invalid_certs.rs
1 use tor_bytes::Error; 2 use tor_cert::CertError; 3 //use tor_cert::rsa::RsaCrosscert; 4 use tor_cert::Ed25519Cert; 5 use tor_llcrypto::pk::ed25519; 6 //use tor_checkable::{ExternallySigned, SelfSigned, Timebound}; 7 8 //use std::time::{Duration, SystemTime}; 9 10 use hex_literal::hex; 11 12 #[test] 13 fn cant_parse() { 14 fn decode_err(inp: &[u8]) -> Error { 15 Ed25519Cert::decode(inp).err().unwrap() 16 } 17 18 assert_eq!( 19 decode_err(&hex!("03")), 20 Error::InvalidMessage("Unrecognized certificate version".into()) 21 ); 22 23 assert_eq!( 24 decode_err(&hex!( 25 " 26 01 04 0006CC2A 01 27 F82294B866A31F01FC5D0DA8572850A9B929545C3266558D7D2316E3B74172B0 28 01 0021 04 00 29 DCB604DB2034B00FD16986D4ADB9D16B21CB4E4457A33DEC0F538903683E96E9FF 30 FF1A5203FA27F86EF7528D89A0845D2520166E340754FFEA2AAE0F612B7CE5DA 31 094A0236CDAC45034B0B6842C18E7F6B51B93A3CF7E60663B8AD061C30A62602" 32 )), 33 Error::InvalidMessage("wrong length on Ed25519 key".into()) 34 ); 35 36 assert_eq!( 37 decode_err(&hex!( 38 " 39 01 04 0006CC2A 01 40 F82294B866A31F01FC5D0DA8572850A9B929545C3266558D7D2316E3B74172B0 41 01 0020 09 01 42 DCB604DB2034B00FD16986D4ADB9D16B21CB4E4457A33DEC0F538903683E96E9 43 FF1A5203FA27F86EF7528D89A0845D2520166E340754FFEA2AAE0F612B7CE5DA 44 094A0236CDAC45034B0B6842C18E7F6B51B93A3CF7E60663B8AD061C30A62602" 45 )), 46 Error::InvalidMessage( 47 "unrecognized certificate extension, with 'affects_validation' flag set.".into() 48 ) 49 ); 50 } 51 52 #[test] 53 fn mismatched_signing_key() { 54 // from testvec_certs. 55 let c = hex!( 56 "01 04 0006CC2A 01 57 F82294B866A31F01FC5D0DA8572850A9B929545C3266558D7D2316E3B74172B0 58 01 0020 04 00 59 DCB604DB2034B00FD16986D4ADB9D16B21CB4E4457A33DEC0F538903683E96E9 60 FF1A5203FA27F86EF7528D89A0845D2520166E340754FFEA2AAE0F612B7CE5DA 61 094A0236CDAC45034B0B6842C18E7F6B51B93A3CF7E60663B8AD061C30A62602" 62 ); 63 let cert = Ed25519Cert::decode(&c[..]).unwrap(); 64 let not_that_key = ed25519::Ed25519Identity::from_bytes(&hex!( 65 "DCB604DB2034B00FD16986D4ADB9D16B21CB4E4457A33DEC0F538903683E96CC" 66 )) 67 .unwrap(); 68 69 // We give the wrong key to check_key, so it will tell us that 70 // wasn't what the cert contained. 71 assert_eq!( 72 cert.should_be_signed_with(¬_that_key).err().unwrap(), 73 CertError::KeyMismatch 74 ); 75 76 // from testvec_certs. 77 let c = hex!( 78 "01 05 0006C98A 03 79 B4FD606B64E4CBD466B8D76CB131069BAE6F3AA1878857C9F624E31D77A799B8 80 00 81 7173E5F8068431D0D3F5EE16B4C9FFD59DF373E152A87281BAE744AA5FCF7217 82 1BF4B27C4E8FC1C6A9FC5CA11058BC49647063D7903CFD9F512F89099B27BC0C" 83 ); 84 let cert = Ed25519Cert::decode(&c[..]).unwrap(); 85 86 // We give no key to check_key, which will tell us that there wasn't 87 // a signing-key extension in the cert. 88 assert_eq!( 89 cert.should_have_signing_key().err().unwrap(), 90 CertError::MissingPubKey 91 ); 92 } 93 94 #[test] 95 fn expired_cert() { 96 use humantime::parse_rfc3339; 97 use std::time::Duration; 98 use tor_cert::Ed25519Cert; 99 use tor_checkable::TimeValidityError; 100 use tor_checkable::{SelfSigned, Timebound}; 101 102 // The certificate in this test is taken from `testvec_certs.rs` 103 104 // This is the notion time of the certificate, exactly one day after its expiry 105 let expired_time = parse_rfc3339("2020-10-27T18:00:00Z").unwrap(); 106 107 // signing cert signed with signing key, type 4, one extension. 108 let c = hex!( 109 "01 04 0006CC2A 01 110 F82294B866A31F01FC5D0DA8572850A9B929545C3266558D7D2316E3B74172B0 111 01 0020 04 00 112 DCB604DB2034B00FD16986D4ADB9D16B21CB4E4457A33DEC0F538903683E96E9 113 FF1A5203FA27F86EF7528D89A0845D2520166E340754FFEA2AAE0F612B7CE5DA 114 094A0236CDAC45034B0B6842C18E7F6B51B93A3CF7E60663B8AD061C30A62602" 115 ); 116 let cert = Ed25519Cert::decode(&c[..]).unwrap(); 117 let error = cert 118 .should_have_signing_key() 119 .unwrap() 120 .check_signature() 121 .unwrap() 122 .check_valid_at(&expired_time) 123 .unwrap_err(); 124 125 assert_eq!( 126 error, 127 TimeValidityError::Expired(Duration::from_secs(60 * 60 * 24)) 128 ); 129 }