1 use super::{Log, Error, verify_sct};
2
3 static TEST_LOG_ECDSA_P256: Log = Log {
4 description: "fake test ecdsa_p256 log",
5 url: "",
6 operated_by: "random python script",
7 max_merge_delay: 0,
8 key: include_bytes!("testdata/ecdsa-prime256v1-pub.raw"),
9 id: [0x71, 0xdc, 0x5e, 0xdb, 0xf0, 0x13, 0xd3, 0x88, 0x8a, 0x14, 0x6f, 0x49, 0x3d, 0xbe, 0x33, 0x94, 0xbb, 0x5a, 0xdb, 0x65, 0xb2, 0x6a, 0x96, 0xe2, 0x38, 0x35, 0x4e, 0xd4, 0x8f, 0xeb, 0xb2, 0x4f],
10 };
11
12 static TEST_LOG_ECDSA_P384: Log = Log {
13 description: "fake test ecdsa_p384 log",
14 url: "",
15 operated_by: "random python script",
16 max_merge_delay: 0,
17 key: include_bytes!("testdata/ecdsa-secp384r1-pub.raw"),
18 id: [0x29, 0xbb, 0xef, 0x00, 0xba, 0xd9, 0x3d, 0x5d, 0x4c, 0x03, 0xc7, 0x29, 0xe9, 0x4d, 0xb6, 0xac, 0x00, 0xe0, 0xfd, 0x28, 0xf6, 0x46, 0x56, 0x37, 0x24, 0xac, 0x58, 0xdc, 0x66, 0xb1, 0x99, 0xe9],
19 };
20
21 static TEST_LOG_RSA2048: Log = Log {
22 description: "fake test rsa2048 log",
23 url: "",
24 operated_by: "random python script",
25 max_merge_delay: 0,
26 key: include_bytes!("testdata/rsa-2048-pub.raw"),
27 id: [0x6e, 0x56, 0xa6, 0x5e, 0x21, 0x40, 0x97, 0x71, 0xeb, 0xbd, 0x16, 0x67, 0xc3, 0x37, 0x39, 0xb3, 0x35, 0x0e, 0xb2, 0xee, 0x9f, 0x3a, 0x55, 0x4c, 0xf3, 0x37, 0x12, 0xc0, 0x6a, 0x1a, 0x72, 0x0a],
28 };
29
30 static TEST_LOG_RSA3072: Log = Log {
31 description: "fake test rsa3072 log",
32 url: "",
33 operated_by: "random python script",
34 max_merge_delay: 0,
35 key: include_bytes!("testdata/rsa-3072-pub.raw"),
36 id: [0xb4, 0xcd, 0x74, 0xe7, 0x69, 0x59, 0xb3, 0x4e, 0xbb, 0x90, 0x80, 0xba, 0x9e, 0xaa, 0x08, 0xaf, 0x75, 0x8b, 0x52, 0x7b, 0xbb, 0x5f, 0xf7, 0x24, 0x59, 0x8f, 0xfa, 0xc7, 0x37, 0x65, 0x49, 0xb0],
37 };
38
39 static TEST_LOG_RSA4096: Log = Log {
40 description: "fake test rsa4096 log",
41 url: "",
42 operated_by: "random python script",
43 max_merge_delay: 0,
44 key: include_bytes!("testdata/rsa-4096-pub.raw"),
45 id: [0xfb, 0x56, 0x27, 0x12, 0xec, 0xa0, 0xf0, 0xdc, 0x7f, 0x06, 0xda, 0x76, 0xab, 0xba, 0x5d, 0x88, 0x28, 0x2b, 0x62, 0xc5, 0x71, 0xf6, 0x0d, 0x69, 0x41, 0x94, 0x85, 0x16, 0xc8, 0x22, 0xf3, 0x29],
46 };
47
48 #[test]
ecdsa_p256_basic()49 pub fn ecdsa_p256_basic() {
50 let sct = include_bytes!("testdata/ecdsa_p256-basic-sct.bin");
51 let cert = b"cert";
52 let logs = [&TEST_LOG_ECDSA_P256];
53 let now = 1235;
54
55 assert_eq!(Ok(0),
56 verify_sct(cert, sct, now, &logs));
57 }
58
59 #[test]
ecdsa_p256_wrongtime()60 pub fn ecdsa_p256_wrongtime() {
61 let sct = include_bytes!("testdata/ecdsa_p256-wrongtime-sct.bin");
62 let cert = b"cert";
63 let logs = [&TEST_LOG_ECDSA_P256];
64 let now = 1235;
65
66 assert_eq!(Err(Error::InvalidSignature),
67 verify_sct(cert, sct, now, &logs));
68 }
69
70 #[test]
ecdsa_p256_wrongcert()71 pub fn ecdsa_p256_wrongcert() {
72 let sct = include_bytes!("testdata/ecdsa_p256-wrongcert-sct.bin");
73 let cert = b"cert";
74 let logs = [&TEST_LOG_ECDSA_P256];
75 let now = 1235;
76
77 assert_eq!(Err(Error::InvalidSignature),
78 verify_sct(cert, sct, now, &logs));
79 }
80
81 #[test]
ecdsa_p384_basic()82 pub fn ecdsa_p384_basic() {
83 let sct = include_bytes!("testdata/ecdsa_p384-basic-sct.bin");
84 let cert = b"cert";
85 let logs = [&TEST_LOG_ECDSA_P384];
86 let now = 1235;
87
88 assert_eq!(Ok(0),
89 verify_sct(cert, sct, now, &logs));
90 }
91
92 #[test]
ecdsa_p384_wrongtime()93 pub fn ecdsa_p384_wrongtime() {
94 let sct = include_bytes!("testdata/ecdsa_p384-wrongtime-sct.bin");
95 let cert = b"cert";
96 let logs = [&TEST_LOG_ECDSA_P384];
97 let now = 1235;
98
99 assert_eq!(Err(Error::InvalidSignature),
100 verify_sct(cert, sct, now, &logs));
101 }
102
103 #[test]
ecdsa_p384_wrongcert()104 pub fn ecdsa_p384_wrongcert() {
105 let sct = include_bytes!("testdata/ecdsa_p384-wrongcert-sct.bin");
106 let cert = b"cert";
107 let logs = [&TEST_LOG_ECDSA_P384];
108 let now = 1235;
109
110 assert_eq!(Err(Error::InvalidSignature),
111 verify_sct(cert, sct, now, &logs));
112 }
113
114 #[test]
rsa2048_basic()115 pub fn rsa2048_basic() {
116 let sct = include_bytes!("testdata/rsa2048-basic-sct.bin");
117 let cert = b"cert";
118 let logs = [&TEST_LOG_RSA2048];
119 let now = 1235;
120
121 assert_eq!(Ok(0),
122 verify_sct(cert, sct, now, &logs));
123 }
124
125 #[test]
rsa2048_wrongtime()126 pub fn rsa2048_wrongtime() {
127 let sct = include_bytes!("testdata/rsa2048-wrongtime-sct.bin");
128 let cert = b"cert";
129 let logs = [&TEST_LOG_RSA2048];
130 let now = 1235;
131
132 assert_eq!(Err(Error::InvalidSignature),
133 verify_sct(cert, sct, now, &logs));
134 }
135
136 #[test]
rsa2048_wrongcert()137 pub fn rsa2048_wrongcert() {
138 let sct = include_bytes!("testdata/rsa2048-wrongcert-sct.bin");
139 let cert = b"cert";
140 let logs = [&TEST_LOG_RSA2048];
141 let now = 1235;
142
143 assert_eq!(Err(Error::InvalidSignature),
144 verify_sct(cert, sct, now, &logs));
145 }
146
147 #[test]
rsa3072_basic()148 pub fn rsa3072_basic() {
149 let sct = include_bytes!("testdata/rsa3072-basic-sct.bin");
150 let cert = b"cert";
151 let logs = [&TEST_LOG_RSA3072];
152 let now = 1235;
153
154 assert_eq!(Ok(0),
155 verify_sct(cert, sct, now, &logs));
156 }
157
158 #[test]
rsa3072_wrongtime()159 pub fn rsa3072_wrongtime() {
160 let sct = include_bytes!("testdata/rsa3072-wrongtime-sct.bin");
161 let cert = b"cert";
162 let logs = [&TEST_LOG_RSA3072];
163 let now = 1235;
164
165 assert_eq!(Err(Error::InvalidSignature),
166 verify_sct(cert, sct, now, &logs));
167 }
168
169 #[test]
rsa3072_wrongcert()170 pub fn rsa3072_wrongcert() {
171 let sct = include_bytes!("testdata/rsa3072-wrongcert-sct.bin");
172 let cert = b"cert";
173 let logs = [&TEST_LOG_RSA3072];
174 let now = 1235;
175
176 assert_eq!(Err(Error::InvalidSignature),
177 verify_sct(cert, sct, now, &logs));
178 }
179
180 #[test]
rsa4096_basic()181 pub fn rsa4096_basic() {
182 let sct = include_bytes!("testdata/rsa4096-basic-sct.bin");
183 let cert = b"cert";
184 let logs = [&TEST_LOG_RSA4096];
185 let now = 1235;
186
187 assert_eq!(Ok(0),
188 verify_sct(cert, sct, now, &logs));
189 }
190
191 #[test]
rsa4096_wrongtime()192 pub fn rsa4096_wrongtime() {
193 let sct = include_bytes!("testdata/rsa4096-wrongtime-sct.bin");
194 let cert = b"cert";
195 let logs = [&TEST_LOG_RSA4096];
196 let now = 1235;
197
198 assert_eq!(Err(Error::InvalidSignature),
199 verify_sct(cert, sct, now, &logs));
200 }
201
202 #[test]
rsa4096_wrongcert()203 pub fn rsa4096_wrongcert() {
204 let sct = include_bytes!("testdata/rsa4096-wrongcert-sct.bin");
205 let cert = b"cert";
206 let logs = [&TEST_LOG_RSA4096];
207 let now = 1235;
208
209 assert_eq!(Err(Error::InvalidSignature),
210 verify_sct(cert, sct, now, &logs));
211 }
212
213 #[test]
ecdsa_p256_junk()214 pub fn ecdsa_p256_junk() {
215 let sct = include_bytes!("testdata/ecdsa_p256-junk-sct.bin");
216 let cert = b"cert";
217 let logs = [&TEST_LOG_ECDSA_P256];
218 let now = 1235;
219
220 assert_eq!(Err(Error::MalformedSCT),
221 verify_sct(cert, sct, now, &logs));
222 }
223
224 #[test]
ecdsa_p256_wrongid()225 pub fn ecdsa_p256_wrongid() {
226 let sct = include_bytes!("testdata/ecdsa_p256-wrongid-sct.bin");
227 let cert = b"cert";
228 let logs = [&TEST_LOG_ECDSA_P256];
229 let now = 1235;
230
231 assert_eq!(Err(Error::UnknownLog),
232 verify_sct(cert, sct, now, &logs));
233 }
234
235 #[test]
ecdsa_p256_version()236 pub fn ecdsa_p256_version() {
237 let sct = include_bytes!("testdata/ecdsa_p256-version-sct.bin");
238 let cert = b"cert";
239 let logs = [&TEST_LOG_ECDSA_P256];
240 let now = 1235;
241
242 assert_eq!(Err(Error::UnsupportedSCTVersion),
243 verify_sct(cert, sct, now, &logs));
244 }
245
246 #[test]
ecdsa_p256_future()247 pub fn ecdsa_p256_future() {
248 let sct = include_bytes!("testdata/ecdsa_p256-future-sct.bin");
249 let cert = b"cert";
250 let logs = [&TEST_LOG_ECDSA_P256];
251 let now = 1233;
252
253 assert_eq!(Err(Error::TimestampInFuture),
254 verify_sct(cert, sct, now, &logs));
255 }
256
257 #[test]
ecdsa_p256_wrongext()258 pub fn ecdsa_p256_wrongext() {
259 let sct = include_bytes!("testdata/ecdsa_p256-wrongext-sct.bin");
260 let cert = b"cert";
261 let logs = [&TEST_LOG_ECDSA_P256];
262 let now = 1235;
263
264 assert_eq!(Err(Error::InvalidSignature),
265 verify_sct(cert, sct, now, &logs));
266 }
267
268 #[test]
ecdsa_p256_badsigalg()269 pub fn ecdsa_p256_badsigalg() {
270 let sct = include_bytes!("testdata/ecdsa_p256-badsigalg-sct.bin");
271 let cert = b"cert";
272 let logs = [&TEST_LOG_ECDSA_P256];
273 let now = 1235;
274
275 assert_eq!(Err(Error::InvalidSignature),
276 verify_sct(cert, sct, now, &logs));
277 }
278
279 #[test]
ecdsa_p256_short()280 pub fn ecdsa_p256_short() {
281 let sct = include_bytes!("testdata/ecdsa_p256-short-sct.bin");
282 let cert = b"cert";
283 let logs = [&TEST_LOG_ECDSA_P256];
284 let now = 1234;
285
286 for l in 0..121 {
287 assert_eq!(Err(Error::MalformedSCT),
288 verify_sct(cert, &sct[..l], now, &logs));
289 }
290 }
291
292