| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/ct_serialization.h" | 5 #include "net/cert/ct_serialization.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 | 8 |
| 9 #include "base/files/file_path.h" | 9 #include "base/files/file_path.h" |
| 10 #include "base/files/file_util.h" | 10 #include "base/files/file_util.h" |
| 11 #include "net/base/test_completion_callback.h" | 11 #include "net/base/test_completion_callback.h" |
| 12 #include "net/base/test_data_directory.h" | 12 #include "net/base/test_data_directory.h" |
| 13 #include "net/cert/merkle_tree_leaf.h" |
| 13 #include "net/cert/x509_certificate.h" | 14 #include "net/cert/x509_certificate.h" |
| 14 #include "net/log/net_log.h" | 15 #include "net/log/net_log.h" |
| 15 #include "net/test/cert_test_util.h" | 16 #include "net/test/cert_test_util.h" |
| 16 #include "net/test/ct_test_util.h" | 17 #include "net/test/ct_test_util.h" |
| 18 #include "testing/gmock/include/gmock/gmock.h" |
| 17 #include "testing/gtest/include/gtest/gtest.h" | 19 #include "testing/gtest/include/gtest/gtest.h" |
| 18 | 20 |
| 21 using ::testing::ElementsAreArray; |
| 22 |
| 19 namespace net { | 23 namespace net { |
| 20 | 24 |
| 21 class CtSerializationTest : public ::testing::Test { | 25 class CtSerializationTest : public ::testing::Test { |
| 22 public: | 26 public: |
| 23 void SetUp() override { | 27 void SetUp() override { |
| 24 test_digitally_signed_ = ct::GetTestDigitallySigned(); | 28 test_digitally_signed_ = ct::GetTestDigitallySigned(); |
| 25 } | 29 } |
| 26 | 30 |
| 27 protected: | 31 protected: |
| 28 std::string test_digitally_signed_; | 32 std::string test_digitally_signed_; |
| (...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 70 | 74 |
| 71 std::string encoded; | 75 std::string encoded; |
| 72 | 76 |
| 73 ASSERT_TRUE(ct::EncodeDigitallySigned(digitally_signed, &encoded)); | 77 ASSERT_TRUE(ct::EncodeDigitallySigned(digitally_signed, &encoded)); |
| 74 EXPECT_EQ(test_digitally_signed_, encoded); | 78 EXPECT_EQ(test_digitally_signed_, encoded); |
| 75 } | 79 } |
| 76 | 80 |
| 77 | 81 |
| 78 TEST_F(CtSerializationTest, EncodesLogEntryForX509Cert) { | 82 TEST_F(CtSerializationTest, EncodesLogEntryForX509Cert) { |
| 79 ct::LogEntry entry; | 83 ct::LogEntry entry; |
| 80 GetX509CertLogEntry(&entry); | 84 ct::GetX509CertLogEntry(&entry); |
| 81 | 85 |
| 82 std::string encoded; | 86 std::string encoded; |
| 83 ASSERT_TRUE(ct::EncodeLogEntry(entry, &encoded)); | 87 ASSERT_TRUE(ct::EncodeLogEntry(entry, &encoded)); |
| 84 EXPECT_EQ((718U + 5U), encoded.size()); | 88 EXPECT_EQ((718U + 5U), encoded.size()); |
| 85 // First two bytes are log entry type. Next, length: | 89 // First two bytes are log entry type. Next, length: |
| 86 // Length is 718 which is 512 + 206, which is 0x2ce | 90 // Length is 718 which is 512 + 206, which is 0x2ce |
| 87 std::string expected_prefix("\0\0\0\x2\xCE", 5); | 91 std::string expected_prefix("\0\0\0\x2\xCE", 5); |
| 88 // Note we use std::string comparison rather than ASSERT_STREQ due | 92 // Note we use std::string comparison rather than ASSERT_STREQ due |
| 89 // to null characters in the buffer. | 93 // to null characters in the buffer. |
| 90 EXPECT_EQ(expected_prefix, encoded.substr(0, 5)); | 94 EXPECT_EQ(expected_prefix, encoded.substr(0, 5)); |
| 91 } | 95 } |
| 92 | 96 |
| 97 TEST_F(CtSerializationTest, EncodesLogEntryForPrecert) { |
| 98 ct::LogEntry entry; |
| 99 ct::GetPrecertLogEntry(&entry); |
| 100 |
| 101 std::string encoded; |
| 102 ASSERT_TRUE(ct::EncodeLogEntry(entry, &encoded)); |
| 103 EXPECT_EQ(604u, encoded.size()); |
| 104 // First two bytes are the log entry type. |
| 105 EXPECT_EQ(std::string("\x00\x01", 2), encoded.substr(0, 2)); |
| 106 // Next comes the 32-byte issuer key hash |
| 107 EXPECT_THAT(encoded.substr(2, 32), |
| 108 ElementsAreArray(entry.issuer_key_hash.data)); |
| 109 // Then the length of the TBS cert (604 bytes = 0x237) |
| 110 EXPECT_EQ(std::string("\x00\x02\x37", 3), encoded.substr(34, 3)); |
| 111 // Then the TBS cert itself |
| 112 EXPECT_EQ(entry.tbs_certificate, encoded.substr(37)); |
| 113 } |
| 114 |
| 93 TEST_F(CtSerializationTest, EncodesV1SCTSignedData) { | 115 TEST_F(CtSerializationTest, EncodesV1SCTSignedData) { |
| 94 base::Time timestamp = base::Time::UnixEpoch() + | 116 base::Time timestamp = base::Time::UnixEpoch() + |
| 95 base::TimeDelta::FromMilliseconds(1348589665525); | 117 base::TimeDelta::FromMilliseconds(1348589665525); |
| 96 std::string dummy_entry("abc"); | 118 std::string dummy_entry("abc"); |
| 97 std::string empty_extensions; | 119 std::string empty_extensions; |
| 98 // For now, no known failure cases. | 120 // For now, no known failure cases. |
| 99 std::string encoded; | 121 std::string encoded; |
| 100 ASSERT_TRUE(ct::EncodeV1SCTSignedData( | 122 ASSERT_TRUE(ct::EncodeV1SCTSignedData( |
| 101 timestamp, | 123 timestamp, |
| 102 dummy_entry, | 124 dummy_entry, |
| (...skipping 52 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 155 | 177 |
| 156 ASSERT_FALSE( | 178 ASSERT_FALSE( |
| 157 ct::DecodeSignedCertificateTimestamp(&invalid_version_sct, &sct)); | 179 ct::DecodeSignedCertificateTimestamp(&invalid_version_sct, &sct)); |
| 158 | 180 |
| 159 // Valid version, invalid length (missing data) | 181 // Valid version, invalid length (missing data) |
| 160 base::StringPiece invalid_length_sct("\x0\xa\xb\xc", 4); | 182 base::StringPiece invalid_length_sct("\x0\xa\xb\xc", 4); |
| 161 ASSERT_FALSE( | 183 ASSERT_FALSE( |
| 162 ct::DecodeSignedCertificateTimestamp(&invalid_length_sct, &sct)); | 184 ct::DecodeSignedCertificateTimestamp(&invalid_length_sct, &sct)); |
| 163 } | 185 } |
| 164 | 186 |
| 187 TEST_F(CtSerializationTest, EncodesMerkleTreeLeafForX509Cert) { |
| 188 ct::MerkleTreeLeaf tree_leaf; |
| 189 ct::GetX509CertTreeLeaf(&tree_leaf); |
| 190 |
| 191 std::string encoded; |
| 192 ASSERT_TRUE(ct::EncodeTreeLeaf(tree_leaf, &encoded)); |
| 193 EXPECT_EQ(741u, encoded.size()) << "Merkle tree leaf encoded incorrectly"; |
| 194 EXPECT_EQ(std::string("\x00", 1), encoded.substr(0, 1)) << |
| 195 "Version encoded incorrectly"; |
| 196 EXPECT_EQ(std::string("\x00", 1), encoded.substr(1, 1)) << |
| 197 "Merkle tree leaf type encoded incorrectly"; |
| 198 EXPECT_EQ(std::string("\x00\x00\x01\x45\x3c\x5f\xb8\x35", 8), |
| 199 encoded.substr(2, 8)) << |
| 200 "Timestamp encoded incorrectly"; |
| 201 EXPECT_EQ(std::string("\x00\x00", 2), encoded.substr(10, 2)) << |
| 202 "Log entry type encoded incorrectly"; |
| 203 EXPECT_EQ(std::string("\x00\x02\xce", 3), encoded.substr(12, 3)) << |
| 204 "Certificate length encoded incorrectly"; |
| 205 EXPECT_EQ(tree_leaf.log_entry.leaf_certificate, encoded.substr(15, 718)) << |
| 206 "Certificate encoded incorrectly"; |
| 207 EXPECT_EQ(std::string("\x00\x06", 2), encoded.substr(733, 2)) << |
| 208 "CT extensions length encoded incorrectly"; |
| 209 EXPECT_EQ(tree_leaf.extensions, encoded.substr(735, 6)) << |
| 210 "CT extensions encoded incorrectly"; |
| 211 } |
| 212 |
| 213 TEST_F(CtSerializationTest, EncodesMerkleTreeLeafForPrecert) { |
| 214 ct::MerkleTreeLeaf tree_leaf; |
| 215 ct::GetPrecertTreeLeaf(&tree_leaf); |
| 216 |
| 217 std::string encoded; |
| 218 ASSERT_TRUE(ct::EncodeTreeLeaf(tree_leaf, &encoded)); |
| 219 EXPECT_EQ(622u, encoded.size()) << "Merkle tree leaf encoded incorrectly"; |
| 220 EXPECT_EQ(std::string("\x00", 1), encoded.substr(0, 1)) << |
| 221 "Version encoded incorrectly"; |
| 222 EXPECT_EQ(std::string("\x00", 1), encoded.substr(1, 1)) << |
| 223 "Merkle tree leaf type encoded incorrectly"; |
| 224 EXPECT_EQ(std::string("\x00\x00\x01\x45\x3c\x5f\xb8\x35", 8), |
| 225 encoded.substr(2, 8)) << |
| 226 "Timestamp encoded incorrectly"; |
| 227 EXPECT_EQ(std::string("\x00\x01", 2), encoded.substr(10, 2)) << |
| 228 "Log entry type encoded incorrectly"; |
| 229 EXPECT_THAT(encoded.substr(12, 32), |
| 230 ElementsAreArray(tree_leaf.log_entry.issuer_key_hash.data)) << |
| 231 "Issuer key hash encoded incorrectly"; |
| 232 EXPECT_EQ(std::string("\x00\x02\x37", 3), encoded.substr(44, 3)) << |
| 233 "TBS certificate length encoded incorrectly"; |
| 234 EXPECT_EQ(tree_leaf.log_entry.tbs_certificate, encoded.substr(47, 567)) << |
| 235 "TBS certificate encoded incorrectly"; |
| 236 EXPECT_EQ(std::string("\x00\x06", 2), encoded.substr(614, 2)) << |
| 237 "CT extensions length encoded incorrectly"; |
| 238 EXPECT_EQ(tree_leaf.extensions, encoded.substr(616, 6)) << |
| 239 "CT extensions encoded incorrectly"; |
| 240 } |
| 241 |
| 165 TEST_F(CtSerializationTest, EncodesValidSignedTreeHead) { | 242 TEST_F(CtSerializationTest, EncodesValidSignedTreeHead) { |
| 166 ct::SignedTreeHead signed_tree_head; | 243 ct::SignedTreeHead signed_tree_head; |
| 167 ASSERT_TRUE(GetSampleSignedTreeHead(&signed_tree_head)); | 244 ASSERT_TRUE(GetSampleSignedTreeHead(&signed_tree_head)); |
| 168 | 245 |
| 169 std::string encoded; | 246 std::string encoded; |
| 170 ct::EncodeTreeHeadSignature(signed_tree_head, &encoded); | 247 ct::EncodeTreeHeadSignature(signed_tree_head, &encoded); |
| 171 // Expected size is 50 bytes: | 248 // Expected size is 50 bytes: |
| 172 // Byte 0 is version, byte 1 is signature type | 249 // Byte 0 is version, byte 1 is signature type |
| 173 // Bytes 2-9 are timestamp | 250 // Bytes 2-9 are timestamp |
| 174 // Bytes 10-17 are tree size | 251 // Bytes 10-17 are tree size |
| 175 // Bytes 18-49 are sha256 root hash | 252 // Bytes 18-49 are sha256 root hash |
| 176 ASSERT_EQ(50u, encoded.length()); | 253 ASSERT_EQ(50u, encoded.length()); |
| 177 std::string expected_buffer( | 254 std::string expected_buffer( |
| 178 "\x0\x1\x0\x0\x1\x45\x3c\x5f\xb8\x35\x0\x0\x0\x0\x0\x0\x0\x15", 18); | 255 "\x0\x1\x0\x0\x1\x45\x3c\x5f\xb8\x35\x0\x0\x0\x0\x0\x0\x0\x15", 18); |
| 179 expected_buffer.append(ct::GetSampleSTHSHA256RootHash()); | 256 expected_buffer.append(ct::GetSampleSTHSHA256RootHash()); |
| 180 ASSERT_EQ(expected_buffer, encoded); | 257 ASSERT_EQ(expected_buffer, encoded); |
| 181 } | 258 } |
| 182 | 259 |
| 183 } // namespace net | 260 } // namespace net |
| 184 | 261 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1943313003:
Adds a function for encoding a Merkle tree leaf in TLS wire format. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master