Add tests for point compression support

src/alg_tests.rs

@@ -23,8 +23,9 @@ use crate::verify_cert::Budget;
 use crate::{der, signed_data};
 
 use super::{
-    INVALID_SIGNATURE_FOR_RSA_KEY, OK_IF_RSA_AVAILABLE, SUPPORTED_ALGORITHMS_IN_TESTS,
-    UNSUPPORTED_ECDSA_SHA512_SIGNATURE, UNSUPPORTED_SIGNATURE_ALGORITHM_FOR_RSA_KEY,
+    INVALID_SIGNATURE_FOR_RSA_KEY, OK_IF_POINT_COMPRESSION_SUPPORTED, OK_IF_RSA_AVAILABLE,
+    SUPPORTED_ALGORITHMS_IN_TESTS, UNSUPPORTED_ECDSA_SHA512_SIGNATURE,
+    UNSUPPORTED_SIGNATURE_ALGORITHM_FOR_RSA_KEY,
 };
 
 macro_rules! test_file_bytes {
@@ -346,6 +347,17 @@ test_verify_signed_data!(
     OK_IF_RSA_AVAILABLE
 );
 
+test_verify_signed_data!(
+    test_ecdsa_prime256v1_sha256,
+    "ours/ecdsa-prime256v1-sha256.pem",
+    Ok(())
+);
+test_verify_signed_data!(
+    test_ecdsa_prime256v1_sha256_compressed,
+    "ours/ecdsa-prime256v1-sha256-compressed.pem",
+    OK_IF_POINT_COMPRESSION_SUPPORTED
+);
+
 struct TestSignedData {
     spki: Vec<u8>,
     data: Vec<u8>,

src/aws_lc_rs_algs.rs

@@ -207,6 +207,7 @@ mod tests {
     const INVALID_SIGNATURE_FOR_RSA_KEY: Error = Error::InvalidSignatureForPublicKey;
 
     const OK_IF_RSA_AVAILABLE: Result<(), Error> = Ok(());
+    const OK_IF_POINT_COMPRESSION_SUPPORTED: Result<(), Error> = Ok(());
 
     #[path = "alg_tests.rs"]
     mod alg_tests;

src/ring_algs.rs

@@ -198,6 +198,9 @@ mod tests {
         Err(Error::UnsupportedSignatureAlgorithm)
     };
 
+    const OK_IF_POINT_COMPRESSION_SUPPORTED: Result<(), Error> =
+        Err(Error::InvalidSignatureForPublicKey);
+
     #[path = "alg_tests.rs"]
     mod alg_tests;
 }

third-party/chromium/data/verify_signed_data/ours/ecdsa-prime256v1-sha256-compressed.pem

@@ -0,0 +1,37 @@
+Copy of the uncompressed version, but with the public key compressed manually
+using `openssl ec`.
+
+
+$ openssl asn1parse -i < [PUBLIC KEY]
+    0:d=0  hl=2 l=  57 cons: SEQUENCE          
+    2:d=1  hl=2 l=  19 cons:  SEQUENCE          
+    4:d=2  hl=2 l=   7 prim:   OBJECT            :id-ecPublicKey
+   13:d=2  hl=2 l=   8 prim:   OBJECT            :prime256v1
+   23:d=1  hl=2 l=  34 prim:  BIT STRING        
+
+-----BEGIN PUBLIC KEY-----
+MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADBKrsc2NXJvIT+4qeZNo7hjLkFJWpRNAEW1IuunJ
+A+tU=
+-----END PUBLIC KEY-----
+
+
+$ openssl asn1parse -i < [ALGORITHM]
+    0:d=0  hl=2 l=  10 cons: SEQUENCE          
+    2:d=1  hl=2 l=   8 prim:  OBJECT            :ecdsa-with-SHA256
+
+-----BEGIN ALGORITHM-----
+MAoGCCqGSM49BAMC
+-----END ALGORITHM-----
+
+-----BEGIN DATA-----
+MTIzNDAw
+-----END DATA-----
+
+
+$ openssl asn1parse -i < [SIGNATURE]
+    0:d=0  hl=2 l=  73 prim: BIT STRING        
+
+-----BEGIN SIGNATURE-----
+A0kAMEYCIQCo6hUMuAEl1zgcTB8dqOneJxH5kXBgQGpz15BFGeUTiAIhAPOrn6aL1HlzpzstQEg
+MK6UMIsnXbsIXJXKIKTKFRJuG
+-----END SIGNATURE-----

third-party/chromium/data/verify_signed_data/ours/ecdsa-prime256v1-sha256.pem

@@ -0,0 +1,38 @@
+The key, message, and signature come from wycheproof ecdsa_secp256r1_sha256_test.json
+
+The signature was wrapped in an additional BITSTRING.
+
+
+$ openssl asn1parse -i < [PUBLIC KEY]
+    0:d=0  hl=2 l=  89 cons: SEQUENCE          
+    2:d=1  hl=2 l=  19 cons:  SEQUENCE          
+    4:d=2  hl=2 l=   7 prim:   OBJECT            :id-ecPublicKey
+   13:d=2  hl=2 l=   8 prim:   OBJECT            :prime256v1
+   23:d=1  hl=2 l=  66 prim:  BIT STRING        
+
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEBKrsc2NXJvIT+4qeZNo7hjLkFJWpRNAEW1IuunJ
+A+tWH2TFXmKqjpboBd1eHztBeqve04J/IHW0apUboNl1SXQ==
+-----END PUBLIC KEY-----
+
+
+$ openssl asn1parse -i < [ALGORITHM]
+    0:d=0  hl=2 l=  10 cons: SEQUENCE          
+    2:d=1  hl=2 l=   8 prim:  OBJECT            :ecdsa-with-SHA256
+
+-----BEGIN ALGORITHM-----
+MAoGCCqGSM49BAMC
+-----END ALGORITHM-----
+
+-----BEGIN DATA-----
+MTIzNDAw
+-----END DATA-----
+
+
+$ openssl asn1parse -i < [SIGNATURE]
+    0:d=0  hl=2 l=  73 prim: BIT STRING        
+
+-----BEGIN SIGNATURE-----
+A0kAMEYCIQCo6hUMuAEl1zgcTB8dqOneJxH5kXBgQGpz15BFGeUTiAIhAPOrn6aL1HlzpzstQEg
+MK6UMIsnXbsIXJXKIKTKFRJuG
+-----END SIGNATURE-----