net/cert/ct_ev_whitelist_unittest.cc - Issue 462543002: Certificate Transparency: Code for unpacking EV cert hashes whitelist

Side by Side Diff: net/cert/ct_ev_whitelist_unittest.cc

Issue 462543002: Certificate Transparency: Code for unpacking EV cert hashes whitelist (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Review comments & linting Created 6 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
(Empty)
	1 // Copyright 2014 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #include "net/cert/ct_ev_whitelist.h"

	6

	7 #include <string>

	8

	9 #include "base/base64.h"

	10 #include "base/strings/stringprintf.h"
	wtc 2014/08/20 02:52:07 I don't think we need these two headers. I don't think we need these two headers. Eran Messeri 2014/09/02 12:20:23 Done. Show quoted text On 2014/08/20 02:52:07, wtc wrote: > > I don't think we need these two headers. Done.
	11 #include "testing/gtest/include/gtest/gtest.h"

	12

	13 namespace net {

	14

	15 namespace ct {

	16

	17 namespace internal {

	18

	19 const char kSomeData[] = {0xd5, 0xe2, 0xaf, 0xe5, 0xbb, 0x10, 0x7c, 0xd1};

	20

	21 TEST(BitStreamReaderTest, CanReadSingleByte) {

	22 BitStreamReader reader(kSomeData, 1);

	23 uint64 v(0);

	24

	25 ASSERT_EQ(8u, reader.BitsLeft());

	26 ASSERT_TRUE(reader.ReadBits(8, &v));

	27 ASSERT_EQ(static_cast<uint64>(0xd5), v);

	28

	29 ASSERT_FALSE(reader.ReadBits(1, &v));

	30 ASSERT_EQ(0u, reader.BitsLeft());

	31 }

	32

	33 TEST(BitStreamReaderTest, CanReadSingleBits) {

	34 const uint64 expected_bits[] = {1, 1, 0, 1, 0, 1, 0, 1,

	35 1, 1, 1, 0, 0, 0, 1, 0};

	36 BitStreamReader reader(kSomeData, 2);

	37 ASSERT_EQ(16u, reader.BitsLeft());

	38 uint64 v(0);

	39

	40 for (int i = 0; i < 16; ++i) {

	41 ASSERT_TRUE(reader.ReadBits(1, &v));

	42 ASSERT_EQ(expected_bits[i], v);

	43 }

	44 ASSERT_EQ(0u, reader.BitsLeft());

	45 }

	46

	47 TEST(BitStreamReaderTest, CanReadBitGroups) {

	48 BitStreamReader reader(kSomeData, 3);

	49 ASSERT_EQ(24u, reader.BitsLeft());

	50 uint64 v(0);

	51 uint64 res(0);

	52

	53 ASSERT_TRUE(reader.ReadBits(5, &v));

	54 res \|= v << 19;

	55 ASSERT_EQ(19u, reader.BitsLeft());

	56 ASSERT_TRUE(reader.ReadBits(13, &v));

	57 res \|= v << 6;

	58 ASSERT_EQ(6u, reader.BitsLeft());

	59 ASSERT_TRUE(reader.ReadBits(6, &v));

	60 res \|= v;

	61 ASSERT_EQ(static_cast<uint64>(0xd5e2af), res);

	62

	63 ASSERT_FALSE(reader.ReadBits(1, &v));

	64 }

	65

	66 TEST(BitStreamReaderTest, CanRead64Bit) {

	67 BitStreamReader reader(kSomeData, 8);

	68 ASSERT_EQ(64u, reader.BitsLeft());

	69 uint64 v(0);

	70

	71 ASSERT_TRUE(reader.ReadBits(64, &v));

	72 ASSERT_EQ(static_cast<uint64>(0xd5e2afe5bb107cd1), v);
	wtc 2014/08/20 02:52:07 I think there is some GG_UINT64_C macro (or someth I think there is some GG_UINT64_C macro (or something like that) that allows you to write a uint64 constant in a portable way. Eran Messeri 2014/09/02 12:20:23 Done, switched to using UINT64_C (GG_UINT64_C is d Show quoted text On 2014/08/20 02:52:07, wtc wrote: > > I think there is some GG_UINT64_C macro (or something like that) that allows you > to write a uint64 constant in a portable way. Done, switched to using UINT64_C (GG_UINT64_C is deprecated; see src/base/port.h)
	73 }

	74

	75 TEST(BitStreamReaderTest, CanReadUnaryEncodedNumbers) {

	76 BitStreamReader reader(kSomeData, 3);

	77 const uint64 expected_values[] = {2, 1, 1, 4, 0, 0, 1, 1, 1};

	78 uint64 v(0);

	79 for (int i = 0; i < 9; ++i) {
	wtc 2014/08/20 02:52:08 There are still four 1 bits (the 'f' in 0xaf). Sho There are still four 1 bits (the 'f' in 0xaf). Should we do i < 10 and see if that is parsed as a 4? (I assume the final '1111' is interpreted as 4 even though it is missing the trailing 0 bit.) Eran Messeri 2014/09/02 12:20:23 Done. Adding this test case indeed uncovered the p Show quoted text On 2014/08/20 02:52:08, wtc wrote: > > There are still four 1 bits (the 'f' in 0xaf). Should we do i < 10 and see if > that is parsed as a 4? (I assume the final '1111' is interpreted as 4 even > though it is missing the trailing 0 bit.) Done. Adding this test case indeed uncovered the problem where the final 1 was not accounted for, so I fixed the code.
	80 ASSERT_TRUE(reader.ReadUnaryEncoding(&v));

	81 ASSERT_EQ(expected_values[i], v) << "Expected " << expected_values[i]

	82 << " but was " << v << " at position "

	83 << i;
	wtc 2014/08/20 02:52:08 Nit: I think ASSERT_EQ will automatically print th Nit: I think ASSERT_EQ will automatically print the expected and actual values, so the only thing missing is the index \|i\| where this fails. Eran Messeri 2014/09/02 12:20:23 Done. Show quoted text On 2014/08/20 02:52:08, wtc wrote: > > Nit: I think ASSERT_EQ will automatically print the expected and actual values, > so the only thing missing is the index \|i\| where this fails. Done.
	84 }

	85 }

	86

	87 } // namespace internal

	88

	89 const char kFirstHash[] = {0x00, 0x00, 0x03, 0xd7, 0xfc, 0x18, 0x02, 0xcb};

	90 // Second hash: Diff from first hash is > 2^47

	91 const char kSecondHash[] = {0x00, 0x01, 0x05, 0xd2, 0x58, 0x47, 0xa7, 0xbf};

	92 // Third hash: Diff from 2nd hash is < 2^47

	93 const char kThirdHash[] = {0x00, 0x01, 0x48, 0x45, 0x8c, 0x53, 0x03, 0x94};

	94

	95 const char kWhitelistData[] = {

	96 0x00, 0x00, 0x03, 0xd7, 0xfc, 0x18, 0x02, 0xcb, // First hash

	97 0xc0, 0x7e, 0x97, 0x0b, 0xe9, 0x3d, 0x10, 0x9c,

	98 0xcd, 0x02, 0xd6, 0xf5, 0x40,

	99 };

	100

	101 TEST(CTEVWhitelistTest, UncompressFailsForTooShortList) {

	102 // This list does not contain enough bytes even for the first hash.

	103 std::set<std::string> res;

	104 ASSERT_FALSE(

	105 internal::UncompressEVWhitelist(std::string(kWhitelistData, 7), &res));

	106 }

	107

	108 TEST(CTEVWhitelistTest, UncompressFailsForTruncatedList) {

	109 // This list is missing bits for the second part of the diff.

	110 std::set<std::string> res;

	111 ASSERT_FALSE(

	112 internal::UncompressEVWhitelist(std::string(kWhitelistData, 14), &res));

	113 }

	114

	115 TEST(CTEVWhitelistTest, UncompressesWhitelistCorrectly) {

	116 std::set<std::string> res;

	117 ASSERT_TRUE(

	118 internal::UncompressEVWhitelist(std::string(kWhitelistData, 21), &res));
	wtc 2014/08/20 02:52:08 Nit: it may be better to use sizeof(kWhitelistData Nit: it may be better to use sizeof(kWhitelistData) or arraysize(kWhitelistData) instead of 21. Eran Messeri 2014/09/02 12:20:23 Done. Show quoted text On 2014/08/20 02:52:08, wtc wrote: > > Nit: it may be better to use sizeof(kWhitelistData) or arraysize(kWhitelistData) > instead of 21. Done.
	119

	120 // Ensure first hash is found

	121 ASSERT_TRUE(res.find(std::string(kFirstHash, 8)) != res.end());

	122 // Ensure second hash is found

	123 ASSERT_TRUE(res.find(std::string(kSecondHash, 8)) != res.end());

	124 // Ensure last hash is found

	125 ASSERT_TRUE(res.find(std::string(kThirdHash, 8)) != res.end());
	wtc 2014/08/20 02:52:08 We should also verify that res.size() is equal to We should also verify that res.size() is equal to 3. Eran Messeri 2014/09/02 12:20:23 Done. Show quoted text On 2014/08/20 02:52:08, wtc wrote: > > We should also verify that res.size() is equal to 3. Done.
	126 }

	127

	128 TEST(CTEVWhitelistTest, CanFindHashInSetList) {

	129 }

	130

	131 TEST(CTEVWhitelistTest, CannotFindOldHashAfterSetList) {

	132 }
	wtc 2014/08/20 02:52:08 These two tests are empty! These two tests are empty! Eran Messeri 2014/09/02 12:20:23 Eek! My bad, they're implemented in the new patchs Show quoted text On 2014/08/20 02:52:08, wtc wrote: > > These two tests are empty! Eek! My bad, they're implemented in the new patchset.
	133

	134 } // namespace ct

	135

	136 } // namespace net

OLD	NEW

« net/cert/ct_ev_whitelist.cc ('K') | « net/cert/ct_ev_whitelist.cc ('k') | net/cert/x509_certificate.h » ('j') | net/socket/ssl_client_socket_nss.cc » ('J')