Chromium Code Reviews Chromium Code Reviews
Issue 15793005:
Per discussion, implement the Omaha Client Update Protocol (CUP) in src/crypto. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/| OLD | NEW |
|---|---|
| (Empty) | |
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include <limits> | |
| 6 #include <vector> | |
| 7 | |
| 8 #include "base/base64.h" | |
| 9 #include "base/memory/scoped_ptr.h" | |
| 10 #include "crypto/random.h" | |
| 11 #include "crypto/secure_util.h" | |
| 12 #include "google_apis/cup/client_update_protocol.h" | |
| 13 #include "testing/gtest/include/gtest/gtest.h" | |
| 14 | |
| 15 namespace { | |
| 16 | |
| 17 std::string GetPublicKeyForTesting() { | |
| 18 // How to generate this key: | |
| 19 // openssl genpkey -out cr.pem -outform PEM -algorithm RSA | |
| 20 // -pkeyopt rsa_keygen_pubexp:3 | |
| 21 // openssl rsa -in cr.pem -pubout -out cr_pub.pem | |
| 22 | |
| 23 static const char kCupTestKey1024_Base64[] = | |
| 24 "MIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQC7ct1JhLSol2DkBcJdNjR3KkEA" | |
| 25 "ZfXpF22lDD2WZu5JAZ4NiZqnHsKGJNPUbCH4AhFsXmuW5wEHhUVNhsMP6F9mQ06D" | |
| 26 "i+ygwZ8aXlklmW4S0Et+SNg3i73fnYn0KDQzrzJnMu46s/CFPhjr4f0TH9b7oHkU" | |
| 27 "XbqNZtG6gwaN1bmzFwIBAw=="; | |
| 28 | |
| 29 std::string result; | |
| 30 if (!base::Base64Decode(std::string(kCupTestKey1024_Base64), &result)) | |
| 31 return ""; | |
| 32 | |
| 33 return result; | |
| 34 } | |
| 35 | |
| 36 } // end namespace | |
| 37 | |
| 38 #if defined(USE_OPENSSL) | |
| 39 | |
| 40 // Once CUP is implemented for OpenSSL, remove this #if block. | |
| 41 TEST(CupUnitTest, OpenSSLStub) { | |
| 42 scoped_ptr<ClientUpdateProtocol> cup; | |
| 43 | |
| 44 cup.reset(ClientUpdateProtocol::Create(8, GetPublicKeyForTesting())); | |
| 45 EXPECT_FALSE(cup.get()); | |
| 46 } | |
| 47 | |
| 48 #else | |
| 49 | |
| 50 class CupUnitTest : public testing::Test { | |
| 51 protected: | |
| 52 virtual void SetUp() { | |
| 53 cup_.reset(ClientUpdateProtocol::Create(8, GetPublicKeyForTesting())); | |
| 54 EXPECT_TRUE(cup_.get()); | |
| 55 } | |
| 56 | |
| 57 void OverrideRAndRebuildKeys() { | |
| 58 // This must be the same length as the modulus of the public key being | |
| 59 // used in the unit test. | |
| 60 static const size_t kPublicKeyLength = 1024 / 8; | |
| 61 static const char kFixedR[] = | |
| 62 "Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do " | |
| 63 "eiusmod tempor incididunt ut labore et dolore magna aliqua. "; | |
| 64 | |
| 65 ASSERT_EQ(kPublicKeyLength, strlen(kFixedR)); | |
| 66 EXPECT_TRUE(cup_->BuildSharedKey(kPublicKeyLength, | |
| 67 reinterpret_cast<const uint8*>(kFixedR))); | |
| 68 } | |
| 69 | |
| 70 ClientUpdateProtocol& CUP() { | |
| 71 return *cup_.get(); | |
| 72 } | |
| 73 | |
| 74 private: | |
| 75 scoped_ptr<ClientUpdateProtocol> cup_; | |
| 76 }; | |
| 77 | |
| 78 TEST_F(CupUnitTest, GetVersionedSecret) { | |
| 79 // Given a fixed public key set in our test fixture, if we override (r) with | |
| 80 // a known data, we should be able to test (w) against an expected output. | |
| 81 // | |
| 82 // This expected output can be generated using this command line, where | |
| 83 // plaintext.bin is the contents of kFixedR[] in OverrideRAndRebuildKeys(): | |
| 84 // | |
| 85 // openssl rsautl -inkey cr2_pub.pem -pubin -encrypt -raw | |
| 86 // -in plaintext.bin | base64 | |
| 87 // | |
| 88 // Remember to prepend the key version number, and fix up the Base64 | |
| 89 // afterwards to be URL-safe. | |
| 90 | |
| 91 static const char kExpectedVW[] = | |
| 92 "8:lMmNR3mVbOitbq8ceYGStFBwrJcpvY-sauFSbMVe6VONS9x42xTOLY_KdqsWCy" | |
| 93 "KuiJBiQziQLOybPUyA9vk0N5kMnC90LIh2nP2FgFG0M0Z22qjB3drsdJPi7TQZbb" | |
| 94 "Xhqm587M8vjc6VlM_eoC0qYwCPaXBqXjsyiHnXetcn5X0"; | |
| 95 | |
| 96 EXPECT_NE(kExpectedVW, CUP().GetVersionedSecret()); | |
| 97 OverrideRAndRebuildKeys(); | |
| 98 EXPECT_EQ(kExpectedVW, CUP().GetVersionedSecret()); | |
| 99 } | |
| 100 | |
| 101 TEST_F(CupUnitTest, SignRequest) { | |
| 102 static const char kUrl[] = "//testserver.chromium.org/update"; | |
| 103 static const char kUrlQuery[] = "?junk=present"; | |
| 104 static const char kRequest[] = "testbody"; | |
| 105 | |
| 106 static const char kExpectedCP[] = "tfjmVMDAbU0-Kye4PjrCuyQIDCU"; | |
| 107 | |
| 108 OverrideRAndRebuildKeys(); | |
| 109 | |
| 110 | |
|
Ryan Sleevi
2013/06/06 19:59:10
style: drop the extra newline.
Ryan Myers (chromium)
2013/06/06 21:09:10
Done.
| |
| 111 // Check the case with no query string other than v|w. | |
| 112 std::string url(kUrl); | |
| 113 url.append("?w="); | |
| 114 url.append(CUP().GetVersionedSecret()); | |
| 115 | |
| 116 std::string cp; | |
| 117 EXPECT_TRUE(CUP().SignRequest(url, kRequest, &cp)); | |
|
Ryan Sleevi
2013/06/06 19:59:10
Combined with the DCHECK comments for CUP, this sh
Ryan Myers (chromium)
2013/06/06 21:09:10
Done.
| |
| 118 | |
| 119 // Check the case with a pre-existing query string. | |
| 120 std::string url2(kUrl); | |
| 121 url2.append(kUrlQuery); | |
| 122 url2.append("&w="); | |
| 123 url2.append(CUP().GetVersionedSecret()); | |
| 124 | |
| 125 std::string cp2; | |
| 126 EXPECT_TRUE(CUP().SignRequest(url2, kRequest, &cp2)); | |
| 127 | |
| 128 // Changes in the URL should result in changes in the client proof. | |
| 129 EXPECT_EQ(kExpectedCP, cp2); | |
| 130 EXPECT_NE(cp, cp2); | |
| 131 } | |
| 132 | |
| 133 TEST_F(CupUnitTest, ValidateResponse) { | |
| 134 static const char kUrl[] = "//testserver.chromium.orgupdate?junk=present&w="; | |
| 135 static const char kRequest[] = "testbody"; | |
| 136 | |
| 137 static const char kGoodResponse[] = "intact_response"; | |
| 138 static const char kGoodC[] = "c=EncryptedDataFromTheUpdateServer"; | |
| 139 static const char kGoodSP[] = "5rMFMPL9Hgqb-2J8kL3scsHeNgg"; | |
| 140 | |
| 141 static const char kBadResponse[] = "tampered_response"; | |
| 142 static const char kBadC[] = "c=TotalJunkThatAnAttackerCouldSend"; | |
| 143 static const char kBadSP[] = "Base64TamperedShaOneHash"; | |
| 144 | |
| 145 OverrideRAndRebuildKeys(); | |
| 146 | |
| 147 std::string url(kUrl); | |
| 148 url.append(CUP().GetVersionedSecret()); | |
| 149 | |
| 150 // We should return false if no calls to SignRequest() have been made. | |
| 151 EXPECT_FALSE(CUP().ValidateResponse(kGoodResponse, kGoodC, kGoodSP)); | |
| 152 | |
| 153 EXPECT_TRUE(CUP().SignRequest(url, kRequest, NULL)); | |
| 154 | |
| 155 // Return true on a valid response and server proof. | |
| 156 EXPECT_TRUE(CUP().ValidateResponse(kGoodResponse, kGoodC, kGoodSP)); | |
| 157 | |
| 158 // Return false on anything invalid. | |
| 159 EXPECT_FALSE(CUP().ValidateResponse(kBadResponse, kGoodC, kGoodSP)); | |
| 160 EXPECT_FALSE(CUP().ValidateResponse(kGoodResponse, kBadC, kGoodSP)); | |
| 161 EXPECT_FALSE(CUP().ValidateResponse(kGoodResponse, kGoodC, kBadSP)); | |
| 162 EXPECT_FALSE(CUP().ValidateResponse(kGoodResponse, kBadC, kBadSP)); | |
| 163 EXPECT_FALSE(CUP().ValidateResponse(kBadResponse, kGoodC, kBadSP)); | |
| 164 EXPECT_FALSE(CUP().ValidateResponse(kBadResponse, kBadC, kGoodSP)); | |
| 165 EXPECT_FALSE(CUP().ValidateResponse(kBadResponse, kBadC, kBadSP)); | |
| 166 } | |
| 167 | |
| 168 #endif // !defined(USE_OPENSSL) | |
| 169 | |
| OLD | NEW |
