1 use super::{Log, Error, verify_sct};
2 
3 static TEST_LOG_ECDSA_P256: Log = Log {
4     description: "fake test ecdsa_p256 log",
5     url: "",
6     operated_by: "random python script",
7     max_merge_delay: 0,
8     key: include_bytes!("testdata/ecdsa-prime256v1-pub.raw"),
9     id: [0x71, 0xdc, 0x5e, 0xdb, 0xf0, 0x13, 0xd3, 0x88, 0x8a, 0x14, 0x6f, 0x49, 0x3d, 0xbe, 0x33, 0x94, 0xbb, 0x5a, 0xdb, 0x65, 0xb2, 0x6a, 0x96, 0xe2, 0x38, 0x35, 0x4e, 0xd4, 0x8f, 0xeb, 0xb2, 0x4f],
10 };
11 
12 static TEST_LOG_ECDSA_P384: Log = Log {
13     description: "fake test ecdsa_p384 log",
14     url: "",
15     operated_by: "random python script",
16     max_merge_delay: 0,
17     key: include_bytes!("testdata/ecdsa-secp384r1-pub.raw"),
18     id: [0x29, 0xbb, 0xef, 0x00, 0xba, 0xd9, 0x3d, 0x5d, 0x4c, 0x03, 0xc7, 0x29, 0xe9, 0x4d, 0xb6, 0xac, 0x00, 0xe0, 0xfd, 0x28, 0xf6, 0x46, 0x56, 0x37, 0x24, 0xac, 0x58, 0xdc, 0x66, 0xb1, 0x99, 0xe9],
19 };
20 
21 static TEST_LOG_RSA2048: Log = Log {
22     description: "fake test rsa2048 log",
23     url: "",
24     operated_by: "random python script",
25     max_merge_delay: 0,
26     key: include_bytes!("testdata/rsa-2048-pub.raw"),
27     id: [0x6e, 0x56, 0xa6, 0x5e, 0x21, 0x40, 0x97, 0x71, 0xeb, 0xbd, 0x16, 0x67, 0xc3, 0x37, 0x39, 0xb3, 0x35, 0x0e, 0xb2, 0xee, 0x9f, 0x3a, 0x55, 0x4c, 0xf3, 0x37, 0x12, 0xc0, 0x6a, 0x1a, 0x72, 0x0a],
28 };
29 
30 static TEST_LOG_RSA3072: Log = Log {
31     description: "fake test rsa3072 log",
32     url: "",
33     operated_by: "random python script",
34     max_merge_delay: 0,
35     key: include_bytes!("testdata/rsa-3072-pub.raw"),
36     id: [0xb4, 0xcd, 0x74, 0xe7, 0x69, 0x59, 0xb3, 0x4e, 0xbb, 0x90, 0x80, 0xba, 0x9e, 0xaa, 0x08, 0xaf, 0x75, 0x8b, 0x52, 0x7b, 0xbb, 0x5f, 0xf7, 0x24, 0x59, 0x8f, 0xfa, 0xc7, 0x37, 0x65, 0x49, 0xb0],
37 };
38 
39 static TEST_LOG_RSA4096: Log = Log {
40     description: "fake test rsa4096 log",
41     url: "",
42     operated_by: "random python script",
43     max_merge_delay: 0,
44     key: include_bytes!("testdata/rsa-4096-pub.raw"),
45     id: [0xfb, 0x56, 0x27, 0x12, 0xec, 0xa0, 0xf0, 0xdc, 0x7f, 0x06, 0xda, 0x76, 0xab, 0xba, 0x5d, 0x88, 0x28, 0x2b, 0x62, 0xc5, 0x71, 0xf6, 0x0d, 0x69, 0x41, 0x94, 0x85, 0x16, 0xc8, 0x22, 0xf3, 0x29],
46 };
47 
48 #[test]
ecdsa_p256_basic()49 pub fn ecdsa_p256_basic() {
50     let sct = include_bytes!("testdata/ecdsa_p256-basic-sct.bin");
51     let cert = b"cert";
52     let logs = [&TEST_LOG_ECDSA_P256];
53     let now = 1235;
54 
55     assert_eq!(Ok(0),
56                verify_sct(cert, sct, now, &logs));
57 }
58 
59 #[test]
ecdsa_p256_wrongtime()60 pub fn ecdsa_p256_wrongtime() {
61     let sct = include_bytes!("testdata/ecdsa_p256-wrongtime-sct.bin");
62     let cert = b"cert";
63     let logs = [&TEST_LOG_ECDSA_P256];
64     let now = 1235;
65 
66     assert_eq!(Err(Error::InvalidSignature),
67                verify_sct(cert, sct, now, &logs));
68 }
69 
70 #[test]
ecdsa_p256_wrongcert()71 pub fn ecdsa_p256_wrongcert() {
72     let sct = include_bytes!("testdata/ecdsa_p256-wrongcert-sct.bin");
73     let cert = b"cert";
74     let logs = [&TEST_LOG_ECDSA_P256];
75     let now = 1235;
76 
77     assert_eq!(Err(Error::InvalidSignature),
78                verify_sct(cert, sct, now, &logs));
79 }
80 
81 #[test]
ecdsa_p384_basic()82 pub fn ecdsa_p384_basic() {
83     let sct = include_bytes!("testdata/ecdsa_p384-basic-sct.bin");
84     let cert = b"cert";
85     let logs = [&TEST_LOG_ECDSA_P384];
86     let now = 1235;
87 
88     assert_eq!(Ok(0),
89                verify_sct(cert, sct, now, &logs));
90 }
91 
92 #[test]
ecdsa_p384_wrongtime()93 pub fn ecdsa_p384_wrongtime() {
94     let sct = include_bytes!("testdata/ecdsa_p384-wrongtime-sct.bin");
95     let cert = b"cert";
96     let logs = [&TEST_LOG_ECDSA_P384];
97     let now = 1235;
98 
99     assert_eq!(Err(Error::InvalidSignature),
100                verify_sct(cert, sct, now, &logs));
101 }
102 
103 #[test]
ecdsa_p384_wrongcert()104 pub fn ecdsa_p384_wrongcert() {
105     let sct = include_bytes!("testdata/ecdsa_p384-wrongcert-sct.bin");
106     let cert = b"cert";
107     let logs = [&TEST_LOG_ECDSA_P384];
108     let now = 1235;
109 
110     assert_eq!(Err(Error::InvalidSignature),
111                verify_sct(cert, sct, now, &logs));
112 }
113 
114 #[test]
rsa2048_basic()115 pub fn rsa2048_basic() {
116     let sct = include_bytes!("testdata/rsa2048-basic-sct.bin");
117     let cert = b"cert";
118     let logs = [&TEST_LOG_RSA2048];
119     let now = 1235;
120 
121     assert_eq!(Ok(0),
122                verify_sct(cert, sct, now, &logs));
123 }
124 
125 #[test]
rsa2048_wrongtime()126 pub fn rsa2048_wrongtime() {
127     let sct = include_bytes!("testdata/rsa2048-wrongtime-sct.bin");
128     let cert = b"cert";
129     let logs = [&TEST_LOG_RSA2048];
130     let now = 1235;
131 
132     assert_eq!(Err(Error::InvalidSignature),
133                verify_sct(cert, sct, now, &logs));
134 }
135 
136 #[test]
rsa2048_wrongcert()137 pub fn rsa2048_wrongcert() {
138     let sct = include_bytes!("testdata/rsa2048-wrongcert-sct.bin");
139     let cert = b"cert";
140     let logs = [&TEST_LOG_RSA2048];
141     let now = 1235;
142 
143     assert_eq!(Err(Error::InvalidSignature),
144                verify_sct(cert, sct, now, &logs));
145 }
146 
147 #[test]
rsa3072_basic()148 pub fn rsa3072_basic() {
149     let sct = include_bytes!("testdata/rsa3072-basic-sct.bin");
150     let cert = b"cert";
151     let logs = [&TEST_LOG_RSA3072];
152     let now = 1235;
153 
154     assert_eq!(Ok(0),
155                verify_sct(cert, sct, now, &logs));
156 }
157 
158 #[test]
rsa3072_wrongtime()159 pub fn rsa3072_wrongtime() {
160     let sct = include_bytes!("testdata/rsa3072-wrongtime-sct.bin");
161     let cert = b"cert";
162     let logs = [&TEST_LOG_RSA3072];
163     let now = 1235;
164 
165     assert_eq!(Err(Error::InvalidSignature),
166                verify_sct(cert, sct, now, &logs));
167 }
168 
169 #[test]
rsa3072_wrongcert()170 pub fn rsa3072_wrongcert() {
171     let sct = include_bytes!("testdata/rsa3072-wrongcert-sct.bin");
172     let cert = b"cert";
173     let logs = [&TEST_LOG_RSA3072];
174     let now = 1235;
175 
176     assert_eq!(Err(Error::InvalidSignature),
177                verify_sct(cert, sct, now, &logs));
178 }
179 
180 #[test]
rsa4096_basic()181 pub fn rsa4096_basic() {
182     let sct = include_bytes!("testdata/rsa4096-basic-sct.bin");
183     let cert = b"cert";
184     let logs = [&TEST_LOG_RSA4096];
185     let now = 1235;
186 
187     assert_eq!(Ok(0),
188                verify_sct(cert, sct, now, &logs));
189 }
190 
191 #[test]
rsa4096_wrongtime()192 pub fn rsa4096_wrongtime() {
193     let sct = include_bytes!("testdata/rsa4096-wrongtime-sct.bin");
194     let cert = b"cert";
195     let logs = [&TEST_LOG_RSA4096];
196     let now = 1235;
197 
198     assert_eq!(Err(Error::InvalidSignature),
199                verify_sct(cert, sct, now, &logs));
200 }
201 
202 #[test]
rsa4096_wrongcert()203 pub fn rsa4096_wrongcert() {
204     let sct = include_bytes!("testdata/rsa4096-wrongcert-sct.bin");
205     let cert = b"cert";
206     let logs = [&TEST_LOG_RSA4096];
207     let now = 1235;
208 
209     assert_eq!(Err(Error::InvalidSignature),
210                verify_sct(cert, sct, now, &logs));
211 }
212 
213 #[test]
ecdsa_p256_junk()214 pub fn ecdsa_p256_junk() {
215     let sct = include_bytes!("testdata/ecdsa_p256-junk-sct.bin");
216     let cert = b"cert";
217     let logs = [&TEST_LOG_ECDSA_P256];
218     let now = 1235;
219 
220     assert_eq!(Err(Error::MalformedSCT),
221                verify_sct(cert, sct, now, &logs));
222 }
223 
224 #[test]
ecdsa_p256_wrongid()225 pub fn ecdsa_p256_wrongid() {
226     let sct = include_bytes!("testdata/ecdsa_p256-wrongid-sct.bin");
227     let cert = b"cert";
228     let logs = [&TEST_LOG_ECDSA_P256];
229     let now = 1235;
230 
231     assert_eq!(Err(Error::UnknownLog),
232                verify_sct(cert, sct, now, &logs));
233 }
234 
235 #[test]
ecdsa_p256_version()236 pub fn ecdsa_p256_version() {
237     let sct = include_bytes!("testdata/ecdsa_p256-version-sct.bin");
238     let cert = b"cert";
239     let logs = [&TEST_LOG_ECDSA_P256];
240     let now = 1235;
241 
242     assert_eq!(Err(Error::UnsupportedSCTVersion),
243                verify_sct(cert, sct, now, &logs));
244 }
245 
246 #[test]
ecdsa_p256_future()247 pub fn ecdsa_p256_future() {
248     let sct = include_bytes!("testdata/ecdsa_p256-future-sct.bin");
249     let cert = b"cert";
250     let logs = [&TEST_LOG_ECDSA_P256];
251     let now = 1233;
252 
253     assert_eq!(Err(Error::TimestampInFuture),
254                verify_sct(cert, sct, now, &logs));
255 }
256 
257 #[test]
ecdsa_p256_wrongext()258 pub fn ecdsa_p256_wrongext() {
259     let sct = include_bytes!("testdata/ecdsa_p256-wrongext-sct.bin");
260     let cert = b"cert";
261     let logs = [&TEST_LOG_ECDSA_P256];
262     let now = 1235;
263 
264     assert_eq!(Err(Error::InvalidSignature),
265                verify_sct(cert, sct, now, &logs));
266 }
267 
268 #[test]
ecdsa_p256_badsigalg()269 pub fn ecdsa_p256_badsigalg() {
270     let sct = include_bytes!("testdata/ecdsa_p256-badsigalg-sct.bin");
271     let cert = b"cert";
272     let logs = [&TEST_LOG_ECDSA_P256];
273     let now = 1235;
274 
275     assert_eq!(Err(Error::InvalidSignature),
276                verify_sct(cert, sct, now, &logs));
277 }
278 
279 #[test]
ecdsa_p256_short()280 pub fn ecdsa_p256_short() {
281     let sct = include_bytes!("testdata/ecdsa_p256-short-sct.bin");
282     let cert = b"cert";
283     let logs = [&TEST_LOG_ECDSA_P256];
284     let now = 1234;
285 
286     for l in 0..121 {
287         assert_eq!(Err(Error::MalformedSCT),
288                    verify_sct(cert, &sct[..l], now, &logs));
289     }
290 }
291 
292