OLD | NEW |
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "base/files/file_path.h" | 5 #include "base/files/file_path.h" |
6 #include "net/base/ip_endpoint.h" | 6 #include "net/base/ip_endpoint.h" |
7 #include "net/base/net_errors.h" | 7 #include "net/base/net_errors.h" |
8 #include "net/base/test_completion_callback.h" | 8 #include "net/base/test_completion_callback.h" |
9 #include "net/base/test_data_directory.h" | 9 #include "net/base/test_data_directory.h" |
10 #include "net/cert/cert_status_flags.h" | 10 #include "net/cert/cert_status_flags.h" |
(...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
50 TestCompletionCallback* const comp_callback_; | 50 TestCompletionCallback* const comp_callback_; |
51 bool* const ok_; | 51 bool* const ok_; |
52 string* const error_details_; | 52 string* const error_details_; |
53 }; | 53 }; |
54 | 54 |
55 // RunVerification runs |verifier->VerifyProof| and asserts that the result | 55 // RunVerification runs |verifier->VerifyProof| and asserts that the result |
56 // matches |expected_ok|. | 56 // matches |expected_ok|. |
57 void RunVerification(ProofVerifier* verifier, | 57 void RunVerification(ProofVerifier* verifier, |
58 const string& hostname, | 58 const string& hostname, |
59 const string& server_config, | 59 const string& server_config, |
| 60 QuicVersion quic_version, |
| 61 StringPiece chlo_hash, |
60 const vector<string>& certs, | 62 const vector<string>& certs, |
61 const string& proof, | 63 const string& proof, |
62 bool expected_ok) { | 64 bool expected_ok) { |
63 scoped_ptr<ProofVerifyDetails> details; | 65 scoped_ptr<ProofVerifyDetails> details; |
64 TestCompletionCallback comp_callback; | 66 TestCompletionCallback comp_callback; |
65 bool ok; | 67 bool ok; |
66 string error_details; | 68 string error_details; |
67 scoped_ptr<ProofVerifyContext> verify_context( | 69 scoped_ptr<ProofVerifyContext> verify_context( |
68 CryptoTestUtils::ProofVerifyContextForTesting()); | 70 CryptoTestUtils::ProofVerifyContextForTesting()); |
69 TestProofVerifierCallback* callback = | 71 TestProofVerifierCallback* callback = |
70 new TestProofVerifierCallback(&comp_callback, &ok, &error_details); | 72 new TestProofVerifierCallback(&comp_callback, &ok, &error_details); |
71 | 73 |
72 QuicAsyncStatus status = verifier->VerifyProof( | 74 QuicAsyncStatus status = verifier->VerifyProof( |
73 hostname, server_config, certs, "", proof, verify_context.get(), | 75 hostname, server_config, quic_version, chlo_hash, certs, "", proof, |
74 &error_details, &details, callback); | 76 verify_context.get(), &error_details, &details, callback); |
75 | 77 |
76 switch (status) { | 78 switch (status) { |
77 case QUIC_FAILURE: | 79 case QUIC_FAILURE: |
78 delete callback; | 80 delete callback; |
79 ASSERT_FALSE(expected_ok); | 81 ASSERT_FALSE(expected_ok); |
80 ASSERT_NE("", error_details); | 82 ASSERT_NE("", error_details); |
81 return; | 83 return; |
82 case QUIC_SUCCESS: | 84 case QUIC_SUCCESS: |
83 delete callback; | 85 delete callback; |
84 ASSERT_TRUE(expected_ok); | 86 ASSERT_TRUE(expected_ok); |
(...skipping 12 matching lines...) Expand all Loading... |
97 base::FilePath certs_dir = GetTestCertsDirectory(); | 99 base::FilePath certs_dir = GetTestCertsDirectory(); |
98 scoped_refptr<X509Certificate> cert = | 100 scoped_refptr<X509Certificate> cert = |
99 ImportCertFromFile(certs_dir, "quic_" + file_name); | 101 ImportCertFromFile(certs_dir, "quic_" + file_name); |
100 CHECK_NE(static_cast<X509Certificate*>(nullptr), cert.get()); | 102 CHECK_NE(static_cast<X509Certificate*>(nullptr), cert.get()); |
101 | 103 |
102 string der_bytes; | 104 string der_bytes; |
103 CHECK(X509Certificate::GetDEREncoded(cert->os_cert_handle(), &der_bytes)); | 105 CHECK(X509Certificate::GetDEREncoded(cert->os_cert_handle(), &der_bytes)); |
104 return der_bytes; | 106 return der_bytes; |
105 } | 107 } |
106 | 108 |
| 109 class ProofTest : public ::testing::TestWithParam<QuicVersion> {}; |
| 110 |
107 } // namespace | 111 } // namespace |
108 | 112 |
| 113 INSTANTIATE_TEST_CASE_P(QuicVersion, |
| 114 ProofTest, |
| 115 ::testing::ValuesIn(QuicSupportedVersions())); |
| 116 |
109 // TODO(rtenneti): Enable testing of ProofVerifier. See http://crbug.com/514468. | 117 // TODO(rtenneti): Enable testing of ProofVerifier. See http://crbug.com/514468. |
110 TEST(ProofTest, DISABLED_Verify) { | 118 TEST_P(ProofTest, DISABLED_Verify) { |
111 scoped_ptr<ProofSource> source(CryptoTestUtils::ProofSourceForTesting()); | 119 scoped_ptr<ProofSource> source(CryptoTestUtils::ProofSourceForTesting()); |
112 scoped_ptr<ProofVerifier> verifier( | 120 scoped_ptr<ProofVerifier> verifier( |
113 CryptoTestUtils::ProofVerifierForTesting()); | 121 CryptoTestUtils::ProofVerifierForTesting()); |
114 | 122 |
115 const string server_config = "server config bytes"; | 123 const string server_config = "server config bytes"; |
116 const string hostname = "test.example.com"; | 124 const string hostname = "test.example.com"; |
| 125 const string first_chlo_hash = "first chlo hash bytes"; |
| 126 const string second_chlo_hash = "first chlo hash bytes"; |
| 127 const QuicVersion quic_version = GetParam(); |
117 scoped_refptr<ProofSource::Chain> chain; | 128 scoped_refptr<ProofSource::Chain> chain; |
118 scoped_refptr<ProofSource::Chain> first_chain; | 129 scoped_refptr<ProofSource::Chain> first_chain; |
119 string error_details, signature, first_signature, first_cert_sct, cert_sct; | 130 string error_details, signature, first_signature, first_cert_sct, cert_sct; |
120 IPAddress server_ip; | 131 IPAddress server_ip; |
121 | 132 |
122 ASSERT_TRUE(source->GetProof(server_ip, hostname, server_config, | 133 ASSERT_TRUE(source->GetProof( |
123 false /* no ECDSA */, &first_chain, | 134 server_ip, hostname, server_config, quic_version, first_chlo_hash, |
124 &first_signature, &first_cert_sct)); | 135 false /* no ECDSA */, &first_chain, &first_signature, &first_cert_sct)); |
125 ASSERT_TRUE(source->GetProof(server_ip, hostname, server_config, | 136 ASSERT_TRUE(source->GetProof(server_ip, hostname, server_config, quic_version, |
126 false /* no ECDSA */, &chain, &signature, | 137 second_chlo_hash, false /* no ECDSA */, &chain, |
127 &cert_sct)); | 138 &signature, &cert_sct)); |
128 | 139 |
129 // Check that the proof source is caching correctly: | 140 // Check that the proof source is caching correctly: |
130 ASSERT_EQ(first_chain->certs, chain->certs); | 141 ASSERT_EQ(first_chain->certs, chain->certs); |
131 ASSERT_EQ(signature, first_signature); | 142 if (GetParam() < QUIC_VERSION_31) { |
| 143 ASSERT_EQ(signature, first_signature); |
| 144 } else { |
| 145 // QUIC 31 includes the CHLO hash. |
| 146 ASSERT_NE(signature, first_signature); |
| 147 } |
132 ASSERT_EQ(first_cert_sct, cert_sct); | 148 ASSERT_EQ(first_cert_sct, cert_sct); |
133 | 149 |
134 RunVerification(verifier.get(), hostname, server_config, chain->certs, | 150 RunVerification(verifier.get(), hostname, server_config, quic_version, |
135 signature, true); | 151 first_chlo_hash, chain->certs, signature, true); |
136 | 152 |
137 RunVerification(verifier.get(), "foo.com", server_config, chain->certs, | 153 RunVerification(verifier.get(), "foo.com", server_config, quic_version, |
| 154 first_chlo_hash, chain->certs, signature, false); |
| 155 |
| 156 RunVerification(verifier.get(), server_config.substr(1, string::npos), |
| 157 server_config, quic_version, first_chlo_hash, chain->certs, |
138 signature, false); | 158 signature, false); |
139 | 159 |
140 RunVerification(verifier.get(), server_config.substr(1, string::npos), | |
141 server_config, chain->certs, signature, false); | |
142 | |
143 const string corrupt_signature = "1" + signature; | 160 const string corrupt_signature = "1" + signature; |
144 RunVerification(verifier.get(), hostname, server_config, chain->certs, | 161 RunVerification(verifier.get(), hostname, server_config, quic_version, |
145 corrupt_signature, false); | 162 first_chlo_hash, chain->certs, corrupt_signature, false); |
146 | 163 |
147 vector<string> wrong_certs; | 164 vector<string> wrong_certs; |
148 for (size_t i = 1; i < chain->certs.size(); i++) { | 165 for (size_t i = 1; i < chain->certs.size(); i++) { |
149 wrong_certs.push_back(chain->certs[i]); | 166 wrong_certs.push_back(chain->certs[i]); |
150 } | 167 } |
151 RunVerification(verifier.get(), "foo.com", server_config, wrong_certs, | 168 RunVerification(verifier.get(), "foo.com", server_config, quic_version, |
152 corrupt_signature, false); | 169 first_chlo_hash, wrong_certs, corrupt_signature, false); |
153 } | 170 } |
154 | 171 |
155 TEST(ProofTest, UseAfterFree) { | 172 TEST_P(ProofTest, UseAfterFree) { |
156 ProofSource* source = CryptoTestUtils::ProofSourceForTesting(); | 173 ProofSource* source = CryptoTestUtils::ProofSourceForTesting(); |
157 | 174 |
158 const string server_config = "server config bytes"; | 175 const string server_config = "server config bytes"; |
159 const string hostname = "test.example.com"; | 176 const string hostname = "test.example.com"; |
| 177 const string chlo_hash = "proof nonce bytes"; |
160 scoped_refptr<ProofSource::Chain> chain; | 178 scoped_refptr<ProofSource::Chain> chain; |
161 string error_details, signature, cert_sct; | 179 string error_details, signature, cert_sct; |
162 IPAddress server_ip; | 180 IPAddress server_ip; |
163 | 181 |
164 ASSERT_TRUE(source->GetProof(server_ip, hostname, server_config, | 182 ASSERT_TRUE(source->GetProof(server_ip, hostname, server_config, GetParam(), |
165 false /* no ECDSA */, &chain, &signature, | 183 chlo_hash, false /* no ECDSA */, &chain, |
166 &cert_sct)); | 184 &signature, &cert_sct)); |
167 | 185 |
168 // Make sure we can safely access results after deleting where they came from. | 186 // Make sure we can safely access results after deleting where they came from. |
169 EXPECT_FALSE(chain->HasOneRef()); | 187 EXPECT_FALSE(chain->HasOneRef()); |
170 delete source; | 188 delete source; |
171 EXPECT_TRUE(chain->HasOneRef()); | 189 EXPECT_TRUE(chain->HasOneRef()); |
172 | 190 |
173 EXPECT_FALSE(chain->certs.empty()); | 191 EXPECT_FALSE(chain->certs.empty()); |
174 for (const string& cert : chain->certs) { | 192 for (const string& cert : chain->certs) { |
175 EXPECT_FALSE(cert.empty()); | 193 EXPECT_FALSE(cert.empty()); |
176 } | 194 } |
177 } | 195 } |
178 | 196 |
179 // A known answer test that allows us to test ProofVerifier without a working | 197 // A known answer test that allows us to test ProofVerifier without a working |
180 // ProofSource. | 198 // ProofSource. |
181 TEST(ProofTest, VerifyRSAKnownAnswerTest) { | 199 TEST_P(ProofTest, VerifyRSAKnownAnswerTest) { |
| 200 if (GetParam() > QUIC_VERSION_30) { |
| 201 return; |
| 202 } |
182 // These sample signatures were generated by running the Proof.Verify test | 203 // These sample signatures were generated by running the Proof.Verify test |
183 // and dumping the bytes of the |signature| output of ProofSource::GetProof(). | 204 // and dumping the bytes of the |signature| output of ProofSource::GetProof(). |
184 static const unsigned char signature_data_0[] = { | 205 static const unsigned char signature_data_0[] = { |
185 0x31, 0xd5, 0xfb, 0x40, 0x30, 0x75, 0xd2, 0x7d, 0x61, 0xf9, 0xd7, 0x54, | 206 0x31, 0xd5, 0xfb, 0x40, 0x30, 0x75, 0xd2, 0x7d, 0x61, 0xf9, 0xd7, 0x54, |
186 0x30, 0x06, 0xaf, 0x54, 0x0d, 0xb0, 0x0a, 0xda, 0x63, 0xca, 0x7e, 0x9e, | 207 0x30, 0x06, 0xaf, 0x54, 0x0d, 0xb0, 0x0a, 0xda, 0x63, 0xca, 0x7e, 0x9e, |
187 0xce, 0xba, 0x10, 0x05, 0x1b, 0xa6, 0x7f, 0xef, 0x2b, 0xa3, 0xff, 0x3c, | 208 0xce, 0xba, 0x10, 0x05, 0x1b, 0xa6, 0x7f, 0xef, 0x2b, 0xa3, 0xff, 0x3c, |
188 0xbb, 0x9a, 0xe4, 0xbf, 0xb8, 0x0c, 0xc1, 0xbd, 0xed, 0xc2, 0x90, 0x68, | 209 0xbb, 0x9a, 0xe4, 0xbf, 0xb8, 0x0c, 0xc1, 0xbd, 0xed, 0xc2, 0x90, 0x68, |
189 0xeb, 0x45, 0x48, 0xea, 0x3c, 0x95, 0xf8, 0xa2, 0xb9, 0xe7, 0x62, 0x29, | 210 0xeb, 0x45, 0x48, 0xea, 0x3c, 0x95, 0xf8, 0xa2, 0xb9, 0xe7, 0x62, 0x29, |
190 0x00, 0xc3, 0x18, 0xb4, 0x16, 0x6f, 0x5e, 0xb0, 0xc1, 0x26, 0xc0, 0x4b, | 211 0x00, 0xc3, 0x18, 0xb4, 0x16, 0x6f, 0x5e, 0xb0, 0xc1, 0x26, 0xc0, 0x4b, |
191 0x84, 0xf5, 0x97, 0xfc, 0x17, 0xf9, 0x1c, 0x43, 0xb8, 0xf2, 0x3f, 0x38, | 212 0x84, 0xf5, 0x97, 0xfc, 0x17, 0xf9, 0x1c, 0x43, 0xb8, 0xf2, 0x3f, 0x38, |
(...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
252 0xdc, 0xc5, 0x56, 0x84, 0x8a, 0x31, 0x31, 0x23, 0x61, 0x94, 0x7e, 0x01, | 273 0xdc, 0xc5, 0x56, 0x84, 0x8a, 0x31, 0x31, 0x23, 0x61, 0x94, 0x7e, 0x01, |
253 0x22, 0x49, 0xf3, 0xcb, 0x0e, 0x31, 0x03, 0x04, 0x1b, 0x14, 0x43, 0x7c, | 274 0x22, 0x49, 0xf3, 0xcb, 0x0e, 0x31, 0x03, 0x04, 0x1b, 0x14, 0x43, 0x7c, |
254 0xad, 0x42, 0xe5, 0x55, | 275 0xad, 0x42, 0xe5, 0x55, |
255 }; | 276 }; |
256 | 277 |
257 scoped_ptr<ProofVerifier> verifier( | 278 scoped_ptr<ProofVerifier> verifier( |
258 CryptoTestUtils::RealProofVerifierForTesting()); | 279 CryptoTestUtils::RealProofVerifierForTesting()); |
259 | 280 |
260 const string server_config = "server config bytes"; | 281 const string server_config = "server config bytes"; |
261 const string hostname = "test.example.com"; | 282 const string hostname = "test.example.com"; |
| 283 const string chlo_hash = "proof nonce bytes"; |
| 284 const QuicVersion quic_version = GetParam(); |
262 | 285 |
263 vector<string> certs(2); | 286 vector<string> certs(2); |
264 certs[0] = LoadTestCert("test.example.com.crt"); | 287 certs[0] = LoadTestCert("test.example.com.crt"); |
265 certs[1] = LoadTestCert("intermediate.crt"); | 288 certs[1] = LoadTestCert("intermediate.crt"); |
266 | 289 |
267 // Signatures are nondeterministic, so we test multiple signatures on the | 290 // Signatures are nondeterministic, so we test multiple signatures on the |
268 // same server_config. | 291 // same server_config. |
269 vector<string> signatures(3); | 292 vector<string> signatures(3); |
270 signatures[0].assign(reinterpret_cast<const char*>(signature_data_0), | 293 signatures[0].assign(reinterpret_cast<const char*>(signature_data_0), |
271 sizeof(signature_data_0)); | 294 sizeof(signature_data_0)); |
272 signatures[1].assign(reinterpret_cast<const char*>(signature_data_1), | 295 signatures[1].assign(reinterpret_cast<const char*>(signature_data_1), |
273 sizeof(signature_data_1)); | 296 sizeof(signature_data_1)); |
274 signatures[2].assign(reinterpret_cast<const char*>(signature_data_2), | 297 signatures[2].assign(reinterpret_cast<const char*>(signature_data_2), |
275 sizeof(signature_data_2)); | 298 sizeof(signature_data_2)); |
276 | 299 |
277 for (size_t i = 0; i < signatures.size(); i++) { | 300 for (size_t i = 0; i < signatures.size(); i++) { |
278 const string& signature = signatures[i]; | 301 const string& signature = signatures[i]; |
279 | 302 |
280 RunVerification(verifier.get(), hostname, server_config, certs, signature, | 303 RunVerification(verifier.get(), hostname, server_config, quic_version, |
281 true); | 304 chlo_hash, certs, signature, true); |
282 RunVerification(verifier.get(), "foo.com", server_config, certs, signature, | 305 RunVerification(verifier.get(), "foo.com", server_config, quic_version, |
283 false); | 306 chlo_hash, certs, signature, false); |
284 RunVerification(verifier.get(), hostname, | 307 RunVerification(verifier.get(), hostname, |
285 server_config.substr(1, string::npos), certs, signature, | 308 server_config.substr(1, string::npos), quic_version, |
286 false); | 309 chlo_hash, certs, signature, false); |
287 | 310 |
288 const string corrupt_signature = "1" + signature; | 311 const string corrupt_signature = "1" + signature; |
289 RunVerification(verifier.get(), hostname, server_config, certs, | 312 RunVerification(verifier.get(), hostname, server_config, quic_version, |
290 corrupt_signature, false); | 313 chlo_hash, certs, corrupt_signature, false); |
291 | 314 |
292 vector<string> wrong_certs; | 315 vector<string> wrong_certs; |
293 for (size_t i = 1; i < certs.size(); i++) { | 316 for (size_t i = 1; i < certs.size(); i++) { |
294 wrong_certs.push_back(certs[i]); | 317 wrong_certs.push_back(certs[i]); |
295 } | 318 } |
296 RunVerification(verifier.get(), hostname, server_config, wrong_certs, | 319 RunVerification(verifier.get(), hostname, server_config, quic_version, |
297 signature, false); | 320 chlo_hash, wrong_certs, signature, false); |
298 } | 321 } |
299 } | 322 } |
300 | 323 |
301 // A known answer test that allows us to test ProofVerifier without a working | 324 // A known answer test that allows us to test ProofVerifier without a working |
302 // ProofSource. | 325 // ProofSource. |
303 TEST(ProofTest, VerifyECDSAKnownAnswerTest) { | 326 TEST_P(ProofTest, VerifyECDSAKnownAnswerTest) { |
| 327 if (GetParam() > QUIC_VERSION_30) { |
| 328 return; |
| 329 } |
| 330 // These sample signatures were generated by running the Proof.Verify test |
| 331 // (modified to use ECDSA for signing proofs) and dumping the bytes of the |
| 332 // |signature| output of ProofSource::GetProof(). |
| 333 |
304 // Disable this test on platforms that do not support ECDSA certificates. | 334 // Disable this test on platforms that do not support ECDSA certificates. |
305 #if defined(OS_WIN) | 335 #if defined(OS_WIN) |
306 if (base::win::GetVersion() < base::win::VERSION_VISTA) | 336 if (base::win::GetVersion() < base::win::VERSION_VISTA) |
307 return; | 337 return; |
308 #endif | 338 #endif |
309 | 339 |
310 // These sample signatures were generated by running the Proof.Verify test | 340 // These sample signatures were generated by running the Proof.Verify test |
311 // (modified to use ECDSA for signing proofs) and dumping the bytes of the | 341 // (modified to use ECDSA for signing proofs) and dumping the bytes of the |
312 // |signature| output of ProofSource::GetProof(). | 342 // |signature| output of ProofSource::GetProof(). |
313 static const unsigned char signature_data_0[] = { | 343 static const unsigned char signature_data_0[] = { |
(...skipping 19 matching lines...) Expand all Loading... |
333 0x02, 0x21, 0x00, 0xc6, 0x20, 0xd4, 0x28, 0xf9, 0x70, 0xb5, 0xb4, 0xff, | 363 0x02, 0x21, 0x00, 0xc6, 0x20, 0xd4, 0x28, 0xf9, 0x70, 0xb5, 0xb4, 0xff, |
334 0x4a, 0x35, 0xba, 0xa0, 0xf2, 0x8e, 0x00, 0xf7, 0xcb, 0x43, 0xaf, 0x2d, | 364 0x4a, 0x35, 0xba, 0xa0, 0xf2, 0x8e, 0x00, 0xf7, 0xcb, 0x43, 0xaf, 0x2d, |
335 0x1f, 0xce, 0x92, 0x05, 0xca, 0x29, 0xfe, 0xd2, 0x8f, 0xd9, 0x31, | 365 0x1f, 0xce, 0x92, 0x05, 0xca, 0x29, 0xfe, 0xd2, 0x8f, 0xd9, 0x31, |
336 }; | 366 }; |
337 | 367 |
338 scoped_ptr<ProofVerifier> verifier( | 368 scoped_ptr<ProofVerifier> verifier( |
339 CryptoTestUtils::RealProofVerifierForTesting()); | 369 CryptoTestUtils::RealProofVerifierForTesting()); |
340 | 370 |
341 const string server_config = "server config bytes"; | 371 const string server_config = "server config bytes"; |
342 const string hostname = "test.example.com"; | 372 const string hostname = "test.example.com"; |
| 373 const string chlo_hash = "chlo_hash nonce bytes"; |
| 374 const QuicVersion quic_version = GetParam(); |
343 | 375 |
344 vector<string> certs(2); | 376 vector<string> certs(2); |
345 certs[0] = LoadTestCert("test_ecc.example.com.crt"); | 377 certs[0] = LoadTestCert("test_ecc.example.com.crt"); |
346 certs[1] = LoadTestCert("intermediate.crt"); | 378 certs[1] = LoadTestCert("intermediate.crt"); |
347 | 379 |
348 // Signatures are nondeterministic, so we test multiple signatures on the | 380 // Signatures are nondeterministic, so we test multiple signatures on the |
349 // same server_config. | 381 // same server_config. |
350 vector<string> signatures(3); | 382 vector<string> signatures(3); |
351 signatures[0].assign(reinterpret_cast<const char*>(signature_data_0), | 383 signatures[0].assign(reinterpret_cast<const char*>(signature_data_0), |
352 sizeof(signature_data_0)); | 384 sizeof(signature_data_0)); |
353 signatures[1].assign(reinterpret_cast<const char*>(signature_data_1), | 385 signatures[1].assign(reinterpret_cast<const char*>(signature_data_1), |
354 sizeof(signature_data_1)); | 386 sizeof(signature_data_1)); |
355 signatures[2].assign(reinterpret_cast<const char*>(signature_data_2), | 387 signatures[2].assign(reinterpret_cast<const char*>(signature_data_2), |
356 sizeof(signature_data_2)); | 388 sizeof(signature_data_2)); |
357 | 389 |
358 for (size_t i = 0; i < signatures.size(); i++) { | 390 for (size_t i = 0; i < signatures.size(); i++) { |
| 391 LOG(ERROR) << "====================" << i << "======================"; |
359 const string& signature = signatures[i]; | 392 const string& signature = signatures[i]; |
360 | 393 |
361 RunVerification(verifier.get(), hostname, server_config, certs, signature, | 394 LOG(ERROR) << "=================== expect ok ====================="; |
362 true); | 395 RunVerification(verifier.get(), hostname, server_config, quic_version, |
363 RunVerification(verifier.get(), "foo.com", server_config, certs, signature, | 396 chlo_hash, certs, signature, true); |
364 false); | 397 LOG(ERROR) << "=================== hose_name = foo.com ============="; |
| 398 RunVerification(verifier.get(), "foo.com", server_config, quic_version, |
| 399 chlo_hash, certs, signature, false); |
| 400 LOG(ERROR) << "================== server_config ===================="; |
365 RunVerification(verifier.get(), hostname, | 401 RunVerification(verifier.get(), hostname, |
366 server_config.substr(1, string::npos), certs, signature, | 402 server_config.substr(1, string::npos), quic_version, |
367 false); | 403 chlo_hash, certs, signature, false); |
368 | 404 |
369 // An ECDSA signature is DER-encoded. Corrupt the last byte so that the | 405 // An ECDSA signature is DER-encoded. Corrupt the last byte so that the |
370 // signature can still be DER-decoded correctly. | 406 // signature can still be DER-decoded correctly. |
371 string corrupt_signature = signature; | 407 string corrupt_signature = signature; |
372 corrupt_signature[corrupt_signature.size() - 1] += 1; | 408 corrupt_signature[corrupt_signature.size() - 1] += 1; |
373 RunVerification(verifier.get(), hostname, server_config, certs, | 409 LOG(ERROR) << "================= corrupt signature ======================="; |
374 corrupt_signature, false); | 410 RunVerification(verifier.get(), hostname, server_config, quic_version, |
| 411 chlo_hash, certs, corrupt_signature, false); |
375 | 412 |
376 // Prepending a "1" makes the DER invalid. | 413 // Prepending a "1" makes the DER invalid. |
377 const string bad_der_signature1 = "1" + signature; | 414 const string bad_der_signature1 = "1" + signature; |
378 RunVerification(verifier.get(), hostname, server_config, certs, | 415 LOG(ERROR) << "=========================bad der signature ==============="; |
379 bad_der_signature1, false); | 416 RunVerification(verifier.get(), hostname, server_config, quic_version, |
| 417 chlo_hash, certs, bad_der_signature1, false); |
380 | 418 |
381 vector<string> wrong_certs; | 419 vector<string> wrong_certs; |
382 for (size_t i = 1; i < certs.size(); i++) { | 420 for (size_t i = 1; i < certs.size(); i++) { |
383 wrong_certs.push_back(certs[i]); | 421 wrong_certs.push_back(certs[i]); |
384 } | 422 } |
385 RunVerification(verifier.get(), hostname, server_config, wrong_certs, | 423 LOG(ERROR) << "==================== wrong certs ========================="; |
386 signature, false); | 424 RunVerification(verifier.get(), hostname, server_config, quic_version, |
| 425 chlo_hash, wrong_certs, signature, false); |
387 } | 426 } |
388 } | 427 } |
389 | 428 |
390 } // namespace test | 429 } // namespace test |
391 } // namespace net | 430 } // namespace net |
OLD | NEW |