QUIC - Code to verify SCT tag with certificate transparency verifier

net/quic/crypto/proof_test.cc

 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "base/files/file_path.h"
 #include "net/base/ip_endpoint.h"
 #include "net/base/net_errors.h"
 #include "net/base/test_completion_callback.h"
 #include "net/base/test_data_directory.h"
 #include "net/cert/cert_status_flags.h"
 #include "net/cert/cert_verify_result.h"
 #include "net/cert/x509_certificate.h"
 #include "net/quic/crypto/proof_source.h"
 #include "net/quic/crypto/proof_verifier.h"
 #include "net/quic/test_tools/crypto_test_utils.h"
 #include "net/test/cert_test_util.h"
+#include "net/test/ct_test_util.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
 #if defined(OS_WIN)
 #include "base/win/windows_version.h"
 #endif
 
 using std::string;
 using std::vector;
 
 namespace net {
@@ skipping 26 matching lines @@
   bool* const ok_;
   string* const error_details_;
 };
 
 // RunVerification runs |verifier->VerifyProof| and asserts that the result
 // matches |expected_ok|.
 void RunVerification(ProofVerifier* verifier,
                      const string& hostname,
                      const string& server_config,
                      const vector<string>& certs,
+                     const string& cert_sct,
                      const string& proof,
                      bool expected_ok) {
   scoped_ptr<ProofVerifyDetails> details;
   TestCompletionCallback comp_callback;
   bool ok;
   string error_details;
   scoped_ptr<ProofVerifyContext> verify_context(
       CryptoTestUtils::ProofVerifyContextForTesting());
   TestProofVerifierCallback* callback =
       new TestProofVerifierCallback(&comp_callback, &ok, &error_details);
 
   QuicAsyncStatus status = verifier->VerifyProof(
-      hostname, server_config, certs, "", proof, verify_context.get(),
+      hostname, server_config, certs, cert_sct, proof, verify_context.get(),
       &error_details, &details, callback);
 
   switch (status) {
     case QUIC_FAILURE:
       delete callback;
       ASSERT_FALSE(expected_ok);
       ASSERT_NE("", error_details);
       return;
     case QUIC_SUCCESS:
       delete callback;
@@ skipping 40 matching lines @@
                                &first_signature, &first_cert_sct));
   ASSERT_TRUE(source->GetProof(server_ip, hostname, server_config,
                                false /* no ECDSA */, &certs, &signature,
                                &cert_sct));
 
   // Check that the proof source is caching correctly:
   ASSERT_EQ(first_certs, certs);
   ASSERT_EQ(signature, first_signature);
   ASSERT_EQ(first_cert_sct, cert_sct);
 
-  RunVerification(
-      verifier.get(), hostname, server_config, *certs, signature, true);
+  RunVerification(verifier.get(), hostname, server_config, *certs, cert_sct,
+                  signature, true);
 
-  RunVerification(
-      verifier.get(), "foo.com", server_config, *certs, signature, false);
+  RunVerification(verifier.get(), "foo.com", server_config, *certs, cert_sct,
+                  signature, false);
 
-  RunVerification(
-      verifier.get(), server_config.substr(1, string::npos), server_config,
-      *certs, signature, false);
+  RunVerification(verifier.get(), server_config.substr(1, string::npos),
+                  server_config, *certs, cert_sct, signature, false);
+
+  // We don't generate errors for corrupt SCT.

[Eran Messeri, 2015/11/18 11:14:00]

Can you / should you dig into the ProofVerifyDetails to verify that the
ct_verify_result contain the SCT as an invalid SCT in this case, and valid one
in other cases?
I noticed that ct_verify_result was only added to the
ChromiumProofVerifyDetails, not ProofVerifyDetails.

[ramant (doing other things), 2015/11/21 00:27:02]

Hi Eran,
  This is shared code with internal server. Reverted changes to this file and
added tests to chromium version of these tests.

+  const string corrupt_cert_sct = "1" + cert_sct;
+  RunVerification(verifier.get(), "foo.com", server_config, *certs,
+                  corrupt_cert_sct, signature, true);
 
   const string corrupt_signature = "1" + signature;
-  RunVerification(
-      verifier.get(), hostname, server_config, *certs, corrupt_signature,
-      false);
+  RunVerification(verifier.get(), hostname, server_config, *certs, cert_sct,
+                  corrupt_signature, false);
 
   vector<string> wrong_certs;
   for (size_t i = 1; i < certs->size(); i++) {
     wrong_certs.push_back((*certs)[i]);
   }
-  RunVerification(
-      verifier.get(), "foo.com", server_config, wrong_certs, corrupt_signature,
-      false);
+  RunVerification(verifier.get(), "foo.com", server_config, wrong_certs,
+                  corrupt_cert_sct, corrupt_signature, false);
 }
 
 // A known answer test that allows us to test ProofVerifier without a working
 // ProofSource.
 TEST(ProofTest, VerifyRSAKnownAnswerTest) {
   // These sample signatures were generated by running the Proof.Verify test
   // and dumping the bytes of the |signature| output of ProofSource::GetProof().
   static const unsigned char signature_data_0[] = {
     0x31, 0xd5, 0xfb, 0x40, 0x30, 0x75, 0xd2, 0x7d, 0x61, 0xf9, 0xd7, 0x54,
     0x30, 0x06, 0xaf, 0x54, 0x0d, 0xb0, 0x0a, 0xda, 0x63, 0xca, 0x7e, 0x9e,
@@ skipping 70 matching lines @@
   scoped_ptr<ProofVerifier> verifier(
       CryptoTestUtils::RealProofVerifierForTesting());
 
   const string server_config = "server config bytes";
   const string hostname = "test.example.com";
 
   vector<string> certs(2);
   certs[0] = LoadTestCert("test.example.com.crt");
   certs[1] = LoadTestCert("intermediate.crt");
 
+  const string cert_sct = ct::GetTestSignedCertificateTimestamp();
+
   // Signatures are nondeterministic, so we test multiple signatures on the
   // same server_config.
   vector<string> signatures(3);
   signatures[0].assign(reinterpret_cast<const char*>(signature_data_0),
                        sizeof(signature_data_0));
   signatures[1].assign(reinterpret_cast<const char*>(signature_data_1),
                        sizeof(signature_data_1));
   signatures[2].assign(reinterpret_cast<const char*>(signature_data_2),
                        sizeof(signature_data_2));
 
   for (size_t i = 0; i < signatures.size(); i++) {
     const string& signature = signatures[i];
 
-    RunVerification(
-        verifier.get(), hostname, server_config, certs, signature, true);
-    RunVerification(
-        verifier.get(), "foo.com", server_config, certs, signature, false);
-    RunVerification(
-        verifier.get(), hostname, server_config.substr(1, string::npos),
-        certs, signature, false);
+    RunVerification(verifier.get(), hostname, server_config, certs, cert_sct,
+                    signature, true);
+    RunVerification(verifier.get(), "foo.com", server_config, certs, cert_sct,
+                    signature, false);
+    RunVerification(verifier.get(), hostname,
+                    server_config.substr(1, string::npos), certs, cert_sct,
+                    signature, false);
+
+    // We don't generate errors for corrupt SCT.
+    const string corrupt_cert_sct = "1" + cert_sct;
+    RunVerification(verifier.get(), hostname, server_config, certs,
+                    corrupt_cert_sct, signature, true);
 
     const string corrupt_signature = "1" + signature;
-    RunVerification(
-        verifier.get(), hostname, server_config, certs, corrupt_signature,
-        false);
+    RunVerification(verifier.get(), hostname, server_config, certs, cert_sct,
+                    corrupt_signature, false);
 
     vector<string> wrong_certs;
     for (size_t i = 1; i < certs.size(); i++) {
       wrong_certs.push_back(certs[i]);
     }
     RunVerification(verifier.get(), hostname, server_config, wrong_certs,
-                    signature, false);
+                    cert_sct, signature, false);
   }
 }
 
 // A known answer test that allows us to test ProofVerifier without a working
 // ProofSource.
 TEST(ProofTest, VerifyECDSAKnownAnswerTest) {
   // Disable this test on platforms that do not support ECDSA certificates.
 #if defined(OS_WIN)
   if (base::win::GetVersion() < base::win::VERSION_VISTA)
     return;
@@ skipping 30 matching lines @@
   scoped_ptr<ProofVerifier> verifier(
       CryptoTestUtils::RealProofVerifierForTesting());
 
   const string server_config = "server config bytes";
   const string hostname = "test.example.com";
 
   vector<string> certs(2);
   certs[0] = LoadTestCert("test_ecc.example.com.crt");
   certs[1] = LoadTestCert("intermediate.crt");
 
+  const string cert_sct = ct::GetTestSignedCertificateTimestamp();
+
   // Signatures are nondeterministic, so we test multiple signatures on the
   // same server_config.
   vector<string> signatures(3);
   signatures[0].assign(reinterpret_cast<const char*>(signature_data_0),
                        sizeof(signature_data_0));
   signatures[1].assign(reinterpret_cast<const char*>(signature_data_1),
                        sizeof(signature_data_1));
   signatures[2].assign(reinterpret_cast<const char*>(signature_data_2),
                        sizeof(signature_data_2));
 
   for (size_t i = 0; i < signatures.size(); i++) {
     const string& signature = signatures[i];
 
-    RunVerification(
-        verifier.get(), hostname, server_config, certs, signature, true);
-    RunVerification(
-        verifier.get(), "foo.com", server_config, certs, signature, false);
-    RunVerification(
-        verifier.get(), hostname, server_config.substr(1, string::npos),
-        certs, signature, false);
+    RunVerification(verifier.get(), hostname, server_config, certs, cert_sct,
+                    signature, true);
+    RunVerification(verifier.get(), "foo.com", server_config, certs, cert_sct,
+                    signature, false);
+    RunVerification(verifier.get(), hostname,
+                    server_config.substr(1, string::npos), certs, cert_sct,
+                    signature, false);
+
+    // We don't generate errors for corrupt SCT.
+    const string corrupt_cert_sct = "1" + cert_sct;
+    RunVerification(verifier.get(), hostname, server_config, certs,
+                    corrupt_cert_sct, signature, true);
 
     // An ECDSA signature is DER-encoded. Corrupt the last byte so that the
     // signature can still be DER-decoded correctly.
     string corrupt_signature = signature;
     corrupt_signature[corrupt_signature.size() - 1] += 1;
-    RunVerification(
-        verifier.get(), hostname, server_config, certs, corrupt_signature,
-        false);
+    RunVerification(verifier.get(), hostname, server_config, certs, cert_sct,
+                    corrupt_signature, false);
 
     // Prepending a "1" makes the DER invalid.
     const string bad_der_signature1 = "1" + signature;
-    RunVerification(
-        verifier.get(), hostname, server_config, certs, bad_der_signature1,
-        false);
+    RunVerification(verifier.get(), hostname, server_config, certs, cert_sct,
+                    bad_der_signature1, false);
 
     vector<string> wrong_certs;
     for (size_t i = 1; i < certs.size(); i++) {
       wrong_certs.push_back(certs[i]);
     }
-    RunVerification(
-        verifier.get(), hostname, server_config, wrong_certs, signature,
-        false);
+    RunVerification(verifier.get(), hostname, server_config, wrong_certs,
+                    cert_sct, signature, false);
   }
 }
 
 }  // namespace test
 }  // namespace net