chrome/browser/net/certificate_error_reporter_unittest.cc - Issue 1083493003: Encrypt certificate reports before uploading to HTTP URLs

Unified Diff: chrome/browser/net/certificate_error_reporter_unittest.cc

Issue 1083493003: Encrypt certificate reports before uploading to HTTP URLs (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: make nonce/key length static functions on Aead Created 5 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« chrome/browser/net/certificate_error_reporter.cc ('K') | « chrome/browser/net/certificate_error_reporter.cc ('k') | chrome/browser/safe_browsing/ping_manager.cc » ('j') | crypto/aead_openssl.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: chrome/browser/net/certificate_error_reporter_unittest.cc

diff --git a/chrome/browser/net/certificate_error_reporter_unittest.cc b/chrome/browser/net/certificate_error_reporter_unittest.cc

index cc6fee791297d84342b26bed3394b335e7666a35..79d9efe78aa0e8474689a02f72a17ffe12b69d73 100644

--- a/chrome/browser/net/certificate_error_reporter_unittest.cc

+++ b/chrome/browser/net/certificate_error_reporter_unittest.cc

@@ -19,6 +19,7 @@

#include "chrome/browser/net/cert_logger.pb.h"

#include "chrome/common/chrome_paths.h"

#include "content/public/browser/browser_thread.h"

+#include "crypto/curve25519.h"

#include "net/base/load_flags.h"

#include "net/base/network_delegate_impl.h"

#include "net/base/test_data_directory.h"

@@ -47,6 +48,7 @@ const char kHostname[] = "test.mail.google.com";

const char kSecondRequestHostname[] = "test2.mail.google.com";

const char kDummyFailureLog[] = "dummy failure log";

const char kTestCertFilename[] = "test_mail_google_com.pem";

+const uint32 kServerPublicKeyVersion = 1;

SSLInfo GetTestSSLInfo() {

SSLInfo info;

@@ -83,7 +85,9 @@ void EnableUrlRequestMocks(bool enable) {

// |GetTestSSLInfo()|). The hostname sent in the report will be erased

// from |expect_hostnames|.

void CheckUploadData(URLRequest* request,

- std::set<std::string>* expect_hostnames) {

+ std::set<std::string>* expect_hostnames,

+ bool encrypted,

+ const uint8* server_private_key) {

const net::UploadDataStream* upload = request->get_upload();

ASSERT_TRUE(upload);

ASSERT_TRUE(upload->GetElementReaders());

@@ -93,9 +97,25 @@ void CheckUploadData(URLRequest* request,

(*upload->GetElementReaders())[0]->AsBytesReader();

ASSERT_TRUE(reader);

std::string upload_data(reader->bytes(), reader->length());

- chrome_browser_net::CertLoggerRequest uploaded_request;

+ chrome_browser_net::CertLoggerRequest uploaded_request;

+#if defined(USE_OPENSSL)

+ if (encrypted) {

+ chrome_browser_net::EncryptedCertLoggerRequest encrypted_request;

+ encrypted_request.ParseFromString(upload_data);

+ EXPECT_EQ(kServerPublicKeyVersion,

+ encrypted_request.server_public_key_version());

+ EXPECT_EQ(chrome_browser_net::EncryptedCertLoggerRequest::

+ AEAD_ECDH_AES_128_CTR_HMAC_SHA256,

+ encrypted_request.algorithm());

+ ASSERT_TRUE(chrome_browser_net::DecryptCertificateErrorReport(

+ server_private_key, encrypted_request, &uploaded_request));

+ } else {

+ uploaded_request.ParseFromString(upload_data);

agl 2015/04/21 20:28:25 check return value?

estark 2015/04/22 03:55:30 Done (and line 117)

+ }

+#else

uploaded_request.ParseFromString(upload_data);

+#endif

EXPECT_EQ(1u, expect_hostnames->count(uploaded_request.hostname()));

expect_hostnames->erase(uploaded_request.hostname());

@@ -116,7 +136,11 @@ class TestCertificateErrorReporterNetworkDelegate : public NetworkDelegateImpl {

: url_request_destroyed_callback_(base::Bind(&base::DoNothing)),

all_url_requests_destroyed_callback_(base::Bind(&base::DoNothing)),

num_requests_(0),

- expect_cookies_(false) {}

+ expect_cookies_(false),

+ expect_request_encrypted_(false) {

+ memset(server_private_key_, 1, sizeof(server_private_key_));

+ crypto::curve25519::ScalarBaseMult(server_private_key_, server_public_key_);

+ }

~TestCertificateErrorReporterNetworkDelegate() override {}

@@ -145,6 +169,10 @@ class TestCertificateErrorReporterNetworkDelegate : public NetworkDelegateImpl {

expect_cookies_ = expect_cookies;

}

+ void set_expect_request_encrypted(bool expect_request_encrypted) {

+ expect_request_encrypted_ = expect_request_encrypted;

+ }

// NetworkDelegateImpl implementation

int OnBeforeURLRequest(URLRequest* request,

const CompletionCallback& callback,

@@ -162,7 +190,8 @@ class TestCertificateErrorReporterNetworkDelegate : public NetworkDelegateImpl {

}

std::string uploaded_request_hostname;

- CheckUploadData(request, &expect_hostnames_);

+ CheckUploadData(request, &expect_hostnames_, expect_request_encrypted_,

+ server_private_key_);

expect_hostnames_.erase(uploaded_request_hostname);

return net::OK;

}

@@ -173,6 +202,8 @@ class TestCertificateErrorReporterNetworkDelegate : public NetworkDelegateImpl {

all_url_requests_destroyed_callback_.Run();

}

+ const uint8* server_public_key() { return server_public_key_; }

private:

base::Closure url_request_destroyed_callback_;

base::Closure all_url_requests_destroyed_callback_;

@@ -180,6 +211,10 @@ class TestCertificateErrorReporterNetworkDelegate : public NetworkDelegateImpl {

GURL expect_url_;

std::set<std::string> expect_hostnames_;

bool expect_cookies_;

+ bool expect_request_encrypted_;

+ uint8 server_public_key_[32];

+ uint8 server_private_key_[32];

DISALLOW_COPY_AND_ASSIGN(TestCertificateErrorReporterNetworkDelegate);

};

@@ -237,11 +272,24 @@ TEST_F(CertificateErrorReporterTest, PinningViolationSendReportSendsRequest) {

}

TEST_F(CertificateErrorReporterTest, ExtendedReportingSendReportSendsRequest) {

- GURL url = net::URLRequestMockDataJob::GetMockHttpsUrl("dummy data", 1);

- CertificateErrorReporter reporter(

- context(), url, CertificateErrorReporter::DO_NOT_SEND_COOKIES);

- SendReport(&reporter, network_delegate(), kHostname, url, 0,

+ // Data should not be encrypted when sent to an HTTPS URL.

+ GURL https_url = net::URLRequestMockDataJob::GetMockHttpsUrl("dummy data", 1);

+ CertificateErrorReporter https_reporter(

+ context(), https_url, CertificateErrorReporter::DO_NOT_SEND_COOKIES);

+ network_delegate()->set_expect_request_encrypted(false);

+ SendReport(&https_reporter, network_delegate(), kHostname, https_url, 0,

CertificateErrorReporter::REPORT_TYPE_EXTENDED_REPORTING);

+ // Data should be encrypted when sent to an HTTP URL.

+ if (CertificateErrorReporter::IsHttpUploadUrlSupported()) {

+ GURL http_url = net::URLRequestMockDataJob::GetMockHttpUrl("dummy data", 1);

+ CertificateErrorReporter http_reporter(

+ context(), http_url, CertificateErrorReporter::DO_NOT_SEND_COOKIES,

+ network_delegate()->server_public_key(), kServerPublicKeyVersion);

+ network_delegate()->set_expect_request_encrypted(true);

+ SendReport(&http_reporter, network_delegate(), kHostname, http_url, 1,

+ CertificateErrorReporter::REPORT_TYPE_EXTENDED_REPORTING);

+ }

}

TEST_F(CertificateErrorReporterTest, SendMultipleReportsSequentially) {