tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

smime_unittest.cc (6676B)

      1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
      2 /* vim: set ts=2 et sw=2 tw=80: */
      3 /* This Source Code Form is subject to the terms of the Mozilla Public
      4 * License v. 2.0. If a copy of the MPL was not distributed with this file
      5 * You can obtain one at http://mozilla.org/MPL/2.0/. */
      6 
      7 #include <string>
      8 
      9 #include "gtest/gtest.h"
     10 
     11 #include "scoped_ptrs_smime.h"
     12 #include "smime.h"
     13 
     14 namespace nss_test {
     15 
     16 // See bug 1507174; this is a CMS serialization (RFC 5652) that claims to be
     17 // 12336 bytes long, which ensures CMS validates the streaming decoder's
     18 // incorrect length.
     19 static const unsigned char kHugeLenAsn1[] = {
     20    0x30, 0x82, 0x30, 0x30, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7,
     21    0x0D, 0x01, 0x07, 0x02, 0xA0, 0x82, 0x02, 0x30, 0x30, 0x30, 0x02,
     22    0x01, 0x30, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x09, 0x30, 0x30, 0x30,
     23    0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x00, 0x30, 0x0B, 0x06,
     24    0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x05};
     25 
     26 // secp256r1 signature with no certs and no attrs
     27 static unsigned char kValidSignature[] = {
     28    0x30, 0x81, 0xFE, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
     29    0x07, 0x02, 0xA0, 0x81, 0xF0, 0x30, 0x81, 0xED, 0x02, 0x01, 0x01, 0x31,
     30    0x0F, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04,
     31    0x02, 0x01, 0x05, 0x00, 0x30, 0x0B, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
     32    0xF7, 0x0D, 0x01, 0x07, 0x01, 0x31, 0x81, 0xC9, 0x30, 0x81, 0xC6, 0x02,
     33    0x01, 0x01, 0x30, 0x5D, 0x30, 0x45, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03,
     34    0x55, 0x04, 0x06, 0x13, 0x02, 0x41, 0x55, 0x31, 0x13, 0x30, 0x11, 0x06,
     35    0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A, 0x53, 0x6F, 0x6D, 0x65, 0x2D, 0x53,
     36    0x74, 0x61, 0x74, 0x65, 0x31, 0x21, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x04,
     37    0x0A, 0x0C, 0x18, 0x49, 0x6E, 0x74, 0x65, 0x72, 0x6E, 0x65, 0x74, 0x20,
     38    0x57, 0x69, 0x64, 0x67, 0x69, 0x74, 0x73, 0x20, 0x50, 0x74, 0x79, 0x20,
     39    0x4C, 0x74, 0x64, 0x02, 0x14, 0x6B, 0x22, 0xCA, 0x91, 0xE0, 0x71, 0x97,
     40    0xEB, 0x45, 0x0D, 0x68, 0xC0, 0xD4, 0xB6, 0xE9, 0x45, 0x38, 0x4C, 0xDD,
     41    0xA3, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04,
     42    0x02, 0x01, 0x05, 0x00, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE,
     43    0x3D, 0x04, 0x03, 0x02, 0x04, 0x47, 0x30, 0x45, 0x02, 0x20, 0x48, 0xEB,
     44    0xE6, 0xBA, 0xFC, 0xFD, 0x83, 0xB3, 0xA2, 0xB5, 0x59, 0x35, 0x0C, 0xA1,
     45    0x31, 0x0E, 0x2F, 0xE3, 0x8D, 0x81, 0xD8, 0xF5, 0x33, 0xE4, 0x83, 0x87,
     46    0xB1, 0xFD, 0x43, 0x9D, 0x95, 0x7D, 0x02, 0x21, 0x00, 0xD0, 0x05, 0x0E,
     47    0x05, 0xA6, 0x80, 0x3C, 0x1A, 0xFE, 0x51, 0xFC, 0x4D, 0x1A, 0x25, 0x05,
     48    0x78, 0xB5, 0x42, 0xF5, 0xDE, 0x4E, 0x8A, 0xF8, 0xE3, 0xD8, 0x52, 0xDC,
     49    0x2B, 0x73, 0x80, 0x4A, 0x1A};
     50 
     51 // See bug 1507135; this is a CMS signature that contains only the OID
     52 static unsigned char kTruncatedSignature[] = {0x30, 0x0B, 0x06, 0x09, 0x2A,
     53                                              0x86, 0x48, 0x86, 0xF7, 0x0D,
     54                                              0x01, 0x07, 0x02};
     55 
     56 // secp256r1 signature that's truncated by one byte.
     57 static unsigned char kSlightlyTruncatedSignature[] = {
     58    0x30, 0x81, 0xFE, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
     59    0x07, 0x02, 0xA0, 0x81, 0xF0, 0x30, 0x81, 0xED, 0x02, 0x01, 0x01, 0x31,
     60    0x0F, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04,
     61    0x02, 0x01, 0x05, 0x00, 0x30, 0x0B, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
     62    0xF7, 0x0D, 0x01, 0x07, 0x01, 0x31, 0x81, 0xC9, 0x30, 0x81, 0xC6, 0x02,
     63    0x01, 0x01, 0x30, 0x5D, 0x30, 0x45, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03,
     64    0x55, 0x04, 0x06, 0x13, 0x02, 0x41, 0x55, 0x31, 0x13, 0x30, 0x11, 0x06,
     65    0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A, 0x53, 0x6F, 0x6D, 0x65, 0x2D, 0x53,
     66    0x74, 0x61, 0x74, 0x65, 0x31, 0x21, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x04,
     67    0x0A, 0x0C, 0x18, 0x49, 0x6E, 0x74, 0x65, 0x72, 0x6E, 0x65, 0x74, 0x20,
     68    0x57, 0x69, 0x64, 0x67, 0x69, 0x74, 0x73, 0x20, 0x50, 0x74, 0x79, 0x20,
     69    0x4C, 0x74, 0x64, 0x02, 0x14, 0x6B, 0x22, 0xCA, 0x91, 0xE0, 0x71, 0x97,
     70    0xEB, 0x45, 0x0D, 0x68, 0xC0, 0xD4, 0xB6, 0xE9, 0x45, 0x38, 0x4C, 0xDD,
     71    0xA3, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04,
     72    0x02, 0x01, 0x05, 0x00, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE,
     73    0x3D, 0x04, 0x03, 0x02, 0x04, 0x47, 0x30, 0x45, 0x02, 0x20, 0x48, 0xEB,
     74    0xE6, 0xBA, 0xFC, 0xFD, 0x83, 0xB3, 0xA2, 0xB5, 0x59, 0x35, 0x0C, 0xA1,
     75    0x31, 0x0E, 0x2F, 0xE3, 0x8D, 0x81, 0xD8, 0xF5, 0x33, 0xE4, 0x83, 0x87,
     76    0xB1, 0xFD, 0x43, 0x9D, 0x95, 0x7D, 0x02, 0x21, 0x00, 0xD0, 0x05, 0x0E,
     77    0x05, 0xA6, 0x80, 0x3C, 0x1A, 0xFE, 0x51, 0xFC, 0x4D, 0x1A, 0x25, 0x05,
     78    0x78, 0xB5, 0x42, 0xF5, 0xDE, 0x4E, 0x8A, 0xF8, 0xE3, 0xD8, 0x52, 0xDC,
     79    0x2B, 0x73, 0x80, 0x4A};
     80 
     81 class SMimeTest : public ::testing::Test {};
     82 
     83 TEST_F(SMimeTest, InvalidDER) {
     84  PK11SymKey* bulk_key = nullptr;
     85  NSSCMSDecoderContext* dcx =
     86      NSS_CMSDecoder_Start(nullptr, nullptr, nullptr, /* content callback  */
     87                           nullptr, nullptr,          /* password callback */
     88                           nullptr,                   /* key callback      */
     89                           bulk_key);
     90  ASSERT_NE(nullptr, dcx);
     91  EXPECT_EQ(SECSuccess, NSS_CMSDecoder_Update(
     92                            dcx, reinterpret_cast<const char*>(kHugeLenAsn1),
     93                            sizeof(kHugeLenAsn1)));
     94  EXPECT_EQ(nullptr, bulk_key);
     95  ASSERT_FALSE(NSS_CMSDecoder_Finish(dcx));
     96 }
     97 
     98 TEST_F(SMimeTest, IsSignedValid) {
     99  SECItem sig_der_item = {siBuffer, kValidSignature, sizeof(kValidSignature)};
    100 
    101  ScopedNSSCMSMessage cms_msg(NSS_CMSMessage_CreateFromDER(
    102      &sig_der_item, nullptr, nullptr, nullptr, nullptr, nullptr, nullptr));
    103 
    104  ASSERT_TRUE(cms_msg);
    105 
    106  ASSERT_TRUE(NSS_CMSMessage_IsSigned(cms_msg.get()));
    107 }
    108 
    109 TEST_F(SMimeTest, TruncatedCmsSignature) {
    110  SECItem sig_der_item = {siBuffer, kTruncatedSignature,
    111                          sizeof(kTruncatedSignature)};
    112 
    113  ScopedNSSCMSMessage cms_msg(NSS_CMSMessage_CreateFromDER(
    114      &sig_der_item, nullptr, nullptr, nullptr, nullptr, nullptr, nullptr));
    115 
    116  ASSERT_TRUE(cms_msg);
    117 
    118  ASSERT_FALSE(NSS_CMSMessage_IsSigned(cms_msg.get()));
    119 }
    120 
    121 TEST_F(SMimeTest, SlightlyTruncatedCmsSignature) {
    122  SECItem sig_der_item = {siBuffer, kSlightlyTruncatedSignature,
    123                          sizeof(kSlightlyTruncatedSignature)};
    124 
    125  ScopedNSSCMSMessage cms_msg(NSS_CMSMessage_CreateFromDER(
    126      &sig_der_item, nullptr, nullptr, nullptr, nullptr, nullptr, nullptr));
    127 
    128  ASSERT_FALSE(cms_msg);
    129 
    130  ASSERT_FALSE(NSS_CMSMessage_IsSigned(cms_msg.get()));
    131 }
    132 
    133 TEST_F(SMimeTest, IsSignedNull) {
    134  ASSERT_FALSE(NSS_CMSMessage_IsSigned(nullptr));
    135 }
    136 
    137 }  // namespace nss_test