1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "crypto/ec_signature_creator.h" 6 7 #include <string> 8 #include <vector> 9 10 #include "base/memory/scoped_ptr.h" 11 #include "crypto/ec_private_key.h" 12 #include "crypto/signature_verifier.h" 13 #include "testing/gtest/include/gtest/gtest.h" 14 15 #if defined(USE_OPENSSL) 16 // Once ECSignatureCreator is implemented for OpenSSL, remove this #if block. 17 // TODO(rch): When that happens, also add some exported keys from each to 18 // test interop between NSS and OpenSSL. 19 TEST(ECSignatureCreatorTest, OpenSSLStub) { 20 scoped_ptr<crypto::ECSignatureCreator> signer( 21 crypto::ECSignatureCreator::Create(NULL)); 22 ASSERT_TRUE(signer.get()); 23 EXPECT_FALSE(signer->Sign(NULL, 0, NULL)); 24 } 25 #else 26 TEST(ECSignatureCreatorTest, BasicTest) { 27 // Do a verify round trip. 28 scoped_ptr<crypto::ECPrivateKey> key_original( 29 crypto::ECPrivateKey::Create()); 30 ASSERT_TRUE(key_original.get()); 31 32 std::vector<uint8> key_info; 33 ASSERT_TRUE( 34 key_original->ExportEncryptedPrivateKey(std::string(), 1000, &key_info)); 35 std::vector<uint8> pubkey_info; 36 ASSERT_TRUE(key_original->ExportPublicKey(&pubkey_info)); 37 38 scoped_ptr<crypto::ECPrivateKey> key( 39 crypto::ECPrivateKey::CreateFromEncryptedPrivateKeyInfo( 40 std::string(), key_info, pubkey_info)); 41 ASSERT_TRUE(key.get()); 42 ASSERT_TRUE(key->key() != NULL); 43 44 scoped_ptr<crypto::ECSignatureCreator> signer( 45 crypto::ECSignatureCreator::Create(key.get())); 46 ASSERT_TRUE(signer.get()); 47 48 std::string data("Hello, World!"); 49 std::vector<uint8> signature; 50 ASSERT_TRUE(signer->Sign(reinterpret_cast<const uint8*>(data.c_str()), 51 data.size(), 52 &signature)); 53 54 std::vector<uint8> public_key_info; 55 ASSERT_TRUE(key_original->ExportPublicKey(&public_key_info)); 56 57 // This is the algorithm ID for ECDSA with SHA-256. Parameters are ABSENT. 58 // RFC 5758: 59 // ecdsa-with-SHA256 OBJECT IDENTIFIER ::= { iso(1) member-body(2) 60 // us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 2 } 61 // ... 62 // When the ecdsa-with-SHA224, ecdsa-with-SHA256, ecdsa-with-SHA384, or 63 // ecdsa-with-SHA512 algorithm identifier appears in the algorithm field 64 // as an AlgorithmIdentifier, the encoding MUST omit the parameters 65 // field. That is, the AlgorithmIdentifier SHALL be a SEQUENCE of one 66 // component, the OID ecdsa-with-SHA224, ecdsa-with-SHA256, ecdsa-with- 67 // SHA384, or ecdsa-with-SHA512. 68 // See also RFC 5480, Appendix A. 69 const uint8 kECDSAWithSHA256AlgorithmID[] = { 70 0x30, 0x0a, 71 0x06, 0x08, 72 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 73 }; 74 crypto::SignatureVerifier verifier; 75 ASSERT_TRUE(verifier.VerifyInit( 76 kECDSAWithSHA256AlgorithmID, sizeof(kECDSAWithSHA256AlgorithmID), 77 &signature[0], signature.size(), 78 &public_key_info.front(), public_key_info.size())); 79 80 verifier.VerifyUpdate(reinterpret_cast<const uint8*>(data.c_str()), 81 data.size()); 82 ASSERT_TRUE(verifier.VerifyFinal()); 83 } 84 #endif // !defined(USE_OPENSSL) 85