| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "chrome/browser/net/packed_ct_ev_whitelist.h" |
| 6 |
| 7 #include <algorithm> |
| 8 #include <string> |
| 9 |
| 10 #include "testing/gtest/include/gtest/gtest.h" |
| 11 |
| 12 namespace { |
| 13 |
| 14 const uint8_t kFirstHashRaw[] = |
| 15 {0x00, 0x00, 0x03, 0xd7, 0xfc, 0x18, 0x02, 0xcb}; |
| 16 std::string GetFirstHash() { |
| 17 return std::string(reinterpret_cast<const char*>(kFirstHashRaw), 8); |
| 18 } |
| 19 |
| 20 // Second hash: Diff from first hash is > 2^47 |
| 21 const uint8_t kSecondHashRaw[] = |
| 22 {0x00, 0x01, 0x05, 0xd2, 0x58, 0x47, 0xa7, 0xbf}; |
| 23 std::string GetSecondHash() { |
| 24 return std::string(reinterpret_cast<const char*>(kSecondHashRaw), 8); |
| 25 } |
| 26 |
| 27 // Third hash: Diff from 2nd hash is < 2^47 |
| 28 const uint8_t kThirdHashRaw[] = |
| 29 {0x00, 0x01, 0x48, 0x45, 0x8c, 0x53, 0x03, 0x94}; |
| 30 std::string GetThirdHash() { |
| 31 return std::string(reinterpret_cast<const char*>(kThirdHashRaw), 8); |
| 32 } |
| 33 |
| 34 const uint8_t kWhitelistData[] = { |
| 35 0x00, 0x00, 0x03, 0xd7, 0xfc, 0x18, 0x02, 0xcb, // First hash |
| 36 0xc0, 0x7e, 0x97, 0x0b, 0xe9, 0x3d, 0x10, 0x9c, |
| 37 0xcd, 0x02, 0xd6, 0xf5, 0x40, |
| 38 }; |
| 39 |
| 40 std::string GetPartialWhitelistData(uint8_t num_bytes) { |
| 41 return std::string(reinterpret_cast<const char*>(kWhitelistData), num_bytes); |
| 42 } |
| 43 |
| 44 std::string GetAllWhitelistData() { |
| 45 return GetPartialWhitelistData(arraysize(kWhitelistData)); |
| 46 } |
| 47 |
| 48 } // namespace |
| 49 |
| 50 TEST(PackedEVCertsWhitelistTest, UncompressFailsForTooShortList) { |
| 51 // This list does not contain enough bytes even for the first hash. |
| 52 std::vector<std::string> res; |
| 53 EXPECT_FALSE(PackedEVCertsWhitelist::UncompressEVWhitelist( |
| 54 std::string(reinterpret_cast<const char*>(kWhitelistData), 7), &res)); |
| 55 } |
| 56 |
| 57 TEST(PackedEVCertsWhitelistTest, UncompressFailsForTruncatedList) { |
| 58 // This list is missing bits for the second part of the diff. |
| 59 std::vector<std::string> res; |
| 60 EXPECT_FALSE(PackedEVCertsWhitelist::UncompressEVWhitelist( |
| 61 std::string(reinterpret_cast<const char*>(kWhitelistData), 14), &res)); |
| 62 } |
| 63 |
| 64 TEST(PackedEVCertsWhitelistTest, UncompressFailsForInvalidValuesInList) { |
| 65 // A list with an invalid read_prefix value is the number 131072, unary |
| 66 // encoded, after the fist 8 bytes of a valid hash. |
| 67 // That translates to 16385 0xff bytes. |
| 68 // To make the hash otherwise valid, append 6 bytes of r value. |
| 69 const int num_ff_bytes = 16385; |
| 70 const int total_size = 8 + num_ff_bytes + 7; |
| 71 uint8_t* invalid_whitelist = new uint8_t[total_size]; |
| 72 invalid_whitelist[total_size - 1] = '\0'; |
| 73 // Valid first hash. |
| 74 memcpy(reinterpret_cast<char*>(invalid_whitelist), |
| 75 reinterpret_cast<const char*>(kWhitelistData), |
| 76 8 * sizeof(char)); |
| 77 // 0xff 16385 times. |
| 78 for (int i = 0; i < num_ff_bytes; i++) { |
| 79 invalid_whitelist[8 + i] = 0xff; |
| 80 } |
| 81 // Valid r value (any 6 bytes will do). |
| 82 memcpy(reinterpret_cast<char*>(invalid_whitelist + 8 + num_ff_bytes), |
| 83 reinterpret_cast<const char*>(kWhitelistData), |
| 84 6 * sizeof(char)); |
| 85 |
| 86 std::vector<std::string> res; |
| 87 EXPECT_FALSE(PackedEVCertsWhitelist::UncompressEVWhitelist( |
| 88 std::string(reinterpret_cast<const char*>(invalid_whitelist), |
| 89 total_size - 1), |
| 90 &res)); |
| 91 delete[] invalid_whitelist; |
| 92 } |
| 93 |
| 94 TEST(PackedEVCertsWhitelistTest, UncompressesWhitelistCorrectly) { |
| 95 std::vector<std::string> res; |
| 96 ASSERT_TRUE(PackedEVCertsWhitelist::UncompressEVWhitelist( |
| 97 std::string(reinterpret_cast<const char*>(kWhitelistData), |
| 98 arraysize(kWhitelistData)), |
| 99 &res)); |
| 100 |
| 101 // Ensure first hash is found |
| 102 EXPECT_TRUE(std::find(res.begin(), res.end(), GetFirstHash()) != res.end()); |
| 103 // Ensure second hash is found |
| 104 EXPECT_TRUE(std::find(res.begin(), res.end(), GetSecondHash()) != res.end()); |
| 105 // Ensure last hash is found |
| 106 EXPECT_TRUE(std::find(res.begin(), res.end(), GetThirdHash()) != res.end()); |
| 107 // Ensure that there are exactly 3 hashes. |
| 108 EXPECT_EQ(3u, res.size()); |
| 109 } |
| 110 |
| 111 TEST(PackedEVCertsWhitelistTest, CanFindHashInSetList) { |
| 112 scoped_refptr<PackedEVCertsWhitelist> whitelist( |
| 113 new PackedEVCertsWhitelist(GetAllWhitelistData())); |
| 114 |
| 115 EXPECT_TRUE(whitelist->IsValid()); |
| 116 EXPECT_TRUE(whitelist->ContainsCertificateHash(GetFirstHash())); |
| 117 EXPECT_TRUE(whitelist->ContainsCertificateHash(GetSecondHash())); |
| 118 EXPECT_TRUE(whitelist->ContainsCertificateHash(GetThirdHash())); |
| 119 } |
| 120 |
| 121 TEST(PackedEVCertsWhitelistTest, CorrectlyIdentifiesEmptyWhitelistIsInvalid) { |
| 122 scoped_refptr<PackedEVCertsWhitelist> whitelist( |
| 123 new PackedEVCertsWhitelist("")); |
| 124 |
| 125 EXPECT_FALSE(whitelist->IsValid()); |
| 126 } |
| 127 |
| 128 TEST(PackedEVCertsWhitelistTest, CorrectlyIdentifiesPartialWhitelistIsInvalid) { |
| 129 scoped_refptr<PackedEVCertsWhitelist> whitelist( |
| 130 new PackedEVCertsWhitelist(GetPartialWhitelistData(14))); |
| 131 |
| 132 EXPECT_FALSE(whitelist->IsValid()); |
| 133 } |
| 134 |
| 135 TEST(PackedEVCertsWhitelistTest, CorrectlyIdentifiesWhitelistIsValid) { |
| 136 scoped_refptr<PackedEVCertsWhitelist> whitelist( |
| 137 new PackedEVCertsWhitelist(GetAllWhitelistData())); |
| 138 |
| 139 EXPECT_TRUE(whitelist->IsValid()); |
| 140 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 547603002:
Certificate Transparency: Code for unpacking EV cert hashes whitelist (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master