/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ /* vim: set ts=8 sts=2 et sw=2 tw=80: */ /* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ #include "CTTestUtils.h" #include #include #include "BTTypes.h" #include "CTSerialization.h" #include "gtest/gtest.h" #include "mozpkix/Input.h" #include "mozpkix/pkix.h" #include "mozpkix/pkixnss.h" #include "mozpkix/pkixtypes.h" #include "mozpkix/Result.h" #include "mozpkix/pkixcheck.h" #include "mozpkix/pkixutil.h" #include "SignedCertificateTimestamp.h" namespace mozilla { namespace ct { using namespace mozilla::pkix; // The following test vectors are from the CT test data repository at // https://github.com/google/certificate-transparency/tree/master/test/testdata // test-cert.pem const char kDefaultDerCert[] = "308202ca30820233a003020102020106300d06092a864886f70d01010505003055310b3009" "06035504061302474231243022060355040a131b4365727469666963617465205472616e73" "706172656e6379204341310e300c0603550408130557616c65733110300e06035504071307" "4572772057656e301e170d3132303630313030303030305a170d3232303630313030303030" "305a3052310b30090603550406130247423121301f060355040a1318436572746966696361" "7465205472616e73706172656e6379310e300c0603550408130557616c65733110300e0603" "55040713074572772057656e30819f300d06092a864886f70d010101050003818d00308189" "02818100b1fa37936111f8792da2081c3fe41925008531dc7f2c657bd9e1de4704160b4c9f" "19d54ada4470404c1c51341b8f1f7538dddd28d9aca48369fc5646ddcc7617f8168aae5b41" "d43331fca2dadfc804d57208949061f9eef902ca47ce88c644e000f06eeeccabdc9dd2f68a" "22ccb09dc76e0dbc73527765b1a37a8c676253dcc10203010001a381ac3081a9301d060355" "1d0e041604146a0d982a3b62c44b6d2ef4e9bb7a01aa9cb798e2307d0603551d2304763074" "80145f9d880dc873e654d4f80dd8e6b0c124b447c355a159a4573055310b30090603550406" "1302474231243022060355040a131b4365727469666963617465205472616e73706172656e" "6379204341310e300c0603550408130557616c65733110300e060355040713074572772057" "656e82010030090603551d1304023000300d06092a864886f70d010105050003818100171c" "d84aac414a9a030f22aac8f688b081b2709b848b4e5511406cd707fed028597a9faefc2eee" "2978d633aaac14ed3235197da87e0f71b8875f1ac9e78b281749ddedd007e3ecf50645f8cb" "f667256cd6a1647b5e13203bb8582de7d6696f656d1c60b95f456b7fcf338571908f1c6972" "7d24c4fccd249295795814d1dac0e6"; // key hash of test-cert.pem's issuer (ca-cert.pem) const char kDefaultIssuerKeyHash[] = "02adddca08b8bf9861f035940c940156d8350fdff899a6239c6bd77255b8f8fc"; const char kDefaultDerTbsCert[] = "30820233a003020102020107300d06092a864886f70d01010505003055310b300906035504" "061302474231243022060355040a131b4365727469666963617465205472616e7370617265" "6e6379204341310e300c0603550408130557616c65733110300e0603550407130745727720" "57656e301e170d3132303630313030303030305a170d3232303630313030303030305a3052" "310b30090603550406130247423121301f060355040a131843657274696669636174652054" "72616e73706172656e6379310e300c0603550408130557616c65733110300e060355040713" "074572772057656e30819f300d06092a864886f70d010101050003818d0030818902818100" "beef98e7c26877ae385f75325a0c1d329bedf18faaf4d796bf047eb7e1ce15c95ba2f80ee4" "58bd7db86f8a4b252191a79bd700c38e9c0389b45cd4dc9a120ab21e0cb41cd0e72805a410" "cd9c5bdb5d4927726daf1710f60187377ea25b1a1e39eed0b88119dc154dc68f7da8e30caf" "158a33e6c9509f4a05b01409ff5dd87eb50203010001a381ac3081a9301d0603551d0e0416" "04142031541af25c05ffd8658b6843794f5e9036f7b4307d0603551d230476307480145f9d" "880dc873e654d4f80dd8e6b0c124b447c355a159a4573055310b3009060355040613024742" "31243022060355040a131b4365727469666963617465205472616e73706172656e63792043" "41310e300c0603550408130557616c65733110300e060355040713074572772057656e8201" "0030090603551d1304023000"; // DigitallySigned of test-cert.proof const char kTestDigitallySigned[] = "0403004730450220606e10ae5c2d5a1b0aed49dc4937f48de71a4e9784e9c208dfbfe9ef53" "6cf7f2022100beb29c72d7d06d61d06bdb38a069469aa86fe12e18bb7cc45689a2c0187ef5" "a5"; // test-cert.proof const char kTestSignedCertificateTimestamp[] = "00df1c2ec11500945247a96168325ddc5c7959e8f7c6d388fc002e0bbd3f74d7640000013d" "db27ded900000403004730450220606e10ae5c2d5a1b0aed49dc4937f48de71a4e9784e9c2" "08dfbfe9ef536cf7f2022100beb29c72d7d06d61d06bdb38a069469aa86fe12e18bb7cc456" "89a2c0187ef5a5"; // ct-server-key-public.pem const char kEcP256PublicKey[] = "3059301306072a8648ce3d020106082a8648ce3d0301070342000499783cb14533c0161a5a" "b45bf95d08a29cd0ea8dd4c84274e2be59ad15c676960cf0afa1074a57ac644b23479e5b3f" "b7b245eb4b420ef370210371a944beaceb"; // key id (sha256) of ct-server-key-public.pem const char kTestKeyId[] = "df1c2ec11500945247a96168325ddc5c7959e8f7c6d388fc002e0bbd3f74d764"; // signature field of DigitallySigned from test-cert.proof const char kTestSCTSignatureData[] = "30450220606e10ae5c2d5a1b0aed49dc4937f48de71a4e9784e9c208dfbfe9ef536cf7f202" "2100beb29c72d7d06d61d06bdb38a069469aa86fe12e18bb7cc45689a2c0187ef5a5"; // signature field of DigitallySigned from test-embedded-pre-cert.proof const char kTestSCTPrecertSignatureData[] = "30450220482f6751af35dba65436be1fd6640f3dbf9a41429495924530288fa3e5e23e0602" "2100e4edc0db3ac572b1e2f5e8ab6a680653987dcf41027dfeffa105519d89edbf08"; // test-embedded-cert.pem const char kTestEmbeddedCertData[] = "30820359308202c2a003020102020107300d06092a864886f70d01010505" "003055310b300906035504061302474231243022060355040a131b436572" "7469666963617465205472616e73706172656e6379204341310e300c0603" "550408130557616c65733110300e060355040713074572772057656e301e" "170d3132303630313030303030305a170d3232303630313030303030305a" "3052310b30090603550406130247423121301f060355040a131843657274" "69666963617465205472616e73706172656e6379310e300c060355040813" "0557616c65733110300e060355040713074572772057656e30819f300d06" "092a864886f70d010101050003818d0030818902818100beef98e7c26877" "ae385f75325a0c1d329bedf18faaf4d796bf047eb7e1ce15c95ba2f80ee4" "58bd7db86f8a4b252191a79bd700c38e9c0389b45cd4dc9a120ab21e0cb4" "1cd0e72805a410cd9c5bdb5d4927726daf1710f60187377ea25b1a1e39ee" "d0b88119dc154dc68f7da8e30caf158a33e6c9509f4a05b01409ff5dd87e" "b50203010001a382013a30820136301d0603551d0e041604142031541af2" "5c05ffd8658b6843794f5e9036f7b4307d0603551d230476307480145f9d" "880dc873e654d4f80dd8e6b0c124b447c355a159a4573055310b30090603" "5504061302474231243022060355040a131b436572746966696361746520" "5472616e73706172656e6379204341310e300c0603550408130557616c65" "733110300e060355040713074572772057656e82010030090603551d1304" "02300030818a060a2b06010401d679020402047c047a0078007600df1c2e" "c11500945247a96168325ddc5c7959e8f7c6d388fc002e0bbd3f74d76400" "00013ddb27df9300000403004730450220482f6751af35dba65436be1fd6" "640f3dbf9a41429495924530288fa3e5e23e06022100e4edc0db3ac572b1" "e2f5e8ab6a680653987dcf41027dfeffa105519d89edbf08300d06092a86" "4886f70d0101050500038181008a0c4bef099d479279afa0a28e689f91e1" "c4421be2d269a2ea6ca4e8215ddeddca1504a11e7c87c4b77e80f0e97903" "5268f27ca20e166804ae556f316981f96a394ab7abfd3e255ac0044513fe" "76570c6795abe4703133d303f89f3afa6bbcfc517319dfd95b934241211f" "634035c3d078307a68c6075a2e20c89f36b8910ca0"; const char kTestTbsCertData[] = "30820233a003020102020107300d06092a864886f70d0101050500305531" "0b300906035504061302474231243022060355040a131b43657274696669" "63617465205472616e73706172656e6379204341310e300c060355040813" "0557616c65733110300e060355040713074572772057656e301e170d3132" "303630313030303030305a170d3232303630313030303030305a3052310b" "30090603550406130247423121301f060355040a13184365727469666963" "617465205472616e73706172656e6379310e300c0603550408130557616c" "65733110300e060355040713074572772057656e30819f300d06092a8648" "86f70d010101050003818d0030818902818100beef98e7c26877ae385f75" "325a0c1d329bedf18faaf4d796bf047eb7e1ce15c95ba2f80ee458bd7db8" "6f8a4b252191a79bd700c38e9c0389b45cd4dc9a120ab21e0cb41cd0e728" "05a410cd9c5bdb5d4927726daf1710f60187377ea25b1a1e39eed0b88119" "dc154dc68f7da8e30caf158a33e6c9509f4a05b01409ff5dd87eb5020301" "0001a381ac3081a9301d0603551d0e041604142031541af25c05ffd8658b" "6843794f5e9036f7b4307d0603551d230476307480145f9d880dc873e654" "d4f80dd8e6b0c124b447c355a159a4573055310b30090603550406130247" "4231243022060355040a131b4365727469666963617465205472616e7370" "6172656e6379204341310e300c0603550408130557616c65733110300e06" "0355040713074572772057656e82010030090603551d1304023000"; // test-embedded-with-preca-cert.pem const char kTestEmbeddedWithPreCaCertData[] = "30820359308202c2a003020102020108300d06092a864886f70d01010505" "003055310b300906035504061302474231243022060355040a131b436572" "7469666963617465205472616e73706172656e6379204341310e300c0603" "550408130557616c65733110300e060355040713074572772057656e301e" "170d3132303630313030303030305a170d3232303630313030303030305a" "3052310b30090603550406130247423121301f060355040a131843657274" "69666963617465205472616e73706172656e6379310e300c060355040813" "0557616c65733110300e060355040713074572772057656e30819f300d06" "092a864886f70d010101050003818d0030818902818100afaeeacac51ab7" "cebdf9eacae7dd175295e193955a17989aef8d97ab7cdff7761093c0b823" "d2a4e3a51a17b86f28162b66a2538935ebecdc1036233da2dd6531b0c63b" "cc68761ebdc854037b77399246b870a7b72b14c9b1667de09a9640ed9f3f" "3c725d950b4d26559869fe7f1e919a66eb76d35c0117c6bcd0d8cfd21028" "b10203010001a382013a30820136301d0603551d0e04160414612c64efac" "79b728397c9d93e6df86465fa76a88307d0603551d230476307480145f9d" "880dc873e654d4f80dd8e6b0c124b447c355a159a4573055310b30090603" "5504061302474231243022060355040a131b436572746966696361746520" "5472616e73706172656e6379204341310e300c0603550408130557616c65" "733110300e060355040713074572772057656e82010030090603551d1304" "02300030818a060a2b06010401d679020402047c047a0078007600df1c2e" "c11500945247a96168325ddc5c7959e8f7c6d388fc002e0bbd3f74d76400" "00013ddb27e05b000004030047304502207aa79604c47480f3727b084f90" "b3989f79091885e00484431a2a297cbf3a355c022100b49fd8120b0d644c" "d7e75269b4da6317a9356cb950224fc11cc296b2e39b2386300d06092a86" "4886f70d010105050003818100a3a86c41ad0088a25aedc4e7b529a2ddbf" "9e187ffb362157e9302d961b73b43cba0ae1e230d9e45049b7e8c924792e" "bbe7d175baa87b170dfad8ee788984599d05257994084e2e0e796fca5836" "881c3e053553e06ab230f919089b914e4a8e2da45f8a87f2c81a25a61f04" "fe1cace60155653827d41fad9f0658f287d058192c"; // ca-cert.pem const char kCaCertData[] = "308202d030820239a003020102020100300d06092a864886f70d01010505" "003055310b300906035504061302474231243022060355040a131b436572" "7469666963617465205472616e73706172656e6379204341310e300c0603" "550408130557616c65733110300e060355040713074572772057656e301e" "170d3132303630313030303030305a170d3232303630313030303030305a" "3055310b300906035504061302474231243022060355040a131b43657274" "69666963617465205472616e73706172656e6379204341310e300c060355" "0408130557616c65733110300e060355040713074572772057656e30819f" "300d06092a864886f70d010101050003818d0030818902818100d58a6853" "6210a27119936e778321181c2a4013c6d07b8c76eb9157d3d0fb4b3b516e" "cecbd1c98d91c52f743fab635d55099cd13abaf31ae541442451a74c7816" "f2243cf848cf2831cce67ba04a5a23819f3cba37e624d9c3bdb299b839dd" "fe2631d2cb3a84fc7bb2b5c52fcfc14fff406f5cd44669cbb2f7cfdf86fb" "6ab9d1b10203010001a381af3081ac301d0603551d0e041604145f9d880d" "c873e654d4f80dd8e6b0c124b447c355307d0603551d230476307480145f" "9d880dc873e654d4f80dd8e6b0c124b447c355a159a4573055310b300906" "035504061302474231243022060355040a131b4365727469666963617465" "205472616e73706172656e6379204341310e300c0603550408130557616c" "65733110300e060355040713074572772057656e820100300c0603551d13" "040530030101ff300d06092a864886f70d0101050500038181000608cc4a" "6d64f2205e146c04b276f92b0efa94a5daf23afc3806606d3990d0a1ea23" "3d40295769463b046661e7fa1d179915209aea2e0a775176411227d7c003" "07c7470e61584fd7334224727f51d690bc47a9df354db0f6eb25955de189" "3c4dd5202b24a2f3e440d274b54e1bd376269ca96289b76ecaa41090e14f" "3b0a942e"; // intermediate-cert.pem const char kIntermediateCertData[] = "308202dd30820246a003020102020109300d06092a864886f70d01010505" "003055310b300906035504061302474231243022060355040a131b436572" "7469666963617465205472616e73706172656e6379204341310e300c0603" "550408130557616c65733110300e060355040713074572772057656e301e" "170d3132303630313030303030305a170d3232303630313030303030305a" "3062310b30090603550406130247423131302f060355040a132843657274" "69666963617465205472616e73706172656e637920496e7465726d656469" "617465204341310e300c0603550408130557616c65733110300e06035504" "0713074572772057656e30819f300d06092a864886f70d01010105000381" "8d0030818902818100d76a678d116f522e55ff821c90642508b7074b14d7" "71159064f7927efdedb87135a1365ee7de18cbd5ce865f860c78f433b4d0" "d3d3407702e7a3ef542b1dfe9bbaa7cdf94dc5975fc729f86f105f381b24" "3535cf9c800f5ca780c1d3c84400ee65d16ee9cf52db8adffe50f5c49335" "0b2190bf50d5bc36f3cac5a8daae92cd8b0203010001a381af3081ac301d" "0603551d0e04160414965508050278479e8773764131bc143a47e229ab30" "7d0603551d230476307480145f9d880dc873e654d4f80dd8e6b0c124b447" "c355a159a4573055310b300906035504061302474231243022060355040a" "131b4365727469666963617465205472616e73706172656e637920434131" "0e300c0603550408130557616c65733110300e0603550407130745727720" "57656e820100300c0603551d13040530030101ff300d06092a864886f70d" "0101050500038181002206dab1c66b71dce095c3f6aa2ef72cf7761be7ab" "d7fc39c31a4cfe1bd96d6734ca82f22dde5a0c8bbbdd825d7b6f3e7612ad" "8db300a7e21169886023262284c3aa5d2191efda10bf9235d37b3a2a340d" "59419b94a48566f3fac3cd8b53d5a4e98270ead297b07210f9ce4a2138b1" "8811143b93fa4e7a87dd37e1385f2c2908"; // test-embedded-with-intermediate-cert.pem const char kTestEmbeddedWithIntermediateCertData[] = "30820366308202cfa003020102020102300d06092a864886f70d01010505" "003062310b30090603550406130247423131302f060355040a1328436572" "7469666963617465205472616e73706172656e637920496e7465726d6564" "69617465204341310e300c0603550408130557616c65733110300e060355" "040713074572772057656e301e170d3132303630313030303030305a170d" "3232303630313030303030305a3052310b30090603550406130247423121" "301f060355040a13184365727469666963617465205472616e7370617265" "6e6379310e300c0603550408130557616c65733110300e06035504071307" "4572772057656e30819f300d06092a864886f70d010101050003818d0030" "818902818100bb272b26e5deb5459d4acca027e8f12a4d839ac3730a6a10" "9ff7e25498ddbd3f1895d08ba41f8de34967a3a086ce13a90dd5adbb5418" "4bdc08e1ac7826adb8dc9c717bfd7da5b41b4db1736e00f1dac3cec9819c" "cb1a28ba120b020a820e940dd61f95b5432a4bc05d0818f18ce2154eb38d" "2fa7d22d72b976e560db0c7fc77f0203010001a382013a30820136301d06" "03551d0e04160414b1b148e658e703f5f7f3105f20b3c384d7eff1bf307d" "0603551d23047630748014965508050278479e8773764131bc143a47e229" "aba159a4573055310b300906035504061302474231243022060355040a13" "1b4365727469666963617465205472616e73706172656e6379204341310e" "300c0603550408130557616c65733110300e060355040713074572772057" "656e82010930090603551d130402300030818a060a2b06010401d6790204" "02047c047a0078007600df1c2ec11500945247a96168325ddc5c7959e8f7" "c6d388fc002e0bbd3f74d7640000013ddb27e2a400000403004730450221" "00a6d34517f3392d9ec5d257adf1c597dc45bd4cd3b73856c616a9fb99e5" "ae75a802205e26c8d1c7e222fe8cda29baeb04a834ee97d34fd81718f1aa" "e0cd66f4b8a93f300d06092a864886f70d0101050500038181000f95a5b4" "e128a914b1e88be8b32964221b58f4558433d020a8e246cca65a40bcbf5f" "2d48933ebc99be6927ca756472fb0bdc7f505f41f462f2bc19d0b299c990" "918df8820f3d31db37979e8bad563b17f00ae67b0f8731c106c943a73bf5" "36af168afe21ef4adfcae19a3cc074899992bf506bc5ce1decaaf07ffeeb" "c805c039"; // test-embedded-with-intermediate-preca-cert.pem const char kTestEmbeddedWithIntermediatePreCaCertData[] = "30820366308202cfa003020102020103300d06092a864886f70d01010505" "003062310b30090603550406130247423131302f060355040a1328436572" "7469666963617465205472616e73706172656e637920496e7465726d6564" "69617465204341310e300c0603550408130557616c65733110300e060355" "040713074572772057656e301e170d3132303630313030303030305a170d" "3232303630313030303030305a3052310b30090603550406130247423121" "301f060355040a13184365727469666963617465205472616e7370617265" "6e6379310e300c0603550408130557616c65733110300e06035504071307" "4572772057656e30819f300d06092a864886f70d010101050003818d0030" "818902818100d4497056cdfc65e1342cc3df6e654b8af0104702acd2275c" "7d3fb1fc438a89b212110d6419bcc13ae47d64bba241e6706b9ed627f8b3" "4a0d7dff1c44b96287c54bea9d10dc017bceb64f7b6aff3c35a474afec40" "38ab3640b0cd1fb0582ec03b179a2776c8c435d14ab4882d59d7b724fa37" "7ca6db08392173f9c6056b3abadf0203010001a382013a30820136301d06" "03551d0e0416041432da5518d87f1d26ea2767973c0bef286e786a4a307d" "0603551d23047630748014965508050278479e8773764131bc143a47e229" "aba159a4573055310b300906035504061302474231243022060355040a13" "1b4365727469666963617465205472616e73706172656e6379204341310e" "300c0603550408130557616c65733110300e060355040713074572772057" "656e82010930090603551d130402300030818a060a2b06010401d6790204" "02047c047a0078007600df1c2ec11500945247a96168325ddc5c7959e8f7" "c6d388fc002e0bbd3f74d7640000013ddb27e3be00000403004730450221" "00d9f61a07fee021e3159f3ca2f570d833ff01374b2096cba5658c5e16fb" "43eb3002200b76fe475138d8cf76833831304dabf043eb1213c96e13ff4f" "a37f7cd3c8dc1f300d06092a864886f70d01010505000381810088ee4e9e" "5eed6b112cc764b151ed929400e9406789c15fbbcfcdab2f10b400234139" "e6ce65c1e51b47bf7c8950f80bccd57168567954ed35b0ce9346065a5eae" "5bf95d41da8e27cee9eeac688f4bd343f9c2888327abd8b9f68dcb1e3050" "041d31bda8e2dd6d39b3664de5ce0870f5fc7e6a00d6ed00528458d953d2" "37586d73"; // Given the ordered set of data [ 0x00, 0x01, 0x02, deadbeef ], // the 'inclusion proof' of the leaf of index '2' (for '0x02') is created from // the Merkle Tree generated for that set of data. // A Merkle inclusion proof for a leaf in a Merkle Tree is the shortest list // of additional nodes in the Merkle Tree required to compute the Merkle Tree // Hash (also called 'Merkle Tree head') for that tree. // This follows the structure defined in RFC 6962-bis. // // https://tools.ietf.org/html/draft-ietf-trans-rfc6962-bis-24#section-2.1 const char kTestInclusionProof[] = "020100" // logId "0000000000000004" // tree size "0000000000000002" // leaf index "0042" // inclusion path length "2048c90c8ae24688d6bef5d48a30c2cc8b6754335a8db21793cc0a8e3bed32172" "9" // node // hash // 0 "20a20bf9a7cc2dc8a08f5f415a71b19f6ac427bab54d24eec868b5d3103449953" "a"; // node // hash // 1 const char kTestNodeHash0[] = "48c90c8ae24688d6bef5d48a30c2cc8b6754335a8db21793cc0a8e3bed321729"; const char kTestNodeHash1[] = "a20bf9a7cc2dc8a08f5f415a71b19f6ac427bab54d24eec868b5d3103449953a"; const char kTestInclusionProofUnexpectedData[] = "12345678"; const char kTestInclusionProofInvalidHashSize[] = "020100" // logId "0000000000000004" // treesize "0000000000000002" // leafindex "0042" // inclusion path length "3048c90c8ae24688d6bef5d48a30c2cc8b6754335a8db21793cc0a8e3bed32172" "9" // invalid hash size "20a20bf9a7cc2dc8a08f5f415a71b19f6ac427bab54d24eec868b5d3103449953" "a"; // node hash 1 const char kTestInclusionProofInvalidHash[] = "020100" // logId "0000000000000004" // treesize "0000000000000002" // leafindex "0042" // inclusion path length "2048c90c8ae24688d6bef5d48a30c2cc8b6754335a8db21793cc0a8e3bed32172" "9" // node // hash // 0 "20a20bf9a7cc2dc8a08f5f415a71b19f6ac427"; // truncated node hash 1 const char kTestInclusionProofMissingLogId[] = "0000000000000004" // treesize "0000000000000002" // leafindex "0042" "2048c90c8ae24688d6bef5d48a30c2cc8b6754335a8db21793cc0a8e3bed32172" "9" // node // hash // 0 "20a20bf9a7cc2dc8a08f5f415a71b19f6ac427bab54d24eec868b5d3103449953" "a"; // node // hash // 1 const char kTestInclusionProofNullPathLength[] = "020100" "0000000000000004" // treesize "0000000000000002" // leafindex "0000" "2048c90c8ae24688d6bef5d48a30c2cc8b6754335a8db21793cc0a8e3bed32172" "9" // node // hash // 0 "20a20bf9a7cc2dc8a08f5f415a71b19f6ac427bab54d24eec868b5d3103449953" "a"; // node // hash // 1 const char kTestInclusionProofPathLengthTooSmall[] = "020100" "0000000000000004" // treesize "0000000000000002" // leafindex "0036" "2048c90c8ae24688d6bef5d48a30c2cc8b6754335a8db21793cc0a8e3bed32172" "9" // node // hash // 0 "20a20bf9a7cc2dc8a08f5f415a71b19f6ac427bab54d24eec868b5d3103449953" "a"; // node // hash // 1 const char kTestInclusionProofPathLengthTooLarge[] = "020100" "0000000000000004" // treesize "0000000000000002" // leafindex "0080" "2048c90c8ae24688d6bef5d48a30c2cc8b6754335a8db21793cc0a8e3bed32172" "9" // node // hash // 0 "20a20bf9a7cc2dc8a08f5f415a71b19f6ac427bab54d24eec868b5d3103449953" "a"; // node // hash // 1 const char kTestInclusionProofNullTreeSize[] = "020100" "0000000000000000" // treesize "0000000000000002" // leafindex "0042" "2048c90c8ae24688d6bef5d48a30c2cc8b6754335a8db21793cc0a8e3bed32172" "9" // node // hash // 0 "20a20bf9a7cc2dc8a08f5f415a71b19f6ac427bab54d24eec868b5d3103449953" "a"; // node // hash // 1 const char kTestInclusionProofLeafIndexOutOfBounds[] = "020100" "0000000000000004" // treesize "0000000000000004" // leafindex "0042" "2048c90c8ae24688d6bef5d48a30c2cc8b6754335a8db21793cc0a8e3bed32172" "9" // node // hash // 0 "20a20bf9a7cc2dc8a08f5f415a71b19f6ac427bab54d24eec868b5d3103449953" "a"; // node // hash // 1 const char kTestInclusionProofExtraData[] = "020100" // logId "0000000000000004" // tree size "0000000000000002" // leaf index "0042" // inclusion path length "2048c90c8ae24688d6bef5d48a30c2cc8b6754335a8db21793cc0a8e3bed32172" "9" // node // hash // 0 "20a20bf9a7cc2dc8a08f5f415a71b19f6ac427bab54d24eec868b5d3103449953" "a" // node // hash // 1 "123456"; // extra data after the proof static uint8_t CharToByte(char c) { if (c >= '0' && c <= '9') { return c - '0'; } if (c >= 'a' && c <= 'f') { return c - 'a' + 10; } if (c >= 'A' && c <= 'F') { return c - 'A' + 10; } abort(); } Buffer HexToBytes(const char* hexData) { size_t hexLen = strlen(hexData); if (!(hexLen > 0 && (hexLen % 2 == 0))) { abort(); } size_t resultLen = hexLen / 2; Buffer result; result.reserve(resultLen); for (size_t i = 0; i < resultLen; ++i) { uint8_t hi = CharToByte(hexData[i * 2]); uint8_t lo = CharToByte(hexData[i * 2 + 1]); result.push_back((hi << 4) | lo); } return result; } void GetX509CertLogEntry(LogEntry& entry) { entry.Reset(); entry.type = ct::LogEntry::Type::X509; entry.leafCertificate = HexToBytes(kDefaultDerCert); } Buffer GetDEREncodedX509Cert() { return HexToBytes(kDefaultDerCert); } void GetPrecertLogEntry(LogEntry& entry) { entry.Reset(); entry.type = ct::LogEntry::Type::Precert; entry.issuerKeyHash = HexToBytes(kDefaultIssuerKeyHash); entry.tbsCertificate = HexToBytes(kDefaultDerTbsCert); } Buffer GetTestDigitallySigned() { return HexToBytes(kTestDigitallySigned); } Buffer GetTestDigitallySignedData() { Buffer encoded = GetTestDigitallySigned(); // The encoded buffer contains the signature data itself from the 4th byte. // The first bytes are: // 1 byte of hash algorithm // 1 byte of signature algorithm // 2 bytes - prefix containing length of the signature data. Buffer result; result.assign(encoded.begin() + 4, encoded.end()); return result; } Buffer GetTestSignedCertificateTimestamp() { return HexToBytes(kTestSignedCertificateTimestamp); } Buffer GetTestInclusionProof() { return HexToBytes(kTestInclusionProof); } Buffer GetTestInclusionProofUnexpectedData() { return HexToBytes(kTestInclusionProofUnexpectedData); } Buffer GetTestInclusionProofInvalidHashSize() { return HexToBytes(kTestInclusionProofInvalidHashSize); } Buffer GetTestInclusionProofInvalidHash() { return HexToBytes(kTestInclusionProofInvalidHash); } Buffer GetTestInclusionProofMissingLogId() { return HexToBytes(kTestInclusionProofMissingLogId); } Buffer GetTestInclusionProofNullPathLength() { return HexToBytes(kTestInclusionProofNullPathLength); } Buffer GetTestInclusionProofPathLengthTooSmall() { return HexToBytes(kTestInclusionProofPathLengthTooSmall); } Buffer GetTestInclusionProofPathLengthTooLarge() { return HexToBytes(kTestInclusionProofPathLengthTooLarge); } Buffer GetTestInclusionProofNullTreeSize() { return HexToBytes(kTestInclusionProofNullTreeSize); } Buffer GetTestInclusionProofLeafIndexOutOfBounds() { return HexToBytes(kTestInclusionProofLeafIndexOutOfBounds); } Buffer GetTestInclusionProofExtraData() { return HexToBytes(kTestInclusionProofExtraData); } Buffer GetTestNodeHash0() { return HexToBytes(kTestNodeHash0); } Buffer GetTestNodeHash1() { return HexToBytes(kTestNodeHash1); } Buffer GetTestPublicKey() { return HexToBytes(kEcP256PublicKey); } Buffer GetTestPublicKeyId() { return HexToBytes(kTestKeyId); } void GetX509CertSCT(SignedCertificateTimestamp& sct) { sct.version = ct::SignedCertificateTimestamp::Version::V1; sct.logId = HexToBytes(kTestKeyId); // Time the log issued a SCT for this certificate, which is // Fri Apr 5 10:04:16.089 2013 sct.timestamp = INT64_C(1365181456089); sct.extensions.clear(); sct.signature.hashAlgorithm = ct::DigitallySigned::HashAlgorithm::SHA256; sct.signature.signatureAlgorithm = ct::DigitallySigned::SignatureAlgorithm::ECDSA; sct.signature.signatureData = HexToBytes(kTestSCTSignatureData); } void GetPrecertSCT(SignedCertificateTimestamp& sct) { sct.version = ct::SignedCertificateTimestamp::Version::V1; sct.logId = HexToBytes(kTestKeyId); // Time the log issued a SCT for this Precertificate, which is // Fri Apr 5 10:04:16.275 2013 sct.timestamp = INT64_C(1365181456275); sct.extensions.clear(); sct.signature.hashAlgorithm = ct::DigitallySigned::HashAlgorithm::SHA256; sct.signature.signatureAlgorithm = ct::DigitallySigned::SignatureAlgorithm::ECDSA; sct.signature.signatureData = HexToBytes(kTestSCTPrecertSignatureData); } Buffer GetDefaultIssuerKeyHash() { return HexToBytes(kDefaultIssuerKeyHash); } Buffer GetDEREncodedTestEmbeddedCert() { return HexToBytes(kTestEmbeddedCertData); } Buffer GetDEREncodedTestTbsCert() { return HexToBytes(kTestTbsCertData); } Buffer GetDEREncodedTestEmbeddedWithPreCACert() { return HexToBytes(kTestEmbeddedWithPreCaCertData); } Buffer GetDEREncodedCACert() { return HexToBytes(kCaCertData); } Buffer GetDEREncodedIntermediateCert() { return HexToBytes(kIntermediateCertData); } Buffer GetDEREncodedTestEmbeddedWithIntermediateCert() { return HexToBytes(kTestEmbeddedWithIntermediateCertData); } Buffer GetDEREncodedTestEmbeddedWithIntermediatePreCACert() { return HexToBytes(kTestEmbeddedWithIntermediatePreCaCertData); } Buffer ExtractCertSPKI(Input cert) { BackCert backCert(cert, EndEntityOrCA::MustBeEndEntity, nullptr); if (backCert.Init() != Success) { abort(); } Input spkiInput = backCert.GetSubjectPublicKeyInfo(); Buffer spki; InputToBuffer(spkiInput, spki); return spki; } Buffer ExtractCertSPKI(const Buffer& cert) { return ExtractCertSPKI(InputForBuffer(cert)); } void ExtractEmbeddedSCTList(Input cert, Buffer& result) { result.clear(); BackCert backCert(cert, EndEntityOrCA::MustBeEndEntity, nullptr); ASSERT_EQ(Success, backCert.Init()); const Input* scts = backCert.GetSignedCertificateTimestamps(); if (scts) { Input sctList; ASSERT_EQ(Success, ExtractSignedCertificateTimestampListFromExtension( *scts, sctList)); InputToBuffer(sctList, result); } } void ExtractEmbeddedSCTList(const Buffer& cert, Buffer& result) { ExtractEmbeddedSCTList(InputForBuffer(cert), result); } class OCSPExtensionTrustDomain : public TrustDomain { public: pkix::Result GetCertTrust(EndEntityOrCA, const CertPolicyId&, Input, TrustLevel&) override { ADD_FAILURE(); return pkix::Result::FATAL_ERROR_LIBRARY_FAILURE; } pkix::Result FindIssuer(Input, IssuerChecker&, Time) override { ADD_FAILURE(); return pkix::Result::FATAL_ERROR_LIBRARY_FAILURE; } pkix::Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration, const Input*, const Input*, const Input*) override { ADD_FAILURE(); return pkix::Result::FATAL_ERROR_LIBRARY_FAILURE; } pkix::Result IsChainValid(const DERArray&, Time, const CertPolicyId&) override { ADD_FAILURE(); return pkix::Result::FATAL_ERROR_LIBRARY_FAILURE; } pkix::Result DigestBuf(Input item, DigestAlgorithm digestAlg, /*out*/ uint8_t* digestBuf, size_t digestBufLen) override { return DigestBufNSS(item, digestAlg, digestBuf, digestBufLen); } pkix::Result CheckSignatureDigestAlgorithm(DigestAlgorithm, EndEntityOrCA, Time) override { ADD_FAILURE(); return pkix::Result::FATAL_ERROR_LIBRARY_FAILURE; } pkix::Result CheckECDSACurveIsAcceptable(EndEntityOrCA, NamedCurve) override { ADD_FAILURE(); return pkix::Result::FATAL_ERROR_LIBRARY_FAILURE; } pkix::Result VerifyECDSASignedData(Input data, DigestAlgorithm digestAlgorithm, Input signature, Input subjectPublicKeyInfo) override { return VerifyECDSASignedDataNSS(data, digestAlgorithm, signature, subjectPublicKeyInfo, nullptr); } pkix::Result CheckRSAPublicKeyModulusSizeInBits(EndEntityOrCA, unsigned int) override { ADD_FAILURE(); return pkix::Result::FATAL_ERROR_LIBRARY_FAILURE; } pkix::Result VerifyRSAPKCS1SignedData(Input data, DigestAlgorithm digestAlgorithm, Input signature, Input subjectPublicKeyInfo) override { return VerifyRSAPKCS1SignedDataNSS(data, digestAlgorithm, signature, subjectPublicKeyInfo, nullptr); } pkix::Result VerifyRSAPSSSignedData(Input data, DigestAlgorithm digestAlgorithm, Input signature, Input subjectPublicKeyInfo) override { return VerifyRSAPSSSignedDataNSS(data, digestAlgorithm, signature, subjectPublicKeyInfo, nullptr); } pkix::Result CheckValidityIsAcceptable(Time, Time, EndEntityOrCA, KeyPurposeId) override { ADD_FAILURE(); return pkix::Result::FATAL_ERROR_LIBRARY_FAILURE; } pkix::Result NetscapeStepUpMatchesServerAuth(Time, bool&) override { ADD_FAILURE(); return pkix::Result::FATAL_ERROR_LIBRARY_FAILURE; } void NoteAuxiliaryExtension(AuxiliaryExtension extension, Input data) override { if (extension != AuxiliaryExtension::SCTListFromOCSPResponse) { ADD_FAILURE(); return; } InputToBuffer(data, signedCertificateTimestamps); } Buffer signedCertificateTimestamps; }; void ExtractSCTListFromOCSPResponse(Input cert, Input issuerSPKI, Input encodedResponse, Time time, Buffer& result) { result.clear(); BackCert backCert(cert, EndEntityOrCA::MustBeEndEntity, nullptr); ASSERT_EQ(Success, backCert.Init()); CertID certID(backCert.GetIssuer(), issuerSPKI, backCert.GetSerialNumber()); bool expired; OCSPExtensionTrustDomain trustDomain; pkix::Result rv = VerifyEncodedOCSPResponse(trustDomain, certID, time, /*time*/ 1000, /*maxLifetimeInDays*/ encodedResponse, expired); ASSERT_EQ(Success, rv); result = std::move(trustDomain.signedCertificateTimestamps); } Input InputForBuffer(const Buffer& buffer) { Input input; if (input.Init(buffer.data(), buffer.size()) != Success) { abort(); } return input; } Input InputForSECItem(const SECItem& item) { Input input; if (input.Init(item.data, item.len) != Success) { abort(); } return input; } } // namespace ct } // namespace mozilla namespace mozilla { std::ostream& operator<<(std::ostream& stream, const ct::Buffer& buffer) { if (buffer.empty()) { stream << "EMPTY"; } else { for (size_t i = 0; i < buffer.size(); ++i) { if (i >= 1000) { stream << "..."; break; } stream << std::hex << std::setw(2) << std::setfill('0') << static_cast(buffer[i]); } } stream << std::dec; return stream; } } // namespace mozilla