sha1WithRSAEncryption which contains a NULL parameters field.
44 //
45 //   SEQUENCE (2 elem)
46 //       OBJECT IDENTIFIER  1.2.840.113549.1.1.5
47 //       NULL
TEST(SignatureAlgorithmTest,ParseDerSha1WithRSAEncryptionNullParams)48 TEST(SignatureAlgorithmTest, ParseDerSha1WithRSAEncryptionNullParams) {
49   // clang-format off
50   const uint8_t kData[] = {
51       0x30, 0x0D,  // SEQUENCE (13 bytes)
52       0x06, 0x09,  // OBJECT IDENTIFIER (9 bytes)
53       0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05,
54       0x05, 0x00,  // NULL (0 bytes)
55   };
56   // clang-format on
57   EXPECT_EQ(ParseSignatureAlgorithm(der::Input(kData)),
58             SignatureAlgorithm::kRsaPkcs1Sha1);
59 }
60 
61 // Parses a sha1WithRSAEncryption which contains no parameters field.
62 //
63 //   SEQUENCE (1 elem)
64 //       OBJECT IDENTIFIER  1.2.840.113549.1.1.5
TEST(SignatureAlgorithmTest,ParseDerSha1WithRSAEncryptionNoParams)65 TEST(SignatureAlgorithmTest, ParseDerSha1WithRSAEncryptionNoParams) {
66   // clang-format off
67   const uint8_t kData[] = {
68       0x30, 0x0B,  // SEQUENCE (11 bytes)
69       0x06, 0x09,  // OBJECT IDENTIFIER (9 bytes)
70       0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05,
71   };
72   // clang-format on
73   EXPECT_EQ(ParseSignatureAlgorithm(der::Input(kData)),
74             SignatureAlgorithm::kRsaPkcs1Sha1);
75 }
76 
77 // Parses a sha1WithRSAEncryption which contains an unexpected parameters
78 // field. Instead of being NULL it is an integer.
79 //
80 //   SEQUENCE (2 elem)
81 //       OBJECT IDENTIFIER  1.2.840.113549.1.1.5
82 //       INTEGER  0
TEST(SignatureAlgorithmTest,ParseDerSha1WithRSAEncryptionNonNullParams)83 TEST(SignatureAlgorithmTest, ParseDerSha1WithRSAEncryptionNonNullParams) {
84   // clang-format off
85   const uint8_t kData[] = {
86       0x30, 0x0E,  // SEQUENCE (14 bytes)
87       0x06, 0x09,  // OBJECT IDENTIFIER (9 bytes)
88       0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05,
89       0x02, 0x01, 0x00,  // INTEGER (1 byte)
90   };
91   // clang-format on
92   EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData)));
93 }
94 
95 // Parses a sha1WithRSASignature which contains a NULL parameters field.
96 //
97 //   SEQUENCE (2 elem)
98 //       OBJECT IDENTIFIER  1.3.14.3.2.29
99 //       NULL
TEST(SignatureAlgorithmTest,ParseDerSha1WithRSASignatureNullParams)100 TEST(SignatureAlgorithmTest, ParseDerSha1WithRSASignatureNullParams) {
101   // clang-format off
102   const uint8_t kData[] = {
103       0x30, 0x09,  // SEQUENCE (9 bytes)
104       0x06, 0x05,  // OBJECT IDENTIFIER (5 bytes)
105       0x2b, 0x0e, 0x03, 0x02, 0x1d,
106       0x05, 0x00,  // NULL (0 bytes)
107   };
108   // clang-format on
109   EXPECT_EQ(ParseSignatureAlgorithm(der::Input(kData)),
110             SignatureAlgorithm::kRsaPkcs1Sha1);
111 }
112 
113 // Parses a sha1WithRSASignature which contains no parameters field.
114 //
115 //   SEQUENCE (1 elem)
116 //       OBJECT IDENTIFIER  1.3.14.3.2.29
TEST(SignatureAlgorithmTest,ParseDerSha1WithRSASignatureNoParams)117 TEST(SignatureAlgorithmTest, ParseDerSha1WithRSASignatureNoParams) {
118   // clang-format off
119   const uint8_t kData[] = {
120       0x30, 0x07,  // SEQUENCE (7 bytes)
121       0x06, 0x05,  // OBJECT IDENTIFIER (5 bytes)
122       0x2b, 0x0e, 0x03, 0x02, 0x1d,
123   };
124   // clang-format on
125   EXPECT_EQ(ParseSignatureAlgorithm(der::Input(kData)),
126             SignatureAlgorithm::kRsaPkcs1Sha1);
127 }
128 
129 // Parses a sha1WithRSAEncryption which contains values after the sequence.
130 //
131 //   SEQUENCE (2 elem)
132 //       OBJECT IDENTIFIER  1.2.840.113549.1.1.5
133 //       NULL
134 //   INTEGER  0
TEST(SignatureAlgorithmTest,ParseDerSha1WithRsaEncryptionDataAfterSequence)135 TEST(SignatureAlgorithmTest, ParseDerSha1WithRsaEncryptionDataAfterSequence) {
136   // clang-format off
137   const uint8_t kData[] = {
138       0x30, 0x0D,  // SEQUENCE (13 bytes)
139       0x06, 0x09,  // OBJECT IDENTIFIER (9 bytes)
140       0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05,
141       0x05, 0x00,  // NULL (0 bytes)
142       0x02, 0x01, 0x00,  // INTEGER (1 byte)
143   };
144   // clang-format on
145   EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData)));
146 }
147 
148 // Parses a sha1WithRSAEncryption which contains a bad NULL parameters field.
149 // Normally NULL is encoded as {0x05, 0x00} (tag for NULL and length of 0). Here
150 // NULL is encoded as having a length of 1 instead, followed by data 0x09.
151 //
152 //   SEQUENCE (2 elem)
153 //       OBJECT IDENTIFIER  1.2.840.113549.1.1.5
154 //       NULL
TEST(SignatureAlgorithmTest,ParseDerSha1WithRSAEncryptionBadNullParams)155 TEST(SignatureAlgorithmTest, ParseDerSha1WithRSAEncryptionBadNullParams) {
156   // clang-format off
157   const uint8_t kData[] = {
158       0x30, 0x0E,  // SEQUENCE (13 bytes)
159       0x06, 0x09,  // OBJECT IDENTIFIER (9 bytes)
160       0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05,
161       0x05, 0x01, 0x09,  // NULL (1 byte)
162   };
163   // clang-format on
164   EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData)));
165 }
166 
167 // Parses a sha1WithRSAEncryption which contains a NULL parameters field,
168 // followed by an integer.
169 //
170 //   SEQUENCE (3 elem)
171 //       OBJECT IDENTIFIER  1.2.840.113549.1.1.5
172 //       NULL
173 //       INTEGER  0
TEST(SignatureAlgorithmTest,ParseDerSha1WithRSAEncryptionNullParamsThenInteger)174 TEST(SignatureAlgorithmTest,
175      ParseDerSha1WithRSAEncryptionNullParamsThenInteger) {
176   // clang-format off
177   const uint8_t kData[] = {
178       0x30, 0x10,  // SEQUENCE (16 bytes)
179       0x06, 0x09,  // OBJECT IDENTIFIER (9 bytes)
180       0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05,
181       0x05, 0x00,  // NULL (0 bytes)
182       0x02, 0x01, 0x00,  // INTEGER (1 byte)
183   };
184   // clang-format on
185   EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData)));
186 }
187 
188 // Parses a SignatureAlgorithm given DER which does not encode a sequence.
189 //
190 //   INTEGER 0
TEST(SignatureAlgorithmTest,ParseDerNotASequence)191 TEST(SignatureAlgorithmTest, ParseDerNotASequence) {
192   // clang-format off
193   const uint8_t kData[] = {
194       0x02, 0x01, 0x00,  // INTEGER (1 byte)
195   };
196   // clang-format on
197   EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData)));
198 }
199 
200 // Parses a sha256WithRSAEncryption which contains a NULL parameters field.
201 //
202 //   SEQUENCE (2 elem)
203 //       OBJECT IDENTIFIER  1.2.840.113549.1.1.11
204 //       NULL
TEST(SignatureAlgorithmTest,ParseDerSha256WithRSAEncryptionNullParams)205 TEST(SignatureAlgorithmTest, ParseDerSha256WithRSAEncryptionNullParams) {
206   // clang-format off
207   const uint8_t kData[] = {
208       0x30, 0x0D,  // SEQUENCE (13 bytes)
209       0x06, 0x09,  // OBJECT IDENTIFIER (9 bytes)
210       0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b,
211       0x05, 0x00,  // NULL (0 bytes)
212   };
213   // clang-format on
214   EXPECT_EQ(ParseSignatureAlgorithm(der::Input(kData)),
215             SignatureAlgorithm::kRsaPkcs1Sha256);
216 }
217 
218 // Parses a sha256WithRSAEncryption which contains no parameters field.
219 //
220 //   SEQUENCE (1 elem)
221 //       OBJECT IDENTIFIER  1.2.840.113549.1.1.11
TEST(SignatureAlgorithmTest,ParseDerSha256WithRSAEncryptionNoParams)222 TEST(SignatureAlgorithmTest, ParseDerSha256WithRSAEncryptionNoParams) {
223   // clang-format off
224   const uint8_t kData[] = {
225       0x30, 0x0B,  // SEQUENCE (11 bytes)
226       0x06, 0x09,  // OBJECT IDENTIFIER (9 bytes)
227       0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b,
228   };
229   // clang-format on
230   EXPECT_EQ(ParseSignatureAlgorithm(der::Input(kData)),
231             SignatureAlgorithm::kRsaPkcs1Sha256);
232 }
233 
234 // Parses a sha384WithRSAEncryption which contains a NULL parameters field.
235 //
236 //   SEQUENCE (2 elem)
237 //       OBJECT IDENTIFIER  1.2.840.113549.1.1.12
238 //       NULL
TEST(SignatureAlgorithmTest,ParseDerSha384WithRSAEncryptionNullParams)239 TEST(SignatureAlgorithmTest, ParseDerSha384WithRSAEncryptionNullParams) {
240   // clang-format off
241   const uint8_t kData[] = {
242       0x30, 0x0D,  // SEQUENCE (13 bytes)
243       0x06, 0x09,  // OBJECT IDENTIFIER (9 bytes)
244       0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0c,
245       0x05, 0x00,  // NULL (0 bytes)
246   };
247   // clang-format on
248   EXPECT_EQ(ParseSignatureAlgorithm(der::Input(kData)),
249             SignatureAlgorithm::kRsaPkcs1Sha384);
250 }
251 
252 // Parses a sha384WithRSAEncryption which contains no parameters field.
253 //
254 //   SEQUENCE (1 elem)
255 //       OBJECT IDENTIFIER  1.2.840.113549.1.1.12
TEST(SignatureAlgorithmTest,ParseDerSha384WithRSAEncryptionNoParams)256 TEST(SignatureAlgorithmTest, ParseDerSha384WithRSAEncryptionNoParams) {
257   // clang-format off
258   const uint8_t kData[] = {
259       0x30, 0x0B,  // SEQUENCE (11 bytes)
260       0x06, 0x09,  // OBJECT IDENTIFIER (9 bytes)
261       0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0c,
262   };
263   // clang-format on
264   EXPECT_EQ(ParseSignatureAlgorithm(der::Input(kData)),
265             SignatureAlgorithm::kRsaPkcs1Sha384);
266 }
267 
268 // Parses a sha512WithRSAEncryption which contains a NULL parameters field.
269 //
270 //   SEQUENCE (2 elem)
271 //       OBJECT IDENTIFIER  1.2.840.113549.1.1.13
272 //       NULL
TEST(SignatureAlgorithmTest,ParseDerSha512WithRSAEncryptionNullParams)273 TEST(SignatureAlgorithmTest, ParseDerSha512WithRSAEncryptionNullParams) {
274   // clang-format off
275   const uint8_t kData[] = {
276       0x30, 0x0D,  // SEQUENCE (13 bytes)
277       0x06, 0x09,  // OBJECT IDENTIFIER (9 bytes)
278       0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0d,
279       0x05, 0x00,  // NULL (0 bytes)
280   };
281   // clang-format on
282   EXPECT_EQ(ParseSignatureAlgorithm(der::Input(kData)),
283             SignatureAlgorithm::kRsaPkcs1Sha512);
284 }
285 
286 // Parses a sha512WithRSAEncryption which contains no parameters field.
287 //
288 //   SEQUENCE (1 elem)
289 //       OBJECT IDENTIFIER  1.2.840.113549.1.1.13
TEST(SignatureAlgorithmTest,ParseDerSha512WithRSAEncryptionNoParams)290 TEST(SignatureAlgorithmTest, ParseDerSha512WithRSAEncryptionNoParams) {
291   // clang-format off
292   const uint8_t kData[] = {
293       0x30, 0x0B,  // SEQUENCE (11 bytes)
294       0x06, 0x09,  // OBJECT IDENTIFIER (9 bytes)
295       0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0d,
296   };
297   // clang-format on
298   EXPECT_EQ(ParseSignatureAlgorithm(der::Input(kData)),
299             SignatureAlgorithm::kRsaPkcs1Sha512);
300 }
301 
302 // Parses a sha224WithRSAEncryption which contains a NULL parameters field.
303 // This fails because the parsing code does not enumerate this OID (even though
304 // it is in fact valid).
305 //
306 //   SEQUENCE (2 elem)
307 //       OBJECT IDENTIFIER  1.2.840.113549.1.1.14
308 //       NULL
TEST(SignatureAlgorithmTest,ParseDerSha224WithRSAEncryptionNullParams)309 TEST(SignatureAlgorithmTest, ParseDerSha224WithRSAEncryptionNullParams) {
310   // clang-format off
311   const uint8_t kData[] = {
312       0x30, 0x0D,  // SEQUENCE (13 bytes)
313       0x06, 0x09,  // OBJECT IDENTIFIER (9 bytes)
314       0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0e,
315       0x05, 0x00,  // NULL (0 bytes)
316   };
317   // clang-format on
318   EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData)));
319 }
320 
321 // Parses a ecdsa-with-SHA1 which contains no parameters field.
322 //
323 //   SEQUENCE (1 elem)
324 //       OBJECT IDENTIFIER  1.2.840.10045.4.1
TEST(SignatureAlgorithmTest,ParseDerEcdsaWithSHA1NoParams)325 TEST(SignatureAlgorithmTest, ParseDerEcdsaWithSHA1NoParams) {
326   // clang-format off
327   const uint8_t kData[] = {
328       0x30, 0x09,  // SEQUENCE (9 bytes)
329       0x06, 0x07,  // OBJECT IDENTIFIER (7 bytes)
330       0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x01,
331   };
332   // clang-format on
333   EXPECT_EQ(ParseSignatureAlgorithm(der::Input(kData)),
334             SignatureAlgorithm::kEcdsaSha1);
335 }
336 
337 // Parses a ecdsa-with-SHA1 which contains a NULL parameters field.
338 //
339 //   SEQUENCE (2 elem)
340 //       OBJECT IDENTIFIER  1.2.840.10045.4.1
341 //       NULL
TEST(SignatureAlgorithmTest,ParseDerEcdsaWithSHA1NullParams)342 TEST(SignatureAlgorithmTest, ParseDerEcdsaWithSHA1NullParams) {
343   // clang-format off
344   const uint8_t kData[] = {
345       0x30, 0x0B,  // SEQUENCE (11 bytes)
346       0x06, 0x07,  // OBJECT IDENTIFIER (7 bytes)
347       0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x01,
348       0x05, 0x00,  // NULL (0 bytes)
349   };
350   // clang-format on
351   EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData)));
352 }
353 
354 // Parses a ecdsa-with-SHA256 which contains no parameters field.
355 //
356 //   SEQUENCE (1 elem)
357 //       OBJECT IDENTIFIER  1.2.840.10045.4.3.2
TEST(SignatureAlgorithmTest,ParseDerEcdsaWithSHA256NoParams)358 TEST(SignatureAlgorithmTest, ParseDerEcdsaWithSHA256NoParams) {
359   // clang-format off
360   const uint8_t kData[] = {
361       0x30, 0x0A,  // SEQUENCE (10 bytes)
362       0x06, 0x08,  // OBJECT IDENTIFIER (8 bytes)
363       0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02,
364   };
365   // clang-format on
366   EXPECT_EQ(ParseSignatureAlgorithm(der::Input(kData)),
367             SignatureAlgorithm::kEcdsaSha256);
368 }
369 
370 // Parses a ecdsa-with-SHA256 which contains a NULL parameters field.
371 //
372 //   SEQUENCE (2 elem)
373 //       OBJECT IDENTIFIER  1.2.840.10045.4.3.2
374 //       NULL
TEST(SignatureAlgorithmTest,ParseDerEcdsaWithSHA256NullParams)375 TEST(SignatureAlgorithmTest, ParseDerEcdsaWithSHA256NullParams) {
376   // clang-format off
377   const uint8_t kData[] = {
378       0x30, 0x0C,  // SEQUENCE (12 bytes)
379       0x06, 0x08,  // OBJECT IDENTIFIER (8 bytes)
380       0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02,
381       0x05, 0x00,  // NULL (0 bytes)
382   };
383   // clang-format on
384   EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData)));
385 }
386 
387 // Parses a ecdsa-with-SHA384 which contains no parameters field.
388 //
389 //   SEQUENCE (1 elem)
390 //       OBJECT IDENTIFIER  1.2.840.10045.4.3.3
TEST(SignatureAlgorithmTest,ParseDerEcdsaWithSHA384NoParams)391 TEST(SignatureAlgorithmTest, ParseDerEcdsaWithSHA384NoParams) {
392   // clang-format off
393   const uint8_t kData[] = {
394       0x30, 0x0A,  // SEQUENCE (10 bytes)
395       0x06, 0x08,  // OBJECT IDENTIFIER (8 bytes)
396       0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x03,
397   };
398   // clang-format on
399   EXPECT_EQ(ParseSignatureAlgorithm(der::Input(kData)),
400             SignatureAlgorithm::kEcdsaSha384);
401 }
402 
403 // Parses a ecdsa-with-SHA384 which contains a NULL parameters field.
404 //
405 //   SEQUENCE (2 elem)
406 //       OBJECT IDENTIFIER  1.2.840.10045.4.3.3
407 //       NULL
TEST(SignatureAlgorithmTest,ParseDerEcdsaWithSHA384NullParams)408 TEST(SignatureAlgorithmTest, ParseDerEcdsaWithSHA384NullParams) {
409   // clang-format off
410   const uint8_t kData[] = {
411       0x30, 0x0C,  // SEQUENCE (12 bytes)
412       0x06, 0x08,  // OBJECT IDENTIFIER (8 bytes)
413       0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x03,
414       0x05, 0x00,  // NULL (0 bytes)
415   };
416   // clang-format on
417   EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData)));
418 }
419 
420 // Parses a ecdsa-with-SHA512 which contains no parameters field.
421 //
422 //   SEQUENCE (1 elem)
423 //       OBJECT IDENTIFIER  1.2.840.10045.4.3.4
TEST(SignatureAlgorithmTest,ParseDerEcdsaWithSHA512NoParams)424 TEST(SignatureAlgorithmTest, ParseDerEcdsaWithSHA512NoParams) {
425   // clang-format off
426   const uint8_t kData[] = {
427       0x30, 0x0A,  // SEQUENCE (10 bytes)
428       0x06, 0x08,  // OBJECT IDENTIFIER (8 bytes)
429       0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x04,
430   };
431   // clang-format on
432   EXPECT_EQ(ParseSignatureAlgorithm(der::Input(kData)),
433             SignatureAlgorithm::kEcdsaSha512);
434 }
435 
436 // Parses a ecdsa-with-SHA512 which contains a NULL parameters field.
437 //
438 //   SEQUENCE (2 elem)
439 //       OBJECT IDENTIFIER  1.2.840.10045.4.3.4
440 //       NULL
TEST(SignatureAlgorithmTest,ParseDerEcdsaWithSHA512NullParams)441 TEST(SignatureAlgorithmTest, ParseDerEcdsaWithSHA512NullParams) {
442   // clang-format off
443   const uint8_t kData[] = {
444       0x30, 0x0C,  // SEQUENCE (12 bytes)
445       0x06, 0x08,  // OBJECT IDENTIFIER (8 bytes)
446       0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x04,
447       0x05, 0x00,  // NULL (0 bytes)
448   };
449   // clang-format on
450   EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData)));
451 }
452 
453 // Parses a rsaPss algorithm that uses SHA256 and a salt length of 32.
454 //
455 //   SEQUENCE (2 elem)
456 //       OBJECT IDENTIFIER  1.2.840.113549.1.1.10
457 //       SEQUENCE (4 elem)
458 //           [0] (1 elem)
459 //               SEQUENCE (2 elem)
460 //                   OBJECT IDENTIFIER 2.16.840.1.101.3.4.2.1
461 //                   NULL
462 //           [1] (1 elem)
463 //               SEQUENCE (2 elem)
464 //                   OBJECT IDENTIFIER  1.2.840.113549.1.1.8
465 //                   SEQUENCE (2 elem)
466 //                       OBJECT IDENTIFIER 2.16.840.1.101.3.4.2.1
467 //                       NULL
468 //           [2] (1 elem)
469 //               INTEGER  32
TEST(SignatureAlgorithmTest,ParseDerRsaPss)470 TEST(SignatureAlgorithmTest, ParseDerRsaPss) {
471   // clang-format off
472   const uint8_t kData[] = {
473       0x30, 0x41,  // SEQUENCE (65 bytes)
474       0x06, 0x09,  // OBJECT IDENTIFIER (9 bytes)
475       0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0A,
476       0x30, 0x34,  // SEQUENCE (52 bytes)
477       0xA0, 0x0F,  // [0] (15 bytes)
478       0x30, 0x0D,  // SEQUENCE (13 bytes)
479       0x06, 0x09,  // OBJECT IDENTIFIER (9 bytes)
480       0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01,
481       0x05, 0x00,  // NULL (0 bytes)
482       0xA1, 0x1C,  // [1] (28 bytes)
483       0x30, 0x1A,  // SEQUENCE (26 bytes)
484       0x06, 0x09,  // OBJECT IDENTIFIER (9 bytes)
485       0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x08,
486       0x30, 0x0D,  // SEQUENCE (13 bytes)
487       0x06, 0x09,  // OBJECT IDENTIFIER (9 bytes)
488       0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01,
489       0x05, 0x00,  // NULL (0 bytes)
490       0xA2, 0x03,  // [2] (3 bytes)
491       0x02, 0x01,  // INTEGER (1 byte)
492       0x20,
493 
494   };
495   // clang-format on
496   EXPECT_EQ(ParseSignatureAlgorithm(der::Input(kData)),
497             SignatureAlgorithm::kRsaPssSha256);
498 }
499 
500 // Parses a rsaPss algorithm that has an empty parameters. This encodes the
501 // default, SHA-1, which we do not support.
502 //
503 //   SEQUENCE (2 elem)
504 //       OBJECT IDENTIFIER  1.2.840.113549.1.1.10
505 //       SEQUENCE (0 elem)
TEST(SignatureAlgorithmTest,ParseDerRsaPssEmptyParams)506 TEST(SignatureAlgorithmTest, ParseDerRsaPssEmptyParams) {
507   // clang-format off
508   const uint8_t kData[] = {
509       0x30, 0x0D,  // SEQUENCE (13 bytes)
510       0x06, 0x09,  // OBJECT IDENTIFIER (9 bytes)
511       0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0A,
512       0x30, 0x00,  // SEQUENCE (0 bytes)
513   };
514   // clang-format on
515   EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData)));
516 }
517 
518 // Parses a rsaPss algorithm that has NULL parameters. This fails.
519 //
520 //   SEQUENCE (2 elem)
521 //       OBJECT IDENTIFIER  1.2.840.113549.1.1.10
522 //       NULL
TEST(SignatureAlgorithmTest,ParseDerRsaPssNullParams)523 TEST(SignatureAlgorithmTest, ParseDerRsaPssNullParams) {
524   // clang-format off
525   const uint8_t kData[] = {
526       0x30, 0x0D,  // SEQUENCE (13 bytes)
527       0x06, 0x09,  // OBJECT IDENTIFIER (9 bytes)
528       0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0A,
529       0x05, 0x00,  // NULL (0 bytes)
530   };
531   // clang-format on
532   EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData)));
533 }
534 
535 // Parses a rsaPss algorithm that has no parameters. This fails.
536 //
537 //   SEQUENCE (1 elem)
538 //       OBJECT IDENTIFIER  1.2.840.113549.1.1.10
TEST(SignatureAlgorithmTest,ParseDerRsaPssNoParams)539 TEST(SignatureAlgorithmTest, ParseDerRsaPssNoParams) {
540   // clang-format off
541   const uint8_t kData[] = {
542       0x30, 0x0B,  // SEQUENCE (11 bytes)
543       0x06, 0x09,  // OBJECT IDENTIFIER (9 bytes)
544       0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0A,
545   };
546   // clang-format on
547   EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData)));
548 }
549 
550 // Parses a rsaPss algorithm that has data after the parameters sequence.
551 //
552 //   SEQUENCE (3 elem)
553 //       OBJECT IDENTIFIER  1.2.840.113549.1.1.10
554 //       SEQUENCE (0 elem)
555 //       NULL
TEST(SignatureAlgorithmTest,ParseDerRsaPssDataAfterParams)556 TEST(SignatureAlgorithmTest, ParseDerRsaPssDataAfterParams) {
557   // clang-format off
558   const uint8_t kData[] = {
559       0x30, 0x0F,  // SEQUENCE (15 bytes)
560       0x06, 0x09,  // OBJECT IDENTIFIER (9 bytes)
561       0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0A,
562       0x30, 0x00,  // SEQUENCE (0 bytes)
563       0x05, 0x00,  // NULL (0 bytes)
564   };
565   // clang-format on
566   EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData)));
567 }
568 
569 // Parses a rsaPss algorithm that has unrecognized data (NULL) within the
570 // parameters sequence.
571 //
572 //   SEQUENCE (2 elem)
573 //       OBJECT IDENTIFIER  1.2.840.113549.1.1.10
574 //       SEQUENCE (2 elem)
575 //           [2] (1 elem)
576 //               INTEGER  23
577 //           NULL
TEST(SignatureAlgorithmTest,ParseDerRsaPssNullInsideParams)578 TEST(SignatureAlgorithmTest, ParseDerRsaPssNullInsideParams) {
579   // clang-format off
580   const uint8_t kData[] = {
581       0x30, 0x14,  // SEQUENCE (62 bytes)
582       0x06, 0x09,  // OBJECT IDENTIFIER (9 bytes)
583       0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0A,
584       0x30, 0x07,  // SEQUENCE (5 bytes)
585       0xA2, 0x03,  // [2] (3 bytes)
586       0x02, 0x01,  // INTEGER (1 byte)
587       0x17,
588       0x05, 0x00,  // NULL (0 bytes)
589   };
590   // clang-format on
591   EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData)));
592 }
593 
594 // Parses a rsaPss algorithm that has an unsupported trailer value (2). Only
595 // trailer values of 1 are allowed by RFC 4055.
596 //
597 //   SEQUENCE (2 elem)
598 //       OBJECT IDENTIFIER  1.2.840.113549.1.1.10
599 //       SEQUENCE (1 elem)
600 //           [3] (1 elem)
601 //               INTEGER  2
TEST(SignatureAlgorithmTest,ParseDerRsaPssUnsupportedTrailer)602 TEST(SignatureAlgorithmTest, ParseDerRsaPssUnsupportedTrailer) {
603   // clang-format off
604   const uint8_t kData[] = {
605       0x30, 0x12,  // SEQUENCE (18 bytes)
606       0x06, 0x09,  // OBJECT IDENTIFIER (9 bytes)
607       0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0A,
608       0x30, 0x05,  // SEQUENCE (5 bytes)
609       0xA3, 0x03,  // [3] (3 bytes)
610       0x02, 0x01,  // INTEGER (1 byte)
611       0x02,
612   };
613   // clang-format on
614   EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData)));
615 }
616 
617 // Parses a rsaPss algorithm that has extra data appearing after the trailer in
618 // the [3] section.
619 //
620 //   SEQUENCE (2 elem)
621 //       OBJECT IDENTIFIER  1.2.840.113549.1.1.10
622 //       SEQUENCE (1 elem)
623 //           [3] (2 elem)
624 //               INTEGER  1
625 //               NULL
TEST(SignatureAlgorithmTest,ParseDerRsaPssBadTrailer)626 TEST(SignatureAlgorithmTest, ParseDerRsaPssBadTrailer) {
627   // clang-format off
628   const uint8_t kData[] = {
629       0x30, 0x14,  // SEQUENCE (20 bytes)
630       0x06, 0x09,  // OBJECT IDENTIFIER (9 bytes)
631       0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0A,
632       0x30, 0x07,  // SEQUENCE (7 bytes)
633       0xA3, 0x05,  // [3] (5 bytes)
634       0x02, 0x01,  // INTEGER (1 byte)
635       0x01,
636       0x05, 0x00,  // NULL (0 bytes)
637   };
638   // clang-format on
639   EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData)));
640 }
641 
642 // Parses a rsaPss algorithm that uses SHA384 for the hash, and leaves the rest
643 // as defaults, specifying a SHA-1 MGF-1 hash. This fails because we require
644 // the hashes match.
645 //
646 //   SEQUENCE (2 elem)
647 //       OBJECT IDENTIFIER  1.2.840.113549.1.1.10
648 //       SEQUENCE (1 elem)
649 //           [0] (1 elem)
650 //               SEQUENCE (2 elem)
651 //                   OBJECT IDENTIFIER  2.16.840.1.101.3.4.2.2
652 //                   NULL
TEST(SignatureAlgorithmTest,ParseDerRsaPssNonDefaultHash)653 TEST(SignatureAlgorithmTest, ParseDerRsaPssNonDefaultHash) {
654   // clang-format off
655   const uint8_t kData[] = {
656       0x30, 0x1E,  // SEQUENCE (30 bytes)
657       0x06, 0x09,  // OBJECT IDENTIFIER (9 bytes)
658       0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0A,
659       0x30, 0x11,  // SEQUENCE (17 bytes)
660       0xA0, 0x0F,  // [0] (15 bytes)
661       0x30, 0x0D,  // SEQUENCE (13 bytes)
662       0x06, 0x09,  // OBJECT IDENTIFIER (9 bytes)
663       0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02,
664       0x05, 0x00,  // NULL (0 bytes)
665   };
666   // clang-format on
667   EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData)));
668 }
669 
670 // Parses a rsaPss algorithm that uses an invalid hash algorithm (twiddled the
671 // bytes for the SHA-384 OID a bit).
672 //
673 //   SEQUENCE (2 elem)
674 //       OBJECT IDENTIFIER  1.2.840.113549.1.1.10
675 //       SEQUENCE (1 elem)
676 //           [0] (1 elem)
677 //               SEQUENCE (1 elem)
678 //                   OBJECT IDENTIFIER  2.16.840.2.103.19.4.2.2
TEST(SignatureAlgorithmTest,ParseDerRsaPssUnsupportedHashOid)679 TEST(SignatureAlgorithmTest, ParseDerRsaPssUnsupportedHashOid) {
680   // clang-format off
681   const uint8_t kData[] = {
682       0x30, 0x1C,  // SEQUENCE (28 bytes)
683       0x06, 0x09,  // OBJECT IDENTIFIER (9 bytes)
684       0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0A,
685       0x30, 0x0F,  // SEQUENCE (15 bytes)
686       0xA0, 0x0D,  // [0] (13 bytes)
687       0x30, 0x0B,  // SEQUENCE (11 bytes)
688       0x06, 0x09,  // OBJECT IDENTIFIER (9 bytes)
689       0x60, 0x86, 0x48, 0x02, 0x67, 0x13, 0x04, 0x02, 0x02,
690   };
691   // clang-format on
692   EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData)));
693 }
694 
695 // Parses a rsaPss algorithm that uses SHA512 MGF1 for the mask gen, and
696 // defaults (SHA-1) for the rest. This fails because we require the hashes
697 // match.
698 //
699 //   SEQUENCE (2 elem)
700 //       OBJECT IDENTIFIER  1.2.840.113549.1.1.10
701 //       SEQUENCE (1 elem)
702 //           [1] (1 elem)
703 //               SEQUENCE (2 elem)
704 //                   OBJECT IDENTIFIER  1.2.840.113549.1.1.8
705 //                   SEQUENCE (2 elem)
706 //                       OBJECT IDENTIFIER  2.16.840.1.101.3.4.2.3
707 //                       NULL
TEST(SignatureAlgorithmTest,ParseDerRsaPssNonDefaultMaskGen)708 TEST(SignatureAlgorithmTest, ParseDerRsaPssNonDefaultMaskGen) {
709   // clang-format off
710   const uint8_t kData[] = {
711       0x30, 0x2B,  // SEQUENCE (43 bytes)
712       0x06, 0x09,  // OBJECT IDENTIFIER (9 bytes)
713       0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0A,
714       0x30, 0x1E,  // SEQUENCE (30 bytes)
715       0xA1, 0x1C,  // [1] (28 bytes)
716       0x30, 0x1A,  // SEQUENCE (26 bytes)
717       0x06, 0x09,  // OBJECT IDENTIFIER (9 bytes)
718       0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x08,
719       0x30, 0x0D,  // SEQUENCE (13 bytes)
720       0x06, 0x09,  // OBJECT IDENTIFIER (9 bytes)
721       0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03,
722       0x05, 0x00,  // NULL (0 bytes)
723   };
724   // clang-format on
725   EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData)));
726 }
727 
728 // Parses a rsaPss algorithm that uses a mask gen with an unrecognized OID
729 // (twiddled some of the bits).
730 //
731 //   SEQUENCE (2 elem)
732 //       OBJECT IDENTIFIER  1.2.840.113549.1.1.10
733 //       SEQUENCE (1 elem)
734 //           [1] (1 elem)
735 //               SEQUENCE (2 elem)
736 //                   OBJECT IDENTIFIER  1.2.840.113618.1.2.8
737 //                   SEQUENCE (2 elem)
738 //                       OBJECT IDENTIFIER  2.16.840.1.101.3.4.2.3
739 //                       NULL
TEST(SignatureAlgorithmTest,ParseDerRsaPssUnsupportedMaskGen)740 TEST(SignatureAlgorithmTest, ParseDerRsaPssUnsupportedMaskGen) {
741   // clang-format off
742   const uint8_t kData[] = {
743       0x30, 0x2B,  // SEQUENCE (43 bytes)
744       0x06, 0x09,  // OBJECT IDENTIFIER (9 bytes)
745       0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0A,
746       0x30, 0x1E,  // SEQUENCE (30 bytes)
747       0xA1, 0x1C,  // [1] (28 bytes)
748       0x30, 0x1A,  // SEQUENCE (26 bytes)
749       0x06, 0x09,  // OBJECT IDENTIFIER (9 bytes)
750       0x2A, 0x86, 0x48, 0x86, 0xF7, 0x52, 0x01, 0x02, 0x08,
751       0x30, 0x0D,  // SEQUENCE (13 bytes)
752       0x06, 0x09,  // OBJECT IDENTIFIER (9 bytes)
753       0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03,
754       0x05, 0x00,  // NULL (0 bytes)
755   };
756   // clang-format on
757   EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData)));
758 }
759 
760 // Parses a rsaPss algorithm that uses SHA256 for the hash, and SHA512 for the
761 // MGF1. This fails because we require the hashes match.
762 //
763 //   SEQUENCE (2 elem)
764 //       OBJECT IDENTIFIER  1.2.840.113549.1.1.10
765 //       SEQUENCE (2 elem)
766 //           [0] (1 elem)
767 //               SEQUENCE (2 elem)
768 //                   OBJECT IDENTIFIER 2.16.840.1.101.3.4.2.1
769 //                   NULL
770 //           [1] (1 elem)
771 //               SEQUENCE (2 elem)
772 //                   OBJECT IDENTIFIER  1.2.840.113549.1.1.8
773 //                   SEQUENCE (2 elem)
774 //                       OBJECT IDENTIFIER  2.16.840.1.101.3.4.2.3
775 //                       NULL
TEST(SignatureAlgorithmTest,ParseDerRsaPssNonDefaultHashAndMaskGen)776 TEST(SignatureAlgorithmTest, ParseDerRsaPssNonDefaultHashAndMaskGen) {
777   // clang-format off
778   const uint8_t kData[] = {
779       0x30, 0x3C,  // SEQUENCE (60 bytes)
780       0x06, 0x09,  // OBJECT IDENTIFIER (9 bytes)
781       0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0A,
782       0x30, 0x2F,  // SEQUENCE (47 bytes)
783       0xA0, 0x0F,  // [0] (15 bytes)
784       0x30, 0x0D,  // SEQUENCE (13 bytes)
785       0x06, 0x09,  // OBJECT IDENTIFIER (9 bytes)
786       0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01,
787       0x05, 0x00,  // NULL (0 bytes)
788       0xA1, 0x1C,  // [1] (28 bytes)
789       0x30, 0x1A,  // SEQUENCE (26 bytes)
790       0x06, 0x09,  // OBJECT IDENTIFIER (9 bytes)
791       0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x08,
792       0x30, 0x0D,  // SEQUENCE (13 bytes)
793       0x06, 0x09,  // OBJECT IDENTIFIER (9 bytes)
794       0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03,
795       0x05, 0x00,  // NULL (0 bytes)
796   };
797   // clang-format on
798   EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData)));
799 }
800 
801 // Parses a rsaPss algorithm that uses SHA256 for the hash, and SHA256 for the
802 // MGF1, and a salt length of 10. This fails because we require a standard salt
803 // length.
804 //
805 //   SEQUENCE (2 elem)
806 //       OBJECT IDENTIFIER  1.2.840.113549.1.1.10
807 //       SEQUENCE (3 elem)
808 //           [0] (1 elem)
809 //               SEQUENCE (2 elem)
810 //                   OBJECT IDENTIFIER 2.16.840.1.101.3.4.2.1
811 //                   NULL
812 //           [1] (1 elem)
813 //               SEQUENCE (2 elem)
814 //                   OBJECT IDENTIFIER  1.2.840.113549.1.1.8
815 //                   SEQUENCE (2 elem)
816 //                       OBJECT IDENTIFIER  2.16.840.1.101.3.4.2.1
817 //                       NULL
818 //           [2] (1 elem)
819 //               INTEGER  10
TEST(SignatureAlgorithmTest,ParseDerRsaPssNonDefaultHashAndMaskGenAndSalt)820 TEST(SignatureAlgorithmTest, ParseDerRsaPssNonDefaultHashAndMaskGenAndSalt) {
821   // clang-format off
822   const uint8_t kData[] = {
823       0x30, 0x41,  // SEQUENCE (65 bytes)
824       0x06, 0x09,  // OBJECT IDENTIFIER (9 bytes)
825       0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0A,
826       0x30, 0x34,  // SEQUENCE (52 bytes)
827       0xA0, 0x0F,  // [0] (15 bytes)
828       0x30, 0x0D,  // SEQUENCE (13 bytes)
829       0x06, 0x09,  // OBJECT IDENTIFIER (9 bytes)
830       0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01,
831       0x05, 0x00,  // NULL (0 bytes)
832       0xA1, 0x1C,  // [1] (28 bytes)
833       0x30, 0x1A,  // SEQUENCE (26 bytes)
834       0x06, 0x09,  // OBJECT IDENTIFIER (9 bytes)
835       0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x08,
836       0x30, 0x0D,  // SEQUENCE (13 bytes)
837       0x06, 0x09,  // OBJECT IDENTIFIER (9 bytes)
838       0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01,
839       0x05, 0x00,  // NULL (0 bytes)
840       0xA2, 0x03,  // [2] (3 bytes)
841       0x02, 0x01,  // INTEGER (1 byte)
842       0x0A,
843   };
844   // clang-format on
845   EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData)));
846 }
847 
848 // Parses a rsaPss algorithm that specifies default hash (SHA1).
849 // It is invalid to specify the default.
850 //
851 //   SEQUENCE (2 elem)
852 //       OBJECT IDENTIFIER  1.2.840.113549.1.1.10
853 //       SEQUENCE (1 elem)
854 //           [0] (1 elem)
855 //               SEQUENCE (2 elem)
856 //                   OBJECT IDENTIFIER  1.3.14.3.2.26
857 //                   NULL
TEST(SignatureAlgorithmTest,ParseDerRsaPssSpecifiedDefaultHash)858 TEST(SignatureAlgorithmTest, ParseDerRsaPssSpecifiedDefaultHash) {
859   // clang-format off
860   const uint8_t kData[] = {
861       0x30, 0x1A,  // SEQUENCE (26 bytes)
862       0x06, 0x09,  // OBJECT IDENTIFIER (9 bytes)
863       0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0A,
864       0x30, 0x0D,  // SEQUENCE (13 bytes)
865       0xA0, 0x0B,  // [0] (11 bytes)
866       0x30, 0x09,  // SEQUENCE (9 bytes)
867       0x06, 0x05,  // OBJECT IDENTIFIER (5 bytes)
868       0x2B, 0x0E, 0x03, 0x02, 0x1A,
869       0x05, 0x00,  // NULL (0 bytes)
870   };
871   // clang-format on
872   EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData)));
873 }
874 
875 // Parses a rsaPss algorithm that specifies default mask gen algorithm (SHA1).
876 // It is invalid to specify the default.
877 //
878 //   SEQUENCE (2 elem)
879 //       OBJECT IDENTIFIER  1.2.840.113549.1.1.10
880 //       SEQUENCE (1 elem)
881 //           [1] (1 elem)
882 //               SEQUENCE (2 elem)
883 //                   OBJECT IDENTIFIER  1.2.840.113549.1.1.8
884 //                   SEQUENCE (2 elem)
885 //                       OBJECT IDENTIFIER  1.3.14.3.2.26
886 //                       NULL
TEST(SignatureAlgorithmTest,ParseDerRsaPssSpecifiedDefaultMaskGen)887 TEST(SignatureAlgorithmTest, ParseDerRsaPssSpecifiedDefaultMaskGen) {
888   // clang-format off
889   const uint8_t kData[] = {
890       0x30, 0x27,  // SEQUENCE (39 bytes)
891       0x06, 0x09,  // OBJECT IDENTIFIER (9 bytes)
892       0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0A,
893       0x30, 0x1A,  // SEQUENCE (26 bytes)
894       0xA1, 0x18,  // [1] (24 bytes)
895       0x30, 0x16,  // SEQUENCE (22 bytes)
896       0x06, 0x09,  // OBJECT IDENTIFIER (9 bytes)
897       0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x08,
898       0x30, 0x09,  // SEQUENCE (9 bytes)
899       0x06, 0x05,  // OBJECT IDENTIFIER (5 bytes)
900       0x2B, 0x0E, 0x03, 0x02, 0x1A,
901       0x05, 0x00,  // NULL (0 bytes)
902   };
903   // clang-format on
904   EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData)));
905 }
906 
907 // Parses a rsaPss algorithm that specifies default salt length.
908 // It is invalid to specify the default.
909 //
910 //   SEQUENCE (2 elem)
911 //       OBJECT IDENTIFIER  1.2.840.113549.1.1.10
912 //       SEQUENCE (1 elem)
913 //           [2] (1 elem)
914 //               INTEGER  20
TEST(SignatureAlgorithmTest,ParseDerRsaPssSpecifiedDefaultSaltLength)915 TEST(SignatureAlgorithmTest, ParseDerRsaPssSpecifiedDefaultSaltLength) {
916   // clang-format off
917   const uint8_t kData[] = {
918       0x30, 0x12,  // SEQUENCE (18 bytes)
919       0x06, 0x09,  // OBJECT IDENTIFIER (9 bytes)
920       0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0A,
921       0x30, 0x05,  // SEQUENCE (5 bytes)
922       0xA2, 0x03,  // [2] (3 bytes)
923       0x02, 0x01,  // INTEGER (1 byte)
924       0x14,
925   };
926   // clang-format on
927   EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData)));
928 }
929 
930 // Parses a rsaPss algorithm that specifies default trailer field.
931 // It is invalid to specify the default.
TEST(SignatureAlgorithmTest,ParseDerRsaPssSpecifiedDefaultTrailerField)932 TEST(SignatureAlgorithmTest, ParseDerRsaPssSpecifiedDefaultTrailerField) {
933   // SEQUENCE {
934   //   # rsassa-pss
935   //   OBJECT_IDENTIFIER { 1.2.840.113549.1.1.10 }
936   //   SEQUENCE {
937   //     [0] {
938   //       SEQUENCE {
939   //         # sha256
940   //         OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.1 }
941   //         NULL {}
942   //       }
943   //     }
944   //     [1] {
945   //       SEQUENCE {
946   //         # mgf1
947   //         OBJECT_IDENTIFIER { 1.2.840.113549.1.1.8 }
948   //         SEQUENCE {
949   //           # sha256
950   //           OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.1 }
951   //           NULL {}
952   //         }
953   //       }
954   //     }
955   //     [2] {
956   //       INTEGER { 32 }
957   //     }
958   //     [3] {
959   //       INTEGER { 1 }
960   //     }
961   //   }
962   // }
963   const uint8_t kData[] = {
964       0x30, 0x46, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
965       0x0a, 0x30, 0x39, 0xa0, 0x0f, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48,
966       0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0xa1, 0x1c, 0x30, 0x1a,
967       0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x08, 0x30,
968       0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01,
969       0x05, 0x00, 0xa2, 0x03, 0x02, 0x01, 0x20, 0xa3, 0x03, 0x02, 0x01, 0x01};
970   EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData)));
971 }
972 
973 // Parses a rsaPss algorithm that specifies multiple default parameter values.
974 // It is invalid to specify a default value.
975 //
976 //   SEQUENCE (2 elem)
977 //       OBJECT IDENTIFIER  1.2.840.113549.1.1.10
978 //       SEQUENCE (3 elem)
979 //           [0] (1 elem)
980 //               SEQUENCE (2 elem)
981 //                   OBJECT IDENTIFIER  1.3.14.3.2.26
982 //                   NULL
983 //           [1] (1 elem)
984 //               SEQUENCE (2 elem)
985 //                   OBJECT IDENTIFIER  1.2.840.113549.1.1.8
986 //                   SEQUENCE (2 elem)
987 //                       OBJECT IDENTIFIER  1.3.14.3.2.26
988 //                       NULL
989 //           [2] (1 elem)
990 //               INTEGER  20
991 //           [3] (1 elem)
992 //               INTEGER  1
TEST(SignatureAlgorithmTest,ParseDerRsaPssMultipleDefaultParameterValues)993 TEST(SignatureAlgorithmTest, ParseDerRsaPssMultipleDefaultParameterValues) {
994   // clang-format off
995   const uint8_t kData[] = {
996       0x30, 0x3E,  // SEQUENCE (62 bytes)
997       0x06, 0x09,  // OBJECT IDENTIFIER (9 bytes)
998       0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0A,
999       0x30, 0x31,  // SEQUENCE (49 bytes)
1000       0xA0, 0x0B,  // [0] (11 bytes)
1001       0x30, 0x09,  // SEQUENCE (9 bytes)
1002       0x06, 0x05,  // OBJECT IDENTIFIER (5 bytes)
1003       0x2B, 0x0E, 0x03, 0x02, 0x1A,
1004       0x05, 0x00,  // NULL (0 bytes)
1005       0xA1, 0x18,  // [1] (24 bytes)
1006       0x30, 0x16,  // SEQUENCE (22 bytes)
1007       0x06, 0x09,  // OBJECT IDENTIFIER (9 bytes)
1008       0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x08,
1009       0x30, 0x09,  // SEQUENCE (9 bytes)
1010       0x06, 0x05,  // OBJECT IDENTIFIER (5 bytes)
1011       0x2B, 0x0E, 0x03, 0x02, 0x1A,
1012       0x05, 0x00,  // NULL (0 bytes)
1013       0xA2, 0x03,  // [2] (3 bytes)
1014       0x02, 0x01,  // INTEGER (1 byte)
1015       0x14,
1016       0xA3, 0x03,  // [3] (3 bytes)
1017       0x02, 0x01,  // INTEGER (1 byte)
1018       0x01,
1019   };
1020   // clang-format on
1021   EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData)));
1022 }
1023 
TEST(SignatureAlgorithmTest,ParseRsaPss)1024 TEST(SignatureAlgorithmTest, ParseRsaPss) {
1025   // Test data generated with https://github.com/google/der-ascii.
1026   struct {
1027     std::vector<uint8_t> data;
1028     SignatureAlgorithm expected;
1029   } kValidTests[] = {
1030       // SEQUENCE {
1031       //   # rsassa-pss
1032       //   OBJECT_IDENTIFIER { 1.2.840.113549.1.1.10 }
1033       //   SEQUENCE {
1034       //     [0] {
1035       //       SEQUENCE {
1036       //         # sha256
1037       //         OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.1 }
1038       //         NULL {}
1039       //       }
1040       //     }
1041       //     [1] {
1042       //       SEQUENCE {
1043       //         # mgf1
1044       //         OBJECT_IDENTIFIER { 1.2.840.113549.1.1.8 }
1045       //         SEQUENCE {
1046       //           # sha256
1047       //           OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.1 }
1048       //           NULL {}
1049       //         }
1050       //       }
1051       //     }
1052       //     [2] {
1053       //       INTEGER { 32 }
1054       //     }
1055       //   }
1056       // }
1057       {{0x30, 0x41, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
1058         0x0a, 0x30, 0x34, 0xa0, 0x0f, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48,
1059         0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0xa1, 0x1c, 0x30, 0x1a,
1060         0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x08, 0x30,
1061         0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01,
1062         0x05, 0x00, 0xa2, 0x03, 0x02, 0x01, 0x20},
1063        SignatureAlgorithm::kRsaPssSha256},
1064       // SEQUENCE {
1065       //   # rsassa-pss
1066       //   OBJECT_IDENTIFIER { 1.2.840.113549.1.1.10 }
1067       //   SEQUENCE {
1068       //     [0] {
1069       //       SEQUENCE {
1070       //         # sha384
1071       //         OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.2 }
1072       //         NULL {}
1073       //       }
1074       //     }
1075       //     [1] {
1076       //       SEQUENCE {
1077       //         # mgf1
1078       //         OBJECT_IDENTIFIER { 1.2.840.113549.1.1.8 }
1079       //         SEQUENCE {
1080       //           # sha384
1081       //           OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.2 }
1082       //           NULL {}
1083       //         }
1084       //       }
1085       //     }
1086       //     [2] {
1087       //       INTEGER { 48 }
1088       //     }
1089       //   }
1090       // }
1091       {{0x30, 0x41, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
1092         0x0a, 0x30, 0x34, 0xa0, 0x0f, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48,
1093         0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05, 0x00, 0xa1, 0x1c, 0x30, 0x1a,
1094         0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x08, 0x30,
1095         0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02,
1096         0x05, 0x00, 0xa2, 0x03, 0x02, 0x01, 0x30},
1097        SignatureAlgorithm::kRsaPssSha384},
1098       // SEQUENCE {
1099       //   # rsassa-pss
1100       //   OBJECT_IDENTIFIER { 1.2.840.113549.1.1.10 }
1101       //   SEQUENCE {
1102       //     [0] {
1103       //       SEQUENCE {
1104       //         # sha512
1105       //         OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.3 }
1106       //         NULL {}
1107       //       }
1108       //     }
1109       //     [1] {
1110       //       SEQUENCE {
1111       //         # mgf1
1112       //         OBJECT_IDENTIFIER { 1.2.840.113549.1.1.8 }
1113       //         SEQUENCE {
1114       //           # sha512
1115       //           OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.3 }
1116       //           NULL {}
1117       //         }
1118       //       }
1119       //     }
1120       //     [2] {
1121       //       INTEGER { 64 }
1122       //     }
1123       //   }
1124       // }
1125       {{0x30, 0x41, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
1126         0x0a, 0x30, 0x34, 0xa0, 0x0f, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48,
1127         0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05, 0x00, 0xa1, 0x1c, 0x30, 0x1a,
1128         0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x08, 0x30,
1129         0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03,
1130         0x05, 0x00, 0xa2, 0x03, 0x02, 0x01, 0x40},
1131        SignatureAlgorithm::kRsaPssSha512},
1132 
1133       // The same inputs as above, but the NULLs in the digest algorithms are
1134       // omitted.
1135       {{0x30, 0x3d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
1136         0x01, 0x0a, 0x30, 0x30, 0xa0, 0x0d, 0x30, 0x0b, 0x06, 0x09, 0x60,
1137         0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0xa1, 0x1a, 0x30,
1138         0x18, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
1139         0x08, 0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
1140         0x04, 0x02, 0x01, 0xa2, 0x03, 0x02, 0x01, 0x20},
1141        SignatureAlgorithm::kRsaPssSha256},
1142       {{0x30, 0x3d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
1143         0x01, 0x0a, 0x30, 0x30, 0xa0, 0x0d, 0x30, 0x0b, 0x06, 0x09, 0x60,
1144         0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0xa1, 0x1a, 0x30,
1145         0x18, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
1146         0x08, 0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
1147         0x04, 0x02, 0x02, 0xa2, 0x03, 0x02, 0x01, 0x30},
1148        SignatureAlgorithm::kRsaPssSha384},
1149       {{0x30, 0x3d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
1150         0x01, 0x0a, 0x30, 0x30, 0xa0, 0x0d, 0x30, 0x0b, 0x06, 0x09, 0x60,
1151         0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0xa1, 0x1a, 0x30,
1152         0x18, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
1153         0x08, 0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
1154         0x04, 0x02, 0x03, 0xa2, 0x03, 0x02, 0x01, 0x40},
1155        SignatureAlgorithm::kRsaPssSha512}};
1156   for (const auto &t : kValidTests) {
1157     EXPECT_EQ(ParseSignatureAlgorithm(der::Input(t.data)), t.expected);
1158   }
1159 
1160   struct {
1161     std::vector<uint8_t> data;
1162   } kInvalidTests[] = {
1163       // SEQUENCE {
1164       //   # rsassa-pss
1165       //   OBJECT_IDENTIFIER { 1.2.840.113549.1.1.10 }
1166       //   SEQUENCE {
1167       //     [0] {
1168       //       SEQUENCE {
1169       //         # sha256
1170       //         OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.1 }
1171       //         NULL {}
1172       //       }
1173       //     }
1174       //     [1] {
1175       //       SEQUENCE {
1176       //         # mgf1
1177       //         OBJECT_IDENTIFIER { 1.2.840.113549.1.1.8 }
1178       //         SEQUENCE {
1179       //           # sha384
1180       //           OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.2 }
1181       //           NULL {}
1182       //         }
1183       //       }
1184       //     }
1185       //   }
1186       // }
1187       {{0x30, 0x3c, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
1188         0x01, 0x0a, 0x30, 0x2f, 0xa0, 0x0f, 0x30, 0x0d, 0x06, 0x09, 0x60,
1189         0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0xa1,
1190         0x1c, 0x30, 0x1a, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
1191         0x01, 0x01, 0x08, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01,
1192         0x65, 0x03, 0x04, 0x02, 0x02, 0x05, 0x00}},
1193       // SEQUENCE {
1194       //   # rsassa-pss
1195       //   OBJECT_IDENTIFIER { 1.2.840.113549.1.1.10 }
1196       //   SEQUENCE {
1197       //     [0] {
1198       //       SEQUENCE {
1199       //         # md5
1200       //         OBJECT_IDENTIFIER { 1.2.840.113549.2.5 }
1201       //         NULL {}
1202       //       }
1203       //     }
1204       //     [1] {
1205       //       SEQUENCE {
1206       //         # mgf1
1207       //         OBJECT_IDENTIFIER { 1.2.840.113549.1.1.8 }
1208       //         SEQUENCE {
1209       //           # md5
1210       //           OBJECT_IDENTIFIER { 1.2.840.113549.2.5 }
1211       //           NULL {}
1212       //         }
1213       //       }
1214       //     }
1215       //     [2] {
1216       //       INTEGER { 16 }
1217       //     }
1218       //   }
1219       // }
1220       {{0x30, 0x3f, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
1221         0x01, 0x0a, 0x30, 0x32, 0xa0, 0x0e, 0x30, 0x0c, 0x06, 0x08, 0x2a,
1222         0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x05, 0x05, 0x00, 0xa1, 0x1b,
1223         0x30, 0x19, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
1224         0x01, 0x08, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0x86, 0xf7,
1225         0x0d, 0x02, 0x05, 0x05, 0x00, 0xa2, 0x03, 0x02, 0x01, 0x10}},
1226       // SEQUENCE {
1227       //   # rsassa-pss
1228       //   OBJECT_IDENTIFIER { 1.2.840.113549.1.1.10 }
1229       //   # SHA-1 with salt length 20 is the default.
1230       //   SEQUENCE {}
1231       // }
1232       {{0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
1233         0x0a, 0x30, 0x00}},
1234       // SEQUENCE {
1235       //   # rsassa-pss
1236       //   OBJECT_IDENTIFIER { 1.2.840.113549.1.1.10 }
1237       //   SEQUENCE {
1238       //     [2] {
1239       //       INTEGER { 21 }
1240       //     }
1241       //   }
1242       // }
1243       {{0x30, 0x12, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
1244         0x01, 0x01, 0x0a, 0x30, 0x05, 0xa2, 0x03, 0x02, 0x01, 0x15}},
1245       // SEQUENCE {
1246       //   # rsassa-pss
1247       //   OBJECT_IDENTIFIER { 1.2.840.113549.1.1.10 }
1248       //   SEQUENCE {
1249       //     [0] {
1250       //       SEQUENCE {
1251       //         # sha256
1252       //         OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.1 }
1253       //         NULL {}
1254       //       }
1255       //     }
1256       //     [1] {
1257       //       SEQUENCE {
1258       //         # mgf1
1259       //         OBJECT_IDENTIFIER { 1.2.840.113549.1.1.8 }
1260       //         SEQUENCE {
1261       //           # sha256
1262       //           OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.1 }
1263       //           NULL {}
1264       //         }
1265       //       }
1266       //     }
1267       //     [2] {
1268       //       INTEGER { 33 }
1269       //     }
1270       //   }
1271       // }
1272       {{0x30, 0x41, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
1273         0x0a, 0x30, 0x34, 0xa0, 0x0f, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48,
1274         0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0xa1, 0x1c, 0x30, 0x1a,
1275         0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x08, 0x30,
1276         0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01,
1277         0x05, 0x00, 0xa2, 0x03, 0x02, 0x01, 0x21}},
1278       // SEQUENCE {
1279       //   # rsassa-pss
1280       //   OBJECT_IDENTIFIER { 1.2.840.113549.1.1.10 }
1281       //   SEQUENCE {
1282       //     [0] {
1283       //       SEQUENCE {
1284       //         # sha384
1285       //         OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.2 }
1286       //         NULL {}
1287       //       }
1288       //     }
1289       //     [1] {
1290       //       SEQUENCE {
1291       //         # mgf1
1292       //         OBJECT_IDENTIFIER { 1.2.840.113549.1.1.8 }
1293       //         SEQUENCE {
1294       //           # sha384
1295       //           OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.2 }
1296       //           NULL {}
1297       //         }
1298       //       }
1299       //     }
1300       //     [2] {
1301       //       INTEGER { 49 }
1302       //     }
1303       //   }
1304       // }
1305       {{0x30, 0x41, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
1306         0x0a, 0x30, 0x34, 0xa0, 0x0f, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48,
1307         0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05, 0x00, 0xa1, 0x1c, 0x30, 0x1a,
1308         0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x08, 0x30,
1309         0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02,
1310         0x05, 0x00, 0xa2, 0x03, 0x02, 0x01, 0x31}},
1311 
1312       // SEQUENCE {
1313       //   # rsassa-pss
1314       //   OBJECT_IDENTIFIER { 1.2.840.113549.1.1.10 }
1315       //   SEQUENCE {
1316       //     [0] {
1317       //       SEQUENCE {
1318       //         # sha512
1319       //         OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.3 }
1320       //         NULL {}
1321       //       }
1322       //     }
1323       //     [1] {
1324       //       SEQUENCE {
1325       //         # mgf1
1326       //         OBJECT_IDENTIFIER { 1.2.840.113549.1.1.8 }
1327       //         SEQUENCE {
1328       //           # sha512
1329       //           OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.3 }
1330       //           NULL {}
1331       //         }
1332       //       }
1333       //     }
1334       //     [2] {
1335       //       INTEGER { 65 }
1336       //     }
1337       //   }
1338       // }
1339       {{0x30, 0x41, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
1340         0x0a, 0x30, 0x34, 0xa0, 0x0f, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48,
1341         0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05, 0x00, 0xa1, 0x1c, 0x30, 0x1a,
1342         0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x08, 0x30,
1343         0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03,
1344         0x05, 0x00, 0xa2, 0x03, 0x02, 0x01, 0x41}},
1345   };
1346   for (const auto &t : kInvalidTests) {
1347     EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(t.data)));
1348   }
1349 }
1350 
1351 // Parses a md5WithRSAEncryption which contains a NULL parameters field.
1352 //
1353 //   SEQUENCE (2 elem)
1354 //       OBJECT IDENTIFIER  1.2.840.113549.1.1.4
1355 //       NULL
TEST(SignatureAlgorithmTest,ParseDerMd5WithRsaEncryptionNullParams)1356 TEST(SignatureAlgorithmTest, ParseDerMd5WithRsaEncryptionNullParams) {
1357   // clang-format off
1358   const uint8_t kData[] = {
1359       0x30, 0x0D,  // SEQUENCE (13 bytes)
1360       0x06, 0x09,  // OBJECT IDENTIFIER (9 bytes)
1361       0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x04,
1362       0x05, 0x00,  // NULL (0 bytes)
1363   };
1364   // clang-format on
1365   EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData)));
1366 }
1367 
1368 // Parses a md4WithRSAEncryption which contains a NULL parameters field.
1369 //
1370 //   SEQUENCE (2 elem)
1371 //       OBJECT IDENTIFIER  1.2.840.113549.1.1.3
1372 //       NULL
TEST(SignatureAlgorithmTest,ParseDerMd4WithRsaEncryptionNullParams)1373 TEST(SignatureAlgorithmTest, ParseDerMd4WithRsaEncryptionNullParams) {
1374   // clang-format off
1375   const uint8_t kData[] = {
1376       0x30, 0x0D,  // SEQUENCE (13 bytes)
1377       0x06, 0x09,  // OBJECT IDENTIFIER (9 bytes)
1378       0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x03,
1379       0x05, 0x00,  // NULL (0 bytes)
1380   };
1381   // clang-format on
1382   EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData)));
1383 }
1384 
1385 // Parses a md2WithRSAEncryption which contains a NULL parameters field.
1386 //
1387 //   SEQUENCE (2 elem)
1388 //       OBJECT IDENTIFIER  1.2.840.113549.1.1.2
1389 //       NULL
TEST(SignatureAlgorithmTest,ParseDerMd2WithRsaEncryptionNullParams)1390 TEST(SignatureAlgorithmTest, ParseDerMd2WithRsaEncryptionNullParams) {
1391   // clang-format off
1392   const uint8_t kData[] = {
1393       0x30, 0x0D,  // SEQUENCE (13 bytes)
1394       0x06, 0x09,  // OBJECT IDENTIFIER (9 bytes)
1395       0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x02,
1396       0x05, 0x00,  // NULL (0 bytes)
1397   };
1398   // clang-format on
1399   EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData)));
1400 }
1401 
1402 // Parses a dsaWithSha1 which contains no parameters field.
1403 //
1404 //   SEQUENCE (1 elem)
1405 //       OBJECT IDENTIFIER  1.2.840.10040.4.3
TEST(SignatureAlgorithmTest,ParseDerDsaWithSha1NoParams)1406 TEST(SignatureAlgorithmTest, ParseDerDsaWithSha1NoParams) {
1407   // clang-format off
1408   const uint8_t kData[] = {
1409       0x30, 0x09,  // SEQUENCE (9 bytes)
1410       0x06, 0x07,  // OBJECT IDENTIFIER (7 bytes)
1411       0x2a, 0x86, 0x48, 0xce, 0x38, 0x04, 0x03,
1412   };
1413   // clang-format on
1414   EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData)));
1415 }
1416 
1417 // Parses a dsaWithSha1 which contains a NULL parameters field.
1418 //
1419 //   SEQUENCE (2 elem)
1420 //       OBJECT IDENTIFIER  1.2.840.10040.4.3
1421 //       NULL
TEST(SignatureAlgorithmTest,ParseDerDsaWithSha1NullParams)1422 TEST(SignatureAlgorithmTest, ParseDerDsaWithSha1NullParams) {
1423   // clang-format off
1424   const uint8_t kData[] = {
1425       0x30, 0x0B,  // SEQUENCE (9 bytes)
1426       0x06, 0x07,  // OBJECT IDENTIFIER (7 bytes)
1427       0x2a, 0x86, 0x48, 0xce, 0x38, 0x04, 0x03,
1428       0x05, 0x00,  // NULL (0 bytes)
1429   };
1430   // clang-format on
1431   EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData)));
1432 }
1433 
1434 // Parses a dsaWithSha256 which contains no parameters field.
1435 //
1436 //   SEQUENCE (1 elem)
1437 //       OBJECT IDENTIFIER  2.16.840.1.101.3.4.3.2
TEST(SignatureAlgorithmTest,ParseDerDsaWithSha256NoParams)1438 TEST(SignatureAlgorithmTest, ParseDerDsaWithSha256NoParams) {
1439   // clang-format off
1440   const uint8_t kData[] = {
1441       0x30, 0x0B,  // SEQUENCE (11 bytes)
1442       0x06, 0x09,  // OBJECT IDENTIFIER (9 bytes)
1443       0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x02
1444   };
1445   // clang-format on
1446   EXPECT_FALSE(ParseSignatureAlgorithm(der::Input(kData)));
1447 }
1448 
1449 }  // namespace
1450 
1451 }  // namespace bssl
1452