Chromium Code Reviews Chromium Code Reviews
Issue 1943313003:
Adds a function for encoding a Merkle tree leaf in TLS wire format. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/test/ct_test_util.h" | 5 #include "net/test/ct_test_util.h" |
| 6 | 6 |
| 7 #include <stdint.h> | 7 #include <stdint.h> |
| 8 #include <string.h> | 8 #include <string.h> |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| 11 #include "base/base64.h" | 11 #include "base/base64.h" |
| 12 #include "base/strings/string_number_conversions.h" | 12 #include "base/strings/string_number_conversions.h" |
| 13 #include "base/strings/string_piece.h" | 13 #include "base/strings/string_piece.h" |
| 14 #include "base/strings/string_util.h" | 14 #include "base/strings/string_util.h" |
| 15 #include "base/strings/stringprintf.h" | 15 #include "base/strings/stringprintf.h" |
| 16 #include "net/cert/ct_serialization.h" | 16 #include "net/cert/ct_serialization.h" |
| 17 #include "net/cert/ct_verify_result.h" | 17 #include "net/cert/ct_verify_result.h" |
| 18 #include "net/cert/merkle_tree_leaf.h" | |
| 18 #include "net/cert/signed_tree_head.h" | 19 #include "net/cert/signed_tree_head.h" |
| 19 #include "net/cert/x509_certificate.h" | 20 #include "net/cert/x509_certificate.h" |
| 20 | 21 |
| 21 namespace net { | 22 namespace net { |
| 22 | 23 |
| 23 namespace ct { | 24 namespace ct { |
| 24 | 25 |
| 25 namespace { | 26 namespace { |
| 26 | 27 |
| 27 std::string HexToBytes(const char* hex_data) { | 28 std::string HexToBytes(const char* hex_data) { |
| (...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 71 "beef98e7c26877ae385f75325a0c1d329bedf18faaf4d796bf047eb7e1ce15c95ba2f80ee4" | 72 "beef98e7c26877ae385f75325a0c1d329bedf18faaf4d796bf047eb7e1ce15c95ba2f80ee4" |
| 72 "58bd7db86f8a4b252191a79bd700c38e9c0389b45cd4dc9a120ab21e0cb41cd0e72805a410" | 73 "58bd7db86f8a4b252191a79bd700c38e9c0389b45cd4dc9a120ab21e0cb41cd0e72805a410" |
| 73 "cd9c5bdb5d4927726daf1710f60187377ea25b1a1e39eed0b88119dc154dc68f7da8e30caf" | 74 "cd9c5bdb5d4927726daf1710f60187377ea25b1a1e39eed0b88119dc154dc68f7da8e30caf" |
| 74 "158a33e6c9509f4a05b01409ff5dd87eb50203010001a381ac3081a9301d0603551d0e0416" | 75 "158a33e6c9509f4a05b01409ff5dd87eb50203010001a381ac3081a9301d0603551d0e0416" |
| 75 "04142031541af25c05ffd8658b6843794f5e9036f7b4307d0603551d230476307480145f9d" | 76 "04142031541af25c05ffd8658b6843794f5e9036f7b4307d0603551d230476307480145f9d" |
| 76 "880dc873e654d4f80dd8e6b0c124b447c355a159a4573055310b3009060355040613024742" | 77 "880dc873e654d4f80dd8e6b0c124b447c355a159a4573055310b3009060355040613024742" |
| 77 "31243022060355040a131b4365727469666963617465205472616e73706172656e63792043" | 78 "31243022060355040a131b4365727469666963617465205472616e73706172656e63792043" |
| 78 "41310e300c0603550408130557616c65733110300e060355040713074572772057656e8201" | 79 "41310e300c0603550408130557616c65733110300e060355040713074572772057656e8201" |
| 79 "0030090603551d1304023000"; | 80 "0030090603551d1304023000"; |
| 80 | 81 |
| 82 const char kDefaultExtensions[] = "666f6f626172"; // "foobar" | |
| 83 | |
| 81 const char kTestDigitallySigned[] = | 84 const char kTestDigitallySigned[] = |
| 82 "0403004730450220606e10ae5c2d5a1b0aed49dc4937f48de71a4e9784e9c208dfbfe9ef53" | 85 "0403004730450220606e10ae5c2d5a1b0aed49dc4937f48de71a4e9784e9c208dfbfe9ef53" |
| 83 "6cf7f2022100beb29c72d7d06d61d06bdb38a069469aa86fe12e18bb7cc45689a2c0187ef5" | 86 "6cf7f2022100beb29c72d7d06d61d06bdb38a069469aa86fe12e18bb7cc45689a2c0187ef5" |
| 84 "a5"; | 87 "a5"; |
| 85 | 88 |
| 86 const char kTestSignedCertificateTimestamp[] = | 89 const char kTestSignedCertificateTimestamp[] = |
| 87 "00df1c2ec11500945247a96168325ddc5c7959e8f7c6d388fc002e0bbd3f74d7640000013d" | 90 "00df1c2ec11500945247a96168325ddc5c7959e8f7c6d388fc002e0bbd3f74d7640000013d" |
| 88 "db27ded900000403004730450220606e10ae5c2d5a1b0aed49dc4937f48de71a4e9784e9c2" | 91 "db27ded900000403004730450220606e10ae5c2d5a1b0aed49dc4937f48de71a4e9784e9c2" |
| 89 "08dfbfe9ef536cf7f2022100beb29c72d7d06d61d06bdb38a069469aa86fe12e18bb7cc456" | 92 "08dfbfe9ef536cf7f2022100beb29c72d7d06d61d06bdb38a069469aa86fe12e18bb7cc456" |
| 90 "89a2c0187ef5a5"; | 93 "89a2c0187ef5a5"; |
| 91 | 94 |
| 92 const char kEcP256PublicKey[] = | 95 const char kEcP256PublicKey[] = |
| 93 "3059301306072a8648ce3d020106082a8648ce3d0301070342000499783cb14533c0161a5a" | 96 "3059301306072a8648ce3d020106082a8648ce3d0301070342000499783cb14533c0161a5a" |
| 94 "b45bf95d08a29cd0ea8dd4c84274e2be59ad15c676960cf0afa1074a57ac644b23479e5b3f" | 97 "b45bf95d08a29cd0ea8dd4c84274e2be59ad15c676960cf0afa1074a57ac644b23479e5b3f" |
| 95 "b7b245eb4b420ef370210371a944beaceb"; | 98 "b7b245eb4b420ef370210371a944beaceb"; |
| 96 | 99 |
| 97 const char kTestKeyId[] = | 100 const char kTestKeyId[] = |
| 98 "df1c2ec11500945247a96168325ddc5c7959e8f7c6d388fc002e0bbd3f74d764"; | 101 "df1c2ec11500945247a96168325ddc5c7959e8f7c6d388fc002e0bbd3f74d764"; |
| 99 | 102 |
| 103 const int64_t kTestTimestamp = INT64_C(1396877277237); | |
|
Eran Messeri
2016/05/05 15:59:33
Given the value here is exactly the same as of kSa
Rob Percival
2016/05/05 17:31:43
Done.
| |
| 104 | |
| 100 const char kTestSCTSignatureData[] = | 105 const char kTestSCTSignatureData[] = |
| 101 "30450220606e10ae5c2d5a1b0aed49dc4937f48de71a4e9784e9c208dfbfe9ef536cf7f202" | 106 "30450220606e10ae5c2d5a1b0aed49dc4937f48de71a4e9784e9c208dfbfe9ef536cf7f202" |
| 102 "2100beb29c72d7d06d61d06bdb38a069469aa86fe12e18bb7cc45689a2c0187ef5a5"; | 107 "2100beb29c72d7d06d61d06bdb38a069469aa86fe12e18bb7cc45689a2c0187ef5a5"; |
| 103 | 108 |
| 104 const char kTestSCTPrecertSignatureData[] = | 109 const char kTestSCTPrecertSignatureData[] = |
| 105 "30450220482f6751af35dba65436be1fd6640f3dbf9a41429495924530288fa3e5e23e0602" | 110 "30450220482f6751af35dba65436be1fd6640f3dbf9a41429495924530288fa3e5e23e0602" |
| 106 "2100e4edc0db3ac572b1e2f5e8ab6a680653987dcf41027dfeffa105519d89edbf08"; | 111 "2100e4edc0db3ac572b1e2f5e8ab6a680653987dcf41027dfeffa105519d89edbf08"; |
| 107 | 112 |
| 108 // A well-formed OCSP response with fake SCT contents. Does not come from | 113 // A well-formed OCSP response with fake SCT contents. Does not come from |
| 109 // http://code.google.com/p/certificate-transparency, does not pertain to any | 114 // http://code.google.com/p/certificate-transparency, does not pertain to any |
| (...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 148 "a87f133d2f378eeeeed52a77e44d0fc9ff6f07ff32cbf3da999de4ed65832afcb0807f9878" | 153 "a87f133d2f378eeeeed52a77e44d0fc9ff6f07ff32cbf3da999de4ed65832afcb0807f9878" |
| 149 "7506539d258a0ce3c2c77967653099a9034a9b115a876c39a8c4e4ed4acd0c64095946fb39" | 154 "7506539d258a0ce3c2c77967653099a9034a9b115a876c39a8c4e4ed4acd0c64095946fb39" |
| 150 "eeeb47a0704dbb018acf48c3a1c4b895fc409fb4a340a986b1afc45519ab9eca47c30185c7" | 155 "eeeb47a0704dbb018acf48c3a1c4b895fc409fb4a340a986b1afc45519ab9eca47c30185c7" |
| 151 "71c64aa5ecf07d020103a333303130120603551d130101ff040830060101ff020100301b06" | 156 "71c64aa5ecf07d020103a333303130120603551d130101ff040830060101ff020100301b06" |
| 152 "03551d200101000411300f300d060b2b06010401d6790201ce0f300d06092a864886f70d01" | 157 "03551d200101000411300f300d060b2b06010401d6790201ce0f300d06092a864886f70d01" |
| 153 "01050500038181003f4936f8d00e83fbdde331f2c64335dcf7dec8b1a2597683edeed61af0" | 158 "01050500038181003f4936f8d00e83fbdde331f2c64335dcf7dec8b1a2597683edeed61af0" |
| 154 "fa862412fad848938fe7ab77f1f9a43671ff6fdb729386e26f49e7aca0c0ea216e5970d933" | 159 "fa862412fad848938fe7ab77f1f9a43671ff6fdb729386e26f49e7aca0c0ea216e5970d933" |
| 155 "3ea1e11df2ccb357a5fed5220f9c6239e8946b9b7517707631d51ab996833d58a022cff5a6" | 160 "3ea1e11df2ccb357a5fed5220f9c6239e8946b9b7517707631d51ab996833d58a022cff5a6" |
| 156 "2169ac9258ec110efee78da9ab4a641e3b3c9ee5e8bd291460"; | 161 "2169ac9258ec110efee78da9ab4a641e3b3c9ee5e8bd291460"; |
| 157 | 162 |
| 158 | |
| 159 const char kFakeOCSPExtensionValue[] = "74657374"; // "test" | 163 const char kFakeOCSPExtensionValue[] = "74657374"; // "test" |
| 160 | 164 |
| 161 // For the sample STH | 165 // For the sample STH |
| 162 const char kSampleSTHSHA256RootHash[] = | 166 const char kSampleSTHSHA256RootHash[] = |
| 163 "726467216167397babca293dca398e4ce6b621b18b9bc42f30c900d1f92ac1e4"; | 167 "726467216167397babca293dca398e4ce6b621b18b9bc42f30c900d1f92ac1e4"; |
| 164 const char kSampleSTHTreeHeadSignature[] = | 168 const char kSampleSTHTreeHeadSignature[] = |
| 165 "0403004730450220365a91a2a88f2b9332f41d8959fa7086da7e6d634b7b089bc9da066426" | 169 "0403004730450220365a91a2a88f2b9332f41d8959fa7086da7e6d634b7b089bc9da066426" |
| 166 "6c7a20022100e38464f3c0fd066257b982074f7ac87655e0c8f714768a050b4be9a7b441cb" | 170 "6c7a20022100e38464f3c0fd066257b982074f7ac87655e0c8f714768a050b4be9a7b441cb" |
| 167 "d3"; | 171 "d3"; |
| 168 size_t kSampleSTHTreeSize = 21u; | 172 size_t kSampleSTHTreeSize = 21u; |
| 169 int64_t kSampleSTHTimestamp = INT64_C(1396877277237); | 173 int64_t kSampleSTHTimestamp = INT64_C(1396877277237); |
| 170 | 174 |
| 171 } // namespace | 175 } // namespace |
| 172 | 176 |
| 173 void GetX509CertLogEntry(LogEntry* entry) { | 177 void GetX509CertLogEntry(LogEntry* entry) { |
| 174 entry->type = ct::LogEntry::LOG_ENTRY_TYPE_X509; | 178 entry->type = ct::LogEntry::LOG_ENTRY_TYPE_X509; |
| 175 entry->leaf_certificate = HexToBytes(kDefaultDerCert); | 179 entry->leaf_certificate = HexToBytes(kDefaultDerCert); |
| 176 } | 180 } |
| 177 | 181 |
| 182 void GetX509CertTreeLeaf(MerkleTreeLeaf* tree_leaf) { | |
| 183 tree_leaf->log_id = HexToBytes(kTestKeyId); | |
| 184 tree_leaf->timestamp = base::Time::FromJsTime(kTestTimestamp); | |
| 185 GetX509CertLogEntry(&tree_leaf->log_entry); | |
| 186 tree_leaf->extensions = HexToBytes(kDefaultExtensions); | |
| 187 } | |
| 188 | |
| 178 std::string GetDerEncodedX509Cert() { return HexToBytes(kDefaultDerCert); } | 189 std::string GetDerEncodedX509Cert() { return HexToBytes(kDefaultDerCert); } |
| 179 | 190 |
| 180 void GetPrecertLogEntry(LogEntry* entry) { | 191 void GetPrecertLogEntry(LogEntry* entry) { |
| 181 entry->type = ct::LogEntry::LOG_ENTRY_TYPE_PRECERT; | 192 entry->type = ct::LogEntry::LOG_ENTRY_TYPE_PRECERT; |
| 182 std::string issuer_hash(HexToBytes(kDefaultIssuerKeyHash)); | 193 std::string issuer_hash(HexToBytes(kDefaultIssuerKeyHash)); |
| 183 memcpy(entry->issuer_key_hash.data, issuer_hash.data(), issuer_hash.size()); | 194 memcpy(entry->issuer_key_hash.data, issuer_hash.data(), issuer_hash.size()); |
| 184 entry->tbs_certificate = HexToBytes(kDefaultDerTbsCert); | 195 entry->tbs_certificate = HexToBytes(kDefaultDerTbsCert); |
| 185 } | 196 } |
| 186 | 197 |
| 198 void GetPrecertTreeLeaf(MerkleTreeLeaf* tree_leaf) { | |
| 199 tree_leaf->log_id = HexToBytes(kTestKeyId); | |
| 200 tree_leaf->timestamp = base::Time::FromJsTime(kTestTimestamp); | |
| 201 GetPrecertLogEntry(&tree_leaf->log_entry); | |
| 202 tree_leaf->extensions = HexToBytes(kDefaultExtensions); | |
| 203 } | |
| 204 | |
| 187 std::string GetTestDigitallySigned() { | 205 std::string GetTestDigitallySigned() { |
| 188 return HexToBytes(kTestDigitallySigned); | 206 return HexToBytes(kTestDigitallySigned); |
| 189 } | 207 } |
| 190 | 208 |
| 191 std::string GetTestSignedCertificateTimestamp() { | 209 std::string GetTestSignedCertificateTimestamp() { |
| 192 return HexToBytes(kTestSignedCertificateTimestamp); | 210 return HexToBytes(kTestSignedCertificateTimestamp); |
| 193 } | 211 } |
| 194 | 212 |
| 195 std::string GetTestPublicKey() { | 213 std::string GetTestPublicKey() { |
| 196 return HexToBytes(kEcP256PublicKey); | 214 return HexToBytes(kEcP256PublicKey); |
| (...skipping 191 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 388 | 406 |
| 389 bool CheckForSCTOrigin(const ct::CTVerifyResult& result, | 407 bool CheckForSCTOrigin(const ct::CTVerifyResult& result, |
| 390 ct::SignedCertificateTimestamp::Origin origin) { | 408 ct::SignedCertificateTimestamp::Origin origin) { |
| 391 return (result.verified_scts.size() > 0) && | 409 return (result.verified_scts.size() > 0) && |
| 392 (result.verified_scts[0]->origin == origin); | 410 (result.verified_scts[0]->origin == origin); |
| 393 } | 411 } |
| 394 | 412 |
| 395 } // namespace ct | 413 } // namespace ct |
| 396 | 414 |
| 397 } // namespace net | 415 } // namespace net |
| OLD | NEW |
