Cradicle Explorer
arti
/ crates / tor-cert / tests / testvec_certs.rs
testvec_certs.rs
  1  use tor_cert::rsa::RsaCrosscert;
  2  use tor_cert::{Ed25519Cert, KeyType};
  3  use tor_checkable::{ExternallySigned, SelfSigned, Timebound};
  4  
  5  use hex_literal::hex;
  6  
  7  #[test]
  8  fn test_valid_ed() {
  9      use humantime::parse_rfc3339;
 10      use tor_llcrypto::pk::ed25519::Ed25519Identity;
 11      // These are taken from a CERTS cell in a chutney network.
 12      let signing_key = hex!("F82294B866A31F01FC5D0DA8572850A9B929545C3266558D7D2316E3B74172B0");
 13      let identity_key = hex!("DCB604DB2034B00FD16986D4ADB9D16B21CB4E4457A33DEC0F538903683E96E9");
 14      let signing_key = Ed25519Identity::from_bytes(&signing_key[..]).unwrap();
 15      let identity_key = Ed25519Identity::from_bytes(&identity_key[..]).unwrap();
 16  
 17      let notional_time = parse_rfc3339("2020-09-25T02:13:20Z").unwrap();
 18  
 19      // signing cert signed with signing key, type 4, one extension.
 20      let c = hex!(
 21          "01 04 0006CC2A 01
 22           F82294B866A31F01FC5D0DA8572850A9B929545C3266558D7D2316E3B74172B0
 23           01 0020 04 00
 24           DCB604DB2034B00FD16986D4ADB9D16B21CB4E4457A33DEC0F538903683E96E9
 25           FF1A5203FA27F86EF7528D89A0845D2520166E340754FFEA2AAE0F612B7CE5DA
 26           094A0236CDAC45034B0B6842C18E7F6B51B93A3CF7E60663B8AD061C30A62602"
 27      );
 28      let cert = Ed25519Cert::decode(&c[..]).unwrap();
 29      assert_eq!(cert.peek_cert_type(), 4.into());
 30      assert_eq!(cert.peek_subject_key().as_ed25519(), Some(&signing_key));
 31      let cert = cert
 32          .should_have_signing_key()
 33          .unwrap()
 34          .check_signature()
 35          .unwrap()
 36          .check_valid_at(&notional_time)
 37          .unwrap();
 38  
 39      assert_eq!(cert.subject_key().key_type(), KeyType::ED25519_KEY);
 40      assert_eq!(cert.subject_key().as_ed25519(), Some(&signing_key));
 41      assert_eq!(cert.signing_key().unwrap(), &identity_key);
 42      assert_eq!(cert.cert_type(), 4.into());
 43      assert_eq!(
 44          cert.expiry(),
 45          parse_rfc3339("2020-10-26T18:00:00Z").unwrap()
 46      );
 47  
 48      // link cert signed with signing key, type 5, no extensions.
 49      let c = hex!(
 50          "01 05 0006C98A 03
 51           B4FD606B64E4CBD466B8D76CB131069BAE6F3AA1878857C9F624E31D77A799B8
 52           00
 53           7173E5F8068431D0D3F5EE16B4C9FFD59DF373E152A87281BAE744AA5FCF7217
 54           1BF4B27C4E8FC1C6A9FC5CA11058BC49647063D7903CFD9F512F89099B27BC0C"
 55      );
 56      let tls_cert_digest = hex!("B4FD606B64E4CBD466B8D76CB131069BAE6F3AA1878857C9F624E31D77A799B8");
 57      let cert = Ed25519Cert::decode(&c[..]).unwrap();
 58      assert_eq!(cert.peek_cert_type(), 5.into());
 59      assert_eq!(cert.peek_subject_key().as_bytes(), &tls_cert_digest[..]);
 60      let cert = cert
 61          .should_be_signed_with(&signing_key)
 62          .unwrap()
 63          .check_signature()
 64          .unwrap()
 65          .check_valid_at(&notional_time)
 66          .unwrap();
 67      assert_eq!(cert.subject_key().key_type(), KeyType::SHA256_OF_X509);
 68      assert_eq!(cert.subject_key().as_bytes(), &tls_cert_digest[..]);
 69      assert_eq!(cert.subject_key().as_ed25519(), None);
 70      assert_eq!(cert.signing_key().unwrap(), &signing_key);
 71      assert_eq!(cert.cert_type(), 5.into());
 72      assert_eq!(
 73          cert.expiry(),
 74          parse_rfc3339("2020-09-28T18:00:00Z").unwrap()
 75      );
 76  }
 77  
 78  #[test]
 79  fn test_valid_rsa_cc() {
 80      let notional_time = humantime::parse_rfc3339("2020-09-25T02:13:20Z").unwrap();
 81  
 82      let pk = hex!("30818902818100d38b1e6ceb946e0db0751f4cbace3dcb9688b6c25304227b4710c35afb73627e50500f5913e158b621802612d1c75827003703338375237552eb3cd3c12f6ab3604e60c1a2d26bb1fbad206ff023969a90909d6a65a5458a5312c26ebd3a3dad30302d4515cdcd264146ac18e6fc60a04bd3ec327f04294d96ba5aa25b464c3f0203010001");
 83      let pk = tor_llcrypto::pk::rsa::PublicKey::from_der(&pk[..]).unwrap();
 84  
 85      let wrong_pk = hex!("30818902818100d38b1e6ceb946e0db0751f4cbace3dcb9688b6c25304227b4710c35afb73627e50500f5913e158b621802612d1c75827003703338375237552eb3cd3c12f6ab3604e60c1a2d26bb1fbad206ff023969a90909d6a65a5458a5312c26ebd6a3dad30302d4515cdcd264146ac18e6fc60a04bd3ec327f04294d96ba5aa25b464c3f0203010001");
 86      let wrong_pk = tor_llcrypto::pk::rsa::PublicKey::from_der(&wrong_pk[..]).unwrap();
 87  
 88      let ed_identity = hex!("DCB604DB2034B00FD16986D4ADB9D16B21CB4E4457A33DEC0F538903683E96E9");
 89      let ed_identity = tor_llcrypto::pk::ed25519::PublicKey::from_bytes(&ed_identity).unwrap();
 90  
 91      let c = hex!(
 92          "DCB604DB2034B00FD16986D4ADB9D16B21CB4E4457A33DEC0F538903683E96E9
 93           0006DA3A 80
 94           5CF6006F9179066534DE6B45AD47A5C469063EE462762723396DC9F25452A0A5
 95           2DA3F5087DD239F2A311F6B0D4DFEFF4ABD089DC3D0237A0ABAB19EB2045B91C
 96           DCAF04BE0A72D548A27BF2E77BD876ECFE5E1BE622350DA6BF31F6E306ED8964
 97           88DD5B39409B23FC3EB7B2C9F7328EB18DA36D54D80575899EA6507CCBFCDF1F"
 98      );
 99      let cert = RsaCrosscert::decode(&c[..]).unwrap();
100  
101      // This returns correct for all keys.
102      assert!(cert.key_is_correct(&pk).is_ok());
103      assert!(cert.key_is_correct(&wrong_pk).is_ok());
104  
105      // But it isn't well-signed with the wrong pk.
106      assert!(cert.is_well_signed(&wrong_pk).is_err());
107  
108      let cert = cert
109          .check_signature(&pk)
110          .unwrap()
111          .check_valid_at(&notional_time)
112          .unwrap();
113      assert!(cert.subject_key_matches(&ed_identity.into()));
114  }