/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "BTVerifier.h"
#include "CTTestUtils.h"
#include "gtest/gtest.h"
#include "nss.h"
namespace mozilla {
namespace ct {
using namespace pkix;
struct BTSignedTreeHeadTestParams {
const char* mSubjectPublicKeyInfoHex;
pkix::DigestAlgorithm mDigestAlgorithm;
pkix::der::PublicKeyAlgorithm mPublicKeyAlgorithm;
const char* mSignedTreeHeadHex;
pkix::Result mExpectedSignedTreeHeadResult;
uint64_t mExpectedTimestamp;
uint64_t mExpectedTreeSize;
const char* mExpectedRootHashHex;
};
class BTSignedTreeHeadTest
:
public ::testing::Test,
public ::testing::WithParamInterface<BTSignedTreeHeadTestParams> {
void SetUp() override {
if (!NSS_IsInitialized()) {
if (NSS_NoDB_Init(nullptr) != SECSuccess) {
abort();
}
}
}
};
namespace ValidSTH {
#include "valid-sth.inc"
}
namespace ValidWithExtensionSTH {
#include "valid-with-extension-sth.inc"
}
namespace ValidSecp521r1SHA512STH {
#include "valid-secp521r1-sha512-sth.inc"
}
namespace SignatureCoversLogIDSTH {
#include "signature-covers-log-id-sth.inc"
}
namespace WrongSPKISTH {
#include "wrong-spki-sth.inc"
}
namespace WrongSigningKeySTH {
#include "wrong-signing-key-sth.inc"
}
namespace MissingLogIDSTH {
#include "missing-log-id-sth.inc"
}
namespace MissingTimestampSTH {
#include "missing-timestamp-sth.inc"
}
namespace MissingTreeSizeSTH {
#include "missing-tree-size-sth.inc"
}
namespace MissingRootHashSTH {
#include "missing-root-hash-sth.inc"
}
namespace MissingExtensionsSTH {
#include "missing-extensions-sth.inc"
}
namespace TruncatedLogIDSTH {
#include "truncated-log-id-sth.inc"
}
namespace TruncatedTimestampSTH {
#include "truncated-timestamp-sth.inc"
}
namespace TruncatedTreeSizeSTH {
#include "truncated-tree-size-sth.inc"
}
namespace TruncatedRootHashSTH {
#include "truncated-root-hash-sth.inc"
}
namespace TruncatedExtensionSTH {
#include "truncated-extension-sth.inc"
}
namespace RSASignerRSASPKISTH {
#include "rsa-signer-rsa-spki-sth.inc"
}
namespace RSASignerECSPKISTH {
#include "rsa-signer-ec-spki-sth.inc"
}
namespace ECSignerRSASPKISTH {
#include "ec-signer-rsa-spki-sth.inc"
}
static const char* kValidRootHashHex =
"d1a0d3947db4ae8305f2ac32985957e02659b2ea3c10da52a48d2526e9af3bbc";
static const char* kValidRootHashSHA512Hex =
"374d794a95cdcfd8b35993185fef9ba368f160d8daf432d08ba9f1ed1e5abe6c"
"c69291e0fa2fe0006a52570ef18c19def4e617c33ce52ef0a6e5fbe318cb0387";
MOZ_RUNINIT
static const BTSignedTreeHeadTestParams
BT_SIGNED_TREE_HEAD_TEST_PARAMS[] = {
{ValidSTH::kSPKIHex, pkix::DigestAlgorithm::sha256,
pkix::der::PublicKeyAlgorithm::ECDSA, ValidSTH::kSTHHex, Success,
1541189938000, 7, kValidRootHashHex},
{ValidSTH::kSPKIHex, pkix::DigestAlgorithm::sha512,
pkix::der::PublicKeyAlgorithm::ECDSA, ValidSTH::kSTHHex,
Result::ERROR_BAD_SIGNATURE, 0, 0, nullptr},
{ValidSTH::kSPKIHex, pkix::DigestAlgorithm::sha256,
pkix::der::PublicKeyAlgorithm::RSA_PKCS1, ValidSTH::kSTHHex,
Result::FATAL_ERROR_INVALID_ARGS, 0, 0, nullptr},
{ValidWithExtensionSTH::kSPKIHex, pkix::DigestAlgorithm::sha256,
pkix::der::PublicKeyAlgorithm::ECDSA, ValidWithExtensionSTH::kSTHHex,
Success, 1541189938000, 7, kValidRootHashHex},
{ValidSecp521r1SHA512STH::kSPKIHex, pkix::DigestAlgorithm::sha512,
pkix::der::PublicKeyAlgorithm::ECDSA, ValidSecp521r1SHA512STH::kSTHHex,
Success, 1542136309473, 731393445, kValidRootHashSHA512Hex},
{ValidSecp521r1SHA512STH::kSPKIHex, pkix::DigestAlgorithm::sha256,
pkix::der::PublicKeyAlgorithm::ECDSA, ValidSecp521r1SHA512STH::kSTHHex,
Result::ERROR_BAD_SIGNATURE, 0, 0, nullptr},
{ValidSTH::kSPKIHex, pkix::DigestAlgorithm::sha512,
pkix::der::PublicKeyAlgorithm::ECDSA, ValidSecp521r1SHA512STH::kSTHHex,
Result::ERROR_BAD_SIGNATURE, 0, 0, nullptr},
{SignatureCoversLogIDSTH::kSPKIHex, pkix::DigestAlgorithm::sha256,
pkix::der::PublicKeyAlgorithm::ECDSA, SignatureCoversLogIDSTH::kSTHHex,
Result::ERROR_BAD_SIGNATURE, 0, 0, nullptr},
{WrongSPKISTH::kSPKIHex, pkix::DigestAlgorithm::sha256,
pkix::der::PublicKeyAlgorithm::ECDSA, WrongSPKISTH::kSTHHex,
Result::ERROR_BAD_SIGNATURE, 0, 0, nullptr},
{WrongSigningKeySTH::kSPKIHex, pkix::DigestAlgorithm::sha256,
pkix::der::PublicKeyAlgorithm::ECDSA, WrongSigningKeySTH::kSTHHex,
Result::ERROR_BAD_SIGNATURE, 0, 0, nullptr},
{MissingLogIDSTH::kSPKIHex, pkix::DigestAlgorithm::sha256,
pkix::der::PublicKeyAlgorithm::ECDSA, MissingLogIDSTH::kSTHHex,
Result::ERROR_BAD_DER, 0, 0, nullptr},
{MissingTimestampSTH::kSPKIHex, pkix::DigestAlgorithm::sha256,
pkix::der::PublicKeyAlgorithm::ECDSA, MissingTimestampSTH::kSTHHex,
Result::ERROR_BAD_DER, 0, 0, nullptr},
{MissingTreeSizeSTH::kSPKIHex, pkix::DigestAlgorithm::sha256,
pkix::der::PublicKeyAlgorithm::ECDSA, MissingTreeSizeSTH::kSTHHex,
Result::ERROR_BAD_DER, 0, 0, nullptr},
{MissingRootHashSTH::kSPKIHex, pkix::DigestAlgorithm::sha256,
pkix::der::PublicKeyAlgorithm::ECDSA, MissingRootHashSTH::kSTHHex,
Result::ERROR_BAD_DER, 0, 0, nullptr},
{MissingExtensionsSTH::kSPKIHex, pkix::DigestAlgorithm::sha256,
pkix::der::PublicKeyAlgorithm::ECDSA, MissingExtensionsSTH::kSTHHex,
Result::ERROR_BAD_DER, 0, 0, nullptr},
{TruncatedLogIDSTH::kSPKIHex, pkix::DigestAlgorithm::sha256,
pkix::der::PublicKeyAlgorithm::ECDSA, TruncatedLogIDSTH::kSTHHex,
Result::ERROR_BAD_DER, 0, 0, nullptr},
{TruncatedTimestampSTH::kSPKIHex, pkix::DigestAlgorithm::sha256,
pkix::der::PublicKeyAlgorithm::ECDSA, TruncatedTimestampSTH::kSTHHex,
Result::ERROR_BAD_DER, 0, 0, nullptr},
{TruncatedTreeSizeSTH::kSPKIHex, pkix::DigestAlgorithm::sha256,
pkix::der::PublicKeyAlgorithm::ECDSA, TruncatedTreeSizeSTH::kSTHHex,
Result::ERROR_BAD_DER, 0, 0, nullptr},
{TruncatedRootHashSTH::kSPKIHex, pkix::DigestAlgorithm::sha256,
pkix::der::PublicKeyAlgorithm::ECDSA, TruncatedRootHashSTH::kSTHHex,
Result::ERROR_BAD_DER, 0, 0, nullptr},
{TruncatedExtensionSTH::kSPKIHex, pkix::DigestAlgorithm::sha256,
pkix::der::PublicKeyAlgorithm::ECDSA, TruncatedExtensionSTH::kSTHHex,
Result::ERROR_BAD_DER, 0, 0, nullptr},
{RSASignerRSASPKISTH::kSPKIHex, pkix::DigestAlgorithm::sha256,
pkix::der::PublicKeyAlgorithm::ECDSA, RSASignerRSASPKISTH::kSTHHex,
Result::ERROR_BAD_SIGNATURE, 0, 0, nullptr},
{RSASignerECSPKISTH::kSPKIHex, pkix::DigestAlgorithm::sha256,
pkix::der::PublicKeyAlgorithm::ECDSA, RSASignerECSPKISTH::kSTHHex,
Result::ERROR_BAD_SIGNATURE, 0, 0, nullptr},
{ECSignerRSASPKISTH::kSPKIHex, pkix::DigestAlgorithm::sha256,
pkix::der::PublicKeyAlgorithm::ECDSA, ECSignerRSASPKISTH::kSTHHex,
Result::ERROR_INVALID_KEY, 0, 0, nullptr},
};
TEST_P(BTSignedTreeHeadTest, BTSignedTreeHeadSimpleTest) {
const BTSignedTreeHeadTestParams& params(GetParam());
Buffer subjectPublicKeyInfoBuffer(
HexToBytes(params.mSubjectPublicKeyInfoHex));
Input subjectPublicKeyInfoInput = InputForBuffer(subjectPublicKeyInfoBuffer);
Buffer signedTreeHeadBuffer(HexToBytes(params.mSignedTreeHeadHex));
Input signedTreeHeadInput = InputForBuffer(signedTreeHeadBuffer);
SignedTreeHeadDataV2 sth;
EXPECT_EQ(params.mExpectedSignedTreeHeadResult,
DecodeAndVerifySignedTreeHead(
subjectPublicKeyInfoInput, params.mDigestAlgorithm,
params.mPublicKeyAlgorithm, signedTreeHeadInput, sth));
if (params.mExpectedSignedTreeHeadResult == Success) {
EXPECT_EQ(params.mExpectedTimestamp, sth.timestamp);
EXPECT_EQ(params.mExpectedTreeSize, sth.treeSize);
EXPECT_EQ(HexToBytes(params.mExpectedRootHashHex), sth.rootHash);
}
}
INSTANTIATE_TEST_SUITE_P(BTSignedTreeHeadTest, BTSignedTreeHeadTest,
testing::ValuesIn(BT_SIGNED_TREE_HEAD_TEST_PARAMS));
TEST_F(BTSignedTreeHeadTest, BTSignedTreeHeadTamperedSignatureTest) {
Buffer subjectPublicKeyInfoBuffer(HexToBytes(ValidSTH::kSPKIHex));
Input subjectPublicKeyInfoInput = InputForBuffer(subjectPublicKeyInfoBuffer);
Buffer signedTreeHeadBuffer(HexToBytes(ValidSTH::kSTHHex));
ASSERT_TRUE(signedTreeHeadBuffer.size() > 15);
signedTreeHeadBuffer[signedTreeHeadBuffer.size() - 15] ^= 0xff;
Input signedTreeHeadInput = InputForBuffer(signedTreeHeadBuffer);
SignedTreeHeadDataV2 sth;
EXPECT_EQ(Result::ERROR_BAD_SIGNATURE,
DecodeAndVerifySignedTreeHead(subjectPublicKeyInfoInput,
pkix::DigestAlgorithm::sha256,
pkix::der::PublicKeyAlgorithm::ECDSA,
signedTreeHeadInput, sth));
}
TEST_F(BTSignedTreeHeadTest, BTSignedTreeHeadTruncatedSignatureTest) {
Buffer subjectPublicKeyInfoBuffer(HexToBytes(ValidSTH::kSPKIHex));
Input subjectPublicKeyInfoInput = InputForBuffer(subjectPublicKeyInfoBuffer);
Buffer signedTreeHeadBuffer(HexToBytes(ValidSTH::kSTHHex));
ASSERT_TRUE(signedTreeHeadBuffer.size() > 17);
signedTreeHeadBuffer.resize(signedTreeHeadBuffer.size() - 17);
Input signedTreeHeadInput = InputForBuffer(signedTreeHeadBuffer);
SignedTreeHeadDataV2 sth;
EXPECT_EQ(Result::ERROR_BAD_DER,
DecodeAndVerifySignedTreeHead(subjectPublicKeyInfoInput,
pkix::DigestAlgorithm::sha256,
pkix::der::PublicKeyAlgorithm::ECDSA,
signedTreeHeadInput, sth));
}
TEST_F(BTSignedTreeHeadTest, BTSignedTreeHeadMissingSignatureTest) {
Buffer subjectPublicKeyInfoBuffer(HexToBytes(ValidSTH::kSPKIHex));
Input subjectPublicKeyInfoInput = InputForBuffer(subjectPublicKeyInfoBuffer);
Buffer signedTreeHeadBuffer = {
0x02, 0x00, 0x00,
// 1541189938000 milliseconds since the epoch
0x00, 0x00, 0x01, 0x66, 0xd6, 0x14, 0x2b, 0x50, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x07,
// 7 total nodes
0x20,
// 32 byte hash
0xd1, 0xa0, 0xd3, 0x94, 0x7d, 0xb4, 0xae, 0x83, 0x05, 0xf2, 0xac, 0x32,
0x98, 0x59, 0x57, 0xe0, 0x26, 0x59, 0xb2, 0xea, 0x3c, 0x10, 0xda, 0x52,
0xa4, 0x8d, 0x25, 0x26, 0xe9, 0xaf, 0x3b, 0xbc, 0x00,
0x00,
// no extensions
// missing signature
};
Input signedTreeHeadInput = InputForBuffer(signedTreeHeadBuffer);
SignedTreeHeadDataV2 sth;
EXPECT_EQ(Result::ERROR_BAD_DER,
DecodeAndVerifySignedTreeHead(subjectPublicKeyInfoInput,
pkix::DigestAlgorithm::sha256,
pkix::der::PublicKeyAlgorithm::ECDSA,
signedTreeHeadInput, sth));
}
}
// namespace ct
}
// namespace mozilla
