diff options
Diffstat (limited to 'security/nss/gtests/pk11_gtest/pk11_signature_test.cc')
-rw-r--r-- | security/nss/gtests/pk11_gtest/pk11_signature_test.cc | 25 |
1 files changed, 16 insertions, 9 deletions
diff --git a/security/nss/gtests/pk11_gtest/pk11_signature_test.cc b/security/nss/gtests/pk11_gtest/pk11_signature_test.cc index c9700707fe..bb029cd3a4 100644 --- a/security/nss/gtests/pk11_gtest/pk11_signature_test.cc +++ b/security/nss/gtests/pk11_gtest/pk11_signature_test.cc @@ -54,9 +54,8 @@ ScopedSECKEYPublicKey Pk11SignatureTest::ImportPublicKey( return ScopedSECKEYPublicKey(SECKEY_ExtractPublicKey(certSpki.get())); } -bool Pk11SignatureTest::SignHashedData(ScopedSECKEYPrivateKey& privKey, - const DataBuffer& hash, - DataBuffer* sig) { +bool Pk11SignatureTest::SignRaw(ScopedSECKEYPrivateKey& privKey, + const DataBuffer& hash, DataBuffer* sig) { SECItem hashItem = {siBuffer, toUcharPtr(hash.data()), static_cast<unsigned int>(hash.len())}; unsigned int sigLen = PK11_SignatureLen(privKey.get()); @@ -70,8 +69,8 @@ bool Pk11SignatureTest::SignHashedData(ScopedSECKEYPrivateKey& privKey, return rv == SECSuccess; } -bool Pk11SignatureTest::SignData(ScopedSECKEYPrivateKey& privKey, - const DataBuffer& data, DataBuffer* sig) { +bool Pk11SignatureTest::DigestAndSign(ScopedSECKEYPrivateKey& privKey, + const DataBuffer& data, DataBuffer* sig) { unsigned int sigLen = PK11_SignatureLen(privKey.get()); bool result = true; EXPECT_LT(0, (int)sigLen); @@ -123,11 +122,11 @@ bool Pk11SignatureTest::ImportPrivateKeyAndSignHashedData( ADD_FAILURE() << "Failed to compute hash"; return false; } - if (!SignHashedData(privKey, hash, sig)) { + if (!SignRaw(privKey, hash, sig)) { ADD_FAILURE() << "Failed to sign hashed data"; return false; } - if (!SignData(privKey, data, sig2)) { + if (!DigestAndSign(privKey, data, sig2)) { /* failure was already added by SignData, with an error message */ return false; } @@ -138,11 +137,20 @@ void Pk11SignatureTest::Verify(ScopedSECKEYPublicKey& pubKey, const DataBuffer& data, const DataBuffer& sig, bool valid) { SECStatus rv; - DataBuffer hash; SECItem sigItem = {siBuffer, toUcharPtr(sig.data()), static_cast<unsigned int>(sig.len())}; + if (skip_digest_) { + SECItem dataItem = {siBuffer, toUcharPtr(data.data()), + static_cast<unsigned int>(data.len())}; + rv = PK11_VerifyWithMechanism(pubKey.get(), mechanism_, parameters(), + &sigItem, &dataItem, nullptr); + EXPECT_EQ(rv, valid ? SECSuccess : SECFailure); + return; + } + + DataBuffer hash; /* RSA single shot requires encoding the hash before calling * VerifyWithMechanism. We already check that mechanism * with the VFY_ interface, so just do the combined hash/Verify @@ -175,5 +183,4 @@ void Pk11SignatureTest::Verify(ScopedSECKEYPublicKey& pubKey, << "verify failed Error:" << PORT_ErrorToString(PORT_GetError()) << "\n"; PK11_DestroyContext(context, PR_TRUE); } - } // namespace nss_test |