Chromium Code Reviews Chromium Code Reviews
Issue 15793005:
Per discussion, implement the Omaha Client Update Protocol (CUP) in src/crypto. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/| Index: google_apis/cup/client_update_protocol_unittest.cc |
| =================================================================== |
| --- google_apis/cup/client_update_protocol_unittest.cc (revision 0) |
| +++ google_apis/cup/client_update_protocol_unittest.cc (revision 0) |
| @@ -0,0 +1,169 @@ |
| +// Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| +// Use of this source code is governed by a BSD-style license that can be |
| +// found in the LICENSE file. |
| + |
| +#include <limits> |
| +#include <vector> |
| + |
| +#include "base/base64.h" |
| +#include "base/memory/scoped_ptr.h" |
| +#include "crypto/random.h" |
| +#include "crypto/secure_util.h" |
| +#include "google_apis/cup/client_update_protocol.h" |
| +#include "testing/gtest/include/gtest/gtest.h" |
| + |
| +namespace { |
| + |
| +std::string GetPublicKeyForTesting() { |
| + // How to generate this key: |
| + // openssl genpkey -out cr.pem -outform PEM -algorithm RSA |
| + // -pkeyopt rsa_keygen_pubexp:3 |
| + // openssl rsa -in cr.pem -pubout -out cr_pub.pem |
| + |
| + static const char kCupTestKey1024_Base64[] = |
| + "MIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQC7ct1JhLSol2DkBcJdNjR3KkEA" |
| + "ZfXpF22lDD2WZu5JAZ4NiZqnHsKGJNPUbCH4AhFsXmuW5wEHhUVNhsMP6F9mQ06D" |
| + "i+ygwZ8aXlklmW4S0Et+SNg3i73fnYn0KDQzrzJnMu46s/CFPhjr4f0TH9b7oHkU" |
| + "XbqNZtG6gwaN1bmzFwIBAw=="; |
| + |
| + std::string result; |
| + if (!base::Base64Decode(std::string(kCupTestKey1024_Base64), &result)) |
| + return ""; |
| + |
| + return result; |
| +} |
| + |
| +} // end namespace |
| + |
| +#if defined(USE_OPENSSL) |
| + |
| +// Once CUP is implemented for OpenSSL, remove this #if block. |
| +TEST(CupUnitTest, OpenSSLStub) { |
| + scoped_ptr<ClientUpdateProtocol> cup; |
| + |
| + cup.reset(ClientUpdateProtocol::Create(8, GetPublicKeyForTesting())); |
| + EXPECT_FALSE(cup.get()); |
| +} |
| + |
| +#else |
| + |
| +class CupUnitTest : public testing::Test { |
| + protected: |
| + virtual void SetUp() { |
| + cup_.reset(ClientUpdateProtocol::Create(8, GetPublicKeyForTesting())); |
| + EXPECT_TRUE(cup_.get()); |
| + } |
| + |
| + void OverrideRAndRebuildKeys() { |
| + // This must be the same length as the modulus of the public key being |
| + // used in the unit test. |
| + static const size_t kPublicKeyLength = 1024 / 8; |
| + static const char kFixedR[] = |
| + "Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do " |
| + "eiusmod tempor incididunt ut labore et dolore magna aliqua. "; |
| + |
| + ASSERT_EQ(kPublicKeyLength, strlen(kFixedR)); |
| + EXPECT_TRUE(cup_->BuildSharedKey(kPublicKeyLength, |
| + reinterpret_cast<const uint8*>(kFixedR))); |
| + } |
| + |
| + ClientUpdateProtocol& CUP() { |
| + return *cup_.get(); |
| + } |
| + |
| + private: |
| + scoped_ptr<ClientUpdateProtocol> cup_; |
| +}; |
| + |
| +TEST_F(CupUnitTest, GetVersionedSecret) { |
| + // Given a fixed public key set in our test fixture, if we override (r) with |
| + // a known data, we should be able to test (w) against an expected output. |
| + // |
| + // This expected output can be generated using this command line, where |
| + // plaintext.bin is the contents of kFixedR[] in OverrideRAndRebuildKeys(): |
| + // |
| + // openssl rsautl -inkey cr2_pub.pem -pubin -encrypt -raw |
| + // -in plaintext.bin | base64 |
| + // |
| + // Remember to prepend the key version number, and fix up the Base64 |
| + // afterwards to be URL-safe. |
| + |
| + static const char kExpectedVW[] = |
| + "8:lMmNR3mVbOitbq8ceYGStFBwrJcpvY-sauFSbMVe6VONS9x42xTOLY_KdqsWCy" |
| + "KuiJBiQziQLOybPUyA9vk0N5kMnC90LIh2nP2FgFG0M0Z22qjB3drsdJPi7TQZbb" |
| + "Xhqm587M8vjc6VlM_eoC0qYwCPaXBqXjsyiHnXetcn5X0"; |
| + |
| + EXPECT_NE(kExpectedVW, CUP().GetVersionedSecret()); |
| + OverrideRAndRebuildKeys(); |
| + EXPECT_EQ(kExpectedVW, CUP().GetVersionedSecret()); |
| +} |
| + |
| +TEST_F(CupUnitTest, SignRequest) { |
| + static const char kUrl[] = "//testserver.chromium.org/update"; |
| + static const char kUrlQuery[] = "?junk=present"; |
| + static const char kRequest[] = "testbody"; |
| + |
| + static const char kExpectedCP[] = "tfjmVMDAbU0-Kye4PjrCuyQIDCU"; |
| + |
| + OverrideRAndRebuildKeys(); |
| + |
| + |
|
Ryan Sleevi
2013/06/06 19:59:10
style: drop the extra newline.
Ryan Myers (chromium)
2013/06/06 21:09:10
Done.
|
| + // Check the case with no query string other than v|w. |
| + std::string url(kUrl); |
| + url.append("?w="); |
| + url.append(CUP().GetVersionedSecret()); |
| + |
| + std::string cp; |
| + EXPECT_TRUE(CUP().SignRequest(url, kRequest, &cp)); |
|
Ryan Sleevi
2013/06/06 19:59:10
Combined with the DCHECK comments for CUP, this sh
Ryan Myers (chromium)
2013/06/06 21:09:10
Done.
|
| + |
| + // Check the case with a pre-existing query string. |
| + std::string url2(kUrl); |
| + url2.append(kUrlQuery); |
| + url2.append("&w="); |
| + url2.append(CUP().GetVersionedSecret()); |
| + |
| + std::string cp2; |
| + EXPECT_TRUE(CUP().SignRequest(url2, kRequest, &cp2)); |
| + |
| + // Changes in the URL should result in changes in the client proof. |
| + EXPECT_EQ(kExpectedCP, cp2); |
| + EXPECT_NE(cp, cp2); |
| +} |
| + |
| +TEST_F(CupUnitTest, ValidateResponse) { |
| + static const char kUrl[] = "//testserver.chromium.orgupdate?junk=present&w="; |
| + static const char kRequest[] = "testbody"; |
| + |
| + static const char kGoodResponse[] = "intact_response"; |
| + static const char kGoodC[] = "c=EncryptedDataFromTheUpdateServer"; |
| + static const char kGoodSP[] = "5rMFMPL9Hgqb-2J8kL3scsHeNgg"; |
| + |
| + static const char kBadResponse[] = "tampered_response"; |
| + static const char kBadC[] = "c=TotalJunkThatAnAttackerCouldSend"; |
| + static const char kBadSP[] = "Base64TamperedShaOneHash"; |
| + |
| + OverrideRAndRebuildKeys(); |
| + |
| + std::string url(kUrl); |
| + url.append(CUP().GetVersionedSecret()); |
| + |
| + // We should return false if no calls to SignRequest() have been made. |
| + EXPECT_FALSE(CUP().ValidateResponse(kGoodResponse, kGoodC, kGoodSP)); |
| + |
| + EXPECT_TRUE(CUP().SignRequest(url, kRequest, NULL)); |
| + |
| + // Return true on a valid response and server proof. |
| + EXPECT_TRUE(CUP().ValidateResponse(kGoodResponse, kGoodC, kGoodSP)); |
| + |
| + // Return false on anything invalid. |
| + EXPECT_FALSE(CUP().ValidateResponse(kBadResponse, kGoodC, kGoodSP)); |
| + EXPECT_FALSE(CUP().ValidateResponse(kGoodResponse, kBadC, kGoodSP)); |
| + EXPECT_FALSE(CUP().ValidateResponse(kGoodResponse, kGoodC, kBadSP)); |
| + EXPECT_FALSE(CUP().ValidateResponse(kGoodResponse, kBadC, kBadSP)); |
| + EXPECT_FALSE(CUP().ValidateResponse(kBadResponse, kGoodC, kBadSP)); |
| + EXPECT_FALSE(CUP().ValidateResponse(kBadResponse, kBadC, kGoodSP)); |
| + EXPECT_FALSE(CUP().ValidateResponse(kBadResponse, kBadC, kBadSP)); |
| +} |
| + |
| +#endif // !defined(USE_OPENSSL) |
| + |
