1// Copyright 2013 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "net/cert/ct_serialization.h" 6 7#include <string> 8 9#include "base/files/file_path.h" 10#include "base/files/file_util.h" 11#include "net/base/net_log.h" 12#include "net/base/test_completion_callback.h" 13#include "net/base/test_data_directory.h" 14#include "net/cert/x509_certificate.h" 15#include "net/test/cert_test_util.h" 16#include "net/test/ct_test_util.h" 17#include "testing/gtest/include/gtest/gtest.h" 18 19namespace net { 20 21class CtSerializationTest : public ::testing::Test { 22 public: 23 virtual void SetUp() OVERRIDE { 24 test_digitally_signed_ = ct::GetTestDigitallySigned(); 25 } 26 27 protected: 28 std::string test_digitally_signed_; 29}; 30 31TEST_F(CtSerializationTest, DecodesDigitallySigned) { 32 base::StringPiece digitally_signed(test_digitally_signed_); 33 ct::DigitallySigned parsed; 34 35 ASSERT_TRUE(ct::DecodeDigitallySigned(&digitally_signed, &parsed)); 36 EXPECT_EQ( 37 ct::DigitallySigned::HASH_ALGO_SHA256, 38 parsed.hash_algorithm); 39 40 EXPECT_EQ( 41 ct::DigitallySigned::SIG_ALGO_ECDSA, 42 parsed.signature_algorithm); 43 44 // The encoded data contains the signature itself from the 4th byte. 45 // The first bytes are: 46 // 1 byte of hash algorithm 47 // 1 byte of signature algorithm 48 // 2 bytes - prefix containing length of the signature data. 49 EXPECT_EQ( 50 test_digitally_signed_.substr(4), 51 parsed.signature_data); 52} 53 54 55TEST_F(CtSerializationTest, FailsToDecodePartialDigitallySigned) { 56 base::StringPiece digitally_signed(test_digitally_signed_); 57 base::StringPiece partial_digitally_signed( 58 digitally_signed.substr(0, test_digitally_signed_.size() - 5)); 59 ct::DigitallySigned parsed; 60 61 ASSERT_FALSE(ct::DecodeDigitallySigned(&partial_digitally_signed, &parsed)); 62} 63 64 65TEST_F(CtSerializationTest, EncodesDigitallySigned) { 66 ct::DigitallySigned digitally_signed; 67 digitally_signed.hash_algorithm = ct::DigitallySigned::HASH_ALGO_SHA256; 68 digitally_signed.signature_algorithm = ct::DigitallySigned::SIG_ALGO_ECDSA; 69 digitally_signed.signature_data = test_digitally_signed_.substr(4); 70 71 std::string encoded; 72 73 ASSERT_TRUE(ct::EncodeDigitallySigned(digitally_signed, &encoded)); 74 EXPECT_EQ(test_digitally_signed_, encoded); 75} 76 77 78TEST_F(CtSerializationTest, EncodesLogEntryForX509Cert) { 79 ct::LogEntry entry; 80 GetX509CertLogEntry(&entry); 81 82 std::string encoded; 83 ASSERT_TRUE(ct::EncodeLogEntry(entry, &encoded)); 84 EXPECT_EQ((718U + 5U), encoded.size()); 85 // First two bytes are log entry type. Next, length: 86 // Length is 718 which is 512 + 206, which is 0x2ce 87 std::string expected_prefix("\0\0\0\x2\xCE", 5); 88 // Note we use std::string comparison rather than ASSERT_STREQ due 89 // to null characters in the buffer. 90 EXPECT_EQ(expected_prefix, encoded.substr(0, 5)); 91} 92 93TEST_F(CtSerializationTest, EncodesV1SCTSignedData) { 94 base::Time timestamp = base::Time::UnixEpoch() + 95 base::TimeDelta::FromMilliseconds(1348589665525); 96 std::string dummy_entry("abc"); 97 std::string empty_extensions; 98 // For now, no known failure cases. 99 std::string encoded; 100 ASSERT_TRUE(ct::EncodeV1SCTSignedData( 101 timestamp, 102 dummy_entry, 103 empty_extensions, 104 &encoded)); 105 EXPECT_EQ((size_t) 15, encoded.size()); 106 // Byte 0 is version, byte 1 is signature type 107 // Bytes 2-10 are timestamp 108 // Bytes 11-14 are the log signature 109 // Byte 15 is the empty extension 110 //EXPECT_EQ(0, timestamp.ToTimeT()); 111 std::string expected_buffer( 112 "\x0\x0\x0\x0\x1\x39\xFE\x35\x3C\xF5\x61\x62\x63\x0\x0", 15); 113 EXPECT_EQ(expected_buffer, encoded); 114} 115 116TEST_F(CtSerializationTest, DecodesSCTList) { 117 // Two items in the list: "abc", "def" 118 base::StringPiece encoded("\x0\xa\x0\x3\x61\x62\x63\x0\x3\x64\x65\x66", 12); 119 std::vector<base::StringPiece> decoded; 120 121 ASSERT_TRUE(ct::DecodeSCTList(&encoded, &decoded)); 122 ASSERT_STREQ("abc", decoded[0].data()); 123 ASSERT_STREQ("def", decoded[1].data()); 124} 125 126TEST_F(CtSerializationTest, FailsDecodingInvalidSCTList) { 127 // A list with one item that's too short 128 base::StringPiece encoded("\x0\xa\x0\x3\x61\x62\x63\x0\x5\x64\x65\x66", 12); 129 std::vector<base::StringPiece> decoded; 130 131 ASSERT_FALSE(ct::DecodeSCTList(&encoded, &decoded)); 132} 133 134TEST_F(CtSerializationTest, DecodesSignedCertificateTimestamp) { 135 std::string encoded_test_sct(ct::GetTestSignedCertificateTimestamp()); 136 base::StringPiece encoded_sct(encoded_test_sct); 137 138 scoped_refptr<ct::SignedCertificateTimestamp> sct; 139 ASSERT_TRUE(ct::DecodeSignedCertificateTimestamp(&encoded_sct, &sct)); 140 EXPECT_EQ(0, sct->version); 141 EXPECT_EQ(ct::GetTestPublicKeyId(), sct->log_id); 142 base::Time expected_time = base::Time::UnixEpoch() + 143 base::TimeDelta::FromMilliseconds(1365181456089); 144 EXPECT_EQ(expected_time, sct->timestamp); 145 // Subtracting 4 bytes for signature data (hash & sig algs), 146 // actual signature data should be 71 bytes. 147 EXPECT_EQ((size_t) 71, sct->signature.signature_data.size()); 148 EXPECT_TRUE(sct->extensions.empty()); 149} 150 151TEST_F(CtSerializationTest, FailsDecodingInvalidSignedCertificateTimestamp) { 152 // Invalid version 153 base::StringPiece invalid_version_sct("\x2\x0", 2); 154 scoped_refptr<ct::SignedCertificateTimestamp> sct; 155 156 ASSERT_FALSE( 157 ct::DecodeSignedCertificateTimestamp(&invalid_version_sct, &sct)); 158 159 // Valid version, invalid length (missing data) 160 base::StringPiece invalid_length_sct("\x0\xa\xb\xc", 4); 161 ASSERT_FALSE( 162 ct::DecodeSignedCertificateTimestamp(&invalid_length_sct, &sct)); 163} 164 165TEST_F(CtSerializationTest, EncodesValidSignedTreeHead) { 166 ct::SignedTreeHead signed_tree_head; 167 GetSignedTreeHead(&signed_tree_head); 168 169 std::string encoded; 170 ct::EncodeTreeHeadSignature(signed_tree_head, &encoded); 171 // Expected size is 50 bytes: 172 // Byte 0 is version, byte 1 is signature type 173 // Bytes 2-9 are timestamp 174 // Bytes 10-17 are tree size 175 // Bytes 18-49 are sha256 root hash 176 ASSERT_EQ(50u, encoded.length()); 177 std::string expected_buffer( 178 "\x0\x1\x0\x0\x1\x45\x3c\x5f\xb8\x35\x0\x0\x0\x0\x0\x0\x0\x15", 18); 179 expected_buffer.append(ct::GetSampleSTHSHA256RootHash()); 180 ASSERT_EQ(expected_buffer, encoded); 181} 182 183} // namespace net 184 185