From 0fe9ab8d9f85c4b211d4b42dee83cb7031a3c721 Mon Sep 17 00:00:00 2001
From: Zale Young <zale@meta.com>
Date: Mon, 21 Oct 2024 13:00:57 -0700
Subject: [PATCH] implement makePeerCert and verify function

Summary:
create `fizz::mnscrypto::PeerCert`
- `verify()` calls to `MNSPkVerify()`

implement `fizz::MNSCryptoFactory::makePeerCert`

create unit test

Reviewed By: mingtaoy

Differential Revision: D63470793

fbshipit-source-id: 9c8945ce2f613a7741a12361525fc75e318f3b3b
---
 fizz/crypto/test/SignatureTestData.cpp | 50 ++++++++++++++++++++++++++
 1 file changed, 50 insertions(+)

diff --git a/fizz/crypto/test/SignatureTestData.cpp b/fizz/crypto/test/SignatureTestData.cpp
index db86f538523..1f3f9985e06 100644
--- a/fizz/crypto/test/SignatureTestData.cpp
+++ b/fizz/crypto/test/SignatureTestData.cpp
@@ -113,5 +113,55 @@ const std::vector<SignatureTestData> kSignatureTestVectors = {
         .msg = "Invalid Test\n",
         .msgHash =
             "73775a33f77343f98f0b05fad1cb300facefeb6f95131fd09a0faa18ad5fdaf4a7a9fdd14f1b8b93a4e58e05d01c6d0f"},
+
+    // 9 - rsa_pss_pss_sha256 with short signature
+    SignatureTestData{
+        .sigScheme = fizz::SignatureScheme::rsa_pss_sha256,
+        .sig = "01",
+        .validSig = false,
+        .certDer =
+            "308203533082023b0214643747549d8066efac36572cf70d19e1d8306ab9300d06092a864886f70d01010b05003066310b30090603550406130255533113301106035504080c0a43616c69666f726e69613115301306035504070c0c44656661756c742043697479311c301a060355040a0c1344656661756c7420436f6d70616e79204c7464310d300b06035504030c0474657374301e170d3234303932363233353533375a170d3235303932363233353533375a3066310b30090603550406130255533113301106035504080c0a43616c69666f726e69613115301306035504070c0c44656661756c742043697479311c301a060355040a0c1344656661756c7420436f6d70616e79204c7464310d300b06035504030c047465737430820122300d06092a864886f70d01010105000382010f003082010a02820101008a6c4d2b1d7a4843df11bd545ad7658e8a1d6b961fbafbf94b1f8118d0885d83a320be6875d9f2c231a154fc9aa80849d6773f914b2fe279a67503db221b7215c8983e92bfeb16e6077ed5d1f47eaca1bd83e545276a79021ec43590b2b17283256fec5c8a8fbbe2642c7413236d0e11228406ddf2e7f36562f2c51d79892c1751b22b5588985f51eb21636e83aae01809bf847b501c79353879829ab0f2bc307894b1297be51ff5c15f3109413258071fd6e80216ab3856e8133a18ed05e142da8d90b7fb4c3bd08fd7e68f399e22fdc499287ae20ae9c88c059b41af9c60b570b73d041233ff4c938bc06d94a906c823333b971c900f50d5e731f8dd9640fb0203010001300d06092a864886f70d01010b05000382010100225d83bca5171d13b7034e34ec23116c6213547acf385177b25236cf3a8e6a49c1723dc1e11fa545379975ef72dcdda2b3442251d764c20c8d0ddc033aa8aa65591a9529bb67445839c608ba1c3c462f69548d72b317c5a6bbd6e63bfb804aded926ba9bb5db1db0421d8f658b0046622d0d9369d1eea7d84dff27656d2789b658deab9c0703af5381123e8714d2f8eeff7c0f8fda6ec1190e25e545c6c0acf415d9cc053a96880fa30de62b0d2486c40eb3fe575ff342d0540853001eee1b4a5d04e26aa248fe3544ea9eba9af2ef47ad079a95293b89b596021b744d65578d020d980ec5ecdc7ad496e17e3b99a3883defa3ab6a4e5a78cd5e4d1343e85a02",
+        .validCert = true,
+        .msg = "Hello, world!\n",
+        .msgHash =
+            "d9014c4624844aa5bac314773d6b689ad467fa4e1d1a50a1b8a99d5a95f72ff5"},
+
+    // 10 - ecdsa_secp256r1_sha256 with short signature
+    SignatureTestData{
+        .sigScheme = fizz::SignatureScheme::ecdsa_secp256r1_sha256,
+        .sig = "01",
+        .validSig = false,
+        .certDer =
+            "308201f33082019902146319d6fd924a04fb0811d41f851256f44da86bfe300a06082a8648ce3d040302307c310b30090603550406130255533113301106035504080c0a43616c69666f726e69613113301106035504070c0a4d656e6c6f205061726b311a3018060355040a0c11596f7572204f7267616e697a6174696f6e310d300b060355040b0c04546573743118301606035504030c0f746573742e646f6d61696e2e666f6f301e170d3234303933303231303233375a170d3235303933303231303233375a307c310b30090603550406130255533113301106035504080c0a43616c69666f726e69613113301106035504070c0a4d656e6c6f205061726b311a3018060355040a0c11596f7572204f7267616e697a6174696f6e310d300b060355040b0c04546573743118301606035504030c0f746573742e646f6d61696e2e666f6f3059301306072a8648ce3d020106082a8648ce3d0301070342000462a9238aaf2d52630b64325ddf600009592d9144848ddb9c349b83750363e6177c4ca51ab865b66401e6fa720148183a2dde815dad0bf6fcf43c49f9b0985594300a06082a8648ce3d040302034800304502210097eddaa3ddf5c6a3f7e993413252bd7c9c2b04f734d0824f9548aa3724b6a4ff02200be7b4a218285a96c83a18ec22b80cad27d99781b08cdf3fc1c8dd96e10435e9",
+        .validCert = true,
+        .msg = "Hello, world!",
+        .msgHash =
+            "315f5bdb76d078c43b8ac0064e4a0164612b1fce77c869345bfc94c75894edd3"},
+
+    // 11 - ecdsa_secp384r1_sha384 with short signature
+    SignatureTestData{
+        .sigScheme = fizz::SignatureScheme::ecdsa_secp384r1_sha384,
+        .sig = "01",
+        .validSig = false,
+        .certDer =
+            "30820230308201b602144789a43d59094e62d0a185f3f389fe23dce66996300a06082a8648ce3d040302307c310b30090603550406130255533113301106035504080c0a43616c69666f726e69613113301106035504070c0a4d656e6c6f205061726b311a3018060355040a0c11596f7572204f7267616e697a6174696f6e310d300b060355040b0c04546573743118301606035504030c0f746573742e646f6d61696e2e666f6f301e170d3234303933303231303834305a170d3235303933303231303834305a307c310b30090603550406130255533113301106035504080c0a43616c69666f726e69613113301106035504070c0a4d656e6c6f205061726b311a3018060355040a0c11596f7572204f7267616e697a6174696f6e310d300b060355040b0c04546573743118301606035504030c0f746573742e646f6d61696e2e666f6f3076301006072a8648ce3d020106052b81040022036200049aed07504902c74140e63dd62e1d66fdca4cecc89769d4f99b16cf5d5976d07f6dd1f7ea5e29fa1f485bacff61ab8d2b6efab6fcca5c2f4866c553f94f5777c3413459bae774005c3e49f933726c448bbb3c0a632e1a7fd8eacb9887ac31ce0e300a06082a8648ce3d04030203680030650231009624cb719e4938c0d3820abbace751601716e57592e6b6f6df8bb7ca2f8eed9843f3599f379d1c621f82f9e371ffee190230634387dc6c396373382f940a9f65f67261294d7e4208fd6a2da96fb54ac11588ab72760f877e32007be0f5f74ee46c50",
+        .validCert = true,
+        .msg = "Hello, world!",
+        .msgHash =
+            "55bc556b0d2fe0fce582ba5fe07baafff035653638c7ac0d5494c2a64c0bea1cc57331c7c12a45cdbca7f4c34a089eeb"},
+
+    // 12 - mismatched key: ecdsa_secp384r1_sha384 with a p256 key
+    SignatureTestData{
+        .sigScheme = fizz::SignatureScheme::ecdsa_secp384r1_sha384,
+        .sig =
+            "306402301dc5375b46e4f8fda94dced18ef3b8aa79607595c0be2fe85b5660ad2ca9f4380bb9758deb3fee7552af9a3d6c6bf3c202302533afcd9cb6933737322cee3eccc65485149d47a038a5a382784b68b039dd7a1cc6ac79c15f937f48deda88f0a78e26",
+        .validSig = false,
+        .certDer =
+            "308201fd308201a302141f28e27e7bde3694a04b7a9129a6f800309d4c49300a06082a8648ce3d040302308180310b30090603550406130255533113301106035504080c0a43616c69666f726e69613113301106035504070c0a4d656e6c6f205061726b311a3018060355040a0c11596f7572204f7267616e697a6174696f6e3110300e060355040b0c07546573744f72673119301706035504030c1074657374696e672e666f6f2e74657374301e170d3234313031363231313835365a170d3235313031363231313835365a308180310b30090603550406130255533113301106035504080c0a43616c69666f726e69613113301106035504070c0a4d656e6c6f205061726b311a3018060355040a0c11596f7572204f7267616e697a6174696f6e3110300e060355040b0c07546573744f72673119301706035504030c1074657374696e672e666f6f2e746573743059301306072a8648ce3d020106082a8648ce3d03010703420004da1a9dd4e9cc8033f84c130d9c6b508341086c0c9cea94cc7943d1b26c978ff403c7157e03af43b26493a86e2d88f9b92af290431c00ac7cf5bb39b3cfeb47e7300a06082a8648ce3d040302034800304502202f98fd2d4e4eb089f9f9aa9e94f17362ae8013e034c6c26bc9752cf3a0be0387022100ee3fc5a1372da8d79ea3b1ab2aec71ac06cccbfac04149d08dfa6bfc4635343b",
+        .validCert = true,
+        .msg = "Handshake message",
+        .msgHash =
+            "c9fbdd356812ea7cb791c6f1d4757890e4ba230e540ff06dae61bf89e25dfd90c8532cc27e41233743040fa8918aaa6d"},
+
 };
 } // namespace fizz::test