diff --git a/LICENSE b/LICENSE index 3cfbbc6..cd87be1 100644 --- a/LICENSE +++ b/LICENSE @@ -14,3 +14,6 @@ ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +The files under third-party/chromium are licensed as described in +third-party/chromium/LICENSE. diff --git a/third-party/chromium/LICENSE b/third-party/chromium/LICENSE new file mode 100644 index 0000000..a32e00c --- /dev/null +++ b/third-party/chromium/LICENSE @@ -0,0 +1,27 @@ +// Copyright 2015 The Chromium Authors. All rights reserved. +// +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions are +// met: +// +// * Redistributions of source code must retain the above copyright +// notice, this list of conditions and the following disclaimer. +// * Redistributions in binary form must reproduce the above +// copyright notice, this list of conditions and the following disclaimer +// in the documentation and/or other materials provided with the +// distribution. +// * Neither the name of Google Inc. nor the names of its +// contributors may be used to endorse or promote products derived from +// this software without specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/third-party/chromium/data/verify_signed_data/README b/third-party/chromium/data/verify_signed_data/README new file mode 100644 index 0000000..2acf6e6 --- /dev/null +++ b/third-party/chromium/data/verify_signed_data/README @@ -0,0 +1,35 @@ +This directory contains test data for testing net::VerifySignedData(). + +When adding or changing test data, run the script + $ python annotate_test_data.py + +This script will apply a uniform formatting. For instance it will add a +comment showing what the parsed ASN.1 looks like, and reformat the base64 to +have consistent line breaks. + +The general format for the test files is as follows: + + + + + -----BEGIN PUBLIC KEY----- + + -----END PUBLIC KEY----- + + -----BEGIN ALGORITHM----- + + -----END ALGORITHM----- + + -----BEGIN DATA----- + + -----END DATA----- + + -----BEGIN SIGNATURE----- + + -----END SIGNATURE----- + + +Comments for a PEM block should be placed immediately below that block. +The script will also insert a comment after the block describing its parsed +ASN.1 structure (your extra comments need to be above the script-generated +comments or they will be stripped). diff --git a/third-party/chromium/data/verify_signed_data/annotate_test_data.py b/third-party/chromium/data/verify_signed_data/annotate_test_data.py new file mode 100644 index 0000000..7928fa2 --- /dev/null +++ b/third-party/chromium/data/verify_signed_data/annotate_test_data.py @@ -0,0 +1,167 @@ +#!/usr/bin/python +# Copyright (c) 2015 The Chromium Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +"""This script is called without any arguments to re-format all of the *.pem +files in the script's parent directory. + +The main formatting change is to run "openssl asn1parse" for each of the PEM +block sections (except for DATA), and add that output to the comment. + +Refer to the README file for more information. +""" + +import glob +import os +import re +import base64 +import subprocess + + +def Transform(file_data): + """Returns a transformed (formatted) version of file_data""" + + result = '' + + # Get the file's description (all the text before the first PEM block) + file_description = GetTextUntilNextPemBlock(file_data) + + result += file_description + '\n' + + for block in GetPemBlocks(file_data): + result += '\n\n\n' + + result += MakePemBlockString(block.name, block.data) + + # If there was a user comment (non-script-generated comment) associated + # with the block, output it immediately after the block. + user_comment = GetUserComment(block.comment) + if user_comment: + result += '\n' + user_comment + '\n' + + # For every block except for DATA, try to pretty print the parsed ASN.1. + # DATA blocks likely would be DER in practice, but for the purposes of + # these tests seeing its structure doesn't clarify + # anything and is just a distraction. + if block.name != 'DATA': + generated_comment = GenerateCommentForBlock(block.name, block.data) + result += '\n' + generated_comment + '\n' + + return result + + +def GenerateCommentForBlock(block_name, block_data): + """Returns a string describing the ASN.1 structure of block_data""" + + p = subprocess.Popen(['openssl', 'asn1parse', '-i', '-inform', 'DER'], + stdout=subprocess.PIPE, stdin=subprocess.PIPE, + stderr=subprocess.PIPE) + stdout_data, stderr_data = p.communicate(input=block_data) + generated_comment = '$ openssl asn1parse -i < [%s]\n%s' % (block_name, + stdout_data) + return generated_comment.strip('\n') + + +def GetTextUntilNextPemBlock(text): + return text.split('-----BEGIN ', 1)[0].strip('\n') + + +def GetUserComment(comment): + """Removes any script-generated lines (everything after the $ openssl line)""" + + # Consider everything after "$ openssl" to be a generated comment. + comment = comment.split('$ openssl asn1parse -i', 1)[0].strip('\n') + if IsEntirelyWhiteSpace(comment): + comment = '' + return comment + + +def MakePemBlockString(name, data): + return ('-----BEGIN %s-----\n' + '%s' + '-----END %s-----\n') % (name, EncodeDataForPem(data), name) + + +def GetPemFilePaths(): + """Returns an iterable for all the paths to the PEM test files""" + + base_dir = os.path.dirname(os.path.realpath(__file__)) + return glob.iglob(os.path.join(base_dir, '*.pem')) + + +def ReadFileToString(path): + with open(path, 'r') as f: + return f.read() + + +def WrapTextToLineWidth(text, column_width): + result = '' + pos = 0 + while pos < len(text): + result += text[pos : pos + column_width] + '\n' + pos += column_width + return result + + +def EncodeDataForPem(data): + result = base64.b64encode(data) + return WrapTextToLineWidth(result, 75) + + +class PemBlock(object): + def __init__(self): + self.name = None + self.data = None + self.comment = None + + +def StripAllWhitespace(text): + pattern = re.compile(r'\s+') + return re.sub(pattern, '', text) + + +def IsEntirelyWhiteSpace(text): + return len(StripAllWhitespace(text)) == 0 + + +def DecodePemBlockData(text): + text = StripAllWhitespace(text) + return base64.b64decode(text) + + +def GetPemBlocks(data): + """Returns an iterable of PemBlock""" + + regex = re.compile(r'-----BEGIN ([\w ]+)-----(.*?)-----END \1-----', + re.DOTALL) + + for match in regex.finditer(data): + block = PemBlock() + + block.name = match.group(1) + block.data = DecodePemBlockData(match.group(2)) + + # Keep track of any non-PEM text between blocks + block.comment = GetTextUntilNextPemBlock(data[match.end():]) + + yield block + + +def WriteStringToFile(data, path): + with open(path, "w") as f: + f.write(data) + + +def main(): + for path in GetPemFilePaths(): + print "Processing %s ..." % (path) + original_data = ReadFileToString(path) + transformed_data = Transform(original_data) + if original_data != transformed_data: + WriteStringToFile(transformed_data, path) + print "Rewrote %s" % (path) + + +if __name__ == "__main__": + main() diff --git a/third-party/chromium/data/verify_signed_data/ecdsa-prime256v1-sha512-spki-params-null.pem b/third-party/chromium/data/verify_signed_data/ecdsa-prime256v1-sha512-spki-params-null.pem new file mode 100644 index 0000000..6f65be1 --- /dev/null +++ b/third-party/chromium/data/verify_signed_data/ecdsa-prime256v1-sha512-spki-params-null.pem @@ -0,0 +1,45 @@ +This is the same test as ecdsa-prime256v1-sha512.pem except the public key's +algorithm has been tampered with. The parameters for ecPublicKey should be a +namedCurve, but here they have been replaced by NULL. + + + +-----BEGIN PUBLIC KEY----- +MFEwCwYHKoZIzj0CAQUAA0IABJywz2kwPa/HYdTkaHtOzwOebTSrlkr4CBDY1VikqNb3LVEjOhe +IkgqG7gihlix576MX+3h54pfa0hRtuZX6HHg= +-----END PUBLIC KEY----- + +$ openssl asn1parse -i < [PUBLIC KEY] + 0:d=0 hl=2 l= 81 cons: SEQUENCE + 2:d=1 hl=2 l= 11 cons: SEQUENCE + 4:d=2 hl=2 l= 7 prim: OBJECT :id-ecPublicKey + 13:d=2 hl=2 l= 0 prim: NULL + 15:d=1 hl=2 l= 66 prim: BIT STRING + + + +-----BEGIN ALGORITHM----- +MAoGCCqGSM49BAME +-----END ALGORITHM----- + +$ openssl asn1parse -i < [ALGORITHM] + 0:d=0 hl=2 l= 10 cons: SEQUENCE + 2:d=1 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA512 + + + +-----BEGIN DATA----- +bikyFTMBpO72gOZCiSmtrpiMEI1mijH/VdBImUfXX/gaRr+J6E1kAfAjvm6HaI+814TXhcqEZzV +SSstS0ARSyEBApHnnzDMJNkQdk7vnIqlDKm4dsRK1yUA7ECcssTR/1hnUY/ep0iOtdv3gbYpog1 +APuEMjWr/5jiQb37VTjD4= +-----END DATA----- + + + +-----BEGIN SIGNATURE----- +A0cAMEQCIEufkeQoUocmGh0ckjz2Gc1SwXXP5/G+YKUljGEDSLo9AiAoxF+QHXHEGymGOOwNaoX +X/LDDO7/sWpyBCEa2OSiahA== +-----END SIGNATURE----- + +$ openssl asn1parse -i < [SIGNATURE] + 0:d=0 hl=2 l= 71 prim: BIT STRING diff --git a/third-party/chromium/data/verify_signed_data/ecdsa-prime256v1-sha512-unused-bits-signature.pem b/third-party/chromium/data/verify_signed_data/ecdsa-prime256v1-sha512-unused-bits-signature.pem new file mode 100644 index 0000000..24efda0 --- /dev/null +++ b/third-party/chromium/data/verify_signed_data/ecdsa-prime256v1-sha512-unused-bits-signature.pem @@ -0,0 +1,53 @@ +This is the same test as ecdsa-prime256v1-sha512.pem, however the SIGNATURE has +been changed to a (valid) BIT STRING containing two unused bits. + +Note that the last two bits of the original signature were 0, so the +DER-encoded bytes portion of the mutated BIT STRING remains the same. All that +changes is the octet at the start which indicates the number of unused bits. + +In other words SIGNATURE changes from: + 03 47 00 30 ... 84 +To: + 03 47 02 30 ... 84 + + + +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEnLDPaTA9r8dh1ORoe07PA55tNKuWSvgIENjVWKS +o1vctUSM6F4iSCobuCKGWLHnvoxf7eHnil9rSFG25lfoceA== +-----END PUBLIC KEY----- + +$ openssl asn1parse -i < [PUBLIC KEY] + 0:d=0 hl=2 l= 89 cons: SEQUENCE + 2:d=1 hl=2 l= 19 cons: SEQUENCE + 4:d=2 hl=2 l= 7 prim: OBJECT :id-ecPublicKey + 13:d=2 hl=2 l= 8 prim: OBJECT :prime256v1 + 23:d=1 hl=2 l= 66 prim: BIT STRING + + + +-----BEGIN ALGORITHM----- +MAoGCCqGSM49BAME +-----END ALGORITHM----- + +$ openssl asn1parse -i < [ALGORITHM] + 0:d=0 hl=2 l= 10 cons: SEQUENCE + 2:d=1 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA512 + + + +-----BEGIN DATA----- +bikyFTMBpO72gOZCiSmtrpiMEI1mijH/VdBImUfXX/gaRr+J6E1kAfAjvm6HaI+814TXhcqEZzV +SSstS0ARSyEBApHnnzDMJNkQdk7vnIqlDKm4dsRK1yUA7ECcssTR/1hnUY/ep0iOtdv3gbYpog1 +APuEMjWr/5jiQb37VTjD4= +-----END DATA----- + + + +-----BEGIN SIGNATURE----- +A0cCMEQCIEufkeQoUocmGh0ckjz2Gc1SwXXP5/G+YKUljGEDSLo9AiAoxF+QHXHEGymGOOwNaoX +X/LDDO7/sWpyBCEa2OSiahA== +-----END SIGNATURE----- + +$ openssl asn1parse -i < [SIGNATURE] + 0:d=0 hl=2 l= 71 prim: BIT STRING diff --git a/third-party/chromium/data/verify_signed_data/ecdsa-prime256v1-sha512-using-ecdh-key.pem b/third-party/chromium/data/verify_signed_data/ecdsa-prime256v1-sha512-using-ecdh-key.pem new file mode 100644 index 0000000..4f3e26c --- /dev/null +++ b/third-party/chromium/data/verify_signed_data/ecdsa-prime256v1-sha512-using-ecdh-key.pem @@ -0,0 +1,48 @@ +This uses the same test data as ecdsa-prime256v1-sha512.pem, HOWEVER the +algorithm OID for the public key has been changed from id-ecPublicKey +(1.2.840.10045.2.1) to id-ecDH (1.3.132.1.12) + +This test should fail because the public key's algorithm does not match that of +the signature algorithm. + + + +-----BEGIN PUBLIC KEY----- +MFcwEQYFK4EEAQwGCCqGSM49AwEHA0IABJywz2kwPa/HYdTkaHtOzwOebTSrlkr4CBDY1VikqNb +3LVEjOheIkgqG7gihlix576MX+3h54pfa0hRtuZX6HHg= +-----END PUBLIC KEY----- + +$ openssl asn1parse -i < [PUBLIC KEY] + 0:d=0 hl=2 l= 87 cons: SEQUENCE + 2:d=1 hl=2 l= 17 cons: SEQUENCE + 4:d=2 hl=2 l= 5 prim: OBJECT :1.3.132.1.12 + 11:d=2 hl=2 l= 8 prim: OBJECT :prime256v1 + 21:d=1 hl=2 l= 66 prim: BIT STRING + + + +-----BEGIN ALGORITHM----- +MAoGCCqGSM49BAME +-----END ALGORITHM----- + +$ openssl asn1parse -i < [ALGORITHM] + 0:d=0 hl=2 l= 10 cons: SEQUENCE + 2:d=1 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA512 + + + +-----BEGIN DATA----- +bikyFTMBpO72gOZCiSmtrpiMEI1mijH/VdBImUfXX/gaRr+J6E1kAfAjvm6HaI+814TXhcqEZzV +SSstS0ARSyEBApHnnzDMJNkQdk7vnIqlDKm4dsRK1yUA7ECcssTR/1hnUY/ep0iOtdv3gbYpog1 +APuEMjWr/5jiQb37VTjD4= +-----END DATA----- + + + +-----BEGIN SIGNATURE----- +A0cAMEQCIEufkeQoUocmGh0ckjz2Gc1SwXXP5/G+YKUljGEDSLo9AiAoxF+QHXHEGymGOOwNaoX +X/LDDO7/sWpyBCEa2OSiahA== +-----END SIGNATURE----- + +$ openssl asn1parse -i < [SIGNATURE] + 0:d=0 hl=2 l= 71 prim: BIT STRING diff --git a/third-party/chromium/data/verify_signed_data/ecdsa-prime256v1-sha512-using-ecmqv-key.pem b/third-party/chromium/data/verify_signed_data/ecdsa-prime256v1-sha512-using-ecmqv-key.pem new file mode 100644 index 0000000..d0b906f --- /dev/null +++ b/third-party/chromium/data/verify_signed_data/ecdsa-prime256v1-sha512-using-ecmqv-key.pem @@ -0,0 +1,48 @@ +This uses the same test data as ecdsa-prime256v1-sha512.pem, HOWEVER the +algorithm OID for the public key has been changed from id-ecPublicKey +(1.2.840.10045.2.1) to id-ecMQV (1.3.132.1.13) + +This test should fail because the public key's algorithm does not match that of +the signature algorithm. + + + +-----BEGIN PUBLIC KEY----- +MFcwEQYFK4EEAQ0GCCqGSM49AwEHA0IABJywz2kwPa/HYdTkaHtOzwOebTSrlkr4CBDY1VikqNb +3LVEjOheIkgqG7gihlix576MX+3h54pfa0hRtuZX6HHg= +-----END PUBLIC KEY----- + +$ openssl asn1parse -i < [PUBLIC KEY] + 0:d=0 hl=2 l= 87 cons: SEQUENCE + 2:d=1 hl=2 l= 17 cons: SEQUENCE + 4:d=2 hl=2 l= 5 prim: OBJECT :1.3.132.1.13 + 11:d=2 hl=2 l= 8 prim: OBJECT :prime256v1 + 21:d=1 hl=2 l= 66 prim: BIT STRING + + + +-----BEGIN ALGORITHM----- +MAoGCCqGSM49BAME +-----END ALGORITHM----- + +$ openssl asn1parse -i < [ALGORITHM] + 0:d=0 hl=2 l= 10 cons: SEQUENCE + 2:d=1 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA512 + + + +-----BEGIN DATA----- +bikyFTMBpO72gOZCiSmtrpiMEI1mijH/VdBImUfXX/gaRr+J6E1kAfAjvm6HaI+814TXhcqEZzV +SSstS0ARSyEBApHnnzDMJNkQdk7vnIqlDKm4dsRK1yUA7ECcssTR/1hnUY/ep0iOtdv3gbYpog1 +APuEMjWr/5jiQb37VTjD4= +-----END DATA----- + + + +-----BEGIN SIGNATURE----- +A0cAMEQCIEufkeQoUocmGh0ckjz2Gc1SwXXP5/G+YKUljGEDSLo9AiAoxF+QHXHEGymGOOwNaoX +X/LDDO7/sWpyBCEa2OSiahA== +-----END SIGNATURE----- + +$ openssl asn1parse -i < [SIGNATURE] + 0:d=0 hl=2 l= 71 prim: BIT STRING diff --git a/third-party/chromium/data/verify_signed_data/ecdsa-prime256v1-sha512-using-rsa-algorithm.pem b/third-party/chromium/data/verify_signed_data/ecdsa-prime256v1-sha512-using-rsa-algorithm.pem new file mode 100644 index 0000000..8085486 --- /dev/null +++ b/third-party/chromium/data/verify_signed_data/ecdsa-prime256v1-sha512-using-rsa-algorithm.pem @@ -0,0 +1,48 @@ +This test specified a valid ECDSA signature and EC key (the same as ecdsa-prime256v1-sha512.pem) + +The problem however is the signature algorithm is indicated as being RSA PKCS#1 v1.5. + +Signature verification consequently should fail. + + + +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEnLDPaTA9r8dh1ORoe07PA55tNKuWSvgIENjVWKS +o1vctUSM6F4iSCobuCKGWLHnvoxf7eHnil9rSFG25lfoceA== +-----END PUBLIC KEY----- + +$ openssl asn1parse -i < [PUBLIC KEY] + 0:d=0 hl=2 l= 89 cons: SEQUENCE + 2:d=1 hl=2 l= 19 cons: SEQUENCE + 4:d=2 hl=2 l= 7 prim: OBJECT :id-ecPublicKey + 13:d=2 hl=2 l= 8 prim: OBJECT :prime256v1 + 23:d=1 hl=2 l= 66 prim: BIT STRING + + + +-----BEGIN ALGORITHM----- +MA0GCSqGSIb3DQEBDQUA +-----END ALGORITHM----- + +$ openssl asn1parse -i < [ALGORITHM] + 0:d=0 hl=2 l= 13 cons: SEQUENCE + 2:d=1 hl=2 l= 9 prim: OBJECT :sha512WithRSAEncryption + 13:d=1 hl=2 l= 0 prim: NULL + + + +-----BEGIN DATA----- +bikyFTMBpO72gOZCiSmtrpiMEI1mijH/VdBImUfXX/gaRr+J6E1kAfAjvm6HaI+814TXhcqEZzV +SSstS0ARSyEBApHnnzDMJNkQdk7vnIqlDKm4dsRK1yUA7ECcssTR/1hnUY/ep0iOtdv3gbYpog1 +APuEMjWr/5jiQb37VTjD4= +-----END DATA----- + + + +-----BEGIN SIGNATURE----- +A0cAMEQCIEufkeQoUocmGh0ckjz2Gc1SwXXP5/G+YKUljGEDSLo9AiAoxF+QHXHEGymGOOwNaoX +X/LDDO7/sWpyBCEa2OSiahA== +-----END SIGNATURE----- + +$ openssl asn1parse -i < [SIGNATURE] + 0:d=0 hl=2 l= 71 prim: BIT STRING diff --git a/third-party/chromium/data/verify_signed_data/ecdsa-prime256v1-sha512-wrong-signature-format.pem b/third-party/chromium/data/verify_signed_data/ecdsa-prime256v1-sha512-wrong-signature-format.pem new file mode 100644 index 0000000..d51317c --- /dev/null +++ b/third-party/chromium/data/verify_signed_data/ecdsa-prime256v1-sha512-wrong-signature-format.pem @@ -0,0 +1,47 @@ +This is the same as ecdsa-prime256v1-sha512.pem, except the signature is wrong. + +Rather than encoding the signature into a DER-encoded Ecdsa-Sig-Value, it is a +concatenation of the r and s values. This is the format that WebCrypto uses for +ECDSA signature, but not what is used for digital signatures. + + + +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEnLDPaTA9r8dh1ORoe07PA55tNKuWSvgIENjVWKS +o1vctUSM6F4iSCobuCKGWLHnvoxf7eHnil9rSFG25lfoceA== +-----END PUBLIC KEY----- + +$ openssl asn1parse -i < [PUBLIC KEY] + 0:d=0 hl=2 l= 89 cons: SEQUENCE + 2:d=1 hl=2 l= 19 cons: SEQUENCE + 4:d=2 hl=2 l= 7 prim: OBJECT :id-ecPublicKey + 13:d=2 hl=2 l= 8 prim: OBJECT :prime256v1 + 23:d=1 hl=2 l= 66 prim: BIT STRING + + + +-----BEGIN ALGORITHM----- +MAoGCCqGSM49BAME +-----END ALGORITHM----- + +$ openssl asn1parse -i < [ALGORITHM] + 0:d=0 hl=2 l= 10 cons: SEQUENCE + 2:d=1 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA512 + + + +-----BEGIN DATA----- +bikyFTMBpO72gOZCiSmtrpiMEI1mijH/VdBImUfXX/gaRr+J6E1kAfAjvm6HaI+814TXhcqEZzV +SSstS0ARSyEBApHnnzDMJNkQdk7vnIqlDKm4dsRK1yUA7ECcssTR/1hnUY/ep0iOtdv3gbYpog1 +APuEMjWr/5jiQb37VTjD4= +-----END DATA----- + + + +-----BEGIN SIGNATURE----- +A0EAS5+R5ChShyYaHRySPPYZzVLBdc/n8b5gpSWMYQNIuj0oxF+QHXHEGymGOOwNaoXX/LDDO7/ +sWpyBCEa2OSiahA== +-----END SIGNATURE----- + +$ openssl asn1parse -i < [SIGNATURE] + 0:d=0 hl=2 l= 65 prim: BIT STRING diff --git a/third-party/chromium/data/verify_signed_data/ecdsa-prime256v1-sha512.pem b/third-party/chromium/data/verify_signed_data/ecdsa-prime256v1-sha512.pem new file mode 100644 index 0000000..54f490c --- /dev/null +++ b/third-party/chromium/data/verify_signed_data/ecdsa-prime256v1-sha512.pem @@ -0,0 +1,49 @@ +The key, message, and signature come from: +http://csrc.nist.gov/groups/STM/cavp/documents/dss/186-3ecdsatestvectors.zip (SigVer.rsp) + +The algorithm DER was synthesized to match, and the signature (provided as an r +and s tuple) was encoded into a Ecdsa-Sig-Value and then a BIT STRING. + +It uses ECDSA verification, using curve prime256v1 and SHA-512 + + + +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEnLDPaTA9r8dh1ORoe07PA55tNKuWSvgIENjVWKS +o1vctUSM6F4iSCobuCKGWLHnvoxf7eHnil9rSFG25lfoceA== +-----END PUBLIC KEY----- + +$ openssl asn1parse -i < [PUBLIC KEY] + 0:d=0 hl=2 l= 89 cons: SEQUENCE + 2:d=1 hl=2 l= 19 cons: SEQUENCE + 4:d=2 hl=2 l= 7 prim: OBJECT :id-ecPublicKey + 13:d=2 hl=2 l= 8 prim: OBJECT :prime256v1 + 23:d=1 hl=2 l= 66 prim: BIT STRING + + + +-----BEGIN ALGORITHM----- +MAoGCCqGSM49BAME +-----END ALGORITHM----- + +$ openssl asn1parse -i < [ALGORITHM] + 0:d=0 hl=2 l= 10 cons: SEQUENCE + 2:d=1 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA512 + + + +-----BEGIN DATA----- +bikyFTMBpO72gOZCiSmtrpiMEI1mijH/VdBImUfXX/gaRr+J6E1kAfAjvm6HaI+814TXhcqEZzV +SSstS0ARSyEBApHnnzDMJNkQdk7vnIqlDKm4dsRK1yUA7ECcssTR/1hnUY/ep0iOtdv3gbYpog1 +APuEMjWr/5jiQb37VTjD4= +-----END DATA----- + + + +-----BEGIN SIGNATURE----- +A0cAMEQCIEufkeQoUocmGh0ckjz2Gc1SwXXP5/G+YKUljGEDSLo9AiAoxF+QHXHEGymGOOwNaoX +X/LDDO7/sWpyBCEa2OSiahA== +-----END SIGNATURE----- + +$ openssl asn1parse -i < [SIGNATURE] + 0:d=0 hl=2 l= 71 prim: BIT STRING diff --git a/third-party/chromium/data/verify_signed_data/ecdsa-secp384r1-sha256-corrupted-data.pem b/third-party/chromium/data/verify_signed_data/ecdsa-secp384r1-sha256-corrupted-data.pem new file mode 100644 index 0000000..5f5380b --- /dev/null +++ b/third-party/chromium/data/verify_signed_data/ecdsa-secp384r1-sha256-corrupted-data.pem @@ -0,0 +1,53 @@ +This is the same test as ecdsa-secp384r1-sha256.pem, except the DATA section +has been corrupted. The third byte has been set to 0. + +This signature should NOT verify successfully. + + + +-----BEGIN PUBLIC KEY----- +MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEXFhBi+WKXuxeK9yCbC9jqEchwjCNsQ4RXAsJ07oHZ+Q +qz55cNIY5BAhcQ0QYY5jv9BimGL9SuhUuOSuS3Pn9rrsIFGcFsihy4kDr8rq5+7RbN8bV057gW5 +emYjLtvDsQ +-----END PUBLIC KEY----- + +$ openssl asn1parse -i < [PUBLIC KEY] + 0:d=0 hl=2 l= 118 cons: SEQUENCE + 2:d=1 hl=2 l= 16 cons: SEQUENCE + 4:d=2 hl=2 l= 7 prim: OBJECT :id-ecPublicKey + 13:d=2 hl=2 l= 5 prim: OBJECT :secp384r1 + 20:d=1 hl=2 l= 98 prim: BIT STRING + + + +-----BEGIN ALGORITHM----- +MAoGCCqGSM49BAMC +-----END ALGORITHM----- + +$ openssl asn1parse -i < [ALGORITHM] + 0:d=0 hl=2 l= 10 cons: SEQUENCE + 2:d=1 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256 + + + +-----BEGIN DATA----- +MIIA6KADAgECAgkAtUVxft6/Vc0wCgYIKoZIzj0EAwIwbzELMAkGA1UEBhMCQVUxEzARBgNVBAg +MClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEMMAoGA1UEAw +wDYWhhMRowGAYJKoZIhvcNAQkBFgtzdXBAZm9vLmNvbTAeFw0xNTA3MDIwMDM4MTRaFw0xNjA3M +DEwMDM4MTRaMG8xCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJ +bnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDDAKBgNVBAMMA2FoYTEaMBgGCSqGSIb3DQEJARYLc3V +wQGZvby5jb20wdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARcWEGL5Ype7F4r3IJsL2OoRyHCMI2xDh +FcCwnTugdn5CrPnlw0hjkECFxDRBhjmO/0GKYYv1K6FS45K5Lc+f2uuwgUZwWyKHLiQOvyurn7t +Fs3xtXTnuBbl6ZiMu28OxCjUDBOMB0GA1UdDgQWBBR6nDgtPalG2JvSlWzdGRCi/Cu7NjAfBgNV +HSMEGDAWgBR6nDgtPalG2JvSlWzdGRCi/Cu7NjAMBgNVHRMEBTADAQH/ +-----END DATA----- + + + +-----BEGIN SIGNATURE----- +A2kAMGYCMQCDwMSZVJZ8qThiNTV7VX57m8fdNnNS6cXIjRYoh4SozlYWmWGh87nhmJJCeD16jVM +CMQDkroAY8oNi8RxLUor+LozhhVgu24tu6lcp4MP8H3Zy8bBea5HerAd1AqJp3Ox7KDU= +-----END SIGNATURE----- + +$ openssl asn1parse -i < [SIGNATURE] + 0:d=0 hl=2 l= 105 prim: BIT STRING diff --git a/third-party/chromium/data/verify_signed_data/ecdsa-secp384r1-sha256.pem b/third-party/chromium/data/verify_signed_data/ecdsa-secp384r1-sha256.pem new file mode 100644 index 0000000..d5c3798 --- /dev/null +++ b/third-party/chromium/data/verify_signed_data/ecdsa-secp384r1-sha256.pem @@ -0,0 +1,84 @@ +This test data was produced by creating a self-signed EC cert using OpenSSL, +and then extracting the relevant fields. + +It uses ECDSA with curve secp384r1 an SHA-256. + +(1) Generate self-signed certificate + + openssl ecparam -out ec_key.pem -name secp384r1 -genkey + openssl req -new -key ec_key.pem -x509 -nodes -days 365 -out cert.pem + +(2) Extract public key + + openssl x509 -in cert.pem -pubkey -noout > pubkey.pem + cat pubkey.pem + +(3) Extract signed data (tbsCertificate) + + openssl asn1parse -in cert.pem -out tbs -noout -strparse 4 + base64 tbs + +(4) Extract signature algorithm + + # Find the offset of the signature algorithm near the end (496 in this case) + openssl asn1parse -in cert.pem + + openssl asn1parse -in cert.pem -out alg -noout -strparse 496 + base64 alg + +(5) Extract the signature + + # Find the final offset of BIT STRING (508 in this case) + openssl asn1parse -in cert.pem + + openssl asn1parse -in cert.pem -out sig -noout -strparse 508 + base64 sig + + + +-----BEGIN PUBLIC KEY----- +MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEXFhBi+WKXuxeK9yCbC9jqEchwjCNsQ4RXAsJ07oHZ+Q +qz55cNIY5BAhcQ0QYY5jv9BimGL9SuhUuOSuS3Pn9rrsIFGcFsihy4kDr8rq5+7RbN8bV057gW5 +emYjLtvDsQ +-----END PUBLIC KEY----- + +$ openssl asn1parse -i < [PUBLIC KEY] + 0:d=0 hl=2 l= 118 cons: SEQUENCE + 2:d=1 hl=2 l= 16 cons: SEQUENCE + 4:d=2 hl=2 l= 7 prim: OBJECT :id-ecPublicKey + 13:d=2 hl=2 l= 5 prim: OBJECT :secp384r1 + 20:d=1 hl=2 l= 98 prim: BIT STRING + + + +-----BEGIN ALGORITHM----- +MAoGCCqGSM49BAMC +-----END ALGORITHM----- + +$ openssl asn1parse -i < [ALGORITHM] + 0:d=0 hl=2 l= 10 cons: SEQUENCE + 2:d=1 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256 + + + +-----BEGIN DATA----- +MIIB6KADAgECAgkAtUVxft6/Vc0wCgYIKoZIzj0EAwIwbzELMAkGA1UEBhMCQVUxEzARBgNVBAg +MClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEMMAoGA1UEAw +wDYWhhMRowGAYJKoZIhvcNAQkBFgtzdXBAZm9vLmNvbTAeFw0xNTA3MDIwMDM4MTRaFw0xNjA3M +DEwMDM4MTRaMG8xCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJ +bnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDDAKBgNVBAMMA2FoYTEaMBgGCSqGSIb3DQEJARYLc3V +wQGZvby5jb20wdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARcWEGL5Ype7F4r3IJsL2OoRyHCMI2xDh +FcCwnTugdn5CrPnlw0hjkECFxDRBhjmO/0GKYYv1K6FS45K5Lc+f2uuwgUZwWyKHLiQOvyurn7t +Fs3xtXTnuBbl6ZiMu28OxCjUDBOMB0GA1UdDgQWBBR6nDgtPalG2JvSlWzdGRCi/Cu7NjAfBgNV +HSMEGDAWgBR6nDgtPalG2JvSlWzdGRCi/Cu7NjAMBgNVHRMEBTADAQH/ +-----END DATA----- + + + +-----BEGIN SIGNATURE----- +A2kAMGYCMQCDwMSZVJZ8qThiNTV7VX57m8fdNnNS6cXIjRYoh4SozlYWmWGh87nhmJJCeD16jVM +CMQDkroAY8oNi8RxLUor+LozhhVgu24tu6lcp4MP8H3Zy8bBea5HerAd1AqJp3Ox7KDU= +-----END SIGNATURE----- + +$ openssl asn1parse -i < [SIGNATURE] + 0:d=0 hl=2 l= 105 prim: BIT STRING diff --git a/third-party/chromium/data/verify_signed_data/ecdsa-using-rsa-key.pem b/third-party/chromium/data/verify_signed_data/ecdsa-using-rsa-key.pem new file mode 100644 index 0000000..653bcd7 --- /dev/null +++ b/third-party/chromium/data/verify_signed_data/ecdsa-using-rsa-key.pem @@ -0,0 +1,51 @@ +This test specifies an ECDSA signature algorithm (and a valid ecdsa signature), +HOWEVER it provides an RSA key. Verification should fail. + + + +-----BEGIN PUBLIC KEY----- +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQClbkoOcBAXWJpRh9x+qEHRVvLsDjatUqRN/rH +mH3rZkdjFEFb/7bFitMDyg6EqiKOU3/Umq3KRy7MHzqv84LHf1c2VCAltWyuLbfXWce9jd8CSHL +I8Jwpw4lmOb/idGfEFrMLT8Ms18pKA4Thrb2TE7yLh4fINDOjP+yJJvZohNwIDAQAB +-----END PUBLIC KEY----- + +$ openssl asn1parse -i < [PUBLIC KEY] + 0:d=0 hl=3 l= 159 cons: SEQUENCE + 3:d=1 hl=2 l= 13 cons: SEQUENCE + 5:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption + 16:d=2 hl=2 l= 0 prim: NULL + 18:d=1 hl=3 l= 141 prim: BIT STRING + + + +-----BEGIN ALGORITHM----- +MAoGCCqGSM49BAMC +-----END ALGORITHM----- + +$ openssl asn1parse -i < [ALGORITHM] + 0:d=0 hl=2 l= 10 cons: SEQUENCE + 2:d=1 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256 + + + +-----BEGIN DATA----- +MIIB6KADAgECAgkAtUVxft6/Vc0wCgYIKoZIzj0EAwIwbzELMAkGA1UEBhMCQVUxEzARBgNVBAg +MClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEMMAoGA1UEAw +wDYWhhMRowGAYJKoZIhvcNAQkBFgtzdXBAZm9vLmNvbTAeFw0xNTA3MDIwMDM4MTRaFw0xNjA3M +DEwMDM4MTRaMG8xCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJ +bnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDDAKBgNVBAMMA2FoYTEaMBgGCSqGSIb3DQEJARYLc3V +wQGZvby5jb20wdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARcWEGL5Ype7F4r3IJsL2OoRyHCMI2xDh +FcCwnTugdn5CrPnlw0hjkECFxDRBhjmO/0GKYYv1K6FS45K5Lc+f2uuwgUZwWyKHLiQOvyurn7t +Fs3xtXTnuBbl6ZiMu28OxCjUDBOMB0GA1UdDgQWBBR6nDgtPalG2JvSlWzdGRCi/Cu7NjAfBgNV +HSMEGDAWgBR6nDgtPalG2JvSlWzdGRCi/Cu7NjAMBgNVHRMEBTADAQH/ +-----END DATA----- + + + +-----BEGIN SIGNATURE----- +A2kAMGYCMQCDwMSZVJZ8qThiNTV7VX57m8fdNnNS6cXIjRYoh4SozlYWmWGh87nhmJJCeD16jVM +CMQDkroAY8oNi8RxLUor+LozhhVgu24tu6lcp4MP8H3Zy8bBea5HerAd1AqJp3Ox7KDU= +-----END SIGNATURE----- + +$ openssl asn1parse -i < [SIGNATURE] + 0:d=0 hl=2 l= 105 prim: BIT STRING diff --git a/third-party/chromium/data/verify_signed_data/rsa-pkcs1-sha1-bad-key-der-length.pem b/third-party/chromium/data/verify_signed_data/rsa-pkcs1-sha1-bad-key-der-length.pem new file mode 100644 index 0000000..ef7967d --- /dev/null +++ b/third-party/chromium/data/verify_signed_data/rsa-pkcs1-sha1-bad-key-der-length.pem @@ -0,0 +1,44 @@ +Same test as rsa-pkcs1-sha1.pem except the length of the first SEQUENCE has +been increased by 2 (which makes it invalid). + + + +-----BEGIN PUBLIC KEY----- +MIOfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQClbkoOcBAXWJpRh9x+qEHRVvLsDjatUqRN/rH +mH3rZkdjFEFb/7bFitMDyg6EqiKOU3/Umq3KRy7MHzqv84LHf1c2VCAltWyuLbfXWce9jd8CSHL +I8Jwpw4lmOb/idGfEFrMLT8Ms18pKA4Thrb2TE7yLh4fINDOjP+yJJvZohNwIDAQAB +-----END PUBLIC KEY----- + +$ openssl asn1parse -i < [PUBLIC KEY] +Error in encoding + + + +-----BEGIN ALGORITHM----- +MA0GCSqGSIb3DQEBBQUA +-----END ALGORITHM----- + +$ openssl asn1parse -i < [ALGORITHM] + 0:d=0 hl=2 l= 13 cons: SEQUENCE + 2:d=1 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 13:d=1 hl=2 l= 0 prim: NULL + + + +-----BEGIN DATA----- +zch9oiPXht87ReC7vHITJtHuKvgGzDFUdcxvDZxm4bYjcdRc4jkuGskoRMMQEC8Vag2NUsH0xAu +jqmUJV4bLdpdXplY7qVj+0LzJhOi1F6PV9RWyO4pB50qoZ2k/kN+wYabobfqu5kRywA5fIJRXKc +vr538Gznjgj0CY+6QfnWGTwDF+i2DUtghKy0LSnjgIo7w3LYXjMRcPy/fMctC3HClmSLOk0Q9BY +pXQgHqmJcqydE/Z6o/SI8QlNwKYKL0WvgJUbxMP0uM7k20mduCK7RtzMYt1CgFn0A== +-----END DATA----- + + + +-----BEGIN SIGNATURE----- +A4GBAGvDoGZWhCkwokfjDVhktNgZI2unxollhirX28TiSvKOhrtTHwM1i+X7dHd8YIb4UMrviT8 +Nb8wtDJHsATaTtOoAuAzUmqxOy1+JEa/lOa2kqPOCPR0T5HLRSQVHxlnHYX89JAh9228rcglhZ/ +wJfKsY6aRY/LY0zc6O41iUxITX +-----END SIGNATURE----- + +$ openssl asn1parse -i < [SIGNATURE] + 0:d=0 hl=3 l= 129 prim: BIT STRING diff --git a/third-party/chromium/data/verify_signed_data/rsa-pkcs1-sha1-bad-key-der-null.pem b/third-party/chromium/data/verify_signed_data/rsa-pkcs1-sha1-bad-key-der-null.pem new file mode 100644 index 0000000..59559f4 --- /dev/null +++ b/third-party/chromium/data/verify_signed_data/rsa-pkcs1-sha1-bad-key-der-null.pem @@ -0,0 +1,52 @@ +Same test as rsa-pkcs1-sha1.pem except an extra NULL (0x05, 0x00) has been +appended to the SPKI. + +The DER can still be parsed, however it should fail due to the unconsumed data +at the end. + + + +-----BEGIN PUBLIC KEY----- +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQClbkoOcBAXWJpRh9x+qEHRVvLsDjatUqRN/rH +mH3rZkdjFEFb/7bFitMDyg6EqiKOU3/Umq3KRy7MHzqv84LHf1c2VCAltWyuLbfXWce9jd8CSHL +I8Jwpw4lmOb/idGfEFrMLT8Ms18pKA4Thrb2TE7yLh4fINDOjP+yJJvZohNwIDAQABBQA= +-----END PUBLIC KEY----- + +$ openssl asn1parse -i < [PUBLIC KEY] + 0:d=0 hl=3 l= 159 cons: SEQUENCE + 3:d=1 hl=2 l= 13 cons: SEQUENCE + 5:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption + 16:d=2 hl=2 l= 0 prim: NULL + 18:d=1 hl=3 l= 141 prim: BIT STRING + 162:d=0 hl=2 l= 0 prim: NULL + + + +-----BEGIN ALGORITHM----- +MA0GCSqGSIb3DQEBBQUA +-----END ALGORITHM----- + +$ openssl asn1parse -i < [ALGORITHM] + 0:d=0 hl=2 l= 13 cons: SEQUENCE + 2:d=1 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 13:d=1 hl=2 l= 0 prim: NULL + + + +-----BEGIN DATA----- +zch9oiPXht87ReC7vHITJtHuKvgGzDFUdcxvDZxm4bYjcdRc4jkuGskoRMMQEC8Vag2NUsH0xAu +jqmUJV4bLdpdXplY7qVj+0LzJhOi1F6PV9RWyO4pB50qoZ2k/kN+wYabobfqu5kRywA5fIJRXKc +vr538Gznjgj0CY+6QfnWGTwDF+i2DUtghKy0LSnjgIo7w3LYXjMRcPy/fMctC3HClmSLOk0Q9BY +pXQgHqmJcqydE/Z6o/SI8QlNwKYKL0WvgJUbxMP0uM7k20mduCK7RtzMYt1CgFn0A== +-----END DATA----- + + + +-----BEGIN SIGNATURE----- +A4GBAGvDoGZWhCkwokfjDVhktNgZI2unxollhirX28TiSvKOhrtTHwM1i+X7dHd8YIb4UMrviT8 +Nb8wtDJHsATaTtOoAuAzUmqxOy1+JEa/lOa2kqPOCPR0T5HLRSQVHxlnHYX89JAh9228rcglhZ/ +wJfKsY6aRY/LY0zc6O41iUxITX +-----END SIGNATURE----- + +$ openssl asn1parse -i < [SIGNATURE] + 0:d=0 hl=3 l= 129 prim: BIT STRING diff --git a/third-party/chromium/data/verify_signed_data/rsa-pkcs1-sha1-key-params-absent.pem b/third-party/chromium/data/verify_signed_data/rsa-pkcs1-sha1-key-params-absent.pem new file mode 100644 index 0000000..10cc3d0 --- /dev/null +++ b/third-party/chromium/data/verify_signed_data/rsa-pkcs1-sha1-key-params-absent.pem @@ -0,0 +1,49 @@ +Same test as rsa-pkcs1-sha1.pem, except the SPKI has been modified so the +algorithm parameters are absent rather than NULL. + +This should fail because RFC 3279 says the parameters MUST be NULL. + + + +-----BEGIN PUBLIC KEY----- +MIGdMAsGCSqGSIb3DQEBAQOBjQAwgYkCgYEApW5KDnAQF1iaUYfcfqhB0Vby7A42rVKkTf6x5h9 +62ZHYxRBW/+2xYrTA8oOhKoijlN/1JqtykcuzB86r/OCx39XNlQgJbVsri2311nHvY3fAkhyyPC +cKcOJZjm/4nRnxBazC0/DLNfKSgOE4a29kxO8i4eHyDQzoz/siSb2aITcCAwEAAQ== +-----END PUBLIC KEY----- + +$ openssl asn1parse -i < [PUBLIC KEY] + 0:d=0 hl=3 l= 157 cons: SEQUENCE + 3:d=1 hl=2 l= 11 cons: SEQUENCE + 5:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption + 16:d=1 hl=3 l= 141 prim: BIT STRING + + + +-----BEGIN ALGORITHM----- +MA0GCSqGSIb3DQEBBQUA +-----END ALGORITHM----- + +$ openssl asn1parse -i < [ALGORITHM] + 0:d=0 hl=2 l= 13 cons: SEQUENCE + 2:d=1 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 13:d=1 hl=2 l= 0 prim: NULL + + + +-----BEGIN DATA----- +zch9oiPXht87ReC7vHITJtHuKvgGzDFUdcxvDZxm4bYjcdRc4jkuGskoRMMQEC8Vag2NUsH0xAu +jqmUJV4bLdpdXplY7qVj+0LzJhOi1F6PV9RWyO4pB50qoZ2k/kN+wYabobfqu5kRywA5fIJRXKc +vr538Gznjgj0CY+6QfnWGTwDF+i2DUtghKy0LSnjgIo7w3LYXjMRcPy/fMctC3HClmSLOk0Q9BY +pXQgHqmJcqydE/Z6o/SI8QlNwKYKL0WvgJUbxMP0uM7k20mduCK7RtzMYt1CgFn0A== +-----END DATA----- + + + +-----BEGIN SIGNATURE----- +A4GBAGvDoGZWhCkwokfjDVhktNgZI2unxollhirX28TiSvKOhrtTHwM1i+X7dHd8YIb4UMrviT8 +Nb8wtDJHsATaTtOoAuAzUmqxOy1+JEa/lOa2kqPOCPR0T5HLRSQVHxlnHYX89JAh9228rcglhZ/ +wJfKsY6aRY/LY0zc6O41iUxITX +-----END SIGNATURE----- + +$ openssl asn1parse -i < [SIGNATURE] + 0:d=0 hl=3 l= 129 prim: BIT STRING diff --git a/third-party/chromium/data/verify_signed_data/rsa-pkcs1-sha1-using-pss-key-no-params.pem b/third-party/chromium/data/verify_signed_data/rsa-pkcs1-sha1-using-pss-key-no-params.pem new file mode 100644 index 0000000..0dfff97 --- /dev/null +++ b/third-party/chromium/data/verify_signed_data/rsa-pkcs1-sha1-using-pss-key-no-params.pem @@ -0,0 +1,51 @@ +This is the same test as rsa-pkcs1-sha1.pem, except the SPKI has been modified +so that the key algorithm is rsaPss (1.2.840.113549.1.1.10) with absent +parameters. + +Subsequently this should fail, as a PSS key should not be used with a signature +algorithm for PKCS#1 v1.5. + + + +-----BEGIN PUBLIC KEY----- +MIGdMAsGCSqGSIb3DQEBCgOBjQAwgYkCgYEApW5KDnAQF1iaUYfcfqhB0Vby7A42rVKkTf6x5h9 +62ZHYxRBW/+2xYrTA8oOhKoijlN/1JqtykcuzB86r/OCx39XNlQgJbVsri2311nHvY3fAkhyyPC +cKcOJZjm/4nRnxBazC0/DLNfKSgOE4a29kxO8i4eHyDQzoz/siSb2aITcCAwEAAQ== +-----END PUBLIC KEY----- + +$ openssl asn1parse -i < [PUBLIC KEY] + 0:d=0 hl=3 l= 157 cons: SEQUENCE + 3:d=1 hl=2 l= 11 cons: SEQUENCE + 5:d=2 hl=2 l= 9 prim: OBJECT :rsassaPss + 16:d=1 hl=3 l= 141 prim: BIT STRING + + + +-----BEGIN ALGORITHM----- +MA0GCSqGSIb3DQEBBQUA +-----END ALGORITHM----- + +$ openssl asn1parse -i < [ALGORITHM] + 0:d=0 hl=2 l= 13 cons: SEQUENCE + 2:d=1 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 13:d=1 hl=2 l= 0 prim: NULL + + + +-----BEGIN DATA----- +zch9oiPXht87ReC7vHITJtHuKvgGzDFUdcxvDZxm4bYjcdRc4jkuGskoRMMQEC8Vag2NUsH0xAu +jqmUJV4bLdpdXplY7qVj+0LzJhOi1F6PV9RWyO4pB50qoZ2k/kN+wYabobfqu5kRywA5fIJRXKc +vr538Gznjgj0CY+6QfnWGTwDF+i2DUtghKy0LSnjgIo7w3LYXjMRcPy/fMctC3HClmSLOk0Q9BY +pXQgHqmJcqydE/Z6o/SI8QlNwKYKL0WvgJUbxMP0uM7k20mduCK7RtzMYt1CgFn0A== +-----END DATA----- + + + +-----BEGIN SIGNATURE----- +A4GBAGvDoGZWhCkwokfjDVhktNgZI2unxollhirX28TiSvKOhrtTHwM1i+X7dHd8YIb4UMrviT8 +Nb8wtDJHsATaTtOoAuAzUmqxOy1+JEa/lOa2kqPOCPR0T5HLRSQVHxlnHYX89JAh9228rcglhZ/ +wJfKsY6aRY/LY0zc6O41iUxITX +-----END SIGNATURE----- + +$ openssl asn1parse -i < [SIGNATURE] + 0:d=0 hl=3 l= 129 prim: BIT STRING diff --git a/third-party/chromium/data/verify_signed_data/rsa-pkcs1-sha1-wrong-algorithm.pem b/third-party/chromium/data/verify_signed_data/rsa-pkcs1-sha1-wrong-algorithm.pem new file mode 100644 index 0000000..9aaedba --- /dev/null +++ b/third-party/chromium/data/verify_signed_data/rsa-pkcs1-sha1-wrong-algorithm.pem @@ -0,0 +1,48 @@ +This is the same as rsa-pkcs1-sha1.pem, however the ALGORITHM has been change +to have SHA256 instead of SHA1. Using this algorithm verification should fail. + + + +-----BEGIN PUBLIC KEY----- +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQClbkoOcBAXWJpRh9x+qEHRVvLsDjatUqRN/rH +mH3rZkdjFEFb/7bFitMDyg6EqiKOU3/Umq3KRy7MHzqv84LHf1c2VCAltWyuLbfXWce9jd8CSHL +I8Jwpw4lmOb/idGfEFrMLT8Ms18pKA4Thrb2TE7yLh4fINDOjP+yJJvZohNwIDAQAB +-----END PUBLIC KEY----- + +$ openssl asn1parse -i < [PUBLIC KEY] + 0:d=0 hl=3 l= 159 cons: SEQUENCE + 3:d=1 hl=2 l= 13 cons: SEQUENCE + 5:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption + 16:d=2 hl=2 l= 0 prim: NULL + 18:d=1 hl=3 l= 141 prim: BIT STRING + + + +-----BEGIN ALGORITHM----- +MA0GCSqGSIb3DQEBCwUA +-----END ALGORITHM----- + +$ openssl asn1parse -i < [ALGORITHM] + 0:d=0 hl=2 l= 13 cons: SEQUENCE + 2:d=1 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption + 13:d=1 hl=2 l= 0 prim: NULL + + + +-----BEGIN DATA----- +zch9oiPXht87ReC7vHITJtHuKvgGzDFUdcxvDZxm4bYjcdRc4jkuGskoRMMQEC8Vag2NUsH0xAu +jqmUJV4bLdpdXplY7qVj+0LzJhOi1F6PV9RWyO4pB50qoZ2k/kN+wYabobfqu5kRywA5fIJRXKc +vr538Gznjgj0CY+6QfnWGTwDF+i2DUtghKy0LSnjgIo7w3LYXjMRcPy/fMctC3HClmSLOk0Q9BY +pXQgHqmJcqydE/Z6o/SI8QlNwKYKL0WvgJUbxMP0uM7k20mduCK7RtzMYt1CgFn0A== +-----END DATA----- + + + +-----BEGIN SIGNATURE----- +A4GBAGvDoGZWhCkwokfjDVhktNgZI2unxollhirX28TiSvKOhrtTHwM1i+X7dHd8YIb4UMrviT8 +Nb8wtDJHsATaTtOoAuAzUmqxOy1+JEa/lOa2kqPOCPR0T5HLRSQVHxlnHYX89JAh9228rcglhZ/ +wJfKsY6aRY/LY0zc6O41iUxITX +-----END SIGNATURE----- + +$ openssl asn1parse -i < [SIGNATURE] + 0:d=0 hl=3 l= 129 prim: BIT STRING diff --git a/third-party/chromium/data/verify_signed_data/rsa-pkcs1-sha1.pem b/third-party/chromium/data/verify_signed_data/rsa-pkcs1-sha1.pem new file mode 100644 index 0000000..0972aca --- /dev/null +++ b/third-party/chromium/data/verify_signed_data/rsa-pkcs1-sha1.pem @@ -0,0 +1,53 @@ +The key, message, and signature come from Example 1 of: +ftp://ftp.rsa.com/pub/rsalabs/tmp/pkcs1v15sign-vectors.txt + +(The algorithm DER was synthesized to match, and the signature enclosed in a BIT STRING). + +It uses an RSA key with modulus length of 1024 bits, PKCS#1 v1.5 padding, and +SHA-1 as the digest. + + + +-----BEGIN PUBLIC KEY----- +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQClbkoOcBAXWJpRh9x+qEHRVvLsDjatUqRN/rH +mH3rZkdjFEFb/7bFitMDyg6EqiKOU3/Umq3KRy7MHzqv84LHf1c2VCAltWyuLbfXWce9jd8CSHL +I8Jwpw4lmOb/idGfEFrMLT8Ms18pKA4Thrb2TE7yLh4fINDOjP+yJJvZohNwIDAQAB +-----END PUBLIC KEY----- + +$ openssl asn1parse -i < [PUBLIC KEY] + 0:d=0 hl=3 l= 159 cons: SEQUENCE + 3:d=1 hl=2 l= 13 cons: SEQUENCE + 5:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption + 16:d=2 hl=2 l= 0 prim: NULL + 18:d=1 hl=3 l= 141 prim: BIT STRING + + + +-----BEGIN ALGORITHM----- +MA0GCSqGSIb3DQEBBQUA +-----END ALGORITHM----- + +$ openssl asn1parse -i < [ALGORITHM] + 0:d=0 hl=2 l= 13 cons: SEQUENCE + 2:d=1 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption + 13:d=1 hl=2 l= 0 prim: NULL + + + +-----BEGIN DATA----- +zch9oiPXht87ReC7vHITJtHuKvgGzDFUdcxvDZxm4bYjcdRc4jkuGskoRMMQEC8Vag2NUsH0xAu +jqmUJV4bLdpdXplY7qVj+0LzJhOi1F6PV9RWyO4pB50qoZ2k/kN+wYabobfqu5kRywA5fIJRXKc +vr538Gznjgj0CY+6QfnWGTwDF+i2DUtghKy0LSnjgIo7w3LYXjMRcPy/fMctC3HClmSLOk0Q9BY +pXQgHqmJcqydE/Z6o/SI8QlNwKYKL0WvgJUbxMP0uM7k20mduCK7RtzMYt1CgFn0A== +-----END DATA----- + + + +-----BEGIN SIGNATURE----- +A4GBAGvDoGZWhCkwokfjDVhktNgZI2unxollhirX28TiSvKOhrtTHwM1i+X7dHd8YIb4UMrviT8 +Nb8wtDJHsATaTtOoAuAzUmqxOy1+JEa/lOa2kqPOCPR0T5HLRSQVHxlnHYX89JAh9228rcglhZ/ +wJfKsY6aRY/LY0zc6O41iUxITX +-----END SIGNATURE----- + +$ openssl asn1parse -i < [SIGNATURE] + 0:d=0 hl=3 l= 129 prim: BIT STRING diff --git a/third-party/chromium/data/verify_signed_data/rsa-pkcs1-sha256-key-encoded-ber.pem b/third-party/chromium/data/verify_signed_data/rsa-pkcs1-sha256-key-encoded-ber.pem new file mode 100644 index 0000000..2a8db4a --- /dev/null +++ b/third-party/chromium/data/verify_signed_data/rsa-pkcs1-sha256-key-encoded-ber.pem @@ -0,0 +1,62 @@ +This is the same test as rsa-pkcs1-sha256.pem except the SPKI has been encoded +using a non-minimal length for the outtermost SEQUENCE. + +Under DER, the tag-length-value encodings should be minimal and hence this should fail. + +Specifically the SPKI start was changed from: + 30 81 9f +To: + 30 82 00 9f + +(the length of 0x9F is being expressed using 2 bytes instead of 1) + + + +-----BEGIN PUBLIC KEY----- +MIIAnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqkfgdjI9YqzadSZ2Ns0CEEUD8+8m7OplIx0 +94X+QD8mooNrunwT04asbLIINGL4qiI/+9IVSvyV3Kj9c4EeQIbANGoJ8AI3wf6MOBB/txxGFed +qqcTffKVMQvtZdoYFbZ/MQkvyRsoyvunb/pWcN4sSaF9kY1bXSeP3J99fBIYUCAwEAAQ== +-----END PUBLIC KEY----- + +$ openssl asn1parse -i < [PUBLIC KEY] + 0:d=0 hl=4 l= 159 cons: SEQUENCE + 4:d=1 hl=2 l= 13 cons: SEQUENCE + 6:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption + 17:d=2 hl=2 l= 0 prim: NULL + 19:d=1 hl=3 l= 141 prim: BIT STRING + + + +-----BEGIN ALGORITHM----- +MA0GCSqGSIb3DQEBCwUA +-----END ALGORITHM----- + +$ openssl asn1parse -i < [ALGORITHM] + 0:d=0 hl=2 l= 13 cons: SEQUENCE + 2:d=1 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption + 13:d=1 hl=2 l= 0 prim: NULL + + + +-----BEGIN DATA----- +MIIB46ADAgECAgkA3l4tFOVii0UwDQYJKoZIhvcNAQELBQAwVjELMAkGA1UEBhMCQVUxEzARBgN +VBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1 +UEAwwGTXkga2V5MB4XDTE1MDcwMjE3MDYzOVoXDTE2MDcwMTE3MDYzOVowVjELMAkGA1UEBhMCQ +VUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0 +ZDEPMA0GA1UEAwwGTXkga2V5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqR+B2Mj1irNp +1JnY2zQIQRQPz7ybs6mUjHT3hf5APyaig2u6fBPThqxssgg0YviqIj/70hVK/JXcqP1zgR5AhsA +0agnwAjfB/ow4EH+3HEYV52qpxN98pUxC+1l2hgVtn8xCS/JGyjK+6dv+lZw3ixJoX2RjVtdJ4/ +cn318EhhQIDAQABo1AwTjAdBgNVHQ4EFgQUzQBVKTEknyLndWd2HTsBdTKvyikwHwYDVR0jBBgw +FoAUzQBVKTEknyLndWd2HTsBdTKvyikwDAYDVR0TBAUwAwEB/w== +-----END DATA----- + + + +-----BEGIN SIGNATURE----- +A4GBADrHSmFSJw/Gv7hs5PNzpaJwAri/sitarIZfzN/SjR+n8L8yeTEoiDb1+BkxlFvXvPHTaOK +oO3WlslNNOxh1W5/JkYYGOUkCcyIjnln6qS560imcr3VNjomT/M8M2Iss+rJiKau1TRuaP7H8i6 ++Gqf3saGdr8/LnvFAdNQvkalQt +-----END SIGNATURE----- + +$ openssl asn1parse -i < [SIGNATURE] + 0:d=0 hl=3 l= 129 prim: BIT STRING diff --git a/third-party/chromium/data/verify_signed_data/rsa-pkcs1-sha256-spki-non-null-params.pem b/third-party/chromium/data/verify_signed_data/rsa-pkcs1-sha256-spki-non-null-params.pem new file mode 100644 index 0000000..4e7fc96 --- /dev/null +++ b/third-party/chromium/data/verify_signed_data/rsa-pkcs1-sha256-spki-non-null-params.pem @@ -0,0 +1,59 @@ +This is the same test as rsa-pkcs1-sha256.pem except the SPKI has been tampered +with. The parameters have been changed from NULL to an INTEGER. + +This was done by changing: + + 05 00 (NULL) +To: + 02 00 (INTEGER) + + + +-----BEGIN PUBLIC KEY----- +MIGfMA0GCSqGSIb3DQEBAQIAA4GNADCBiQKBgQCqR+B2Mj1irNp1JnY2zQIQRQPz7ybs6mUjHT3 +hf5APyaig2u6fBPThqxssgg0YviqIj/70hVK/JXcqP1zgR5AhsA0agnwAjfB/ow4EH+3HEYV52q +pxN98pUxC+1l2hgVtn8xCS/JGyjK+6dv+lZw3ixJoX2RjVtdJ4/cn318EhhQIDAQAB +-----END PUBLIC KEY----- + +$ openssl asn1parse -i < [PUBLIC KEY] + 0:d=0 hl=3 l= 159 cons: SEQUENCE + 3:d=1 hl=2 l= 13 cons: SEQUENCE + 5:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption + 16:d=2 hl=2 l= 0 prim: INTEGER :00 + 18:d=1 hl=3 l= 141 prim: BIT STRING + + + +-----BEGIN ALGORITHM----- +MA0GCSqGSIb3DQEBCwUA +-----END ALGORITHM----- + +$ openssl asn1parse -i < [ALGORITHM] + 0:d=0 hl=2 l= 13 cons: SEQUENCE + 2:d=1 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption + 13:d=1 hl=2 l= 0 prim: NULL + + + +-----BEGIN DATA----- +MIIB46ADAgECAgkA3l4tFOVii0UwDQYJKoZIhvcNAQELBQAwVjELMAkGA1UEBhMCQVUxEzARBgN +VBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1 +UEAwwGTXkga2V5MB4XDTE1MDcwMjE3MDYzOVoXDTE2MDcwMTE3MDYzOVowVjELMAkGA1UEBhMCQ +VUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0 +ZDEPMA0GA1UEAwwGTXkga2V5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqR+B2Mj1irNp +1JnY2zQIQRQPz7ybs6mUjHT3hf5APyaig2u6fBPThqxssgg0YviqIj/70hVK/JXcqP1zgR5AhsA +0agnwAjfB/ow4EH+3HEYV52qpxN98pUxC+1l2hgVtn8xCS/JGyjK+6dv+lZw3ixJoX2RjVtdJ4/ +cn318EhhQIDAQABo1AwTjAdBgNVHQ4EFgQUzQBVKTEknyLndWd2HTsBdTKvyikwHwYDVR0jBBgw +FoAUzQBVKTEknyLndWd2HTsBdTKvyikwDAYDVR0TBAUwAwEB/w== +-----END DATA----- + + + +-----BEGIN SIGNATURE----- +A4GBADrHSmFSJw/Gv7hs5PNzpaJwAri/sitarIZfzN/SjR+n8L8yeTEoiDb1+BkxlFvXvPHTaOK +oO3WlslNNOxh1W5/JkYYGOUkCcyIjnln6qS560imcr3VNjomT/M8M2Iss+rJiKau1TRuaP7H8i6 ++Gqf3saGdr8/LnvFAdNQvkalQt +-----END SIGNATURE----- + +$ openssl asn1parse -i < [SIGNATURE] + 0:d=0 hl=3 l= 129 prim: BIT STRING diff --git a/third-party/chromium/data/verify_signed_data/rsa-pkcs1-sha256-using-ecdsa-algorithm.pem b/third-party/chromium/data/verify_signed_data/rsa-pkcs1-sha256-using-ecdsa-algorithm.pem new file mode 100644 index 0000000..a9b9eb9 --- /dev/null +++ b/third-party/chromium/data/verify_signed_data/rsa-pkcs1-sha256-using-ecdsa-algorithm.pem @@ -0,0 +1,55 @@ +This test specified a valid RSA PKCS#1 v.1.5 signature and RSA key (the same as rsa-pkcs1-sha256.pem). + +The problem however is the signature algorithm is indicated as being ECDSA. + +Signature verification consequently should fail. + + + +-----BEGIN PUBLIC KEY----- +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqR+B2Mj1irNp1JnY2zQIQRQPz7ybs6mUjHT3 +hf5APyaig2u6fBPThqxssgg0YviqIj/70hVK/JXcqP1zgR5AhsA0agnwAjfB/ow4EH+3HEYV52q +pxN98pUxC+1l2hgVtn8xCS/JGyjK+6dv+lZw3ixJoX2RjVtdJ4/cn318EhhQIDAQAB +-----END PUBLIC KEY----- + +$ openssl asn1parse -i < [PUBLIC KEY] + 0:d=0 hl=3 l= 159 cons: SEQUENCE + 3:d=1 hl=2 l= 13 cons: SEQUENCE + 5:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption + 16:d=2 hl=2 l= 0 prim: NULL + 18:d=1 hl=3 l= 141 prim: BIT STRING + + + +-----BEGIN ALGORITHM----- +MAoGCCqGSM49BAMC +-----END ALGORITHM----- + +$ openssl asn1parse -i < [ALGORITHM] + 0:d=0 hl=2 l= 10 cons: SEQUENCE + 2:d=1 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256 + + + +-----BEGIN DATA----- +MIIB46ADAgECAgkA3l4tFOVii0UwDQYJKoZIhvcNAQELBQAwVjELMAkGA1UEBhMCQVUxEzARBgN +VBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1 +UEAwwGTXkga2V5MB4XDTE1MDcwMjE3MDYzOVoXDTE2MDcwMTE3MDYzOVowVjELMAkGA1UEBhMCQ +VUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0 +ZDEPMA0GA1UEAwwGTXkga2V5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqR+B2Mj1irNp +1JnY2zQIQRQPz7ybs6mUjHT3hf5APyaig2u6fBPThqxssgg0YviqIj/70hVK/JXcqP1zgR5AhsA +0agnwAjfB/ow4EH+3HEYV52qpxN98pUxC+1l2hgVtn8xCS/JGyjK+6dv+lZw3ixJoX2RjVtdJ4/ +cn318EhhQIDAQABo1AwTjAdBgNVHQ4EFgQUzQBVKTEknyLndWd2HTsBdTKvyikwHwYDVR0jBBgw +FoAUzQBVKTEknyLndWd2HTsBdTKvyikwDAYDVR0TBAUwAwEB/w== +-----END DATA----- + + + +-----BEGIN SIGNATURE----- +A4GBADrHSmFSJw/Gv7hs5PNzpaJwAri/sitarIZfzN/SjR+n8L8yeTEoiDb1+BkxlFvXvPHTaOK +oO3WlslNNOxh1W5/JkYYGOUkCcyIjnln6qS560imcr3VNjomT/M8M2Iss+rJiKau1TRuaP7H8i6 ++Gqf3saGdr8/LnvFAdNQvkalQt +-----END SIGNATURE----- + +$ openssl asn1parse -i < [SIGNATURE] + 0:d=0 hl=3 l= 129 prim: BIT STRING diff --git a/third-party/chromium/data/verify_signed_data/rsa-pkcs1-sha256-using-id-ea-rsa.pem b/third-party/chromium/data/verify_signed_data/rsa-pkcs1-sha256-using-id-ea-rsa.pem new file mode 100644 index 0000000..dd5d39c --- /dev/null +++ b/third-party/chromium/data/verify_signed_data/rsa-pkcs1-sha256-using-id-ea-rsa.pem @@ -0,0 +1,54 @@ +This is the same test as rsa-pkcs1-sha256.pem except the SPKI has been tampered +with. Rather than using an rsaEncryption OID for the key's algorithm, it uses +id-ea-rsa (2.5.8.1.1). + + + +-----BEGIN PUBLIC KEY----- +MIGaMAgGBFUIAQEFAAOBjQAwgYkCgYEAqkfgdjI9YqzadSZ2Ns0CEEUD8+8m7OplIx094X+QD8m +ooNrunwT04asbLIINGL4qiI/+9IVSvyV3Kj9c4EeQIbANGoJ8AI3wf6MOBB/txxGFedqqcTffKV +MQvtZdoYFbZ/MQkvyRsoyvunb/pWcN4sSaF9kY1bXSeP3J99fBIYUCAwEAAQ== +-----END PUBLIC KEY----- + +$ openssl asn1parse -i < [PUBLIC KEY] + 0:d=0 hl=3 l= 154 cons: SEQUENCE + 3:d=1 hl=2 l= 8 cons: SEQUENCE + 5:d=2 hl=2 l= 4 prim: OBJECT :rsa + 11:d=2 hl=2 l= 0 prim: NULL + 13:d=1 hl=3 l= 141 prim: BIT STRING + + + +-----BEGIN ALGORITHM----- +MA0GCSqGSIb3DQEBCwUA +-----END ALGORITHM----- + +$ openssl asn1parse -i < [ALGORITHM] + 0:d=0 hl=2 l= 13 cons: SEQUENCE + 2:d=1 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption + 13:d=1 hl=2 l= 0 prim: NULL + + + +-----BEGIN DATA----- +MIIB46ADAgECAgkA3l4tFOVii0UwDQYJKoZIhvcNAQELBQAwVjELMAkGA1UEBhMCQVUxEzARBgN +VBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1 +UEAwwGTXkga2V5MB4XDTE1MDcwMjE3MDYzOVoXDTE2MDcwMTE3MDYzOVowVjELMAkGA1UEBhMCQ +VUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0 +ZDEPMA0GA1UEAwwGTXkga2V5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqR+B2Mj1irNp +1JnY2zQIQRQPz7ybs6mUjHT3hf5APyaig2u6fBPThqxssgg0YviqIj/70hVK/JXcqP1zgR5AhsA +0agnwAjfB/ow4EH+3HEYV52qpxN98pUxC+1l2hgVtn8xCS/JGyjK+6dv+lZw3ixJoX2RjVtdJ4/ +cn318EhhQIDAQABo1AwTjAdBgNVHQ4EFgQUzQBVKTEknyLndWd2HTsBdTKvyikwHwYDVR0jBBgw +FoAUzQBVKTEknyLndWd2HTsBdTKvyikwDAYDVR0TBAUwAwEB/w== +-----END DATA----- + + + +-----BEGIN SIGNATURE----- +A4GBADrHSmFSJw/Gv7hs5PNzpaJwAri/sitarIZfzN/SjR+n8L8yeTEoiDb1+BkxlFvXvPHTaOK +oO3WlslNNOxh1W5/JkYYGOUkCcyIjnln6qS560imcr3VNjomT/M8M2Iss+rJiKau1TRuaP7H8i6 ++Gqf3saGdr8/LnvFAdNQvkalQt +-----END SIGNATURE----- + +$ openssl asn1parse -i < [SIGNATURE] + 0:d=0 hl=3 l= 129 prim: BIT STRING diff --git a/third-party/chromium/data/verify_signed_data/rsa-pkcs1-sha256.pem b/third-party/chromium/data/verify_signed_data/rsa-pkcs1-sha256.pem new file mode 100644 index 0000000..8509111 --- /dev/null +++ b/third-party/chromium/data/verify_signed_data/rsa-pkcs1-sha256.pem @@ -0,0 +1,86 @@ +This test data was produced by creating a self-signed EC cert using OpenSSL, +and then extracting the relevant fields. + +It uses RSA PKCS#1 v1.5 with SHA-256 and a 1024-bit key. + +(1) Generate self-signed certificate + + openssl genrsa -out rsa_key.pem 1024 + openssl req -new -key rsa_key.pem -x509 -nodes -days 365 -out cert.pem + +(2) Extract public key + + openssl x509 -in cert.pem -pubkey -noout > pubkey.pem + cat pubkey.pem + +(3) Extract signed data (tbsCertificate) + + openssl asn1parse -in cert.pem -out tbs -noout -strparse 4 + base64 tbs + +(4) Extract signature algorithm + + # Find the offset of the signature algorithm near the end (491 in this case) + openssl asn1parse -in cert.pem + + openssl asn1parse -in cert.pem -out alg -noout -strparse 491 + base64 alg + +(5) Extract the signature + + # Find the final offset of BIT STRING (506 in this case) + openssl asn1parse -in cert.pem + + openssl asn1parse -in cert.pem -out sig -noout -strparse 506 + base64 sig + + + +-----BEGIN PUBLIC KEY----- +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqR+B2Mj1irNp1JnY2zQIQRQPz7ybs6mUjHT3 +hf5APyaig2u6fBPThqxssgg0YviqIj/70hVK/JXcqP1zgR5AhsA0agnwAjfB/ow4EH+3HEYV52q +pxN98pUxC+1l2hgVtn8xCS/JGyjK+6dv+lZw3ixJoX2RjVtdJ4/cn318EhhQIDAQAB +-----END PUBLIC KEY----- + +$ openssl asn1parse -i < [PUBLIC KEY] + 0:d=0 hl=3 l= 159 cons: SEQUENCE + 3:d=1 hl=2 l= 13 cons: SEQUENCE + 5:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption + 16:d=2 hl=2 l= 0 prim: NULL + 18:d=1 hl=3 l= 141 prim: BIT STRING + + + +-----BEGIN ALGORITHM----- +MA0GCSqGSIb3DQEBCwUA +-----END ALGORITHM----- + +$ openssl asn1parse -i < [ALGORITHM] + 0:d=0 hl=2 l= 13 cons: SEQUENCE + 2:d=1 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption + 13:d=1 hl=2 l= 0 prim: NULL + + + +-----BEGIN DATA----- +MIIB46ADAgECAgkA3l4tFOVii0UwDQYJKoZIhvcNAQELBQAwVjELMAkGA1UEBhMCQVUxEzARBgN +VBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1 +UEAwwGTXkga2V5MB4XDTE1MDcwMjE3MDYzOVoXDTE2MDcwMTE3MDYzOVowVjELMAkGA1UEBhMCQ +VUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0 +ZDEPMA0GA1UEAwwGTXkga2V5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqR+B2Mj1irNp +1JnY2zQIQRQPz7ybs6mUjHT3hf5APyaig2u6fBPThqxssgg0YviqIj/70hVK/JXcqP1zgR5AhsA +0agnwAjfB/ow4EH+3HEYV52qpxN98pUxC+1l2hgVtn8xCS/JGyjK+6dv+lZw3ixJoX2RjVtdJ4/ +cn318EhhQIDAQABo1AwTjAdBgNVHQ4EFgQUzQBVKTEknyLndWd2HTsBdTKvyikwHwYDVR0jBBgw +FoAUzQBVKTEknyLndWd2HTsBdTKvyikwDAYDVR0TBAUwAwEB/w== +-----END DATA----- + + + +-----BEGIN SIGNATURE----- +A4GBADrHSmFSJw/Gv7hs5PNzpaJwAri/sitarIZfzN/SjR+n8L8yeTEoiDb1+BkxlFvXvPHTaOK +oO3WlslNNOxh1W5/JkYYGOUkCcyIjnln6qS560imcr3VNjomT/M8M2Iss+rJiKau1TRuaP7H8i6 ++Gqf3saGdr8/LnvFAdNQvkalQt +-----END SIGNATURE----- + +$ openssl asn1parse -i < [SIGNATURE] + 0:d=0 hl=3 l= 129 prim: BIT STRING diff --git a/third-party/chromium/data/verify_signed_data/rsa-pss-sha1-salt20-using-pss-key-no-params.pem b/third-party/chromium/data/verify_signed_data/rsa-pss-sha1-salt20-using-pss-key-no-params.pem new file mode 100644 index 0000000..503cc2e --- /dev/null +++ b/third-party/chromium/data/verify_signed_data/rsa-pss-sha1-salt20-using-pss-key-no-params.pem @@ -0,0 +1,48 @@ +This is the same test as rsa-pss-sha1-salt20.pem, except the public key's +algorithm identifier has been changed from rsaEncryption (1.2.840.113549.1.1.1) +to rsaPss (1.2.840.113549.1.1.10). + + + +-----BEGIN PUBLIC KEY----- +MIGdMAsGCSqGSIb3DQEBCgOBjQAwgYkCgYEApW5KDnAQF1iaUYfcfqhB0Vby7A42rVKkTf6x5h9 +62ZHYxRBW/+2xYrTA8oOhKoijlN/1JqtykcuzB86r/OCx39XNlQgJbVsri2311nHvY3fAkhyyPC +cKcOJZjm/4nRnxBazC0/DLNfKSgOE4a29kxO8i4eHyDQzoz/siSb2aITcCAwEAAQ== +-----END PUBLIC KEY----- + +$ openssl asn1parse -i < [PUBLIC KEY] + 0:d=0 hl=3 l= 157 cons: SEQUENCE + 3:d=1 hl=2 l= 11 cons: SEQUENCE + 5:d=2 hl=2 l= 9 prim: OBJECT :rsassaPss + 16:d=1 hl=3 l= 141 prim: BIT STRING + + + +-----BEGIN ALGORITHM----- +MA0GCSqGSIb3DQEBCjAA +-----END ALGORITHM----- + +$ openssl asn1parse -i < [ALGORITHM] + 0:d=0 hl=2 l= 13 cons: SEQUENCE + 2:d=1 hl=2 l= 9 prim: OBJECT :rsassaPss + 13:d=1 hl=2 l= 0 cons: SEQUENCE + + + +-----BEGIN DATA----- +zch9oiPXht87ReC7vHITJtHuKvgGzDFUdcxvDZxm4bYjcdRc4jkuGskoRMMQEC8Vag2NUsH0xAu +jqmUJV4bLdpdXplY7qVj+0LzJhOi1F6PV9RWyO4pB50qoZ2k/kN+wYabobfqu5kRywA5fIJRXKc +vr538Gznjgj0CY+6QfnWGTwDF+i2DUtghKy0LSnjgIo7w3LYXjMRcPy/fMctC3HClmSLOk0Q9BY +pXQgHqmJcqydE/Z6o/SI8QlNwKYKL0WvgJUbxMP0uM7k20mduCK7RtzMYt1CgFn0A== +-----END DATA----- + + + +-----BEGIN SIGNATURE----- +A4GBAJB0MI+1mOlwGyKUOI5S+XH6rCtgpRRa8YXfUoe17SiH5Xzn/UTchjTkB8jg5DYLwibz7CJ +/nZ5UY46NMfUFEhXfbrucL5V5qndZijj5FLW5wb2DxOL584Kg0Ko1Qv/uZZhKYBvGnrKN6yfcoS +yCwtTD9mzVAPH/K5lNik4wy7M8 +-----END SIGNATURE----- + +$ openssl asn1parse -i < [SIGNATURE] + 0:d=0 hl=3 l= 129 prim: BIT STRING diff --git a/third-party/chromium/data/verify_signed_data/rsa-pss-sha1-salt20-using-pss-key-with-null-params.pem b/third-party/chromium/data/verify_signed_data/rsa-pss-sha1-salt20-using-pss-key-with-null-params.pem new file mode 100644 index 0000000..222614b --- /dev/null +++ b/third-party/chromium/data/verify_signed_data/rsa-pss-sha1-salt20-using-pss-key-with-null-params.pem @@ -0,0 +1,50 @@ +This is the same test as rsa-pss-sha1-salt20.pem, except the public key's +algorithm identifier has been changed from rsaEncryption (1.2.840.113549.1.1.1) +to rsaPss (1.2.840.113549.1.1.10). Note that the PSS parameters have been +encoded as NULL which is incorrect. + + + +-----BEGIN PUBLIC KEY----- +MIGfMA0GCSqGSIb3DQEBCgUAA4GNADCBiQKBgQClbkoOcBAXWJpRh9x+qEHRVvLsDjatUqRN/rH +mH3rZkdjFEFb/7bFitMDyg6EqiKOU3/Umq3KRy7MHzqv84LHf1c2VCAltWyuLbfXWce9jd8CSHL +I8Jwpw4lmOb/idGfEFrMLT8Ms18pKA4Thrb2TE7yLh4fINDOjP+yJJvZohNwIDAQAB +-----END PUBLIC KEY----- + +$ openssl asn1parse -i < [PUBLIC KEY] + 0:d=0 hl=3 l= 159 cons: SEQUENCE + 3:d=1 hl=2 l= 13 cons: SEQUENCE + 5:d=2 hl=2 l= 9 prim: OBJECT :rsassaPss + 16:d=2 hl=2 l= 0 prim: NULL + 18:d=1 hl=3 l= 141 prim: BIT STRING + + + +-----BEGIN ALGORITHM----- +MA0GCSqGSIb3DQEBCjAA +-----END ALGORITHM----- + +$ openssl asn1parse -i < [ALGORITHM] + 0:d=0 hl=2 l= 13 cons: SEQUENCE + 2:d=1 hl=2 l= 9 prim: OBJECT :rsassaPss + 13:d=1 hl=2 l= 0 cons: SEQUENCE + + + +-----BEGIN DATA----- +zch9oiPXht87ReC7vHITJtHuKvgGzDFUdcxvDZxm4bYjcdRc4jkuGskoRMMQEC8Vag2NUsH0xAu +jqmUJV4bLdpdXplY7qVj+0LzJhOi1F6PV9RWyO4pB50qoZ2k/kN+wYabobfqu5kRywA5fIJRXKc +vr538Gznjgj0CY+6QfnWGTwDF+i2DUtghKy0LSnjgIo7w3LYXjMRcPy/fMctC3HClmSLOk0Q9BY +pXQgHqmJcqydE/Z6o/SI8QlNwKYKL0WvgJUbxMP0uM7k20mduCK7RtzMYt1CgFn0A== +-----END DATA----- + + + +-----BEGIN SIGNATURE----- +A4GBAJB0MI+1mOlwGyKUOI5S+XH6rCtgpRRa8YXfUoe17SiH5Xzn/UTchjTkB8jg5DYLwibz7CJ +/nZ5UY46NMfUFEhXfbrucL5V5qndZijj5FLW5wb2DxOL584Kg0Ko1Qv/uZZhKYBvGnrKN6yfcoS +yCwtTD9mzVAPH/K5lNik4wy7M8 +-----END SIGNATURE----- + +$ openssl asn1parse -i < [SIGNATURE] + 0:d=0 hl=3 l= 129 prim: BIT STRING diff --git a/third-party/chromium/data/verify_signed_data/rsa-pss-sha1-salt20.pem b/third-party/chromium/data/verify_signed_data/rsa-pss-sha1-salt20.pem new file mode 100644 index 0000000..e56f0fe --- /dev/null +++ b/third-party/chromium/data/verify_signed_data/rsa-pss-sha1-salt20.pem @@ -0,0 +1,53 @@ +The key, message, and signature come from Example 1.1 of: +ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip (pss-vect.txt) + +(The algorithm DER was synthesized to match, and the signature enclosed in a BIT STRING). + +It uses an RSA key with modulus length of 1024 bits, PSS padding, +SHA-1 as the digest, MGF1 with SHA-1, and salt length of 20. + + + +-----BEGIN PUBLIC KEY----- +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQClbkoOcBAXWJpRh9x+qEHRVvLsDjatUqRN/rH +mH3rZkdjFEFb/7bFitMDyg6EqiKOU3/Umq3KRy7MHzqv84LHf1c2VCAltWyuLbfXWce9jd8CSHL +I8Jwpw4lmOb/idGfEFrMLT8Ms18pKA4Thrb2TE7yLh4fINDOjP+yJJvZohNwIDAQAB +-----END PUBLIC KEY----- + +$ openssl asn1parse -i < [PUBLIC KEY] + 0:d=0 hl=3 l= 159 cons: SEQUENCE + 3:d=1 hl=2 l= 13 cons: SEQUENCE + 5:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption + 16:d=2 hl=2 l= 0 prim: NULL + 18:d=1 hl=3 l= 141 prim: BIT STRING + + + +-----BEGIN ALGORITHM----- +MA0GCSqGSIb3DQEBCjAA +-----END ALGORITHM----- + +$ openssl asn1parse -i < [ALGORITHM] + 0:d=0 hl=2 l= 13 cons: SEQUENCE + 2:d=1 hl=2 l= 9 prim: OBJECT :rsassaPss + 13:d=1 hl=2 l= 0 cons: SEQUENCE + + + +-----BEGIN DATA----- +zch9oiPXht87ReC7vHITJtHuKvgGzDFUdcxvDZxm4bYjcdRc4jkuGskoRMMQEC8Vag2NUsH0xAu +jqmUJV4bLdpdXplY7qVj+0LzJhOi1F6PV9RWyO4pB50qoZ2k/kN+wYabobfqu5kRywA5fIJRXKc +vr538Gznjgj0CY+6QfnWGTwDF+i2DUtghKy0LSnjgIo7w3LYXjMRcPy/fMctC3HClmSLOk0Q9BY +pXQgHqmJcqydE/Z6o/SI8QlNwKYKL0WvgJUbxMP0uM7k20mduCK7RtzMYt1CgFn0A== +-----END DATA----- + + + +-----BEGIN SIGNATURE----- +A4GBAJB0MI+1mOlwGyKUOI5S+XH6rCtgpRRa8YXfUoe17SiH5Xzn/UTchjTkB8jg5DYLwibz7CJ +/nZ5UY46NMfUFEhXfbrucL5V5qndZijj5FLW5wb2DxOL584Kg0Ko1Qv/uZZhKYBvGnrKN6yfcoS +yCwtTD9mzVAPH/K5lNik4wy7M8 +-----END SIGNATURE----- + +$ openssl asn1parse -i < [SIGNATURE] + 0:d=0 hl=3 l= 129 prim: BIT STRING diff --git a/third-party/chromium/data/verify_signed_data/rsa-pss-sha1-wrong-salt.pem b/third-party/chromium/data/verify_signed_data/rsa-pss-sha1-wrong-salt.pem new file mode 100644 index 0000000..57ec775 --- /dev/null +++ b/third-party/chromium/data/verify_signed_data/rsa-pss-sha1-wrong-salt.pem @@ -0,0 +1,51 @@ +Same as rsa-pss-sha1-wrong-salt.pem except the ALGORITHM has been changed to +have a salt of 23. When verified using this algorithm it will fail, however if +the default salt of 20 were used it would succeed. + + + +-----BEGIN PUBLIC KEY----- +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQClbkoOcBAXWJpRh9x+qEHRVvLsDjatUqRN/rH +mH3rZkdjFEFb/7bFitMDyg6EqiKOU3/Umq3KRy7MHzqv84LHf1c2VCAltWyuLbfXWce9jd8CSHL +I8Jwpw4lmOb/idGfEFrMLT8Ms18pKA4Thrb2TE7yLh4fINDOjP+yJJvZohNwIDAQAB +-----END PUBLIC KEY----- + +$ openssl asn1parse -i < [PUBLIC KEY] + 0:d=0 hl=3 l= 159 cons: SEQUENCE + 3:d=1 hl=2 l= 13 cons: SEQUENCE + 5:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption + 16:d=2 hl=2 l= 0 prim: NULL + 18:d=1 hl=3 l= 141 prim: BIT STRING + + + +-----BEGIN ALGORITHM----- +MBIGCSqGSIb3DQEBCjAFogMCARc= +-----END ALGORITHM----- + +$ openssl asn1parse -i < [ALGORITHM] + 0:d=0 hl=2 l= 18 cons: SEQUENCE + 2:d=1 hl=2 l= 9 prim: OBJECT :rsassaPss + 13:d=1 hl=2 l= 5 cons: SEQUENCE + 15:d=2 hl=2 l= 3 cons: cont [ 2 ] + 17:d=3 hl=2 l= 1 prim: INTEGER :17 + + + +-----BEGIN DATA----- +zch9oiPXht87ReC7vHITJtHuKvgGzDFUdcxvDZxm4bYjcdRc4jkuGskoRMMQEC8Vag2NUsH0xAu +jqmUJV4bLdpdXplY7qVj+0LzJhOi1F6PV9RWyO4pB50qoZ2k/kN+wYabobfqu5kRywA5fIJRXKc +vr538Gznjgj0CY+6QfnWGTwDF+i2DUtghKy0LSnjgIo7w3LYXjMRcPy/fMctC3HClmSLOk0Q9BY +pXQgHqmJcqydE/Z6o/SI8QlNwKYKL0WvgJUbxMP0uM7k20mduCK7RtzMYt1CgFn0A== +-----END DATA----- + + + +-----BEGIN SIGNATURE----- +A4GBAJB0MI+1mOlwGyKUOI5S+XH6rCtgpRRa8YXfUoe17SiH5Xzn/UTchjTkB8jg5DYLwibz7CJ +/nZ5UY46NMfUFEhXfbrucL5V5qndZijj5FLW5wb2DxOL584Kg0Ko1Qv/uZZhKYBvGnrKN6yfcoS +yCwtTD9mzVAPH/K5lNik4wy7M8 +-----END SIGNATURE----- + +$ openssl asn1parse -i < [SIGNATURE] + 0:d=0 hl=3 l= 129 prim: BIT STRING diff --git a/third-party/chromium/data/verify_signed_data/rsa-pss-sha256-mgf1-sha512-salt33.pem b/third-party/chromium/data/verify_signed_data/rsa-pss-sha256-mgf1-sha512-salt33.pem new file mode 100644 index 0000000..f3b9dcb --- /dev/null +++ b/third-party/chromium/data/verify_signed_data/rsa-pss-sha256-mgf1-sha512-salt33.pem @@ -0,0 +1,67 @@ +This test exercises using a different hash function parameter to the mask gen +function (SHA-256 for the hash, but SHA-512 for the MGF1 hash). + +This test data was constructed manually by calling signing functions from +OpenSSL code. + +It constructs an RSASSA-PSS signature using: + * Key with modulus 1024 bit + * Salt length 33 bytes + * Digest function of SHA-256 + * Mask gen function of MGF1 with SHA-512 + + + +-----BEGIN PUBLIC KEY----- +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQClbkoOcBAXWJpRh9x+qEHRVvLsDjatUqRN/rH +mH3rZkdjFEFb/7bFitMDyg6EqiKOU3/Umq3KRy7MHzqv84LHf1c2VCAltWyuLbfXWce9jd8CSHL +I8Jwpw4lmOb/idGfEFrMLT8Ms18pKA4Thrb2TE7yLh4fINDOjP+yJJvZohNwIDAQAB +-----END PUBLIC KEY----- + +$ openssl asn1parse -i < [PUBLIC KEY] + 0:d=0 hl=3 l= 159 cons: SEQUENCE + 3:d=1 hl=2 l= 13 cons: SEQUENCE + 5:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption + 16:d=2 hl=2 l= 0 prim: NULL + 18:d=1 hl=3 l= 141 prim: BIT STRING + + + +-----BEGIN ALGORITHM----- +MEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUDBAIBBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWU +DBAIDBQCiAwIBIQ== +-----END ALGORITHM----- + +$ openssl asn1parse -i < [ALGORITHM] + 0:d=0 hl=2 l= 65 cons: SEQUENCE + 2:d=1 hl=2 l= 9 prim: OBJECT :rsassaPss + 13:d=1 hl=2 l= 52 cons: SEQUENCE + 15:d=2 hl=2 l= 15 cons: cont [ 0 ] + 17:d=3 hl=2 l= 13 cons: SEQUENCE + 19:d=4 hl=2 l= 9 prim: OBJECT :sha256 + 30:d=4 hl=2 l= 0 prim: NULL + 32:d=2 hl=2 l= 28 cons: cont [ 1 ] + 34:d=3 hl=2 l= 26 cons: SEQUENCE + 36:d=4 hl=2 l= 9 prim: OBJECT :mgf1 + 47:d=4 hl=2 l= 13 cons: SEQUENCE + 49:d=5 hl=2 l= 9 prim: OBJECT :sha512 + 60:d=5 hl=2 l= 0 prim: NULL + 62:d=2 hl=2 l= 3 cons: cont [ 2 ] + 64:d=3 hl=2 l= 1 prim: INTEGER :21 + + + +-----BEGIN DATA----- +VGVzdCBtZXNzYWdlIHRvIGJlIHNpZ25lZC4uLg== +-----END DATA----- + + + +-----BEGIN SIGNATURE----- +A4GBAFob0HSC5uuTqKu4J/lj+5bDa+Hhij4H3klWnvt6Yc+wwPza7/UC4lgGGyvZqD32RUEdt7v +Z14qqYNk53b5aj4C2gBMvLzV7Pay4mmQM4DSWa5JHMxTILqE3DDqihrbMcBw2q3XAsLcjeqLWQ9 +yp8tfnV21h98qsCLtErrxZWHRr +-----END SIGNATURE----- + +$ openssl asn1parse -i < [SIGNATURE] + 0:d=0 hl=3 l= 129 prim: BIT STRING diff --git a/third-party/chromium/data/verify_signed_data/rsa-pss-sha256-salt10-using-pss-key-with-params.pem b/third-party/chromium/data/verify_signed_data/rsa-pss-sha256-salt10-using-pss-key-with-params.pem new file mode 100644 index 0000000..e0140b3 --- /dev/null +++ b/third-party/chromium/data/verify_signed_data/rsa-pss-sha256-salt10-using-pss-key-with-params.pem @@ -0,0 +1,74 @@ +This is the same test as rsa-pss-sha256-salt10.pem except instead of specifying +the SPKI using rsaEncryption it is specified using rsaPss along with +parameters that match those of the signature algorithm. + + + +-----BEGIN PUBLIC KEY----- +MIHRMEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUDBAIBBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZ +IAWUDBAIBBQCiAwIBCgOBiwAwgYcCgYEAvkmbXn8GyD+gKT4xRlyOtrWK+SC65Sp7W5v+t6py2x +JkES6z/UMdMaKn5QlBVmkpSUoOiR7VYTkYtLUbDR+5d4Oyas99DzhM+zX00oJPXdOAYjomvxgLY +5YcYZ3NsgyuQG8i9uJ2yAo3JZSQz+tywacahPGEbTMId7o+MQHsnHsCARE= +-----END PUBLIC KEY----- + +$ openssl asn1parse -i < [PUBLIC KEY] + 0:d=0 hl=3 l= 209 cons: SEQUENCE + 3:d=1 hl=2 l= 65 cons: SEQUENCE + 5:d=2 hl=2 l= 9 prim: OBJECT :rsassaPss + 16:d=2 hl=2 l= 52 cons: SEQUENCE + 18:d=3 hl=2 l= 15 cons: cont [ 0 ] + 20:d=4 hl=2 l= 13 cons: SEQUENCE + 22:d=5 hl=2 l= 9 prim: OBJECT :sha256 + 33:d=5 hl=2 l= 0 prim: NULL + 35:d=3 hl=2 l= 28 cons: cont [ 1 ] + 37:d=4 hl=2 l= 26 cons: SEQUENCE + 39:d=5 hl=2 l= 9 prim: OBJECT :mgf1 + 50:d=5 hl=2 l= 13 cons: SEQUENCE + 52:d=6 hl=2 l= 9 prim: OBJECT :sha256 + 63:d=6 hl=2 l= 0 prim: NULL + 65:d=3 hl=2 l= 3 cons: cont [ 2 ] + 67:d=4 hl=2 l= 1 prim: INTEGER :0A + 70:d=1 hl=3 l= 139 prim: BIT STRING + + + +-----BEGIN ALGORITHM----- +MEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUDBAIBBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWU +DBAIBBQCiAwIBCg== +-----END ALGORITHM----- + +$ openssl asn1parse -i < [ALGORITHM] + 0:d=0 hl=2 l= 65 cons: SEQUENCE + 2:d=1 hl=2 l= 9 prim: OBJECT :rsassaPss + 13:d=1 hl=2 l= 52 cons: SEQUENCE + 15:d=2 hl=2 l= 15 cons: cont [ 0 ] + 17:d=3 hl=2 l= 13 cons: SEQUENCE + 19:d=4 hl=2 l= 9 prim: OBJECT :sha256 + 30:d=4 hl=2 l= 0 prim: NULL + 32:d=2 hl=2 l= 28 cons: cont [ 1 ] + 34:d=3 hl=2 l= 26 cons: SEQUENCE + 36:d=4 hl=2 l= 9 prim: OBJECT :mgf1 + 47:d=4 hl=2 l= 13 cons: SEQUENCE + 49:d=5 hl=2 l= 9 prim: OBJECT :sha256 + 60:d=5 hl=2 l= 0 prim: NULL + 62:d=2 hl=2 l= 3 cons: cont [ 2 ] + 64:d=3 hl=2 l= 1 prim: INTEGER :0A + + + +-----BEGIN DATA----- +x/UnD8pyX5vRn1GajXzKPMXAeQJAKfO65RD5sCFA/iOJCOT2wY8HqJxofIaEZpsfHbK6+SUaPIK +frMtJMIThbsnijViGgHSl1iIWZ91uUo0W/iyfPbTPr2xNzoyEOa84zqqqnOLsrnvI9KWlXjv5bf +nNV1xPnLMnlRuM3+QIcWg= +-----END DATA----- + + + +-----BEGIN SIGNATURE----- +A4GBABHhafL9QLB2Qbl2iiqxmWX7bCfxD88DI/zG0S608cBrMw3aoepQRAevop3p6+A3T+nR59D +/vV/Bzzo0RuQUVBXSqyT3ibNGTFxDola7wdaSz38EgB2sW7QBpKA6t9VyioYMGeGk3Hl8pULIID +zsLmAesMUfVn8u2gIrC5693u76 +-----END SIGNATURE----- + +$ openssl asn1parse -i < [SIGNATURE] + 0:d=0 hl=3 l= 129 prim: BIT STRING diff --git a/third-party/chromium/data/verify_signed_data/rsa-pss-sha256-salt10-using-pss-key-with-wrong-params.pem b/third-party/chromium/data/verify_signed_data/rsa-pss-sha256-salt10-using-pss-key-with-wrong-params.pem new file mode 100644 index 0000000..646ac1f --- /dev/null +++ b/third-party/chromium/data/verify_signed_data/rsa-pss-sha256-salt10-using-pss-key-with-wrong-params.pem @@ -0,0 +1,74 @@ +This is the same test as rsa-pss-sha256-salt10-using-pss-key-with-params.pem +except the hash in the PSS key's parameters has been changed from SHA-256 to +SHA-384. + + + +-----BEGIN PUBLIC KEY----- +MIHRMEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUDBAICBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZ +IAWUDBAIBBQCiAwIBCgOBiwAwgYcCgYEAvkmbXn8GyD+gKT4xRlyOtrWK+SC65Sp7W5v+t6py2x +JkES6z/UMdMaKn5QlBVmkpSUoOiR7VYTkYtLUbDR+5d4Oyas99DzhM+zX00oJPXdOAYjomvxgLY +5YcYZ3NsgyuQG8i9uJ2yAo3JZSQz+tywacahPGEbTMId7o+MQHsnHsCARE= +-----END PUBLIC KEY----- + +$ openssl asn1parse -i < [PUBLIC KEY] + 0:d=0 hl=3 l= 209 cons: SEQUENCE + 3:d=1 hl=2 l= 65 cons: SEQUENCE + 5:d=2 hl=2 l= 9 prim: OBJECT :rsassaPss + 16:d=2 hl=2 l= 52 cons: SEQUENCE + 18:d=3 hl=2 l= 15 cons: cont [ 0 ] + 20:d=4 hl=2 l= 13 cons: SEQUENCE + 22:d=5 hl=2 l= 9 prim: OBJECT :sha384 + 33:d=5 hl=2 l= 0 prim: NULL + 35:d=3 hl=2 l= 28 cons: cont [ 1 ] + 37:d=4 hl=2 l= 26 cons: SEQUENCE + 39:d=5 hl=2 l= 9 prim: OBJECT :mgf1 + 50:d=5 hl=2 l= 13 cons: SEQUENCE + 52:d=6 hl=2 l= 9 prim: OBJECT :sha256 + 63:d=6 hl=2 l= 0 prim: NULL + 65:d=3 hl=2 l= 3 cons: cont [ 2 ] + 67:d=4 hl=2 l= 1 prim: INTEGER :0A + 70:d=1 hl=3 l= 139 prim: BIT STRING + + + +-----BEGIN ALGORITHM----- +MEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUDBAIBBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWU +DBAIBBQCiAwIBCg== +-----END ALGORITHM----- + +$ openssl asn1parse -i < [ALGORITHM] + 0:d=0 hl=2 l= 65 cons: SEQUENCE + 2:d=1 hl=2 l= 9 prim: OBJECT :rsassaPss + 13:d=1 hl=2 l= 52 cons: SEQUENCE + 15:d=2 hl=2 l= 15 cons: cont [ 0 ] + 17:d=3 hl=2 l= 13 cons: SEQUENCE + 19:d=4 hl=2 l= 9 prim: OBJECT :sha256 + 30:d=4 hl=2 l= 0 prim: NULL + 32:d=2 hl=2 l= 28 cons: cont [ 1 ] + 34:d=3 hl=2 l= 26 cons: SEQUENCE + 36:d=4 hl=2 l= 9 prim: OBJECT :mgf1 + 47:d=4 hl=2 l= 13 cons: SEQUENCE + 49:d=5 hl=2 l= 9 prim: OBJECT :sha256 + 60:d=5 hl=2 l= 0 prim: NULL + 62:d=2 hl=2 l= 3 cons: cont [ 2 ] + 64:d=3 hl=2 l= 1 prim: INTEGER :0A + + + +-----BEGIN DATA----- +x/UnD8pyX5vRn1GajXzKPMXAeQJAKfO65RD5sCFA/iOJCOT2wY8HqJxofIaEZpsfHbK6+SUaPIK +frMtJMIThbsnijViGgHSl1iIWZ91uUo0W/iyfPbTPr2xNzoyEOa84zqqqnOLsrnvI9KWlXjv5bf +nNV1xPnLMnlRuM3+QIcWg= +-----END DATA----- + + + +-----BEGIN SIGNATURE----- +A4GBABHhafL9QLB2Qbl2iiqxmWX7bCfxD88DI/zG0S608cBrMw3aoepQRAevop3p6+A3T+nR59D +/vV/Bzzo0RuQUVBXSqyT3ibNGTFxDola7wdaSz38EgB2sW7QBpKA6t9VyioYMGeGk3Hl8pULIID +zsLmAesMUfVn8u2gIrC5693u76 +-----END SIGNATURE----- + +$ openssl asn1parse -i < [SIGNATURE] + 0:d=0 hl=3 l= 129 prim: BIT STRING diff --git a/third-party/chromium/data/verify_signed_data/rsa-pss-sha256-salt10.pem b/third-party/chromium/data/verify_signed_data/rsa-pss-sha256-salt10.pem new file mode 100644 index 0000000..fc37f41 --- /dev/null +++ b/third-party/chromium/data/verify_signed_data/rsa-pss-sha256-salt10.pem @@ -0,0 +1,65 @@ +The key, message, and signature come from: +http://csrc.nist.gov/groups/STM/cavp/documents/dss/186-2rsatestvectors.zip (SigVerPSS_186-3.rsp) + +(The algorithm DER was synthesized to match, and the signature wrapped in a BIT STRING). + +It uses an RSA key with modulus length of 1024 bits, PSS padding, +SHA-256 as the digest, MGF1 with SHA-256, and salt length of 10. + + + +-----BEGIN PUBLIC KEY----- +MIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQC+SZtefwbIP6ApPjFGXI62tYr5ILrlKntbm/6 +3qnLbEmQRLrP9Qx0xoqflCUFWaSlJSg6JHtVhORi0tRsNH7l3g7Jqz30POEz7NfTSgk9d04BiOi +a/GAtjlhxhnc2yDK5AbyL24nbICjcllJDP63LBpxqE8YRtMwh3uj4xAeycewIBEQ== +-----END PUBLIC KEY----- + +$ openssl asn1parse -i < [PUBLIC KEY] + 0:d=0 hl=3 l= 157 cons: SEQUENCE + 3:d=1 hl=2 l= 13 cons: SEQUENCE + 5:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption + 16:d=2 hl=2 l= 0 prim: NULL + 18:d=1 hl=3 l= 139 prim: BIT STRING + + + +-----BEGIN ALGORITHM----- +MEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUDBAIBBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWU +DBAIBBQCiAwIBCg== +-----END ALGORITHM----- + +$ openssl asn1parse -i < [ALGORITHM] + 0:d=0 hl=2 l= 65 cons: SEQUENCE + 2:d=1 hl=2 l= 9 prim: OBJECT :rsassaPss + 13:d=1 hl=2 l= 52 cons: SEQUENCE + 15:d=2 hl=2 l= 15 cons: cont [ 0 ] + 17:d=3 hl=2 l= 13 cons: SEQUENCE + 19:d=4 hl=2 l= 9 prim: OBJECT :sha256 + 30:d=4 hl=2 l= 0 prim: NULL + 32:d=2 hl=2 l= 28 cons: cont [ 1 ] + 34:d=3 hl=2 l= 26 cons: SEQUENCE + 36:d=4 hl=2 l= 9 prim: OBJECT :mgf1 + 47:d=4 hl=2 l= 13 cons: SEQUENCE + 49:d=5 hl=2 l= 9 prim: OBJECT :sha256 + 60:d=5 hl=2 l= 0 prim: NULL + 62:d=2 hl=2 l= 3 cons: cont [ 2 ] + 64:d=3 hl=2 l= 1 prim: INTEGER :0A + + + +-----BEGIN DATA----- +x/UnD8pyX5vRn1GajXzKPMXAeQJAKfO65RD5sCFA/iOJCOT2wY8HqJxofIaEZpsfHbK6+SUaPIK +frMtJMIThbsnijViGgHSl1iIWZ91uUo0W/iyfPbTPr2xNzoyEOa84zqqqnOLsrnvI9KWlXjv5bf +nNV1xPnLMnlRuM3+QIcWg= +-----END DATA----- + + + +-----BEGIN SIGNATURE----- +A4GBABHhafL9QLB2Qbl2iiqxmWX7bCfxD88DI/zG0S608cBrMw3aoepQRAevop3p6+A3T+nR59D +/vV/Bzzo0RuQUVBXSqyT3ibNGTFxDola7wdaSz38EgB2sW7QBpKA6t9VyioYMGeGk3Hl8pULIID +zsLmAesMUfVn8u2gIrC5693u76 +-----END SIGNATURE----- + +$ openssl asn1parse -i < [SIGNATURE] + 0:d=0 hl=3 l= 129 prim: BIT STRING diff --git a/third-party/chromium/data/verify_signed_data/rsa-using-ec-key.pem b/third-party/chromium/data/verify_signed_data/rsa-using-ec-key.pem new file mode 100644 index 0000000..b9a3777 --- /dev/null +++ b/third-party/chromium/data/verify_signed_data/rsa-using-ec-key.pem @@ -0,0 +1,52 @@ +This test specifies an RSA PKCS#1 v1.5 signature algorithm (and a valid RSA +signature), HOWEVER it provides an EC key. Verification should fail. + + + +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEnLDPaTA9r8dh1ORoe07PA55tNKuWSvgIENjVWKS +o1vctUSM6F4iSCobuCKGWLHnvoxf7eHnil9rSFG25lfoceA== +-----END PUBLIC KEY----- + +$ openssl asn1parse -i < [PUBLIC KEY] + 0:d=0 hl=2 l= 89 cons: SEQUENCE + 2:d=1 hl=2 l= 19 cons: SEQUENCE + 4:d=2 hl=2 l= 7 prim: OBJECT :id-ecPublicKey + 13:d=2 hl=2 l= 8 prim: OBJECT :prime256v1 + 23:d=1 hl=2 l= 66 prim: BIT STRING + + + +-----BEGIN ALGORITHM----- +MA0GCSqGSIb3DQEBCwUA +-----END ALGORITHM----- + +$ openssl asn1parse -i < [ALGORITHM] + 0:d=0 hl=2 l= 13 cons: SEQUENCE + 2:d=1 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption + 13:d=1 hl=2 l= 0 prim: NULL + + + +-----BEGIN DATA----- +MIIB46ADAgECAgkA3l4tFOVii0UwDQYJKoZIhvcNAQELBQAwVjELMAkGA1UEBhMCQVUxEzARBgN +VBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1 +UEAwwGTXkga2V5MB4XDTE1MDcwMjE3MDYzOVoXDTE2MDcwMTE3MDYzOVowVjELMAkGA1UEBhMCQ +VUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0 +ZDEPMA0GA1UEAwwGTXkga2V5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqR+B2Mj1irNp +1JnY2zQIQRQPz7ybs6mUjHT3hf5APyaig2u6fBPThqxssgg0YviqIj/70hVK/JXcqP1zgR5AhsA +0agnwAjfB/ow4EH+3HEYV52qpxN98pUxC+1l2hgVtn8xCS/JGyjK+6dv+lZw3ixJoX2RjVtdJ4/ +cn318EhhQIDAQABo1AwTjAdBgNVHQ4EFgQUzQBVKTEknyLndWd2HTsBdTKvyikwHwYDVR0jBBgw +FoAUzQBVKTEknyLndWd2HTsBdTKvyikwDAYDVR0TBAUwAwEB/w== +-----END DATA----- + + + +-----BEGIN SIGNATURE----- +A4GBADrHSmFSJw/Gv7hs5PNzpaJwAri/sitarIZfzN/SjR+n8L8yeTEoiDb1+BkxlFvXvPHTaOK +oO3WlslNNOxh1W5/JkYYGOUkCcyIjnln6qS560imcr3VNjomT/M8M2Iss+rJiKau1TRuaP7H8i6 ++Gqf3saGdr8/LnvFAdNQvkalQt +-----END SIGNATURE----- + +$ openssl asn1parse -i < [SIGNATURE] + 0:d=0 hl=3 l= 129 prim: BIT STRING diff --git a/third-party/chromium/data/verify_signed_data/rsa2048-pkcs1-sha512.pem b/third-party/chromium/data/verify_signed_data/rsa2048-pkcs1-sha512.pem new file mode 100644 index 0000000..342a31b --- /dev/null +++ b/third-party/chromium/data/verify_signed_data/rsa2048-pkcs1-sha512.pem @@ -0,0 +1,93 @@ +This test data was produced by creating a self-signed RSA cert using OpenSSL, +and then extracting the relevant fields. + +It uses RSA PKCS#1 v1.5 with SHA-512 and a 2048-bit key. + +(1) Generate self-signed certificate + + openssl genrsa -out rsa_key.pem 2048 + openssl req -new -key rsa_key.pem -x509 -nodes -days 365 -sha512 -out cert.pem + +(2) Extract public key + + openssl x509 -in cert.pem -pubkey -noout > pubkey.pem + cat pubkey.pem + +(3) Extract signed data (tbsCertificate) + + openssl asn1parse -in cert.pem -out tbs -noout -strparse 4 + base64 tbs + +(4) Extract signature algorithm + + # Find the offset of the signature algorithm near the end (589 in this case) + openssl asn1parse -in cert.pem + + openssl asn1parse -in cert.pem -out alg -noout -strparse 589 + base64 alg + +(5) Extract the signature + + # Find the final offset of BIT STRING (506 in this case) + openssl asn1parse -in cert.pem + + openssl asn1parse -in cert.pem -out sig -noout -strparse 506 + base64 sig + + + +-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzcu2shJRrXFAwMkf30y2AY1zIg9VF/h +egYcejzdR2AzUb8vU2TXld2i8pp44l+DrvtqmzS7G+yxx3uOx+zsoqBaUT0c9HfkbE+IRmcLkQF +vYpSpm6Eu8OS14CSmEtiR91Et8LR0+bd0Gn3pgmb+epFJBaBPeDSiI/smqKCs7yP04+tS4Q4r47 +G04LhSp4/hmqH32b4Gcm9nsihHV9FfPfVdxDQUEJp3AgyBPwhPZEAyhoQS73TjjxXHqJRSz37Sl +ueMVPuNncqbT4nAMKz25J1CtRlQh21uZzfY2QRP3m6rAZquQUos1febC6A7qmhQljWKKmXtfVY+ +fAamstdHrWwIDAQAB +-----END PUBLIC KEY----- + +$ openssl asn1parse -i < [PUBLIC KEY] + 0:d=0 hl=4 l= 290 cons: SEQUENCE + 4:d=1 hl=2 l= 13 cons: SEQUENCE + 6:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption + 17:d=2 hl=2 l= 0 prim: NULL + 19:d=1 hl=4 l= 271 prim: BIT STRING + + + +-----BEGIN ALGORITHM----- +MA0GCSqGSIb3DQEBDQUA +-----END ALGORITHM----- + +$ openssl asn1parse -i < [ALGORITHM] + 0:d=0 hl=2 l= 13 cons: SEQUENCE + 2:d=1 hl=2 l= 9 prim: OBJECT :sha512WithRSAEncryption + 13:d=1 hl=2 l= 0 prim: NULL + + + +-----BEGIN DATA----- +MIICRaADAgECAgkA7jWRLkwHvHswDQYJKoZIhvcNAQENBQAwRTELMAkGA1UEBhMCQVUxEzARBgN +VBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0xNT +A3MjgwMjIyMzFaFw0xNjA3MjcwMjIyMzFaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lL +VN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQDNy7ayElGtcUDAyR/fTLYBjXMiD1UX+F6Bhx6PN1HYDNRvy9TZNeV +3aLymnjiX4Ou+2qbNLsb7LHHe47H7OyioFpRPRz0d+RsT4hGZwuRAW9ilKmboS7w5LXgJKYS2JH +3US3wtHT5t3QafemCZv56kUkFoE94NKIj+yaooKzvI/Tj61LhDivjsbTguFKnj+GaoffZvgZyb2 +eyKEdX0V899V3ENBQQmncCDIE/CE9kQDKGhBLvdOOPFceolFLPftKW54xU+42dyptPicAwrPbkn +UK1GVCHbW5nN9jZBE/ebqsBmq5BSizV95sLoDuqaFCWNYoqZe19Vj58Bqay10etbAgMBAAGjUDB +OMB0GA1UdDgQWBBRsCPajkEscZM6SpLbNTa/7dY5azzAfBgNVHSMEGDAWgBRsCPajkEscZM6SpL +bNTa/7dY5azzAMBgNVHRMEBTADAQH/ +-----END DATA----- + + + +-----BEGIN SIGNATURE----- +A4IBAQAhKSNq+X/CfzhtNsMo6MJpTBjJBV5fhHerIZr6e3ozCTBCR29vYsVnJ4/6i5lL1pNeOhM +ldthnuSlMzTS1Zme1OqRWB3U8QmwCFwhDxW/i4fdT8kxDAmELNp4z0GcXbe27V895PE0R/m8P47 +B6xbra+SQlEMW12K1EndUqrO6vgLbobV14mveWdgc0KIOnDKgsTHV8NTV1w3qtp1ujfvizYfBZu +yyMOA1yZPDpREZtClro7lufwDQ7+LgSdtNLMDAMzapfIjAEPVNVLmJzMgzaHqMsZM8gP8vWAdfc +R4mCmWXVotrM6d1rjJGdRADAONYCC4/+d1IMkVGoVfpaej6I +-----END SIGNATURE----- + +$ openssl asn1parse -i < [SIGNATURE] + 0:d=0 hl=4 l= 257 prim: BIT STRING