| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/ct_serialization.h" | 5 #include "net/cert/ct_serialization.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 | 8 |
| 9 #include "base/files/file_path.h" | 9 #include "base/files/file_path.h" |
| 10 #include "base/files/file_util.h" | 10 #include "base/files/file_util.h" |
| 11 #include "net/base/test_completion_callback.h" | 11 #include "net/base/test_completion_callback.h" |
| 12 #include "net/base/test_data_directory.h" | 12 #include "net/base/test_data_directory.h" |
| 13 #include "net/cert/x509_certificate.h" | 13 #include "net/cert/x509_certificate.h" |
| 14 #include "net/log/net_log.h" | 14 #include "net/log/net_log.h" |
| 15 #include "net/test/cert_test_util.h" | 15 #include "net/test/cert_test_util.h" |
| 16 #include "net/test/ct_test_util.h" | 16 #include "net/test/ct_test_util.h" |
| 17 #include "testing/gmock/include/gmock/gmock.h" |
| 17 #include "testing/gtest/include/gtest/gtest.h" | 18 #include "testing/gtest/include/gtest/gtest.h" |
| 18 | 19 |
| 20 using ::testing::ElementsAreArray; |
| 21 |
| 19 namespace net { | 22 namespace net { |
| 20 | 23 |
| 21 class CtSerializationTest : public ::testing::Test { | 24 class CtSerializationTest : public ::testing::Test { |
| 22 public: | 25 public: |
| 23 void SetUp() override { | 26 void SetUp() override { |
| 24 test_digitally_signed_ = ct::GetTestDigitallySigned(); | 27 test_digitally_signed_ = ct::GetTestDigitallySigned(); |
| 25 } | 28 } |
| 26 | 29 |
| 27 protected: | 30 protected: |
| 28 std::string test_digitally_signed_; | 31 std::string test_digitally_signed_; |
| (...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 70 | 73 |
| 71 std::string encoded; | 74 std::string encoded; |
| 72 | 75 |
| 73 ASSERT_TRUE(ct::EncodeDigitallySigned(digitally_signed, &encoded)); | 76 ASSERT_TRUE(ct::EncodeDigitallySigned(digitally_signed, &encoded)); |
| 74 EXPECT_EQ(test_digitally_signed_, encoded); | 77 EXPECT_EQ(test_digitally_signed_, encoded); |
| 75 } | 78 } |
| 76 | 79 |
| 77 | 80 |
| 78 TEST_F(CtSerializationTest, EncodesLogEntryForX509Cert) { | 81 TEST_F(CtSerializationTest, EncodesLogEntryForX509Cert) { |
| 79 ct::LogEntry entry; | 82 ct::LogEntry entry; |
| 80 GetX509CertLogEntry(&entry); | 83 ct::GetX509CertLogEntry(&entry); |
| 81 | 84 |
| 82 std::string encoded; | 85 std::string encoded; |
| 83 ASSERT_TRUE(ct::EncodeLogEntry(entry, &encoded)); | 86 ASSERT_TRUE(ct::EncodeLogEntry(entry, &encoded)); |
| 84 EXPECT_EQ((718U + 5U), encoded.size()); | 87 EXPECT_EQ((718U + 5U), encoded.size()); |
| 85 // First two bytes are log entry type. Next, length: | 88 // First two bytes are log entry type. Next, length: |
| 86 // Length is 718 which is 512 + 206, which is 0x2ce | 89 // Length is 718 which is 512 + 206, which is 0x2ce |
| 87 std::string expected_prefix("\0\0\0\x2\xCE", 5); | 90 std::string expected_prefix("\0\0\0\x2\xCE", 5); |
| 88 // Note we use std::string comparison rather than ASSERT_STREQ due | 91 // Note we use std::string comparison rather than ASSERT_STREQ due |
| 89 // to null characters in the buffer. | 92 // to null characters in the buffer. |
| 90 EXPECT_EQ(expected_prefix, encoded.substr(0, 5)); | 93 EXPECT_EQ(expected_prefix, encoded.substr(0, 5)); |
| 91 } | 94 } |
| 92 | 95 |
| 96 TEST_F(CtSerializationTest, EncodesLogEntryForPrecert) { |
| 97 ct::LogEntry entry; |
| 98 ct::GetPrecertLogEntry(&entry); |
| 99 |
| 100 std::string encoded; |
| 101 ASSERT_TRUE(ct::EncodeLogEntry(entry, &encoded)); |
| 102 EXPECT_EQ(604u, encoded.size()); |
| 103 // First two bytes are the log entry type. |
| 104 EXPECT_EQ(std::string("\x00\x01", 2), encoded.substr(0, 2)); |
| 105 // Next comes the 32-byte issuer key hash |
| 106 EXPECT_THAT(encoded.substr(2, 32), |
| 107 ElementsAreArray(entry.issuer_key_hash.data)); |
| 108 // Then the length of the TBS cert (604 bytes = 0x237) |
| 109 EXPECT_EQ(std::string("\x00\x02\x37", 3), encoded.substr(34, 3)); |
| 110 // Then the TBS cert itself |
| 111 EXPECT_EQ(entry.tbs_certificate, encoded.substr(37)); |
| 112 } |
| 113 |
| 93 TEST_F(CtSerializationTest, EncodesV1SCTSignedData) { | 114 TEST_F(CtSerializationTest, EncodesV1SCTSignedData) { |
| 94 base::Time timestamp = base::Time::UnixEpoch() + | 115 base::Time timestamp = base::Time::UnixEpoch() + |
| 95 base::TimeDelta::FromMilliseconds(1348589665525); | 116 base::TimeDelta::FromMilliseconds(1348589665525); |
| 96 std::string dummy_entry("abc"); | 117 std::string dummy_entry("abc"); |
| 97 std::string empty_extensions; | 118 std::string empty_extensions; |
| 98 // For now, no known failure cases. | 119 // For now, no known failure cases. |
| 99 std::string encoded; | 120 std::string encoded; |
| 100 ASSERT_TRUE(ct::EncodeV1SCTSignedData( | 121 ASSERT_TRUE(ct::EncodeV1SCTSignedData( |
| 101 timestamp, | 122 timestamp, |
| 102 dummy_entry, | 123 dummy_entry, |
| (...skipping 52 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 155 | 176 |
| 156 ASSERT_FALSE( | 177 ASSERT_FALSE( |
| 157 ct::DecodeSignedCertificateTimestamp(&invalid_version_sct, &sct)); | 178 ct::DecodeSignedCertificateTimestamp(&invalid_version_sct, &sct)); |
| 158 | 179 |
| 159 // Valid version, invalid length (missing data) | 180 // Valid version, invalid length (missing data) |
| 160 base::StringPiece invalid_length_sct("\x0\xa\xb\xc", 4); | 181 base::StringPiece invalid_length_sct("\x0\xa\xb\xc", 4); |
| 161 ASSERT_FALSE( | 182 ASSERT_FALSE( |
| 162 ct::DecodeSignedCertificateTimestamp(&invalid_length_sct, &sct)); | 183 ct::DecodeSignedCertificateTimestamp(&invalid_length_sct, &sct)); |
| 163 } | 184 } |
| 164 | 185 |
| 186 TEST_F(CtSerializationTest, EncodesMerkleTreeLeafForX509Cert) { |
| 187 ct::MerkleTreeLeaf tree_leaf; |
| 188 ct::GetX509CertTreeLeaf(&tree_leaf); |
| 189 |
| 190 std::string encoded; |
| 191 ASSERT_TRUE(ct::EncodeTreeLeaf(tree_leaf, &encoded)); |
| 192 EXPECT_EQ(741u, encoded.size()) << "Merkle tree leaf encoded incorrectly"; |
| 193 EXPECT_EQ(std::string("\x00", 1), encoded.substr(0, 1)) << |
| 194 "Version encoded incorrectly"; |
| 195 EXPECT_EQ(std::string("\x00", 1), encoded.substr(1, 1)) << |
| 196 "Merkle tree leaf type encoded incorrectly"; |
| 197 EXPECT_EQ(std::string("\x00\x00\x01\x45\x3c\x5f\xb8\x35", 8), |
| 198 encoded.substr(2, 8)) << |
| 199 "Timestamp encoded incorrectly"; |
| 200 EXPECT_EQ(std::string("\x00\x00", 2), encoded.substr(10, 2)) << |
| 201 "Log entry type encoded incorrectly"; |
| 202 EXPECT_EQ(std::string("\x00\x02\xce", 3), encoded.substr(12, 3)) << |
| 203 "Certificate length encoded incorrectly"; |
| 204 EXPECT_EQ(tree_leaf.log_entry.leaf_certificate, encoded.substr(15, 718)) << |
| 205 "Certificate encoded incorrectly"; |
| 206 EXPECT_EQ(std::string("\x00\x06", 2), encoded.substr(733, 2)) << |
| 207 "CT extensions length encoded incorrectly"; |
| 208 EXPECT_EQ(tree_leaf.extensions, encoded.substr(735, 6)) << |
| 209 "CT extensions encoded incorrectly"; |
| 210 } |
| 211 |
| 212 TEST_F(CtSerializationTest, EncodesMerkleTreeLeafForPrecert) { |
| 213 ct::MerkleTreeLeaf tree_leaf; |
| 214 ct::GetPrecertTreeLeaf(&tree_leaf); |
| 215 |
| 216 std::string encoded; |
| 217 ASSERT_TRUE(ct::EncodeTreeLeaf(tree_leaf, &encoded)); |
| 218 EXPECT_EQ(622u, encoded.size()) << "Merkle tree leaf encoded incorrectly"; |
| 219 EXPECT_EQ(std::string("\x00", 1), encoded.substr(0, 1)) << |
| 220 "Version encoded incorrectly"; |
| 221 EXPECT_EQ(std::string("\x00", 1), encoded.substr(1, 1)) << |
| 222 "Merkle tree leaf type encoded incorrectly"; |
| 223 EXPECT_EQ(std::string("\x00\x00\x01\x45\x3c\x5f\xb8\x35", 8), |
| 224 encoded.substr(2, 8)) << |
| 225 "Timestamp encoded incorrectly"; |
| 226 EXPECT_EQ(std::string("\x00\x01", 2), encoded.substr(10, 2)) << |
| 227 "Log entry type encoded incorrectly"; |
| 228 EXPECT_THAT(encoded.substr(12, 32), |
| 229 ElementsAreArray(tree_leaf.log_entry.issuer_key_hash.data)) << |
| 230 "Issuer key hash encoded incorrectly"; |
| 231 EXPECT_EQ(std::string("\x00\x02\x37", 3), encoded.substr(44, 3)) << |
| 232 "TBS certificate length encoded incorrectly"; |
| 233 EXPECT_EQ(tree_leaf.log_entry.tbs_certificate, encoded.substr(47, 567)) << |
| 234 "TBS certificate encoded incorrectly"; |
| 235 EXPECT_EQ(std::string("\x00\x06", 2), encoded.substr(614, 2)) << |
| 236 "CT extensions length encoded incorrectly"; |
| 237 EXPECT_EQ(tree_leaf.extensions, encoded.substr(616, 6)) << |
| 238 "CT extensions encoded incorrectly"; |
| 239 } |
| 240 |
| 165 TEST_F(CtSerializationTest, EncodesValidSignedTreeHead) { | 241 TEST_F(CtSerializationTest, EncodesValidSignedTreeHead) { |
| 166 ct::SignedTreeHead signed_tree_head; | 242 ct::SignedTreeHead signed_tree_head; |
| 167 ASSERT_TRUE(GetSampleSignedTreeHead(&signed_tree_head)); | 243 ASSERT_TRUE(GetSampleSignedTreeHead(&signed_tree_head)); |
| 168 | 244 |
| 169 std::string encoded; | 245 std::string encoded; |
| 170 ct::EncodeTreeHeadSignature(signed_tree_head, &encoded); | 246 ct::EncodeTreeHeadSignature(signed_tree_head, &encoded); |
| 171 // Expected size is 50 bytes: | 247 // Expected size is 50 bytes: |
| 172 // Byte 0 is version, byte 1 is signature type | 248 // Byte 0 is version, byte 1 is signature type |
| 173 // Bytes 2-9 are timestamp | 249 // Bytes 2-9 are timestamp |
| 174 // Bytes 10-17 are tree size | 250 // Bytes 10-17 are tree size |
| 175 // Bytes 18-49 are sha256 root hash | 251 // Bytes 18-49 are sha256 root hash |
| 176 ASSERT_EQ(50u, encoded.length()); | 252 ASSERT_EQ(50u, encoded.length()); |
| 177 std::string expected_buffer( | 253 std::string expected_buffer( |
| 178 "\x0\x1\x0\x0\x1\x45\x3c\x5f\xb8\x35\x0\x0\x0\x0\x0\x0\x0\x15", 18); | 254 "\x0\x1\x0\x0\x1\x45\x3c\x5f\xb8\x35\x0\x0\x0\x0\x0\x0\x0\x15", 18); |
| 179 expected_buffer.append(ct::GetSampleSTHSHA256RootHash()); | 255 expected_buffer.append(ct::GetSampleSTHSHA256RootHash()); |
| 180 ASSERT_EQ(expected_buffer, encoded); | 256 ASSERT_EQ(expected_buffer, encoded); |
| 181 } | 257 } |
| 182 | 258 |
| 183 } // namespace net | 259 } // namespace net |
| 184 | 260 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1943313003:
Adds a function for encoding a Merkle tree leaf in TLS wire format. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master