1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "net/cert/ct_serialization.h"
9 #include "base/files/file_path.h"
10 #include "base/files/file_util.h"
11 #include "net/base/test_completion_callback.h"
12 #include "net/base/test_data_directory.h"
13 #include "net/cert/x509_certificate.h"
14 #include "net/log/net_log.h"
15 #include "net/test/cert_test_util.h"
16 #include "net/test/ct_test_util.h"
17 #include "testing/gtest/include/gtest/gtest.h"
21 class CtSerializationTest
: public ::testing::Test
{
23 void SetUp() override
{
24 test_digitally_signed_
= ct::GetTestDigitallySigned();
28 std::string test_digitally_signed_
;
31 TEST_F(CtSerializationTest
, DecodesDigitallySigned
) {
32 base::StringPiece
digitally_signed(test_digitally_signed_
);
33 ct::DigitallySigned parsed
;
35 ASSERT_TRUE(ct::DecodeDigitallySigned(&digitally_signed
, &parsed
));
37 ct::DigitallySigned::HASH_ALGO_SHA256
,
38 parsed
.hash_algorithm
);
41 ct::DigitallySigned::SIG_ALGO_ECDSA
,
42 parsed
.signature_algorithm
);
44 // The encoded data contains the signature itself from the 4th byte.
45 // The first bytes are:
46 // 1 byte of hash algorithm
47 // 1 byte of signature algorithm
48 // 2 bytes - prefix containing length of the signature data.
50 test_digitally_signed_
.substr(4),
51 parsed
.signature_data
);
55 TEST_F(CtSerializationTest
, FailsToDecodePartialDigitallySigned
) {
56 base::StringPiece
digitally_signed(test_digitally_signed_
);
57 base::StringPiece
partial_digitally_signed(
58 digitally_signed
.substr(0, test_digitally_signed_
.size() - 5));
59 ct::DigitallySigned parsed
;
61 ASSERT_FALSE(ct::DecodeDigitallySigned(&partial_digitally_signed
, &parsed
));
65 TEST_F(CtSerializationTest
, EncodesDigitallySigned
) {
66 ct::DigitallySigned digitally_signed
;
67 digitally_signed
.hash_algorithm
= ct::DigitallySigned::HASH_ALGO_SHA256
;
68 digitally_signed
.signature_algorithm
= ct::DigitallySigned::SIG_ALGO_ECDSA
;
69 digitally_signed
.signature_data
= test_digitally_signed_
.substr(4);
73 ASSERT_TRUE(ct::EncodeDigitallySigned(digitally_signed
, &encoded
));
74 EXPECT_EQ(test_digitally_signed_
, encoded
);
78 TEST_F(CtSerializationTest
, EncodesLogEntryForX509Cert
) {
80 GetX509CertLogEntry(&entry
);
83 ASSERT_TRUE(ct::EncodeLogEntry(entry
, &encoded
));
84 EXPECT_EQ((718U + 5U), encoded
.size());
85 // First two bytes are log entry type. Next, length:
86 // Length is 718 which is 512 + 206, which is 0x2ce
87 std::string
expected_prefix("\0\0\0\x2\xCE", 5);
88 // Note we use std::string comparison rather than ASSERT_STREQ due
89 // to null characters in the buffer.
90 EXPECT_EQ(expected_prefix
, encoded
.substr(0, 5));
93 TEST_F(CtSerializationTest
, EncodesV1SCTSignedData
) {
94 base::Time timestamp
= base::Time::UnixEpoch() +
95 base::TimeDelta::FromMilliseconds(1348589665525);
96 std::string
dummy_entry("abc");
97 std::string empty_extensions
;
98 // For now, no known failure cases.
100 ASSERT_TRUE(ct::EncodeV1SCTSignedData(
105 EXPECT_EQ((size_t) 15, encoded
.size());
106 // Byte 0 is version, byte 1 is signature type
107 // Bytes 2-10 are timestamp
108 // Bytes 11-14 are the log signature
109 // Byte 15 is the empty extension
110 //EXPECT_EQ(0, timestamp.ToTimeT());
111 std::string
expected_buffer(
112 "\x0\x0\x0\x0\x1\x39\xFE\x35\x3C\xF5\x61\x62\x63\x0\x0", 15);
113 EXPECT_EQ(expected_buffer
, encoded
);
116 TEST_F(CtSerializationTest
, DecodesSCTList
) {
117 // Two items in the list: "abc", "def"
118 base::StringPiece
encoded("\x0\xa\x0\x3\x61\x62\x63\x0\x3\x64\x65\x66", 12);
119 std::vector
<base::StringPiece
> decoded
;
121 ASSERT_TRUE(ct::DecodeSCTList(&encoded
, &decoded
));
122 ASSERT_STREQ("abc", decoded
[0].data());
123 ASSERT_STREQ("def", decoded
[1].data());
126 TEST_F(CtSerializationTest
, FailsDecodingInvalidSCTList
) {
127 // A list with one item that's too short
128 base::StringPiece
encoded("\x0\xa\x0\x3\x61\x62\x63\x0\x5\x64\x65\x66", 12);
129 std::vector
<base::StringPiece
> decoded
;
131 ASSERT_FALSE(ct::DecodeSCTList(&encoded
, &decoded
));
134 TEST_F(CtSerializationTest
, DecodesSignedCertificateTimestamp
) {
135 std::string
encoded_test_sct(ct::GetTestSignedCertificateTimestamp());
136 base::StringPiece
encoded_sct(encoded_test_sct
);
138 scoped_refptr
<ct::SignedCertificateTimestamp
> sct
;
139 ASSERT_TRUE(ct::DecodeSignedCertificateTimestamp(&encoded_sct
, &sct
));
140 EXPECT_EQ(0, sct
->version
);
141 EXPECT_EQ(ct::GetTestPublicKeyId(), sct
->log_id
);
142 base::Time expected_time
= base::Time::UnixEpoch() +
143 base::TimeDelta::FromMilliseconds(1365181456089);
144 EXPECT_EQ(expected_time
, sct
->timestamp
);
145 // Subtracting 4 bytes for signature data (hash & sig algs),
146 // actual signature data should be 71 bytes.
147 EXPECT_EQ((size_t) 71, sct
->signature
.signature_data
.size());
148 EXPECT_TRUE(sct
->extensions
.empty());
151 TEST_F(CtSerializationTest
, FailsDecodingInvalidSignedCertificateTimestamp
) {
153 base::StringPiece
invalid_version_sct("\x2\x0", 2);
154 scoped_refptr
<ct::SignedCertificateTimestamp
> sct
;
157 ct::DecodeSignedCertificateTimestamp(&invalid_version_sct
, &sct
));
159 // Valid version, invalid length (missing data)
160 base::StringPiece
invalid_length_sct("\x0\xa\xb\xc", 4);
162 ct::DecodeSignedCertificateTimestamp(&invalid_length_sct
, &sct
));
165 TEST_F(CtSerializationTest
, EncodesValidSignedTreeHead
) {
166 ct::SignedTreeHead signed_tree_head
;
167 GetSampleSignedTreeHead(&signed_tree_head
);
170 ct::EncodeTreeHeadSignature(signed_tree_head
, &encoded
);
171 // Expected size is 50 bytes:
172 // Byte 0 is version, byte 1 is signature type
173 // Bytes 2-9 are timestamp
174 // Bytes 10-17 are tree size
175 // Bytes 18-49 are sha256 root hash
176 ASSERT_EQ(50u, encoded
.length());
177 std::string
expected_buffer(
178 "\x0\x1\x0\x0\x1\x45\x3c\x5f\xb8\x35\x0\x0\x0\x0\x0\x0\x0\x15", 18);
179 expected_buffer
.append(ct::GetSampleSTHSHA256RootHash());
180 ASSERT_EQ(expected_buffer
, encoded
);