Certificate Transparency: Code for unpacking EV cert hashes whitelist

net/cert/ct_ev_whitelist_unittest.cc

Index: net/cert/ct_ev_whitelist_unittest.cc
diff --git a/net/cert/ct_ev_whitelist_unittest.cc b/net/cert/ct_ev_whitelist_unittest.cc
new file mode 100644
index 0000000000000000000000000000000000000000..16c9b95042c778b548fb74a228bd787517fa4043
--- /dev/null
+++ b/net/cert/ct_ev_whitelist_unittest.cc
@@ -0,0 +1,136 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/cert/ct_ev_whitelist.h"
+
+#include <string>
+
+#include "base/base64.h"
+#include "base/strings/stringprintf.h"

[wtc, 2014/08/20 02:52:07]

I don't think we need these two headers.

[Eran Messeri, 2014/09/02 12:20:23]

Done.

+#include "testing/gtest/include/gtest/gtest.h"
+
+namespace net {
+
+namespace ct {
+
+namespace internal {
+
+const char kSomeData[] = {0xd5, 0xe2, 0xaf, 0xe5, 0xbb, 0x10, 0x7c, 0xd1};
+
+TEST(BitStreamReaderTest, CanReadSingleByte) {
+  BitStreamReader reader(kSomeData, 1);
+  uint64 v(0);
+
+  ASSERT_EQ(8u, reader.BitsLeft());
+  ASSERT_TRUE(reader.ReadBits(8, &v));
+  ASSERT_EQ(static_cast<uint64>(0xd5), v);
+
+  ASSERT_FALSE(reader.ReadBits(1, &v));
+  ASSERT_EQ(0u, reader.BitsLeft());
+}
+
+TEST(BitStreamReaderTest, CanReadSingleBits) {
+  const uint64 expected_bits[] = {1, 1, 0, 1, 0, 1, 0, 1,
+                                  1, 1, 1, 0, 0, 0, 1, 0};
+  BitStreamReader reader(kSomeData, 2);
+  ASSERT_EQ(16u, reader.BitsLeft());
+  uint64 v(0);
+
+  for (int i = 0; i < 16; ++i) {
+    ASSERT_TRUE(reader.ReadBits(1, &v));
+    ASSERT_EQ(expected_bits[i], v);
+  }
+  ASSERT_EQ(0u, reader.BitsLeft());
+}
+
+TEST(BitStreamReaderTest, CanReadBitGroups) {
+  BitStreamReader reader(kSomeData, 3);
+  ASSERT_EQ(24u, reader.BitsLeft());
+  uint64 v(0);
+  uint64 res(0);
+
+  ASSERT_TRUE(reader.ReadBits(5, &v));
+  res |= v << 19;
+  ASSERT_EQ(19u, reader.BitsLeft());
+  ASSERT_TRUE(reader.ReadBits(13, &v));
+  res |= v << 6;
+  ASSERT_EQ(6u, reader.BitsLeft());
+  ASSERT_TRUE(reader.ReadBits(6, &v));
+  res |= v;
+  ASSERT_EQ(static_cast<uint64>(0xd5e2af), res);
+
+  ASSERT_FALSE(reader.ReadBits(1, &v));
+}
+
+TEST(BitStreamReaderTest, CanRead64Bit) {
+  BitStreamReader reader(kSomeData, 8);
+  ASSERT_EQ(64u, reader.BitsLeft());
+  uint64 v(0);
+
+  ASSERT_TRUE(reader.ReadBits(64, &v));
+  ASSERT_EQ(static_cast<uint64>(0xd5e2afe5bb107cd1), v);

[wtc, 2014/08/20 02:52:07]

I think there is some GG_UINT64_C macro (or something like that) that allows you
to write a uint64 constant in a portable way.

[Eran Messeri, 2014/09/02 12:20:23]

Done, switched to using UINT64_C (GG_UINT64_C is deprecated; see
src/base/port.h)

+}
+
+TEST(BitStreamReaderTest, CanReadUnaryEncodedNumbers) {
+  BitStreamReader reader(kSomeData, 3);
+  const uint64 expected_values[] = {2, 1, 1, 4, 0, 0, 1, 1, 1};
+  uint64 v(0);
+  for (int i = 0; i < 9; ++i) {

[wtc, 2014/08/20 02:52:08]

There are still four 1 bits (the 'f' in 0xaf). Should we do i < 10 and see if
that is parsed as a 4?  (I assume the final '1111' is interpreted as 4 even
though it is missing the trailing 0 bit.)

[Eran Messeri, 2014/09/02 12:20:23]

Done. Adding this test case indeed uncovered the problem where the final 1 was
not accounted for, so I fixed the code.

+    ASSERT_TRUE(reader.ReadUnaryEncoding(&v));
+    ASSERT_EQ(expected_values[i], v) << "Expected " << expected_values[i]
+                                     << " but was " << v << " at position "
+                                     << i;

[wtc, 2014/08/20 02:52:08]

Nit: I think ASSERT_EQ will automatically print the expected and actual values,
so the only thing missing is the index |i| where this fails.

[Eran Messeri, 2014/09/02 12:20:23]

Done.

+  }
+}
+
+}  // namespace internal
+
+const char kFirstHash[] = {0x00, 0x00, 0x03, 0xd7, 0xfc, 0x18, 0x02, 0xcb};
+// Second hash: Diff from first hash is > 2^47
+const char kSecondHash[] = {0x00, 0x01, 0x05, 0xd2, 0x58, 0x47, 0xa7, 0xbf};
+// Third hash: Diff from 2nd hash is < 2^47
+const char kThirdHash[] = {0x00, 0x01, 0x48, 0x45, 0x8c, 0x53, 0x03, 0x94};
+
+const char kWhitelistData[] = {
+    0x00, 0x00, 0x03, 0xd7, 0xfc, 0x18, 0x02, 0xcb,  // First hash
+    0xc0, 0x7e, 0x97, 0x0b, 0xe9, 0x3d, 0x10, 0x9c,
+    0xcd, 0x02, 0xd6, 0xf5, 0x40,
+};
+
+TEST(CTEVWhitelistTest, UncompressFailsForTooShortList) {
+  // This list does not contain enough bytes even for the first hash.
+  std::set<std::string> res;
+  ASSERT_FALSE(
+      internal::UncompressEVWhitelist(std::string(kWhitelistData, 7), &res));
+}
+
+TEST(CTEVWhitelistTest, UncompressFailsForTruncatedList) {
+  // This list is missing bits for the second part of the diff.
+  std::set<std::string> res;
+  ASSERT_FALSE(
+      internal::UncompressEVWhitelist(std::string(kWhitelistData, 14), &res));
+}
+
+TEST(CTEVWhitelistTest, UncompressesWhitelistCorrectly) {
+  std::set<std::string> res;
+  ASSERT_TRUE(
+      internal::UncompressEVWhitelist(std::string(kWhitelistData, 21), &res));

[wtc, 2014/08/20 02:52:08]

Nit: it may be better to use sizeof(kWhitelistData) or arraysize(kWhitelistData)
instead of 21.

[Eran Messeri, 2014/09/02 12:20:23]

Done.

+
+  // Ensure first hash is found
+  ASSERT_TRUE(res.find(std::string(kFirstHash, 8)) != res.end());
+  // Ensure second hash is found
+  ASSERT_TRUE(res.find(std::string(kSecondHash, 8)) != res.end());
+  // Ensure last hash is found
+  ASSERT_TRUE(res.find(std::string(kThirdHash, 8)) != res.end());

[wtc, 2014/08/20 02:52:08]

We should also verify that res.size() is equal to 3.

[Eran Messeri, 2014/09/02 12:20:23]

Done.

+}
+
+TEST(CTEVWhitelistTest, CanFindHashInSetList) {
+}
+
+TEST(CTEVWhitelistTest, CannotFindOldHashAfterSetList) {
+}

[wtc, 2014/08/20 02:52:08]

These two tests are empty!

[Eran Messeri, 2014/09/02 12:20:23]

Eek! My bad, they're implemented in the new patchset.

+
+}  // namespace ct
+
+}  // namespace net