| Index: chrome/browser/net/certificate_error_reporter_unittest.cc
|
| diff --git a/chrome/browser/net/certificate_error_reporter_unittest.cc b/chrome/browser/net/certificate_error_reporter_unittest.cc
|
| index cc6fee791297d84342b26bed3394b335e7666a35..6d69729bf451c27e96b8eceff22f9f2f4158a91d 100644
|
| --- a/chrome/browser/net/certificate_error_reporter_unittest.cc
|
| +++ b/chrome/browser/net/certificate_error_reporter_unittest.cc
|
| @@ -19,6 +19,7 @@
|
| #include "chrome/browser/net/cert_logger.pb.h"
|
| #include "chrome/common/chrome_paths.h"
|
| #include "content/public/browser/browser_thread.h"
|
| +#include "crypto/curve25519.h"
|
| #include "net/base/load_flags.h"
|
| #include "net/base/network_delegate_impl.h"
|
| #include "net/base/test_data_directory.h"
|
| @@ -47,6 +48,7 @@ const char kHostname[] = "test.mail.google.com";
|
| const char kSecondRequestHostname[] = "test2.mail.google.com";
|
| const char kDummyFailureLog[] = "dummy failure log";
|
| const char kTestCertFilename[] = "test_mail_google_com.pem";
|
| +const uint32 kServerPublicKeyVersion = 1;
|
|
|
| SSLInfo GetTestSSLInfo() {
|
| SSLInfo info;
|
| @@ -83,7 +85,9 @@ void EnableUrlRequestMocks(bool enable) {
|
| // |GetTestSSLInfo()|). The hostname sent in the report will be erased
|
| // from |expect_hostnames|.
|
| void CheckUploadData(URLRequest* request,
|
| - std::set<std::string>* expect_hostnames) {
|
| + std::set<std::string>* expect_hostnames,
|
| + bool encrypted,
|
| + const uint8* server_private_key) {
|
| const net::UploadDataStream* upload = request->get_upload();
|
| ASSERT_TRUE(upload);
|
| ASSERT_TRUE(upload->GetElementReaders());
|
| @@ -93,9 +97,21 @@ void CheckUploadData(URLRequest* request,
|
| (*upload->GetElementReaders())[0]->AsBytesReader();
|
| ASSERT_TRUE(reader);
|
| std::string upload_data(reader->bytes(), reader->length());
|
| - chrome_browser_net::CertLoggerRequest uploaded_request;
|
|
|
| - uploaded_request.ParseFromString(upload_data);
|
| + chrome_browser_net::CertLoggerRequest uploaded_request;
|
| + if (encrypted) {
|
| + chrome_browser_net::EncryptedCertLoggerRequest encrypted_request;
|
| + encrypted_request.ParseFromString(upload_data);
|
| + EXPECT_EQ(kServerPublicKeyVersion,
|
| + encrypted_request.server_public_key_version());
|
| + EXPECT_EQ(chrome_browser_net::EncryptedCertLoggerRequest::
|
| + AEAD_ECDH_AES_128_CTR_HMAC_SHA256,
|
| + encrypted_request.algorithm());
|
| + ASSERT_TRUE(chrome_browser_net::DecryptCertificateErrorReport(
|
| + server_private_key, encrypted_request, &uploaded_request));
|
| + } else {
|
| + uploaded_request.ParseFromString(upload_data);
|
| + }
|
|
|
| EXPECT_EQ(1u, expect_hostnames->count(uploaded_request.hostname()));
|
| expect_hostnames->erase(uploaded_request.hostname());
|
| @@ -116,7 +132,11 @@ class TestCertificateErrorReporterNetworkDelegate : public NetworkDelegateImpl {
|
| : url_request_destroyed_callback_(base::Bind(&base::DoNothing)),
|
| all_url_requests_destroyed_callback_(base::Bind(&base::DoNothing)),
|
| num_requests_(0),
|
| - expect_cookies_(false) {}
|
| + expect_cookies_(false),
|
| + expect_request_encrypted_(false) {
|
| + memset(server_private_key_, 1, sizeof(server_private_key_));
|
| + crypto::curve25519::ScalarBaseMult(server_private_key_, server_public_key_);
|
| + }
|
|
|
| ~TestCertificateErrorReporterNetworkDelegate() override {}
|
|
|
| @@ -145,6 +165,10 @@ class TestCertificateErrorReporterNetworkDelegate : public NetworkDelegateImpl {
|
| expect_cookies_ = expect_cookies;
|
| }
|
|
|
| + void set_expect_request_encrypted(bool expect_request_encrypted) {
|
| + expect_request_encrypted_ = expect_request_encrypted;
|
| + }
|
| +
|
| // NetworkDelegateImpl implementation
|
| int OnBeforeURLRequest(URLRequest* request,
|
| const CompletionCallback& callback,
|
| @@ -162,7 +186,8 @@ class TestCertificateErrorReporterNetworkDelegate : public NetworkDelegateImpl {
|
| }
|
|
|
| std::string uploaded_request_hostname;
|
| - CheckUploadData(request, &expect_hostnames_);
|
| + CheckUploadData(request, &expect_hostnames_, expect_request_encrypted_,
|
| + server_private_key_);
|
| expect_hostnames_.erase(uploaded_request_hostname);
|
| return net::OK;
|
| }
|
| @@ -173,6 +198,8 @@ class TestCertificateErrorReporterNetworkDelegate : public NetworkDelegateImpl {
|
| all_url_requests_destroyed_callback_.Run();
|
| }
|
|
|
| + const uint8* server_public_key() { return server_public_key_; }
|
| +
|
| private:
|
| base::Closure url_request_destroyed_callback_;
|
| base::Closure all_url_requests_destroyed_callback_;
|
| @@ -180,6 +207,10 @@ class TestCertificateErrorReporterNetworkDelegate : public NetworkDelegateImpl {
|
| GURL expect_url_;
|
| std::set<std::string> expect_hostnames_;
|
| bool expect_cookies_;
|
| + bool expect_request_encrypted_;
|
| +
|
| + uint8 server_public_key_[32];
|
| + uint8 server_private_key_[32];
|
|
|
| DISALLOW_COPY_AND_ASSIGN(TestCertificateErrorReporterNetworkDelegate);
|
| };
|
| @@ -237,10 +268,21 @@ TEST_F(CertificateErrorReporterTest, PinningViolationSendReportSendsRequest) {
|
| }
|
|
|
| TEST_F(CertificateErrorReporterTest, ExtendedReportingSendReportSendsRequest) {
|
| - GURL url = net::URLRequestMockDataJob::GetMockHttpsUrl("dummy data", 1);
|
| - CertificateErrorReporter reporter(
|
| - context(), url, CertificateErrorReporter::DO_NOT_SEND_COOKIES);
|
| - SendReport(&reporter, network_delegate(), kHostname, url, 0,
|
| + // Data should be encrypted when sent to an HTTP URL.
|
| + GURL http_url = net::URLRequestMockDataJob::GetMockHttpUrl("dummy data", 1);
|
| + CertificateErrorReporter http_reporter(
|
| + context(), http_url, CertificateErrorReporter::DO_NOT_SEND_COOKIES,
|
| + network_delegate()->server_public_key(), kServerPublicKeyVersion);
|
| + network_delegate()->set_expect_request_encrypted(true);
|
| + SendReport(&http_reporter, network_delegate(), kHostname, http_url, 0,
|
| + CertificateErrorReporter::REPORT_TYPE_EXTENDED_REPORTING);
|
| +
|
| + // Data should not be encrypted when sent to an HTTPS URL.
|
| + GURL https_url = net::URLRequestMockDataJob::GetMockHttpsUrl("dummy data", 1);
|
| + CertificateErrorReporter https_reporter(
|
| + context(), https_url, CertificateErrorReporter::DO_NOT_SEND_COOKIES);
|
| + network_delegate()->set_expect_request_encrypted(false);
|
| + SendReport(&https_reporter, network_delegate(), kHostname, https_url, 1,
|
| CertificateErrorReporter::REPORT_TYPE_EXTENDED_REPORTING);
|
| }
|
|
|
| @@ -337,4 +379,96 @@ TEST_F(CertificateErrorReporterTest, DoNotSendCookiesPreference) {
|
| CertificateErrorReporter::REPORT_TYPE_PINNING_VIOLATION);
|
| }
|
|
|
| +// Test vectors for the AES-CTR-128-HMAC-SHA256 AEAD. (AD not
|
| +// implemented so only test vectors with empty AD are included here.)
|
| +
|
| +const char* keys[] = {
|
| + "23189bf23bc4b734410d1c7ae321c42e144a25347a8029bb925e3d8ac1b92f4eb97227c1de"
|
| + "ce86ae9dea7d127eb33f9b",
|
| + "1ad577d3b47e3fff8528e336a43a7ffef72f811e05b5c69ccfe777b10f29061e289178e394"
|
| + "a1c87ba483c7f98ea5431d",
|
| + "84172547d8608bd9e788a7bb60df2982963716e45f8e63f0c5033327d85c920c5e3776e314"
|
| + "246b1694b739c39abfa29f",
|
| + "3d9b651e65e9239c9e33aafb091b348161ab797901fd0468aedd014e4d5683c8f3f54f20ea"
|
| + "6bb07bb25dd258df7bcd5e",
|
| + "353c3e9f87b40fc0281869c68d9d9bee5c95771dd79998c059bc5ceda71f139fe447cfdf34"
|
| + "0e9eac57f232b9d230e45d",
|
| + "1ccec52c77239bdf6ca50e5b702943b23015d08cb1d9bac592b3dec4c96be904110713e52e"
|
| + "114a8bc294df26530a758a",
|
| + "0d9322713cd132c339c38ec7a75862860de304c70486b89b0f587095c66bfd1abe56f0b34f"
|
| + "9ca0dac577fd4262616600",
|
| +};
|
| +
|
| +const char* nonces[] = {
|
| + "30681944cd5d78f46d36ed8a",
|
| + "1fcaa4757a9e48ed2cb3be62",
|
| + "a3f1643bb504b7ce9e5b43c2",
|
| + "32bcf856a14437114e7814cc",
|
| + "cc7a4b46b02f4e7f96fd34e3",
|
| + "38554b7c40027afe9721e14a",
|
| + "3298d02dd4eb85a98cb935e3",
|
| +};
|
| +
|
| +const char* plaintexts[] = {
|
| + "59",
|
| + "46d30dac550103006c292a9ac05d31",
|
| + "7e76323eb13e64da9b240a57c95c855b",
|
| + "08a667c2923f87a7db6502478d32280bdc",
|
| + "44bcb61332930f606276268ddbf3287bcaedb5b25704489cbee63ec839d7a69533dbfb6e95"
|
| + "fe5b4694eb485beb1437f0777774868ecf45c8a5b3edafa1d62a",
|
| + "dac91fcdb3768df8d5ae9ddba1fe5917c084a5d9e6b14eee9a609cab2da34ec9f95cf2d10f"
|
| + "ff77108477e694c76f362e29b9a9287d8b190a748ed0a929967ff8",
|
| + "5dfedb1d168fe262d35f78d797560b2634f71d40f438c21cdcb8e73cf9884c11570554f55a"
|
| + "6abd23d0e7775a9ab385ae6c9bbd67f08d1aec57347a8fad5a4b8c7b042b03c25facbffc76"
|
| + "f0b1ce2e6c07d427eaebe71255d661ac8e8bfe8867e2d947d496ce2318a601d0beed024263"
|
| + "11ca678d036deb3b4c65b1f89bd644a410",
|
| +};
|
| +
|
| +const char* expected_ciphertexts[] = {
|
| + "92986aa8438da3cf4a98f478f90d24908c6a4e848f299873e649b256f5499d89d9",
|
| + "37616eba30c55595fa0ad5d50f91ca5c3ac4010f75adf90f81e775b07ab939e7551a9b8e04"
|
| + "86ba33766728ed498245",
|
| + "966487c18f025d67b42a04c30d3ff4c38bb03d893f0ce8ea4a6a47245bc7f20c72acf8caa4"
|
| + "66edd01365d0f74c929463",
|
| + "5e8e02cc91c732356bb9f1fc599426a3795449e878d558beff4bc7dfbb5f0195444705cfb2"
|
| + "59773b4faec524fbaca37ea0",
|
| + "d038d67b8b690519fafa7467c9fb94135f9bf0bcd8247cd2c30da62ddf37a6d9a3a9bdcf8e"
|
| + "c081fb4469c0fc2798e2e30afede7cda384438fd01e5d672dcb8db2c685a59cdf304c1fb57"
|
| + "b66966a5ca1cc3536fe21eb1113c25868428640c7d",
|
| + "e6bcb38b3bfd0b428a14bb3aca01a4a9e54b0853f10bd7750f5bb58d0e7dd18006f8929d7d"
|
| + "862e5d6601ef63be8442334b4d51a99219cfedaa31f7ab19028459c4f05d9415840c2325da"
|
| + "bbcd12dbeda31e47637437514c606dedfb8ce622edd0",
|
| + "ff09fe27f12a87d5208bf246378ee0740e848262442b8b9c7670c8a73fe6732192cde43c1a"
|
| + "1246743ed49e15ec63c87dc06eb3e0c92c1f286108b2c7e0754dcf1b9c3fc87efe3683289d"
|
| + "aabf2db71d8742061f93098788c3c6f26328b86e358507a03af296d2c29009562cad376339"
|
| + "9e0e2b89ed440f756c16214c8ab7ddfb845076c80fc76c67d6e4f9b9d470cc184db62ea7da"
|
| + "49cae44cb3ce9e46c2f2ca9e",
|
| +};
|
| +
|
| +void ParseHex(const char* in, std::string* out) {
|
| + size_t l = strlen(in);
|
| + for (size_t i = 0; i < l / 2; ++i) {
|
| + int value;
|
| + sscanf(in + 2 * i, "%02x", &value);
|
| + *out += (char)value;
|
| + }
|
| +}
|
| +
|
| +TEST_F(CertificateErrorReporterTest, Seal) {
|
| + size_t num_test_vectors = sizeof(keys) / sizeof(char*);
|
| + for (size_t i = 0; i < num_test_vectors; i++) {
|
| + std::string key;
|
| + std::string nonce;
|
| + std::string plaintext;
|
| + std::string expected_ciphertext;
|
| + std::string ciphertext;
|
| + ParseHex(keys[i], &key);
|
| + ParseHex(nonces[i], &nonce);
|
| + ParseHex(plaintexts[i], &plaintext);
|
| + ParseHex(expected_ciphertexts[i], &expected_ciphertext);
|
| + ASSERT_TRUE(chrome_browser_net::Seal(key, nonce, plaintext, &ciphertext));
|
| + EXPECT_EQ(expected_ciphertext, ciphertext);
|
| + }
|
| +}
|
| +
|
| } // namespace
|
|
|
Chromium Code Reviews
Issue 1083493003:
Encrypt certificate reports before uploading to HTTP URLs (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master