search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bug 1941128 - Turn off network.dns.native_https_query on Mac again
[gecko.git] / security / ct / tests / gtest / CTTestUtils.cpp
blob05f588b77fde7680f1d3c490aa43308fb23b5ce5
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7 #include "CTTestUtils.h"
8
9 #include <stdint.h>
10 #include <iomanip>
11
12 #include "BTTypes.h"
13 #include "CTSerialization.h"
14 #include "gtest/gtest.h"
15 #include "mozpkix/Input.h"
16 #include "mozpkix/pkix.h"
17 #include "mozpkix/pkixnss.h"
18 #include "mozpkix/pkixtypes.h"
19 #include "mozpkix/Result.h"
20 #include "mozpkix/pkixcheck.h"
21 #include "mozpkix/pkixutil.h"
22 #include "SignedCertificateTimestamp.h"
23
24 namespace mozilla {
25 namespace ct {
26
27 using namespace mozilla::pkix;
28
29 // The following test vectors are from the CT test data repository at
30 // https://github.com/google/certificate-transparency/tree/master/test/testdata
31
32 // test-cert.pem
33 const char kDefaultDerCert[] =
34 "308202ca30820233a003020102020106300d06092a864886f70d01010505003055310b3009"
35 "06035504061302474231243022060355040a131b4365727469666963617465205472616e73"
36 "706172656e6379204341310e300c0603550408130557616c65733110300e06035504071307"
37 "4572772057656e301e170d3132303630313030303030305a170d3232303630313030303030"
38 "305a3052310b30090603550406130247423121301f060355040a1318436572746966696361"
39 "7465205472616e73706172656e6379310e300c0603550408130557616c65733110300e0603"
40 "55040713074572772057656e30819f300d06092a864886f70d010101050003818d00308189"
41 "02818100b1fa37936111f8792da2081c3fe41925008531dc7f2c657bd9e1de4704160b4c9f"
42 "19d54ada4470404c1c51341b8f1f7538dddd28d9aca48369fc5646ddcc7617f8168aae5b41"
43 "d43331fca2dadfc804d57208949061f9eef902ca47ce88c644e000f06eeeccabdc9dd2f68a"
44 "22ccb09dc76e0dbc73527765b1a37a8c676253dcc10203010001a381ac3081a9301d060355"
45 "1d0e041604146a0d982a3b62c44b6d2ef4e9bb7a01aa9cb798e2307d0603551d2304763074"
46 "80145f9d880dc873e654d4f80dd8e6b0c124b447c355a159a4573055310b30090603550406"
47 "1302474231243022060355040a131b4365727469666963617465205472616e73706172656e"
48 "6379204341310e300c0603550408130557616c65733110300e060355040713074572772057"
49 "656e82010030090603551d1304023000300d06092a864886f70d010105050003818100171c"
50 "d84aac414a9a030f22aac8f688b081b2709b848b4e5511406cd707fed028597a9faefc2eee"
51 "2978d633aaac14ed3235197da87e0f71b8875f1ac9e78b281749ddedd007e3ecf50645f8cb"
52 "f667256cd6a1647b5e13203bb8582de7d6696f656d1c60b95f456b7fcf338571908f1c6972"
53 "7d24c4fccd249295795814d1dac0e6";
54
55 // key hash of test-cert.pem's issuer (ca-cert.pem)
56 const char kDefaultIssuerKeyHash[] =
57 "02adddca08b8bf9861f035940c940156d8350fdff899a6239c6bd77255b8f8fc";
58
59 const char kDefaultDerTbsCert[] =
60 "30820233a003020102020107300d06092a864886f70d01010505003055310b300906035504"
61 "061302474231243022060355040a131b4365727469666963617465205472616e7370617265"
62 "6e6379204341310e300c0603550408130557616c65733110300e0603550407130745727720"
63 "57656e301e170d3132303630313030303030305a170d3232303630313030303030305a3052"
64 "310b30090603550406130247423121301f060355040a131843657274696669636174652054"
65 "72616e73706172656e6379310e300c0603550408130557616c65733110300e060355040713"
66 "074572772057656e30819f300d06092a864886f70d010101050003818d0030818902818100"
67 "beef98e7c26877ae385f75325a0c1d329bedf18faaf4d796bf047eb7e1ce15c95ba2f80ee4"
68 "58bd7db86f8a4b252191a79bd700c38e9c0389b45cd4dc9a120ab21e0cb41cd0e72805a410"
69 "cd9c5bdb5d4927726daf1710f60187377ea25b1a1e39eed0b88119dc154dc68f7da8e30caf"
70 "158a33e6c9509f4a05b01409ff5dd87eb50203010001a381ac3081a9301d0603551d0e0416"
71 "04142031541af25c05ffd8658b6843794f5e9036f7b4307d0603551d230476307480145f9d"
72 "880dc873e654d4f80dd8e6b0c124b447c355a159a4573055310b3009060355040613024742"
73 "31243022060355040a131b4365727469666963617465205472616e73706172656e63792043"
74 "41310e300c0603550408130557616c65733110300e060355040713074572772057656e8201"
75 "0030090603551d1304023000";
76
77 // DigitallySigned of test-cert.proof
78 const char kTestDigitallySigned[] =
79 "0403004730450220606e10ae5c2d5a1b0aed49dc4937f48de71a4e9784e9c208dfbfe9ef53"
80 "6cf7f2022100beb29c72d7d06d61d06bdb38a069469aa86fe12e18bb7cc45689a2c0187ef5"
81 "a5";
82
83 // test-cert.proof
84 const char kTestSignedCertificateTimestamp[] =
85 "00df1c2ec11500945247a96168325ddc5c7959e8f7c6d388fc002e0bbd3f74d7640000013d"
86 "db27ded900000403004730450220606e10ae5c2d5a1b0aed49dc4937f48de71a4e9784e9c2"
87 "08dfbfe9ef536cf7f2022100beb29c72d7d06d61d06bdb38a069469aa86fe12e18bb7cc456"
88 "89a2c0187ef5a5";
89
90 // ct-server-key-public.pem
91 const char kEcP256PublicKey[] =
92 "3059301306072a8648ce3d020106082a8648ce3d0301070342000499783cb14533c0161a5a"
93 "b45bf95d08a29cd0ea8dd4c84274e2be59ad15c676960cf0afa1074a57ac644b23479e5b3f"
94 "b7b245eb4b420ef370210371a944beaceb";
95
96 // key id (sha256) of ct-server-key-public.pem
97 const char kTestKeyId[] =
98 "df1c2ec11500945247a96168325ddc5c7959e8f7c6d388fc002e0bbd3f74d764";
99
100 // signature field of DigitallySigned from test-cert.proof
101 const char kTestSCTSignatureData[] =
102 "30450220606e10ae5c2d5a1b0aed49dc4937f48de71a4e9784e9c208dfbfe9ef536cf7f202"
103 "2100beb29c72d7d06d61d06bdb38a069469aa86fe12e18bb7cc45689a2c0187ef5a5";
104
105 // signature field of DigitallySigned from test-embedded-pre-cert.proof
106 const char kTestSCTPrecertSignatureData[] =
107 "30450220482f6751af35dba65436be1fd6640f3dbf9a41429495924530288fa3e5e23e0602"
108 "2100e4edc0db3ac572b1e2f5e8ab6a680653987dcf41027dfeffa105519d89edbf08";
109
110 // test-embedded-cert.pem
111 const char kTestEmbeddedCertData[] =
112 "30820359308202c2a003020102020107300d06092a864886f70d01010505"
113 "003055310b300906035504061302474231243022060355040a131b436572"
114 "7469666963617465205472616e73706172656e6379204341310e300c0603"
115 "550408130557616c65733110300e060355040713074572772057656e301e"
116 "170d3132303630313030303030305a170d3232303630313030303030305a"
117 "3052310b30090603550406130247423121301f060355040a131843657274"
118 "69666963617465205472616e73706172656e6379310e300c060355040813"
119 "0557616c65733110300e060355040713074572772057656e30819f300d06"
120 "092a864886f70d010101050003818d0030818902818100beef98e7c26877"
121 "ae385f75325a0c1d329bedf18faaf4d796bf047eb7e1ce15c95ba2f80ee4"
122 "58bd7db86f8a4b252191a79bd700c38e9c0389b45cd4dc9a120ab21e0cb4"
123 "1cd0e72805a410cd9c5bdb5d4927726daf1710f60187377ea25b1a1e39ee"
124 "d0b88119dc154dc68f7da8e30caf158a33e6c9509f4a05b01409ff5dd87e"
125 "b50203010001a382013a30820136301d0603551d0e041604142031541af2"
126 "5c05ffd8658b6843794f5e9036f7b4307d0603551d230476307480145f9d"
127 "880dc873e654d4f80dd8e6b0c124b447c355a159a4573055310b30090603"
128 "5504061302474231243022060355040a131b436572746966696361746520"
129 "5472616e73706172656e6379204341310e300c0603550408130557616c65"
130 "733110300e060355040713074572772057656e82010030090603551d1304"
131 "02300030818a060a2b06010401d679020402047c047a0078007600df1c2e"
132 "c11500945247a96168325ddc5c7959e8f7c6d388fc002e0bbd3f74d76400"
133 "00013ddb27df9300000403004730450220482f6751af35dba65436be1fd6"
134 "640f3dbf9a41429495924530288fa3e5e23e06022100e4edc0db3ac572b1"
135 "e2f5e8ab6a680653987dcf41027dfeffa105519d89edbf08300d06092a86"
136 "4886f70d0101050500038181008a0c4bef099d479279afa0a28e689f91e1"
137 "c4421be2d269a2ea6ca4e8215ddeddca1504a11e7c87c4b77e80f0e97903"
138 "5268f27ca20e166804ae556f316981f96a394ab7abfd3e255ac0044513fe"
139 "76570c6795abe4703133d303f89f3afa6bbcfc517319dfd95b934241211f"
140 "634035c3d078307a68c6075a2e20c89f36b8910ca0";
141
142 const char kTestTbsCertData[] =
143 "30820233a003020102020107300d06092a864886f70d0101050500305531"
144 "0b300906035504061302474231243022060355040a131b43657274696669"
145 "63617465205472616e73706172656e6379204341310e300c060355040813"
146 "0557616c65733110300e060355040713074572772057656e301e170d3132"
147 "303630313030303030305a170d3232303630313030303030305a3052310b"
148 "30090603550406130247423121301f060355040a13184365727469666963"
149 "617465205472616e73706172656e6379310e300c0603550408130557616c"
150 "65733110300e060355040713074572772057656e30819f300d06092a8648"
151 "86f70d010101050003818d0030818902818100beef98e7c26877ae385f75"
152 "325a0c1d329bedf18faaf4d796bf047eb7e1ce15c95ba2f80ee458bd7db8"
153 "6f8a4b252191a79bd700c38e9c0389b45cd4dc9a120ab21e0cb41cd0e728"
154 "05a410cd9c5bdb5d4927726daf1710f60187377ea25b1a1e39eed0b88119"
155 "dc154dc68f7da8e30caf158a33e6c9509f4a05b01409ff5dd87eb5020301"
156 "0001a381ac3081a9301d0603551d0e041604142031541af25c05ffd8658b"
157 "6843794f5e9036f7b4307d0603551d230476307480145f9d880dc873e654"
158 "d4f80dd8e6b0c124b447c355a159a4573055310b30090603550406130247"
159 "4231243022060355040a131b4365727469666963617465205472616e7370"
160 "6172656e6379204341310e300c0603550408130557616c65733110300e06"
161 "0355040713074572772057656e82010030090603551d1304023000";
162
163 // test-embedded-with-preca-cert.pem
164 const char kTestEmbeddedWithPreCaCertData[] =
165 "30820359308202c2a003020102020108300d06092a864886f70d01010505"
166 "003055310b300906035504061302474231243022060355040a131b436572"
167 "7469666963617465205472616e73706172656e6379204341310e300c0603"
168 "550408130557616c65733110300e060355040713074572772057656e301e"
169 "170d3132303630313030303030305a170d3232303630313030303030305a"
170 "3052310b30090603550406130247423121301f060355040a131843657274"
171 "69666963617465205472616e73706172656e6379310e300c060355040813"
172 "0557616c65733110300e060355040713074572772057656e30819f300d06"
173 "092a864886f70d010101050003818d0030818902818100afaeeacac51ab7"
174 "cebdf9eacae7dd175295e193955a17989aef8d97ab7cdff7761093c0b823"
175 "d2a4e3a51a17b86f28162b66a2538935ebecdc1036233da2dd6531b0c63b"
176 "cc68761ebdc854037b77399246b870a7b72b14c9b1667de09a9640ed9f3f"
177 "3c725d950b4d26559869fe7f1e919a66eb76d35c0117c6bcd0d8cfd21028"
178 "b10203010001a382013a30820136301d0603551d0e04160414612c64efac"
179 "79b728397c9d93e6df86465fa76a88307d0603551d230476307480145f9d"
180 "880dc873e654d4f80dd8e6b0c124b447c355a159a4573055310b30090603"
181 "5504061302474231243022060355040a131b436572746966696361746520"
182 "5472616e73706172656e6379204341310e300c0603550408130557616c65"
183 "733110300e060355040713074572772057656e82010030090603551d1304"
184 "02300030818a060a2b06010401d679020402047c047a0078007600df1c2e"
185 "c11500945247a96168325ddc5c7959e8f7c6d388fc002e0bbd3f74d76400"
186 "00013ddb27e05b000004030047304502207aa79604c47480f3727b084f90"
187 "b3989f79091885e00484431a2a297cbf3a355c022100b49fd8120b0d644c"
188 "d7e75269b4da6317a9356cb950224fc11cc296b2e39b2386300d06092a86"
189 "4886f70d010105050003818100a3a86c41ad0088a25aedc4e7b529a2ddbf"
190 "9e187ffb362157e9302d961b73b43cba0ae1e230d9e45049b7e8c924792e"
191 "bbe7d175baa87b170dfad8ee788984599d05257994084e2e0e796fca5836"
192 "881c3e053553e06ab230f919089b914e4a8e2da45f8a87f2c81a25a61f04"
193 "fe1cace60155653827d41fad9f0658f287d058192c";
194
195 // ca-cert.pem
196 const char kCaCertData[] =
197 "308202d030820239a003020102020100300d06092a864886f70d01010505"
198 "003055310b300906035504061302474231243022060355040a131b436572"
199 "7469666963617465205472616e73706172656e6379204341310e300c0603"
200 "550408130557616c65733110300e060355040713074572772057656e301e"
201 "170d3132303630313030303030305a170d3232303630313030303030305a"
202 "3055310b300906035504061302474231243022060355040a131b43657274"
203 "69666963617465205472616e73706172656e6379204341310e300c060355"
204 "0408130557616c65733110300e060355040713074572772057656e30819f"
205 "300d06092a864886f70d010101050003818d0030818902818100d58a6853"
206 "6210a27119936e778321181c2a4013c6d07b8c76eb9157d3d0fb4b3b516e"
207 "cecbd1c98d91c52f743fab635d55099cd13abaf31ae541442451a74c7816"
208 "f2243cf848cf2831cce67ba04a5a23819f3cba37e624d9c3bdb299b839dd"
209 "fe2631d2cb3a84fc7bb2b5c52fcfc14fff406f5cd44669cbb2f7cfdf86fb"
210 "6ab9d1b10203010001a381af3081ac301d0603551d0e041604145f9d880d"
211 "c873e654d4f80dd8e6b0c124b447c355307d0603551d230476307480145f"
212 "9d880dc873e654d4f80dd8e6b0c124b447c355a159a4573055310b300906"
213 "035504061302474231243022060355040a131b4365727469666963617465"
214 "205472616e73706172656e6379204341310e300c0603550408130557616c"
215 "65733110300e060355040713074572772057656e820100300c0603551d13"
216 "040530030101ff300d06092a864886f70d0101050500038181000608cc4a"
217 "6d64f2205e146c04b276f92b0efa94a5daf23afc3806606d3990d0a1ea23"
218 "3d40295769463b046661e7fa1d179915209aea2e0a775176411227d7c003"
219 "07c7470e61584fd7334224727f51d690bc47a9df354db0f6eb25955de189"
220 "3c4dd5202b24a2f3e440d274b54e1bd376269ca96289b76ecaa41090e14f"
221 "3b0a942e";
222
223 // intermediate-cert.pem
224 const char kIntermediateCertData[] =
225 "308202dd30820246a003020102020109300d06092a864886f70d01010505"
226 "003055310b300906035504061302474231243022060355040a131b436572"
227 "7469666963617465205472616e73706172656e6379204341310e300c0603"
228 "550408130557616c65733110300e060355040713074572772057656e301e"
229 "170d3132303630313030303030305a170d3232303630313030303030305a"
230 "3062310b30090603550406130247423131302f060355040a132843657274"
231 "69666963617465205472616e73706172656e637920496e7465726d656469"
232 "617465204341310e300c0603550408130557616c65733110300e06035504"
233 "0713074572772057656e30819f300d06092a864886f70d01010105000381"
234 "8d0030818902818100d76a678d116f522e55ff821c90642508b7074b14d7"
235 "71159064f7927efdedb87135a1365ee7de18cbd5ce865f860c78f433b4d0"
236 "d3d3407702e7a3ef542b1dfe9bbaa7cdf94dc5975fc729f86f105f381b24"
237 "3535cf9c800f5ca780c1d3c84400ee65d16ee9cf52db8adffe50f5c49335"
238 "0b2190bf50d5bc36f3cac5a8daae92cd8b0203010001a381af3081ac301d"
239 "0603551d0e04160414965508050278479e8773764131bc143a47e229ab30"
240 "7d0603551d230476307480145f9d880dc873e654d4f80dd8e6b0c124b447"
241 "c355a159a4573055310b300906035504061302474231243022060355040a"
242 "131b4365727469666963617465205472616e73706172656e637920434131"
243 "0e300c0603550408130557616c65733110300e0603550407130745727720"
244 "57656e820100300c0603551d13040530030101ff300d06092a864886f70d"
245 "0101050500038181002206dab1c66b71dce095c3f6aa2ef72cf7761be7ab"
246 "d7fc39c31a4cfe1bd96d6734ca82f22dde5a0c8bbbdd825d7b6f3e7612ad"
247 "8db300a7e21169886023262284c3aa5d2191efda10bf9235d37b3a2a340d"
248 "59419b94a48566f3fac3cd8b53d5a4e98270ead297b07210f9ce4a2138b1"
249 "8811143b93fa4e7a87dd37e1385f2c2908";
250
251 // test-embedded-with-intermediate-cert.pem
252 const char kTestEmbeddedWithIntermediateCertData[] =
253 "30820366308202cfa003020102020102300d06092a864886f70d01010505"
254 "003062310b30090603550406130247423131302f060355040a1328436572"
255 "7469666963617465205472616e73706172656e637920496e7465726d6564"
256 "69617465204341310e300c0603550408130557616c65733110300e060355"
257 "040713074572772057656e301e170d3132303630313030303030305a170d"
258 "3232303630313030303030305a3052310b30090603550406130247423121"
259 "301f060355040a13184365727469666963617465205472616e7370617265"
260 "6e6379310e300c0603550408130557616c65733110300e06035504071307"
261 "4572772057656e30819f300d06092a864886f70d010101050003818d0030"
262 "818902818100bb272b26e5deb5459d4acca027e8f12a4d839ac3730a6a10"
263 "9ff7e25498ddbd3f1895d08ba41f8de34967a3a086ce13a90dd5adbb5418"
264 "4bdc08e1ac7826adb8dc9c717bfd7da5b41b4db1736e00f1dac3cec9819c"
265 "cb1a28ba120b020a820e940dd61f95b5432a4bc05d0818f18ce2154eb38d"
266 "2fa7d22d72b976e560db0c7fc77f0203010001a382013a30820136301d06"
267 "03551d0e04160414b1b148e658e703f5f7f3105f20b3c384d7eff1bf307d"
268 "0603551d23047630748014965508050278479e8773764131bc143a47e229"
269 "aba159a4573055310b300906035504061302474231243022060355040a13"
270 "1b4365727469666963617465205472616e73706172656e6379204341310e"
271 "300c0603550408130557616c65733110300e060355040713074572772057"
272 "656e82010930090603551d130402300030818a060a2b06010401d6790204"
273 "02047c047a0078007600df1c2ec11500945247a96168325ddc5c7959e8f7"
274 "c6d388fc002e0bbd3f74d7640000013ddb27e2a400000403004730450221"
275 "00a6d34517f3392d9ec5d257adf1c597dc45bd4cd3b73856c616a9fb99e5"
276 "ae75a802205e26c8d1c7e222fe8cda29baeb04a834ee97d34fd81718f1aa"
277 "e0cd66f4b8a93f300d06092a864886f70d0101050500038181000f95a5b4"
278 "e128a914b1e88be8b32964221b58f4558433d020a8e246cca65a40bcbf5f"
279 "2d48933ebc99be6927ca756472fb0bdc7f505f41f462f2bc19d0b299c990"
280 "918df8820f3d31db37979e8bad563b17f00ae67b0f8731c106c943a73bf5"
281 "36af168afe21ef4adfcae19a3cc074899992bf506bc5ce1decaaf07ffeeb"
282 "c805c039";
283
284 // test-embedded-with-intermediate-preca-cert.pem
285 const char kTestEmbeddedWithIntermediatePreCaCertData[] =
286 "30820366308202cfa003020102020103300d06092a864886f70d01010505"
287 "003062310b30090603550406130247423131302f060355040a1328436572"
288 "7469666963617465205472616e73706172656e637920496e7465726d6564"
289 "69617465204341310e300c0603550408130557616c65733110300e060355"
290 "040713074572772057656e301e170d3132303630313030303030305a170d"
291 "3232303630313030303030305a3052310b30090603550406130247423121"
292 "301f060355040a13184365727469666963617465205472616e7370617265"
293 "6e6379310e300c0603550408130557616c65733110300e06035504071307"
294 "4572772057656e30819f300d06092a864886f70d010101050003818d0030"
295 "818902818100d4497056cdfc65e1342cc3df6e654b8af0104702acd2275c"
296 "7d3fb1fc438a89b212110d6419bcc13ae47d64bba241e6706b9ed627f8b3"
297 "4a0d7dff1c44b96287c54bea9d10dc017bceb64f7b6aff3c35a474afec40"
298 "38ab3640b0cd1fb0582ec03b179a2776c8c435d14ab4882d59d7b724fa37"
299 "7ca6db08392173f9c6056b3abadf0203010001a382013a30820136301d06"
300 "03551d0e0416041432da5518d87f1d26ea2767973c0bef286e786a4a307d"
301 "0603551d23047630748014965508050278479e8773764131bc143a47e229"
302 "aba159a4573055310b300906035504061302474231243022060355040a13"
303 "1b4365727469666963617465205472616e73706172656e6379204341310e"
304 "300c0603550408130557616c65733110300e060355040713074572772057"
305 "656e82010930090603551d130402300030818a060a2b06010401d6790204"
306 "02047c047a0078007600df1c2ec11500945247a96168325ddc5c7959e8f7"
307 "c6d388fc002e0bbd3f74d7640000013ddb27e3be00000403004730450221"
308 "00d9f61a07fee021e3159f3ca2f570d833ff01374b2096cba5658c5e16fb"
309 "43eb3002200b76fe475138d8cf76833831304dabf043eb1213c96e13ff4f"
310 "a37f7cd3c8dc1f300d06092a864886f70d01010505000381810088ee4e9e"
311 "5eed6b112cc764b151ed929400e9406789c15fbbcfcdab2f10b400234139"
312 "e6ce65c1e51b47bf7c8950f80bccd57168567954ed35b0ce9346065a5eae"
313 "5bf95d41da8e27cee9eeac688f4bd343f9c2888327abd8b9f68dcb1e3050"
314 "041d31bda8e2dd6d39b3664de5ce0870f5fc7e6a00d6ed00528458d953d2"
315 "37586d73";
316
317 // Given the ordered set of data [ 0x00, 0x01, 0x02, deadbeef ],
318 // the 'inclusion proof' of the leaf of index '2' (for '0x02') is created from
319 // the Merkle Tree generated for that set of data.
320 // A Merkle inclusion proof for a leaf in a Merkle Tree is the shortest list
321 // of additional nodes in the Merkle Tree required to compute the Merkle Tree
322 // Hash (also called 'Merkle Tree head') for that tree.
323 // This follows the structure defined in RFC 6962-bis.
324 //
325 // https://tools.ietf.org/html/draft-ietf-trans-rfc6962-bis-24#section-2.1
326
327 const char kTestInclusionProof[] =
328 "020100" // logId
329 "0000000000000004" // tree size
330 "0000000000000002" // leaf index
331 "0042" // inclusion path length
332 "2048c90c8ae24688d6bef5d48a30c2cc8b6754335a8db21793cc0a8e3bed32172"
333 "9" // node
334 // hash
335 // 0
336 "20a20bf9a7cc2dc8a08f5f415a71b19f6ac427bab54d24eec868b5d3103449953"
337 "a"; // node
338 // hash
339 // 1
340
341 const char kTestNodeHash0[] =
342 "48c90c8ae24688d6bef5d48a30c2cc8b6754335a8db21793cc0a8e3bed321729";
343
344 const char kTestNodeHash1[] =
345 "a20bf9a7cc2dc8a08f5f415a71b19f6ac427bab54d24eec868b5d3103449953a";
346
347 const char kTestInclusionProofUnexpectedData[] = "12345678";
348
349 const char kTestInclusionProofInvalidHashSize[] =
350 "020100" // logId
351 "0000000000000004" // treesize
352 "0000000000000002" // leafindex
353 "0042" // inclusion path length
354 "3048c90c8ae24688d6bef5d48a30c2cc8b6754335a8db21793cc0a8e3bed32172"
355 "9" // invalid hash size
356 "20a20bf9a7cc2dc8a08f5f415a71b19f6ac427bab54d24eec868b5d3103449953"
357 "a"; // node hash 1
358
359 const char kTestInclusionProofInvalidHash[] =
360 "020100" // logId
361 "0000000000000004" // treesize
362 "0000000000000002" // leafindex
363 "0042" // inclusion path length
364 "2048c90c8ae24688d6bef5d48a30c2cc8b6754335a8db21793cc0a8e3bed32172"
365 "9" // node
366 // hash
367 // 0
368 "20a20bf9a7cc2dc8a08f5f415a71b19f6ac427"; // truncated node hash 1
369
370 const char kTestInclusionProofMissingLogId[] =
371 "0000000000000004" // treesize
372 "0000000000000002" // leafindex
373 "0042"
374 "2048c90c8ae24688d6bef5d48a30c2cc8b6754335a8db21793cc0a8e3bed32172"
375 "9" // node
376 // hash
377 // 0
378 "20a20bf9a7cc2dc8a08f5f415a71b19f6ac427bab54d24eec868b5d3103449953"
379 "a"; // node
380 // hash
381 // 1
382
383 const char kTestInclusionProofNullPathLength[] =
384 "020100"
385 "0000000000000004" // treesize
386 "0000000000000002" // leafindex
387 "0000"
388 "2048c90c8ae24688d6bef5d48a30c2cc8b6754335a8db21793cc0a8e3bed32172"
389 "9" // node
390 // hash
391 // 0
392 "20a20bf9a7cc2dc8a08f5f415a71b19f6ac427bab54d24eec868b5d3103449953"
393 "a"; // node
394 // hash
395 // 1
396
397 const char kTestInclusionProofPathLengthTooSmall[] =
398 "020100"
399 "0000000000000004" // treesize
400 "0000000000000002" // leafindex
401 "0036"
402 "2048c90c8ae24688d6bef5d48a30c2cc8b6754335a8db21793cc0a8e3bed32172"
403 "9" // node
404 // hash
405 // 0
406 "20a20bf9a7cc2dc8a08f5f415a71b19f6ac427bab54d24eec868b5d3103449953"
407 "a"; // node
408 // hash
409 // 1
410
411 const char kTestInclusionProofPathLengthTooLarge[] =
412 "020100"
413 "0000000000000004" // treesize
414 "0000000000000002" // leafindex
415 "0080"
416 "2048c90c8ae24688d6bef5d48a30c2cc8b6754335a8db21793cc0a8e3bed32172"
417 "9" // node
418 // hash
419 // 0
420 "20a20bf9a7cc2dc8a08f5f415a71b19f6ac427bab54d24eec868b5d3103449953"
421 "a"; // node
422 // hash
423 // 1
424
425 const char kTestInclusionProofNullTreeSize[] =
426 "020100"
427 "0000000000000000" // treesize
428 "0000000000000002" // leafindex
429 "0042"
430 "2048c90c8ae24688d6bef5d48a30c2cc8b6754335a8db21793cc0a8e3bed32172"
431 "9" // node
432 // hash
433 // 0
434 "20a20bf9a7cc2dc8a08f5f415a71b19f6ac427bab54d24eec868b5d3103449953"
435 "a"; // node
436 // hash
437 // 1
438
439 const char kTestInclusionProofLeafIndexOutOfBounds[] =
440 "020100"
441 "0000000000000004" // treesize
442 "0000000000000004" // leafindex
443 "0042"
444 "2048c90c8ae24688d6bef5d48a30c2cc8b6754335a8db21793cc0a8e3bed32172"
445 "9" // node
446 // hash
447 // 0
448 "20a20bf9a7cc2dc8a08f5f415a71b19f6ac427bab54d24eec868b5d3103449953"
449 "a"; // node
450 // hash
451 // 1
452
453 const char kTestInclusionProofExtraData[] =
454 "020100" // logId
455 "0000000000000004" // tree size
456 "0000000000000002" // leaf index
457 "0042" // inclusion path length
458 "2048c90c8ae24688d6bef5d48a30c2cc8b6754335a8db21793cc0a8e3bed32172"
459 "9" // node
460 // hash
461 // 0
462 "20a20bf9a7cc2dc8a08f5f415a71b19f6ac427bab54d24eec868b5d3103449953"
463 "a" // node
464 // hash
465 // 1
466 "123456"; // extra data after the proof
467
468 static uint8_t CharToByte(char c) {
469 if (c >= '0' && c <= '9') {
470 return c - '0';
471 }
472 if (c >= 'a' && c <= 'f') {
473 return c - 'a' + 10;
474 }
475 if (c >= 'A' && c <= 'F') {
476 return c - 'A' + 10;
477 }
478 abort();
479 }
480
481 Buffer HexToBytes(const char* hexData) {
482 size_t hexLen = strlen(hexData);
483 if (!(hexLen > 0 && (hexLen % 2 == 0))) {
484 abort();
485 }
486 size_t resultLen = hexLen / 2;
487 Buffer result;
488 result.reserve(resultLen);
489 for (size_t i = 0; i < resultLen; ++i) {
490 uint8_t hi = CharToByte(hexData[i * 2]);
491 uint8_t lo = CharToByte(hexData[i * 2 + 1]);
492 result.push_back((hi << 4) | lo);
493 }
494 return result;
495 }
496
497 void GetX509CertLogEntry(LogEntry& entry) {
498 entry.Reset();
499 entry.type = ct::LogEntry::Type::X509;
500 entry.leafCertificate = HexToBytes(kDefaultDerCert);
501 }
502
503 Buffer GetDEREncodedX509Cert() { return HexToBytes(kDefaultDerCert); }
504
505 void GetPrecertLogEntry(LogEntry& entry) {
506 entry.Reset();
507 entry.type = ct::LogEntry::Type::Precert;
508 entry.issuerKeyHash = HexToBytes(kDefaultIssuerKeyHash);
509 entry.tbsCertificate = HexToBytes(kDefaultDerTbsCert);
510 }
511
512 Buffer GetTestDigitallySigned() { return HexToBytes(kTestDigitallySigned); }
513
514 Buffer GetTestDigitallySignedData() {
515 Buffer encoded = GetTestDigitallySigned();
516 // The encoded buffer contains the signature data itself from the 4th byte.
517 // The first bytes are:
518 // 1 byte of hash algorithm
519 // 1 byte of signature algorithm
520 // 2 bytes - prefix containing length of the signature data.
521 Buffer result;
522 result.assign(encoded.begin() + 4, encoded.end());
523 return result;
524 }
525
526 Buffer GetTestSignedCertificateTimestamp() {
527 return HexToBytes(kTestSignedCertificateTimestamp);
528 }
529
530 Buffer GetTestInclusionProof() { return HexToBytes(kTestInclusionProof); }
531
532 Buffer GetTestInclusionProofUnexpectedData() {
533 return HexToBytes(kTestInclusionProofUnexpectedData);
534 }
535
536 Buffer GetTestInclusionProofInvalidHashSize() {
537 return HexToBytes(kTestInclusionProofInvalidHashSize);
538 }
539
540 Buffer GetTestInclusionProofInvalidHash() {
541 return HexToBytes(kTestInclusionProofInvalidHash);
542 }
543
544 Buffer GetTestInclusionProofMissingLogId() {
545 return HexToBytes(kTestInclusionProofMissingLogId);
546 }
547
548 Buffer GetTestInclusionProofNullPathLength() {
549 return HexToBytes(kTestInclusionProofNullPathLength);
550 }
551
552 Buffer GetTestInclusionProofPathLengthTooSmall() {
553 return HexToBytes(kTestInclusionProofPathLengthTooSmall);
554 }
555
556 Buffer GetTestInclusionProofPathLengthTooLarge() {
557 return HexToBytes(kTestInclusionProofPathLengthTooLarge);
558 }
559
560 Buffer GetTestInclusionProofNullTreeSize() {
561 return HexToBytes(kTestInclusionProofNullTreeSize);
562 }
563
564 Buffer GetTestInclusionProofLeafIndexOutOfBounds() {
565 return HexToBytes(kTestInclusionProofLeafIndexOutOfBounds);
566 }
567
568 Buffer GetTestInclusionProofExtraData() {
569 return HexToBytes(kTestInclusionProofExtraData);
570 }
571
572 Buffer GetTestNodeHash0() { return HexToBytes(kTestNodeHash0); }
573
574 Buffer GetTestNodeHash1() { return HexToBytes(kTestNodeHash1); }
575
576 Buffer GetTestPublicKey() { return HexToBytes(kEcP256PublicKey); }
577
578 Buffer GetTestPublicKeyId() { return HexToBytes(kTestKeyId); }
579
580 void GetX509CertSCT(SignedCertificateTimestamp& sct) {
581 sct.version = ct::SignedCertificateTimestamp::Version::V1;
582 sct.logId = HexToBytes(kTestKeyId);
583 // Time the log issued a SCT for this certificate, which is
584 // Fri Apr 5 10:04:16.089 2013
585 sct.timestamp = INT64_C(1365181456089);
586 sct.extensions.clear();
587
588 sct.signature.hashAlgorithm = ct::DigitallySigned::HashAlgorithm::SHA256;
589 sct.signature.signatureAlgorithm =
590 ct::DigitallySigned::SignatureAlgorithm::ECDSA;
591 sct.signature.signatureData = HexToBytes(kTestSCTSignatureData);
592 }
593
594 void GetPrecertSCT(SignedCertificateTimestamp& sct) {
595 sct.version = ct::SignedCertificateTimestamp::Version::V1;
596 sct.logId = HexToBytes(kTestKeyId);
597 // Time the log issued a SCT for this Precertificate, which is
598 // Fri Apr 5 10:04:16.275 2013
599 sct.timestamp = INT64_C(1365181456275);
600 sct.extensions.clear();
601
602 sct.signature.hashAlgorithm = ct::DigitallySigned::HashAlgorithm::SHA256;
603 sct.signature.signatureAlgorithm =
604 ct::DigitallySigned::SignatureAlgorithm::ECDSA;
605 sct.signature.signatureData = HexToBytes(kTestSCTPrecertSignatureData);
606 }
607
608 Buffer GetDefaultIssuerKeyHash() { return HexToBytes(kDefaultIssuerKeyHash); }
609
610 Buffer GetDEREncodedTestEmbeddedCert() {
611 return HexToBytes(kTestEmbeddedCertData);
612 }
613
614 Buffer GetDEREncodedTestTbsCert() { return HexToBytes(kTestTbsCertData); }
615
616 Buffer GetDEREncodedTestEmbeddedWithPreCACert() {
617 return HexToBytes(kTestEmbeddedWithPreCaCertData);
618 }
619
620 Buffer GetDEREncodedCACert() { return HexToBytes(kCaCertData); }
621
622 Buffer GetDEREncodedIntermediateCert() {
623 return HexToBytes(kIntermediateCertData);
624 }
625
626 Buffer GetDEREncodedTestEmbeddedWithIntermediateCert() {
627 return HexToBytes(kTestEmbeddedWithIntermediateCertData);
628 }
629
630 Buffer GetDEREncodedTestEmbeddedWithIntermediatePreCACert() {
631 return HexToBytes(kTestEmbeddedWithIntermediatePreCaCertData);
632 }
633
634 Buffer ExtractCertSPKI(Input cert) {
635 BackCert backCert(cert, EndEntityOrCA::MustBeEndEntity, nullptr);
636 if (backCert.Init() != Success) {
637 abort();
638 }
639
640 Input spkiInput = backCert.GetSubjectPublicKeyInfo();
641 Buffer spki;
642 InputToBuffer(spkiInput, spki);
643 return spki;
644 }
645
646 Buffer ExtractCertSPKI(const Buffer& cert) {
647 return ExtractCertSPKI(InputForBuffer(cert));
648 }
649
650 void ExtractEmbeddedSCTList(Input cert, Buffer& result) {
651 result.clear();
652 BackCert backCert(cert, EndEntityOrCA::MustBeEndEntity, nullptr);
653 ASSERT_EQ(Success, backCert.Init());
654 const Input* scts = backCert.GetSignedCertificateTimestamps();
655 if (scts) {
656 Input sctList;
657 ASSERT_EQ(Success, ExtractSignedCertificateTimestampListFromExtension(
658 *scts, sctList));
659 InputToBuffer(sctList, result);
660 }
661 }
662
663 void ExtractEmbeddedSCTList(const Buffer& cert, Buffer& result) {
664 ExtractEmbeddedSCTList(InputForBuffer(cert), result);
665 }
666
667 class OCSPExtensionTrustDomain : public TrustDomain {
668 public:
669 pkix::Result GetCertTrust(EndEntityOrCA, const CertPolicyId&, Input,
670 TrustLevel&) override {
671 ADD_FAILURE();
672 return pkix::Result::FATAL_ERROR_LIBRARY_FAILURE;
673 }
674
675 pkix::Result FindIssuer(Input, IssuerChecker&, Time) override {
676 ADD_FAILURE();
677 return pkix::Result::FATAL_ERROR_LIBRARY_FAILURE;
678 }
679
680 pkix::Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration,
681 const Input*, const Input*,
682 const Input*) override {
683 ADD_FAILURE();
684 return pkix::Result::FATAL_ERROR_LIBRARY_FAILURE;
685 }
686
687 pkix::Result IsChainValid(const DERArray&, Time,
688 const CertPolicyId&) override {
689 ADD_FAILURE();
690 return pkix::Result::FATAL_ERROR_LIBRARY_FAILURE;
691 }
692
693 pkix::Result DigestBuf(Input item, DigestAlgorithm digestAlg,
694 /*out*/ uint8_t* digestBuf,
695 size_t digestBufLen) override {
696 return DigestBufNSS(item, digestAlg, digestBuf, digestBufLen);
697 }
698
699 pkix::Result CheckSignatureDigestAlgorithm(DigestAlgorithm, EndEntityOrCA,
700 Time) override {
701 ADD_FAILURE();
702 return pkix::Result::FATAL_ERROR_LIBRARY_FAILURE;
703 }
704
705 pkix::Result CheckECDSACurveIsAcceptable(EndEntityOrCA, NamedCurve) override {
706 ADD_FAILURE();
707 return pkix::Result::FATAL_ERROR_LIBRARY_FAILURE;
708 }
709
710 pkix::Result VerifyECDSASignedData(Input data,
711 DigestAlgorithm digestAlgorithm,
712 Input signature,
713 Input subjectPublicKeyInfo) override {
714 return VerifyECDSASignedDataNSS(data, digestAlgorithm, signature,
715 subjectPublicKeyInfo, nullptr);
716 }
717
718 pkix::Result CheckRSAPublicKeyModulusSizeInBits(EndEntityOrCA,
719 unsigned int) override {
720 ADD_FAILURE();
721 return pkix::Result::FATAL_ERROR_LIBRARY_FAILURE;
722 }
723
724 pkix::Result VerifyRSAPKCS1SignedData(Input data,
725 DigestAlgorithm digestAlgorithm,
726 Input signature,
727 Input subjectPublicKeyInfo) override {
728 return VerifyRSAPKCS1SignedDataNSS(data, digestAlgorithm, signature,
729 subjectPublicKeyInfo, nullptr);
730 }
731
732 pkix::Result VerifyRSAPSSSignedData(Input data,
733 DigestAlgorithm digestAlgorithm,
734 Input signature,
735 Input subjectPublicKeyInfo) override {
736 return VerifyRSAPSSSignedDataNSS(data, digestAlgorithm, signature,
737 subjectPublicKeyInfo, nullptr);
738 }
739
740 pkix::Result CheckValidityIsAcceptable(Time, Time, EndEntityOrCA,
741 KeyPurposeId) override {
742 ADD_FAILURE();
743 return pkix::Result::FATAL_ERROR_LIBRARY_FAILURE;
744 }
745
746 pkix::Result NetscapeStepUpMatchesServerAuth(Time, bool&) override {
747 ADD_FAILURE();
748 return pkix::Result::FATAL_ERROR_LIBRARY_FAILURE;
749 }
750
751 void NoteAuxiliaryExtension(AuxiliaryExtension extension,
752 Input data) override {
753 if (extension != AuxiliaryExtension::SCTListFromOCSPResponse) {
754 ADD_FAILURE();
755 return;
756 }
757 InputToBuffer(data, signedCertificateTimestamps);
758 }
759
760 Buffer signedCertificateTimestamps;
761 };
762
763 void ExtractSCTListFromOCSPResponse(Input cert, Input issuerSPKI,
764 Input encodedResponse, Time time,
765 Buffer& result) {
766 result.clear();
767
768 BackCert backCert(cert, EndEntityOrCA::MustBeEndEntity, nullptr);
769 ASSERT_EQ(Success, backCert.Init());
770
771 CertID certID(backCert.GetIssuer(), issuerSPKI, backCert.GetSerialNumber());
772
773 bool expired;
774 OCSPExtensionTrustDomain trustDomain;
775 pkix::Result rv =
776 VerifyEncodedOCSPResponse(trustDomain, certID, time, /*time*/
777 1000, /*maxLifetimeInDays*/
778 encodedResponse, expired);
779 ASSERT_EQ(Success, rv);
780
781 result = std::move(trustDomain.signedCertificateTimestamps);
782 }
783
784 Input InputForBuffer(const Buffer& buffer) {
785 Input input;
786 if (input.Init(buffer.data(), buffer.size()) != Success) {
787 abort();
788 }
789 return input;
790 }
791
792 Input InputForSECItem(const SECItem& item) {
793 Input input;
794 if (input.Init(item.data, item.len) != Success) {
795 abort();
796 }
797 return input;
798 }
799
800 } // namespace ct
801 } // namespace mozilla
802
803 namespace mozilla {
804
805 std::ostream& operator<<(std::ostream& stream, const ct::Buffer& buffer) {
806 if (buffer.empty()) {
807 stream << "EMPTY";
808 } else {
809 for (size_t i = 0; i < buffer.size(); ++i) {
810 if (i >= 1000) {
811 stream << "...";
812 break;
813 }
814 stream << std::hex << std::setw(2) << std::setfill('0')
815 << static_cast<unsigned>(buffer[i]);
816 }
817 }
818 stream << std::dec;
819 return stream;
820 }
821
822 } // namespace mozilla