vincenzopalazzo
/
arti
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

A couple more tests in tor-cert

This commit is contained in:
Nick Mathewson 2020-11-25 09:10:49 -05:00
parent cc55469307
commit 0b443665a8
2 changed files with 61 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
tor-cert/tests/invalid_certs.rs Normal file
View File

@ -0,0 +1,46 @@
use tor_bytes::Error;
//use tor_cert::rsa::RSACrosscert;
use tor_cert::Ed25519Cert;
//use tor_checkable::{ExternallySigned, SelfSigned, Timebound};
//use std::time::{Duration, SystemTime};
use hex_literal::hex;
#[test]
fn cant_parse() {
fn decode_err(inp: &[u8]) -> Error {
Ed25519Cert::decode(inp).err().unwrap()
}
assert_eq!(
decode_err(&hex!("03")),
Error::BadMessage("Unrecognized certificate version")
);
assert_eq!(
decode_err(&hex!(
"
01 04 0006CC2A 01
F82294B866A31F01FC5D0DA8572850A9B929545C3266558D7D2316E3B74172B0
01 0021 04 00
DCB604DB2034B00FD16986D4ADB9D16B21CB4E4457A33DEC0F538903683E96E9FF
FF1A5203FA27F86EF7528D89A0845D2520166E340754FFEA2AAE0F612B7CE5DA
094A0236CDAC45034B0B6842C18E7F6B51B93A3CF7E60663B8AD061C30A62602"
)),
Error::BadMessage("wrong length on Ed25519 key")
);
assert_eq!(
decode_err(&hex!(
"
01 04 0006CC2A 01
F82294B866A31F01FC5D0DA8572850A9B929545C3266558D7D2316E3B74172B0
01 0020 09 01
DCB604DB2034B00FD16986D4ADB9D16B21CB4E4457A33DEC0F538903683E96E9
FF1A5203FA27F86EF7528D89A0845D2520166E340754FFEA2AAE0F612B7CE5DA
094A0236CDAC45034B0B6842C18E7F6B51B93A3CF7E60663B8AD061C30A62602"
)),
Error::BadMessage("unrecognized certificate extension, with 'affect_validation' flag set.")
);
}

16
tor-cert/tests/testvec_certs.rs
View File

@ -1,5 +1,5 @@
use tor_cert::rsa::RSACrosscert;
use tor_cert::Ed25519Cert;
use tor_cert::{Ed25519Cert, KeyType};
use tor_checkable::{ExternallySigned, SelfSigned, Timebound};
use std::time::{Duration, SystemTime};
@ -37,6 +37,7 @@ fn test_valid_ed() {
.check_valid_at(&notional_time)
.unwrap();
assert_eq!(cert.subject_key().key_type(), KeyType::ED25519_KEY);
assert_eq!(cert.subject_key().as_ed25519(), Some(&signing_key));
assert_eq!(cert.signing_key().unwrap(), &identity_key);
assert_eq!(cert.cert_type(), 4.into());
@ -64,7 +65,9 @@ fn test_valid_ed() {
.unwrap()
.check_valid_at(&notional_time)
.unwrap();
assert_eq!(cert.subject_key().key_type(), KeyType::SHA256_OF_X509);
assert_eq!(cert.subject_key().as_bytes(), &tls_cert_digest[..]);
assert_eq!(cert.subject_key().as_ed25519(), None);
assert_eq!(cert.signing_key().unwrap(), &signing_key);
assert_eq!(cert.cert_type(), 5.into());
assert_eq!(
@ -79,6 +82,9 @@ fn test_valid_rsa_cc() {
let pk = hex!("30818902818100d38b1e6ceb946e0db0751f4cbace3dcb9688b6c25304227b4710c35afb73627e50500f5913e158b621802612d1c75827003703338375237552eb3cd3c12f6ab3604e60c1a2d26bb1fbad206ff023969a90909d6a65a5458a5312c26ebd3a3dad30302d4515cdcd264146ac18e6fc60a04bd3ec327f04294d96ba5aa25b464c3f0203010001");
let pk = tor_llcrypto::pk::rsa::PublicKey::from_der(&pk[..]).unwrap();
let wrong_pk = hex!("30818902818100d38b1e6ceb946e0db0751f4cbace3dcb9688b6c25304227b4710c35afb73627e50500f5913e158b621802612d1c75827003703338375237552eb3cd3c12f6ab3604e60c1a2d26bb1fbad206ff023969a90909d6a65a5458a5312c26ebd6a3dad30302d4515cdcd264146ac18e6fc60a04bd3ec327f04294d96ba5aa25b464c3f0203010001");
let wrong_pk = tor_llcrypto::pk::rsa::PublicKey::from_der(&wrong_pk[..]).unwrap();
let ed_identity = hex!("DCB604DB2034B00FD16986D4ADB9D16B21CB4E4457A33DEC0F538903683E96E9");
let ed_identity = tor_llcrypto::pk::ed25519::PublicKey::from_bytes(&ed_identity[..]).unwrap();
@ -91,6 +97,14 @@ fn test_valid_rsa_cc() {
88DD5B39409B23FC3EB7B2C9F7328EB18DA36D54D80575899EA6507CCBFCDF1F"
);
let cert = RSACrosscert::decode(&c[..]).unwrap();
// This returns correct for all keys.
assert!(cert.key_is_correct(&pk).is_ok());
assert!(cert.key_is_correct(&wrong_pk).is_ok());
// But it isn't well-signed with the wrong pk.
assert!(cert.is_well_signed(&wrong_pk).is_err());
let cert = cert
.check_signature(&pk)
.unwrap()