| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "net/cert/ct_ev_whitelist.h" |
| 6 |
| 7 #include <string> |
| 8 |
| 9 #include "base/memory/scoped_ptr.h" |
| 10 #include "testing/gtest/include/gtest/gtest.h" |
| 11 |
| 12 namespace net { |
| 13 |
| 14 namespace ct { |
| 15 |
| 16 namespace internal { |
| 17 |
| 18 const uint8_t kSomeData[] = {0xd5, 0xe2, 0xaf, 0xe5, 0xbb, 0x10, 0x7c, 0xd1}; |
| 19 |
| 20 TEST(BitStreamReaderTest, CanReadSingleByte) { |
| 21 BitStreamReader reader( |
| 22 base::StringPiece(reinterpret_cast<const char*>(kSomeData), 1)); |
| 23 uint64_t v(0); |
| 24 |
| 25 EXPECT_EQ(8u, reader.BitsLeft()); |
| 26 EXPECT_TRUE(reader.ReadBits(8, &v)); |
| 27 EXPECT_EQ(UINT64_C(0xd5), v); |
| 28 |
| 29 EXPECT_FALSE(reader.ReadBits(1, &v)); |
| 30 EXPECT_EQ(0u, reader.BitsLeft()); |
| 31 } |
| 32 |
| 33 TEST(BitStreamReaderTest, CanReadSingleBits) { |
| 34 const uint64_t expected_bits[] = {1, 1, 0, 1, 0, 1, 0, 1, |
| 35 1, 1, 1, 0, 0, 0, 1, 0}; |
| 36 BitStreamReader reader( |
| 37 base::StringPiece(reinterpret_cast<const char*>(kSomeData), 2)); |
| 38 EXPECT_EQ(16u, reader.BitsLeft()); |
| 39 uint64_t v(0); |
| 40 |
| 41 for (int i = 0; i < 16; ++i) { |
| 42 EXPECT_TRUE(reader.ReadBits(1, &v)); |
| 43 EXPECT_EQ(expected_bits[i], v); |
| 44 } |
| 45 EXPECT_EQ(0u, reader.BitsLeft()); |
| 46 } |
| 47 |
| 48 TEST(BitStreamReaderTest, CanReadBitGroups) { |
| 49 BitStreamReader reader( |
| 50 base::StringPiece(reinterpret_cast<const char*>(kSomeData), 3)); |
| 51 EXPECT_EQ(24u, reader.BitsLeft()); |
| 52 uint64_t v(0); |
| 53 uint64_t res(0); |
| 54 |
| 55 EXPECT_TRUE(reader.ReadBits(5, &v)); |
| 56 res |= v << 19; |
| 57 EXPECT_EQ(19u, reader.BitsLeft()); |
| 58 EXPECT_TRUE(reader.ReadBits(13, &v)); |
| 59 res |= v << 6; |
| 60 EXPECT_EQ(6u, reader.BitsLeft()); |
| 61 EXPECT_TRUE(reader.ReadBits(6, &v)); |
| 62 res |= v; |
| 63 EXPECT_EQ(UINT64_C(0xd5e2af), res); |
| 64 |
| 65 EXPECT_FALSE(reader.ReadBits(1, &v)); |
| 66 } |
| 67 |
| 68 TEST(BitStreamReaderTest, CanRead64Bit) { |
| 69 BitStreamReader reader( |
| 70 base::StringPiece(reinterpret_cast<const char*>(kSomeData), 8)); |
| 71 EXPECT_EQ(64u, reader.BitsLeft()); |
| 72 uint64_t v(0); |
| 73 |
| 74 EXPECT_TRUE(reader.ReadBits(64, &v)); |
| 75 EXPECT_EQ(UINT64_C(0xd5e2afe5bb107cd1), v); |
| 76 } |
| 77 |
| 78 TEST(BitStreamReaderTest, CanReadUnaryEncodedNumbers) { |
| 79 BitStreamReader reader( |
| 80 base::StringPiece(reinterpret_cast<const char*>(kSomeData), 3)); |
| 81 const uint64_t expected_values[] = {2, 1, 1, 4, 0, 0, 1, 1, 1, 4}; |
| 82 uint64_t v(0); |
| 83 for (int i = 0; i < 10; ++i) { |
| 84 EXPECT_TRUE(reader.ReadUnaryEncoding(&v)); |
| 85 EXPECT_EQ(expected_values[i], v) << "Values differ at position " << i; |
| 86 } |
| 87 } |
| 88 |
| 89 } // namespace internal |
| 90 |
| 91 namespace { |
| 92 |
| 93 const uint8_t kFirstHashRaw[] = {0x00, 0x00, 0x03, 0xd7, |
| 94 0xfc, 0x18, 0x02, 0xcb}; |
| 95 std::string GetFirstHash() { |
| 96 return std::string(reinterpret_cast<const char*>(kFirstHashRaw), 8); |
| 97 } |
| 98 |
| 99 // Second hash: Diff from first hash is > 2^47 |
| 100 const uint8_t kSecondHashRaw[] = {0x00, 0x01, 0x05, 0xd2, |
| 101 0x58, 0x47, 0xa7, 0xbf}; |
| 102 std::string GetSecondHash() { |
| 103 return std::string(reinterpret_cast<const char*>(kSecondHashRaw), 8); |
| 104 } |
| 105 |
| 106 // Third hash: Diff from 2nd hash is < 2^47 |
| 107 const uint8_t kThirdHashRaw[] = {0x00, 0x01, 0x48, 0x45, |
| 108 0x8c, 0x53, 0x03, 0x94}; |
| 109 std::string GetThirdHash() { |
| 110 return std::string(reinterpret_cast<const char*>(kThirdHashRaw), 8); |
| 111 } |
| 112 |
| 113 const uint8_t kWhitelistData[] = { |
| 114 0x00, 0x00, 0x03, 0xd7, 0xfc, 0x18, 0x02, 0xcb, // First hash |
| 115 0xc0, 0x7e, 0x97, 0x0b, 0xe9, 0x3d, 0x10, 0x9c, |
| 116 0xcd, 0x02, 0xd6, 0xf5, 0x40, |
| 117 }; |
| 118 |
| 119 std::string GetPartialWhitelistData(uint8_t num_bytes) { |
| 120 return std::string(reinterpret_cast<const char*>(kWhitelistData), num_bytes); |
| 121 } |
| 122 |
| 123 std::string GetAllWhitelistData() { |
| 124 return GetPartialWhitelistData(arraysize(kWhitelistData)); |
| 125 } |
| 126 |
| 127 } // namespace |
| 128 |
| 129 class EVCertsWhitelistTest : public ::testing::Test { |
| 130 public: |
| 131 EVCertsWhitelistTest() : whitelist_(internal::GetEmptyEVCertsWhitelist()) {} |
| 132 virtual ~EVCertsWhitelistTest() {} |
| 133 |
| 134 protected: |
| 135 scoped_refptr<EVCertsWhitelist> whitelist_; |
| 136 }; |
| 137 |
| 138 TEST_F(EVCertsWhitelistTest, UncompressFailsForTooShortList) { |
| 139 // This list does not contain enough bytes even for the first hash. |
| 140 std::set<std::string> res; |
| 141 EXPECT_FALSE(EVCertsWhitelist::UncompressEVWhitelist( |
| 142 std::string(reinterpret_cast<const char*>(kWhitelistData), 7), &res)); |
| 143 } |
| 144 |
| 145 TEST_F(EVCertsWhitelistTest, UncompressFailsForTruncatedList) { |
| 146 // This list is missing bits for the second part of the diff. |
| 147 std::set<std::string> res; |
| 148 EXPECT_FALSE(EVCertsWhitelist::UncompressEVWhitelist( |
| 149 std::string(reinterpret_cast<const char*>(kWhitelistData), 14), &res)); |
| 150 } |
| 151 |
| 152 TEST_F(EVCertsWhitelistTest, UncompressesWhitelistCorrectly) { |
| 153 std::set<std::string> res; |
| 154 ASSERT_TRUE(EVCertsWhitelist::UncompressEVWhitelist( |
| 155 std::string(reinterpret_cast<const char*>(kWhitelistData), |
| 156 arraysize(kWhitelistData)), |
| 157 &res)); |
| 158 |
| 159 // Ensure first hash is found |
| 160 EXPECT_TRUE(res.find(GetFirstHash()) != res.end()); |
| 161 // Ensure second hash is found |
| 162 EXPECT_TRUE(res.find(GetSecondHash()) != res.end()); |
| 163 // Ensure last hash is found |
| 164 EXPECT_TRUE(res.find(GetThirdHash()) != res.end()); |
| 165 // Ensure that there are exactly 3 hashes. |
| 166 EXPECT_EQ(3u, res.size()); |
| 167 } |
| 168 |
| 169 TEST_F(EVCertsWhitelistTest, CanFindHashInSetList) { |
| 170 ASSERT_TRUE(whitelist_->Update(GetAllWhitelistData())); |
| 171 |
| 172 EXPECT_TRUE(whitelist_->ContainsCertificateHash(GetFirstHash())); |
| 173 } |
| 174 |
| 175 TEST_F(EVCertsWhitelistTest, CannotFindOldHashAfterSetList) { |
| 176 ASSERT_TRUE(whitelist_->Update(GetAllWhitelistData())); |
| 177 EXPECT_TRUE(whitelist_->ContainsCertificateHash(GetSecondHash())); |
| 178 |
| 179 ASSERT_TRUE(whitelist_->Update(GetPartialWhitelistData(8))); |
| 180 EXPECT_FALSE(whitelist_->ContainsCertificateHash(GetSecondHash())); |
| 181 EXPECT_TRUE(whitelist_->ContainsCertificateHash(GetFirstHash())); |
| 182 } |
| 183 |
| 184 TEST_F(EVCertsWhitelistTest, DoesNotUpdateBadWhitelist) { |
| 185 ASSERT_TRUE(whitelist_->Update(GetAllWhitelistData())); |
| 186 EXPECT_TRUE(whitelist_->ContainsCertificateHash(GetSecondHash())); |
| 187 |
| 188 EXPECT_FALSE(whitelist_->Update(GetPartialWhitelistData(14))); |
| 189 EXPECT_TRUE(whitelist_->ContainsCertificateHash(GetFirstHash())); |
| 190 } |
| 191 |
| 192 TEST_F(EVCertsWhitelistTest, CorrectlyIdentifiesWhitelistIsInvalid) { |
| 193 EXPECT_FALSE(whitelist_->IsValid()); |
| 194 } |
| 195 |
| 196 TEST_F(EVCertsWhitelistTest, CorrectlyIdentifiesWhitelistIsValid) { |
| 197 std::set<std::string> whitelist_data; |
| 198 ASSERT_TRUE(whitelist_->Update(GetAllWhitelistData())); |
| 199 EXPECT_TRUE(whitelist_->IsValid()); |
| 200 } |
| 201 |
| 202 } // namespace ct |
| 203 |
| 204 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 547603002:
Certificate Transparency: Code for unpacking EV cert hashes whitelist (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master