1 use super::{verify_sct, Error, Log};
2 
3 static TEST_LOG_ECDSA_P256: Log = Log {
4     description: "fake test ecdsa_p256 log",
5     url: "",
6     operated_by: "random python script",
7     max_merge_delay: 0,
8     key: include_bytes!("testdata/ecdsa-prime256v1-pub.raw"),
9     id: [
10         0x71, 0xdc, 0x5e, 0xdb, 0xf0, 0x13, 0xd3, 0x88, 0x8a, 0x14, 0x6f, 0x49, 0x3d, 0xbe, 0x33,
11         0x94, 0xbb, 0x5a, 0xdb, 0x65, 0xb2, 0x6a, 0x96, 0xe2, 0x38, 0x35, 0x4e, 0xd4, 0x8f, 0xeb,
12         0xb2, 0x4f,
13     ],
14 };
15 
16 static TEST_LOG_ECDSA_P384: Log = Log {
17     description: "fake test ecdsa_p384 log",
18     url: "",
19     operated_by: "random python script",
20     max_merge_delay: 0,
21     key: include_bytes!("testdata/ecdsa-secp384r1-pub.raw"),
22     id: [
23         0x29, 0xbb, 0xef, 0x00, 0xba, 0xd9, 0x3d, 0x5d, 0x4c, 0x03, 0xc7, 0x29, 0xe9, 0x4d, 0xb6,
24         0xac, 0x00, 0xe0, 0xfd, 0x28, 0xf6, 0x46, 0x56, 0x37, 0x24, 0xac, 0x58, 0xdc, 0x66, 0xb1,
25         0x99, 0xe9,
26     ],
27 };
28 
29 static TEST_LOG_RSA2048: Log = Log {
30     description: "fake test rsa2048 log",
31     url: "",
32     operated_by: "random python script",
33     max_merge_delay: 0,
34     key: include_bytes!("testdata/rsa-2048-pub.raw"),
35     id: [
36         0x6e, 0x56, 0xa6, 0x5e, 0x21, 0x40, 0x97, 0x71, 0xeb, 0xbd, 0x16, 0x67, 0xc3, 0x37, 0x39,
37         0xb3, 0x35, 0x0e, 0xb2, 0xee, 0x9f, 0x3a, 0x55, 0x4c, 0xf3, 0x37, 0x12, 0xc0, 0x6a, 0x1a,
38         0x72, 0x0a,
39     ],
40 };
41 
42 static TEST_LOG_RSA3072: Log = Log {
43     description: "fake test rsa3072 log",
44     url: "",
45     operated_by: "random python script",
46     max_merge_delay: 0,
47     key: include_bytes!("testdata/rsa-3072-pub.raw"),
48     id: [
49         0xb4, 0xcd, 0x74, 0xe7, 0x69, 0x59, 0xb3, 0x4e, 0xbb, 0x90, 0x80, 0xba, 0x9e, 0xaa, 0x08,
50         0xaf, 0x75, 0x8b, 0x52, 0x7b, 0xbb, 0x5f, 0xf7, 0x24, 0x59, 0x8f, 0xfa, 0xc7, 0x37, 0x65,
51         0x49, 0xb0,
52     ],
53 };
54 
55 static TEST_LOG_RSA4096: Log = Log {
56     description: "fake test rsa4096 log",
57     url: "",
58     operated_by: "random python script",
59     max_merge_delay: 0,
60     key: include_bytes!("testdata/rsa-4096-pub.raw"),
61     id: [
62         0xfb, 0x56, 0x27, 0x12, 0xec, 0xa0, 0xf0, 0xdc, 0x7f, 0x06, 0xda, 0x76, 0xab, 0xba, 0x5d,
63         0x88, 0x28, 0x2b, 0x62, 0xc5, 0x71, 0xf6, 0x0d, 0x69, 0x41, 0x94, 0x85, 0x16, 0xc8, 0x22,
64         0xf3, 0x29,
65     ],
66 };
67 
68 #[test]
ecdsa_p256_basic()69 pub fn ecdsa_p256_basic() {
70     let sct = include_bytes!("testdata/ecdsa_p256-basic-sct.bin");
71     let cert = b"cert";
72     let logs = [&TEST_LOG_ECDSA_P256];
73     let now = 1235;
74 
75     assert_eq!(Ok(0), verify_sct(cert, sct, now, &logs));
76 }
77 
78 #[test]
ecdsa_p256_wrongtime()79 pub fn ecdsa_p256_wrongtime() {
80     let sct = include_bytes!("testdata/ecdsa_p256-wrongtime-sct.bin");
81     let cert = b"cert";
82     let logs = [&TEST_LOG_ECDSA_P256];
83     let now = 1235;
84 
85     assert_eq!(
86         Err(Error::InvalidSignature),
87         verify_sct(cert, sct, now, &logs)
88     );
89 }
90 
91 #[test]
ecdsa_p256_wrongcert()92 pub fn ecdsa_p256_wrongcert() {
93     let sct = include_bytes!("testdata/ecdsa_p256-wrongcert-sct.bin");
94     let cert = b"cert";
95     let logs = [&TEST_LOG_ECDSA_P256];
96     let now = 1235;
97 
98     assert_eq!(
99         Err(Error::InvalidSignature),
100         verify_sct(cert, sct, now, &logs)
101     );
102 }
103 
104 #[test]
ecdsa_p384_basic()105 pub fn ecdsa_p384_basic() {
106     let sct = include_bytes!("testdata/ecdsa_p384-basic-sct.bin");
107     let cert = b"cert";
108     let logs = [&TEST_LOG_ECDSA_P384];
109     let now = 1235;
110 
111     assert_eq!(Ok(0), verify_sct(cert, sct, now, &logs));
112 }
113 
114 #[test]
ecdsa_p384_wrongtime()115 pub fn ecdsa_p384_wrongtime() {
116     let sct = include_bytes!("testdata/ecdsa_p384-wrongtime-sct.bin");
117     let cert = b"cert";
118     let logs = [&TEST_LOG_ECDSA_P384];
119     let now = 1235;
120 
121     assert_eq!(
122         Err(Error::InvalidSignature),
123         verify_sct(cert, sct, now, &logs)
124     );
125 }
126 
127 #[test]
ecdsa_p384_wrongcert()128 pub fn ecdsa_p384_wrongcert() {
129     let sct = include_bytes!("testdata/ecdsa_p384-wrongcert-sct.bin");
130     let cert = b"cert";
131     let logs = [&TEST_LOG_ECDSA_P384];
132     let now = 1235;
133 
134     assert_eq!(
135         Err(Error::InvalidSignature),
136         verify_sct(cert, sct, now, &logs)
137     );
138 }
139 
140 #[test]
rsa2048_basic()141 pub fn rsa2048_basic() {
142     let sct = include_bytes!("testdata/rsa2048-basic-sct.bin");
143     let cert = b"cert";
144     let logs = [&TEST_LOG_RSA2048];
145     let now = 1235;
146 
147     assert_eq!(Ok(0), verify_sct(cert, sct, now, &logs));
148 }
149 
150 #[test]
rsa2048_wrongtime()151 pub fn rsa2048_wrongtime() {
152     let sct = include_bytes!("testdata/rsa2048-wrongtime-sct.bin");
153     let cert = b"cert";
154     let logs = [&TEST_LOG_RSA2048];
155     let now = 1235;
156 
157     assert_eq!(
158         Err(Error::InvalidSignature),
159         verify_sct(cert, sct, now, &logs)
160     );
161 }
162 
163 #[test]
rsa2048_wrongcert()164 pub fn rsa2048_wrongcert() {
165     let sct = include_bytes!("testdata/rsa2048-wrongcert-sct.bin");
166     let cert = b"cert";
167     let logs = [&TEST_LOG_RSA2048];
168     let now = 1235;
169 
170     assert_eq!(
171         Err(Error::InvalidSignature),
172         verify_sct(cert, sct, now, &logs)
173     );
174 }
175 
176 #[test]
rsa3072_basic()177 pub fn rsa3072_basic() {
178     let sct = include_bytes!("testdata/rsa3072-basic-sct.bin");
179     let cert = b"cert";
180     let logs = [&TEST_LOG_RSA3072];
181     let now = 1235;
182 
183     assert_eq!(Ok(0), verify_sct(cert, sct, now, &logs));
184 }
185 
186 #[test]
rsa3072_wrongtime()187 pub fn rsa3072_wrongtime() {
188     let sct = include_bytes!("testdata/rsa3072-wrongtime-sct.bin");
189     let cert = b"cert";
190     let logs = [&TEST_LOG_RSA3072];
191     let now = 1235;
192 
193     assert_eq!(
194         Err(Error::InvalidSignature),
195         verify_sct(cert, sct, now, &logs)
196     );
197 }
198 
199 #[test]
rsa3072_wrongcert()200 pub fn rsa3072_wrongcert() {
201     let sct = include_bytes!("testdata/rsa3072-wrongcert-sct.bin");
202     let cert = b"cert";
203     let logs = [&TEST_LOG_RSA3072];
204     let now = 1235;
205 
206     assert_eq!(
207         Err(Error::InvalidSignature),
208         verify_sct(cert, sct, now, &logs)
209     );
210 }
211 
212 #[test]
rsa4096_basic()213 pub fn rsa4096_basic() {
214     let sct = include_bytes!("testdata/rsa4096-basic-sct.bin");
215     let cert = b"cert";
216     let logs = [&TEST_LOG_RSA4096];
217     let now = 1235;
218 
219     assert_eq!(Ok(0), verify_sct(cert, sct, now, &logs));
220 }
221 
222 #[test]
rsa4096_wrongtime()223 pub fn rsa4096_wrongtime() {
224     let sct = include_bytes!("testdata/rsa4096-wrongtime-sct.bin");
225     let cert = b"cert";
226     let logs = [&TEST_LOG_RSA4096];
227     let now = 1235;
228 
229     assert_eq!(
230         Err(Error::InvalidSignature),
231         verify_sct(cert, sct, now, &logs)
232     );
233 }
234 
235 #[test]
rsa4096_wrongcert()236 pub fn rsa4096_wrongcert() {
237     let sct = include_bytes!("testdata/rsa4096-wrongcert-sct.bin");
238     let cert = b"cert";
239     let logs = [&TEST_LOG_RSA4096];
240     let now = 1235;
241 
242     assert_eq!(
243         Err(Error::InvalidSignature),
244         verify_sct(cert, sct, now, &logs)
245     );
246 }
247 
248 #[test]
ecdsa_p256_junk()249 pub fn ecdsa_p256_junk() {
250     let sct = include_bytes!("testdata/ecdsa_p256-junk-sct.bin");
251     let cert = b"cert";
252     let logs = [&TEST_LOG_ECDSA_P256];
253     let now = 1235;
254 
255     assert_eq!(Err(Error::MalformedSct), verify_sct(cert, sct, now, &logs));
256 }
257 
258 #[test]
ecdsa_p256_wrongid()259 pub fn ecdsa_p256_wrongid() {
260     let sct = include_bytes!("testdata/ecdsa_p256-wrongid-sct.bin");
261     let cert = b"cert";
262     let logs = [&TEST_LOG_ECDSA_P256];
263     let now = 1235;
264 
265     assert_eq!(Err(Error::UnknownLog), verify_sct(cert, sct, now, &logs));
266 }
267 
268 #[test]
ecdsa_p256_version()269 pub fn ecdsa_p256_version() {
270     let sct = include_bytes!("testdata/ecdsa_p256-version-sct.bin");
271     let cert = b"cert";
272     let logs = [&TEST_LOG_ECDSA_P256];
273     let now = 1235;
274 
275     assert_eq!(
276         Err(Error::UnsupportedSctVersion),
277         verify_sct(cert, sct, now, &logs)
278     );
279 }
280 
281 #[test]
ecdsa_p256_future()282 pub fn ecdsa_p256_future() {
283     let sct = include_bytes!("testdata/ecdsa_p256-future-sct.bin");
284     let cert = b"cert";
285     let logs = [&TEST_LOG_ECDSA_P256];
286     let now = 1233;
287 
288     assert_eq!(
289         Err(Error::TimestampInFuture),
290         verify_sct(cert, sct, now, &logs)
291     );
292 }
293 
294 #[test]
ecdsa_p256_wrongext()295 pub fn ecdsa_p256_wrongext() {
296     let sct = include_bytes!("testdata/ecdsa_p256-wrongext-sct.bin");
297     let cert = b"cert";
298     let logs = [&TEST_LOG_ECDSA_P256];
299     let now = 1235;
300 
301     assert_eq!(
302         Err(Error::InvalidSignature),
303         verify_sct(cert, sct, now, &logs)
304     );
305 }
306 
307 #[test]
ecdsa_p256_badsigalg()308 pub fn ecdsa_p256_badsigalg() {
309     let sct = include_bytes!("testdata/ecdsa_p256-badsigalg-sct.bin");
310     let cert = b"cert";
311     let logs = [&TEST_LOG_ECDSA_P256];
312     let now = 1235;
313 
314     assert_eq!(
315         Err(Error::InvalidSignature),
316         verify_sct(cert, sct, now, &logs)
317     );
318 }
319 
320 #[test]
ecdsa_p256_short()321 pub fn ecdsa_p256_short() {
322     let sct = include_bytes!("testdata/ecdsa_p256-short-sct.bin");
323     let cert = b"cert";
324     let logs = [&TEST_LOG_ECDSA_P256];
325     let now = 1234;
326 
327     for l in 0..121 {
328         assert_eq!(
329             Err(Error::MalformedSct),
330             verify_sct(cert, &sct[..l], now, &logs)
331         );
332     }
333 }
334