| use super::{Log, Error, verify_sct}; |
| |
| static TEST_LOG_ECDSA_P256: Log = Log { |
| description: "fake test ecdsa_p256 log", |
| url: "", |
| operated_by: "random python script", |
| max_merge_delay: 0, |
| key: include_bytes!("testdata/ecdsa-prime256v1-pub.raw"), |
| id: [0x71, 0xdc, 0x5e, 0xdb, 0xf0, 0x13, 0xd3, 0x88, 0x8a, 0x14, 0x6f, 0x49, 0x3d, 0xbe, 0x33, 0x94, 0xbb, 0x5a, 0xdb, 0x65, 0xb2, 0x6a, 0x96, 0xe2, 0x38, 0x35, 0x4e, 0xd4, 0x8f, 0xeb, 0xb2, 0x4f], |
| }; |
| |
| static TEST_LOG_ECDSA_P384: Log = Log { |
| description: "fake test ecdsa_p384 log", |
| url: "", |
| operated_by: "random python script", |
| max_merge_delay: 0, |
| key: include_bytes!("testdata/ecdsa-secp384r1-pub.raw"), |
| id: [0x29, 0xbb, 0xef, 0x00, 0xba, 0xd9, 0x3d, 0x5d, 0x4c, 0x03, 0xc7, 0x29, 0xe9, 0x4d, 0xb6, 0xac, 0x00, 0xe0, 0xfd, 0x28, 0xf6, 0x46, 0x56, 0x37, 0x24, 0xac, 0x58, 0xdc, 0x66, 0xb1, 0x99, 0xe9], |
| }; |
| |
| static TEST_LOG_RSA2048: Log = Log { |
| description: "fake test rsa2048 log", |
| url: "", |
| operated_by: "random python script", |
| max_merge_delay: 0, |
| key: include_bytes!("testdata/rsa-2048-pub.raw"), |
| id: [0x6e, 0x56, 0xa6, 0x5e, 0x21, 0x40, 0x97, 0x71, 0xeb, 0xbd, 0x16, 0x67, 0xc3, 0x37, 0x39, 0xb3, 0x35, 0x0e, 0xb2, 0xee, 0x9f, 0x3a, 0x55, 0x4c, 0xf3, 0x37, 0x12, 0xc0, 0x6a, 0x1a, 0x72, 0x0a], |
| }; |
| |
| static TEST_LOG_RSA3072: Log = Log { |
| description: "fake test rsa3072 log", |
| url: "", |
| operated_by: "random python script", |
| max_merge_delay: 0, |
| key: include_bytes!("testdata/rsa-3072-pub.raw"), |
| id: [0xb4, 0xcd, 0x74, 0xe7, 0x69, 0x59, 0xb3, 0x4e, 0xbb, 0x90, 0x80, 0xba, 0x9e, 0xaa, 0x08, 0xaf, 0x75, 0x8b, 0x52, 0x7b, 0xbb, 0x5f, 0xf7, 0x24, 0x59, 0x8f, 0xfa, 0xc7, 0x37, 0x65, 0x49, 0xb0], |
| }; |
| |
| static TEST_LOG_RSA4096: Log = Log { |
| description: "fake test rsa4096 log", |
| url: "", |
| operated_by: "random python script", |
| max_merge_delay: 0, |
| key: include_bytes!("testdata/rsa-4096-pub.raw"), |
| id: [0xfb, 0x56, 0x27, 0x12, 0xec, 0xa0, 0xf0, 0xdc, 0x7f, 0x06, 0xda, 0x76, 0xab, 0xba, 0x5d, 0x88, 0x28, 0x2b, 0x62, 0xc5, 0x71, 0xf6, 0x0d, 0x69, 0x41, 0x94, 0x85, 0x16, 0xc8, 0x22, 0xf3, 0x29], |
| }; |
| |
| #[test] |
| pub fn ecdsa_p256_basic() { |
| let sct = include_bytes!("testdata/ecdsa_p256-basic-sct.bin"); |
| let cert = b"cert"; |
| let logs = [&TEST_LOG_ECDSA_P256]; |
| let now = 1235; |
| |
| assert_eq!(Ok(0), |
| verify_sct(cert, sct, now, &logs)); |
| } |
| |
| #[test] |
| pub fn ecdsa_p256_wrongtime() { |
| let sct = include_bytes!("testdata/ecdsa_p256-wrongtime-sct.bin"); |
| let cert = b"cert"; |
| let logs = [&TEST_LOG_ECDSA_P256]; |
| let now = 1235; |
| |
| assert_eq!(Err(Error::InvalidSignature), |
| verify_sct(cert, sct, now, &logs)); |
| } |
| |
| #[test] |
| pub fn ecdsa_p256_wrongcert() { |
| let sct = include_bytes!("testdata/ecdsa_p256-wrongcert-sct.bin"); |
| let cert = b"cert"; |
| let logs = [&TEST_LOG_ECDSA_P256]; |
| let now = 1235; |
| |
| assert_eq!(Err(Error::InvalidSignature), |
| verify_sct(cert, sct, now, &logs)); |
| } |
| |
| #[test] |
| pub fn ecdsa_p384_basic() { |
| let sct = include_bytes!("testdata/ecdsa_p384-basic-sct.bin"); |
| let cert = b"cert"; |
| let logs = [&TEST_LOG_ECDSA_P384]; |
| let now = 1235; |
| |
| assert_eq!(Ok(0), |
| verify_sct(cert, sct, now, &logs)); |
| } |
| |
| #[test] |
| pub fn ecdsa_p384_wrongtime() { |
| let sct = include_bytes!("testdata/ecdsa_p384-wrongtime-sct.bin"); |
| let cert = b"cert"; |
| let logs = [&TEST_LOG_ECDSA_P384]; |
| let now = 1235; |
| |
| assert_eq!(Err(Error::InvalidSignature), |
| verify_sct(cert, sct, now, &logs)); |
| } |
| |
| #[test] |
| pub fn ecdsa_p384_wrongcert() { |
| let sct = include_bytes!("testdata/ecdsa_p384-wrongcert-sct.bin"); |
| let cert = b"cert"; |
| let logs = [&TEST_LOG_ECDSA_P384]; |
| let now = 1235; |
| |
| assert_eq!(Err(Error::InvalidSignature), |
| verify_sct(cert, sct, now, &logs)); |
| } |
| |
| #[test] |
| pub fn rsa2048_basic() { |
| let sct = include_bytes!("testdata/rsa2048-basic-sct.bin"); |
| let cert = b"cert"; |
| let logs = [&TEST_LOG_RSA2048]; |
| let now = 1235; |
| |
| assert_eq!(Ok(0), |
| verify_sct(cert, sct, now, &logs)); |
| } |
| |
| #[test] |
| pub fn rsa2048_wrongtime() { |
| let sct = include_bytes!("testdata/rsa2048-wrongtime-sct.bin"); |
| let cert = b"cert"; |
| let logs = [&TEST_LOG_RSA2048]; |
| let now = 1235; |
| |
| assert_eq!(Err(Error::InvalidSignature), |
| verify_sct(cert, sct, now, &logs)); |
| } |
| |
| #[test] |
| pub fn rsa2048_wrongcert() { |
| let sct = include_bytes!("testdata/rsa2048-wrongcert-sct.bin"); |
| let cert = b"cert"; |
| let logs = [&TEST_LOG_RSA2048]; |
| let now = 1235; |
| |
| assert_eq!(Err(Error::InvalidSignature), |
| verify_sct(cert, sct, now, &logs)); |
| } |
| |
| #[test] |
| pub fn rsa3072_basic() { |
| let sct = include_bytes!("testdata/rsa3072-basic-sct.bin"); |
| let cert = b"cert"; |
| let logs = [&TEST_LOG_RSA3072]; |
| let now = 1235; |
| |
| assert_eq!(Ok(0), |
| verify_sct(cert, sct, now, &logs)); |
| } |
| |
| #[test] |
| pub fn rsa3072_wrongtime() { |
| let sct = include_bytes!("testdata/rsa3072-wrongtime-sct.bin"); |
| let cert = b"cert"; |
| let logs = [&TEST_LOG_RSA3072]; |
| let now = 1235; |
| |
| assert_eq!(Err(Error::InvalidSignature), |
| verify_sct(cert, sct, now, &logs)); |
| } |
| |
| #[test] |
| pub fn rsa3072_wrongcert() { |
| let sct = include_bytes!("testdata/rsa3072-wrongcert-sct.bin"); |
| let cert = b"cert"; |
| let logs = [&TEST_LOG_RSA3072]; |
| let now = 1235; |
| |
| assert_eq!(Err(Error::InvalidSignature), |
| verify_sct(cert, sct, now, &logs)); |
| } |
| |
| #[test] |
| pub fn rsa4096_basic() { |
| let sct = include_bytes!("testdata/rsa4096-basic-sct.bin"); |
| let cert = b"cert"; |
| let logs = [&TEST_LOG_RSA4096]; |
| let now = 1235; |
| |
| assert_eq!(Ok(0), |
| verify_sct(cert, sct, now, &logs)); |
| } |
| |
| #[test] |
| pub fn rsa4096_wrongtime() { |
| let sct = include_bytes!("testdata/rsa4096-wrongtime-sct.bin"); |
| let cert = b"cert"; |
| let logs = [&TEST_LOG_RSA4096]; |
| let now = 1235; |
| |
| assert_eq!(Err(Error::InvalidSignature), |
| verify_sct(cert, sct, now, &logs)); |
| } |
| |
| #[test] |
| pub fn rsa4096_wrongcert() { |
| let sct = include_bytes!("testdata/rsa4096-wrongcert-sct.bin"); |
| let cert = b"cert"; |
| let logs = [&TEST_LOG_RSA4096]; |
| let now = 1235; |
| |
| assert_eq!(Err(Error::InvalidSignature), |
| verify_sct(cert, sct, now, &logs)); |
| } |
| |
| #[test] |
| pub fn ecdsa_p256_junk() { |
| let sct = include_bytes!("testdata/ecdsa_p256-junk-sct.bin"); |
| let cert = b"cert"; |
| let logs = [&TEST_LOG_ECDSA_P256]; |
| let now = 1235; |
| |
| assert_eq!(Err(Error::MalformedSCT), |
| verify_sct(cert, sct, now, &logs)); |
| } |
| |
| #[test] |
| pub fn ecdsa_p256_wrongid() { |
| let sct = include_bytes!("testdata/ecdsa_p256-wrongid-sct.bin"); |
| let cert = b"cert"; |
| let logs = [&TEST_LOG_ECDSA_P256]; |
| let now = 1235; |
| |
| assert_eq!(Err(Error::UnknownLog), |
| verify_sct(cert, sct, now, &logs)); |
| } |
| |
| #[test] |
| pub fn ecdsa_p256_version() { |
| let sct = include_bytes!("testdata/ecdsa_p256-version-sct.bin"); |
| let cert = b"cert"; |
| let logs = [&TEST_LOG_ECDSA_P256]; |
| let now = 1235; |
| |
| assert_eq!(Err(Error::UnsupportedSCTVersion), |
| verify_sct(cert, sct, now, &logs)); |
| } |
| |
| #[test] |
| pub fn ecdsa_p256_future() { |
| let sct = include_bytes!("testdata/ecdsa_p256-future-sct.bin"); |
| let cert = b"cert"; |
| let logs = [&TEST_LOG_ECDSA_P256]; |
| let now = 1233; |
| |
| assert_eq!(Err(Error::TimestampInFuture), |
| verify_sct(cert, sct, now, &logs)); |
| } |
| |
| #[test] |
| pub fn ecdsa_p256_wrongext() { |
| let sct = include_bytes!("testdata/ecdsa_p256-wrongext-sct.bin"); |
| let cert = b"cert"; |
| let logs = [&TEST_LOG_ECDSA_P256]; |
| let now = 1235; |
| |
| assert_eq!(Err(Error::InvalidSignature), |
| verify_sct(cert, sct, now, &logs)); |
| } |
| |
| #[test] |
| pub fn ecdsa_p256_badsigalg() { |
| let sct = include_bytes!("testdata/ecdsa_p256-badsigalg-sct.bin"); |
| let cert = b"cert"; |
| let logs = [&TEST_LOG_ECDSA_P256]; |
| let now = 1235; |
| |
| assert_eq!(Err(Error::InvalidSignature), |
| verify_sct(cert, sct, now, &logs)); |
| } |
| |
| #[test] |
| pub fn ecdsa_p256_short() { |
| let sct = include_bytes!("testdata/ecdsa_p256-short-sct.bin"); |
| let cert = b"cert"; |
| let logs = [&TEST_LOG_ECDSA_P256]; |
| let now = 1234; |
| |
| for l in 0..121 { |
| assert_eq!(Err(Error::MalformedSCT), |
| verify_sct(cert, &sct[..l], now, &logs)); |
| } |
| } |
| |