| OLD | NEW |
|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/files/file_path.h" | 5 #include "base/files/file_path.h" |
| 6 #include "net/base/net_errors.h" | 6 #include "net/base/net_errors.h" |
| 7 #include "net/base/test_completion_callback.h" | 7 #include "net/base/test_completion_callback.h" |
| 8 #include "net/base/test_data_directory.h" | 8 #include "net/base/test_data_directory.h" |
| 9 #include "net/cert/cert_status_flags.h" | 9 #include "net/cert/cert_status_flags.h" |
| 10 #include "net/cert/cert_verify_result.h" | 10 #include "net/cert/cert_verify_result.h" |
| 11 #include "net/cert/x509_certificate.h" | 11 #include "net/cert/x509_certificate.h" |
| 12 #include "net/quic/crypto/proof_source.h" | 12 #include "net/quic/crypto/proof_source.h" |
| 13 #include "net/quic/crypto/proof_verifier.h" | 13 #include "net/quic/crypto/proof_verifier.h" |
| 14 #include "net/quic/test_tools/crypto_test_utils.h" | 14 #include "net/quic/test_tools/crypto_test_utils.h" |
| 15 #include "net/test/cert_test_util.h" | 15 #include "net/test/cert_test_util.h" |
| 16 #include "testing/gtest/include/gtest/gtest.h" | 16 #include "testing/gtest/include/gtest/gtest.h" |
| 17 | 17 |
| 18 #if defined(OS_WIN) | 18 #if defined(OS_WIN) |
| 19 #include "base/win/windows_version.h" | 19 #include "base/win/windows_version.h" |
| 20 #endif | 20 #endif |
| 21 | 21 |
| 22 using std::string; | 22 using std::string; |
| 23 using std::vector; | 23 using std::vector; |
| 24 | 24 |
| 25 namespace net { | 25 namespace net { |
| 26 namespace test { | 26 namespace test { |
| 27 | 27 |
| 28 TEST(Proof, Verify) { | 28 class ProofTest : public ::testing::TestWithParam<QuicVersion> { |
| 29 protected: |
| 30 ProofTest() { |
| 31 version_ = GetParam(); |
| 32 } |
| 33 |
| 34 QuicVersion version_; |
| 35 }; |
| 36 |
| 37 // Run all ProofTests with QUIC versions 7 and 8. |
| 38 INSTANTIATE_TEST_CASE_P(ProofTests, |
| 39 ProofTest, |
| 40 ::testing::Values(QUIC_VERSION_7, QUIC_VERSION_8)); |
| 41 |
| 42 TEST_P(ProofTest, Verify) { |
| 29 // TODO(rtenneti): Enable testing of ProofVerifier. | 43 // TODO(rtenneti): Enable testing of ProofVerifier. |
| 30 #if 0 | 44 #if 0 |
| 31 scoped_ptr<ProofSource> source(CryptoTestUtils::ProofSourceForTesting()); | 45 scoped_ptr<ProofSource> source(CryptoTestUtils::ProofSourceForTesting()); |
| 32 scoped_ptr<ProofVerifier> verifier( | 46 scoped_ptr<ProofVerifier> verifier( |
| 33 CryptoTestUtils::ProofVerifierForTesting()); | 47 CryptoTestUtils::ProofVerifierForTesting()); |
| 34 | 48 |
| 35 const string server_config = "server config bytes"; | 49 const string server_config = "server config bytes"; |
| 36 const string hostname = "test.example.com"; | 50 const string hostname = "test.example.com"; |
| 37 const vector<string>* certs; | 51 const vector<string>* certs; |
| 38 const vector<string>* first_certs; | 52 const vector<string>* first_certs; |
| 39 string error_details, signature, first_signature; | 53 string error_details, signature, first_signature; |
| 40 CertVerifyResult cert_verify_result; | 54 CertVerifyResult cert_verify_result; |
| 41 | 55 |
| 42 ASSERT_TRUE(source->GetProof(hostname, server_config, false /* no ECDSA */, | 56 ASSERT_TRUE(source->GetProof(version_, hostname, server_config, |
| 43 &first_certs, &first_signature)); | 57 false /* no ECDSA */, &first_certs, |
| 44 ASSERT_TRUE(source->GetProof(hostname, server_config, false /* no ECDSA */, | 58 &first_signature)); |
| 45 &certs, &signature)); | 59 ASSERT_TRUE(source->GetProof(version_, hostname, server_config, |
| 60 false /* no ECDSA */, &certs, &signature)); |
| 46 | 61 |
| 47 // Check that the proof source is caching correctly: | 62 // Check that the proof source is caching correctly: |
| 48 ASSERT_EQ(first_certs, certs); | 63 ASSERT_EQ(first_certs, certs); |
| 49 ASSERT_EQ(signature, first_signature); | 64 ASSERT_EQ(signature, first_signature); |
| 50 | 65 |
| 51 int rv; | 66 int rv; |
| 52 TestCompletionCallback callback; | 67 TestCompletionCallback callback; |
| 53 rv = verifier->VerifyProof(hostname, server_config, *certs, signature, | 68 rv = verifier->VerifyProof(version_, hostname, server_config, *certs, |
| 54 &error_details, &cert_verify_result, | 69 signature, &error_details, &cert_verify_result, |
| 55 callback.callback()); | 70 callback.callback()); |
| 56 rv = callback.GetResult(rv); | 71 rv = callback.GetResult(rv); |
| 57 ASSERT_EQ(OK, rv); | 72 ASSERT_EQ(OK, rv); |
| 58 ASSERT_EQ("", error_details); | 73 ASSERT_EQ("", error_details); |
| 59 ASSERT_FALSE(IsCertStatusError(cert_verify_result.cert_status)); | 74 ASSERT_FALSE(IsCertStatusError(cert_verify_result.cert_status)); |
| 60 | 75 |
| 61 rv = verifier->VerifyProof("foo.com", server_config, *certs, signature, | 76 rv = verifier->VerifyProof(version_, "foo.com", server_config, *certs, |
| 62 &error_details, &cert_verify_result, | 77 signature, &error_details, &cert_verify_result, |
| 63 callback.callback()); | 78 callback.callback()); |
| 64 rv = callback.GetResult(rv); | 79 rv = callback.GetResult(rv); |
| 65 ASSERT_EQ(ERR_FAILED, rv); | 80 ASSERT_EQ(ERR_FAILED, rv); |
| 66 ASSERT_NE("", error_details); | 81 ASSERT_NE("", error_details); |
| 67 | 82 |
| 68 rv = verifier->VerifyProof(hostname, server_config.substr(1, string::npos), | 83 rv = verifier->VerifyProof(version_, hostname, |
| 84 server_config.substr(1, string::npos), |
| 69 *certs, signature, &error_details, | 85 *certs, signature, &error_details, |
| 70 &cert_verify_result, callback.callback()); | 86 &cert_verify_result, callback.callback()); |
| 71 rv = callback.GetResult(rv); | 87 rv = callback.GetResult(rv); |
| 72 ASSERT_EQ(ERR_FAILED, rv); | 88 ASSERT_EQ(ERR_FAILED, rv); |
| 73 ASSERT_NE("", error_details); | 89 ASSERT_NE("", error_details); |
| 74 | 90 |
| 75 const string corrupt_signature = "1" + signature; | 91 const string corrupt_signature = "1" + signature; |
| 76 rv = verifier->VerifyProof(hostname, server_config, *certs, corrupt_signature, | 92 rv = verifier->VerifyProof(version_, hostname, server_config, *certs, |
| 77 &error_details, &cert_verify_result, | 93 corrupt_signature, &error_details, |
| 78 callback.callback()); | 94 &cert_verify_result, callback.callback()); |
| 79 rv = callback.GetResult(rv); | 95 rv = callback.GetResult(rv); |
| 80 ASSERT_EQ(ERR_FAILED, rv); | 96 ASSERT_EQ(ERR_FAILED, rv); |
| 81 ASSERT_NE("", error_details); | 97 ASSERT_NE("", error_details); |
| 82 | 98 |
| 83 vector<string> wrong_certs; | 99 vector<string> wrong_certs; |
| 84 for (size_t i = 1; i < certs->size(); i++) { | 100 for (size_t i = 1; i < certs->size(); i++) { |
| 85 wrong_certs.push_back((*certs)[i]); | 101 wrong_certs.push_back((*certs)[i]); |
| 86 } | 102 } |
| 87 rv = verifier->VerifyProof("foo.com", server_config, wrong_certs, signature, | 103 rv = verifier->VerifyProof(version_, "foo.com", server_config, wrong_certs, |
| 88 &error_details, &cert_verify_result, | 104 signature, &error_details, &cert_verify_result, |
| 89 callback.callback()); | 105 callback.callback()); |
| 90 rv = callback.GetResult(rv); | 106 rv = callback.GetResult(rv); |
| 91 ASSERT_EQ(ERR_FAILED, rv); | 107 ASSERT_EQ(ERR_FAILED, rv); |
| 92 ASSERT_NE("", error_details); | 108 ASSERT_NE("", error_details); |
| 93 #endif // 0 | 109 #endif // 0 |
| 94 } | 110 } |
| 95 | 111 |
| 96 // TestProofVerifierCallback is a simple callback for a ProofVerifier that | 112 // TestProofVerifierCallback is a simple callback for a ProofVerifier that |
| 97 // signals a TestCompletionCallback when called and stores the results from the | 113 // signals a TestCompletionCallback when called and stores the results from the |
| 98 // ProofVerifier in pointers passed to the constructor. | 114 // ProofVerifier in pointers passed to the constructor. |
| (...skipping 16 matching lines...) Expand all Loading... |
| 115 } | 131 } |
| 116 | 132 |
| 117 private: | 133 private: |
| 118 TestCompletionCallback* const comp_callback_; | 134 TestCompletionCallback* const comp_callback_; |
| 119 bool* const ok_; | 135 bool* const ok_; |
| 120 std::string* const error_details_; | 136 std::string* const error_details_; |
| 121 }; | 137 }; |
| 122 | 138 |
| 123 // RunVerification runs |verifier->VerifyProof| and asserts that the result | 139 // RunVerification runs |verifier->VerifyProof| and asserts that the result |
| 124 // matches |expected_ok|. | 140 // matches |expected_ok|. |
| 125 static void RunVerification(ProofVerifier* verifier, | 141 static void RunVerification(QuicVersion version, |
| 142 ProofVerifier* verifier, |
| 126 const std::string& hostname, | 143 const std::string& hostname, |
| 127 const std::string& server_config, | 144 const std::string& server_config, |
| 128 const vector<std::string>& certs, | 145 const vector<std::string>& certs, |
| 129 const std::string& proof, | 146 const std::string& proof, |
| 130 bool expected_ok) { | 147 bool expected_ok) { |
| 131 scoped_ptr<ProofVerifyDetails> details; | 148 scoped_ptr<ProofVerifyDetails> details; |
| 132 TestCompletionCallback comp_callback; | 149 TestCompletionCallback comp_callback; |
| 133 bool ok; | 150 bool ok; |
| 134 std::string error_details; | 151 std::string error_details; |
| 135 TestProofVerifierCallback* callback = | 152 TestProofVerifierCallback* callback = |
| 136 new TestProofVerifierCallback(&comp_callback, &ok, &error_details); | 153 new TestProofVerifierCallback(&comp_callback, &ok, &error_details); |
| 137 | 154 |
| 138 ProofVerifier::Status status = verifier->VerifyProof( | 155 ProofVerifier::Status status = verifier->VerifyProof( |
| 139 hostname, server_config, certs, proof, &error_details, &details, | 156 version, hostname, server_config, certs, proof, &error_details, &details, |
| 140 callback); | 157 callback); |
| 141 | 158 |
| 142 switch (status) { | 159 switch (status) { |
| 143 case ProofVerifier::FAILURE: | 160 case ProofVerifier::FAILURE: |
| 144 ASSERT_FALSE(expected_ok); | 161 ASSERT_FALSE(expected_ok); |
| 145 ASSERT_NE("", error_details); | 162 ASSERT_NE("", error_details); |
| 146 return; | 163 return; |
| 147 case ProofVerifier::SUCCESS: | 164 case ProofVerifier::SUCCESS: |
| 148 ASSERT_TRUE(expected_ok); | 165 ASSERT_TRUE(expected_ok); |
| 149 ASSERT_EQ("", error_details); | 166 ASSERT_EQ("", error_details); |
| (...skipping 11 matching lines...) Expand all Loading... |
| 161 ImportCertFromFile(certs_dir, file_name); | 178 ImportCertFromFile(certs_dir, file_name); |
| 162 CHECK_NE(static_cast<X509Certificate*>(NULL), cert); | 179 CHECK_NE(static_cast<X509Certificate*>(NULL), cert); |
| 163 | 180 |
| 164 string der_bytes; | 181 string der_bytes; |
| 165 CHECK(X509Certificate::GetDEREncoded(cert->os_cert_handle(), &der_bytes)); | 182 CHECK(X509Certificate::GetDEREncoded(cert->os_cert_handle(), &der_bytes)); |
| 166 return der_bytes; | 183 return der_bytes; |
| 167 } | 184 } |
| 168 | 185 |
| 169 // A known answer test that allows us to test ProofVerifier without a working | 186 // A known answer test that allows us to test ProofVerifier without a working |
| 170 // ProofSource. | 187 // ProofSource. |
| 171 TEST(Proof, VerifyRSAKnownAnswerTest) { | 188 TEST_P(ProofTest, VerifyRSAKnownAnswerTest) { |
| 172 // These sample signatures were generated by running the Proof.Verify test | 189 // These sample signatures were generated by running the Proof.Verify test |
| 173 // and dumping the bytes of the |signature| output of ProofSource::GetProof(). | 190 // and dumping the bytes of the |signature| output of ProofSource::GetProof(). |
| 174 #if 0 | |
| 175 // In the future, we will change the |sLen| parameter of RSA-PSS to be the | |
| 176 // same as |hLen|, and these are the sample signatures with the parameter | |
| 177 // |sLen| equal to |hLen|. | |
| 178 static const unsigned char signature_data_0[] = { | |
| 179 0x9e, 0xe6, 0x74, 0x3b, 0x8f, 0xb8, 0x66, 0x77, 0x57, 0x09, | |
| 180 0x8a, 0x04, 0xe9, 0xf0, 0x7c, 0x91, 0xa9, 0x5c, 0xe9, 0xdf, | |
| 181 0x12, 0x4d, 0x23, 0x82, 0x8c, 0x29, 0x72, 0x7f, 0xc2, 0x20, | |
| 182 0xa7, 0xb3, 0xe5, 0xbc, 0xcf, 0x3c, 0x0d, 0x8f, 0xae, 0x46, | |
| 183 0x6a, 0xb9, 0xee, 0x0c, 0xe1, 0x13, 0x21, 0xc0, 0x7e, 0x45, | |
| 184 0x24, 0x24, 0x4b, 0x72, 0x43, 0x5e, 0xc4, 0x0d, 0xdf, 0x6c, | |
| 185 0xd8, 0xaa, 0x35, 0x97, 0x05, 0x40, 0x76, 0xd3, 0x2c, 0xee, | |
| 186 0x82, 0x16, 0x6a, 0x43, 0xf9, 0xa2, 0xd0, 0x41, 0x3c, 0xed, | |
| 187 0x3f, 0x40, 0x10, 0x95, 0xc7, 0xa9, 0x1f, 0x04, 0xdb, 0xd5, | |
| 188 0x98, 0x9f, 0xe2, 0xbf, 0x77, 0x3d, 0xc9, 0x9a, 0xaf, 0xf7, | |
| 189 0xef, 0x63, 0x0b, 0x7d, 0xc8, 0x37, 0xda, 0x37, 0x23, 0x88, | |
| 190 0x78, 0xc8, 0x8b, 0xf5, 0xb9, 0x36, 0x5d, 0x72, 0x1f, 0xfc, | |
| 191 0x14, 0xff, 0xa7, 0x81, 0x27, 0x49, 0xae, 0xe1, | |
| 192 }; | |
| 193 static const unsigned char signature_data_1[] = { | |
| 194 0x5e, 0xc2, 0xab, 0x6b, 0x16, 0xe6, 0x55, 0xf3, 0x16, 0x46, | |
| 195 0x35, 0xdc, 0xcc, 0xde, 0xd0, 0xbd, 0x6c, 0x66, 0xb2, 0x3d, | |
| 196 0xd3, 0x14, 0x78, 0xed, 0x47, 0x55, 0xfb, 0xdb, 0xe1, 0x7d, | |
| 197 0xbf, 0x31, 0xf6, 0xf4, 0x10, 0x4c, 0x8d, 0x22, 0x17, 0xaa, | |
| 198 0xe1, 0x85, 0xc7, 0x96, 0x4c, 0x42, 0xfb, 0xf4, 0x63, 0x53, | |
| 199 0x8a, 0x79, 0x01, 0x63, 0x48, 0xa8, 0x3a, 0xbc, 0xc9, 0xd2, | |
| 200 0xf5, 0xec, 0xe9, 0x09, 0x71, 0xaf, 0xce, 0x34, 0x56, 0xe5, | |
| 201 0x00, 0xbe, 0xee, 0x3c, 0x1c, 0xc4, 0xa0, 0x07, 0xd5, 0x77, | |
| 202 0xb8, 0x83, 0x57, 0x7d, 0x1a, 0xc9, 0xd0, 0xc0, 0x59, 0x9a, | |
| 203 0x88, 0x19, 0x3f, 0xb9, 0xf0, 0x45, 0x37, 0xc3, 0x00, 0x8b, | |
| 204 0xb3, 0x89, 0xf4, 0x89, 0x07, 0xa9, 0xc3, 0x26, 0xbf, 0x81, | |
| 205 0xaf, 0x6b, 0x47, 0xbc, 0x16, 0x55, 0x37, 0x0a, 0xbe, 0x0e, | |
| 206 0xc5, 0x75, 0x3f, 0x3d, 0x8e, 0xe8, 0x44, 0xe3, | |
| 207 }; | |
| 208 static const unsigned char signature_data_2[] = { | |
| 209 0x8e, 0x5c, 0x78, 0x63, 0x74, 0x99, 0x2e, 0x96, 0xc0, 0x14, | |
| 210 0x8d, 0xb5, 0x13, 0x74, 0xa3, 0xa4, 0xe0, 0x43, 0x3e, 0x85, | |
| 211 0xba, 0x8f, 0x3c, 0x5e, 0x14, 0x64, 0x0e, 0x5e, 0xff, 0x89, | |
| 212 0x88, 0x8a, 0x65, 0xe2, 0xa2, 0x79, 0xe4, 0xe9, 0x3a, 0x7f, | |
| 213 0xf6, 0x9d, 0x3d, 0xe2, 0xb0, 0x8a, 0x35, 0x55, 0xed, 0x21, | |
| 214 0xee, 0x20, 0xd8, 0x8a, 0x60, 0x47, 0xca, 0x52, 0x54, 0x91, | |
| 215 0x99, 0x69, 0x8d, 0x16, 0x34, 0x69, 0xe1, 0x46, 0x56, 0x67, | |
| 216 0x5f, 0x50, 0xf0, 0x94, 0xe7, 0x8b, 0xf2, 0x6a, 0x73, 0x0f, | |
| 217 0x30, 0x30, 0xde, 0x59, 0xdc, 0xc7, 0xfe, 0xb6, 0x83, 0xe1, | |
| 218 0x86, 0x1d, 0x88, 0xd3, 0x2f, 0x2f, 0x74, 0x68, 0xbd, 0x6c, | |
| 219 0xd1, 0x46, 0x76, 0x06, 0xa9, 0xd4, 0x03, 0x3f, 0xda, 0x7d, | |
| 220 0xa7, 0xff, 0x48, 0xe4, 0xb4, 0x42, 0x06, 0xac, 0x19, 0x12, | |
| 221 0xe6, 0x05, 0xae, 0xbe, 0x29, 0x94, 0x8f, 0x99, | |
| 222 }; | |
| 223 #else | |
| 224 // sLen = special value -2 used by OpenSSL. | 191 // sLen = special value -2 used by OpenSSL. |
| 225 static const unsigned char signature_data_0[] = { | 192 static const unsigned char signature_data_0[] = { |
| 226 0x4c, 0x68, 0x3c, 0xc2, 0x1f, 0x31, 0x73, 0xa5, 0x29, 0xd3, | 193 0x4c, 0x68, 0x3c, 0xc2, 0x1f, 0x31, 0x73, 0xa5, 0x29, 0xd3, |
| 227 0x56, 0x75, 0xb1, 0xbf, 0xbd, 0x31, 0x17, 0xfb, 0x2e, 0x24, | 194 0x56, 0x75, 0xb1, 0xbf, 0xbd, 0x31, 0x17, 0xfb, 0x2e, 0x24, |
| 228 0xb3, 0xc4, 0x0d, 0xfa, 0x56, 0xb8, 0x65, 0x94, 0x12, 0x38, | 195 0xb3, 0xc4, 0x0d, 0xfa, 0x56, 0xb8, 0x65, 0x94, 0x12, 0x38, |
| 229 0x6e, 0xff, 0xb3, 0x10, 0x2e, 0xf8, 0x5c, 0xc1, 0x21, 0x9d, | 196 0x6e, 0xff, 0xb3, 0x10, 0x2e, 0xf8, 0x5c, 0xc1, 0x21, 0x9d, |
| 230 0x29, 0x0c, 0x3a, 0x0a, 0x1a, 0xbf, 0x6b, 0x1c, 0x63, 0x77, | 197 0x29, 0x0c, 0x3a, 0x0a, 0x1a, 0xbf, 0x6b, 0x1c, 0x63, 0x77, |
| 231 0xf7, 0x86, 0xd3, 0xa4, 0x36, 0xf2, 0xb1, 0x6f, 0xac, 0xc3, | 198 0xf7, 0x86, 0xd3, 0xa4, 0x36, 0xf2, 0xb1, 0x6f, 0xac, 0xc3, |
| 232 0x23, 0x8d, 0xda, 0xe6, 0xd5, 0x83, 0xba, 0xdf, 0x28, 0x3e, | 199 0x23, 0x8d, 0xda, 0xe6, 0xd5, 0x83, 0xba, 0xdf, 0x28, 0x3e, |
| 233 0x7f, 0x4e, 0x79, 0xfc, 0xba, 0xdb, 0xf7, 0xd0, 0x4b, 0xad, | 200 0x7f, 0x4e, 0x79, 0xfc, 0xba, 0xdb, 0xf7, 0xd0, 0x4b, 0xad, |
| (...skipping 26 matching lines...) Expand all Loading... |
| 260 0x0e, 0x2a, 0x27, 0x3f, 0xc6, 0x55, 0xc6, 0xb9, 0xfe, 0x17, | 227 0x0e, 0x2a, 0x27, 0x3f, 0xc6, 0x55, 0xc6, 0xb9, 0xfe, 0x17, |
| 261 0xcc, 0xeb, 0x5d, 0xa1, 0xdc, 0xbd, 0x64, 0xd9, 0x5e, 0xec, | 228 0xcc, 0xeb, 0x5d, 0xa1, 0xdc, 0xbd, 0x64, 0xd9, 0x5e, 0xec, |
| 262 0x57, 0x9d, 0xc3, 0xdc, 0x11, 0xbf, 0x23, 0x02, 0x58, 0xc4, | 229 0x57, 0x9d, 0xc3, 0xdc, 0x11, 0xbf, 0x23, 0x02, 0x58, 0xc4, |
| 263 0xf1, 0x18, 0xc1, 0x6f, 0x3f, 0xef, 0x18, 0x4d, 0xa6, 0x1e, | 230 0xf1, 0x18, 0xc1, 0x6f, 0x3f, 0xef, 0x18, 0x4d, 0xa6, 0x1e, |
| 264 0xe8, 0x25, 0x32, 0x8f, 0x92, 0x1e, 0xad, 0xbc, 0xbe, 0xde, | 231 0xe8, 0x25, 0x32, 0x8f, 0x92, 0x1e, 0xad, 0xbc, 0xbe, 0xde, |
| 265 0x83, 0x2a, 0x92, 0xd5, 0x59, 0x6f, 0xe4, 0x95, 0x6f, 0xe6, | 232 0x83, 0x2a, 0x92, 0xd5, 0x59, 0x6f, 0xe4, 0x95, 0x6f, 0xe6, |
| 266 0xb1, 0xf9, 0xaf, 0x3f, 0xdb, 0x69, 0x6f, 0xae, 0xa6, 0x36, | 233 0xb1, 0xf9, 0xaf, 0x3f, 0xdb, 0x69, 0x6f, 0xae, 0xa6, 0x36, |
| 267 0xd2, 0x50, 0x81, 0x78, 0x41, 0x13, 0x2c, 0x65, 0x9c, 0x9e, | 234 0xd2, 0x50, 0x81, 0x78, 0x41, 0x13, 0x2c, 0x65, 0x9c, 0x9e, |
| 268 0xf4, 0xd2, 0xd5, 0x58, 0x5b, 0x8b, 0x87, 0xcf, | 235 0xf4, 0xd2, 0xd5, 0x58, 0x5b, 0x8b, 0x87, 0xcf, |
| 269 }; | 236 }; |
| 270 #endif | 237 static const unsigned char signature_data_4[] = { |
| 238 0x9e, 0xe6, 0x74, 0x3b, 0x8f, 0xb8, 0x66, 0x77, 0x57, 0x09, |
| 239 0x8a, 0x04, 0xe9, 0xf0, 0x7c, 0x91, 0xa9, 0x5c, 0xe9, 0xdf, |
| 240 0x12, 0x4d, 0x23, 0x82, 0x8c, 0x29, 0x72, 0x7f, 0xc2, 0x20, |
| 241 0xa7, 0xb3, 0xe5, 0xbc, 0xcf, 0x3c, 0x0d, 0x8f, 0xae, 0x46, |
| 242 0x6a, 0xb9, 0xee, 0x0c, 0xe1, 0x13, 0x21, 0xc0, 0x7e, 0x45, |
| 243 0x24, 0x24, 0x4b, 0x72, 0x43, 0x5e, 0xc4, 0x0d, 0xdf, 0x6c, |
| 244 0xd8, 0xaa, 0x35, 0x97, 0x05, 0x40, 0x76, 0xd3, 0x2c, 0xee, |
| 245 0x82, 0x16, 0x6a, 0x43, 0xf9, 0xa2, 0xd0, 0x41, 0x3c, 0xed, |
| 246 0x3f, 0x40, 0x10, 0x95, 0xc7, 0xa9, 0x1f, 0x04, 0xdb, 0xd5, |
| 247 0x98, 0x9f, 0xe2, 0xbf, 0x77, 0x3d, 0xc9, 0x9a, 0xaf, 0xf7, |
| 248 0xef, 0x63, 0x0b, 0x7d, 0xc8, 0x37, 0xda, 0x37, 0x23, 0x88, |
| 249 0x78, 0xc8, 0x8b, 0xf5, 0xb9, 0x36, 0x5d, 0x72, 0x1f, 0xfc, |
| 250 0x14, 0xff, 0xa7, 0x81, 0x27, 0x49, 0xae, 0xe1, |
| 251 }; |
| 252 static const unsigned char signature_data_5[] = { |
| 253 0x5e, 0xc2, 0xab, 0x6b, 0x16, 0xe6, 0x55, 0xf3, 0x16, 0x46, |
| 254 0x35, 0xdc, 0xcc, 0xde, 0xd0, 0xbd, 0x6c, 0x66, 0xb2, 0x3d, |
| 255 0xd3, 0x14, 0x78, 0xed, 0x47, 0x55, 0xfb, 0xdb, 0xe1, 0x7d, |
| 256 0xbf, 0x31, 0xf6, 0xf4, 0x10, 0x4c, 0x8d, 0x22, 0x17, 0xaa, |
| 257 0xe1, 0x85, 0xc7, 0x96, 0x4c, 0x42, 0xfb, 0xf4, 0x63, 0x53, |
| 258 0x8a, 0x79, 0x01, 0x63, 0x48, 0xa8, 0x3a, 0xbc, 0xc9, 0xd2, |
| 259 0xf5, 0xec, 0xe9, 0x09, 0x71, 0xaf, 0xce, 0x34, 0x56, 0xe5, |
| 260 0x00, 0xbe, 0xee, 0x3c, 0x1c, 0xc4, 0xa0, 0x07, 0xd5, 0x77, |
| 261 0xb8, 0x83, 0x57, 0x7d, 0x1a, 0xc9, 0xd0, 0xc0, 0x59, 0x9a, |
| 262 0x88, 0x19, 0x3f, 0xb9, 0xf0, 0x45, 0x37, 0xc3, 0x00, 0x8b, |
| 263 0xb3, 0x89, 0xf4, 0x89, 0x07, 0xa9, 0xc3, 0x26, 0xbf, 0x81, |
| 264 0xaf, 0x6b, 0x47, 0xbc, 0x16, 0x55, 0x37, 0x0a, 0xbe, 0x0e, |
| 265 0xc5, 0x75, 0x3f, 0x3d, 0x8e, 0xe8, 0x44, 0xe3, |
| 266 }; |
| 267 static const unsigned char signature_data_6[] = { |
| 268 0x8e, 0x5c, 0x78, 0x63, 0x74, 0x99, 0x2e, 0x96, 0xc0, 0x14, |
| 269 0x8d, 0xb5, 0x13, 0x74, 0xa3, 0xa4, 0xe0, 0x43, 0x3e, 0x85, |
| 270 0xba, 0x8f, 0x3c, 0x5e, 0x14, 0x64, 0x0e, 0x5e, 0xff, 0x89, |
| 271 0x88, 0x8a, 0x65, 0xe2, 0xa2, 0x79, 0xe4, 0xe9, 0x3a, 0x7f, |
| 272 0xf6, 0x9d, 0x3d, 0xe2, 0xb0, 0x8a, 0x35, 0x55, 0xed, 0x21, |
| 273 0xee, 0x20, 0xd8, 0x8a, 0x60, 0x47, 0xca, 0x52, 0x54, 0x91, |
| 274 0x99, 0x69, 0x8d, 0x16, 0x34, 0x69, 0xe1, 0x46, 0x56, 0x67, |
| 275 0x5f, 0x50, 0xf0, 0x94, 0xe7, 0x8b, 0xf2, 0x6a, 0x73, 0x0f, |
| 276 0x30, 0x30, 0xde, 0x59, 0xdc, 0xc7, 0xfe, 0xb6, 0x83, 0xe1, |
| 277 0x86, 0x1d, 0x88, 0xd3, 0x2f, 0x2f, 0x74, 0x68, 0xbd, 0x6c, |
| 278 0xd1, 0x46, 0x76, 0x06, 0xa9, 0xd4, 0x03, 0x3f, 0xda, 0x7d, |
| 279 0xa7, 0xff, 0x48, 0xe4, 0xb4, 0x42, 0x06, 0xac, 0x19, 0x12, |
| 280 0xe6, 0x05, 0xae, 0xbe, 0x29, 0x94, 0x8f, 0x99, |
| 281 }; |
| 271 | 282 |
| 272 scoped_ptr<ProofVerifier> verifier( | 283 scoped_ptr<ProofVerifier> verifier( |
| 273 CryptoTestUtils::ProofVerifierForTesting()); | 284 CryptoTestUtils::ProofVerifierForTesting()); |
| 274 | 285 |
| 275 const string server_config = "server config bytes"; | 286 const string server_config = "server config bytes"; |
| 276 const string hostname = "test.example.com"; | 287 const string hostname = "test.example.com"; |
| 277 string error_details; | 288 string error_details; |
| 278 CertVerifyResult cert_verify_result; | 289 CertVerifyResult cert_verify_result; |
| 279 | 290 |
| 280 vector<string> certs(2); | 291 vector<string> certs(2); |
| 281 certs[0] = PEMCertFileToDER("quic_test.example.com.crt"); | 292 certs[0] = PEMCertFileToDER("quic_test.example.com.crt"); |
| 282 certs[1] = PEMCertFileToDER("quic_intermediate.crt"); | 293 certs[1] = PEMCertFileToDER("quic_intermediate.crt"); |
| 283 | 294 |
| 284 // Signatures are nondeterministic, so we test multiple signatures on the | 295 // Signatures are nondeterministic, so we test multiple signatures on the |
| 285 // same server_config. | 296 // same server_config. |
| 286 vector<string> signatures(3); | 297 vector<string> signatures(3); |
| 287 signatures[0].assign(reinterpret_cast<const char*>(signature_data_0), | 298 if (version_ < QUIC_VERSION_8) { |
| 288 sizeof(signature_data_0)); | 299 signatures[0].assign(reinterpret_cast<const char*>(signature_data_0), |
| 289 signatures[1].assign(reinterpret_cast<const char*>(signature_data_1), | 300 sizeof(signature_data_0)); |
| 290 sizeof(signature_data_1)); | 301 signatures[1].assign(reinterpret_cast<const char*>(signature_data_1), |
| 291 signatures[2].assign(reinterpret_cast<const char*>(signature_data_2), | 302 sizeof(signature_data_1)); |
| 292 sizeof(signature_data_2)); | 303 signatures[2].assign(reinterpret_cast<const char*>(signature_data_2), |
| 304 sizeof(signature_data_2)); |
| 305 } else { |
| 306 signatures[0].assign(reinterpret_cast<const char*>(signature_data_4), |
| 307 sizeof(signature_data_4)); |
| 308 signatures[1].assign(reinterpret_cast<const char*>(signature_data_5), |
| 309 sizeof(signature_data_5)); |
| 310 signatures[2].assign(reinterpret_cast<const char*>(signature_data_6), |
| 311 sizeof(signature_data_6)); |
| 312 } |
| 293 | 313 |
| 294 for (size_t i = 0; i < signatures.size(); i++) { | 314 for (size_t i = 0; i < signatures.size(); i++) { |
| 295 const string& signature = signatures[i]; | 315 const string& signature = signatures[i]; |
| 296 | 316 |
| 297 RunVerification( | 317 RunVerification( |
| 298 verifier.get(), hostname, server_config, certs, signature, true); | 318 version_, verifier.get(), hostname, server_config, certs, signature, |
| 319 true); |
| 299 RunVerification( | 320 RunVerification( |
| 300 verifier.get(), "foo.com", server_config, certs, signature, false); | 321 version_, verifier.get(), "foo.com", server_config, certs, signature, |
| 322 false); |
| 301 RunVerification( | 323 RunVerification( |
| 302 verifier.get(), hostname, server_config.substr(1, string::npos), | 324 version_, verifier.get(), hostname, |
| 303 certs, signature, false); | 325 server_config.substr(1, string::npos), certs, signature, false); |
| 304 | 326 |
| 305 const string corrupt_signature = "1" + signature; | 327 const string corrupt_signature = "1" + signature; |
| 306 RunVerification( | 328 RunVerification( |
| 307 verifier.get(), hostname, server_config, certs, corrupt_signature, | 329 version_, verifier.get(), hostname, server_config, certs, |
| 308 false); | 330 corrupt_signature, false); |
| 309 | 331 |
| 310 vector<string> wrong_certs; | 332 vector<string> wrong_certs; |
| 311 for (size_t i = 1; i < certs.size(); i++) { | 333 for (size_t i = 1; i < certs.size(); i++) { |
| 312 wrong_certs.push_back(certs[i]); | 334 wrong_certs.push_back(certs[i]); |
| 313 } | 335 } |
| 314 RunVerification(verifier.get(), hostname, server_config, wrong_certs, | 336 RunVerification(version_, verifier.get(), hostname, server_config, |
| 315 signature, false); | 337 wrong_certs, signature, false); |
| 316 } | 338 } |
| 317 } | 339 } |
| 318 | 340 |
| 319 // A known answer test that allows us to test ProofVerifier without a working | 341 // A known answer test that allows us to test ProofVerifier without a working |
| 320 // ProofSource. | 342 // ProofSource. |
| 321 TEST(Proof, VerifyECDSAKnownAnswerTest) { | 343 TEST_P(ProofTest, VerifyECDSAKnownAnswerTest) { |
| 322 // Disable this test on platforms that do not support ECDSA certificates. | 344 // Disable this test on platforms that do not support ECDSA certificates. |
| 323 #if defined(OS_WIN) | 345 #if defined(OS_WIN) |
| 324 if (base::win::GetVersion() < base::win::VERSION_VISTA) | 346 if (base::win::GetVersion() < base::win::VERSION_VISTA) |
| 325 return; | 347 return; |
| 326 #endif | 348 #endif |
| 327 | 349 |
| 328 // These sample signatures were generated by running the Proof.Verify test | 350 // These sample signatures were generated by running the Proof.Verify test |
| 329 // (modified to use ECDSA for signing proofs) and dumping the bytes of the | 351 // (modified to use ECDSA for signing proofs) and dumping the bytes of the |
| 330 // |signature| output of ProofSource::GetProof(). | 352 // |signature| output of ProofSource::GetProof(). |
| 331 static const unsigned char signature_data_0[] = { | 353 static const unsigned char signature_data_0[] = { |
| (...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 377 sizeof(signature_data_0)); | 399 sizeof(signature_data_0)); |
| 378 signatures[1].assign(reinterpret_cast<const char*>(signature_data_1), | 400 signatures[1].assign(reinterpret_cast<const char*>(signature_data_1), |
| 379 sizeof(signature_data_1)); | 401 sizeof(signature_data_1)); |
| 380 signatures[2].assign(reinterpret_cast<const char*>(signature_data_2), | 402 signatures[2].assign(reinterpret_cast<const char*>(signature_data_2), |
| 381 sizeof(signature_data_2)); | 403 sizeof(signature_data_2)); |
| 382 | 404 |
| 383 for (size_t i = 0; i < signatures.size(); i++) { | 405 for (size_t i = 0; i < signatures.size(); i++) { |
| 384 const string& signature = signatures[i]; | 406 const string& signature = signatures[i]; |
| 385 | 407 |
| 386 RunVerification( | 408 RunVerification( |
| 387 verifier.get(), hostname, server_config, certs, signature, true); | 409 version_, verifier.get(), hostname, server_config, certs, signature, |
| 410 true); |
| 388 RunVerification( | 411 RunVerification( |
| 389 verifier.get(), "foo.com", server_config, certs, signature, false); | 412 version_, verifier.get(), "foo.com", server_config, certs, signature, |
| 413 false); |
| 390 RunVerification( | 414 RunVerification( |
| 391 verifier.get(), hostname, server_config.substr(1, string::npos), | 415 version_, verifier.get(), hostname, |
| 392 certs, signature, false); | 416 server_config.substr(1, string::npos), certs, signature, false); |
| 393 | 417 |
| 394 // An ECDSA signature is DER-encoded. Corrupt the last byte so that the | 418 // An ECDSA signature is DER-encoded. Corrupt the last byte so that the |
| 395 // signature can still be DER-decoded correctly. | 419 // signature can still be DER-decoded correctly. |
| 396 string corrupt_signature = signature; | 420 string corrupt_signature = signature; |
| 397 corrupt_signature[corrupt_signature.size() - 1] += 1; | 421 corrupt_signature[corrupt_signature.size() - 1] += 1; |
| 398 RunVerification( | 422 RunVerification( |
| 399 verifier.get(), hostname, server_config, certs, corrupt_signature, | 423 version_, verifier.get(), hostname, server_config, certs, |
| 400 false); | 424 corrupt_signature, false); |
| 401 | 425 |
| 402 // Prepending a "1" makes the DER invalid. | 426 // Prepending a "1" makes the DER invalid. |
| 403 const string bad_der_signature1 = "1" + signature; | 427 const string bad_der_signature1 = "1" + signature; |
| 404 RunVerification( | 428 RunVerification( |
| 405 verifier.get(), hostname, server_config, certs, bad_der_signature1, | 429 version_, verifier.get(), hostname, server_config, certs, |
| 406 false); | 430 bad_der_signature1, false); |
| 407 | 431 |
| 408 vector<string> wrong_certs; | 432 vector<string> wrong_certs; |
| 409 for (size_t i = 1; i < certs.size(); i++) { | 433 for (size_t i = 1; i < certs.size(); i++) { |
| 410 wrong_certs.push_back(certs[i]); | 434 wrong_certs.push_back(certs[i]); |
| 411 } | 435 } |
| 412 RunVerification( | 436 RunVerification( |
| 413 verifier.get(), hostname, server_config, wrong_certs, signature, false); | 437 version_, verifier.get(), hostname, server_config, wrong_certs, |
| 438 signature, false); |
| 414 } | 439 } |
| 415 } | 440 } |
| 416 | 441 |
| 417 } // namespace test | 442 } // namespace test |
| 418 } // namespace net | 443 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 22647002:
Add support to QUIC for QUIC_VERSION_8: for RSA-PSS signatures, set (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/