| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/ct_serialization.h" | 5 #include "net/cert/ct_serialization.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 | 8 |
| 9 #include "base/files/file_path.h" | 9 #include "base/files/file_path.h" |
| 10 #include "base/files/file_util.h" | 10 #include "base/files/file_util.h" |
| 11 #include "net/base/test_completion_callback.h" | 11 #include "net/base/test_completion_callback.h" |
| 12 #include "net/base/test_data_directory.h" | 12 #include "net/base/test_data_directory.h" |
| 13 #include "net/cert/merkle_tree_leaf.h" |
| 13 #include "net/cert/signed_certificate_timestamp.h" | 14 #include "net/cert/signed_certificate_timestamp.h" |
| 14 #include "net/cert/signed_tree_head.h" | 15 #include "net/cert/signed_tree_head.h" |
| 15 #include "net/cert/x509_certificate.h" | 16 #include "net/cert/x509_certificate.h" |
| 16 #include "net/log/net_log.h" | 17 #include "net/log/net_log.h" |
| 17 #include "net/test/cert_test_util.h" | 18 #include "net/test/cert_test_util.h" |
| 18 #include "net/test/ct_test_util.h" | 19 #include "net/test/ct_test_util.h" |
| 20 #include "testing/gmock/include/gmock/gmock.h" |
| 19 #include "testing/gtest/include/gtest/gtest.h" | 21 #include "testing/gtest/include/gtest/gtest.h" |
| 20 | 22 |
| 23 using ::testing::ElementsAreArray; |
| 24 |
| 21 namespace net { | 25 namespace net { |
| 22 | 26 |
| 23 class CtSerializationTest : public ::testing::Test { | 27 class CtSerializationTest : public ::testing::Test { |
| 24 public: | 28 public: |
| 25 void SetUp() override { | 29 void SetUp() override { |
| 26 test_digitally_signed_ = ct::GetTestDigitallySigned(); | 30 test_digitally_signed_ = ct::GetTestDigitallySigned(); |
| 27 } | 31 } |
| 28 | 32 |
| 29 protected: | 33 protected: |
| 30 std::string test_digitally_signed_; | 34 std::string test_digitally_signed_; |
| (...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 72 | 76 |
| 73 std::string encoded; | 77 std::string encoded; |
| 74 | 78 |
| 75 ASSERT_TRUE(ct::EncodeDigitallySigned(digitally_signed, &encoded)); | 79 ASSERT_TRUE(ct::EncodeDigitallySigned(digitally_signed, &encoded)); |
| 76 EXPECT_EQ(test_digitally_signed_, encoded); | 80 EXPECT_EQ(test_digitally_signed_, encoded); |
| 77 } | 81 } |
| 78 | 82 |
| 79 | 83 |
| 80 TEST_F(CtSerializationTest, EncodesLogEntryForX509Cert) { | 84 TEST_F(CtSerializationTest, EncodesLogEntryForX509Cert) { |
| 81 ct::LogEntry entry; | 85 ct::LogEntry entry; |
| 82 GetX509CertLogEntry(&entry); | 86 ct::GetX509CertLogEntry(&entry); |
| 83 | 87 |
| 84 std::string encoded; | 88 std::string encoded; |
| 85 ASSERT_TRUE(ct::EncodeLogEntry(entry, &encoded)); | 89 ASSERT_TRUE(ct::EncodeLogEntry(entry, &encoded)); |
| 86 EXPECT_EQ((718U + 5U), encoded.size()); | 90 EXPECT_EQ((718U + 5U), encoded.size()); |
| 87 // First two bytes are log entry type. Next, length: | 91 // First two bytes are log entry type. Next, length: |
| 88 // Length is 718 which is 512 + 206, which is 0x2ce | 92 // Length is 718 which is 512 + 206, which is 0x2ce |
| 89 std::string expected_prefix("\0\0\0\x2\xCE", 5); | 93 std::string expected_prefix("\0\0\0\x2\xCE", 5); |
| 90 // Note we use std::string comparison rather than ASSERT_STREQ due | 94 // Note we use std::string comparison rather than ASSERT_STREQ due |
| 91 // to null characters in the buffer. | 95 // to null characters in the buffer. |
| 92 EXPECT_EQ(expected_prefix, encoded.substr(0, 5)); | 96 EXPECT_EQ(expected_prefix, encoded.substr(0, 5)); |
| 93 } | 97 } |
| 94 | 98 |
| 99 TEST_F(CtSerializationTest, EncodesLogEntryForPrecert) { |
| 100 ct::LogEntry entry; |
| 101 ct::GetPrecertLogEntry(&entry); |
| 102 |
| 103 std::string encoded; |
| 104 ASSERT_TRUE(ct::EncodeLogEntry(entry, &encoded)); |
| 105 EXPECT_EQ(604u, encoded.size()); |
| 106 // First two bytes are the log entry type. |
| 107 EXPECT_EQ(std::string("\x00\x01", 2), encoded.substr(0, 2)); |
| 108 // Next comes the 32-byte issuer key hash |
| 109 EXPECT_THAT(encoded.substr(2, 32), |
| 110 ElementsAreArray(entry.issuer_key_hash.data)); |
| 111 // Then the length of the TBS cert (604 bytes = 0x237) |
| 112 EXPECT_EQ(std::string("\x00\x02\x37", 3), encoded.substr(34, 3)); |
| 113 // Then the TBS cert itself |
| 114 EXPECT_EQ(entry.tbs_certificate, encoded.substr(37)); |
| 115 } |
| 116 |
| 95 TEST_F(CtSerializationTest, EncodesV1SCTSignedData) { | 117 TEST_F(CtSerializationTest, EncodesV1SCTSignedData) { |
| 96 base::Time timestamp = base::Time::UnixEpoch() + | 118 base::Time timestamp = base::Time::UnixEpoch() + |
| 97 base::TimeDelta::FromMilliseconds(1348589665525); | 119 base::TimeDelta::FromMilliseconds(1348589665525); |
| 98 std::string dummy_entry("abc"); | 120 std::string dummy_entry("abc"); |
| 99 std::string empty_extensions; | 121 std::string empty_extensions; |
| 100 // For now, no known failure cases. | 122 // For now, no known failure cases. |
| 101 std::string encoded; | 123 std::string encoded; |
| 102 ASSERT_TRUE(ct::EncodeV1SCTSignedData( | 124 ASSERT_TRUE(ct::EncodeV1SCTSignedData( |
| 103 timestamp, | 125 timestamp, |
| 104 dummy_entry, | 126 dummy_entry, |
| (...skipping 52 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 157 | 179 |
| 158 ASSERT_FALSE( | 180 ASSERT_FALSE( |
| 159 ct::DecodeSignedCertificateTimestamp(&invalid_version_sct, &sct)); | 181 ct::DecodeSignedCertificateTimestamp(&invalid_version_sct, &sct)); |
| 160 | 182 |
| 161 // Valid version, invalid length (missing data) | 183 // Valid version, invalid length (missing data) |
| 162 base::StringPiece invalid_length_sct("\x0\xa\xb\xc", 4); | 184 base::StringPiece invalid_length_sct("\x0\xa\xb\xc", 4); |
| 163 ASSERT_FALSE( | 185 ASSERT_FALSE( |
| 164 ct::DecodeSignedCertificateTimestamp(&invalid_length_sct, &sct)); | 186 ct::DecodeSignedCertificateTimestamp(&invalid_length_sct, &sct)); |
| 165 } | 187 } |
| 166 | 188 |
| 189 TEST_F(CtSerializationTest, EncodesMerkleTreeLeafForX509Cert) { |
| 190 ct::MerkleTreeLeaf tree_leaf; |
| 191 ct::GetX509CertTreeLeaf(&tree_leaf); |
| 192 |
| 193 std::string encoded; |
| 194 ASSERT_TRUE(ct::EncodeTreeLeaf(tree_leaf, &encoded)); |
| 195 EXPECT_EQ(741u, encoded.size()) << "Merkle tree leaf encoded incorrectly"; |
| 196 EXPECT_EQ(std::string("\x00", 1), encoded.substr(0, 1)) << |
| 197 "Version encoded incorrectly"; |
| 198 EXPECT_EQ(std::string("\x00", 1), encoded.substr(1, 1)) << |
| 199 "Merkle tree leaf type encoded incorrectly"; |
| 200 EXPECT_EQ(std::string("\x00\x00\x01\x45\x3c\x5f\xb8\x35", 8), |
| 201 encoded.substr(2, 8)) << |
| 202 "Timestamp encoded incorrectly"; |
| 203 EXPECT_EQ(std::string("\x00\x00", 2), encoded.substr(10, 2)) << |
| 204 "Log entry type encoded incorrectly"; |
| 205 EXPECT_EQ(std::string("\x00\x02\xce", 3), encoded.substr(12, 3)) << |
| 206 "Certificate length encoded incorrectly"; |
| 207 EXPECT_EQ(tree_leaf.log_entry.leaf_certificate, encoded.substr(15, 718)) << |
| 208 "Certificate encoded incorrectly"; |
| 209 EXPECT_EQ(std::string("\x00\x06", 2), encoded.substr(733, 2)) << |
| 210 "CT extensions length encoded incorrectly"; |
| 211 EXPECT_EQ(tree_leaf.extensions, encoded.substr(735, 6)) << |
| 212 "CT extensions encoded incorrectly"; |
| 213 } |
| 214 |
| 215 TEST_F(CtSerializationTest, EncodesMerkleTreeLeafForPrecert) { |
| 216 ct::MerkleTreeLeaf tree_leaf; |
| 217 ct::GetPrecertTreeLeaf(&tree_leaf); |
| 218 |
| 219 std::string encoded; |
| 220 ASSERT_TRUE(ct::EncodeTreeLeaf(tree_leaf, &encoded)); |
| 221 EXPECT_EQ(622u, encoded.size()) << "Merkle tree leaf encoded incorrectly"; |
| 222 EXPECT_EQ(std::string("\x00", 1), encoded.substr(0, 1)) << |
| 223 "Version encoded incorrectly"; |
| 224 EXPECT_EQ(std::string("\x00", 1), encoded.substr(1, 1)) << |
| 225 "Merkle tree leaf type encoded incorrectly"; |
| 226 EXPECT_EQ(std::string("\x00\x00\x01\x45\x3c\x5f\xb8\x35", 8), |
| 227 encoded.substr(2, 8)) << |
| 228 "Timestamp encoded incorrectly"; |
| 229 EXPECT_EQ(std::string("\x00\x01", 2), encoded.substr(10, 2)) << |
| 230 "Log entry type encoded incorrectly"; |
| 231 EXPECT_THAT(encoded.substr(12, 32), |
| 232 ElementsAreArray(tree_leaf.log_entry.issuer_key_hash.data)) << |
| 233 "Issuer key hash encoded incorrectly"; |
| 234 EXPECT_EQ(std::string("\x00\x02\x37", 3), encoded.substr(44, 3)) << |
| 235 "TBS certificate length encoded incorrectly"; |
| 236 EXPECT_EQ(tree_leaf.log_entry.tbs_certificate, encoded.substr(47, 567)) << |
| 237 "TBS certificate encoded incorrectly"; |
| 238 EXPECT_EQ(std::string("\x00\x06", 2), encoded.substr(614, 2)) << |
| 239 "CT extensions length encoded incorrectly"; |
| 240 EXPECT_EQ(tree_leaf.extensions, encoded.substr(616, 6)) << |
| 241 "CT extensions encoded incorrectly"; |
| 242 } |
| 243 |
| 167 TEST_F(CtSerializationTest, EncodesValidSignedTreeHead) { | 244 TEST_F(CtSerializationTest, EncodesValidSignedTreeHead) { |
| 168 ct::SignedTreeHead signed_tree_head; | 245 ct::SignedTreeHead signed_tree_head; |
| 169 ASSERT_TRUE(GetSampleSignedTreeHead(&signed_tree_head)); | 246 ASSERT_TRUE(GetSampleSignedTreeHead(&signed_tree_head)); |
| 170 | 247 |
| 171 std::string encoded; | 248 std::string encoded; |
| 172 ct::EncodeTreeHeadSignature(signed_tree_head, &encoded); | 249 ct::EncodeTreeHeadSignature(signed_tree_head, &encoded); |
| 173 // Expected size is 50 bytes: | 250 // Expected size is 50 bytes: |
| 174 // Byte 0 is version, byte 1 is signature type | 251 // Byte 0 is version, byte 1 is signature type |
| 175 // Bytes 2-9 are timestamp | 252 // Bytes 2-9 are timestamp |
| 176 // Bytes 10-17 are tree size | 253 // Bytes 10-17 are tree size |
| 177 // Bytes 18-49 are sha256 root hash | 254 // Bytes 18-49 are sha256 root hash |
| 178 ASSERT_EQ(50u, encoded.length()); | 255 ASSERT_EQ(50u, encoded.length()); |
| 179 std::string expected_buffer( | 256 std::string expected_buffer( |
| 180 "\x0\x1\x0\x0\x1\x45\x3c\x5f\xb8\x35\x0\x0\x0\x0\x0\x0\x0\x15", 18); | 257 "\x0\x1\x0\x0\x1\x45\x3c\x5f\xb8\x35\x0\x0\x0\x0\x0\x0\x0\x15", 18); |
| 181 expected_buffer.append(ct::GetSampleSTHSHA256RootHash()); | 258 expected_buffer.append(ct::GetSampleSTHSHA256RootHash()); |
| 182 ASSERT_EQ(expected_buffer, encoded); | 259 ASSERT_EQ(expected_buffer, encoded); |
| 183 } | 260 } |
| 184 | 261 |
| 185 } // namespace net | 262 } // namespace net |
| 186 | 263 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1943313003:
Adds a function for encoding a Merkle tree leaf in TLS wire format. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master