1 use super::{verify_sct, Error, Log};
2
3 static TEST_LOG_ECDSA_P256: Log = Log {
4 description: "fake test ecdsa_p256 log",
5 url: "",
6 operated_by: "random python script",
7 max_merge_delay: 0,
8 key: include_bytes!("testdata/ecdsa-prime256v1-pub.raw"),
9 id: [
10 0x71, 0xdc, 0x5e, 0xdb, 0xf0, 0x13, 0xd3, 0x88, 0x8a, 0x14, 0x6f, 0x49, 0x3d, 0xbe, 0x33,
11 0x94, 0xbb, 0x5a, 0xdb, 0x65, 0xb2, 0x6a, 0x96, 0xe2, 0x38, 0x35, 0x4e, 0xd4, 0x8f, 0xeb,
12 0xb2, 0x4f,
13 ],
14 };
15
16 static TEST_LOG_ECDSA_P384: Log = Log {
17 description: "fake test ecdsa_p384 log",
18 url: "",
19 operated_by: "random python script",
20 max_merge_delay: 0,
21 key: include_bytes!("testdata/ecdsa-secp384r1-pub.raw"),
22 id: [
23 0x29, 0xbb, 0xef, 0x00, 0xba, 0xd9, 0x3d, 0x5d, 0x4c, 0x03, 0xc7, 0x29, 0xe9, 0x4d, 0xb6,
24 0xac, 0x00, 0xe0, 0xfd, 0x28, 0xf6, 0x46, 0x56, 0x37, 0x24, 0xac, 0x58, 0xdc, 0x66, 0xb1,
25 0x99, 0xe9,
26 ],
27 };
28
29 static TEST_LOG_RSA2048: Log = Log {
30 description: "fake test rsa2048 log",
31 url: "",
32 operated_by: "random python script",
33 max_merge_delay: 0,
34 key: include_bytes!("testdata/rsa-2048-pub.raw"),
35 id: [
36 0x6e, 0x56, 0xa6, 0x5e, 0x21, 0x40, 0x97, 0x71, 0xeb, 0xbd, 0x16, 0x67, 0xc3, 0x37, 0x39,
37 0xb3, 0x35, 0x0e, 0xb2, 0xee, 0x9f, 0x3a, 0x55, 0x4c, 0xf3, 0x37, 0x12, 0xc0, 0x6a, 0x1a,
38 0x72, 0x0a,
39 ],
40 };
41
42 static TEST_LOG_RSA3072: Log = Log {
43 description: "fake test rsa3072 log",
44 url: "",
45 operated_by: "random python script",
46 max_merge_delay: 0,
47 key: include_bytes!("testdata/rsa-3072-pub.raw"),
48 id: [
49 0xb4, 0xcd, 0x74, 0xe7, 0x69, 0x59, 0xb3, 0x4e, 0xbb, 0x90, 0x80, 0xba, 0x9e, 0xaa, 0x08,
50 0xaf, 0x75, 0x8b, 0x52, 0x7b, 0xbb, 0x5f, 0xf7, 0x24, 0x59, 0x8f, 0xfa, 0xc7, 0x37, 0x65,
51 0x49, 0xb0,
52 ],
53 };
54
55 static TEST_LOG_RSA4096: Log = Log {
56 description: "fake test rsa4096 log",
57 url: "",
58 operated_by: "random python script",
59 max_merge_delay: 0,
60 key: include_bytes!("testdata/rsa-4096-pub.raw"),
61 id: [
62 0xfb, 0x56, 0x27, 0x12, 0xec, 0xa0, 0xf0, 0xdc, 0x7f, 0x06, 0xda, 0x76, 0xab, 0xba, 0x5d,
63 0x88, 0x28, 0x2b, 0x62, 0xc5, 0x71, 0xf6, 0x0d, 0x69, 0x41, 0x94, 0x85, 0x16, 0xc8, 0x22,
64 0xf3, 0x29,
65 ],
66 };
67
68 #[test]
ecdsa_p256_basic()69 pub fn ecdsa_p256_basic() {
70 let sct = include_bytes!("testdata/ecdsa_p256-basic-sct.bin");
71 let cert = b"cert";
72 let logs = [&TEST_LOG_ECDSA_P256];
73 let now = 1235;
74
75 assert_eq!(Ok(0), verify_sct(cert, sct, now, &logs));
76 }
77
78 #[test]
ecdsa_p256_wrongtime()79 pub fn ecdsa_p256_wrongtime() {
80 let sct = include_bytes!("testdata/ecdsa_p256-wrongtime-sct.bin");
81 let cert = b"cert";
82 let logs = [&TEST_LOG_ECDSA_P256];
83 let now = 1235;
84
85 assert_eq!(
86 Err(Error::InvalidSignature),
87 verify_sct(cert, sct, now, &logs)
88 );
89 }
90
91 #[test]
ecdsa_p256_wrongcert()92 pub fn ecdsa_p256_wrongcert() {
93 let sct = include_bytes!("testdata/ecdsa_p256-wrongcert-sct.bin");
94 let cert = b"cert";
95 let logs = [&TEST_LOG_ECDSA_P256];
96 let now = 1235;
97
98 assert_eq!(
99 Err(Error::InvalidSignature),
100 verify_sct(cert, sct, now, &logs)
101 );
102 }
103
104 #[test]
ecdsa_p384_basic()105 pub fn ecdsa_p384_basic() {
106 let sct = include_bytes!("testdata/ecdsa_p384-basic-sct.bin");
107 let cert = b"cert";
108 let logs = [&TEST_LOG_ECDSA_P384];
109 let now = 1235;
110
111 assert_eq!(Ok(0), verify_sct(cert, sct, now, &logs));
112 }
113
114 #[test]
ecdsa_p384_wrongtime()115 pub fn ecdsa_p384_wrongtime() {
116 let sct = include_bytes!("testdata/ecdsa_p384-wrongtime-sct.bin");
117 let cert = b"cert";
118 let logs = [&TEST_LOG_ECDSA_P384];
119 let now = 1235;
120
121 assert_eq!(
122 Err(Error::InvalidSignature),
123 verify_sct(cert, sct, now, &logs)
124 );
125 }
126
127 #[test]
ecdsa_p384_wrongcert()128 pub fn ecdsa_p384_wrongcert() {
129 let sct = include_bytes!("testdata/ecdsa_p384-wrongcert-sct.bin");
130 let cert = b"cert";
131 let logs = [&TEST_LOG_ECDSA_P384];
132 let now = 1235;
133
134 assert_eq!(
135 Err(Error::InvalidSignature),
136 verify_sct(cert, sct, now, &logs)
137 );
138 }
139
140 #[test]
rsa2048_basic()141 pub fn rsa2048_basic() {
142 let sct = include_bytes!("testdata/rsa2048-basic-sct.bin");
143 let cert = b"cert";
144 let logs = [&TEST_LOG_RSA2048];
145 let now = 1235;
146
147 assert_eq!(Ok(0), verify_sct(cert, sct, now, &logs));
148 }
149
150 #[test]
rsa2048_wrongtime()151 pub fn rsa2048_wrongtime() {
152 let sct = include_bytes!("testdata/rsa2048-wrongtime-sct.bin");
153 let cert = b"cert";
154 let logs = [&TEST_LOG_RSA2048];
155 let now = 1235;
156
157 assert_eq!(
158 Err(Error::InvalidSignature),
159 verify_sct(cert, sct, now, &logs)
160 );
161 }
162
163 #[test]
rsa2048_wrongcert()164 pub fn rsa2048_wrongcert() {
165 let sct = include_bytes!("testdata/rsa2048-wrongcert-sct.bin");
166 let cert = b"cert";
167 let logs = [&TEST_LOG_RSA2048];
168 let now = 1235;
169
170 assert_eq!(
171 Err(Error::InvalidSignature),
172 verify_sct(cert, sct, now, &logs)
173 );
174 }
175
176 #[test]
rsa3072_basic()177 pub fn rsa3072_basic() {
178 let sct = include_bytes!("testdata/rsa3072-basic-sct.bin");
179 let cert = b"cert";
180 let logs = [&TEST_LOG_RSA3072];
181 let now = 1235;
182
183 assert_eq!(Ok(0), verify_sct(cert, sct, now, &logs));
184 }
185
186 #[test]
rsa3072_wrongtime()187 pub fn rsa3072_wrongtime() {
188 let sct = include_bytes!("testdata/rsa3072-wrongtime-sct.bin");
189 let cert = b"cert";
190 let logs = [&TEST_LOG_RSA3072];
191 let now = 1235;
192
193 assert_eq!(
194 Err(Error::InvalidSignature),
195 verify_sct(cert, sct, now, &logs)
196 );
197 }
198
199 #[test]
rsa3072_wrongcert()200 pub fn rsa3072_wrongcert() {
201 let sct = include_bytes!("testdata/rsa3072-wrongcert-sct.bin");
202 let cert = b"cert";
203 let logs = [&TEST_LOG_RSA3072];
204 let now = 1235;
205
206 assert_eq!(
207 Err(Error::InvalidSignature),
208 verify_sct(cert, sct, now, &logs)
209 );
210 }
211
212 #[test]
rsa4096_basic()213 pub fn rsa4096_basic() {
214 let sct = include_bytes!("testdata/rsa4096-basic-sct.bin");
215 let cert = b"cert";
216 let logs = [&TEST_LOG_RSA4096];
217 let now = 1235;
218
219 assert_eq!(Ok(0), verify_sct(cert, sct, now, &logs));
220 }
221
222 #[test]
rsa4096_wrongtime()223 pub fn rsa4096_wrongtime() {
224 let sct = include_bytes!("testdata/rsa4096-wrongtime-sct.bin");
225 let cert = b"cert";
226 let logs = [&TEST_LOG_RSA4096];
227 let now = 1235;
228
229 assert_eq!(
230 Err(Error::InvalidSignature),
231 verify_sct(cert, sct, now, &logs)
232 );
233 }
234
235 #[test]
rsa4096_wrongcert()236 pub fn rsa4096_wrongcert() {
237 let sct = include_bytes!("testdata/rsa4096-wrongcert-sct.bin");
238 let cert = b"cert";
239 let logs = [&TEST_LOG_RSA4096];
240 let now = 1235;
241
242 assert_eq!(
243 Err(Error::InvalidSignature),
244 verify_sct(cert, sct, now, &logs)
245 );
246 }
247
248 #[test]
ecdsa_p256_junk()249 pub fn ecdsa_p256_junk() {
250 let sct = include_bytes!("testdata/ecdsa_p256-junk-sct.bin");
251 let cert = b"cert";
252 let logs = [&TEST_LOG_ECDSA_P256];
253 let now = 1235;
254
255 assert_eq!(Err(Error::MalformedSct), verify_sct(cert, sct, now, &logs));
256 }
257
258 #[test]
ecdsa_p256_wrongid()259 pub fn ecdsa_p256_wrongid() {
260 let sct = include_bytes!("testdata/ecdsa_p256-wrongid-sct.bin");
261 let cert = b"cert";
262 let logs = [&TEST_LOG_ECDSA_P256];
263 let now = 1235;
264
265 assert_eq!(Err(Error::UnknownLog), verify_sct(cert, sct, now, &logs));
266 }
267
268 #[test]
ecdsa_p256_version()269 pub fn ecdsa_p256_version() {
270 let sct = include_bytes!("testdata/ecdsa_p256-version-sct.bin");
271 let cert = b"cert";
272 let logs = [&TEST_LOG_ECDSA_P256];
273 let now = 1235;
274
275 assert_eq!(
276 Err(Error::UnsupportedSctVersion),
277 verify_sct(cert, sct, now, &logs)
278 );
279 }
280
281 #[test]
ecdsa_p256_future()282 pub fn ecdsa_p256_future() {
283 let sct = include_bytes!("testdata/ecdsa_p256-future-sct.bin");
284 let cert = b"cert";
285 let logs = [&TEST_LOG_ECDSA_P256];
286 let now = 1233;
287
288 assert_eq!(
289 Err(Error::TimestampInFuture),
290 verify_sct(cert, sct, now, &logs)
291 );
292 }
293
294 #[test]
ecdsa_p256_wrongext()295 pub fn ecdsa_p256_wrongext() {
296 let sct = include_bytes!("testdata/ecdsa_p256-wrongext-sct.bin");
297 let cert = b"cert";
298 let logs = [&TEST_LOG_ECDSA_P256];
299 let now = 1235;
300
301 assert_eq!(
302 Err(Error::InvalidSignature),
303 verify_sct(cert, sct, now, &logs)
304 );
305 }
306
307 #[test]
ecdsa_p256_badsigalg()308 pub fn ecdsa_p256_badsigalg() {
309 let sct = include_bytes!("testdata/ecdsa_p256-badsigalg-sct.bin");
310 let cert = b"cert";
311 let logs = [&TEST_LOG_ECDSA_P256];
312 let now = 1235;
313
314 assert_eq!(
315 Err(Error::InvalidSignature),
316 verify_sct(cert, sct, now, &logs)
317 );
318 }
319
320 #[test]
ecdsa_p256_short()321 pub fn ecdsa_p256_short() {
322 let sct = include_bytes!("testdata/ecdsa_p256-short-sct.bin");
323 let cert = b"cert";
324 let logs = [&TEST_LOG_ECDSA_P256];
325 let now = 1234;
326
327 for l in 0..121 {
328 assert_eq!(
329 Err(Error::MalformedSct),
330 verify_sct(cert, &sct[..l], now, &logs)
331 );
332 }
333 }
334