| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 #include "chrome/common/extensions/api/networking_private/networking_private_cry
pto.h" | |
| 5 | |
| 6 #include <stdint.h> | |
| 7 | |
| 8 #include "base/base64.h" | |
| 9 #include "base/logging.h" | |
| 10 #include "base/strings/stringprintf.h" | |
| 11 #include "testing/gtest/include/gtest/gtest.h" | |
| 12 | |
| 13 namespace { | |
| 14 | |
| 15 } // namespace | |
| 16 | |
| 17 // Tests of networking_private_crypto support for Networking Private API. | |
| 18 class NetworkingPrivateCryptoTest : public testing::Test { | |
| 19 protected: | |
| 20 // Verify that decryption of |encrypted| data using |private_key_pem| matches | |
| 21 // |plain| data. | |
| 22 bool VerifyByteString(const std::string& private_key_pem, | |
| 23 const std::string& plain, | |
| 24 const std::vector<uint8_t>& encrypted) { | |
| 25 std::string decrypted; | |
| 26 if (networking_private_crypto::DecryptByteString( | |
| 27 private_key_pem, encrypted, &decrypted)) | |
| 28 return decrypted == plain; | |
| 29 return false; | |
| 30 } | |
| 31 }; | |
| 32 | |
| 33 // Test that networking_private_crypto::VerifyCredentials behaves as expected. | |
| 34 TEST_F(NetworkingPrivateCryptoTest, VerifyCredentials) { | |
| 35 // This certificate chain and signature are duplicated from: | |
| 36 // | |
| 37 // components/test/data/cast_certificate/certificates/chromecast_gen1.pem | |
| 38 // components/test/data/cast_certificate/signeddata/2ZZBG9_FA8FCA3EF91A.pem | |
| 39 // | |
| 40 // TODO(eroman): Avoid duplicating the data. | |
| 41 static const char kCertData[] = | |
| 42 "-----BEGIN CERTIFICATE-----" | |
| 43 "MIIDrDCCApSgAwIBAgIEU8xPLDANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJV" | |
| 44 "UzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzET" | |
| 45 "MBEGA1UECgwKR29vZ2xlIEluYzESMBAGA1UECwwJR29vZ2xlIFRWMRgwFgYDVQQD" | |
| 46 "DA9FdXJla2EgR2VuMSBJQ0EwHhcNMTQwNzIwMjMyMjIwWhcNMzQwNzE1MjMyMjIw" | |
| 47 "WjCBgTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEzARBgNVBAoT" | |
| 48 "Ckdvb2dsZSBJbmMxFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxEjAQBgNVBAsTCUdv" | |
| 49 "b2dsZSBUVjEcMBoGA1UEAxMTMlpaQkc5IEZBOEZDQTNFRjkxQTCCASIwDQYJKoZI" | |
| 50 "hvcNAQEBBQADggEPADCCAQoCggEBAKV56Srec2ePlqDP6cqFPuwU4MOs7MOcGDrv" | |
| 51 "da6qy6tWC7BmsqipMA/hn77iUiBZsw3TbUQnVfmM4ZQ2RENzcrAJ68cmc+lPxmRr" | |
| 52 "8x1Xu5FzZ+kcyU8glLLqdiXYEKRboFhC7BM05O1XOLvzCls4zuZuMrGNFBW+YoBm" | |
| 53 "FiXFYWBhapZC3RhhlSEZFuQWbb/MUSDzwr/CRbn4tKHMv4Fkw5HAnhLa+yXfgCGw" | |
| 54 "qOd9GejqUKsO/aajAHkM7lIHmvkthI4MVk0Koc+Ih487pgsOt18LqubZVEkbjCqp" | |
| 55 "Rpx1CGbErWnw2ptPvMCEC6e7mrYHcYgmuzQ7m+eUlhthEUiTYC0CAwEAAaMvMC0w" | |
| 56 "CQYDVR0TBAIwADALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJ" | |
| 57 "KoZIhvcNAQEFBQADggEBAGuKgGXHJXQ1M7P4uXB8wPPuT2h6g29YJ62rUvZ7BrlW" | |
| 58 "TknJT0Owaw68zepLhFQ4ydIzbVV3hA2InCmP3U24ZMxMJcA/9qNPAqPrtE1ZIQNI" | |
| 59 "Qh6slAdZa0qM6Us30/5fpUL6lgAfD1RIJxA4RWYZKP78SjJz1Lybx3Zbt0Jist9G" | |
| 60 "tvaJGZjZrdPncnJKayGaIln8gzHd6MVEGZp7aIQZ2h4NDlnrwyhMFTjg1WvnmQJ6" | |
| 61 "3bEvjSyjMGhY0JOUaDp/UMxnExn+1+cYAW9LrosZXtRDNJTl1zX4auAnNMHkt8uC" | |
| 62 "F8Jhy80X2wU0fj85oYbRsm+jBMtRayznY1TR0WoPBAo=" | |
| 63 "-----END CERTIFICATE-----"; | |
| 64 | |
| 65 static const char kICAData[] = | |
| 66 "-----BEGIN CERTIFICATE-----" | |
| 67 "MIIDhzCCAm+gAwIBAgIBATANBgkqhkiG9w0BAQUFADB8MQswCQYDVQQGEwJVUzET" | |
| 68 "MBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEG" | |
| 69 "A1UECgwKR29vZ2xlIEluYzESMBAGA1UECwwJR29vZ2xlIFRWMRcwFQYDVQQDDA5F" | |
| 70 "dXJla2EgUm9vdCBDQTAeFw0xMjEyMTkwMDQ3MTJaFw0zMjEyMTQwMDQ3MTJaMH0x" | |
| 71 "CzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3Vu" | |
| 72 "dGFpbiBWaWV3MRMwEQYDVQQKDApHb29nbGUgSW5jMRIwEAYDVQQLDAlHb29nbGUg" | |
| 73 "VFYxGDAWBgNVBAMMD0V1cmVrYSBHZW4xIElDQTCCASIwDQYJKoZIhvcNAQEBBQAD" | |
| 74 "ggEPADCCAQoCggEBALwigL2A9johADuudl41fz3DZFxVlIY0LwWHKM33aYwXs1Cn" | |
| 75 "uIL638dDLdZ+q6BvtxNygKRHFcEgmVDN7BRiCVukmM3SQbY2Tv/oLjIwSoGoQqNs" | |
| 76 "mzNuyrL1U2bgJ1OGGoUepzk/SneO+1RmZvtYVMBeOcf1UAYL4IrUzuFqVR+LFwDm" | |
| 77 "aaMn5gglaTwSnY0FLNYuojHetFJQ1iBJ3nGg+a0gQBLx3SXr1ea4NvTWj3/KQ9zX" | |
| 78 "EFvmP1GKhbPz//YDLcsjT5ytGOeTBYysUpr3TOmZer5ufk0K48YcqZP6OqWRXRy9" | |
| 79 "ZuvMYNyGdMrP+JIcmH1X+mFHnquAt+RIgCqSxRsCAwEAAaMTMBEwDwYDVR0TBAgw" | |
| 80 "BgEB/wIBATANBgkqhkiG9w0BAQUFAAOCAQEAi9Shsc9dzXtsSEpBH1MvGC0yRf+e" | |
| 81 "q9NzPh8i1+r6AeZzAw8rxiW7pe7F9UXLJBIqrcJdBfR69cKbEBZa0QpzxRY5oBDK" | |
| 82 "0WiFnvueJoOOWPN3oE7l25e+LQBf9ZTbsZ1la/3w0QRR38ySppktcfVN1SP+Mxyp" | |
| 83 "tKvFvxq40YDvicniH5xMSDui+gIK3IQBiocC+1nup0wEfXSZh2olRK0WquxONRt8" | |
| 84 "e4TJsT/hgnDlDefZbfqVtsXkHugRm9iy86T9E/ODT/cHFCC7IqWmj9a126l0eOKT" | |
| 85 "DeUjLwUX4LKXZzRND5x2Q3umIUpWBfYqfPJ/EpSCJikH8AtsbHkUsHTVbA==" | |
| 86 "-----END CERTIFICATE-----"; | |
| 87 | |
| 88 unsigned char kData[] = {0x53, 0x54, 0x52, 0x49, 0x4e, 0x47}; | |
| 89 | |
| 90 unsigned char kSignature[] = { | |
| 91 0x0a, 0xda, 0xb5, 0x40, 0x5c, 0x8e, 0x53, 0x89, 0xda, 0x67, 0x47, 0x28, | |
| 92 0xab, 0x64, 0x0d, 0xec, 0xb8, 0x1f, 0xd6, 0x75, 0x28, 0x97, 0x5f, 0xe0, | |
| 93 0x11, 0x51, 0x35, 0x2a, 0x70, 0xd8, 0xf6, 0x4d, 0xe8, 0xd0, 0x2e, 0xe0, | |
| 94 0x79, 0x75, 0x3a, 0x25, 0xbf, 0x40, 0x0f, 0x6d, 0xd1, 0x20, 0xe3, 0x82, | |
| 95 0xbd, 0x05, 0x87, 0x57, 0x01, 0x1e, 0x76, 0xb7, 0xf4, 0xd7, 0xb3, 0x10, | |
| 96 0x4a, 0x6c, 0x8a, 0xf9, 0x3d, 0xe7, 0xeb, 0x62, 0xe9, 0x5f, 0x73, 0xab, | |
| 97 0x6e, 0x22, 0xf5, 0x59, 0x4d, 0xc4, 0xa3, 0x95, 0xc3, 0xbe, 0x7b, 0x04, | |
| 98 0x5a, 0x36, 0x67, 0xee, 0x71, 0xb2, 0xe8, 0x60, 0xbe, 0xaa, 0x2c, 0x90, | |
| 99 0x36, 0xd7, 0xf0, 0x42, 0x28, 0xd4, 0x29, 0x9f, 0x30, 0xaa, 0x10, 0x4f, | |
| 100 0x2a, 0xe1, 0x72, 0x67, 0xcc, 0xb5, 0x44, 0x7b, 0x7f, 0x89, 0x45, 0x9f, | |
| 101 0xc3, 0x9d, 0x6a, 0xf0, 0x78, 0x77, 0x6d, 0x9f, 0x13, 0x58, 0x35, 0x09, | |
| 102 0x8c, 0x71, 0xaf, 0x34, 0x4b, 0x18, 0xc7, 0x07, 0xd2, 0xf2, 0x03, 0x48, | |
| 103 0xe2, 0x40, 0x75, 0x3b, 0xeb, 0x33, 0x74, 0x8d, 0x33, 0xb4, 0x45, 0xe2, | |
| 104 0x59, 0x56, 0x8b, 0xc7, 0x4e, 0x60, 0xc7, 0xec, 0xc8, 0xd3, 0x32, 0x16, | |
| 105 0x20, 0xb0, 0xc7, 0x0d, 0x14, 0x4b, 0x68, 0xbf, 0x79, 0xad, 0x7e, 0x47, | |
| 106 0x5d, 0x5d, 0xb5, 0x8c, 0xb6, 0xc3, 0x27, 0xb9, 0xd8, 0x25, 0x70, 0xc0, | |
| 107 0x8d, 0x12, 0x26, 0x51, 0xe8, 0xad, 0xde, 0xf8, 0xe8, 0x3e, 0x47, 0xd0, | |
| 108 0xdf, 0x11, 0x7d, 0x34, 0x50, 0xa8, 0x89, 0x89, 0x59, 0x93, 0x8a, 0x3d, | |
| 109 0x88, 0xaf, 0xd5, 0x1e, 0xe8, 0x34, 0x2e, 0x98, 0x62, 0x39, 0xc1, 0x22, | |
| 110 0x06, 0xf7, 0x3e, 0x98, 0xfd, 0x6f, 0x3a, 0x45, 0xd0, 0xb7, 0x3a, 0xe5, | |
| 111 0xaa, 0x38, 0x35, 0x2c, 0xe9, 0x78, 0x71, 0xe2, 0xf0, 0x6f, 0x60, 0x95, | |
| 112 0xc0, 0x60, 0x5f, 0xc3, | |
| 113 }; | |
| 114 | |
| 115 static const char kHotspotBssid[] = "FA:8F:CA:3E:F9:1A"; | |
| 116 | |
| 117 static const char kBadCertData[] = "not a certificate"; | |
| 118 static const char kBadHotspotBssid[] = "bad bssid"; | |
| 119 | |
| 120 // April 1, 2016 | |
| 121 base::Time::Exploded time_exploded = {0}; | |
| 122 time_exploded.year = 2016; | |
| 123 time_exploded.month = 4; | |
| 124 time_exploded.day_of_month = 1; | |
| 125 base::Time time; | |
| 126 ASSERT_TRUE(base::Time::FromUTCExploded(time_exploded, &time)); | |
| 127 | |
| 128 // September 1, 2035 | |
| 129 base::Time::Exploded expired_time_exploded = {0}; | |
| 130 expired_time_exploded.year = 2035; | |
| 131 expired_time_exploded.month = 9; | |
| 132 expired_time_exploded.day_of_month = 1; | |
| 133 base::Time expired_time; | |
| 134 ASSERT_TRUE( | |
| 135 base::Time::FromUTCExploded(expired_time_exploded, &expired_time)); | |
| 136 | |
| 137 std::string unsigned_data = std::string(std::begin(kData), std::end(kData)); | |
| 138 std::string signed_data = | |
| 139 std::string(std::begin(kSignature), std::end(kSignature)); | |
| 140 | |
| 141 // Check that verification fails when the intermediaries are not provided. | |
| 142 EXPECT_FALSE(networking_private_crypto::VerifyCredentialsAtTime( | |
| 143 kCertData, std::vector<std::string>(), signed_data, unsigned_data, | |
| 144 kHotspotBssid, time)); | |
| 145 | |
| 146 // Checking basic verification operation. | |
| 147 std::vector<std::string> icas; | |
| 148 icas.push_back(kICAData); | |
| 149 | |
| 150 EXPECT_TRUE(networking_private_crypto::VerifyCredentialsAtTime( | |
| 151 kCertData, icas, signed_data, unsigned_data, kHotspotBssid, time)); | |
| 152 | |
| 153 // Checking that verification fails when the certificate is expired. | |
| 154 EXPECT_FALSE(networking_private_crypto::VerifyCredentialsAtTime( | |
| 155 kCertData, icas, signed_data, unsigned_data, kHotspotBssid, | |
| 156 expired_time)); | |
| 157 | |
| 158 // Checking that verification fails when certificate has invalid format. | |
| 159 EXPECT_FALSE(networking_private_crypto::VerifyCredentialsAtTime( | |
| 160 kBadCertData, icas, signed_data, unsigned_data, kHotspotBssid, time)); | |
| 161 | |
| 162 // Checking that verification fails if we supply a bad ICA. | |
| 163 std::vector<std::string> bad_icas; | |
| 164 bad_icas.push_back(kCertData); | |
| 165 EXPECT_FALSE(networking_private_crypto::VerifyCredentialsAtTime( | |
| 166 kCertData, bad_icas, signed_data, unsigned_data, kHotspotBssid, time)); | |
| 167 | |
| 168 // Checking that verification fails when Hotspot Bssid does not match the | |
| 169 // certificate's common name. | |
| 170 EXPECT_FALSE(networking_private_crypto::VerifyCredentialsAtTime( | |
| 171 kCertData, icas, signed_data, unsigned_data, kBadHotspotBssid, time)); | |
| 172 | |
| 173 // Checking that verification fails when the signature is wrong. | |
| 174 unsigned_data = "bad data"; | |
| 175 EXPECT_FALSE(networking_private_crypto::VerifyCredentialsAtTime( | |
| 176 kCertData, icas, signed_data, unsigned_data, kHotspotBssid, time)); | |
| 177 } | |
| 178 | |
| 179 // Test that networking_private_crypto::EncryptByteString behaves as expected. | |
| 180 TEST_F(NetworkingPrivateCryptoTest, EncryptByteString) { | |
| 181 static const char kPublicKey[] = | |
| 182 "MIGJAoGBANTjeoILNkSKHVkd3my/rSwNi+9t473vPJU0lkM8nn9C7+gmaPvEWg4ZNkMd12aI" | |
| 183 "XDXVHrjgjcS80bPE0ykhN9J7EYkJ+43oulJMrEnyDy5KQo7U3MKBdjaKFTS+OPyohHpI8GqH" | |
| 184 "KM8UMkLPVtAKu1BXgGTSDvEaBAuoVT2PM4XNAgMBAAE="; | |
| 185 static const char kPrivateKey[] = | |
| 186 "-----BEGIN PRIVATE KEY-----" | |
| 187 "MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBANTjeoILNkSKHVkd" | |
| 188 "3my/rSwNi+9t473vPJU0lkM8nn9C7+gmaPvEWg4ZNkMd12aIXDXVHrjgjcS80bPE" | |
| 189 "0ykhN9J7EYkJ+43oulJMrEnyDy5KQo7U3MKBdjaKFTS+OPyohHpI8GqHKM8UMkLP" | |
| 190 "VtAKu1BXgGTSDvEaBAuoVT2PM4XNAgMBAAECgYEAt91H/2zjj8qhkkhDxDS/wd5p" | |
| 191 "T37fRTmMX2ktpiCC23LadOxHm7p39Nk9jjYFxV5cFXpdsFrw1kwl6VdC8LDp3eGu" | |
| 192 "Ku1GCqj5H2fpnkmL2goD01HRkPR3ro4uBHPtTXDbCIz0qp+NGlGG4gPUysMXxHSb" | |
| 193 "E5FIWeUx6gcPvidwrpkCQQD40FXY46KDJT8JVYJMqY6nFQZvptFl+9BGWfheVVSF" | |
| 194 "KBlTQBx/QA+XcC/W9Q/I+NEhdGcxLlkEMUpihSpYffKbAkEA2wmFfccdheTtoOuY" | |
| 195 "8oTurbnFHsS7gLtcR2IbRJKXw80CJxTQA/LMWz0YuFOAYJNl/9ILMfp6MQiI4L9F" | |
| 196 "l6pbtwJAJqkAXcXo72WvKL0flNfXsYBj0p9h8+2vi+7Y15d8nYAAh13zz5XdllM5" | |
| 197 "K7ZCMKDwpbkXe53O+QbLnwk/7iYLtwJAERT6AygfJk0HNzCIeglh78x4EgE3uj9i" | |
| 198 "X/LHu55PFacMTu3xlw09YLQwFFf2wBFeuAeyddBZ7S8ENbrU+5H+mwJBAO2E6gwG" | |
| 199 "e5ZqY4RmsQmv6K0rn5k+UT4qlPeVp1e6LnvO/PcKWOaUvDK59qFZoX4vN+iFUAbk" | |
| 200 "IuvhmL9u/uPWWck=" | |
| 201 "-----END PRIVATE KEY-----"; | |
| 202 static const std::vector<uint8_t> kBadKeyData(5, 111); | |
| 203 static const char kTestData[] = "disco boy"; | |
| 204 static const char kEmptyData[] = ""; | |
| 205 | |
| 206 std::string public_key_string; | |
| 207 base::Base64Decode(kPublicKey, &public_key_string); | |
| 208 std::vector<uint8_t> public_key(public_key_string.begin(), | |
| 209 public_key_string.end()); | |
| 210 std::string plain; | |
| 211 std::vector<uint8_t> encrypted_output; | |
| 212 | |
| 213 // Checking basic encryption operation. | |
| 214 plain = kTestData; | |
| 215 EXPECT_TRUE(networking_private_crypto::EncryptByteString( | |
| 216 public_key, plain, &encrypted_output)); | |
| 217 EXPECT_TRUE(VerifyByteString(kPrivateKey, plain, encrypted_output)); | |
| 218 | |
| 219 // Checking that we can encrypt the empty string. | |
| 220 plain = kEmptyData; | |
| 221 EXPECT_TRUE(networking_private_crypto::EncryptByteString( | |
| 222 public_key, plain, &encrypted_output)); | |
| 223 | |
| 224 // Checking graceful fail for too much data to encrypt. | |
| 225 EXPECT_FALSE(networking_private_crypto::EncryptByteString( | |
| 226 public_key, std::string(500, 'x'), &encrypted_output)); | |
| 227 | |
| 228 // Checking graceful fail for a bad key format. | |
| 229 EXPECT_FALSE(networking_private_crypto::EncryptByteString( | |
| 230 kBadKeyData, kTestData, &encrypted_output)); | |
| 231 } | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2464663002:
chrome: move networking_private_crypto from common to browser (Closed)
