Google Git
Sign in
android / toolchain / cargo-deny / HEAD / . / android / vendor / rustls-webpki-0.101.7 / tests / signatures.rs
blob: 672292f964bf427ce894509896efcdf8db774e02 [file] [log] [blame]
// Copyright 2023 Joseph Birr-Pixton.
//
// Permission to use, copy, modify, and/or distribute this software for any
// purpose with or without fee is hereby granted, provided that the above
// copyright notice and this permission notice appear in all copies.
//
// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES
// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR
// ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
// ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
extern crate webpki;
#[cfg(feature = "alloc")]
fn check_sig(
ee: &[u8],
alg: &webpki::SignatureAlgorithm,
message: &[u8],
signature: &[u8],
) -> Result<(), webpki::Error> {
let cert = webpki::EndEntityCert::try_from(ee).unwrap();
cert.verify_signature(alg, message, signature)
}
// DO NOT EDIT BELOW: generated by tests/generate.py
#[test]
#[cfg(feature = "alloc")]
fn ed25519_key_and_ed25519_good_signature() {
let ee = include_bytes!("signatures/ed25519.ee.der");
let message = include_bytes!("signatures/message.bin");
let signature = include_bytes!("signatures/ed25519_key_and_ed25519_good_signature.sig.bin");
assert_eq!(check_sig(ee, &webpki::ED25519, message, signature), Ok(()));
}
#[test]
#[cfg(feature = "alloc")]
fn ed25519_key_and_ed25519_detects_bad_signature() {
let ee = include_bytes!("signatures/ed25519.ee.der");
let message = include_bytes!("signatures/message.bin");
let signature =
include_bytes!("signatures/ed25519_key_and_ed25519_detects_bad_signature.sig.bin");
assert_eq!(
check_sig(ee, &webpki::ED25519, message, signature),
Err(webpki::Error::InvalidSignatureForPublicKey)
);
}
#[test]
#[cfg(feature = "alloc")]
fn ed25519_key_rejected_by_other_algorithms() {
let ee = include_bytes!("signatures/ed25519.ee.der");
for algorithm in &[
&webpki::ECDSA_P256_SHA256,
&webpki::ECDSA_P256_SHA384,
&webpki::ECDSA_P384_SHA256,
&webpki::ECDSA_P384_SHA384,
&webpki::RSA_PKCS1_2048_8192_SHA256,
&webpki::RSA_PKCS1_2048_8192_SHA384,
&webpki::RSA_PKCS1_2048_8192_SHA512,
&webpki::RSA_PKCS1_3072_8192_SHA384,
&webpki::RSA_PSS_2048_8192_SHA256_LEGACY_KEY,
&webpki::RSA_PSS_2048_8192_SHA384_LEGACY_KEY,
&webpki::RSA_PSS_2048_8192_SHA512_LEGACY_KEY,
] {
assert_eq!(
check_sig(ee, algorithm, b"", b""),
Err(webpki::Error::UnsupportedSignatureAlgorithmForPublicKey)
);
}
}
#[test]
#[cfg(feature = "alloc")]
fn ecdsa_p256_key_and_ecdsa_p256_sha384_good_signature() {
let ee = include_bytes!("signatures/ecdsa_p256.ee.der");
let message = include_bytes!("signatures/message.bin");
let signature =
include_bytes!("signatures/ecdsa_p256_key_and_ecdsa_p256_sha384_good_signature.sig.bin");
assert_eq!(
check_sig(ee, &webpki::ECDSA_P256_SHA384, message, signature),
Ok(())
);
}
#[test]
#[cfg(feature = "alloc")]
fn ecdsa_p256_key_and_ecdsa_p256_sha384_detects_bad_signature() {
let ee = include_bytes!("signatures/ecdsa_p256.ee.der");
let message = include_bytes!("signatures/message.bin");
let signature = include_bytes!(
"signatures/ecdsa_p256_key_and_ecdsa_p256_sha384_detects_bad_signature.sig.bin"
);
assert_eq!(
check_sig(ee, &webpki::ECDSA_P256_SHA384, message, signature),
Err(webpki::Error::InvalidSignatureForPublicKey)
);
}
#[test]
#[cfg(feature = "alloc")]
fn ecdsa_p256_key_and_ecdsa_p256_sha256_good_signature() {
let ee = include_bytes!("signatures/ecdsa_p256.ee.der");
let message = include_bytes!("signatures/message.bin");
let signature =
include_bytes!("signatures/ecdsa_p256_key_and_ecdsa_p256_sha256_good_signature.sig.bin");
assert_eq!(
check_sig(ee, &webpki::ECDSA_P256_SHA256, message, signature),
Ok(())
);
}
#[test]
#[cfg(feature = "alloc")]
fn ecdsa_p256_key_and_ecdsa_p256_sha256_detects_bad_signature() {
let ee = include_bytes!("signatures/ecdsa_p256.ee.der");
let message = include_bytes!("signatures/message.bin");
let signature = include_bytes!(
"signatures/ecdsa_p256_key_and_ecdsa_p256_sha256_detects_bad_signature.sig.bin"
);
assert_eq!(
check_sig(ee, &webpki::ECDSA_P256_SHA256, message, signature),
Err(webpki::Error::InvalidSignatureForPublicKey)
);
}
#[test]
#[cfg(feature = "alloc")]
fn ecdsa_p256_key_rejected_by_other_algorithms() {
let ee = include_bytes!("signatures/ecdsa_p256.ee.der");
for algorithm in &[
&webpki::ECDSA_P384_SHA256,
&webpki::ECDSA_P384_SHA384,
&webpki::ED25519,
&webpki::RSA_PKCS1_2048_8192_SHA256,
&webpki::RSA_PKCS1_2048_8192_SHA384,
&webpki::RSA_PKCS1_2048_8192_SHA512,
&webpki::RSA_PKCS1_3072_8192_SHA384,
&webpki::RSA_PSS_2048_8192_SHA256_LEGACY_KEY,
&webpki::RSA_PSS_2048_8192_SHA384_LEGACY_KEY,
&webpki::RSA_PSS_2048_8192_SHA512_LEGACY_KEY,
] {
assert_eq!(
check_sig(ee, algorithm, b"", b""),
Err(webpki::Error::UnsupportedSignatureAlgorithmForPublicKey)
);
}
}
#[test]
#[cfg(feature = "alloc")]
fn ecdsa_p384_key_and_ecdsa_p384_sha384_good_signature() {
let ee = include_bytes!("signatures/ecdsa_p384.ee.der");
let message = include_bytes!("signatures/message.bin");
let signature =
include_bytes!("signatures/ecdsa_p384_key_and_ecdsa_p384_sha384_good_signature.sig.bin");
assert_eq!(
check_sig(ee, &webpki::ECDSA_P384_SHA384, message, signature),
Ok(())
);
}
#[test]
#[cfg(feature = "alloc")]
fn ecdsa_p384_key_and_ecdsa_p384_sha384_detects_bad_signature() {
let ee = include_bytes!("signatures/ecdsa_p384.ee.der");
let message = include_bytes!("signatures/message.bin");
let signature = include_bytes!(
"signatures/ecdsa_p384_key_and_ecdsa_p384_sha384_detects_bad_signature.sig.bin"
);
assert_eq!(
check_sig(ee, &webpki::ECDSA_P384_SHA384, message, signature),
Err(webpki::Error::InvalidSignatureForPublicKey)
);
}
#[test]
#[cfg(feature = "alloc")]
fn ecdsa_p384_key_and_ecdsa_p384_sha256_good_signature() {
let ee = include_bytes!("signatures/ecdsa_p384.ee.der");
let message = include_bytes!("signatures/message.bin");
let signature =
include_bytes!("signatures/ecdsa_p384_key_and_ecdsa_p384_sha256_good_signature.sig.bin");
assert_eq!(
check_sig(ee, &webpki::ECDSA_P384_SHA256, message, signature),
Ok(())
);
}
#[test]
#[cfg(feature = "alloc")]
fn ecdsa_p384_key_and_ecdsa_p384_sha256_detects_bad_signature() {
let ee = include_bytes!("signatures/ecdsa_p384.ee.der");
let message = include_bytes!("signatures/message.bin");
let signature = include_bytes!(
"signatures/ecdsa_p384_key_and_ecdsa_p384_sha256_detects_bad_signature.sig.bin"
);
assert_eq!(
check_sig(ee, &webpki::ECDSA_P384_SHA256, message, signature),
Err(webpki::Error::InvalidSignatureForPublicKey)
);
}
#[test]
#[cfg(feature = "alloc")]
fn ecdsa_p384_key_rejected_by_other_algorithms() {
let ee = include_bytes!("signatures/ecdsa_p384.ee.der");
for algorithm in &[
&webpki::ECDSA_P256_SHA256,
&webpki::ECDSA_P256_SHA384,
&webpki::ED25519,
&webpki::RSA_PKCS1_2048_8192_SHA256,
&webpki::RSA_PKCS1_2048_8192_SHA384,
&webpki::RSA_PKCS1_2048_8192_SHA512,
&webpki::RSA_PKCS1_3072_8192_SHA384,
&webpki::RSA_PSS_2048_8192_SHA256_LEGACY_KEY,
&webpki::RSA_PSS_2048_8192_SHA384_LEGACY_KEY,
&webpki::RSA_PSS_2048_8192_SHA512_LEGACY_KEY,
] {
assert_eq!(
check_sig(ee, algorithm, b"", b""),
Err(webpki::Error::UnsupportedSignatureAlgorithmForPublicKey)
);
}
}
#[test]
#[cfg(feature = "alloc")]
fn rsa_2048_key_and_rsa_pkcs1_2048_8192_sha256_good_signature() {
let ee = include_bytes!("signatures/rsa_2048.ee.der");
let message = include_bytes!("signatures/message.bin");
let signature = include_bytes!(
"signatures/rsa_2048_key_and_rsa_pkcs1_2048_8192_sha256_good_signature.sig.bin"
);
assert_eq!(
check_sig(ee, &webpki::RSA_PKCS1_2048_8192_SHA256, message, signature),
Ok(())
);
}
#[test]
#[cfg(feature = "alloc")]
fn rsa_2048_key_and_rsa_pkcs1_2048_8192_sha256_detects_bad_signature() {
let ee = include_bytes!("signatures/rsa_2048.ee.der");
let message = include_bytes!("signatures/message.bin");
let signature = include_bytes!(
"signatures/rsa_2048_key_and_rsa_pkcs1_2048_8192_sha256_detects_bad_signature.sig.bin"
);
assert_eq!(
check_sig(ee, &webpki::RSA_PKCS1_2048_8192_SHA256, message, signature),
Err(webpki::Error::InvalidSignatureForPublicKey)
);
}
#[test]
#[cfg(feature = "alloc")]
fn rsa_2048_key_and_rsa_pkcs1_2048_8192_sha384_good_signature() {
let ee = include_bytes!("signatures/rsa_2048.ee.der");
let message = include_bytes!("signatures/message.bin");
let signature = include_bytes!(
"signatures/rsa_2048_key_and_rsa_pkcs1_2048_8192_sha384_good_signature.sig.bin"
);
assert_eq!(
check_sig(ee, &webpki::RSA_PKCS1_2048_8192_SHA384, message, signature),
Ok(())
);
}
#[test]
#[cfg(feature = "alloc")]
fn rsa_2048_key_and_rsa_pkcs1_2048_8192_sha384_detects_bad_signature() {
let ee = include_bytes!("signatures/rsa_2048.ee.der");
let message = include_bytes!("signatures/message.bin");
let signature = include_bytes!(
"signatures/rsa_2048_key_and_rsa_pkcs1_2048_8192_sha384_detects_bad_signature.sig.bin"
);
assert_eq!(
check_sig(ee, &webpki::RSA_PKCS1_2048_8192_SHA384, message, signature),
Err(webpki::Error::InvalidSignatureForPublicKey)
);
}
#[test]
#[cfg(feature = "alloc")]
fn rsa_2048_key_and_rsa_pkcs1_2048_8192_sha512_good_signature() {
let ee = include_bytes!("signatures/rsa_2048.ee.der");
let message = include_bytes!("signatures/message.bin");
let signature = include_bytes!(
"signatures/rsa_2048_key_and_rsa_pkcs1_2048_8192_sha512_good_signature.sig.bin"
);
assert_eq!(
check_sig(ee, &webpki::RSA_PKCS1_2048_8192_SHA512, message, signature),
Ok(())
);
}
#[test]
#[cfg(feature = "alloc")]
fn rsa_2048_key_and_rsa_pkcs1_2048_8192_sha512_detects_bad_signature() {
let ee = include_bytes!("signatures/rsa_2048.ee.der");
let message = include_bytes!("signatures/message.bin");
let signature = include_bytes!(
"signatures/rsa_2048_key_and_rsa_pkcs1_2048_8192_sha512_detects_bad_signature.sig.bin"
);
assert_eq!(
check_sig(ee, &webpki::RSA_PKCS1_2048_8192_SHA512, message, signature),
Err(webpki::Error::InvalidSignatureForPublicKey)
);
}
#[test]
#[cfg(feature = "alloc")]
fn rsa_2048_key_and_rsa_pss_2048_8192_sha256_legacy_key_good_signature() {
let ee = include_bytes!("signatures/rsa_2048.ee.der");
let message = include_bytes!("signatures/message.bin");
let signature = include_bytes!(
"signatures/rsa_2048_key_and_rsa_pss_2048_8192_sha256_legacy_key_good_signature.sig.bin"
);
assert_eq!(
check_sig(
ee,
&webpki::RSA_PSS_2048_8192_SHA256_LEGACY_KEY,
message,
signature
),
Ok(())
);
}
#[test]
#[cfg(feature = "alloc")]
fn rsa_2048_key_and_rsa_pss_2048_8192_sha256_legacy_key_detects_bad_signature() {
let ee = include_bytes!("signatures/rsa_2048.ee.der");
let message = include_bytes!("signatures/message.bin");
let signature = include_bytes!("signatures/rsa_2048_key_and_rsa_pss_2048_8192_sha256_legacy_key_detects_bad_signature.sig.bin");
assert_eq!(
check_sig(
ee,
&webpki::RSA_PSS_2048_8192_SHA256_LEGACY_KEY,
message,
signature
),
Err(webpki::Error::InvalidSignatureForPublicKey)
);
}
#[test]
#[cfg(feature = "alloc")]
fn rsa_2048_key_and_rsa_pss_2048_8192_sha384_legacy_key_good_signature() {
let ee = include_bytes!("signatures/rsa_2048.ee.der");
let message = include_bytes!("signatures/message.bin");
let signature = include_bytes!(
"signatures/rsa_2048_key_and_rsa_pss_2048_8192_sha384_legacy_key_good_signature.sig.bin"
);
assert_eq!(
check_sig(
ee,
&webpki::RSA_PSS_2048_8192_SHA384_LEGACY_KEY,
message,
signature
),
Ok(())
);
}
#[test]
#[cfg(feature = "alloc")]
fn rsa_2048_key_and_rsa_pss_2048_8192_sha384_legacy_key_detects_bad_signature() {
let ee = include_bytes!("signatures/rsa_2048.ee.der");
let message = include_bytes!("signatures/message.bin");
let signature = include_bytes!("signatures/rsa_2048_key_and_rsa_pss_2048_8192_sha384_legacy_key_detects_bad_signature.sig.bin");
assert_eq!(
check_sig(
ee,
&webpki::RSA_PSS_2048_8192_SHA384_LEGACY_KEY,
message,
signature
),
Err(webpki::Error::InvalidSignatureForPublicKey)
);
}
#[test]
#[cfg(feature = "alloc")]
fn rsa_2048_key_and_rsa_pss_2048_8192_sha512_legacy_key_good_signature() {
let ee = include_bytes!("signatures/rsa_2048.ee.der");
let message = include_bytes!("signatures/message.bin");
let signature = include_bytes!(
"signatures/rsa_2048_key_and_rsa_pss_2048_8192_sha512_legacy_key_good_signature.sig.bin"
);
assert_eq!(
check_sig(
ee,
&webpki::RSA_PSS_2048_8192_SHA512_LEGACY_KEY,
message,
signature
),
Ok(())
);
}
#[test]
#[cfg(feature = "alloc")]
fn rsa_2048_key_and_rsa_pss_2048_8192_sha512_legacy_key_detects_bad_signature() {
let ee = include_bytes!("signatures/rsa_2048.ee.der");
let message = include_bytes!("signatures/message.bin");
let signature = include_bytes!("signatures/rsa_2048_key_and_rsa_pss_2048_8192_sha512_legacy_key_detects_bad_signature.sig.bin");
assert_eq!(
check_sig(
ee,
&webpki::RSA_PSS_2048_8192_SHA512_LEGACY_KEY,
message,
signature
),
Err(webpki::Error::InvalidSignatureForPublicKey)
);
}
#[test]
#[cfg(feature = "alloc")]
fn rsa_2048_key_rejected_by_other_algorithms() {
let ee = include_bytes!("signatures/rsa_2048.ee.der");
for algorithm in &[
&webpki::ECDSA_P256_SHA256,
&webpki::ECDSA_P256_SHA384,
&webpki::ECDSA_P384_SHA256,
&webpki::ECDSA_P384_SHA384,
&webpki::ED25519,
] {
assert_eq!(
check_sig(ee, algorithm, b"", b""),
Err(webpki::Error::UnsupportedSignatureAlgorithmForPublicKey)
);
}
}
#[test]
#[cfg(feature = "alloc")]
fn rsa_3072_key_and_rsa_pkcs1_2048_8192_sha256_good_signature() {
let ee = include_bytes!("signatures/rsa_3072.ee.der");
let message = include_bytes!("signatures/message.bin");
let signature = include_bytes!(
"signatures/rsa_3072_key_and_rsa_pkcs1_2048_8192_sha256_good_signature.sig.bin"
);
assert_eq!(
check_sig(ee, &webpki::RSA_PKCS1_2048_8192_SHA256, message, signature),
Ok(())
);
}
#[test]
#[cfg(feature = "alloc")]
fn rsa_3072_key_and_rsa_pkcs1_2048_8192_sha256_detects_bad_signature() {
let ee = include_bytes!("signatures/rsa_3072.ee.der");
let message = include_bytes!("signatures/message.bin");
let signature = include_bytes!(
"signatures/rsa_3072_key_and_rsa_pkcs1_2048_8192_sha256_detects_bad_signature.sig.bin"
);
assert_eq!(
check_sig(ee, &webpki::RSA_PKCS1_2048_8192_SHA256, message, signature),
Err(webpki::Error::InvalidSignatureForPublicKey)
);
}
#[test]
#[cfg(feature = "alloc")]
fn rsa_3072_key_and_rsa_pkcs1_2048_8192_sha384_good_signature() {
let ee = include_bytes!("signatures/rsa_3072.ee.der");
let message = include_bytes!("signatures/message.bin");
let signature = include_bytes!(
"signatures/rsa_3072_key_and_rsa_pkcs1_2048_8192_sha384_good_signature.sig.bin"
);
assert_eq!(
check_sig(ee, &webpki::RSA_PKCS1_2048_8192_SHA384, message, signature),
Ok(())
);
}
#[test]
#[cfg(feature = "alloc")]
fn rsa_3072_key_and_rsa_pkcs1_2048_8192_sha384_detects_bad_signature() {
let ee = include_bytes!("signatures/rsa_3072.ee.der");
let message = include_bytes!("signatures/message.bin");
let signature = include_bytes!(
"signatures/rsa_3072_key_and_rsa_pkcs1_2048_8192_sha384_detects_bad_signature.sig.bin"
);
assert_eq!(
check_sig(ee, &webpki::RSA_PKCS1_2048_8192_SHA384, message, signature),
Err(webpki::Error::InvalidSignatureForPublicKey)
);
}
#[test]
#[cfg(feature = "alloc")]
fn rsa_3072_key_and_rsa_pkcs1_2048_8192_sha512_good_signature() {
let ee = include_bytes!("signatures/rsa_3072.ee.der");
let message = include_bytes!("signatures/message.bin");
let signature = include_bytes!(
"signatures/rsa_3072_key_and_rsa_pkcs1_2048_8192_sha512_good_signature.sig.bin"
);
assert_eq!(
check_sig(ee, &webpki::RSA_PKCS1_2048_8192_SHA512, message, signature),
Ok(())
);
}
#[test]
#[cfg(feature = "alloc")]
fn rsa_3072_key_and_rsa_pkcs1_2048_8192_sha512_detects_bad_signature() {
let ee = include_bytes!("signatures/rsa_3072.ee.der");
let message = include_bytes!("signatures/message.bin");
let signature = include_bytes!(
"signatures/rsa_3072_key_and_rsa_pkcs1_2048_8192_sha512_detects_bad_signature.sig.bin"
);
assert_eq!(
check_sig(ee, &webpki::RSA_PKCS1_2048_8192_SHA512, message, signature),
Err(webpki::Error::InvalidSignatureForPublicKey)
);
}
#[test]
#[cfg(feature = "alloc")]
fn rsa_3072_key_and_rsa_pss_2048_8192_sha256_legacy_key_good_signature() {
let ee = include_bytes!("signatures/rsa_3072.ee.der");
let message = include_bytes!("signatures/message.bin");
let signature = include_bytes!(
"signatures/rsa_3072_key_and_rsa_pss_2048_8192_sha256_legacy_key_good_signature.sig.bin"
);
assert_eq!(
check_sig(
ee,
&webpki::RSA_PSS_2048_8192_SHA256_LEGACY_KEY,
message,
signature
),
Ok(())
);
}
#[test]
#[cfg(feature = "alloc")]
fn rsa_3072_key_and_rsa_pss_2048_8192_sha256_legacy_key_detects_bad_signature() {
let ee = include_bytes!("signatures/rsa_3072.ee.der");
let message = include_bytes!("signatures/message.bin");
let signature = include_bytes!("signatures/rsa_3072_key_and_rsa_pss_2048_8192_sha256_legacy_key_detects_bad_signature.sig.bin");
assert_eq!(
check_sig(
ee,
&webpki::RSA_PSS_2048_8192_SHA256_LEGACY_KEY,
message,
signature
),
Err(webpki::Error::InvalidSignatureForPublicKey)
);
}
#[test]
#[cfg(feature = "alloc")]
fn rsa_3072_key_and_rsa_pss_2048_8192_sha384_legacy_key_good_signature() {
let ee = include_bytes!("signatures/rsa_3072.ee.der");
let message = include_bytes!("signatures/message.bin");
let signature = include_bytes!(
"signatures/rsa_3072_key_and_rsa_pss_2048_8192_sha384_legacy_key_good_signature.sig.bin"
);
assert_eq!(
check_sig(
ee,
&webpki::RSA_PSS_2048_8192_SHA384_LEGACY_KEY,
message,
signature
),
Ok(())
);
}
#[test]
#[cfg(feature = "alloc")]
fn rsa_3072_key_and_rsa_pss_2048_8192_sha384_legacy_key_detects_bad_signature() {
let ee = include_bytes!("signatures/rsa_3072.ee.der");
let message = include_bytes!("signatures/message.bin");
let signature = include_bytes!("signatures/rsa_3072_key_and_rsa_pss_2048_8192_sha384_legacy_key_detects_bad_signature.sig.bin");
assert_eq!(
check_sig(
ee,
&webpki::RSA_PSS_2048_8192_SHA384_LEGACY_KEY,
message,
signature
),
Err(webpki::Error::InvalidSignatureForPublicKey)
);
}
#[test]
#[cfg(feature = "alloc")]
fn rsa_3072_key_and_rsa_pss_2048_8192_sha512_legacy_key_good_signature() {
let ee = include_bytes!("signatures/rsa_3072.ee.der");
let message = include_bytes!("signatures/message.bin");
let signature = include_bytes!(
"signatures/rsa_3072_key_and_rsa_pss_2048_8192_sha512_legacy_key_good_signature.sig.bin"
);
assert_eq!(
check_sig(
ee,
&webpki::RSA_PSS_2048_8192_SHA512_LEGACY_KEY,
message,
signature
),
Ok(())
);
}
#[test]
#[cfg(feature = "alloc")]
fn rsa_3072_key_and_rsa_pss_2048_8192_sha512_legacy_key_detects_bad_signature() {
let ee = include_bytes!("signatures/rsa_3072.ee.der");
let message = include_bytes!("signatures/message.bin");
let signature = include_bytes!("signatures/rsa_3072_key_and_rsa_pss_2048_8192_sha512_legacy_key_detects_bad_signature.sig.bin");
assert_eq!(
check_sig(
ee,
&webpki::RSA_PSS_2048_8192_SHA512_LEGACY_KEY,
message,
signature
),
Err(webpki::Error::InvalidSignatureForPublicKey)
);
}
#[test]
#[cfg(feature = "alloc")]
fn rsa_3072_key_and_rsa_pkcs1_3072_8192_sha384_good_signature() {
let ee = include_bytes!("signatures/rsa_3072.ee.der");
let message = include_bytes!("signatures/message.bin");
let signature = include_bytes!(
"signatures/rsa_3072_key_and_rsa_pkcs1_3072_8192_sha384_good_signature.sig.bin"
);
assert_eq!(
check_sig(ee, &webpki::RSA_PKCS1_3072_8192_SHA384, message, signature),
Ok(())
);
}
#[test]
#[cfg(feature = "alloc")]
fn rsa_3072_key_and_rsa_pkcs1_3072_8192_sha384_detects_bad_signature() {
let ee = include_bytes!("signatures/rsa_3072.ee.der");
let message = include_bytes!("signatures/message.bin");
let signature = include_bytes!(
"signatures/rsa_3072_key_and_rsa_pkcs1_3072_8192_sha384_detects_bad_signature.sig.bin"
);
assert_eq!(
check_sig(ee, &webpki::RSA_PKCS1_3072_8192_SHA384, message, signature),
Err(webpki::Error::InvalidSignatureForPublicKey)
);
}
#[test]
#[cfg(feature = "alloc")]
fn rsa_3072_key_rejected_by_other_algorithms() {
let ee = include_bytes!("signatures/rsa_3072.ee.der");
for algorithm in &[
&webpki::ECDSA_P256_SHA256,
&webpki::ECDSA_P256_SHA384,
&webpki::ECDSA_P384_SHA256,
&webpki::ECDSA_P384_SHA384,
&webpki::ED25519,
] {
assert_eq!(
check_sig(ee, algorithm, b"", b""),
Err(webpki::Error::UnsupportedSignatureAlgorithmForPublicKey)
);
}
}
#[test]
#[cfg(feature = "alloc")]
fn rsa_4096_key_and_rsa_pkcs1_2048_8192_sha256_good_signature() {
let ee = include_bytes!("signatures/rsa_4096.ee.der");
let message = include_bytes!("signatures/message.bin");
let signature = include_bytes!(
"signatures/rsa_4096_key_and_rsa_pkcs1_2048_8192_sha256_good_signature.sig.bin"
);
assert_eq!(
check_sig(ee, &webpki::RSA_PKCS1_2048_8192_SHA256, message, signature),
Ok(())
);
}
#[test]
#[cfg(feature = "alloc")]
fn rsa_4096_key_and_rsa_pkcs1_2048_8192_sha256_detects_bad_signature() {
let ee = include_bytes!("signatures/rsa_4096.ee.der");
let message = include_bytes!("signatures/message.bin");
let signature = include_bytes!(
"signatures/rsa_4096_key_and_rsa_pkcs1_2048_8192_sha256_detects_bad_signature.sig.bin"
);
assert_eq!(
check_sig(ee, &webpki::RSA_PKCS1_2048_8192_SHA256, message, signature),
Err(webpki::Error::InvalidSignatureForPublicKey)
);
}
#[test]
#[cfg(feature = "alloc")]
fn rsa_4096_key_and_rsa_pkcs1_2048_8192_sha384_good_signature() {
let ee = include_bytes!("signatures/rsa_4096.ee.der");
let message = include_bytes!("signatures/message.bin");
let signature = include_bytes!(
"signatures/rsa_4096_key_and_rsa_pkcs1_2048_8192_sha384_good_signature.sig.bin"
);
assert_eq!(
check_sig(ee, &webpki::RSA_PKCS1_2048_8192_SHA384, message, signature),
Ok(())
);
}
#[test]
#[cfg(feature = "alloc")]
fn rsa_4096_key_and_rsa_pkcs1_2048_8192_sha384_detects_bad_signature() {
let ee = include_bytes!("signatures/rsa_4096.ee.der");
let message = include_bytes!("signatures/message.bin");
let signature = include_bytes!(
"signatures/rsa_4096_key_and_rsa_pkcs1_2048_8192_sha384_detects_bad_signature.sig.bin"
);
assert_eq!(
check_sig(ee, &webpki::RSA_PKCS1_2048_8192_SHA384, message, signature),
Err(webpki::Error::InvalidSignatureForPublicKey)
);
}
#[test]
#[cfg(feature = "alloc")]
fn rsa_4096_key_and_rsa_pkcs1_2048_8192_sha512_good_signature() {
let ee = include_bytes!("signatures/rsa_4096.ee.der");
let message = include_bytes!("signatures/message.bin");
let signature = include_bytes!(
"signatures/rsa_4096_key_and_rsa_pkcs1_2048_8192_sha512_good_signature.sig.bin"
);
assert_eq!(
check_sig(ee, &webpki::RSA_PKCS1_2048_8192_SHA512, message, signature),
Ok(())
);
}
#[test]
#[cfg(feature = "alloc")]
fn rsa_4096_key_and_rsa_pkcs1_2048_8192_sha512_detects_bad_signature() {
let ee = include_bytes!("signatures/rsa_4096.ee.der");
let message = include_bytes!("signatures/message.bin");
let signature = include_bytes!(
"signatures/rsa_4096_key_and_rsa_pkcs1_2048_8192_sha512_detects_bad_signature.sig.bin"
);
assert_eq!(
check_sig(ee, &webpki::RSA_PKCS1_2048_8192_SHA512, message, signature),
Err(webpki::Error::InvalidSignatureForPublicKey)
);
}
#[test]
#[cfg(feature = "alloc")]
fn rsa_4096_key_and_rsa_pss_2048_8192_sha256_legacy_key_good_signature() {
let ee = include_bytes!("signatures/rsa_4096.ee.der");
let message = include_bytes!("signatures/message.bin");
let signature = include_bytes!(
"signatures/rsa_4096_key_and_rsa_pss_2048_8192_sha256_legacy_key_good_signature.sig.bin"
);
assert_eq!(
check_sig(
ee,
&webpki::RSA_PSS_2048_8192_SHA256_LEGACY_KEY,
message,
signature
),
Ok(())
);
}
#[test]
#[cfg(feature = "alloc")]
fn rsa_4096_key_and_rsa_pss_2048_8192_sha256_legacy_key_detects_bad_signature() {
let ee = include_bytes!("signatures/rsa_4096.ee.der");
let message = include_bytes!("signatures/message.bin");
let signature = include_bytes!("signatures/rsa_4096_key_and_rsa_pss_2048_8192_sha256_legacy_key_detects_bad_signature.sig.bin");
assert_eq!(
check_sig(
ee,
&webpki::RSA_PSS_2048_8192_SHA256_LEGACY_KEY,
message,
signature
),
Err(webpki::Error::InvalidSignatureForPublicKey)
);
}
#[test]
#[cfg(feature = "alloc")]
fn rsa_4096_key_and_rsa_pss_2048_8192_sha384_legacy_key_good_signature() {
let ee = include_bytes!("signatures/rsa_4096.ee.der");
let message = include_bytes!("signatures/message.bin");
let signature = include_bytes!(
"signatures/rsa_4096_key_and_rsa_pss_2048_8192_sha384_legacy_key_good_signature.sig.bin"
);
assert_eq!(
check_sig(
ee,
&webpki::RSA_PSS_2048_8192_SHA384_LEGACY_KEY,
message,
signature
),
Ok(())
);
}
#[test]
#[cfg(feature = "alloc")]
fn rsa_4096_key_and_rsa_pss_2048_8192_sha384_legacy_key_detects_bad_signature() {
let ee = include_bytes!("signatures/rsa_4096.ee.der");
let message = include_bytes!("signatures/message.bin");
let signature = include_bytes!("signatures/rsa_4096_key_and_rsa_pss_2048_8192_sha384_legacy_key_detects_bad_signature.sig.bin");
assert_eq!(
check_sig(
ee,
&webpki::RSA_PSS_2048_8192_SHA384_LEGACY_KEY,
message,
signature
),
Err(webpki::Error::InvalidSignatureForPublicKey)
);
}
#[test]
#[cfg(feature = "alloc")]
fn rsa_4096_key_and_rsa_pss_2048_8192_sha512_legacy_key_good_signature() {
let ee = include_bytes!("signatures/rsa_4096.ee.der");
let message = include_bytes!("signatures/message.bin");
let signature = include_bytes!(
"signatures/rsa_4096_key_and_rsa_pss_2048_8192_sha512_legacy_key_good_signature.sig.bin"
);
assert_eq!(
check_sig(
ee,
&webpki::RSA_PSS_2048_8192_SHA512_LEGACY_KEY,
message,
signature
),
Ok(())
);
}
#[test]
#[cfg(feature = "alloc")]
fn rsa_4096_key_and_rsa_pss_2048_8192_sha512_legacy_key_detects_bad_signature() {
let ee = include_bytes!("signatures/rsa_4096.ee.der");
let message = include_bytes!("signatures/message.bin");
let signature = include_bytes!("signatures/rsa_4096_key_and_rsa_pss_2048_8192_sha512_legacy_key_detects_bad_signature.sig.bin");
assert_eq!(
check_sig(
ee,
&webpki::RSA_PSS_2048_8192_SHA512_LEGACY_KEY,
message,
signature
),
Err(webpki::Error::InvalidSignatureForPublicKey)
);
}
#[test]
#[cfg(feature = "alloc")]
fn rsa_4096_key_and_rsa_pkcs1_3072_8192_sha384_good_signature() {
let ee = include_bytes!("signatures/rsa_4096.ee.der");
let message = include_bytes!("signatures/message.bin");
let signature = include_bytes!(
"signatures/rsa_4096_key_and_rsa_pkcs1_3072_8192_sha384_good_signature.sig.bin"
);
assert_eq!(
check_sig(ee, &webpki::RSA_PKCS1_3072_8192_SHA384, message, signature),
Ok(())
);
}
#[test]
#[cfg(feature = "alloc")]
fn rsa_4096_key_and_rsa_pkcs1_3072_8192_sha384_detects_bad_signature() {
let ee = include_bytes!("signatures/rsa_4096.ee.der");
let message = include_bytes!("signatures/message.bin");
let signature = include_bytes!(
"signatures/rsa_4096_key_and_rsa_pkcs1_3072_8192_sha384_detects_bad_signature.sig.bin"
);
assert_eq!(
check_sig(ee, &webpki::RSA_PKCS1_3072_8192_SHA384, message, signature),
Err(webpki::Error::InvalidSignatureForPublicKey)
);
}
#[test]
#[cfg(feature = "alloc")]
fn rsa_4096_key_rejected_by_other_algorithms() {
let ee = include_bytes!("signatures/rsa_4096.ee.der");
for algorithm in &[
&webpki::ECDSA_P256_SHA256,
&webpki::ECDSA_P256_SHA384,
&webpki::ECDSA_P384_SHA256,
&webpki::ECDSA_P384_SHA384,
&webpki::ED25519,
] {
assert_eq!(
check_sig(ee, algorithm, b"", b""),
Err(webpki::Error::UnsupportedSignatureAlgorithmForPublicKey)
);
}
}
#[test]
#[cfg(feature = "alloc")]
fn rsa_2048_key_rejected_by_rsa_pkcs1_3072_8192_sha384() {
let ee = include_bytes!("signatures/rsa_2048.ee.der");
let message = include_bytes!("signatures/message.bin");
let signature =
include_bytes!("signatures/rsa_2048_key_rejected_by_rsa_pkcs1_3072_8192_sha384.sig.bin");
assert_eq!(
check_sig(ee, &webpki::RSA_PKCS1_3072_8192_SHA384, message, signature),
Err(webpki::Error::InvalidSignatureForPublicKey)
);
}