From 84814bba09d38146e71739f0af288cf9c7df8d11 Mon Sep 17 00:00:00 2001
From: Joseph Birr-Pixton <jpixton@gmail.com>
Date: Mon, 17 Jul 2017 21:27:42 +0100
Subject: [PATCH] Add more tests

---
 src/lib.rs                                |  16 +-
 src/testdata/ecdsa_p256-basic-sct.bin     | Bin 118 -> 117 bytes
 src/testdata/ecdsa_p256-future-sct.bin    | Bin 0 -> 118 bytes
 src/testdata/ecdsa_p256-junk-sct.bin      | Bin 0 -> 119 bytes
 src/testdata/ecdsa_p256-short-sct.bin     | Bin 0 -> 118 bytes
 src/testdata/ecdsa_p256-version-sct.bin   | Bin 0 -> 118 bytes
 src/testdata/ecdsa_p256-wrongcert-sct.bin | Bin 0 -> 117 bytes
 src/testdata/ecdsa_p256-wrongext-sct.bin  | Bin 0 -> 119 bytes
 src/testdata/ecdsa_p256-wrongid-sct.bin   | Bin 0 -> 118 bytes
 src/testdata/ecdsa_p256-wrongtime-sct.bin | Bin 0 -> 117 bytes
 src/testdata/ecdsa_p384-basic-sct.bin     | Bin 150 -> 151 bytes
 src/testdata/ecdsa_p384-wrongcert-sct.bin | Bin 0 -> 150 bytes
 src/testdata/ecdsa_p384-wrongtime-sct.bin | Bin 0 -> 151 bytes
 src/testdata/rsa2048-wrongcert-sct.bin    | Bin 0 -> 303 bytes
 src/testdata/rsa2048-wrongtime-sct.bin    | Bin 0 -> 303 bytes
 src/testdata/rsa3072-wrongcert-sct.bin    | Bin 0 -> 431 bytes
 src/testdata/rsa3072-wrongtime-sct.bin    | Bin 0 -> 431 bytes
 src/testdata/rsa4096-wrongcert-sct.bin    | Bin 0 -> 559 bytes
 src/testdata/rsa4096-wrongtime-sct.bin    | Bin 0 -> 559 bytes
 src/tests_generated.rs                    | 258 ++++++++++++++++++----
 test/mktest.py                            | 108 +++++++--
 21 files changed, 318 insertions(+), 64 deletions(-)
 create mode 100644 src/testdata/ecdsa_p256-future-sct.bin
 create mode 100644 src/testdata/ecdsa_p256-junk-sct.bin
 create mode 100644 src/testdata/ecdsa_p256-short-sct.bin
 create mode 100644 src/testdata/ecdsa_p256-version-sct.bin
 create mode 100644 src/testdata/ecdsa_p256-wrongcert-sct.bin
 create mode 100644 src/testdata/ecdsa_p256-wrongext-sct.bin
 create mode 100644 src/testdata/ecdsa_p256-wrongid-sct.bin
 create mode 100644 src/testdata/ecdsa_p256-wrongtime-sct.bin
 create mode 100644 src/testdata/ecdsa_p384-wrongcert-sct.bin
 create mode 100644 src/testdata/ecdsa_p384-wrongtime-sct.bin
 create mode 100644 src/testdata/rsa2048-wrongcert-sct.bin
 create mode 100644 src/testdata/rsa2048-wrongtime-sct.bin
 create mode 100644 src/testdata/rsa3072-wrongcert-sct.bin
 create mode 100644 src/testdata/rsa3072-wrongtime-sct.bin
 create mode 100644 src/testdata/rsa4096-wrongcert-sct.bin
 create mode 100644 src/testdata/rsa4096-wrongtime-sct.bin

diff --git a/src/lib.rs b/src/lib.rs
index b19bbe0..4aca7fb 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -63,11 +63,8 @@ pub enum Error {
     /// The SCT contained an invalid signature.
     InvalidSignature,
 
-    /// The SCT referenced a Log that has an invalid public key encoding.
-    InvalidKey,
-
     /// The SCT was signed in the future.  Clock skew?
-    SCTTimestampInFuture,
+    TimestampInFuture,
 
     /// The SCT had a version that this library does not handle.
     UnsupportedSCTVersion,
@@ -141,6 +138,11 @@ fn write_u24(v: u32, out: &mut Vec<u8>) {
     out.push(v as u8);
 }
 
+fn write_u16(v: u16, out: &mut Vec<u8>) {
+    out.push((v >> 8) as u8);
+    out.push(v as u8);
+}
+
 #[derive(Debug)]
 struct SCT<'a> {
     log_id: &'a [u8],
@@ -157,7 +159,6 @@ const RSA_PKCS1_SHA384: u16 = 0x0501;
 const SCT_V1: u8 = 0u8;
 const SCT_TIMESTAMP: u8 = 0u8;
 const SCT_X509_ENTRY: [u8; 2] = [0, 0];
-const SCT_NO_EXTENSION: [u8; 2] = [0, 0];
 
 impl<'a> SCT<'a> {
     fn verify(&self, key: &[u8], cert: &[u8]) -> Result<(), Error> {
@@ -176,7 +177,8 @@ impl<'a> SCT<'a> {
         data.extend_from_slice(&SCT_X509_ENTRY);
         write_u24(cert.len() as u32, &mut data);
         data.extend_from_slice(cert);
-        data.extend_from_slice(&SCT_NO_EXTENSION);
+        write_u16(self.exts.len() as u16, &mut data);
+        data.extend_from_slice(self.exts);
 
         let sig = untrusted::Input::from(self.sig);
         let data = untrusted::Input::from(&data);
@@ -249,7 +251,7 @@ pub fn verify_sct(cert: &[u8],
     sct.verify(log.key, cert)?;
 
     if sct.timestamp > at_time {
-        return Err(Error::SCTTimestampInFuture);
+        return Err(Error::TimestampInFuture);
     }
 
     Ok(i)
diff --git a/src/testdata/ecdsa_p256-basic-sct.bin b/src/testdata/ecdsa_p256-basic-sct.bin
index e75fe844bd2de52f8ff41e541231abe15cf9054c..74420b96c3ae00d604722ba6bac86d926712e8bc 100644
GIT binary patch
delta 76
zcmV-S0JHygb&xJcMleJIAX%0%1J+Pk`TXzj2335l#Nqv2yutDRi1r-Ya2#}iRRSOi
iuD6$J5{>a`9P1C_OsJq)V?&*!!A%I5I{Nk-{9bZ<;w6#*

delta 77
zcmV-T0J8sec91SeM=(VKAUX9hH(j^?5I&hK*OSUd*ifxhjqq^>1xksX)Ar^)*8(8`
jp}weWK4Kc{J#}CB_Jl94Ct|Q&CPB-M_pQ;o3jlVMCOjjL

diff --git a/src/testdata/ecdsa_p256-future-sct.bin b/src/testdata/ecdsa_p256-future-sct.bin
new file mode 100644
index 0000000000000000000000000000000000000000..e0d1107ab42ee68d7710518301ca674eed18ee96
GIT binary patch
literal 118
zcmV-+0Ezzqaok?p@DtOBiWF~2J-#!PyIR|2vTBy%I5kexkL$8e00000000Ei000C7
z07o!I0wDnL6&TXAnFo7kN1yu4pN4MnhQgLtZAM_guGwMxF3P3?APbjQ$Ss;+qldnC
Yl!d_gjcU5hx%0Tu5wYU#dPYfN4BBQkf&c&j

literal 0
HcmV?d00001

diff --git a/src/testdata/ecdsa_p256-junk-sct.bin b/src/testdata/ecdsa_p256-junk-sct.bin
new file mode 100644
index 0000000000000000000000000000000000000000..523c6fd1838ec3b30cdcb13e8b7e1978ee840042
GIT binary patch
literal 119
zcmV--0Eqtpaok?p@DtOBiWF~2J-#!PyIR|2vTBy%I5kexkL$8e00000000Ei000C7
z07o!I0wDnL6&TXAnFo7kN1yu4pN4MnhQgLtZAM_guGwMxF3P3?APbjQ$Ss;+qldnC
Zl!d_gjcU5hx%0Tu5wYU#dPYfN3}F#iHsb&Q

literal 0
HcmV?d00001

diff --git a/src/testdata/ecdsa_p256-short-sct.bin b/src/testdata/ecdsa_p256-short-sct.bin
new file mode 100644
index 0000000000000000000000000000000000000000..e0d1107ab42ee68d7710518301ca674eed18ee96
GIT binary patch
literal 118
zcmV-+0Ezzqaok?p@DtOBiWF~2J-#!PyIR|2vTBy%I5kexkL$8e00000000Ei000C7
z07o!I0wDnL6&TXAnFo7kN1yu4pN4MnhQgLtZAM_guGwMxF3P3?APbjQ$Ss;+qldnC
Yl!d_gjcU5hx%0Tu5wYU#dPYfN4BBQkf&c&j

literal 0
HcmV?d00001

diff --git a/src/testdata/ecdsa_p256-version-sct.bin b/src/testdata/ecdsa_p256-version-sct.bin
new file mode 100644
index 0000000000000000000000000000000000000000..283d1be5414ad89b8806cdeef4bfb7a857c7b8c8
GIT binary patch
literal 118
zcmV-+0Ezzraok?p@DtOBiWF~2J-#!PyIR|2vTBy%I5kexkL$8e00000000Ei000C7
z07o!I0wDnL6&TXAnFo7kN1yu4pN4MnhQgLtZAM_guGwMxF3P3?APbjQ$Ss;+qldnC
Yl!d_gjcU5hx%0Tu5wYU#dPYfN4BFf_g8%>k

literal 0
HcmV?d00001

diff --git a/src/testdata/ecdsa_p256-wrongcert-sct.bin b/src/testdata/ecdsa_p256-wrongcert-sct.bin
new file mode 100644
index 0000000000000000000000000000000000000000..6f3166753f0627e9fbc625ee0a3b8803a801e75d
GIT binary patch
literal 117
zcmV-*0E+(raok?p@DtOBiWF~2J-#!PyIR|2vTBy%I5kexkL$8e00000000Ei000C7
z07fuG0w7$>n+9jfD8&gzscJ`a>Spl?`Ktq$#0Z;}Mc%z^8ZiPOG-Q`xi88~U$#+Q(
XpLG8r8iDR&-l>~JR>tbeLxnZuB+@cq

literal 0
HcmV?d00001

diff --git a/src/testdata/ecdsa_p256-wrongext-sct.bin b/src/testdata/ecdsa_p256-wrongext-sct.bin
new file mode 100644
index 0000000000000000000000000000000000000000..ef78481737bc33b21d0ff9f0965bca1e5960b537
GIT binary patch
literal 119
zcmV--0Eqtpaok?p@DtOBiWF~2J-#!PyIR|2vTBy%I5kexkL$8e00000000Ei00BV+
z0{}-bMFJrJ@f8@-w3!EcXGfp<%%6sC@rJ^dS8YaMz^>V0`!33+0w4>QSI8}zV55h=
Zca(*|`HgD2&AIcq(GjuY?s`T^VhsPqHpBn`

literal 0
HcmV?d00001

diff --git a/src/testdata/ecdsa_p256-wrongid-sct.bin b/src/testdata/ecdsa_p256-wrongid-sct.bin
new file mode 100644
index 0000000000000000000000000000000000000000..6b7081c9bf8916c179d29c91b37264d3bf41a0a7
GIT binary patch
literal 118
zcmZQzAPTTtVqjolW^gxfWm07LC@OJj%S`s_bocqc&dhJi``C79T6nHo!hv-+6MyTS
qTE?WnJw5z{?yQ8x?fc57v>y1`o3-og&d)n83T}M#uFB0bi3b29_$8A7

literal 0
HcmV?d00001

diff --git a/src/testdata/ecdsa_p256-wrongtime-sct.bin b/src/testdata/ecdsa_p256-wrongtime-sct.bin
new file mode 100644
index 0000000000000000000000000000000000000000..ad9893c62f005145052e30726fae9c63234c82d3
GIT binary patch
literal 117
zcmZQ5yc2i(gYe~!E|Gjs+kM7Uc1PV#-IO)$k%g(>mHyY8{23sint_3ZnZeD#g-IcD
znj!PGfXJVJ-hW^Vtyy#A;osOj2S5Jr_$G6^K&GT2lu3bW-S+8OLcJd|WnS|?@>#JU
VGTC|Vl7qe+Gpv4nll~J|1OT{)H4^{;

literal 0
HcmV?d00001

diff --git a/src/testdata/ecdsa_p384-basic-sct.bin b/src/testdata/ecdsa_p384-basic-sct.bin
index 02e06e11f5018c8855b0ec4c635556b9aa80e72c..b9e06a0f5251c578fec5b1b48a6f35e5e5656a2a 100644
GIT binary patch
delta 112
zcmV-$0FVEc0ha-gE@@~mW&$w)>wxYDqj|}Scm$DEb3`dz#!)5Q5ww#p=35R3VM7_M
zzG!_U&CR+BE-nd95pq&Z0x<xj&ECmm5OveKR2i3FIdv`PBN&J%=gomZ#k;`qrlUq8
SgTkj?`L61(6FdrqrjP&eQZW<&

delta 111
zcmV-#0FeKe0hR%fE@)>kWdbn(-aHHyZebV9tPMhBK#PVk3bR|BtPO^_JcY2im=XTD
z5no_fqqsu9(QYcHtRvaT0x%$2KE(_&Jm*(9t#|%82e-q+Um^;B-(rok+q;eP*$L_N
Rm*dG0a_6z(eBkhf#f|mYG>ZTL

diff --git a/src/testdata/ecdsa_p384-wrongcert-sct.bin b/src/testdata/ecdsa_p384-wrongcert-sct.bin
new file mode 100644
index 0000000000000000000000000000000000000000..d8c61b29a8d9d8b65866f7a427d9e4d529d82425
GIT binary patch
literal 150
zcmV;H0BQdKDZB3gy4gKlOasR$=}oq*0O0*7_C{7WB&=B6X0e&+00000000Ei000F8
z0B0~|0x&tUv$;YMGeMfmXfJ+a`~2CmxR+I&i{<B@KY66ysCdC#<RmK}<3m7a+fNJ0
z=ko$F0EJvOl#pKJM)QCQy0de+g*L)@YV*I8Iem1ieDw}w;6#Nn-_>^+cGskp({7dQ
EDP~YcXaE2J

literal 0
HcmV?d00001

diff --git a/src/testdata/ecdsa_p384-wrongtime-sct.bin b/src/testdata/ecdsa_p384-wrongtime-sct.bin
new file mode 100644
index 0000000000000000000000000000000000000000..ab54f116eee6b9be64a481b9b514c4077967e44f
GIT binary patch
literal 151
zcmZS3-2I+m*G=14ALiqlFMYSIVR-OY<C|NUxyqV|J82tdzGQ%aY6b>YW`+!dG$uoa
z*A4I37gwI_s$iKITI`}3b1YExj^LKb`p=^II1-&D*Y3-xRXKZh7nhzMr=MU^kS|cn
zlC$?trU;Z?-W4J_J>IfZ_qnn}hsN`>jgCimANaUzv71u!q2+Nu*S%UVY{S*Mtp7g%
Dt4=?I

literal 0
HcmV?d00001

diff --git a/src/testdata/rsa2048-wrongcert-sct.bin b/src/testdata/rsa2048-wrongcert-sct.bin
new file mode 100644
index 0000000000000000000000000000000000000000..034f7a213c8fa2d5a8a8fa5ad8a2c7838f1d0016
GIT binary patch
literal 303
zcmV+~0nq*cZdRsVAwZXL>%A6d!#6pzH4d`wpE^}c^EVQ}Y8rA100000000Ei000C5
z0RR~mruXwjM24<Hk-_iv|HP{+&V&NO&J{W+FMcT(yUQziLOf-T+){`VgEULppl=XU
zUC^Aoq}tmpqa_Z_*^JgLj98D>xwSV?DEp{Em<o?oiZvW<xd8dI-~Q_n2IX*N%H+d$
zUCn3$*r@WM=*=E@*BdY_Y{ln&8h2bGDutEsXqaclq3|{ag|7<J{>3Ma&E;Z-7!G2u
zk?kXFNrD&uGO%(Wo?gTL%wQ>=`I@aSu~wBSZaD&WLHpDTeIY31qA;SuzxYE6u6*xM
z?1h*^RAdoQ4sM-#g+jjL)Np@gq2qFn!iWzU455fmKrYDdE<~<(+m3#v&@346L7>3f
Bj&lG2

literal 0
HcmV?d00001

diff --git a/src/testdata/rsa2048-wrongtime-sct.bin b/src/testdata/rsa2048-wrongtime-sct.bin
new file mode 100644
index 0000000000000000000000000000000000000000..83154670ae3ed596e5578b75ba1a8f0c6683815a
GIT binary patch
literal 303
zcmV+~0nq*cZdRsVAwZXL>%A6d!#6pzH4d`wpE^}c^EVQ}Y8rA1000000001c000C5
z0RYO_V6_31kxBXdhWhZDf0G%wm2;{}1{`37_x0FM?juS5y+xY3_X$j!E|68dhUR7A
z39SE9Erv68iJTG6&+GPer3lK2)CpL`EnJpsBEN1zrT>N@>axJx9W15V2vElON?#=7
z<!(1cbxt3#I~AD0n^@<Go;WQO7u4gK{he@`%^Rgy=Y={hb&YgEH}(tIQ8gXqKoT4&
zSJy97!=Z#~@SHD7=@B@BNEsoDo<g4WY=x<(U4v(4ZcK`U%%BB>wp9d7;`ZWxNR)Q@
z5KHrdR^>PHNBB&j0C)rK=M#|lfbvc!MFZEvm@nwx=Y?0(XI{w%oW3y*J=jk`wCn(0
BkCOlZ

literal 0
HcmV?d00001

diff --git a/src/testdata/rsa3072-wrongcert-sct.bin b/src/testdata/rsa3072-wrongcert-sct.bin
new file mode 100644
index 0000000000000000000000000000000000000000..52b68afa010c6d2dbec8e3cd347460991cd9fab4
GIT binary patch
literal 431
zcmV;g0Z{$`w9RzqX<4&QyO4moo~j71b&FDayI=PtS&#b1H)Tn%00000000Ei000C5
z0e~sbf0SZx3@v=Ttz}_U3?KOGGqlJ+C2of#wNgzzGh!fWgG17^bDZnPFH}?Fd?Z|n
zhO7s_PaLO~XA8!0=?-{blkeSA^MMP7sE1Yl4g+NMH1=|Hz~fh9YfPrJf&(P3E%j8z
z(MHREwMbHfG3w}dVsrc&_7FSRNnMG4w~%uN$oCt}fIX>nDiQ3=iCkI(hRp@KkQ?nY
z|C5BqL$#M?pUi?@rSw+s`)LYjmC~4BwYaWzwJyI#><~MhUFLD!GI@OU{Te|EPy`M9
zq@E`K#?vt`y5n3>Gp7jB7AhT1T+SgiNT~tem@XO=$dr(e3%wETjTvFKPBir3Wdc@;
z<n<)K5DlxAM?U??$Nn`7MjFA;P|*cFV_PFl%Z>EmmlEA}x!eRVw4*608}b)8;HJcG
z{wBj4K{Slv;-mNhzWedsCQ~flmfD+U`~!SLW0jt?r6SlioKPKU#Lp<dwgBf!DnGdg
Z+#;QWG~c!qgeH-ryiVGj^oy~A-JX3=&?Nu>

literal 0
HcmV?d00001

diff --git a/src/testdata/rsa3072-wrongtime-sct.bin b/src/testdata/rsa3072-wrongtime-sct.bin
new file mode 100644
index 0000000000000000000000000000000000000000..0621c4e8045b3dfe3d94a1f5828d708441e7e174
GIT binary patch
literal 431
zcmV;g0Z{$`w9RzqX<4&QyO4moo~j71b&FDayI=PtS&#b1H)Tn%000000001c000C5
z0f0M{jp1OmU~}(7aO~&-7O}xFQce!;W?i+}(o6K{OO!7A&OV-C&O-xy)!wvSmv3;A
z+UrN=xC--EqXa!k&4b4L&z8ax9@@^K-*4+%A}wKsjN+w!#>4naopv`!$$xYqfb#Hj
zN}~KCTF+V7&c-d6QMU?TNd@{>{*zM2kAfj=0z;KKRjg48|3aQG`YOl4s!4y5Ugh2g
zcS=Xz7y&%3?^IXe7^!hD$32~sXV<mn8D)8G#M1LHK6R7(7K`thF+yGP5vYJ}=gVz6
zPFjP|q$_r6z#mCI$XqTv=jg%4WGLm(<fb(yFH-?bEZA}p8yfbbPn*mr;0FNNY)n%V
z5X14~iWa2~G@Dt2aYML70v&%2dIe&&ukwDTy@PgCTfvQ&b2Iy3`t7Q5x`IBlSg57-
z-W@UCPLj&v=T3hIzRWUBXz4`>x&Ja;w;D+l+7S^z!-%A+Qf`ABY;2pR^0Tfudid}^
ZWF+)0mdnz^(R~h{Co?Fr5*{xx3$XvF(mntH

literal 0
HcmV?d00001

diff --git a/src/testdata/rsa4096-wrongcert-sct.bin b/src/testdata/rsa4096-wrongcert-sct.bin
new file mode 100644
index 0000000000000000000000000000000000000000..2f35fbc5eb96cc75e4edfd5bdc380c05ff5b2968
GIT binary patch
literal 559
zcmV+~0?_>c`&K6s?4a=6e+JritGZo?C@W&carO;qL6n6S$RhJ800000000Ei000C5
z0suMAIGFfuw;Re>_ltWSuqG+1lnQA?@;%1{LJEtC?iUOV1I~A|*o}iqeLMyv(*<)f
zCiF;(&4ESW!k!6}$@J@^*L{wTY)$MD%xPi|cxmQ|NrhFZZReRywtG@>fG=!vI`9M&
zt>-}DLs{$x5DIx$OrohOTG&jr3^7re3uILK%L@$&9o)U;0|m24zwzqjeUZ%oaL1iU
z-bFwJ?*z_CA~>zuP`C`%OyO!iG$t_CsJ(~{qX-U-FjyHh*TcDSNWK?>3%5>uaj&V{
z!Z*ZJ{l1RnwDV_Pi=!c!oteJXp@{@0a=^r$5DDI<`*Pv?8jz{#(CNlqXUfCjCNndi
zVZCA0nNgd0TZ_1C@9VWv$1evj*?(E{9cr?lSEVH=1NiX0SvpY4J2PtP1yVI#oUTG`
z#G_)hz2~P65lFK=z`c3na#%1JP@f>CUx>ay84H;bI$5w?&b$M%D$45QDOlH2PFAY+
zlf+7U^$hAn+qfw@_j9TF22r7U*TBn#62yDk3U=#TX6O4m$jh=_+N*k`L!B$_C=c~u
zgUX0Y2KQvzQgkMDHid5#p24dk$eU;?H>7^;VZIxo@0wMu`BA!rR&$kK@z0*YDI>q_
xQolOxiRM+0+gX9+w1%jLV2YrP2oj$lCLmZQoK#FkL2Ikpk6msfh_>0NCOay$4XgkF

literal 0
HcmV?d00001

diff --git a/src/testdata/rsa4096-wrongtime-sct.bin b/src/testdata/rsa4096-wrongtime-sct.bin
new file mode 100644
index 0000000000000000000000000000000000000000..7e05dd6191768820e9e0a355ddc49dc2962a0f4f
GIT binary patch
literal 559
zcmV+~0?_>c`&K6s?4a=6e+JritGZo?C@W&carO;qL6n6S$RhJ8000000001c000C5
z0svIO1Lo-&*>5|Lo^m}*L}8&bCEOZpw@W4wubE&n|C<0)L=*(&nWs5X9y+h&A23c!
zDI`tp@1h@8FWODFsjV@4;K5Ew%ZR>FcBio>O@^%#a|-$m6R}^i9mDnfWMRn~R*f=9
zwtC~k2u`c#(G({(Ze}>v&;p9V;kmnIy#Ps_Pq`Sw4Pr2b0MaAWk8ro^@)Bi6-_YUa
z2^o3{9k*%=vL++Ry8s=B45GQye|+4AQ|oK?-z*nYN!Pzz772<v#p8t+Q2lc()+{b9
zn)Nobn1-h!VeO_E!>vqtVbO8lTvA!R;z>*ik#KrAOfW!1b0|w19Z+wv?lh^>ybvsz
zVost$WV(TqIlQ>r?c*B&@E)H{`x)80eJ-*J%qXAO_b`JCq?y_3=0&q-G!@_NA_CdG
zA&f2|PQUt^)o7x1i|)ZY+JlG_imJ|pj{HCk%<&)yqG}PjH*Djb!(}3YJP-7|ah79t
zdL|)cCu~@ilsJd9=`;M+2E^}hs;tN2XbAtZ%<S0P>_3<{M>05=S>5b_BKZi9_R5T<
z<fbF-Vm;Jb{g8$Vh4w)cK)8Gh6CRdBc(KRq=5LH-h!{K4liJzdP<tebLcuCU-L!cu
xRJ+IRPV{ll*J*md)mS8g4j*3W(+$JvS=C0!1H%UuA=E{a-r++y@zBOQB2Phq3u*uW

literal 0
HcmV?d00001

diff --git a/src/tests_generated.rs b/src/tests_generated.rs
index 8a64042..dfaba9d 100644
--- a/src/tests_generated.rs
+++ b/src/tests_generated.rs
@@ -1,4 +1,22 @@
-use super::{Log, verify_sct};
+use super::{Log, Error, verify_sct};
+
+static TEST_LOG_ECDSA_P256: Log = Log {
+    description: "fake test ecdsa_p256 log",
+    url: "",
+    operated_by: "random python script",
+    max_merge_delay: 0,
+    key: include_bytes!("testdata/ecdsa-prime256v1-pub.raw"),
+    id: [0x71, 0xdc, 0x5e, 0xdb, 0xf0, 0x13, 0xd3, 0x88, 0x8a, 0x14, 0x6f, 0x49, 0x3d, 0xbe, 0x33, 0x94, 0xbb, 0x5a, 0xdb, 0x65, 0xb2, 0x6a, 0x96, 0xe2, 0x38, 0x35, 0x4e, 0xd4, 0x8f, 0xeb, 0xb2, 0x4f],
+};
+
+static TEST_LOG_ECDSA_P384: Log = Log {
+    description: "fake test ecdsa_p384 log",
+    url: "",
+    operated_by: "random python script",
+    max_merge_delay: 0,
+    key: include_bytes!("testdata/ecdsa-secp384r1-pub.raw"),
+    id: [0x29, 0xbb, 0xef, 0x00, 0xba, 0xd9, 0x3d, 0x5d, 0x4c, 0x03, 0xc7, 0x29, 0xe9, 0x4d, 0xb6, 0xac, 0x00, 0xe0, 0xfd, 0x28, 0xf6, 0x46, 0x56, 0x37, 0x24, 0xac, 0x58, 0xdc, 0x66, 0xb1, 0x99, 0xe9],
+};
 
 static TEST_LOG_RSA2048: Log = Log {
     description: "fake test rsa2048 log",
@@ -27,76 +45,236 @@ static TEST_LOG_RSA4096: Log = Log {
     id: [0xfb, 0x56, 0x27, 0x12, 0xec, 0xa0, 0xf0, 0xdc, 0x7f, 0x06, 0xda, 0x76, 0xab, 0xba, 0x5d, 0x88, 0x28, 0x2b, 0x62, 0xc5, 0x71, 0xf6, 0x0d, 0x69, 0x41, 0x94, 0x85, 0x16, 0xc8, 0x22, 0xf3, 0x29],
 };
 
-static TEST_LOG_ECDSA_P256: Log = Log {
-    description: "fake test ecdsa_p256 log",
-    url: "",
-    operated_by: "random python script",
-    max_merge_delay: 0,
-    key: include_bytes!("testdata/ecdsa-prime256v1-pub.raw"),
-    id: [0x71, 0xdc, 0x5e, 0xdb, 0xf0, 0x13, 0xd3, 0x88, 0x8a, 0x14, 0x6f, 0x49, 0x3d, 0xbe, 0x33, 0x94, 0xbb, 0x5a, 0xdb, 0x65, 0xb2, 0x6a, 0x96, 0xe2, 0x38, 0x35, 0x4e, 0xd4, 0x8f, 0xeb, 0xb2, 0x4f],
-};
+#[test]
+pub fn ecdsa_p256_basic() {
+    let sct = include_bytes!("testdata/ecdsa_p256-basic-sct.bin");
+    let cert = b"cert";
+    let logs = [&TEST_LOG_ECDSA_P256];
+    let now = 1235;
 
-static TEST_LOG_ECDSA_P384: Log = Log {
-    description: "fake test ecdsa_p384 log",
-    url: "",
-    operated_by: "random python script",
-    max_merge_delay: 0,
-    key: include_bytes!("testdata/ecdsa-secp384r1-pub.raw"),
-    id: [0x29, 0xbb, 0xef, 0x00, 0xba, 0xd9, 0x3d, 0x5d, 0x4c, 0x03, 0xc7, 0x29, 0xe9, 0x4d, 0xb6, 0xac, 0x00, 0xe0, 0xfd, 0x28, 0xf6, 0x46, 0x56, 0x37, 0x24, 0xac, 0x58, 0xdc, 0x66, 0xb1, 0x99, 0xe9],
-};
+    assert_eq!(Ok(0),
+               verify_sct(cert, sct, now, &logs));
+}
+
+#[test]
+pub fn ecdsa_p256_wrongtime() {
+    let sct = include_bytes!("testdata/ecdsa_p256-wrongtime-sct.bin");
+    let cert = b"cert";
+    let logs = [&TEST_LOG_ECDSA_P256];
+    let now = 1235;
+
+    assert_eq!(Err(Error::InvalidSignature),
+               verify_sct(cert, sct, now, &logs));
+}
+
+#[test]
+pub fn ecdsa_p256_wrongcert() {
+    let sct = include_bytes!("testdata/ecdsa_p256-wrongcert-sct.bin");
+    let cert = b"cert";
+    let logs = [&TEST_LOG_ECDSA_P256];
+    let now = 1235;
+
+    assert_eq!(Err(Error::InvalidSignature),
+               verify_sct(cert, sct, now, &logs));
+}
+
+#[test]
+pub fn ecdsa_p384_basic() {
+    let sct = include_bytes!("testdata/ecdsa_p384-basic-sct.bin");
+    let cert = b"cert";
+    let logs = [&TEST_LOG_ECDSA_P384];
+    let now = 1235;
+
+    assert_eq!(Ok(0),
+               verify_sct(cert, sct, now, &logs));
+}
 
 #[test]
-pub fn test_basic_rsa2048() {
+pub fn ecdsa_p384_wrongtime() {
+    let sct = include_bytes!("testdata/ecdsa_p384-wrongtime-sct.bin");
+    let cert = b"cert";
+    let logs = [&TEST_LOG_ECDSA_P384];
+    let now = 1235;
+
+    assert_eq!(Err(Error::InvalidSignature),
+               verify_sct(cert, sct, now, &logs));
+}
+
+#[test]
+pub fn ecdsa_p384_wrongcert() {
+    let sct = include_bytes!("testdata/ecdsa_p384-wrongcert-sct.bin");
+    let cert = b"cert";
+    let logs = [&TEST_LOG_ECDSA_P384];
+    let now = 1235;
+
+    assert_eq!(Err(Error::InvalidSignature),
+               verify_sct(cert, sct, now, &logs));
+}
+
+#[test]
+pub fn rsa2048_basic() {
     let sct = include_bytes!("testdata/rsa2048-basic-sct.bin");
     let cert = b"cert";
     let logs = [&TEST_LOG_RSA2048];
     let now = 1235;
-    
-    assert_eq!(0,
-               verify_sct(cert, sct, now, &logs).unwrap());
+
+    assert_eq!(Ok(0),
+               verify_sct(cert, sct, now, &logs));
 }
 
 #[test]
-pub fn test_basic_rsa3072() {
+pub fn rsa2048_wrongtime() {
+    let sct = include_bytes!("testdata/rsa2048-wrongtime-sct.bin");
+    let cert = b"cert";
+    let logs = [&TEST_LOG_RSA2048];
+    let now = 1235;
+
+    assert_eq!(Err(Error::InvalidSignature),
+               verify_sct(cert, sct, now, &logs));
+}
+
+#[test]
+pub fn rsa2048_wrongcert() {
+    let sct = include_bytes!("testdata/rsa2048-wrongcert-sct.bin");
+    let cert = b"cert";
+    let logs = [&TEST_LOG_RSA2048];
+    let now = 1235;
+
+    assert_eq!(Err(Error::InvalidSignature),
+               verify_sct(cert, sct, now, &logs));
+}
+
+#[test]
+pub fn rsa3072_basic() {
     let sct = include_bytes!("testdata/rsa3072-basic-sct.bin");
     let cert = b"cert";
     let logs = [&TEST_LOG_RSA3072];
     let now = 1235;
-    
-    assert_eq!(0,
-               verify_sct(cert, sct, now, &logs).unwrap());
+
+    assert_eq!(Ok(0),
+               verify_sct(cert, sct, now, &logs));
+}
+
+#[test]
+pub fn rsa3072_wrongtime() {
+    let sct = include_bytes!("testdata/rsa3072-wrongtime-sct.bin");
+    let cert = b"cert";
+    let logs = [&TEST_LOG_RSA3072];
+    let now = 1235;
+
+    assert_eq!(Err(Error::InvalidSignature),
+               verify_sct(cert, sct, now, &logs));
+}
+
+#[test]
+pub fn rsa3072_wrongcert() {
+    let sct = include_bytes!("testdata/rsa3072-wrongcert-sct.bin");
+    let cert = b"cert";
+    let logs = [&TEST_LOG_RSA3072];
+    let now = 1235;
+
+    assert_eq!(Err(Error::InvalidSignature),
+               verify_sct(cert, sct, now, &logs));
 }
 
 #[test]
-pub fn test_basic_rsa4096() {
+pub fn rsa4096_basic() {
     let sct = include_bytes!("testdata/rsa4096-basic-sct.bin");
     let cert = b"cert";
     let logs = [&TEST_LOG_RSA4096];
     let now = 1235;
-    
-    assert_eq!(0,
-               verify_sct(cert, sct, now, &logs).unwrap());
+
+    assert_eq!(Ok(0),
+               verify_sct(cert, sct, now, &logs));
 }
 
 #[test]
-pub fn test_basic_ecdsa_p256() {
-    let sct = include_bytes!("testdata/ecdsa_p256-basic-sct.bin");
+pub fn rsa4096_wrongtime() {
+    let sct = include_bytes!("testdata/rsa4096-wrongtime-sct.bin");
+    let cert = b"cert";
+    let logs = [&TEST_LOG_RSA4096];
+    let now = 1235;
+
+    assert_eq!(Err(Error::InvalidSignature),
+               verify_sct(cert, sct, now, &logs));
+}
+
+#[test]
+pub fn rsa4096_wrongcert() {
+    let sct = include_bytes!("testdata/rsa4096-wrongcert-sct.bin");
+    let cert = b"cert";
+    let logs = [&TEST_LOG_RSA4096];
+    let now = 1235;
+
+    assert_eq!(Err(Error::InvalidSignature),
+               verify_sct(cert, sct, now, &logs));
+}
+
+#[test]
+pub fn ecdsa_p256_junk() {
+    let sct = include_bytes!("testdata/ecdsa_p256-junk-sct.bin");
     let cert = b"cert";
     let logs = [&TEST_LOG_ECDSA_P256];
     let now = 1235;
-    
-    assert_eq!(0,
-               verify_sct(cert, sct, now, &logs).unwrap());
+
+    assert_eq!(Err(Error::MalformedSCT),
+               verify_sct(cert, sct, now, &logs));
 }
 
 #[test]
-pub fn test_basic_ecdsa_p384() {
-    let sct = include_bytes!("testdata/ecdsa_p384-basic-sct.bin");
+pub fn ecdsa_p256_wrongid() {
+    let sct = include_bytes!("testdata/ecdsa_p256-wrongid-sct.bin");
     let cert = b"cert";
-    let logs = [&TEST_LOG_ECDSA_P384];
+    let logs = [&TEST_LOG_ECDSA_P256];
+    let now = 1235;
+
+    assert_eq!(Err(Error::UnknownLog),
+               verify_sct(cert, sct, now, &logs));
+}
+
+#[test]
+pub fn ecdsa_p256_version() {
+    let sct = include_bytes!("testdata/ecdsa_p256-version-sct.bin");
+    let cert = b"cert";
+    let logs = [&TEST_LOG_ECDSA_P256];
+    let now = 1235;
+
+    assert_eq!(Err(Error::UnsupportedSCTVersion),
+               verify_sct(cert, sct, now, &logs));
+}
+
+#[test]
+pub fn ecdsa_p256_future() {
+    let sct = include_bytes!("testdata/ecdsa_p256-future-sct.bin");
+    let cert = b"cert";
+    let logs = [&TEST_LOG_ECDSA_P256];
+    let now = 1233;
+
+    assert_eq!(Err(Error::TimestampInFuture),
+               verify_sct(cert, sct, now, &logs));
+}
+
+#[test]
+pub fn ecdsa_p256_wrongext() {
+    let sct = include_bytes!("testdata/ecdsa_p256-wrongext-sct.bin");
+    let cert = b"cert";
+    let logs = [&TEST_LOG_ECDSA_P256];
     let now = 1235;
-    
-    assert_eq!(0,
-               verify_sct(cert, sct, now, &logs).unwrap());
+
+    assert_eq!(Err(Error::InvalidSignature),
+               verify_sct(cert, sct, now, &logs));
+}
+
+#[test]
+pub fn ecdsa_p256_short() {
+    let sct = include_bytes!("testdata/ecdsa_p256-short-sct.bin");
+    let cert = b"cert";
+    let logs = [&TEST_LOG_ECDSA_P256];
+    let now = 1234;
+
+    for l in 0..118 {
+        assert_eq!(Err(Error::MalformedSCT),
+                   verify_sct(cert, &sct[..l], now, &logs));
+    }
 }
 
diff --git a/test/mktest.py b/test/mktest.py
index b9e9b56..a996384 100644
--- a/test/mktest.py
+++ b/test/mktest.py
@@ -26,6 +26,7 @@ def __init__(self):
     def sign(self, key, alg, cert):
         to_sign = struct.pack('!BBQHBH', self.version, self.type, self.timestamp, self.enttype, 0, len(cert)) \
                 + cert + self.exts
+        open('sigin.bin', 'w').write(to_sign)
 
         sig = subprocess.check_output(['openssl', 'dgst', '-' + SIGALG_HASH[alg], '-sign', key, 'sigin.bin'])
         self.sig = struct.pack('!HH', alg, len(sig)) + sig
@@ -33,6 +34,16 @@ def sign(self, key, alg, cert):
     def encode(self):
         return struct.pack('!B32sQ', self.version, self.id, self.timestamp) + self.exts + self.sig
 
+    def copy(self):
+        c = SCT()
+        c.__dict__ = self.__dict__.copy()
+        return c
+
+    def having(self, **kwargs):
+        copy = self.copy()
+        copy.__dict__.update(**kwargs)
+        return copy
+
 def genrsa(len):
     priv, pub = 'rsa-%d-priv.pem' % len, 'rsa-%d-pub.pem' % len
     if not path.exists(pub):
@@ -98,11 +109,11 @@ def format_bytes(b):
     return ', '.join(map(lambda x: '0x%02x' % ord(x), b))
 
 keys = [
+    ('ecdsa_p256', genecdsa('prime256v1')),
+    ('ecdsa_p384', genecdsa('secp384r1')),
     ('rsa2048', genrsa(2048)),
     ('rsa3072', genrsa(3072)),
     ('rsa4096', genrsa(4096)),
-    ('ecdsa_p256', genecdsa('prime256v1')),
-    ('ecdsa_p384', genecdsa('secp384r1')),
 ]
 
 algs = dict(
@@ -113,13 +124,13 @@ def format_bytes(b):
         ecdsa_p384 = SIGALG_ECDSA_SHA384
         )
 
-print 'use super::{Log, verify_sct};'
+print 'use super::{Log, Error, verify_sct};'
 print
 
 for name, (priv, pub) in keys:
     pubder = convert_der(pub)
     pubraw = pubder.replace('.der', '.raw')
-    open(pubraw, 'w').write(raw_public_key(open(pubder).read()))
+    open('../src/testdata/' + pubraw, 'w').write(raw_public_key(open(pubder).read()))
 
     print """static TEST_LOG_%s: Log = Log {
     description: "fake test %s log",
@@ -134,21 +145,84 @@ def format_bytes(b):
         pubraw,
         format_bytes(keyhash(pub)))
 
-for name, (priv, pub) in keys:
-    sct = SCT()
-    sct.sign(priv, algs[name], 'cert')
-    sct.id = keyhash(pub)
+def emit_test(keyname, sctname, encoding, timestamp = 1235, expect = 'Ok(0)', extra = ''):
+    open('../src/testdata/%s-%s-sct.bin' % (keyname, sctname), 'w').write(encoding)
+
+    print """#[test]
+pub fn %(keyname)s_%(sctname)s() {
+    let sct = include_bytes!("testdata/%(keyname)s-%(sctname)s-sct.bin");
+    let cert = b"cert";
+    let logs = [&TEST_LOG_%(keyname_up)s];
+    let now = %(time)d;
+
+    assert_eq!(%(expect)s,
+               verify_sct(cert, sct, now, &logs));
+}
+""" % dict(time = timestamp,
+           sctname = sctname,
+           keyname = keyname,
+           keyname_up = keyname.upper(),
+           expect = expect)
 
-    open('%s-basic-sct.bin' % name, 'w').write(sct.encode())
+def emit_short_test(keyname, sctname, encoding, expect):
+    open('../src/testdata/%s-%s-sct.bin' % (keyname, sctname), 'w').write(encoding)
 
     print """#[test]
-pub fn test_basic_%s() {
-    let sct = include_bytes!("testdata/%s-basic-sct.bin");
+pub fn %(keyname)s_%(sctname)s() {
+    let sct = include_bytes!("testdata/%(keyname)s-%(sctname)s-sct.bin");
     let cert = b"cert";
-    let logs = [&TEST_LOG_%s];
-    let now = 1235;
-    
-    assert_eq!(0,
-               verify_sct(cert, sct, now, &logs).unwrap());
+    let logs = [&TEST_LOG_%(keyname_up)s];
+    let now = 1234;
+
+    for l in 0..%(len)d {
+        assert_eq!(%(expect)s,
+                   verify_sct(cert, &sct[..l], now, &logs));
+    }
 }
-""" % (name, name, name.upper())
+""" % dict(sctname = sctname,
+           keyname = keyname,
+           keyname_up = keyname.upper(),
+           expect = expect,
+           len = len(encoding))
+
+# basic tests of each key type
+for name, (priv, pub) in keys:
+    sct = SCT()
+    sct.sign(priv, algs[name], 'cert')
+    sct.id = keyhash(pub)
+
+    emit_test(name, 'basic', sct.encode())
+
+    emit_test(name, 'wrongtime',
+            sct.having(timestamp = 123).encode(),
+            expect = 'Err(Error::InvalidSignature)')
+
+    sct.sign(priv, algs[name], 'adsqweqweqwekimqwelqwmel')
+    emit_test(name, 'wrongcert', sct.encode(), expect = 'Err(Error::InvalidSignature)')
+
+# other tests, only for a particular key type
+name, (priv, pub) = keys[0]
+
+sct = SCT()
+sct.sign(priv, algs[name], 'cert')
+sct.id = keyhash(pub)
+
+emit_test(name, 'junk',
+        sct.encode() + 'a',
+        expect = 'Err(Error::MalformedSCT)')
+emit_test(name, 'wrongid',
+        sct.having(id = '\x00' * 32).encode(),
+        expect = 'Err(Error::UnknownLog)')
+emit_test(name, 'version',
+        sct.having(version = 1).encode(),
+        expect = 'Err(Error::UnsupportedSCTVersion)')
+emit_test(name, 'future',
+        sct.encode(),
+        timestamp = 1233,
+        expect = 'Err(Error::TimestampInFuture)')
+emit_test(name, 'wrongext',
+        sct.having(exts = '\x00\x01A').encode(),
+        expect = 'Err(Error::InvalidSignature)')
+emit_short_test(name, 'short',
+        sct.encode(),
+        expect = 'Err(Error::MalformedSCT)')