diff --git a/src/alg_tests.rs b/src/alg_tests.rs index 36f5b3b3..03ba398a 100644 --- a/src/alg_tests.rs +++ b/src/alg_tests.rs @@ -357,6 +357,11 @@ test_verify_signed_data!( "ours/ecdsa-prime256v1-sha256-compressed.pem", OK_IF_POINT_COMPRESSION_SUPPORTED ); +test_verify_signed_data!( + test_ecdsa_prime256v1_sha256_spki_inside_spki, + "ours/ecdsa-prime256v1-sha256-spki-inside-spki.pem", + Err(Error::InvalidSignatureForPublicKey) +); struct TestSignedData { spki: Vec, diff --git a/third-party/chromium/data/verify_signed_data/ours/ecdsa-prime256v1-sha256-spki-inside-spki.pem b/third-party/chromium/data/verify_signed_data/ours/ecdsa-prime256v1-sha256-spki-inside-spki.pem new file mode 100644 index 00000000..44b65ead --- /dev/null +++ b/third-party/chromium/data/verify_signed_data/ours/ecdsa-prime256v1-sha256-spki-inside-spki.pem @@ -0,0 +1,36 @@ +This is a copy of ecdsa-prime256v1-sha256.pem, but +with the SPKI BIT STRING being the SPKI again. + + +$ openssl asn1parse -i < [PUBLIC KEY] + 0:d=0 hl=2 l= 115 cons: SEQUENCE + 2:d=1 hl=2 l= 19 cons: SEQUENCE + 4:d=2 hl=2 l= 7 prim: OBJECT :id-ecPublicKey + 13:d=2 hl=2 l= 8 prim: OBJECT :prime256v1 + 23:d=1 hl=2 l= 92 prim: BIT STRING + +-----BEGIN PUBLIC KEY----- +MHMwEwYHKoZIzj0CAQYIKoZIzj0DAQcDXAAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQEqux +zY1cm8hP7ip5k2juGMuQUlalE0ARbUi66ckD61YfZMVeYqqOlugF3V4fO0F6q97Tgn8gdbRqlRu +g2XVJd +-----END PUBLIC KEY----- + +$ openssl asn1parse -i < [ALGORITHM] + 0:d=0 hl=2 l= 10 cons: SEQUENCE + 2:d=1 hl=2 l= 8 prim: OBJECT :ecdsa-with-SHA256 + +-----BEGIN ALGORITHM----- +MAoGCCqGSM49BAMC +-----END ALGORITHM----- + +-----BEGIN DATA----- +MTIzNDAw +-----END DATA----- + +$ openssl asn1parse -i < [SIGNATURE] + 0:d=0 hl=2 l= 73 prim: BIT STRING + +-----BEGIN SIGNATURE----- +A0kAMEYCIQCo6hUMuAEl1zgcTB8dqOneJxH5kXBgQGpz15BFGeUTiAIhAPOrn6aL1HlzpzstQEg +MK6UMIsnXbsIXJXKIKTKFRJuG +-----END SIGNATURE-----