Encrypt certificate logger requests for extended reporting

chrome/browser/net/chrome_fraudulent_certificate_reporter_unittest.cc

Index: chrome/browser/net/chrome_fraudulent_certificate_reporter_unittest.cc
diff --git a/chrome/browser/net/chrome_fraudulent_certificate_reporter_unittest.cc b/chrome/browser/net/chrome_fraudulent_certificate_reporter_unittest.cc
index 0a8d77b21bf820f71bcb282a37643295ed79a9c5..893c332d461d8cd57178fa4fc83deab710bdbf81 100644
--- a/chrome/browser/net/chrome_fraudulent_certificate_reporter_unittest.cc
+++ b/chrome/browser/net/chrome_fraudulent_certificate_reporter_unittest.cc
@@ -12,7 +12,13 @@
 #include "base/message_loop/message_loop.h"
 #include "base/synchronization/waitable_event.h"
 #include "base/threading/thread.h"
+#include "chrome/browser/net/cert_logger.pb.h"
 #include "content/public/test/test_browser_thread.h"
+#include "crypto/curve25519.h"
+#include "crypto/encryptor.h"
+#include "crypto/hmac.h"
+#include "crypto/sha2.h"
+#include "crypto/symmetric_key.h"
 #include "net/base/request_priority.h"
 #include "net/base/test_data_directory.h"
 #include "net/cert/x509_certificate.h"
@@ -194,4 +200,72 @@ TEST(ChromeFraudulentCertificateReporterTest, ReportIsNotSent) {
   loop.RunUntilIdle();
 }
 
+// Crypto test
+static const uint32 kServerPublicKeyVersion = 1;
+static const uint8 kServerPublicKey[32] = {
+    0xde, 0x9e, 0xdb, 0x7d, 0x7b, 0x7d, 0xc1, 0xb4, 0xd3, 0x5b, 0x61,
+    0xc2, 0xec, 0xe4, 0x35, 0x37, 0x3f, 0x83, 0x43, 0xc8, 0x5b, 0x78,
+    0x67, 0x4d, 0xad, 0xfc, 0x7e, 0x14, 0x6f, 0x88, 0x2b, 0x4f};
+static const uint8 kServerPrivateKey[32] = {
+    0x5d, 0xab, 0x08, 0x7e, 0x62, 0x4a, 0x8a, 0x4b, 0x79, 0xe1, 0x7f,
+    0x8b, 0x83, 0x80, 0x0e, 0xe6, 0x6f, 0x3b, 0xb1, 0x29, 0x26, 0x18,
+    0xb6, 0xfd, 0x1c, 0x2f, 0x8b, 0x27, 0xff, 0x88, 0xe0, 0xeb};
+
+static void DecryptReport(std::string serialized_encrypted_report,
+                          CertLoggerRequest& plaintext_request) {
+  EncryptedCertLoggerRequest request;
+  request.ParseFromString(serialized_encrypted_report);
+
+  EXPECT_EQ(request.server_public_key(), kServerPublicKeyVersion);
+
+  std::string aes_key_str;
+  std::string hmac_key;
+  CalculateSymmetricKeys(kServerPrivateKey,
+                         (uint8*)request.client_public_key().data(),
+                         aes_key_str, hmac_key);
+  scoped_ptr<crypto::SymmetricKey> aes_key(
+      crypto::SymmetricKey::Import(crypto::SymmetricKey::AES, aes_key_str));
+
+  crypto::HMAC hmac(crypto::HMAC::SHA256);
+  std::string hmac_input = request.nonce() + request.encrypted_report();
+  ASSERT_TRUE(hmac.Init(hmac_key));
+  EXPECT_TRUE(hmac.Verify(hmac_input, request.mac()));
+
+  crypto::Encryptor decryptor;
+  std::string plaintext;
+  decryptor.Init(aes_key.get(), crypto::Encryptor::CTR, "");
+  decryptor.SetCounter(request.nonce());
+  decryptor.Decrypt(request.encrypted_report(), &plaintext);
+
+  plaintext_request.ParseFromString(plaintext);
+}
+
+TEST(ChromeFraudulentCertificateReporterTest, EncryptedReportDecrypts) {
+  // Fill a CertLoggerRequest with dummy data.
+  CertLoggerRequest request;
+  request.set_hostname("example.com");
+  request.set_cert_chain("blahblah");
+  request.set_time_usec(1);
+
+  // Serialize and encrypt it.
+  std::string serialized;
+  request.SerializeToString(&serialized);
+  EncryptedCertLoggerRequest encrypted_report;
+  EncryptSerializedReport(kServerPublicKey, kServerPublicKeyVersion, serialized,
+                          encrypted_report);
+
+  // Serialize the encrypted report.
+  std::string serialized_encrypted_report;
+  encrypted_report.SerializeToString(&serialized_encrypted_report);
+
+  // Deserialize and decrypt.
+  CertLoggerRequest decrypted;
+  DecryptReport(serialized_encrypted_report, decrypted);
+
+  // Check that the decrypted report matches the original.
+  EXPECT_EQ(decrypted.hostname(), request.hostname());
+  EXPECT_EQ(decrypted.cert_chain(), request.cert_chain());
+  EXPECT_EQ(decrypted.time_usec(), request.time_usec());
+}
+
 }  // namespace chrome_browser_net