CT: Adding SCT verification functionality: A CTLogVerifier instance can verify SCTs signed by a sin…

net/test/ct_test_util.cc

Index: net/test/ct_test_util.cc
diff --git a/net/test/ct_test_util.cc b/net/test/ct_test_util.cc
index cd014e40852f452970e6906f22f9d59328599e57..fda054b56ac2f813624846e5ae88181d5b89cf90 100644
--- a/net/test/ct_test_util.cc
+++ b/net/test/ct_test_util.cc
@@ -53,8 +53,8 @@ const char kDefaultDerCert[] =
     "f667256cd6a1647b5e13203bb8582de7d6696f656d1c60b95f456b7fcf338571908f1c6972"
     "7d24c4fccd249295795814d1dac0e6";
 
-const char kDefaultKeyHash[] =
-    "2518ce9dcf869f18562d21cf7d040cbacc75371f019f8bea8cbe2f5f6619472d";
+const char kDefaultIssuerKeyHash[] =
+    "02adddca08b8bf9861f035940c940156d8350fdff899a6239c6bd77255b8f8fc";
 
 const char kDefaultDerTbsCert[] =
     "30820233a003020102020107300d06092a864886f70d01010505003055310b300906035504"
@@ -64,12 +64,12 @@ const char kDefaultDerTbsCert[] =
     "310b30090603550406130247423121301f060355040a131843657274696669636174652054"
     "72616e73706172656e6379310e300c0603550408130557616c65733110300e060355040713"
     "074572772057656e30819f300d06092a864886f70d010101050003818d0030818902818100"
-    "bed8893cc8f177efc548df4961443f999aeda90471992f818bf8b61d0df19d6eec3d596c9b"
-    "43e60033a501c8cffcc438f49f5edb3662aaaecf180e7c9b59fc4bd465c18c406b3b70cdde"
-    "52d5dec42aaef913c2173592c76130f2399de6ccd6e75e04ccea7d7e4bdf4bacb16b5fe697"
-    "2974bca8bcb3e8468dec941e945fdf98310203010001a381ac3081a9301d0603551d0e0416"
-    "0414a4998f6b0abefd0e549bd56f221da976d0ce57d6307d0603551d230476307480143633"
-    "1299dbdc389d1cccfe31c08b8932501a8f7ca159a4573055310b3009060355040613024742"
+    "beef98e7c26877ae385f75325a0c1d329bedf18faaf4d796bf047eb7e1ce15c95ba2f80ee4"
+    "58bd7db86f8a4b252191a79bd700c38e9c0389b45cd4dc9a120ab21e0cb41cd0e72805a410"
+    "cd9c5bdb5d4927726daf1710f60187377ea25b1a1e39eed0b88119dc154dc68f7da8e30caf"
+    "158a33e6c9509f4a05b01409ff5dd87eb50203010001a381ac3081a9301d0603551d0e0416"
+    "04142031541af25c05ffd8658b6843794f5e9036f7b4307d0603551d230476307480145f9d"
+    "880dc873e654d4f80dd8e6b0c124b447c355a159a4573055310b3009060355040613024742"
     "31243022060355040a131b4365727469666963617465205472616e73706172656e63792043"
     "41310e300c0603550408130557616c65733110300e060355040713074572772057656e8201"
     "0030090603551d1304023000";
@@ -85,6 +85,24 @@ const char kTestSignedCertificateTimestamp[] =
     "08dfbfe9ef536cf7f2022100beb29c72d7d06d61d06bdb38a069469aa86fe12e18bb7cc456"
     "89a2c0187ef5a5";
 
+const char kEcP256PublicKey[] =
+    "3059301306072a8648ce3d020106082a8648ce3d0301070342000499783cb14533c0161a5a"
+    "b45bf95d08a29cd0ea8dd4c84274e2be59ad15c676960cf0afa1074a57ac644b23479e5b3f"
+    "b7b245eb4b420ef370210371a944beaceb";
+
+const char kTestKeyId[] =
+    "df1c2ec11500945247a96168325ddc5c7959e8f7c6d388fc002e0bbd3f74d764";
+
+const uint64_t kTestSCTTimestamp = GG_UINT64_C(1365181456089);

[wtc, 2013/11/14 18:46:30]

Just curious: why did you decide to delete this constant? Is it because it is
only used once?

I am also curious what time this timestamp represents. Does that matter to the
unit test?

[Eran M. (Google), 2013/11/16 22:59:16]

A rather lame reason: The Windows trybot did not like this variable declaration
(compile failed) and since I only use the value in one place, I inlined it.

It does matter - this value is used during the creation of a
SignedCertificateTimestamp instance that verifies over the test certificate
defined above.

[wtc, 2013/11/19 21:58:10]

That's strange. I wonder if the problem is as simple as uint64 vs. uint64_t.
Thanks. What date/time does this timestamp represent? Would be nice to have a
comment because I was curious about it.

+
+const char kTestSCTSignatureData[] =
+    "30450220606e10ae5c2d5a1b0aed49dc4937f48de71a4e9784e9c208dfbfe9ef536cf7f202"
+    "2100beb29c72d7d06d61d06bdb38a069469aa86fe12e18bb7cc45689a2c0187ef5a5";
+
+const char kTestSCTPrecertSignatureData[] =
+    "30450220482f6751af35dba65436be1fd6640f3dbf9a41429495924530288fa3e5e23e0602"
+    "2100e4edc0db3ac572b1e2f5e8ab6a680653987dcf41027dfeffa105519d89edbf08";
+
 }  // namespace
 
 void GetX509CertLogEntry(LogEntry* entry) {
@@ -94,7 +112,7 @@ void GetX509CertLogEntry(LogEntry* entry) {
 
 void GetPrecertLogEntry(LogEntry* entry) {
   entry->type = ct::LogEntry::LOG_ENTRY_TYPE_PRECERT;
-  std::string issuer_hash(HexToBytes(kDefaultKeyHash));
+  std::string issuer_hash(HexToBytes(kDefaultIssuerKeyHash));
   memcpy(entry->issuer_key_hash.data, issuer_hash.data(), issuer_hash.size());
   entry->tbs_certificate = HexToBytes(kDefaultDerTbsCert);
 }
@@ -107,6 +125,36 @@ std::string GetTestSignedCertificateTimestamp() {
   return HexToBytes(kTestSignedCertificateTimestamp);
 }
 
+std::string GetTestPublicKey() {
+  return HexToBytes(kEcP256PublicKey);
+}
+
+std::string GetTestPublicKeyId() {
+  return HexToBytes(kTestKeyId);
+}
+
+void GetX509CertSCT(SignedCertificateTimestamp* sct) {
+  sct->log_id = HexToBytes(kTestKeyId);
+  sct->timestamp = base::Time::UnixEpoch() +
+    base::TimeDelta::FromMilliseconds(kTestSCTTimestamp);
+  sct->extensions.clear();
+
+  sct->signature.hash_algorithm = ct::DigitallySigned::HASH_ALGO_SHA256;
+  sct->signature.signature_algorithm = ct::DigitallySigned::SIG_ALGO_ECDSA;
+  sct->signature.signature_data = HexToBytes(kTestSCTSignatureData);
+}
+
+void GetPrecertSCT(SignedCertificateTimestamp* sct) {
+  sct->log_id = HexToBytes(kTestKeyId);
+  sct->timestamp = base::Time::UnixEpoch() +
+    base::TimeDelta::FromMilliseconds(GG_UINT64_C(1365181456275));

[wtc, 2013/11/19 21:58:10]

Nit: since FromMilliseconds takes an int64 argument, it would be better to use
GG_INT64_C instead.

+  sct->extensions.clear();
+
+  sct->signature.hash_algorithm = ct::DigitallySigned::HASH_ALGO_SHA256;
+  sct->signature.signature_algorithm = ct::DigitallySigned::SIG_ALGO_ECDSA;
+  sct->signature.signature_data = HexToBytes(kTestSCTPrecertSignatureData);
+}
+
 }  // namespace ct
 
 }  // namespace net