Home | History | Annotate | Download | only in cert 
      1 // Copyright 2013 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #include "net/cert/ct_serialization.h"
      6 
      7 #include <string>
      8 
      9 #include "base/files/file_path.h"
     10 #include "base/files/file_util.h"
     11 #include "net/base/net_log.h"
     12 #include "net/base/test_completion_callback.h"
     13 #include "net/base/test_data_directory.h"
     14 #include "net/cert/x509_certificate.h"
     15 #include "net/test/cert_test_util.h"
     16 #include "net/test/ct_test_util.h"
     17 #include "testing/gtest/include/gtest/gtest.h"
     18 
     19 namespace net {
     20 
     21 class CtSerializationTest : public ::testing::Test {
     22  public:
     23   virtual void SetUp() OVERRIDE {
     24     test_digitally_signed_ = ct::GetTestDigitallySigned();
     25   }
     26 
     27  protected:
     28   std::string test_digitally_signed_;
     29 };
     30 
     31 TEST_F(CtSerializationTest, DecodesDigitallySigned) {
     32   base::StringPiece digitally_signed(test_digitally_signed_);
     33   ct::DigitallySigned parsed;
     34 
     35   ASSERT_TRUE(ct::DecodeDigitallySigned(&digitally_signed, &parsed));
     36   EXPECT_EQ(
     37       ct::DigitallySigned::HASH_ALGO_SHA256,
     38       parsed.hash_algorithm);
     39 
     40   EXPECT_EQ(
     41       ct::DigitallySigned::SIG_ALGO_ECDSA,
     42       parsed.signature_algorithm);
     43 
     44   // The encoded data contains the signature itself from the 4th byte.
     45   // The first bytes are:
     46   // 1 byte of hash algorithm
     47   // 1 byte of signature algorithm
     48   // 2 bytes - prefix containing length of the signature data.
     49   EXPECT_EQ(
     50       test_digitally_signed_.substr(4),
     51       parsed.signature_data);
     52 }
     53 
     54 
     55 TEST_F(CtSerializationTest, FailsToDecodePartialDigitallySigned) {
     56   base::StringPiece digitally_signed(test_digitally_signed_);
     57   base::StringPiece partial_digitally_signed(
     58       digitally_signed.substr(0, test_digitally_signed_.size() - 5));
     59   ct::DigitallySigned parsed;
     60 
     61   ASSERT_FALSE(ct::DecodeDigitallySigned(&partial_digitally_signed, &parsed));
     62 }
     63 
     64 
     65 TEST_F(CtSerializationTest, EncodesDigitallySigned) {
     66   ct::DigitallySigned digitally_signed;
     67   digitally_signed.hash_algorithm = ct::DigitallySigned::HASH_ALGO_SHA256;
     68   digitally_signed.signature_algorithm = ct::DigitallySigned::SIG_ALGO_ECDSA;
     69   digitally_signed.signature_data = test_digitally_signed_.substr(4);
     70 
     71   std::string encoded;
     72 
     73   ASSERT_TRUE(ct::EncodeDigitallySigned(digitally_signed, &encoded));
     74   EXPECT_EQ(test_digitally_signed_, encoded);
     75 }
     76 
     77 
     78 TEST_F(CtSerializationTest, EncodesLogEntryForX509Cert) {
     79   ct::LogEntry entry;
     80   GetX509CertLogEntry(&entry);
     81 
     82   std::string encoded;
     83   ASSERT_TRUE(ct::EncodeLogEntry(entry, &encoded));
     84   EXPECT_EQ((718U + 5U), encoded.size());
     85   // First two bytes are log entry type. Next, length:
     86   // Length is 718 which is 512 + 206, which is 0x2ce
     87   std::string expected_prefix("\0\0\0\x2\xCE", 5);
     88   // Note we use std::string comparison rather than ASSERT_STREQ due
     89   // to null characters in the buffer.
     90   EXPECT_EQ(expected_prefix, encoded.substr(0, 5));
     91 }
     92 
     93 TEST_F(CtSerializationTest, EncodesV1SCTSignedData) {
     94   base::Time timestamp = base::Time::UnixEpoch() +
     95       base::TimeDelta::FromMilliseconds(1348589665525);
     96   std::string dummy_entry("abc");
     97   std::string empty_extensions;
     98   // For now, no known failure cases.
     99   std::string encoded;
    100   ASSERT_TRUE(ct::EncodeV1SCTSignedData(
    101       timestamp,
    102       dummy_entry,
    103       empty_extensions,
    104       &encoded));
    105   EXPECT_EQ((size_t) 15, encoded.size());
    106   // Byte 0 is version, byte 1 is signature type
    107   // Bytes 2-10 are timestamp
    108   // Bytes 11-14 are the log signature
    109   // Byte 15 is the empty extension
    110   //EXPECT_EQ(0, timestamp.ToTimeT());
    111   std::string expected_buffer(
    112       "\x0\x0\x0\x0\x1\x39\xFE\x35\x3C\xF5\x61\x62\x63\x0\x0", 15);
    113   EXPECT_EQ(expected_buffer, encoded);
    114 }
    115 
    116 TEST_F(CtSerializationTest, DecodesSCTList) {
    117   // Two items in the list: "abc", "def"
    118   base::StringPiece encoded("\x0\xa\x0\x3\x61\x62\x63\x0\x3\x64\x65\x66", 12);
    119   std::vector<base::StringPiece> decoded;
    120 
    121   ASSERT_TRUE(ct::DecodeSCTList(&encoded, &decoded));
    122   ASSERT_STREQ("abc", decoded[0].data());
    123   ASSERT_STREQ("def", decoded[1].data());
    124 }
    125 
    126 TEST_F(CtSerializationTest, FailsDecodingInvalidSCTList) {
    127   // A list with one item that's too short
    128   base::StringPiece encoded("\x0\xa\x0\x3\x61\x62\x63\x0\x5\x64\x65\x66", 12);
    129   std::vector<base::StringPiece> decoded;
    130 
    131   ASSERT_FALSE(ct::DecodeSCTList(&encoded, &decoded));
    132 }
    133 
    134 TEST_F(CtSerializationTest, DecodesSignedCertificateTimestamp) {
    135   std::string encoded_test_sct(ct::GetTestSignedCertificateTimestamp());
    136   base::StringPiece encoded_sct(encoded_test_sct);
    137 
    138   scoped_refptr<ct::SignedCertificateTimestamp> sct;
    139   ASSERT_TRUE(ct::DecodeSignedCertificateTimestamp(&encoded_sct, &sct));
    140   EXPECT_EQ(0, sct->version);
    141   EXPECT_EQ(ct::GetTestPublicKeyId(), sct->log_id);
    142   base::Time expected_time = base::Time::UnixEpoch() +
    143       base::TimeDelta::FromMilliseconds(1365181456089);
    144   EXPECT_EQ(expected_time, sct->timestamp);
    145   // Subtracting 4 bytes for signature data (hash & sig algs),
    146   // actual signature data should be 71 bytes.
    147   EXPECT_EQ((size_t) 71, sct->signature.signature_data.size());
    148   EXPECT_TRUE(sct->extensions.empty());
    149 }
    150 
    151 TEST_F(CtSerializationTest, FailsDecodingInvalidSignedCertificateTimestamp) {
    152   // Invalid version
    153   base::StringPiece invalid_version_sct("\x2\x0", 2);
    154   scoped_refptr<ct::SignedCertificateTimestamp> sct;
    155 
    156   ASSERT_FALSE(
    157       ct::DecodeSignedCertificateTimestamp(&invalid_version_sct, &sct));
    158 
    159   // Valid version, invalid length (missing data)
    160   base::StringPiece invalid_length_sct("\x0\xa\xb\xc", 4);
    161   ASSERT_FALSE(
    162       ct::DecodeSignedCertificateTimestamp(&invalid_length_sct, &sct));
    163 }
    164 
    165 TEST_F(CtSerializationTest, EncodesValidSignedTreeHead) {
    166   ct::SignedTreeHead signed_tree_head;
    167   GetSignedTreeHead(&signed_tree_head);
    168 
    169   std::string encoded;
    170   ct::EncodeTreeHeadSignature(signed_tree_head, &encoded);
    171   // Expected size is 50 bytes:
    172   // Byte 0 is version, byte 1 is signature type
    173   // Bytes 2-9 are timestamp
    174   // Bytes 10-17 are tree size
    175   // Bytes 18-49 are sha256 root hash
    176   ASSERT_EQ(50u, encoded.length());
    177   std::string expected_buffer(
    178       "\x0\x1\x0\x0\x1\x45\x3c\x5f\xb8\x35\x0\x0\x0\x0\x0\x0\x0\x15", 18);
    179   expected_buffer.append(ct::GetSampleSTHSHA256RootHash());
    180   ASSERT_EQ(expected_buffer, encoded);
    181 }
    182 
    183 }  // namespace net
    184 
    185