| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "net/cert/ct_serialization.h" |
| 6 |
| 7 #include <string> |
| 8 |
| 9 #include "base/file_util.h" |
| 10 #include "base/files/file_path.h" |
| 11 #include "net/base/net_log.h" |
| 12 #include "net/base/test_completion_callback.h" |
| 13 #include "net/base/test_data_directory.h" |
| 14 #include "net/cert/x509_certificate.h" |
| 15 #include "net/test/cert_test_util.h" |
| 16 #include "net/test/ct_test_util.h" |
| 17 #include "testing/gtest/include/gtest/gtest.h" |
| 18 |
| 19 namespace net { |
| 20 |
| 21 class CtSerializationTest : public ::testing::Test { |
| 22 public: |
| 23 virtual void SetUp() OVERRIDE { |
| 24 test_digitally_signed_ = ct::GetTestDigitallySigned(); |
| 25 } |
| 26 |
| 27 protected: |
| 28 std::string test_digitally_signed_; |
| 29 }; |
| 30 |
| 31 TEST_F(CtSerializationTest, DecodesDigitallySigned) { |
| 32 base::StringPiece digitally_signed(test_digitally_signed_); |
| 33 ct::DigitallySigned parsed; |
| 34 |
| 35 ASSERT_TRUE(ct::DecodeDigitallySigned(&digitally_signed, &parsed)); |
| 36 EXPECT_EQ( |
| 37 ct::DigitallySigned::HASH_ALGO_SHA256, |
| 38 parsed.hash_algorithm); |
| 39 |
| 40 EXPECT_EQ( |
| 41 ct::DigitallySigned::SIG_ALGO_ECDSA, |
| 42 parsed.signature_algorithm); |
| 43 |
| 44 // The encoded data contains the signature itself from the 4th byte. |
| 45 // The first bytes are: |
| 46 // 1 byte of hash algorithm |
| 47 // 1 byte of signature algorithm |
| 48 // 2 bytes - prefix containing length of the signature data. |
| 49 EXPECT_EQ( |
| 50 test_digitally_signed_.substr(4), |
| 51 parsed.signature_data); |
| 52 } |
| 53 |
| 54 |
| 55 TEST_F(CtSerializationTest, FailsToDecodePartialDigitallySigned) { |
| 56 base::StringPiece digitally_signed( |
| 57 test_digitally_signed_.substr(0, test_digitally_signed_.size() - 5)); |
| 58 ct::DigitallySigned parsed; |
| 59 |
| 60 ASSERT_FALSE(ct::DecodeDigitallySigned(&digitally_signed, &parsed)); |
| 61 } |
| 62 |
| 63 |
| 64 TEST_F(CtSerializationTest, EncodesDigitallySigned) { |
| 65 ct::DigitallySigned digitally_signed; |
| 66 digitally_signed.hash_algorithm = ct::DigitallySigned::HASH_ALGO_SHA256; |
| 67 digitally_signed.signature_algorithm = ct::DigitallySigned::SIG_ALGO_ECDSA; |
| 68 digitally_signed.signature_data = test_digitally_signed_.substr(4); |
| 69 |
| 70 std::string encoded; |
| 71 |
| 72 ASSERT_TRUE(ct::EncodeDigitallySigned(digitally_signed, &encoded)); |
| 73 EXPECT_EQ(test_digitally_signed_, encoded); |
| 74 } |
| 75 |
| 76 |
| 77 TEST_F(CtSerializationTest, EncodesLogEntryForX509Cert) { |
| 78 ct::LogEntry entry; |
| 79 GetX509CertLogEntry(&entry); |
| 80 |
| 81 std::string encoded; |
| 82 ASSERT_TRUE(ct::EncodeLogEntry(entry, &encoded)); |
| 83 EXPECT_EQ((718U + 5U), encoded.size()); |
| 84 // First two bytes are log entry type. Next, length: |
| 85 // Length is 718 which is 512 + 206, which is 0x2ce |
| 86 std::string expected_prefix("\0\0\0\x2\xCE", 5); |
| 87 // Note we use std::string comparison rather than ASSERT_STREQ due |
| 88 // to null characters in the buffer. |
| 89 EXPECT_EQ(expected_prefix, encoded.substr(0, 5)); |
| 90 } |
| 91 |
| 92 TEST_F(CtSerializationTest, EncodesV1SCTSignedData) { |
| 93 base::Time timestamp = base::Time::UnixEpoch() + |
| 94 base::TimeDelta::FromMilliseconds(1348589665525); |
| 95 std::string dummy_entry("abc"); |
| 96 std::string empty_extensions(""); |
| 97 // For now, no known failure cases. |
| 98 std::string encoded; |
| 99 ASSERT_TRUE(ct::EncodeV1SCTSignedData( |
| 100 timestamp, |
| 101 dummy_entry, |
| 102 empty_extensions, |
| 103 &encoded)); |
| 104 EXPECT_EQ((size_t) 15, encoded.size()); |
| 105 // Byte 0 is version, byte 1 is signature type |
| 106 // Bytes 2-10 are timestamp |
| 107 // Bytes 11-14 are the log signature |
| 108 // Byte 15 is the empty extension |
| 109 //EXPECT_EQ(0, timestamp.ToTimeT()); |
| 110 std::string expected_buffer( |
| 111 "\x0\x0\x0\x0\x1\x39\xFE\x35\x3C\xF5\x61\x62\x63\x0\x0", 15); |
| 112 EXPECT_EQ(expected_buffer, encoded); |
| 113 } |
| 114 |
| 115 TEST_F(CtSerializationTest, DecodesSCTList) { |
| 116 // Two items in the list: "abc", "def" |
| 117 base::StringPiece encoded("\x0\xa\x0\x3\x61\x62\x63\x0\x3\x64\x65\x66", 12); |
| 118 std::vector<base::StringPiece> decoded; |
| 119 |
| 120 ASSERT_TRUE(ct::DecodeSCTList(&encoded, &decoded)); |
| 121 ASSERT_STREQ("abc", decoded[0].data()); |
| 122 ASSERT_STREQ("def", decoded[1].data()); |
| 123 } |
| 124 |
| 125 TEST_F(CtSerializationTest, FailsDecodingInvalidSCTList) { |
| 126 // A list with one item that's too short |
| 127 base::StringPiece encoded("\x0\xa\x0\x3\x61\x62\x63\x0\x5\x64\x65\x66", 12); |
| 128 std::vector<base::StringPiece> decoded; |
| 129 |
| 130 ASSERT_FALSE(ct::DecodeSCTList(&encoded, &decoded)); |
| 131 } |
| 132 |
| 133 TEST_F(CtSerializationTest, DecodesSignedCertificateTimestamp) { |
| 134 std::string encoded_test_sct(ct::GetTestSignedCertificateTimestamp()); |
| 135 base::StringPiece encoded_sct(encoded_test_sct); |
| 136 |
| 137 ct::SignedCertificateTimestamp sct; |
| 138 ASSERT_TRUE(ct::DecodeSignedCertificateTimestamp(&encoded_sct, &sct)); |
| 139 EXPECT_EQ(0, sct.version); |
| 140 std::string expected_log_key( |
| 141 "\xdf\x1c\x2e\xc1\x15\x00\x94\x52\x47\xa9\x61\x68\x32\x5d\xdc\x5c\x79\x59" |
| 142 "\xe8\xf7\xc6\xd3\x88\xfc\x00\x2e\x0b\xbd\x3f\x74\xd7\x64", |
| 143 32); |
| 144 EXPECT_EQ(expected_log_key, sct.log_id); |
| 145 base::Time expected_time = base::Time::UnixEpoch() + |
| 146 base::TimeDelta::FromMilliseconds(1365181456089); |
| 147 EXPECT_EQ(expected_time, sct.timestamp); |
| 148 // Subtracting 4 bytes for signature data (hash & sig algs), |
| 149 // actual signature data should be 71 bytes. |
| 150 EXPECT_EQ((size_t) 71, sct.signature.signature_data.size()); |
| 151 EXPECT_EQ(std::string(""), sct.extensions); |
| 152 } |
| 153 |
| 154 TEST_F(CtSerializationTest, FailsDecodingInvalidSignedCertificateTimestamp) { |
| 155 // Invalid version |
| 156 base::StringPiece invalid_version_sct("\x2\x0", 2); |
| 157 ct::SignedCertificateTimestamp sct; |
| 158 |
| 159 ASSERT_FALSE( |
| 160 ct::DecodeSignedCertificateTimestamp(&invalid_version_sct, &sct)); |
| 161 |
| 162 // Valid version, invalid length (missing data) |
| 163 base::StringPiece invalid_length_sct("\x0\xa\xb\xc", 4); |
| 164 ASSERT_FALSE( |
| 165 ct::DecodeSignedCertificateTimestamp(&invalid_length_sct, &sct)); |
| 166 } |
| 167 |
| 168 } // namespace net |
| 169 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 37633002:
CT: First step towards supporting Certificate Transparency in Chrome. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master