Index: chrome/browser/net/chrome_fraudulent_certificate_reporter_unittest.cc |
diff --git a/chrome/browser/net/chrome_fraudulent_certificate_reporter_unittest.cc b/chrome/browser/net/chrome_fraudulent_certificate_reporter_unittest.cc |
index 0a8d77b21bf820f71bcb282a37643295ed79a9c5..893c332d461d8cd57178fa4fc83deab710bdbf81 100644 |
--- a/chrome/browser/net/chrome_fraudulent_certificate_reporter_unittest.cc |
+++ b/chrome/browser/net/chrome_fraudulent_certificate_reporter_unittest.cc |
@@ -12,7 +12,13 @@ |
#include "base/message_loop/message_loop.h" |
#include "base/synchronization/waitable_event.h" |
#include "base/threading/thread.h" |
+#include "chrome/browser/net/cert_logger.pb.h" |
#include "content/public/test/test_browser_thread.h" |
+#include "crypto/curve25519.h" |
+#include "crypto/encryptor.h" |
+#include "crypto/hmac.h" |
+#include "crypto/sha2.h" |
+#include "crypto/symmetric_key.h" |
#include "net/base/request_priority.h" |
#include "net/base/test_data_directory.h" |
#include "net/cert/x509_certificate.h" |
@@ -194,4 +200,72 @@ TEST(ChromeFraudulentCertificateReporterTest, ReportIsNotSent) { |
loop.RunUntilIdle(); |
} |
+// Crypto test |
+static const uint32 kServerPublicKeyVersion = 1; |
+static const uint8 kServerPublicKey[32] = { |
+ 0xde, 0x9e, 0xdb, 0x7d, 0x7b, 0x7d, 0xc1, 0xb4, 0xd3, 0x5b, 0x61, |
+ 0xc2, 0xec, 0xe4, 0x35, 0x37, 0x3f, 0x83, 0x43, 0xc8, 0x5b, 0x78, |
+ 0x67, 0x4d, 0xad, 0xfc, 0x7e, 0x14, 0x6f, 0x88, 0x2b, 0x4f}; |
+static const uint8 kServerPrivateKey[32] = { |
+ 0x5d, 0xab, 0x08, 0x7e, 0x62, 0x4a, 0x8a, 0x4b, 0x79, 0xe1, 0x7f, |
+ 0x8b, 0x83, 0x80, 0x0e, 0xe6, 0x6f, 0x3b, 0xb1, 0x29, 0x26, 0x18, |
+ 0xb6, 0xfd, 0x1c, 0x2f, 0x8b, 0x27, 0xff, 0x88, 0xe0, 0xeb}; |
+ |
+static void DecryptReport(std::string serialized_encrypted_report, |
+ CertLoggerRequest& plaintext_request) { |
+ EncryptedCertLoggerRequest request; |
+ request.ParseFromString(serialized_encrypted_report); |
+ |
+ EXPECT_EQ(request.server_public_key(), kServerPublicKeyVersion); |
+ |
+ std::string aes_key_str; |
+ std::string hmac_key; |
+ CalculateSymmetricKeys(kServerPrivateKey, |
+ (uint8*)request.client_public_key().data(), |
+ aes_key_str, hmac_key); |
+ scoped_ptr<crypto::SymmetricKey> aes_key( |
+ crypto::SymmetricKey::Import(crypto::SymmetricKey::AES, aes_key_str)); |
+ |
+ crypto::HMAC hmac(crypto::HMAC::SHA256); |
+ std::string hmac_input = request.nonce() + request.encrypted_report(); |
+ ASSERT_TRUE(hmac.Init(hmac_key)); |
+ EXPECT_TRUE(hmac.Verify(hmac_input, request.mac())); |
+ |
+ crypto::Encryptor decryptor; |
+ std::string plaintext; |
+ decryptor.Init(aes_key.get(), crypto::Encryptor::CTR, ""); |
+ decryptor.SetCounter(request.nonce()); |
+ decryptor.Decrypt(request.encrypted_report(), &plaintext); |
+ |
+ plaintext_request.ParseFromString(plaintext); |
+} |
+ |
+TEST(ChromeFraudulentCertificateReporterTest, EncryptedReportDecrypts) { |
+ // Fill a CertLoggerRequest with dummy data. |
+ CertLoggerRequest request; |
+ request.set_hostname("example.com"); |
+ request.set_cert_chain("blahblah"); |
+ request.set_time_usec(1); |
+ |
+ // Serialize and encrypt it. |
+ std::string serialized; |
+ request.SerializeToString(&serialized); |
+ EncryptedCertLoggerRequest encrypted_report; |
+ EncryptSerializedReport(kServerPublicKey, kServerPublicKeyVersion, serialized, |
+ encrypted_report); |
+ |
+ // Serialize the encrypted report. |
+ std::string serialized_encrypted_report; |
+ encrypted_report.SerializeToString(&serialized_encrypted_report); |
+ |
+ // Deserialize and decrypt. |
+ CertLoggerRequest decrypted; |
+ DecryptReport(serialized_encrypted_report, decrypted); |
+ |
+ // Check that the decrypted report matches the original. |
+ EXPECT_EQ(decrypted.hostname(), request.hostname()); |
+ EXPECT_EQ(decrypted.cert_chain(), request.cert_chain()); |
+ EXPECT_EQ(decrypted.time_usec(), request.time_usec()); |
+} |
+ |
} // namespace chrome_browser_net |