1*6777b538SAndroid Build Coastguard Worker // Copyright 2013 The Chromium Authors
2*6777b538SAndroid Build Coastguard Worker // Use of this source code is governed by a BSD-style license that can be
3*6777b538SAndroid Build Coastguard Worker // found in the LICENSE file.
4*6777b538SAndroid Build Coastguard Worker
5*6777b538SAndroid Build Coastguard Worker #include "net/cert/ct_serialization.h"
6*6777b538SAndroid Build Coastguard Worker
7*6777b538SAndroid Build Coastguard Worker #include <string>
8*6777b538SAndroid Build Coastguard Worker #include <string_view>
9*6777b538SAndroid Build Coastguard Worker
10*6777b538SAndroid Build Coastguard Worker #include "base/files/file_path.h"
11*6777b538SAndroid Build Coastguard Worker #include "base/files/file_util.h"
12*6777b538SAndroid Build Coastguard Worker #include "net/base/test_completion_callback.h"
13*6777b538SAndroid Build Coastguard Worker #include "net/cert/merkle_tree_leaf.h"
14*6777b538SAndroid Build Coastguard Worker #include "net/cert/signed_certificate_timestamp.h"
15*6777b538SAndroid Build Coastguard Worker #include "net/cert/signed_tree_head.h"
16*6777b538SAndroid Build Coastguard Worker #include "net/cert/x509_certificate.h"
17*6777b538SAndroid Build Coastguard Worker #include "net/test/cert_test_util.h"
18*6777b538SAndroid Build Coastguard Worker #include "net/test/ct_test_util.h"
19*6777b538SAndroid Build Coastguard Worker #include "net/test/test_data_directory.h"
20*6777b538SAndroid Build Coastguard Worker #include "testing/gmock/include/gmock/gmock.h"
21*6777b538SAndroid Build Coastguard Worker #include "testing/gtest/include/gtest/gtest.h"
22*6777b538SAndroid Build Coastguard Worker
23*6777b538SAndroid Build Coastguard Worker using ::testing::ElementsAreArray;
24*6777b538SAndroid Build Coastguard Worker
25*6777b538SAndroid Build Coastguard Worker namespace net {
26*6777b538SAndroid Build Coastguard Worker
27*6777b538SAndroid Build Coastguard Worker class CtSerializationTest : public ::testing::Test {
28*6777b538SAndroid Build Coastguard Worker public:
SetUp()29*6777b538SAndroid Build Coastguard Worker void SetUp() override {
30*6777b538SAndroid Build Coastguard Worker test_digitally_signed_ = ct::GetTestDigitallySigned();
31*6777b538SAndroid Build Coastguard Worker }
32*6777b538SAndroid Build Coastguard Worker
33*6777b538SAndroid Build Coastguard Worker protected:
34*6777b538SAndroid Build Coastguard Worker std::string test_digitally_signed_;
35*6777b538SAndroid Build Coastguard Worker };
36*6777b538SAndroid Build Coastguard Worker
TEST_F(CtSerializationTest,DecodesDigitallySigned)37*6777b538SAndroid Build Coastguard Worker TEST_F(CtSerializationTest, DecodesDigitallySigned) {
38*6777b538SAndroid Build Coastguard Worker std::string_view digitally_signed(test_digitally_signed_);
39*6777b538SAndroid Build Coastguard Worker ct::DigitallySigned parsed;
40*6777b538SAndroid Build Coastguard Worker
41*6777b538SAndroid Build Coastguard Worker ASSERT_TRUE(ct::DecodeDigitallySigned(&digitally_signed, &parsed));
42*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(
43*6777b538SAndroid Build Coastguard Worker ct::DigitallySigned::HASH_ALGO_SHA256,
44*6777b538SAndroid Build Coastguard Worker parsed.hash_algorithm);
45*6777b538SAndroid Build Coastguard Worker
46*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(
47*6777b538SAndroid Build Coastguard Worker ct::DigitallySigned::SIG_ALGO_ECDSA,
48*6777b538SAndroid Build Coastguard Worker parsed.signature_algorithm);
49*6777b538SAndroid Build Coastguard Worker
50*6777b538SAndroid Build Coastguard Worker // The encoded data contains the signature itself from the 4th byte.
51*6777b538SAndroid Build Coastguard Worker // The first bytes are:
52*6777b538SAndroid Build Coastguard Worker // 1 byte of hash algorithm
53*6777b538SAndroid Build Coastguard Worker // 1 byte of signature algorithm
54*6777b538SAndroid Build Coastguard Worker // 2 bytes - prefix containing length of the signature data.
55*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(
56*6777b538SAndroid Build Coastguard Worker test_digitally_signed_.substr(4),
57*6777b538SAndroid Build Coastguard Worker parsed.signature_data);
58*6777b538SAndroid Build Coastguard Worker }
59*6777b538SAndroid Build Coastguard Worker
60*6777b538SAndroid Build Coastguard Worker
TEST_F(CtSerializationTest,FailsToDecodePartialDigitallySigned)61*6777b538SAndroid Build Coastguard Worker TEST_F(CtSerializationTest, FailsToDecodePartialDigitallySigned) {
62*6777b538SAndroid Build Coastguard Worker std::string_view digitally_signed(test_digitally_signed_);
63*6777b538SAndroid Build Coastguard Worker std::string_view partial_digitally_signed(
64*6777b538SAndroid Build Coastguard Worker digitally_signed.substr(0, test_digitally_signed_.size() - 5));
65*6777b538SAndroid Build Coastguard Worker ct::DigitallySigned parsed;
66*6777b538SAndroid Build Coastguard Worker
67*6777b538SAndroid Build Coastguard Worker ASSERT_FALSE(ct::DecodeDigitallySigned(&partial_digitally_signed, &parsed));
68*6777b538SAndroid Build Coastguard Worker }
69*6777b538SAndroid Build Coastguard Worker
70*6777b538SAndroid Build Coastguard Worker
TEST_F(CtSerializationTest,EncodesDigitallySigned)71*6777b538SAndroid Build Coastguard Worker TEST_F(CtSerializationTest, EncodesDigitallySigned) {
72*6777b538SAndroid Build Coastguard Worker ct::DigitallySigned digitally_signed;
73*6777b538SAndroid Build Coastguard Worker digitally_signed.hash_algorithm = ct::DigitallySigned::HASH_ALGO_SHA256;
74*6777b538SAndroid Build Coastguard Worker digitally_signed.signature_algorithm = ct::DigitallySigned::SIG_ALGO_ECDSA;
75*6777b538SAndroid Build Coastguard Worker digitally_signed.signature_data = test_digitally_signed_.substr(4);
76*6777b538SAndroid Build Coastguard Worker
77*6777b538SAndroid Build Coastguard Worker std::string encoded;
78*6777b538SAndroid Build Coastguard Worker
79*6777b538SAndroid Build Coastguard Worker ASSERT_TRUE(ct::EncodeDigitallySigned(digitally_signed, &encoded));
80*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(test_digitally_signed_, encoded);
81*6777b538SAndroid Build Coastguard Worker }
82*6777b538SAndroid Build Coastguard Worker
TEST_F(CtSerializationTest,EncodesSignedEntryForX509Cert)83*6777b538SAndroid Build Coastguard Worker TEST_F(CtSerializationTest, EncodesSignedEntryForX509Cert) {
84*6777b538SAndroid Build Coastguard Worker ct::SignedEntryData entry;
85*6777b538SAndroid Build Coastguard Worker ct::GetX509CertSignedEntry(&entry);
86*6777b538SAndroid Build Coastguard Worker
87*6777b538SAndroid Build Coastguard Worker std::string encoded;
88*6777b538SAndroid Build Coastguard Worker ASSERT_TRUE(ct::EncodeSignedEntry(entry, &encoded));
89*6777b538SAndroid Build Coastguard Worker EXPECT_EQ((718U + 5U), encoded.size());
90*6777b538SAndroid Build Coastguard Worker // First two bytes are log entry type. Next, length:
91*6777b538SAndroid Build Coastguard Worker // Length is 718 which is 512 + 206, which is 0x2ce
92*6777b538SAndroid Build Coastguard Worker std::string expected_prefix("\0\0\0\x2\xCE", 5);
93*6777b538SAndroid Build Coastguard Worker // Note we use std::string comparison rather than ASSERT_STREQ due
94*6777b538SAndroid Build Coastguard Worker // to null characters in the buffer.
95*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(expected_prefix, encoded.substr(0, 5));
96*6777b538SAndroid Build Coastguard Worker }
97*6777b538SAndroid Build Coastguard Worker
TEST_F(CtSerializationTest,EncodesSignedEntryForPrecert)98*6777b538SAndroid Build Coastguard Worker TEST_F(CtSerializationTest, EncodesSignedEntryForPrecert) {
99*6777b538SAndroid Build Coastguard Worker ct::SignedEntryData entry;
100*6777b538SAndroid Build Coastguard Worker ct::GetPrecertSignedEntry(&entry);
101*6777b538SAndroid Build Coastguard Worker
102*6777b538SAndroid Build Coastguard Worker std::string encoded;
103*6777b538SAndroid Build Coastguard Worker ASSERT_TRUE(ct::EncodeSignedEntry(entry, &encoded));
104*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(604u, encoded.size());
105*6777b538SAndroid Build Coastguard Worker // First two bytes are the log entry type.
106*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(std::string("\x00\x01", 2), encoded.substr(0, 2));
107*6777b538SAndroid Build Coastguard Worker // Next comes the 32-byte issuer key hash
108*6777b538SAndroid Build Coastguard Worker EXPECT_THAT(encoded.substr(2, 32),
109*6777b538SAndroid Build Coastguard Worker ElementsAreArray(entry.issuer_key_hash.data));
110*6777b538SAndroid Build Coastguard Worker // Then the length of the TBS cert (604 bytes = 0x237)
111*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(std::string("\x00\x02\x37", 3), encoded.substr(34, 3));
112*6777b538SAndroid Build Coastguard Worker // Then the TBS cert itself
113*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(entry.tbs_certificate, encoded.substr(37));
114*6777b538SAndroid Build Coastguard Worker }
115*6777b538SAndroid Build Coastguard Worker
TEST_F(CtSerializationTest,EncodesV1SCTSignedData)116*6777b538SAndroid Build Coastguard Worker TEST_F(CtSerializationTest, EncodesV1SCTSignedData) {
117*6777b538SAndroid Build Coastguard Worker base::Time timestamp =
118*6777b538SAndroid Build Coastguard Worker base::Time::UnixEpoch() + base::Milliseconds(1348589665525);
119*6777b538SAndroid Build Coastguard Worker std::string dummy_entry("abc");
120*6777b538SAndroid Build Coastguard Worker std::string empty_extensions;
121*6777b538SAndroid Build Coastguard Worker // For now, no known failure cases.
122*6777b538SAndroid Build Coastguard Worker std::string encoded;
123*6777b538SAndroid Build Coastguard Worker ASSERT_TRUE(ct::EncodeV1SCTSignedData(
124*6777b538SAndroid Build Coastguard Worker timestamp,
125*6777b538SAndroid Build Coastguard Worker dummy_entry,
126*6777b538SAndroid Build Coastguard Worker empty_extensions,
127*6777b538SAndroid Build Coastguard Worker &encoded));
128*6777b538SAndroid Build Coastguard Worker EXPECT_EQ((size_t) 15, encoded.size());
129*6777b538SAndroid Build Coastguard Worker // Byte 0 is version, byte 1 is signature type
130*6777b538SAndroid Build Coastguard Worker // Bytes 2-10 are timestamp
131*6777b538SAndroid Build Coastguard Worker // Bytes 11-14 are the log signature
132*6777b538SAndroid Build Coastguard Worker // Byte 15 is the empty extension
133*6777b538SAndroid Build Coastguard Worker //EXPECT_EQ(0, timestamp.ToTimeT());
134*6777b538SAndroid Build Coastguard Worker std::string expected_buffer(
135*6777b538SAndroid Build Coastguard Worker "\x0\x0\x0\x0\x1\x39\xFE\x35\x3C\xF5\x61\x62\x63\x0\x0", 15);
136*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(expected_buffer, encoded);
137*6777b538SAndroid Build Coastguard Worker }
138*6777b538SAndroid Build Coastguard Worker
TEST_F(CtSerializationTest,DecodesSCTList)139*6777b538SAndroid Build Coastguard Worker TEST_F(CtSerializationTest, DecodesSCTList) {
140*6777b538SAndroid Build Coastguard Worker // Two items in the list: "abc", "def"
141*6777b538SAndroid Build Coastguard Worker std::string_view encoded("\x0\xa\x0\x3\x61\x62\x63\x0\x3\x64\x65\x66", 12);
142*6777b538SAndroid Build Coastguard Worker std::vector<std::string_view> decoded;
143*6777b538SAndroid Build Coastguard Worker
144*6777b538SAndroid Build Coastguard Worker ASSERT_TRUE(ct::DecodeSCTList(encoded, &decoded));
145*6777b538SAndroid Build Coastguard Worker ASSERT_STREQ("abc", decoded[0].data());
146*6777b538SAndroid Build Coastguard Worker ASSERT_STREQ("def", decoded[1].data());
147*6777b538SAndroid Build Coastguard Worker }
148*6777b538SAndroid Build Coastguard Worker
TEST_F(CtSerializationTest,FailsDecodingInvalidSCTList)149*6777b538SAndroid Build Coastguard Worker TEST_F(CtSerializationTest, FailsDecodingInvalidSCTList) {
150*6777b538SAndroid Build Coastguard Worker // A list with one item that's too short
151*6777b538SAndroid Build Coastguard Worker std::string_view encoded("\x0\xa\x0\x3\x61\x62\x63\x0\x5\x64\x65\x66", 12);
152*6777b538SAndroid Build Coastguard Worker std::vector<std::string_view> decoded;
153*6777b538SAndroid Build Coastguard Worker
154*6777b538SAndroid Build Coastguard Worker ASSERT_FALSE(ct::DecodeSCTList(encoded, &decoded));
155*6777b538SAndroid Build Coastguard Worker }
156*6777b538SAndroid Build Coastguard Worker
TEST_F(CtSerializationTest,EncodeSignedCertificateTimestamp)157*6777b538SAndroid Build Coastguard Worker TEST_F(CtSerializationTest, EncodeSignedCertificateTimestamp) {
158*6777b538SAndroid Build Coastguard Worker std::string encoded_test_sct(ct::GetTestSignedCertificateTimestamp());
159*6777b538SAndroid Build Coastguard Worker std::string_view encoded_sct(encoded_test_sct);
160*6777b538SAndroid Build Coastguard Worker
161*6777b538SAndroid Build Coastguard Worker scoped_refptr<ct::SignedCertificateTimestamp> sct;
162*6777b538SAndroid Build Coastguard Worker ASSERT_TRUE(ct::DecodeSignedCertificateTimestamp(&encoded_sct, &sct));
163*6777b538SAndroid Build Coastguard Worker
164*6777b538SAndroid Build Coastguard Worker std::string serialized;
165*6777b538SAndroid Build Coastguard Worker ASSERT_TRUE(ct::EncodeSignedCertificateTimestamp(sct, &serialized));
166*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(serialized, encoded_test_sct);
167*6777b538SAndroid Build Coastguard Worker }
168*6777b538SAndroid Build Coastguard Worker
TEST_F(CtSerializationTest,DecodesSignedCertificateTimestamp)169*6777b538SAndroid Build Coastguard Worker TEST_F(CtSerializationTest, DecodesSignedCertificateTimestamp) {
170*6777b538SAndroid Build Coastguard Worker std::string encoded_test_sct(ct::GetTestSignedCertificateTimestamp());
171*6777b538SAndroid Build Coastguard Worker std::string_view encoded_sct(encoded_test_sct);
172*6777b538SAndroid Build Coastguard Worker
173*6777b538SAndroid Build Coastguard Worker scoped_refptr<ct::SignedCertificateTimestamp> sct;
174*6777b538SAndroid Build Coastguard Worker ASSERT_TRUE(ct::DecodeSignedCertificateTimestamp(&encoded_sct, &sct));
175*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(0, sct->version);
176*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(ct::GetTestPublicKeyId(), sct->log_id);
177*6777b538SAndroid Build Coastguard Worker base::Time expected_time =
178*6777b538SAndroid Build Coastguard Worker base::Time::UnixEpoch() + base::Milliseconds(1365181456089);
179*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(expected_time, sct->timestamp);
180*6777b538SAndroid Build Coastguard Worker // Subtracting 4 bytes for signature data (hash & sig algs),
181*6777b538SAndroid Build Coastguard Worker // actual signature data should be 71 bytes.
182*6777b538SAndroid Build Coastguard Worker EXPECT_EQ((size_t) 71, sct->signature.signature_data.size());
183*6777b538SAndroid Build Coastguard Worker EXPECT_TRUE(sct->extensions.empty());
184*6777b538SAndroid Build Coastguard Worker }
185*6777b538SAndroid Build Coastguard Worker
TEST_F(CtSerializationTest,FailsDecodingInvalidSignedCertificateTimestamp)186*6777b538SAndroid Build Coastguard Worker TEST_F(CtSerializationTest, FailsDecodingInvalidSignedCertificateTimestamp) {
187*6777b538SAndroid Build Coastguard Worker // Invalid version
188*6777b538SAndroid Build Coastguard Worker std::string_view invalid_version_sct("\x2\x0", 2);
189*6777b538SAndroid Build Coastguard Worker scoped_refptr<ct::SignedCertificateTimestamp> sct;
190*6777b538SAndroid Build Coastguard Worker
191*6777b538SAndroid Build Coastguard Worker ASSERT_FALSE(
192*6777b538SAndroid Build Coastguard Worker ct::DecodeSignedCertificateTimestamp(&invalid_version_sct, &sct));
193*6777b538SAndroid Build Coastguard Worker
194*6777b538SAndroid Build Coastguard Worker // Valid version, invalid length (missing data)
195*6777b538SAndroid Build Coastguard Worker std::string_view invalid_length_sct("\x0\xa\xb\xc", 4);
196*6777b538SAndroid Build Coastguard Worker ASSERT_FALSE(
197*6777b538SAndroid Build Coastguard Worker ct::DecodeSignedCertificateTimestamp(&invalid_length_sct, &sct));
198*6777b538SAndroid Build Coastguard Worker }
199*6777b538SAndroid Build Coastguard Worker
TEST_F(CtSerializationTest,EncodesMerkleTreeLeafForX509Cert)200*6777b538SAndroid Build Coastguard Worker TEST_F(CtSerializationTest, EncodesMerkleTreeLeafForX509Cert) {
201*6777b538SAndroid Build Coastguard Worker ct::MerkleTreeLeaf tree_leaf;
202*6777b538SAndroid Build Coastguard Worker ct::GetX509CertTreeLeaf(&tree_leaf);
203*6777b538SAndroid Build Coastguard Worker
204*6777b538SAndroid Build Coastguard Worker std::string encoded;
205*6777b538SAndroid Build Coastguard Worker ASSERT_TRUE(ct::EncodeTreeLeaf(tree_leaf, &encoded));
206*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(741u, encoded.size()) << "Merkle tree leaf encoded incorrectly";
207*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(std::string("\x00", 1), encoded.substr(0, 1)) <<
208*6777b538SAndroid Build Coastguard Worker "Version encoded incorrectly";
209*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(std::string("\x00", 1), encoded.substr(1, 1)) <<
210*6777b538SAndroid Build Coastguard Worker "Merkle tree leaf type encoded incorrectly";
211*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(std::string("\x00\x00\x01\x45\x3c\x5f\xb8\x35", 8),
212*6777b538SAndroid Build Coastguard Worker encoded.substr(2, 8)) <<
213*6777b538SAndroid Build Coastguard Worker "Timestamp encoded incorrectly";
214*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(std::string("\x00\x00", 2), encoded.substr(10, 2)) <<
215*6777b538SAndroid Build Coastguard Worker "Log entry type encoded incorrectly";
216*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(std::string("\x00\x02\xce", 3), encoded.substr(12, 3)) <<
217*6777b538SAndroid Build Coastguard Worker "Certificate length encoded incorrectly";
218*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(tree_leaf.signed_entry.leaf_certificate, encoded.substr(15, 718))
219*6777b538SAndroid Build Coastguard Worker << "Certificate encoded incorrectly";
220*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(std::string("\x00\x06", 2), encoded.substr(733, 2)) <<
221*6777b538SAndroid Build Coastguard Worker "CT extensions length encoded incorrectly";
222*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(tree_leaf.extensions, encoded.substr(735, 6)) <<
223*6777b538SAndroid Build Coastguard Worker "CT extensions encoded incorrectly";
224*6777b538SAndroid Build Coastguard Worker }
225*6777b538SAndroid Build Coastguard Worker
TEST_F(CtSerializationTest,EncodesMerkleTreeLeafForPrecert)226*6777b538SAndroid Build Coastguard Worker TEST_F(CtSerializationTest, EncodesMerkleTreeLeafForPrecert) {
227*6777b538SAndroid Build Coastguard Worker ct::MerkleTreeLeaf tree_leaf;
228*6777b538SAndroid Build Coastguard Worker ct::GetPrecertTreeLeaf(&tree_leaf);
229*6777b538SAndroid Build Coastguard Worker
230*6777b538SAndroid Build Coastguard Worker std::string encoded;
231*6777b538SAndroid Build Coastguard Worker ASSERT_TRUE(ct::EncodeTreeLeaf(tree_leaf, &encoded));
232*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(622u, encoded.size()) << "Merkle tree leaf encoded incorrectly";
233*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(std::string("\x00", 1), encoded.substr(0, 1)) <<
234*6777b538SAndroid Build Coastguard Worker "Version encoded incorrectly";
235*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(std::string("\x00", 1), encoded.substr(1, 1)) <<
236*6777b538SAndroid Build Coastguard Worker "Merkle tree leaf type encoded incorrectly";
237*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(std::string("\x00\x00\x01\x45\x3c\x5f\xb8\x35", 8),
238*6777b538SAndroid Build Coastguard Worker encoded.substr(2, 8)) <<
239*6777b538SAndroid Build Coastguard Worker "Timestamp encoded incorrectly";
240*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(std::string("\x00\x01", 2), encoded.substr(10, 2)) <<
241*6777b538SAndroid Build Coastguard Worker "Log entry type encoded incorrectly";
242*6777b538SAndroid Build Coastguard Worker EXPECT_THAT(encoded.substr(12, 32),
243*6777b538SAndroid Build Coastguard Worker ElementsAreArray(tree_leaf.signed_entry.issuer_key_hash.data))
244*6777b538SAndroid Build Coastguard Worker << "Issuer key hash encoded incorrectly";
245*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(std::string("\x00\x02\x37", 3), encoded.substr(44, 3)) <<
246*6777b538SAndroid Build Coastguard Worker "TBS certificate length encoded incorrectly";
247*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(tree_leaf.signed_entry.tbs_certificate, encoded.substr(47, 567))
248*6777b538SAndroid Build Coastguard Worker << "TBS certificate encoded incorrectly";
249*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(std::string("\x00\x06", 2), encoded.substr(614, 2)) <<
250*6777b538SAndroid Build Coastguard Worker "CT extensions length encoded incorrectly";
251*6777b538SAndroid Build Coastguard Worker EXPECT_EQ(tree_leaf.extensions, encoded.substr(616, 6)) <<
252*6777b538SAndroid Build Coastguard Worker "CT extensions encoded incorrectly";
253*6777b538SAndroid Build Coastguard Worker }
254*6777b538SAndroid Build Coastguard Worker
TEST_F(CtSerializationTest,EncodesValidSignedTreeHead)255*6777b538SAndroid Build Coastguard Worker TEST_F(CtSerializationTest, EncodesValidSignedTreeHead) {
256*6777b538SAndroid Build Coastguard Worker ct::SignedTreeHead signed_tree_head;
257*6777b538SAndroid Build Coastguard Worker ASSERT_TRUE(GetSampleSignedTreeHead(&signed_tree_head));
258*6777b538SAndroid Build Coastguard Worker
259*6777b538SAndroid Build Coastguard Worker std::string encoded;
260*6777b538SAndroid Build Coastguard Worker ASSERT_TRUE(ct::EncodeTreeHeadSignature(signed_tree_head, &encoded));
261*6777b538SAndroid Build Coastguard Worker // Expected size is 50 bytes:
262*6777b538SAndroid Build Coastguard Worker // Byte 0 is version, byte 1 is signature type
263*6777b538SAndroid Build Coastguard Worker // Bytes 2-9 are timestamp
264*6777b538SAndroid Build Coastguard Worker // Bytes 10-17 are tree size
265*6777b538SAndroid Build Coastguard Worker // Bytes 18-49 are sha256 root hash
266*6777b538SAndroid Build Coastguard Worker ASSERT_EQ(50u, encoded.length());
267*6777b538SAndroid Build Coastguard Worker std::string expected_buffer(
268*6777b538SAndroid Build Coastguard Worker "\x0\x1\x0\x0\x1\x45\x3c\x5f\xb8\x35\x0\x0\x0\x0\x0\x0\x0\x15", 18);
269*6777b538SAndroid Build Coastguard Worker expected_buffer.append(ct::GetSampleSTHSHA256RootHash());
270*6777b538SAndroid Build Coastguard Worker ASSERT_EQ(expected_buffer, encoded);
271*6777b538SAndroid Build Coastguard Worker }
272*6777b538SAndroid Build Coastguard Worker
273*6777b538SAndroid Build Coastguard Worker } // namespace net
274