OLD | NEW |
| (Empty) |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 #include "chrome/common/extensions/api/networking_private/networking_private_cry
pto.h" | |
5 | |
6 #include <stdint.h> | |
7 | |
8 #include "base/base64.h" | |
9 #include "base/logging.h" | |
10 #include "base/strings/stringprintf.h" | |
11 #include "testing/gtest/include/gtest/gtest.h" | |
12 | |
13 namespace { | |
14 | |
15 } // namespace | |
16 | |
17 // Tests of networking_private_crypto support for Networking Private API. | |
18 class NetworkingPrivateCryptoTest : public testing::Test { | |
19 protected: | |
20 // Verify that decryption of |encrypted| data using |private_key_pem| matches | |
21 // |plain| data. | |
22 bool VerifyByteString(const std::string& private_key_pem, | |
23 const std::string& plain, | |
24 const std::vector<uint8_t>& encrypted) { | |
25 std::string decrypted; | |
26 if (networking_private_crypto::DecryptByteString( | |
27 private_key_pem, encrypted, &decrypted)) | |
28 return decrypted == plain; | |
29 return false; | |
30 } | |
31 }; | |
32 | |
33 // Test that networking_private_crypto::VerifyCredentials behaves as expected. | |
34 TEST_F(NetworkingPrivateCryptoTest, VerifyCredentials) { | |
35 // This certificate chain and signature are duplicated from: | |
36 // | |
37 // components/test/data/cast_certificate/certificates/chromecast_gen1.pem | |
38 // components/test/data/cast_certificate/signeddata/2ZZBG9_FA8FCA3EF91A.pem | |
39 // | |
40 // TODO(eroman): Avoid duplicating the data. | |
41 static const char kCertData[] = | |
42 "-----BEGIN CERTIFICATE-----" | |
43 "MIIDrDCCApSgAwIBAgIEU8xPLDANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJV" | |
44 "UzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzET" | |
45 "MBEGA1UECgwKR29vZ2xlIEluYzESMBAGA1UECwwJR29vZ2xlIFRWMRgwFgYDVQQD" | |
46 "DA9FdXJla2EgR2VuMSBJQ0EwHhcNMTQwNzIwMjMyMjIwWhcNMzQwNzE1MjMyMjIw" | |
47 "WjCBgTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEzARBgNVBAoT" | |
48 "Ckdvb2dsZSBJbmMxFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxEjAQBgNVBAsTCUdv" | |
49 "b2dsZSBUVjEcMBoGA1UEAxMTMlpaQkc5IEZBOEZDQTNFRjkxQTCCASIwDQYJKoZI" | |
50 "hvcNAQEBBQADggEPADCCAQoCggEBAKV56Srec2ePlqDP6cqFPuwU4MOs7MOcGDrv" | |
51 "da6qy6tWC7BmsqipMA/hn77iUiBZsw3TbUQnVfmM4ZQ2RENzcrAJ68cmc+lPxmRr" | |
52 "8x1Xu5FzZ+kcyU8glLLqdiXYEKRboFhC7BM05O1XOLvzCls4zuZuMrGNFBW+YoBm" | |
53 "FiXFYWBhapZC3RhhlSEZFuQWbb/MUSDzwr/CRbn4tKHMv4Fkw5HAnhLa+yXfgCGw" | |
54 "qOd9GejqUKsO/aajAHkM7lIHmvkthI4MVk0Koc+Ih487pgsOt18LqubZVEkbjCqp" | |
55 "Rpx1CGbErWnw2ptPvMCEC6e7mrYHcYgmuzQ7m+eUlhthEUiTYC0CAwEAAaMvMC0w" | |
56 "CQYDVR0TBAIwADALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJ" | |
57 "KoZIhvcNAQEFBQADggEBAGuKgGXHJXQ1M7P4uXB8wPPuT2h6g29YJ62rUvZ7BrlW" | |
58 "TknJT0Owaw68zepLhFQ4ydIzbVV3hA2InCmP3U24ZMxMJcA/9qNPAqPrtE1ZIQNI" | |
59 "Qh6slAdZa0qM6Us30/5fpUL6lgAfD1RIJxA4RWYZKP78SjJz1Lybx3Zbt0Jist9G" | |
60 "tvaJGZjZrdPncnJKayGaIln8gzHd6MVEGZp7aIQZ2h4NDlnrwyhMFTjg1WvnmQJ6" | |
61 "3bEvjSyjMGhY0JOUaDp/UMxnExn+1+cYAW9LrosZXtRDNJTl1zX4auAnNMHkt8uC" | |
62 "F8Jhy80X2wU0fj85oYbRsm+jBMtRayznY1TR0WoPBAo=" | |
63 "-----END CERTIFICATE-----"; | |
64 | |
65 static const char kICAData[] = | |
66 "-----BEGIN CERTIFICATE-----" | |
67 "MIIDhzCCAm+gAwIBAgIBATANBgkqhkiG9w0BAQUFADB8MQswCQYDVQQGEwJVUzET" | |
68 "MBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEG" | |
69 "A1UECgwKR29vZ2xlIEluYzESMBAGA1UECwwJR29vZ2xlIFRWMRcwFQYDVQQDDA5F" | |
70 "dXJla2EgUm9vdCBDQTAeFw0xMjEyMTkwMDQ3MTJaFw0zMjEyMTQwMDQ3MTJaMH0x" | |
71 "CzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3Vu" | |
72 "dGFpbiBWaWV3MRMwEQYDVQQKDApHb29nbGUgSW5jMRIwEAYDVQQLDAlHb29nbGUg" | |
73 "VFYxGDAWBgNVBAMMD0V1cmVrYSBHZW4xIElDQTCCASIwDQYJKoZIhvcNAQEBBQAD" | |
74 "ggEPADCCAQoCggEBALwigL2A9johADuudl41fz3DZFxVlIY0LwWHKM33aYwXs1Cn" | |
75 "uIL638dDLdZ+q6BvtxNygKRHFcEgmVDN7BRiCVukmM3SQbY2Tv/oLjIwSoGoQqNs" | |
76 "mzNuyrL1U2bgJ1OGGoUepzk/SneO+1RmZvtYVMBeOcf1UAYL4IrUzuFqVR+LFwDm" | |
77 "aaMn5gglaTwSnY0FLNYuojHetFJQ1iBJ3nGg+a0gQBLx3SXr1ea4NvTWj3/KQ9zX" | |
78 "EFvmP1GKhbPz//YDLcsjT5ytGOeTBYysUpr3TOmZer5ufk0K48YcqZP6OqWRXRy9" | |
79 "ZuvMYNyGdMrP+JIcmH1X+mFHnquAt+RIgCqSxRsCAwEAAaMTMBEwDwYDVR0TBAgw" | |
80 "BgEB/wIBATANBgkqhkiG9w0BAQUFAAOCAQEAi9Shsc9dzXtsSEpBH1MvGC0yRf+e" | |
81 "q9NzPh8i1+r6AeZzAw8rxiW7pe7F9UXLJBIqrcJdBfR69cKbEBZa0QpzxRY5oBDK" | |
82 "0WiFnvueJoOOWPN3oE7l25e+LQBf9ZTbsZ1la/3w0QRR38ySppktcfVN1SP+Mxyp" | |
83 "tKvFvxq40YDvicniH5xMSDui+gIK3IQBiocC+1nup0wEfXSZh2olRK0WquxONRt8" | |
84 "e4TJsT/hgnDlDefZbfqVtsXkHugRm9iy86T9E/ODT/cHFCC7IqWmj9a126l0eOKT" | |
85 "DeUjLwUX4LKXZzRND5x2Q3umIUpWBfYqfPJ/EpSCJikH8AtsbHkUsHTVbA==" | |
86 "-----END CERTIFICATE-----"; | |
87 | |
88 unsigned char kData[] = {0x53, 0x54, 0x52, 0x49, 0x4e, 0x47}; | |
89 | |
90 unsigned char kSignature[] = { | |
91 0x0a, 0xda, 0xb5, 0x40, 0x5c, 0x8e, 0x53, 0x89, 0xda, 0x67, 0x47, 0x28, | |
92 0xab, 0x64, 0x0d, 0xec, 0xb8, 0x1f, 0xd6, 0x75, 0x28, 0x97, 0x5f, 0xe0, | |
93 0x11, 0x51, 0x35, 0x2a, 0x70, 0xd8, 0xf6, 0x4d, 0xe8, 0xd0, 0x2e, 0xe0, | |
94 0x79, 0x75, 0x3a, 0x25, 0xbf, 0x40, 0x0f, 0x6d, 0xd1, 0x20, 0xe3, 0x82, | |
95 0xbd, 0x05, 0x87, 0x57, 0x01, 0x1e, 0x76, 0xb7, 0xf4, 0xd7, 0xb3, 0x10, | |
96 0x4a, 0x6c, 0x8a, 0xf9, 0x3d, 0xe7, 0xeb, 0x62, 0xe9, 0x5f, 0x73, 0xab, | |
97 0x6e, 0x22, 0xf5, 0x59, 0x4d, 0xc4, 0xa3, 0x95, 0xc3, 0xbe, 0x7b, 0x04, | |
98 0x5a, 0x36, 0x67, 0xee, 0x71, 0xb2, 0xe8, 0x60, 0xbe, 0xaa, 0x2c, 0x90, | |
99 0x36, 0xd7, 0xf0, 0x42, 0x28, 0xd4, 0x29, 0x9f, 0x30, 0xaa, 0x10, 0x4f, | |
100 0x2a, 0xe1, 0x72, 0x67, 0xcc, 0xb5, 0x44, 0x7b, 0x7f, 0x89, 0x45, 0x9f, | |
101 0xc3, 0x9d, 0x6a, 0xf0, 0x78, 0x77, 0x6d, 0x9f, 0x13, 0x58, 0x35, 0x09, | |
102 0x8c, 0x71, 0xaf, 0x34, 0x4b, 0x18, 0xc7, 0x07, 0xd2, 0xf2, 0x03, 0x48, | |
103 0xe2, 0x40, 0x75, 0x3b, 0xeb, 0x33, 0x74, 0x8d, 0x33, 0xb4, 0x45, 0xe2, | |
104 0x59, 0x56, 0x8b, 0xc7, 0x4e, 0x60, 0xc7, 0xec, 0xc8, 0xd3, 0x32, 0x16, | |
105 0x20, 0xb0, 0xc7, 0x0d, 0x14, 0x4b, 0x68, 0xbf, 0x79, 0xad, 0x7e, 0x47, | |
106 0x5d, 0x5d, 0xb5, 0x8c, 0xb6, 0xc3, 0x27, 0xb9, 0xd8, 0x25, 0x70, 0xc0, | |
107 0x8d, 0x12, 0x26, 0x51, 0xe8, 0xad, 0xde, 0xf8, 0xe8, 0x3e, 0x47, 0xd0, | |
108 0xdf, 0x11, 0x7d, 0x34, 0x50, 0xa8, 0x89, 0x89, 0x59, 0x93, 0x8a, 0x3d, | |
109 0x88, 0xaf, 0xd5, 0x1e, 0xe8, 0x34, 0x2e, 0x98, 0x62, 0x39, 0xc1, 0x22, | |
110 0x06, 0xf7, 0x3e, 0x98, 0xfd, 0x6f, 0x3a, 0x45, 0xd0, 0xb7, 0x3a, 0xe5, | |
111 0xaa, 0x38, 0x35, 0x2c, 0xe9, 0x78, 0x71, 0xe2, 0xf0, 0x6f, 0x60, 0x95, | |
112 0xc0, 0x60, 0x5f, 0xc3, | |
113 }; | |
114 | |
115 static const char kHotspotBssid[] = "FA:8F:CA:3E:F9:1A"; | |
116 | |
117 static const char kBadCertData[] = "not a certificate"; | |
118 static const char kBadHotspotBssid[] = "bad bssid"; | |
119 | |
120 // April 1, 2016 | |
121 base::Time::Exploded time_exploded = {0}; | |
122 time_exploded.year = 2016; | |
123 time_exploded.month = 4; | |
124 time_exploded.day_of_month = 1; | |
125 base::Time time; | |
126 ASSERT_TRUE(base::Time::FromUTCExploded(time_exploded, &time)); | |
127 | |
128 // September 1, 2035 | |
129 base::Time::Exploded expired_time_exploded = {0}; | |
130 expired_time_exploded.year = 2035; | |
131 expired_time_exploded.month = 9; | |
132 expired_time_exploded.day_of_month = 1; | |
133 base::Time expired_time; | |
134 ASSERT_TRUE( | |
135 base::Time::FromUTCExploded(expired_time_exploded, &expired_time)); | |
136 | |
137 std::string unsigned_data = std::string(std::begin(kData), std::end(kData)); | |
138 std::string signed_data = | |
139 std::string(std::begin(kSignature), std::end(kSignature)); | |
140 | |
141 // Check that verification fails when the intermediaries are not provided. | |
142 EXPECT_FALSE(networking_private_crypto::VerifyCredentialsAtTime( | |
143 kCertData, std::vector<std::string>(), signed_data, unsigned_data, | |
144 kHotspotBssid, time)); | |
145 | |
146 // Checking basic verification operation. | |
147 std::vector<std::string> icas; | |
148 icas.push_back(kICAData); | |
149 | |
150 EXPECT_TRUE(networking_private_crypto::VerifyCredentialsAtTime( | |
151 kCertData, icas, signed_data, unsigned_data, kHotspotBssid, time)); | |
152 | |
153 // Checking that verification fails when the certificate is expired. | |
154 EXPECT_FALSE(networking_private_crypto::VerifyCredentialsAtTime( | |
155 kCertData, icas, signed_data, unsigned_data, kHotspotBssid, | |
156 expired_time)); | |
157 | |
158 // Checking that verification fails when certificate has invalid format. | |
159 EXPECT_FALSE(networking_private_crypto::VerifyCredentialsAtTime( | |
160 kBadCertData, icas, signed_data, unsigned_data, kHotspotBssid, time)); | |
161 | |
162 // Checking that verification fails if we supply a bad ICA. | |
163 std::vector<std::string> bad_icas; | |
164 bad_icas.push_back(kCertData); | |
165 EXPECT_FALSE(networking_private_crypto::VerifyCredentialsAtTime( | |
166 kCertData, bad_icas, signed_data, unsigned_data, kHotspotBssid, time)); | |
167 | |
168 // Checking that verification fails when Hotspot Bssid does not match the | |
169 // certificate's common name. | |
170 EXPECT_FALSE(networking_private_crypto::VerifyCredentialsAtTime( | |
171 kCertData, icas, signed_data, unsigned_data, kBadHotspotBssid, time)); | |
172 | |
173 // Checking that verification fails when the signature is wrong. | |
174 unsigned_data = "bad data"; | |
175 EXPECT_FALSE(networking_private_crypto::VerifyCredentialsAtTime( | |
176 kCertData, icas, signed_data, unsigned_data, kHotspotBssid, time)); | |
177 } | |
178 | |
179 // Test that networking_private_crypto::EncryptByteString behaves as expected. | |
180 TEST_F(NetworkingPrivateCryptoTest, EncryptByteString) { | |
181 static const char kPublicKey[] = | |
182 "MIGJAoGBANTjeoILNkSKHVkd3my/rSwNi+9t473vPJU0lkM8nn9C7+gmaPvEWg4ZNkMd12aI" | |
183 "XDXVHrjgjcS80bPE0ykhN9J7EYkJ+43oulJMrEnyDy5KQo7U3MKBdjaKFTS+OPyohHpI8GqH" | |
184 "KM8UMkLPVtAKu1BXgGTSDvEaBAuoVT2PM4XNAgMBAAE="; | |
185 static const char kPrivateKey[] = | |
186 "-----BEGIN PRIVATE KEY-----" | |
187 "MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBANTjeoILNkSKHVkd" | |
188 "3my/rSwNi+9t473vPJU0lkM8nn9C7+gmaPvEWg4ZNkMd12aIXDXVHrjgjcS80bPE" | |
189 "0ykhN9J7EYkJ+43oulJMrEnyDy5KQo7U3MKBdjaKFTS+OPyohHpI8GqHKM8UMkLP" | |
190 "VtAKu1BXgGTSDvEaBAuoVT2PM4XNAgMBAAECgYEAt91H/2zjj8qhkkhDxDS/wd5p" | |
191 "T37fRTmMX2ktpiCC23LadOxHm7p39Nk9jjYFxV5cFXpdsFrw1kwl6VdC8LDp3eGu" | |
192 "Ku1GCqj5H2fpnkmL2goD01HRkPR3ro4uBHPtTXDbCIz0qp+NGlGG4gPUysMXxHSb" | |
193 "E5FIWeUx6gcPvidwrpkCQQD40FXY46KDJT8JVYJMqY6nFQZvptFl+9BGWfheVVSF" | |
194 "KBlTQBx/QA+XcC/W9Q/I+NEhdGcxLlkEMUpihSpYffKbAkEA2wmFfccdheTtoOuY" | |
195 "8oTurbnFHsS7gLtcR2IbRJKXw80CJxTQA/LMWz0YuFOAYJNl/9ILMfp6MQiI4L9F" | |
196 "l6pbtwJAJqkAXcXo72WvKL0flNfXsYBj0p9h8+2vi+7Y15d8nYAAh13zz5XdllM5" | |
197 "K7ZCMKDwpbkXe53O+QbLnwk/7iYLtwJAERT6AygfJk0HNzCIeglh78x4EgE3uj9i" | |
198 "X/LHu55PFacMTu3xlw09YLQwFFf2wBFeuAeyddBZ7S8ENbrU+5H+mwJBAO2E6gwG" | |
199 "e5ZqY4RmsQmv6K0rn5k+UT4qlPeVp1e6LnvO/PcKWOaUvDK59qFZoX4vN+iFUAbk" | |
200 "IuvhmL9u/uPWWck=" | |
201 "-----END PRIVATE KEY-----"; | |
202 static const std::vector<uint8_t> kBadKeyData(5, 111); | |
203 static const char kTestData[] = "disco boy"; | |
204 static const char kEmptyData[] = ""; | |
205 | |
206 std::string public_key_string; | |
207 base::Base64Decode(kPublicKey, &public_key_string); | |
208 std::vector<uint8_t> public_key(public_key_string.begin(), | |
209 public_key_string.end()); | |
210 std::string plain; | |
211 std::vector<uint8_t> encrypted_output; | |
212 | |
213 // Checking basic encryption operation. | |
214 plain = kTestData; | |
215 EXPECT_TRUE(networking_private_crypto::EncryptByteString( | |
216 public_key, plain, &encrypted_output)); | |
217 EXPECT_TRUE(VerifyByteString(kPrivateKey, plain, encrypted_output)); | |
218 | |
219 // Checking that we can encrypt the empty string. | |
220 plain = kEmptyData; | |
221 EXPECT_TRUE(networking_private_crypto::EncryptByteString( | |
222 public_key, plain, &encrypted_output)); | |
223 | |
224 // Checking graceful fail for too much data to encrypt. | |
225 EXPECT_FALSE(networking_private_crypto::EncryptByteString( | |
226 public_key, std::string(500, 'x'), &encrypted_output)); | |
227 | |
228 // Checking graceful fail for a bad key format. | |
229 EXPECT_FALSE(networking_private_crypto::EncryptByteString( | |
230 kBadKeyData, kTestData, &encrypted_output)); | |
231 } | |
OLD | NEW |