Coverage Report

Created: 2018-09-25 14:53

/src/mozilla-central/security/certverifier/tests/gtest/CTTestUtils.cpp
Line
Count
Source (jump to first uncovered line)
1
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
3
/* This Source Code Form is subject to the terms of the Mozilla Public
4
 * License, v. 2.0. If a copy of the MPL was not distributed with this
5
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7
#include "CTTestUtils.h"
8
9
#include <stdint.h>
10
#include <iomanip>
11
12
#include "BTInclusionProof.h"
13
#include "CTSerialization.h"
14
#include "gtest/gtest.h"
15
#include "mozilla/Assertions.h"
16
#include "mozilla/Move.h"
17
#include "mozilla/Vector.h"
18
#include "pkix/Input.h"
19
#include "pkix/pkix.h"
20
#include "pkix/pkixnss.h"
21
#include "pkix/pkixtypes.h"
22
#include "pkix/Result.h"
23
#include "pkixcheck.h"
24
#include "pkixutil.h"
25
#include "SignedCertificateTimestamp.h"
26
#include "SignedTreeHead.h"
27
28
namespace mozilla { namespace ct {
29
30
using namespace mozilla::pkix;
31
32
// The following test vectors are from the CT test data repository at
33
// https://github.com/google/certificate-transparency/tree/master/test/testdata
34
35
// test-cert.pem
36
const char kDefaultDerCert[] =
37
    "308202ca30820233a003020102020106300d06092a864886f70d01010505003055310b3009"
38
    "06035504061302474231243022060355040a131b4365727469666963617465205472616e73"
39
    "706172656e6379204341310e300c0603550408130557616c65733110300e06035504071307"
40
    "4572772057656e301e170d3132303630313030303030305a170d3232303630313030303030"
41
    "305a3052310b30090603550406130247423121301f060355040a1318436572746966696361"
42
    "7465205472616e73706172656e6379310e300c0603550408130557616c65733110300e0603"
43
    "55040713074572772057656e30819f300d06092a864886f70d010101050003818d00308189"
44
    "02818100b1fa37936111f8792da2081c3fe41925008531dc7f2c657bd9e1de4704160b4c9f"
45
    "19d54ada4470404c1c51341b8f1f7538dddd28d9aca48369fc5646ddcc7617f8168aae5b41"
46
    "d43331fca2dadfc804d57208949061f9eef902ca47ce88c644e000f06eeeccabdc9dd2f68a"
47
    "22ccb09dc76e0dbc73527765b1a37a8c676253dcc10203010001a381ac3081a9301d060355"
48
    "1d0e041604146a0d982a3b62c44b6d2ef4e9bb7a01aa9cb798e2307d0603551d2304763074"
49
    "80145f9d880dc873e654d4f80dd8e6b0c124b447c355a159a4573055310b30090603550406"
50
    "1302474231243022060355040a131b4365727469666963617465205472616e73706172656e"
51
    "6379204341310e300c0603550408130557616c65733110300e060355040713074572772057"
52
    "656e82010030090603551d1304023000300d06092a864886f70d010105050003818100171c"
53
    "d84aac414a9a030f22aac8f688b081b2709b848b4e5511406cd707fed028597a9faefc2eee"
54
    "2978d633aaac14ed3235197da87e0f71b8875f1ac9e78b281749ddedd007e3ecf50645f8cb"
55
    "f667256cd6a1647b5e13203bb8582de7d6696f656d1c60b95f456b7fcf338571908f1c6972"
56
    "7d24c4fccd249295795814d1dac0e6";
57
58
// key hash of test-cert.pem's issuer (ca-cert.pem)
59
const char kDefaultIssuerKeyHash[] =
60
    "02adddca08b8bf9861f035940c940156d8350fdff899a6239c6bd77255b8f8fc";
61
62
const char kDefaultDerTbsCert[] =
63
    "30820233a003020102020107300d06092a864886f70d01010505003055310b300906035504"
64
    "061302474231243022060355040a131b4365727469666963617465205472616e7370617265"
65
    "6e6379204341310e300c0603550408130557616c65733110300e0603550407130745727720"
66
    "57656e301e170d3132303630313030303030305a170d3232303630313030303030305a3052"
67
    "310b30090603550406130247423121301f060355040a131843657274696669636174652054"
68
    "72616e73706172656e6379310e300c0603550408130557616c65733110300e060355040713"
69
    "074572772057656e30819f300d06092a864886f70d010101050003818d0030818902818100"
70
    "beef98e7c26877ae385f75325a0c1d329bedf18faaf4d796bf047eb7e1ce15c95ba2f80ee4"
71
    "58bd7db86f8a4b252191a79bd700c38e9c0389b45cd4dc9a120ab21e0cb41cd0e72805a410"
72
    "cd9c5bdb5d4927726daf1710f60187377ea25b1a1e39eed0b88119dc154dc68f7da8e30caf"
73
    "158a33e6c9509f4a05b01409ff5dd87eb50203010001a381ac3081a9301d0603551d0e0416"
74
    "04142031541af25c05ffd8658b6843794f5e9036f7b4307d0603551d230476307480145f9d"
75
    "880dc873e654d4f80dd8e6b0c124b447c355a159a4573055310b3009060355040613024742"
76
    "31243022060355040a131b4365727469666963617465205472616e73706172656e63792043"
77
    "41310e300c0603550408130557616c65733110300e060355040713074572772057656e8201"
78
    "0030090603551d1304023000";
79
80
// DigitallySigned of test-cert.proof
81
const char kTestDigitallySigned[] =
82
    "0403004730450220606e10ae5c2d5a1b0aed49dc4937f48de71a4e9784e9c208dfbfe9ef53"
83
    "6cf7f2022100beb29c72d7d06d61d06bdb38a069469aa86fe12e18bb7cc45689a2c0187ef5"
84
    "a5";
85
86
// test-cert.proof
87
const char kTestSignedCertificateTimestamp[] =
88
    "00df1c2ec11500945247a96168325ddc5c7959e8f7c6d388fc002e0bbd3f74d7640000013d"
89
    "db27ded900000403004730450220606e10ae5c2d5a1b0aed49dc4937f48de71a4e9784e9c2"
90
    "08dfbfe9ef536cf7f2022100beb29c72d7d06d61d06bdb38a069469aa86fe12e18bb7cc456"
91
    "89a2c0187ef5a5";
92
93
// ct-server-key-public.pem
94
const char kEcP256PublicKey[] =
95
    "3059301306072a8648ce3d020106082a8648ce3d0301070342000499783cb14533c0161a5a"
96
    "b45bf95d08a29cd0ea8dd4c84274e2be59ad15c676960cf0afa1074a57ac644b23479e5b3f"
97
    "b7b245eb4b420ef370210371a944beaceb";
98
99
// key id (sha256) of ct-server-key-public.pem
100
const char kTestKeyId[] =
101
    "df1c2ec11500945247a96168325ddc5c7959e8f7c6d388fc002e0bbd3f74d764";
102
103
// signature field of DigitallySigned from test-cert.proof
104
const char kTestSCTSignatureData[] =
105
    "30450220606e10ae5c2d5a1b0aed49dc4937f48de71a4e9784e9c208dfbfe9ef536cf7f202"
106
    "2100beb29c72d7d06d61d06bdb38a069469aa86fe12e18bb7cc45689a2c0187ef5a5";
107
108
// signature field of DigitallySigned from test-embedded-pre-cert.proof
109
const char kTestSCTPrecertSignatureData[] =
110
    "30450220482f6751af35dba65436be1fd6640f3dbf9a41429495924530288fa3e5e23e0602"
111
    "2100e4edc0db3ac572b1e2f5e8ab6a680653987dcf41027dfeffa105519d89edbf08";
112
113
// For the sample STH
114
const char kSampleSTHSHA256RootHash[] =
115
    "726467216167397babca293dca398e4ce6b621b18b9bc42f30c900d1f92ac1e4";
116
const char kSampleSTHTreeHeadSignature[] =
117
    "0403004730450220365a91a2a88f2b9332f41d8959fa7086da7e6d634b7b089bc9da066426"
118
    "6c7a20022100e38464f3c0fd066257b982074f7ac87655e0c8f714768a050b4be9a7b441cb"
119
    "d3";
120
const size_t kSampleSTHTreeSize = 21u;
121
const uint64_t kSampleSTHTimestamp = 1396877277237u;
122
123
// test-embedded-cert.pem
124
const char kTestEmbeddedCertData[] =
125
  "30820359308202c2a003020102020107300d06092a864886f70d01010505"
126
  "003055310b300906035504061302474231243022060355040a131b436572"
127
  "7469666963617465205472616e73706172656e6379204341310e300c0603"
128
  "550408130557616c65733110300e060355040713074572772057656e301e"
129
  "170d3132303630313030303030305a170d3232303630313030303030305a"
130
  "3052310b30090603550406130247423121301f060355040a131843657274"
131
  "69666963617465205472616e73706172656e6379310e300c060355040813"
132
  "0557616c65733110300e060355040713074572772057656e30819f300d06"
133
  "092a864886f70d010101050003818d0030818902818100beef98e7c26877"
134
  "ae385f75325a0c1d329bedf18faaf4d796bf047eb7e1ce15c95ba2f80ee4"
135
  "58bd7db86f8a4b252191a79bd700c38e9c0389b45cd4dc9a120ab21e0cb4"
136
  "1cd0e72805a410cd9c5bdb5d4927726daf1710f60187377ea25b1a1e39ee"
137
  "d0b88119dc154dc68f7da8e30caf158a33e6c9509f4a05b01409ff5dd87e"
138
  "b50203010001a382013a30820136301d0603551d0e041604142031541af2"
139
  "5c05ffd8658b6843794f5e9036f7b4307d0603551d230476307480145f9d"
140
  "880dc873e654d4f80dd8e6b0c124b447c355a159a4573055310b30090603"
141
  "5504061302474231243022060355040a131b436572746966696361746520"
142
  "5472616e73706172656e6379204341310e300c0603550408130557616c65"
143
  "733110300e060355040713074572772057656e82010030090603551d1304"
144
  "02300030818a060a2b06010401d679020402047c047a0078007600df1c2e"
145
  "c11500945247a96168325ddc5c7959e8f7c6d388fc002e0bbd3f74d76400"
146
  "00013ddb27df9300000403004730450220482f6751af35dba65436be1fd6"
147
  "640f3dbf9a41429495924530288fa3e5e23e06022100e4edc0db3ac572b1"
148
  "e2f5e8ab6a680653987dcf41027dfeffa105519d89edbf08300d06092a86"
149
  "4886f70d0101050500038181008a0c4bef099d479279afa0a28e689f91e1"
150
  "c4421be2d269a2ea6ca4e8215ddeddca1504a11e7c87c4b77e80f0e97903"
151
  "5268f27ca20e166804ae556f316981f96a394ab7abfd3e255ac0044513fe"
152
  "76570c6795abe4703133d303f89f3afa6bbcfc517319dfd95b934241211f"
153
  "634035c3d078307a68c6075a2e20c89f36b8910ca0";
154
155
const char kTestTbsCertData[] =
156
  "30820233a003020102020107300d06092a864886f70d0101050500305531"
157
  "0b300906035504061302474231243022060355040a131b43657274696669"
158
  "63617465205472616e73706172656e6379204341310e300c060355040813"
159
  "0557616c65733110300e060355040713074572772057656e301e170d3132"
160
  "303630313030303030305a170d3232303630313030303030305a3052310b"
161
  "30090603550406130247423121301f060355040a13184365727469666963"
162
  "617465205472616e73706172656e6379310e300c0603550408130557616c"
163
  "65733110300e060355040713074572772057656e30819f300d06092a8648"
164
  "86f70d010101050003818d0030818902818100beef98e7c26877ae385f75"
165
  "325a0c1d329bedf18faaf4d796bf047eb7e1ce15c95ba2f80ee458bd7db8"
166
  "6f8a4b252191a79bd700c38e9c0389b45cd4dc9a120ab21e0cb41cd0e728"
167
  "05a410cd9c5bdb5d4927726daf1710f60187377ea25b1a1e39eed0b88119"
168
  "dc154dc68f7da8e30caf158a33e6c9509f4a05b01409ff5dd87eb5020301"
169
  "0001a381ac3081a9301d0603551d0e041604142031541af25c05ffd8658b"
170
  "6843794f5e9036f7b4307d0603551d230476307480145f9d880dc873e654"
171
  "d4f80dd8e6b0c124b447c355a159a4573055310b30090603550406130247"
172
  "4231243022060355040a131b4365727469666963617465205472616e7370"
173
  "6172656e6379204341310e300c0603550408130557616c65733110300e06"
174
  "0355040713074572772057656e82010030090603551d1304023000";
175
176
// test-embedded-with-preca-cert.pem
177
const char kTestEmbeddedWithPreCaCertData[] =
178
  "30820359308202c2a003020102020108300d06092a864886f70d01010505"
179
  "003055310b300906035504061302474231243022060355040a131b436572"
180
  "7469666963617465205472616e73706172656e6379204341310e300c0603"
181
  "550408130557616c65733110300e060355040713074572772057656e301e"
182
  "170d3132303630313030303030305a170d3232303630313030303030305a"
183
  "3052310b30090603550406130247423121301f060355040a131843657274"
184
  "69666963617465205472616e73706172656e6379310e300c060355040813"
185
  "0557616c65733110300e060355040713074572772057656e30819f300d06"
186
  "092a864886f70d010101050003818d0030818902818100afaeeacac51ab7"
187
  "cebdf9eacae7dd175295e193955a17989aef8d97ab7cdff7761093c0b823"
188
  "d2a4e3a51a17b86f28162b66a2538935ebecdc1036233da2dd6531b0c63b"
189
  "cc68761ebdc854037b77399246b870a7b72b14c9b1667de09a9640ed9f3f"
190
  "3c725d950b4d26559869fe7f1e919a66eb76d35c0117c6bcd0d8cfd21028"
191
  "b10203010001a382013a30820136301d0603551d0e04160414612c64efac"
192
  "79b728397c9d93e6df86465fa76a88307d0603551d230476307480145f9d"
193
  "880dc873e654d4f80dd8e6b0c124b447c355a159a4573055310b30090603"
194
  "5504061302474231243022060355040a131b436572746966696361746520"
195
  "5472616e73706172656e6379204341310e300c0603550408130557616c65"
196
  "733110300e060355040713074572772057656e82010030090603551d1304"
197
  "02300030818a060a2b06010401d679020402047c047a0078007600df1c2e"
198
  "c11500945247a96168325ddc5c7959e8f7c6d388fc002e0bbd3f74d76400"
199
  "00013ddb27e05b000004030047304502207aa79604c47480f3727b084f90"
200
  "b3989f79091885e00484431a2a297cbf3a355c022100b49fd8120b0d644c"
201
  "d7e75269b4da6317a9356cb950224fc11cc296b2e39b2386300d06092a86"
202
  "4886f70d010105050003818100a3a86c41ad0088a25aedc4e7b529a2ddbf"
203
  "9e187ffb362157e9302d961b73b43cba0ae1e230d9e45049b7e8c924792e"
204
  "bbe7d175baa87b170dfad8ee788984599d05257994084e2e0e796fca5836"
205
  "881c3e053553e06ab230f919089b914e4a8e2da45f8a87f2c81a25a61f04"
206
  "fe1cace60155653827d41fad9f0658f287d058192c";
207
208
// ca-cert.pem
209
const char kCaCertData[] =
210
  "308202d030820239a003020102020100300d06092a864886f70d01010505"
211
  "003055310b300906035504061302474231243022060355040a131b436572"
212
  "7469666963617465205472616e73706172656e6379204341310e300c0603"
213
  "550408130557616c65733110300e060355040713074572772057656e301e"
214
  "170d3132303630313030303030305a170d3232303630313030303030305a"
215
  "3055310b300906035504061302474231243022060355040a131b43657274"
216
  "69666963617465205472616e73706172656e6379204341310e300c060355"
217
  "0408130557616c65733110300e060355040713074572772057656e30819f"
218
  "300d06092a864886f70d010101050003818d0030818902818100d58a6853"
219
  "6210a27119936e778321181c2a4013c6d07b8c76eb9157d3d0fb4b3b516e"
220
  "cecbd1c98d91c52f743fab635d55099cd13abaf31ae541442451a74c7816"
221
  "f2243cf848cf2831cce67ba04a5a23819f3cba37e624d9c3bdb299b839dd"
222
  "fe2631d2cb3a84fc7bb2b5c52fcfc14fff406f5cd44669cbb2f7cfdf86fb"
223
  "6ab9d1b10203010001a381af3081ac301d0603551d0e041604145f9d880d"
224
  "c873e654d4f80dd8e6b0c124b447c355307d0603551d230476307480145f"
225
  "9d880dc873e654d4f80dd8e6b0c124b447c355a159a4573055310b300906"
226
  "035504061302474231243022060355040a131b4365727469666963617465"
227
  "205472616e73706172656e6379204341310e300c0603550408130557616c"
228
  "65733110300e060355040713074572772057656e820100300c0603551d13"
229
  "040530030101ff300d06092a864886f70d0101050500038181000608cc4a"
230
  "6d64f2205e146c04b276f92b0efa94a5daf23afc3806606d3990d0a1ea23"
231
  "3d40295769463b046661e7fa1d179915209aea2e0a775176411227d7c003"
232
  "07c7470e61584fd7334224727f51d690bc47a9df354db0f6eb25955de189"
233
  "3c4dd5202b24a2f3e440d274b54e1bd376269ca96289b76ecaa41090e14f"
234
  "3b0a942e";
235
236
// intermediate-cert.pem
237
const char kIntermediateCertData[] =
238
  "308202dd30820246a003020102020109300d06092a864886f70d01010505"
239
  "003055310b300906035504061302474231243022060355040a131b436572"
240
  "7469666963617465205472616e73706172656e6379204341310e300c0603"
241
  "550408130557616c65733110300e060355040713074572772057656e301e"
242
  "170d3132303630313030303030305a170d3232303630313030303030305a"
243
  "3062310b30090603550406130247423131302f060355040a132843657274"
244
  "69666963617465205472616e73706172656e637920496e7465726d656469"
245
  "617465204341310e300c0603550408130557616c65733110300e06035504"
246
  "0713074572772057656e30819f300d06092a864886f70d01010105000381"
247
  "8d0030818902818100d76a678d116f522e55ff821c90642508b7074b14d7"
248
  "71159064f7927efdedb87135a1365ee7de18cbd5ce865f860c78f433b4d0"
249
  "d3d3407702e7a3ef542b1dfe9bbaa7cdf94dc5975fc729f86f105f381b24"
250
  "3535cf9c800f5ca780c1d3c84400ee65d16ee9cf52db8adffe50f5c49335"
251
  "0b2190bf50d5bc36f3cac5a8daae92cd8b0203010001a381af3081ac301d"
252
  "0603551d0e04160414965508050278479e8773764131bc143a47e229ab30"
253
  "7d0603551d230476307480145f9d880dc873e654d4f80dd8e6b0c124b447"
254
  "c355a159a4573055310b300906035504061302474231243022060355040a"
255
  "131b4365727469666963617465205472616e73706172656e637920434131"
256
  "0e300c0603550408130557616c65733110300e0603550407130745727720"
257
  "57656e820100300c0603551d13040530030101ff300d06092a864886f70d"
258
  "0101050500038181002206dab1c66b71dce095c3f6aa2ef72cf7761be7ab"
259
  "d7fc39c31a4cfe1bd96d6734ca82f22dde5a0c8bbbdd825d7b6f3e7612ad"
260
  "8db300a7e21169886023262284c3aa5d2191efda10bf9235d37b3a2a340d"
261
  "59419b94a48566f3fac3cd8b53d5a4e98270ead297b07210f9ce4a2138b1"
262
  "8811143b93fa4e7a87dd37e1385f2c2908";
263
264
// test-embedded-with-intermediate-cert.pem
265
const char kTestEmbeddedWithIntermediateCertData[] =
266
  "30820366308202cfa003020102020102300d06092a864886f70d01010505"
267
  "003062310b30090603550406130247423131302f060355040a1328436572"
268
  "7469666963617465205472616e73706172656e637920496e7465726d6564"
269
  "69617465204341310e300c0603550408130557616c65733110300e060355"
270
  "040713074572772057656e301e170d3132303630313030303030305a170d"
271
  "3232303630313030303030305a3052310b30090603550406130247423121"
272
  "301f060355040a13184365727469666963617465205472616e7370617265"
273
  "6e6379310e300c0603550408130557616c65733110300e06035504071307"
274
  "4572772057656e30819f300d06092a864886f70d010101050003818d0030"
275
  "818902818100bb272b26e5deb5459d4acca027e8f12a4d839ac3730a6a10"
276
  "9ff7e25498ddbd3f1895d08ba41f8de34967a3a086ce13a90dd5adbb5418"
277
  "4bdc08e1ac7826adb8dc9c717bfd7da5b41b4db1736e00f1dac3cec9819c"
278
  "cb1a28ba120b020a820e940dd61f95b5432a4bc05d0818f18ce2154eb38d"
279
  "2fa7d22d72b976e560db0c7fc77f0203010001a382013a30820136301d06"
280
  "03551d0e04160414b1b148e658e703f5f7f3105f20b3c384d7eff1bf307d"
281
  "0603551d23047630748014965508050278479e8773764131bc143a47e229"
282
  "aba159a4573055310b300906035504061302474231243022060355040a13"
283
  "1b4365727469666963617465205472616e73706172656e6379204341310e"
284
  "300c0603550408130557616c65733110300e060355040713074572772057"
285
  "656e82010930090603551d130402300030818a060a2b06010401d6790204"
286
  "02047c047a0078007600df1c2ec11500945247a96168325ddc5c7959e8f7"
287
  "c6d388fc002e0bbd3f74d7640000013ddb27e2a400000403004730450221"
288
  "00a6d34517f3392d9ec5d257adf1c597dc45bd4cd3b73856c616a9fb99e5"
289
  "ae75a802205e26c8d1c7e222fe8cda29baeb04a834ee97d34fd81718f1aa"
290
  "e0cd66f4b8a93f300d06092a864886f70d0101050500038181000f95a5b4"
291
  "e128a914b1e88be8b32964221b58f4558433d020a8e246cca65a40bcbf5f"
292
  "2d48933ebc99be6927ca756472fb0bdc7f505f41f462f2bc19d0b299c990"
293
  "918df8820f3d31db37979e8bad563b17f00ae67b0f8731c106c943a73bf5"
294
  "36af168afe21ef4adfcae19a3cc074899992bf506bc5ce1decaaf07ffeeb"
295
  "c805c039";
296
297
// test-embedded-with-intermediate-preca-cert.pem
298
const char kTestEmbeddedWithIntermediatePreCaCertData[] =
299
  "30820366308202cfa003020102020103300d06092a864886f70d01010505"
300
  "003062310b30090603550406130247423131302f060355040a1328436572"
301
  "7469666963617465205472616e73706172656e637920496e7465726d6564"
302
  "69617465204341310e300c0603550408130557616c65733110300e060355"
303
  "040713074572772057656e301e170d3132303630313030303030305a170d"
304
  "3232303630313030303030305a3052310b30090603550406130247423121"
305
  "301f060355040a13184365727469666963617465205472616e7370617265"
306
  "6e6379310e300c0603550408130557616c65733110300e06035504071307"
307
  "4572772057656e30819f300d06092a864886f70d010101050003818d0030"
308
  "818902818100d4497056cdfc65e1342cc3df6e654b8af0104702acd2275c"
309
  "7d3fb1fc438a89b212110d6419bcc13ae47d64bba241e6706b9ed627f8b3"
310
  "4a0d7dff1c44b96287c54bea9d10dc017bceb64f7b6aff3c35a474afec40"
311
  "38ab3640b0cd1fb0582ec03b179a2776c8c435d14ab4882d59d7b724fa37"
312
  "7ca6db08392173f9c6056b3abadf0203010001a382013a30820136301d06"
313
  "03551d0e0416041432da5518d87f1d26ea2767973c0bef286e786a4a307d"
314
  "0603551d23047630748014965508050278479e8773764131bc143a47e229"
315
  "aba159a4573055310b300906035504061302474231243022060355040a13"
316
  "1b4365727469666963617465205472616e73706172656e6379204341310e"
317
  "300c0603550408130557616c65733110300e060355040713074572772057"
318
  "656e82010930090603551d130402300030818a060a2b06010401d6790204"
319
  "02047c047a0078007600df1c2ec11500945247a96168325ddc5c7959e8f7"
320
  "c6d388fc002e0bbd3f74d7640000013ddb27e3be00000403004730450221"
321
  "00d9f61a07fee021e3159f3ca2f570d833ff01374b2096cba5658c5e16fb"
322
  "43eb3002200b76fe475138d8cf76833831304dabf043eb1213c96e13ff4f"
323
  "a37f7cd3c8dc1f300d06092a864886f70d01010505000381810088ee4e9e"
324
  "5eed6b112cc764b151ed929400e9406789c15fbbcfcdab2f10b400234139"
325
  "e6ce65c1e51b47bf7c8950f80bccd57168567954ed35b0ce9346065a5eae"
326
  "5bf95d41da8e27cee9eeac688f4bd343f9c2888327abd8b9f68dcb1e3050"
327
  "041d31bda8e2dd6d39b3664de5ce0870f5fc7e6a00d6ed00528458d953d2"
328
  "37586d73";
329
330
// Given the ordered set of data [ 0x00, 0x01, 0x02, deadbeef ],
331
// the 'inclusion proof' of the leaf of index '2' (for '0x02') is created from
332
// the Merkle Tree generated for that set of data.
333
// A Merkle inclusion proof for a leaf in a Merkle Tree is the shortest list
334
// of additional nodes in the Merkle Tree required to compute the Merkle Tree
335
// Hash (also called 'Merkle Tree head') for that tree.
336
// This follows the structure defined in RFC 6962-bis.
337
//
338
// https://tools.ietf.org/html/draft-ietf-trans-rfc6962-bis-24#section-2.1
339
340
const char kTestInclusionProof[] =
341
  "020100" // logId
342
  "0000000000000004" // tree size
343
  "0000000000000002" // leaf index
344
  "0042" // inclusion path length
345
  "2048c90c8ae24688d6bef5d48a30c2cc8b6754335a8db21793cc0a8e3bed321729" // node hash 0
346
  "20a20bf9a7cc2dc8a08f5f415a71b19f6ac427bab54d24eec868b5d3103449953a"; // node hash 1
347
348
const char kTestNodeHash0[] =
349
  "48c90c8ae24688d6bef5d48a30c2cc8b6754335a8db21793cc0a8e3bed321729";
350
351
const char kTestNodeHash1[] =
352
  "a20bf9a7cc2dc8a08f5f415a71b19f6ac427bab54d24eec868b5d3103449953a";
353
354
const char kTestInclusionProofUnexpectedData[] = "12345678";
355
356
const char kTestInclusionProofInvalidHashSize[] =
357
  "020100" // logId
358
  "0000000000000004" // treesize
359
  "0000000000000002" // leafindex
360
  "0042" // inclusion path length
361
  "3048c90c8ae24688d6bef5d48a30c2cc8b6754335a8db21793cc0a8e3bed321729" // invalid hash size
362
  "20a20bf9a7cc2dc8a08f5f415a71b19f6ac427bab54d24eec868b5d3103449953a"; // node hash 1
363
364
const char kTestInclusionProofInvalidHash[] =
365
  "020100" // logId
366
  "0000000000000004" // treesize
367
  "0000000000000002" // leafindex
368
  "0042" // inclusion path length
369
  "2048c90c8ae24688d6bef5d48a30c2cc8b6754335a8db21793cc0a8e3bed321729" // node hash 0
370
  "20a20bf9a7cc2dc8a08f5f415a71b19f6ac427"; // truncated node hash 1
371
372
const char kTestInclusionProofMissingLogId[] =
373
  "0000000000000004" // treesize
374
  "0000000000000002" // leafindex
375
  "0042"
376
  "2048c90c8ae24688d6bef5d48a30c2cc8b6754335a8db21793cc0a8e3bed321729" // node hash 0
377
  "20a20bf9a7cc2dc8a08f5f415a71b19f6ac427bab54d24eec868b5d3103449953a"; // node hash 1
378
379
const char kTestInclusionProofNullPathLength[] =
380
  "020100"
381
  "0000000000000004" // treesize
382
  "0000000000000002" // leafindex
383
  "0000"
384
  "2048c90c8ae24688d6bef5d48a30c2cc8b6754335a8db21793cc0a8e3bed321729" // node hash 0
385
  "20a20bf9a7cc2dc8a08f5f415a71b19f6ac427bab54d24eec868b5d3103449953a"; // node hash 1
386
387
const char kTestInclusionProofPathLengthTooSmall[] =
388
  "020100"
389
  "0000000000000004" // treesize
390
  "0000000000000002" // leafindex
391
  "0036"
392
  "2048c90c8ae24688d6bef5d48a30c2cc8b6754335a8db21793cc0a8e3bed321729" // node hash 0
393
  "20a20bf9a7cc2dc8a08f5f415a71b19f6ac427bab54d24eec868b5d3103449953a"; // node hash 1
394
395
const char kTestInclusionProofPathLengthTooLarge[] =
396
  "020100"
397
  "0000000000000004" // treesize
398
  "0000000000000002" // leafindex
399
  "0080"
400
  "2048c90c8ae24688d6bef5d48a30c2cc8b6754335a8db21793cc0a8e3bed321729" // node hash 0
401
  "20a20bf9a7cc2dc8a08f5f415a71b19f6ac427bab54d24eec868b5d3103449953a"; // node hash 1
402
403
const char kTestInclusionProofNullTreeSize[] =
404
  "020100"
405
  "0000000000000000" // treesize
406
  "0000000000000002" // leafindex
407
  "0042"
408
  "2048c90c8ae24688d6bef5d48a30c2cc8b6754335a8db21793cc0a8e3bed321729" // node hash 0
409
  "20a20bf9a7cc2dc8a08f5f415a71b19f6ac427bab54d24eec868b5d3103449953a"; // node hash 1
410
411
const char kTestInclusionProofLeafIndexOutOfBounds[] =
412
  "020100"
413
  "0000000000000004" // treesize
414
  "0000000000000004" // leafindex
415
  "0042"
416
  "2048c90c8ae24688d6bef5d48a30c2cc8b6754335a8db21793cc0a8e3bed321729" // node hash 0
417
  "20a20bf9a7cc2dc8a08f5f415a71b19f6ac427bab54d24eec868b5d3103449953a"; // node hash 1
418
419
const char kTestInclusionProofExtraData[] =
420
  "020100" // logId
421
  "0000000000000004" // tree size
422
  "0000000000000002" // leaf index
423
  "0042" // inclusion path length
424
  "2048c90c8ae24688d6bef5d48a30c2cc8b6754335a8db21793cc0a8e3bed321729" // node hash 0
425
  "20a20bf9a7cc2dc8a08f5f415a71b19f6ac427bab54d24eec868b5d3103449953a" // node hash 1
426
  "123456"; // extra data after the proof
427
428
static uint8_t
429
CharToByte(char c)
430
0
{
431
0
  if (c >= '0' && c <= '9') {
432
0
    return c - '0';
433
0
  } else if (c >= 'a' && c <= 'f') {
434
0
    return c - 'a' + 10;
435
0
  } else if (c >= 'A' && c <= 'F') {
436
0
    return c - 'A' + 10;
437
0
  }
438
0
  MOZ_RELEASE_ASSERT(false);
439
0
  return 0;
440
0
}
441
442
static Buffer
443
HexToBytes(const char* hexData)
444
0
{
445
0
  size_t hexLen = strlen(hexData);
446
0
  MOZ_RELEASE_ASSERT(hexLen > 0 && (hexLen % 2 == 0));
447
0
  size_t resultLen = hexLen / 2;
448
0
  Buffer result;
449
0
  MOZ_RELEASE_ASSERT(result.reserve(resultLen));
450
0
  for (size_t i = 0; i < resultLen; ++i) {
451
0
    uint8_t hi = CharToByte(hexData[i*2]);
452
0
    uint8_t lo = CharToByte(hexData[i*2 + 1]);
453
0
    result.infallibleAppend((hi << 4) | lo);
454
0
  }
455
0
  return result;
456
0
}
457
458
459
void
460
GetX509CertLogEntry(LogEntry& entry)
461
0
{
462
0
  entry.Reset();
463
0
  entry.type = ct::LogEntry::Type::X509;
464
0
  entry.leafCertificate = HexToBytes(kDefaultDerCert);
465
0
}
466
467
Buffer
468
GetDEREncodedX509Cert()
469
0
{
470
0
  return HexToBytes(kDefaultDerCert);
471
0
}
472
473
void
474
GetPrecertLogEntry(LogEntry& entry)
475
0
{
476
0
  entry.Reset();
477
0
  entry.type = ct::LogEntry::Type::Precert;
478
0
  entry.issuerKeyHash = HexToBytes(kDefaultIssuerKeyHash);
479
0
  entry.tbsCertificate = HexToBytes(kDefaultDerTbsCert);
480
0
}
481
482
Buffer
483
GetTestDigitallySigned()
484
0
{
485
0
  return HexToBytes(kTestDigitallySigned);
486
0
}
487
488
Buffer
489
GetTestDigitallySignedData()
490
0
{
491
0
  Buffer encoded = GetTestDigitallySigned();
492
0
  // The encoded buffer contains the signature data itself from the 4th byte.
493
0
  // The first bytes are:
494
0
  // 1 byte of hash algorithm
495
0
  // 1 byte of signature algorithm
496
0
  // 2 bytes - prefix containing length of the signature data.
497
0
  Buffer result;
498
0
  MOZ_RELEASE_ASSERT(result.append(encoded.begin() + 4, encoded.end()));
499
0
  return result;
500
0
}
501
502
Buffer
503
GetTestSignedCertificateTimestamp()
504
0
{
505
0
  return HexToBytes(kTestSignedCertificateTimestamp);
506
0
}
507
508
Buffer
509
GetTestInclusionProof()
510
0
{
511
0
  return HexToBytes(kTestInclusionProof);
512
0
}
513
514
Buffer
515
GetTestInclusionProofUnexpectedData()
516
0
{
517
0
  return HexToBytes(kTestInclusionProofUnexpectedData);
518
0
}
519
520
Buffer
521
GetTestInclusionProofInvalidHashSize()
522
0
{
523
0
  return HexToBytes(kTestInclusionProofInvalidHashSize);
524
0
}
525
526
Buffer
527
GetTestInclusionProofInvalidHash()
528
0
{
529
0
  return HexToBytes(kTestInclusionProofInvalidHash);
530
0
}
531
532
Buffer
533
GetTestInclusionProofMissingLogId()
534
0
{
535
0
  return HexToBytes(kTestInclusionProofMissingLogId);
536
0
}
537
538
Buffer
539
GetTestInclusionProofNullPathLength()
540
0
{
541
0
  return HexToBytes(kTestInclusionProofNullPathLength);
542
0
}
543
544
Buffer
545
GetTestInclusionProofPathLengthTooSmall()
546
0
{
547
0
  return HexToBytes(kTestInclusionProofPathLengthTooSmall);
548
0
}
549
550
Buffer
551
GetTestInclusionProofPathLengthTooLarge()
552
0
{
553
0
  return HexToBytes(kTestInclusionProofPathLengthTooLarge);
554
0
}
555
556
Buffer
557
GetTestInclusionProofNullTreeSize()
558
0
{
559
0
  return HexToBytes(kTestInclusionProofNullTreeSize);
560
0
}
561
562
Buffer
563
GetTestInclusionProofLeafIndexOutOfBounds()
564
0
{
565
0
  return HexToBytes(kTestInclusionProofLeafIndexOutOfBounds);
566
0
}
567
568
Buffer
569
GetTestInclusionProofExtraData()
570
0
{
571
0
  return HexToBytes(kTestInclusionProofExtraData);
572
0
}
573
574
Buffer
575
GetTestNodeHash0()
576
0
{
577
0
  return HexToBytes(kTestNodeHash0);
578
0
}
579
580
Buffer
581
GetTestNodeHash1()
582
0
{
583
0
  return HexToBytes(kTestNodeHash1);
584
0
}
585
586
Buffer
587
GetTestPublicKey()
588
0
{
589
0
  return HexToBytes(kEcP256PublicKey);
590
0
}
591
592
Buffer
593
GetTestPublicKeyId()
594
0
{
595
0
  return HexToBytes(kTestKeyId);
596
0
}
597
598
void
599
GetX509CertSCT(SignedCertificateTimestamp& sct)
600
0
{
601
0
  sct.version = ct::SignedCertificateTimestamp::Version::V1;
602
0
  sct.logId = HexToBytes(kTestKeyId);
603
0
  // Time the log issued a SCT for this certificate, which is
604
0
  // Fri Apr  5 10:04:16.089 2013
605
0
  sct.timestamp = INT64_C(1365181456089);
606
0
  sct.extensions.clear();
607
0
608
0
  sct.signature.hashAlgorithm =
609
0
    ct::DigitallySigned::HashAlgorithm::SHA256;
610
0
  sct.signature.signatureAlgorithm =
611
0
    ct::DigitallySigned::SignatureAlgorithm::ECDSA;
612
0
  sct.signature.signatureData = HexToBytes(kTestSCTSignatureData);
613
0
}
614
615
void
616
GetPrecertSCT(SignedCertificateTimestamp& sct)
617
0
{
618
0
  sct.version = ct::SignedCertificateTimestamp::Version::V1;
619
0
  sct.logId = HexToBytes(kTestKeyId);
620
0
  // Time the log issued a SCT for this Precertificate, which is
621
0
  // Fri Apr  5 10:04:16.275 2013
622
0
  sct.timestamp = INT64_C(1365181456275);
623
0
  sct.extensions.clear();
624
0
625
0
  sct.signature.hashAlgorithm =
626
0
    ct::DigitallySigned::HashAlgorithm::SHA256;
627
0
  sct.signature.signatureAlgorithm =
628
0
    ct::DigitallySigned::SignatureAlgorithm::ECDSA;
629
0
  sct.signature.signatureData = HexToBytes(kTestSCTPrecertSignatureData);
630
0
}
631
632
Buffer
633
GetDefaultIssuerKeyHash()
634
0
{
635
0
  return HexToBytes(kDefaultIssuerKeyHash);
636
0
}
637
638
// A sample, valid STH
639
void
640
GetSampleSignedTreeHead(SignedTreeHead& sth)
641
0
{
642
0
  sth.version = SignedTreeHead::Version::V1;
643
0
  sth.timestamp = kSampleSTHTimestamp;
644
0
  sth.treeSize = kSampleSTHTreeSize;
645
0
  sth.sha256RootHash = GetSampleSTHSHA256RootHash();
646
0
  GetSampleSTHTreeHeadDecodedSignature(sth.signature);
647
0
}
648
649
Buffer
650
GetSampleSTHSHA256RootHash()
651
0
{
652
0
  return HexToBytes(kSampleSTHSHA256RootHash);
653
0
}
654
655
Buffer
656
GetSampleSTHTreeHeadSignature()
657
0
{
658
0
  return HexToBytes(kSampleSTHTreeHeadSignature);
659
0
}
660
661
void
662
GetSampleSTHTreeHeadDecodedSignature(DigitallySigned& signature)
663
0
{
664
0
  Buffer ths = HexToBytes(kSampleSTHTreeHeadSignature);
665
0
  Input thsInput;
666
0
  ASSERT_EQ(Success, thsInput.Init(ths.begin(), ths.length()));
667
0
  Reader thsReader(thsInput);
668
0
  ASSERT_EQ(Success, DecodeDigitallySigned(thsReader, signature));
669
0
  ASSERT_TRUE(thsReader.AtEnd());
670
0
}
671
672
Buffer
673
GetDEREncodedTestEmbeddedCert()
674
0
{
675
0
  return HexToBytes(kTestEmbeddedCertData);
676
0
}
677
678
Buffer
679
GetDEREncodedTestTbsCert()
680
0
{
681
0
  return HexToBytes(kTestTbsCertData);
682
0
}
683
684
Buffer
685
GetDEREncodedTestEmbeddedWithPreCACert()
686
0
{
687
0
  return HexToBytes(kTestEmbeddedWithPreCaCertData);
688
0
}
689
690
Buffer
691
GetDEREncodedCACert()
692
0
{
693
0
  return HexToBytes(kCaCertData);
694
0
}
695
696
Buffer
697
GetDEREncodedIntermediateCert()
698
0
{
699
0
  return HexToBytes(kIntermediateCertData);
700
0
}
701
702
Buffer
703
GetDEREncodedTestEmbeddedWithIntermediateCert()
704
0
{
705
0
  return HexToBytes(kTestEmbeddedWithIntermediateCertData);
706
0
}
707
708
Buffer
709
GetDEREncodedTestEmbeddedWithIntermediatePreCACert()
710
0
{
711
0
  return HexToBytes(kTestEmbeddedWithIntermediatePreCaCertData);
712
0
}
713
714
Buffer
715
ExtractCertSPKI(Input cert)
716
0
{
717
0
  BackCert backCert(cert, EndEntityOrCA::MustBeEndEntity, nullptr);
718
0
  MOZ_RELEASE_ASSERT(backCert.Init() == Success);
719
0
720
0
  Input spkiInput = backCert.GetSubjectPublicKeyInfo();
721
0
  Buffer spki;
722
0
  MOZ_RELEASE_ASSERT(InputToBuffer(spkiInput, spki) == Success);
723
0
  return spki;
724
0
}
725
726
Buffer
727
ExtractCertSPKI(const Buffer& cert)
728
0
{
729
0
  return ExtractCertSPKI(InputForBuffer(cert));
730
0
}
731
732
void
733
ExtractEmbeddedSCTList(Input cert, Buffer& result)
734
0
{
735
0
  result.clear();
736
0
  BackCert backCert(cert, EndEntityOrCA::MustBeEndEntity, nullptr);
737
0
  ASSERT_EQ(Success, backCert.Init());
738
0
  const Input* scts = backCert.GetSignedCertificateTimestamps();
739
0
  if (scts) {
740
0
    Input sctList;
741
0
    ASSERT_EQ(Success,
742
0
              ExtractSignedCertificateTimestampListFromExtension(*scts,
743
0
                                                                 sctList));
744
0
    ASSERT_EQ(Success, InputToBuffer(sctList, result));
745
0
  }
746
0
}
747
748
void
749
ExtractEmbeddedSCTList(const Buffer& cert, Buffer& result)
750
0
{
751
0
  ExtractEmbeddedSCTList(InputForBuffer(cert), result);
752
0
}
753
754
class OCSPExtensionTrustDomain : public TrustDomain
755
{
756
public:
757
  pkix::Result GetCertTrust(EndEntityOrCA, const CertPolicyId&,
758
                            Input, TrustLevel&) override
759
0
  {
760
0
    ADD_FAILURE();
761
0
    return pkix::Result::FATAL_ERROR_LIBRARY_FAILURE;
762
0
  }
763
764
  pkix::Result FindIssuer(Input, IssuerChecker&, Time) override
765
0
  {
766
0
    ADD_FAILURE();
767
0
    return pkix::Result::FATAL_ERROR_LIBRARY_FAILURE;
768
0
  }
769
770
  pkix::Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration,
771
                               const Input*, const Input*) override
772
0
  {
773
0
    ADD_FAILURE();
774
0
    return pkix::Result::FATAL_ERROR_LIBRARY_FAILURE;
775
0
  }
776
777
  pkix::Result IsChainValid(const DERArray&, Time, const CertPolicyId&) override
778
0
  {
779
0
    ADD_FAILURE();
780
0
    return pkix::Result::FATAL_ERROR_LIBRARY_FAILURE;
781
0
  }
782
783
  pkix::Result DigestBuf(Input item, DigestAlgorithm digestAlg,
784
                         /*out*/ uint8_t* digestBuf, size_t digestBufLen) override
785
0
  {
786
0
    return DigestBufNSS(item, digestAlg, digestBuf, digestBufLen);
787
0
  }
788
789
  pkix::Result CheckSignatureDigestAlgorithm(DigestAlgorithm, EndEntityOrCA, Time)
790
                                       override
791
0
  {
792
0
    ADD_FAILURE();
793
0
    return pkix::Result::FATAL_ERROR_LIBRARY_FAILURE;
794
0
  }
795
796
  pkix::Result CheckECDSACurveIsAcceptable(EndEntityOrCA, NamedCurve) override
797
0
  {
798
0
    ADD_FAILURE();
799
0
    return pkix::Result::FATAL_ERROR_LIBRARY_FAILURE;
800
0
  }
801
802
  pkix::Result VerifyECDSASignedDigest(const SignedDigest& signedDigest,
803
                                       Input subjectPublicKeyInfo) override
804
0
  {
805
0
    return VerifyECDSASignedDigestNSS(signedDigest, subjectPublicKeyInfo,
806
0
                                      nullptr);
807
0
  }
808
809
  pkix::Result CheckRSAPublicKeyModulusSizeInBits(EndEntityOrCA, unsigned int)
810
                                            override
811
0
  {
812
0
    ADD_FAILURE();
813
0
    return pkix::Result::FATAL_ERROR_LIBRARY_FAILURE;
814
0
  }
815
816
  pkix::Result VerifyRSAPKCS1SignedDigest(const SignedDigest& signedDigest,
817
                                          Input subjectPublicKeyInfo) override
818
0
  {
819
0
    return VerifyRSAPKCS1SignedDigestNSS(signedDigest, subjectPublicKeyInfo,
820
0
                                         nullptr);
821
0
  }
822
823
  pkix::Result CheckValidityIsAcceptable(Time, Time, EndEntityOrCA, KeyPurposeId)
824
                                   override
825
0
  {
826
0
    ADD_FAILURE();
827
0
    return pkix::Result::FATAL_ERROR_LIBRARY_FAILURE;
828
0
  }
829
830
  pkix::Result NetscapeStepUpMatchesServerAuth(Time, bool&) override
831
0
  {
832
0
    ADD_FAILURE();
833
0
    return pkix::Result::FATAL_ERROR_LIBRARY_FAILURE;
834
0
  }
835
836
  void NoteAuxiliaryExtension(AuxiliaryExtension extension, Input data) override
837
0
  {
838
0
    if (extension != AuxiliaryExtension::SCTListFromOCSPResponse) {
839
0
      ADD_FAILURE();
840
0
      return;
841
0
    }
842
0
    if (InputToBuffer(data, signedCertificateTimestamps) != Success) {
843
0
      ADD_FAILURE();
844
0
      return;
845
0
    }
846
0
  }
847
848
  Buffer signedCertificateTimestamps;
849
};
850
851
void
852
ExtractSCTListFromOCSPResponse(Input cert,
853
                               Input issuerSPKI,
854
                               Input encodedResponse,
855
                               Time time,
856
                               Buffer& result)
857
0
{
858
0
  result.clear();
859
0
860
0
  BackCert backCert(cert, EndEntityOrCA::MustBeEndEntity, nullptr);
861
0
  ASSERT_EQ(Success, backCert.Init());
862
0
863
0
  CertID certID(backCert.GetIssuer(), issuerSPKI, backCert.GetSerialNumber());
864
0
865
0
  bool expired;
866
0
  OCSPExtensionTrustDomain trustDomain;
867
0
  pkix::Result rv = VerifyEncodedOCSPResponse(trustDomain, certID,
868
0
                                              time, /*time*/
869
0
                                              1000, /*maxLifetimeInDays*/
870
0
                                              encodedResponse, expired);
871
0
  ASSERT_EQ(Success, rv);
872
0
873
0
  result = std::move(trustDomain.signedCertificateTimestamps);
874
0
}
875
876
Buffer
877
cloneBuffer(const Buffer& buffer)
878
0
{
879
0
  Buffer cloned;
880
0
  MOZ_RELEASE_ASSERT(cloned.appendAll(buffer));
881
0
  return cloned;
882
0
}
883
884
Input
885
InputForBuffer(const Buffer& buffer)
886
0
{
887
0
  Input input;
888
0
  MOZ_RELEASE_ASSERT(Success ==
889
0
                     input.Init(buffer.begin(), buffer.length()));
890
0
  return input;
891
0
}
892
893
Input InputForSECItem(const SECItem& item)
894
0
{
895
0
  Input input;
896
0
  MOZ_RELEASE_ASSERT(Success ==
897
0
                     input.Init(item.data, item.len));
898
0
  return input;
899
0
}
900
901
} } // namespace mozilla::ct
902
903
namespace mozilla {
904
905
std::ostream&
906
operator<<(std::ostream& stream, const ct::Buffer& buffer)
907
0
{
908
0
  if (buffer.empty()) {
909
0
    stream << "EMPTY";
910
0
  } else {
911
0
    for (size_t i = 0; i < buffer.length(); ++i) {
912
0
      if (i >= 1000) {
913
0
        stream << "...";
914
0
        break;
915
0
      }
916
0
      stream << std::hex << std::setw(2) << std::setfill('0')
917
0
          << static_cast<unsigned>(buffer[i]);
918
0
    }
919
0
  }
920
0
  stream << std::dec;
921
0
  return stream;
922
0
}
923
924
} // namespace mozilla