| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/net/chrome_fraudulent_certificate_reporter.h" | 5 #include "chrome/browser/net/chrome_fraudulent_certificate_reporter.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 | 8 |
| 9 #include "base/bind.h" | 9 #include "base/bind.h" |
| 10 #include "base/files/file_path.h" | 10 #include "base/files/file_path.h" |
| 11 #include "base/memory/scoped_ptr.h" | 11 #include "base/memory/scoped_ptr.h" |
| 12 #include "base/message_loop/message_loop.h" | 12 #include "base/message_loop/message_loop.h" |
| 13 #include "base/synchronization/waitable_event.h" | 13 #include "base/synchronization/waitable_event.h" |
| 14 #include "base/threading/thread.h" | 14 #include "base/threading/thread.h" |
| 15 #include "chrome/browser/net/cert_logger.pb.h" |
| 15 #include "content/public/test/test_browser_thread.h" | 16 #include "content/public/test/test_browser_thread.h" |
| 17 #include "crypto/curve25519.h" |
| 18 #include "crypto/encryptor.h" |
| 19 #include "crypto/hmac.h" |
| 20 #include "crypto/sha2.h" |
| 21 #include "crypto/symmetric_key.h" |
| 16 #include "net/base/request_priority.h" | 22 #include "net/base/request_priority.h" |
| 17 #include "net/base/test_data_directory.h" | 23 #include "net/base/test_data_directory.h" |
| 18 #include "net/cert/x509_certificate.h" | 24 #include "net/cert/x509_certificate.h" |
| 19 #include "net/http/transport_security_state.h" | 25 #include "net/http/transport_security_state.h" |
| 20 #include "net/ssl/ssl_info.h" | 26 #include "net/ssl/ssl_info.h" |
| 21 #include "net/test/cert_test_util.h" | 27 #include "net/test/cert_test_util.h" |
| 22 #include "net/url_request/fraudulent_certificate_reporter.h" | 28 #include "net/url_request/fraudulent_certificate_reporter.h" |
| 23 #include "net/url_request/url_request.h" | 29 #include "net/url_request/url_request.h" |
| 24 #include "net/url_request/url_request_context.h" | 30 #include "net/url_request/url_request_context.h" |
| 25 #include "net/url_request/url_request_test_util.h" | 31 #include "net/url_request/url_request_test_util.h" |
| (...skipping 161 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 187 loop.RunUntilIdle(); | 193 loop.RunUntilIdle(); |
| 188 } | 194 } |
| 189 | 195 |
| 190 TEST(ChromeFraudulentCertificateReporterTest, ReportIsNotSent) { | 196 TEST(ChromeFraudulentCertificateReporterTest, ReportIsNotSent) { |
| 191 base::MessageLoopForIO loop; | 197 base::MessageLoopForIO loop; |
| 192 content::TestBrowserThread io_thread(BrowserThread::IO, &loop); | 198 content::TestBrowserThread io_thread(BrowserThread::IO, &loop); |
| 193 loop.PostTask(FROM_HERE, base::Bind(&DoReportIsNotSent)); | 199 loop.PostTask(FROM_HERE, base::Bind(&DoReportIsNotSent)); |
| 194 loop.RunUntilIdle(); | 200 loop.RunUntilIdle(); |
| 195 } | 201 } |
| 196 | 202 |
| 203 // Crypto test |
| 204 static const uint32 kServerPublicKeyVersion = 1; |
| 205 static const uint8 kServerPublicKey[32] = { |
| 206 0xde, 0x9e, 0xdb, 0x7d, 0x7b, 0x7d, 0xc1, 0xb4, 0xd3, 0x5b, 0x61, |
| 207 0xc2, 0xec, 0xe4, 0x35, 0x37, 0x3f, 0x83, 0x43, 0xc8, 0x5b, 0x78, |
| 208 0x67, 0x4d, 0xad, 0xfc, 0x7e, 0x14, 0x6f, 0x88, 0x2b, 0x4f}; |
| 209 static const uint8 kServerPrivateKey[32] = { |
| 210 0x5d, 0xab, 0x08, 0x7e, 0x62, 0x4a, 0x8a, 0x4b, 0x79, 0xe1, 0x7f, |
| 211 0x8b, 0x83, 0x80, 0x0e, 0xe6, 0x6f, 0x3b, 0xb1, 0x29, 0x26, 0x18, |
| 212 0xb6, 0xfd, 0x1c, 0x2f, 0x8b, 0x27, 0xff, 0x88, 0xe0, 0xeb}; |
| 213 |
| 214 static void DecryptReport(std::string serialized_encrypted_report, |
| 215 CertLoggerRequest& plaintext_request) { |
| 216 EncryptedCertLoggerRequest request; |
| 217 request.ParseFromString(serialized_encrypted_report); |
| 218 |
| 219 EXPECT_EQ(request.server_public_key(), kServerPublicKeyVersion); |
| 220 |
| 221 std::string aes_key_str; |
| 222 std::string hmac_key; |
| 223 CalculateSymmetricKeys(kServerPrivateKey, |
| 224 (uint8*)request.client_public_key().data(), |
| 225 aes_key_str, hmac_key); |
| 226 scoped_ptr<crypto::SymmetricKey> aes_key( |
| 227 crypto::SymmetricKey::Import(crypto::SymmetricKey::AES, aes_key_str)); |
| 228 |
| 229 crypto::HMAC hmac(crypto::HMAC::SHA256); |
| 230 std::string hmac_input = request.nonce() + request.encrypted_report(); |
| 231 ASSERT_TRUE(hmac.Init(hmac_key)); |
| 232 EXPECT_TRUE(hmac.Verify(hmac_input, request.mac())); |
| 233 |
| 234 crypto::Encryptor decryptor; |
| 235 std::string plaintext; |
| 236 decryptor.Init(aes_key.get(), crypto::Encryptor::CTR, ""); |
| 237 decryptor.SetCounter(request.nonce()); |
| 238 decryptor.Decrypt(request.encrypted_report(), &plaintext); |
| 239 |
| 240 plaintext_request.ParseFromString(plaintext); |
| 241 } |
| 242 |
| 243 TEST(ChromeFraudulentCertificateReporterTest, EncryptedReportDecrypts) { |
| 244 // Fill a CertLoggerRequest with dummy data. |
| 245 CertLoggerRequest request; |
| 246 request.set_hostname("example.com"); |
| 247 request.set_cert_chain("blahblah"); |
| 248 request.set_time_usec(1); |
| 249 |
| 250 // Serialize and encrypt it. |
| 251 std::string serialized; |
| 252 request.SerializeToString(&serialized); |
| 253 EncryptedCertLoggerRequest encrypted_report; |
| 254 EncryptSerializedReport(kServerPublicKey, kServerPublicKeyVersion, serialized, |
| 255 encrypted_report); |
| 256 |
| 257 // Serialize the encrypted report. |
| 258 std::string serialized_encrypted_report; |
| 259 encrypted_report.SerializeToString(&serialized_encrypted_report); |
| 260 |
| 261 // Deserialize and decrypt. |
| 262 CertLoggerRequest decrypted; |
| 263 DecryptReport(serialized_encrypted_report, decrypted); |
| 264 |
| 265 // Check that the decrypted report matches the original. |
| 266 EXPECT_EQ(decrypted.hostname(), request.hostname()); |
| 267 EXPECT_EQ(decrypted.cert_chain(), request.cert_chain()); |
| 268 EXPECT_EQ(decrypted.time_usec(), request.time_usec()); |
| 269 } |
| 270 |
| 197 } // namespace chrome_browser_net | 271 } // namespace chrome_browser_net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 975623002:
Encrypt certificate logger requests for extended reporting (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master