tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

pkixocsp_CreateEncodedOCSPRequest_tests.cpp (5187B)

      1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
      2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
      3 /* This code is made available to you under your choice of the following sets
      4 * of licensing terms:
      5 */
      6 /* This Source Code Form is subject to the terms of the Mozilla Public
      7 * License, v. 2.0. If a copy of the MPL was not distributed with this
      8 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
      9 */
     10 /* Copyright 2013 Mozilla Contributors
     11 *
     12 * Licensed under the Apache License, Version 2.0 (the "License");
     13 * you may not use this file except in compliance with the License.
     14 * You may obtain a copy of the License at
     15 *
     16 *     http://www.apache.org/licenses/LICENSE-2.0
     17 *
     18 * Unless required by applicable law or agreed to in writing, software
     19 * distributed under the License is distributed on an "AS IS" BASIS,
     20 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     21 * See the License for the specific language governing permissions and
     22 * limitations under the License.
     23 */
     24 
     25 #include "pkixgtest.h"
     26 
     27 #include "mozpkix/pkixder.h"
     28 
     29 using namespace mozilla::pkix;
     30 using namespace mozilla::pkix::test;
     31 
     32 class CreateEncodedOCSPRequestTrustDomain final
     33  : public EverythingFailsByDefaultTrustDomain
     34 {
     35 private:
     36  Result DigestBuf(Input item, DigestAlgorithm digestAlg,
     37                   /*out*/ uint8_t *digestBuf, size_t digestBufLen)
     38                   override
     39  {
     40    return TestDigestBuf(item, digestAlg, digestBuf, digestBufLen);
     41  }
     42 
     43  Result CheckRSAPublicKeyModulusSizeInBits(EndEntityOrCA, unsigned int)
     44                                            override
     45  {
     46    return Success;
     47  }
     48 };
     49 
     50 class pkixocsp_CreateEncodedOCSPRequest : public ::testing::Test
     51 {
     52 protected:
     53  void MakeIssuerCertIDComponents(const char* issuerASCII,
     54                                  /*out*/ ByteString& issuerDER,
     55                                  /*out*/ ByteString& issuerSPKI)
     56  {
     57    issuerDER = CNToDERName(issuerASCII);
     58    ASSERT_FALSE(ENCODING_FAILED(issuerDER));
     59 
     60    ScopedTestKeyPair keyPair(GenerateKeyPair());
     61    ASSERT_TRUE(keyPair.get());
     62    issuerSPKI = keyPair->subjectPublicKeyInfo;
     63  }
     64 
     65  CreateEncodedOCSPRequestTrustDomain trustDomain;
     66 };
     67 
     68 // Test that the large length of the child serial number causes
     69 // CreateEncodedOCSPRequest to fail.
     70 TEST_F(pkixocsp_CreateEncodedOCSPRequest, ChildCertLongSerialNumberTest)
     71 {
     72  static const uint8_t UNSUPPORTED_LEN = 128; // must be larger than 127
     73 
     74  ByteString serialNumberString;
     75  // tag + length + value is 1 + 2 + UNSUPPORTED_LEN
     76  // Encoding the length takes two bytes: one byte to indicate that a
     77  // second byte follows, and the second byte to indicate the length.
     78  serialNumberString.push_back(0x80 + 1);
     79  serialNumberString.push_back(UNSUPPORTED_LEN);
     80  // value is 0x010000...00
     81  serialNumberString.push_back(0x01);
     82  for (size_t i = 1; i < UNSUPPORTED_LEN; ++i) {
     83    serialNumberString.push_back(0x00);
     84  }
     85 
     86  ByteString issuerDER;
     87  ByteString issuerSPKI;
     88  ASSERT_NO_FATAL_FAILURE(MakeIssuerCertIDComponents("CA", issuerDER,
     89                                                     issuerSPKI));
     90 
     91  Input issuer;
     92  ASSERT_EQ(Success, issuer.Init(issuerDER.data(), issuerDER.length()));
     93 
     94  Input spki;
     95  ASSERT_EQ(Success, spki.Init(issuerSPKI.data(), issuerSPKI.length()));
     96 
     97  Input serialNumber;
     98  ASSERT_EQ(Success, serialNumber.Init(serialNumberString.data(),
     99                                       serialNumberString.length()));
    100 
    101  uint8_t ocspRequest[OCSP_REQUEST_MAX_LENGTH];
    102  size_t ocspRequestLength;
    103  ASSERT_EQ(Result::ERROR_BAD_DER,
    104            CreateEncodedOCSPRequest(trustDomain,
    105                                     CertID(issuer, spki, serialNumber),
    106                                     ocspRequest, ocspRequestLength));
    107 }
    108 
    109 // Test that CreateEncodedOCSPRequest handles the longest serial number that
    110 // it's required to support (i.e. 20 octets).
    111 TEST_F(pkixocsp_CreateEncodedOCSPRequest, LongestSupportedSerialNumberTest)
    112 {
    113  static const uint8_t LONGEST_REQUIRED_LEN = 20;
    114 
    115  ByteString serialNumberString;
    116  // tag + length + value is 1 + 1 + LONGEST_REQUIRED_LEN
    117  serialNumberString.push_back(der::INTEGER);
    118  serialNumberString.push_back(LONGEST_REQUIRED_LEN);
    119  serialNumberString.push_back(0x01);
    120  // value is 0x010000...00
    121  for (size_t i = 1; i < LONGEST_REQUIRED_LEN; ++i) {
    122    serialNumberString.push_back(0x00);
    123  }
    124 
    125  ByteString issuerDER;
    126  ByteString issuerSPKI;
    127  ASSERT_NO_FATAL_FAILURE(MakeIssuerCertIDComponents("CA", issuerDER,
    128                                                     issuerSPKI));
    129 
    130  Input issuer;
    131  ASSERT_EQ(Success, issuer.Init(issuerDER.data(), issuerDER.length()));
    132 
    133  Input spki;
    134  ASSERT_EQ(Success, spki.Init(issuerSPKI.data(), issuerSPKI.length()));
    135 
    136  Input serialNumber;
    137  ASSERT_EQ(Success, serialNumber.Init(serialNumberString.data(),
    138                                       serialNumberString.length()));
    139 
    140  uint8_t ocspRequest[OCSP_REQUEST_MAX_LENGTH];
    141  size_t ocspRequestLength;
    142  ASSERT_EQ(Success,
    143            CreateEncodedOCSPRequest(trustDomain,
    144                                     CertID(issuer, spki, serialNumber),
    145                                     ocspRequest, ocspRequestLength));
    146 }