search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Remove PlatformFile from profile_browsertest
[chromium-blink-merge.git] / net / quic / crypto / proof_test.cc
blob377bc808394494114a4a6836a3a008e89a30eb67
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "base/files/file_path.h"
6 #include "net/base/net_errors.h"
7 #include "net/base/test_completion_callback.h"
8 #include "net/base/test_data_directory.h"
9 #include "net/cert/cert_status_flags.h"
10 #include "net/cert/cert_verify_result.h"
11 #include "net/cert/x509_certificate.h"
12 #include "net/quic/crypto/proof_source.h"
13 #include "net/quic/crypto/proof_verifier.h"
14 #include "net/quic/test_tools/crypto_test_utils.h"
15 #include "net/test/cert_test_util.h"
16 #include "testing/gtest/include/gtest/gtest.h"
17
18 #if defined(OS_WIN)
19 #include "base/win/windows_version.h"
20 #endif
21
22 using std::string;
23 using std::vector;
24
25 namespace net {
26 namespace test {
27 namespace {
28
29 // TestProofVerifierCallback is a simple callback for a ProofVerifier that
30 // signals a TestCompletionCallback when called and stores the results from the
31 // ProofVerifier in pointers passed to the constructor.
32 class TestProofVerifierCallback : public ProofVerifierCallback {
33 public:
34 TestProofVerifierCallback(TestCompletionCallback* comp_callback,
35 bool* ok,
36 string* error_details)
37 : comp_callback_(comp_callback),
38 ok_(ok),
39 error_details_(error_details) {}
40
41 virtual void Run(bool ok,
42 const string& error_details,
43 scoped_ptr<ProofVerifyDetails>* details) OVERRIDE {
44 *ok_ = ok;
45 *error_details_ = error_details;
46
47 comp_callback_->callback().Run(0);
48 }
49
50 private:
51 TestCompletionCallback* const comp_callback_;
52 bool* const ok_;
53 string* const error_details_;
54 };
55
56 // RunVerification runs |verifier->VerifyProof| and asserts that the result
57 // matches |expected_ok|.
58 void RunVerification(ProofVerifier* verifier,
59 const string& hostname,
60 const string& server_config,
61 const vector<string>& certs,
62 const string& proof,
63 bool expected_ok) {
64 scoped_ptr<ProofVerifyDetails> details;
65 TestCompletionCallback comp_callback;
66 bool ok;
67 string error_details;
68 scoped_ptr<ProofVerifyContext> verify_context(
69 CryptoTestUtils::ProofVerifyContextForTesting());
70 TestProofVerifierCallback* callback =
71 new TestProofVerifierCallback(&comp_callback, &ok, &error_details);
72
73 ProofVerifier::Status status = verifier->VerifyProof(
74 hostname, server_config, certs, proof, verify_context.get(),
75 &error_details, &details, callback);
76
77 switch (status) {
78 case ProofVerifier::FAILURE:
79 ASSERT_FALSE(expected_ok);
80 ASSERT_NE("", error_details);
81 return;
82 case ProofVerifier::SUCCESS:
83 ASSERT_TRUE(expected_ok);
84 ASSERT_EQ("", error_details);
85 return;
86 case ProofVerifier::PENDING:
87 comp_callback.WaitForResult();
88 ASSERT_EQ(expected_ok, ok);
89 break;
90 }
91 }
92
93 // Reads the certificate named "quic_" + |file_name| in the test data directory.
94 // The certificate must be PEM encoded. Returns the DER-encoded certificate.
95 string LoadTestCert(const string& file_name) {
96 base::FilePath certs_dir = GetTestCertsDirectory();
97 scoped_refptr<X509Certificate> cert =
98 ImportCertFromFile(certs_dir, "quic_" + file_name);
99 CHECK_NE(static_cast<X509Certificate*>(NULL), cert);
100
101 string der_bytes;
102 CHECK(X509Certificate::GetDEREncoded(cert->os_cert_handle(), &der_bytes));
103 return der_bytes;
104 }
105
106 } // namespace
107
108 // TODO(rtenneti): Enable testing of ProofVerifier.
109 TEST(ProofTest, DISABLED_Verify) {
110 scoped_ptr<ProofSource> source(CryptoTestUtils::ProofSourceForTesting());
111 scoped_ptr<ProofVerifier> verifier(
112 CryptoTestUtils::ProofVerifierForTesting());
113
114 const string server_config = "server config bytes";
115 const string hostname = "test.example.com";
116 const vector<string>* certs;
117 const vector<string>* first_certs;
118 string error_details, signature, first_signature;
119
120 ASSERT_TRUE(source->GetProof(hostname, server_config, false /* no ECDSA */,
121 &first_certs, &first_signature));
122 ASSERT_TRUE(source->GetProof(hostname, server_config, false /* no ECDSA */,
123 &certs, &signature));
124
125 // Check that the proof source is caching correctly:
126 ASSERT_EQ(first_certs, certs);
127 ASSERT_EQ(signature, first_signature);
128
129 RunVerification(
130 verifier.get(), hostname, server_config, *certs, signature, true);
131
132 RunVerification(
133 verifier.get(), "foo.com", server_config, *certs, signature, false);
134
135 RunVerification(
136 verifier.get(), server_config.substr(1, string::npos), server_config,
137 *certs, signature, false);
138
139 const string corrupt_signature = "1" + signature;
140 RunVerification(
141 verifier.get(), hostname, server_config, *certs, corrupt_signature,
142 false);
143
144 vector<string> wrong_certs;
145 for (size_t i = 1; i < certs->size(); i++) {
146 wrong_certs.push_back((*certs)[i]);
147 }
148 RunVerification(
149 verifier.get(), "foo.com", server_config, wrong_certs, corrupt_signature,
150 false);
151 }
152
153 // A known answer test that allows us to test ProofVerifier without a working
154 // ProofSource.
155 TEST(ProofTest, VerifyRSAKnownAnswerTest) {
156 // These sample signatures were generated by running the Proof.Verify test
157 // and dumping the bytes of the |signature| output of ProofSource::GetProof().
158 static const unsigned char signature_data_0[] = {
159 0x31, 0xd5, 0xfb, 0x40, 0x30, 0x75, 0xd2, 0x7d, 0x61, 0xf9, 0xd7, 0x54,
160 0x30, 0x06, 0xaf, 0x54, 0x0d, 0xb0, 0x0a, 0xda, 0x63, 0xca, 0x7e, 0x9e,
161 0xce, 0xba, 0x10, 0x05, 0x1b, 0xa6, 0x7f, 0xef, 0x2b, 0xa3, 0xff, 0x3c,
162 0xbb, 0x9a, 0xe4, 0xbf, 0xb8, 0x0c, 0xc1, 0xbd, 0xed, 0xc2, 0x90, 0x68,
163 0xeb, 0x45, 0x48, 0xea, 0x3c, 0x95, 0xf8, 0xa2, 0xb9, 0xe7, 0x62, 0x29,
164 0x00, 0xc3, 0x18, 0xb4, 0x16, 0x6f, 0x5e, 0xb0, 0xc1, 0x26, 0xc0, 0x4b,
165 0x84, 0xf5, 0x97, 0xfc, 0x17, 0xf9, 0x1c, 0x43, 0xb8, 0xf2, 0x3f, 0x38,
166 0x32, 0xad, 0x36, 0x52, 0x2c, 0x26, 0x92, 0x7a, 0xea, 0x2c, 0xa2, 0xf4,
167 0x28, 0x2f, 0x19, 0x4d, 0x1f, 0x11, 0x46, 0x82, 0xd0, 0xc4, 0x86, 0x56,
168 0x5c, 0x97, 0x9e, 0xc6, 0x37, 0x8e, 0xaf, 0x9d, 0x69, 0xe9, 0x4f, 0x5a,
169 0x6d, 0x70, 0x75, 0xc7, 0x41, 0x95, 0x68, 0x53, 0x94, 0xca, 0x31, 0x63,
170 0x61, 0x9f, 0xb8, 0x8c, 0x3b, 0x75, 0x36, 0x8b, 0x69, 0xa2, 0x35, 0xc0,
171 0x4b, 0x77, 0x55, 0x08, 0xc2, 0xb4, 0x56, 0xd2, 0x81, 0xce, 0x9e, 0x25,
172 0xdb, 0x50, 0x74, 0xb3, 0x8a, 0xd9, 0x20, 0x42, 0x3f, 0x85, 0x2d, 0xaa,
173 0xfd, 0x66, 0xfa, 0xd6, 0x95, 0x55, 0x6b, 0x63, 0x63, 0x04, 0xf8, 0x6c,
174 0x3e, 0x08, 0x22, 0x39, 0xb9, 0x9a, 0xe0, 0xd7, 0x01, 0xff, 0xeb, 0x8a,
175 0xb9, 0xe2, 0x34, 0xa5, 0xa0, 0x51, 0xe9, 0xbe, 0x15, 0x12, 0xbf, 0xbe,
176 0x64, 0x3d, 0x3f, 0x98, 0xce, 0xc1, 0xa6, 0x33, 0x32, 0xd3, 0x5c, 0xa8,
177 0x39, 0x93, 0xdc, 0x1c, 0xb9, 0xab, 0x3c, 0x80, 0x62, 0xb3, 0x76, 0x21,
178 0xdf, 0x47, 0x1e, 0xa9, 0x0e, 0x5e, 0x8a, 0xbe, 0x66, 0x5b, 0x7c, 0x21,
179 0xfa, 0x78, 0x2d, 0xd1, 0x1d, 0x5c, 0x35, 0x8a, 0x34, 0xb2, 0x1a, 0xc2,
180 0xc4, 0x4b, 0x53, 0x54,
181 };
182 static const unsigned char signature_data_1[] = {
183 0x01, 0x7b, 0x52, 0x35, 0xe3, 0x51, 0xdd, 0xf1, 0x67, 0x8d, 0x31, 0x5e,
184 0xa3, 0x75, 0x1f, 0x68, 0x6c, 0xdd, 0x41, 0x7a, 0x18, 0x25, 0xe0, 0x12,
185 0x6e, 0x84, 0x46, 0x5e, 0xb2, 0x98, 0xd7, 0x84, 0xe1, 0x62, 0xe0, 0xc1,
186 0xc4, 0xd7, 0x4f, 0x4f, 0x80, 0xc1, 0x92, 0xd6, 0x02, 0xaf, 0xca, 0x28,
187 0x9f, 0xe0, 0xf3, 0x74, 0xd7, 0xf1, 0x44, 0x67, 0x59, 0x27, 0xc8, 0xc2,
188 0x8b, 0xd4, 0xe5, 0x4a, 0x07, 0xfd, 0x00, 0xd6, 0x8a, 0xbf, 0x8b, 0xcd,
189 0x6a, 0xe0, 0x1d, 0xf6, 0x4b, 0x68, 0x0f, 0xcf, 0xb9, 0xd0, 0xa1, 0xbc,
190 0x2e, 0xcf, 0x7c, 0x03, 0x47, 0x11, 0xe4, 0x4c, 0xbc, 0x1b, 0x6b, 0xa5,
191 0x2a, 0x82, 0x86, 0xa4, 0x7f, 0x1d, 0x85, 0x64, 0x21, 0x10, 0xd2, 0xb2,
192 0xa0, 0x31, 0xa2, 0x78, 0xe6, 0xf2, 0xea, 0x96, 0x38, 0x8c, 0x9a, 0xe1,
193 0x01, 0xab, 0x8e, 0x95, 0x66, 0xc8, 0xe5, 0xcc, 0x80, 0xa3, 0xbd, 0x16,
194 0xa7, 0x79, 0x19, 0x39, 0x61, 0x3d, 0xff, 0x37, 0xca, 0x9f, 0x97, 0x05,
195 0xc7, 0xcb, 0xf0, 0xea, 0xaf, 0x64, 0x07, 0xc0, 0xed, 0x2a, 0x98, 0xa4,
196 0xaf, 0x04, 0x6f, 0xf2, 0xc9, 0xb2, 0x73, 0x9a, 0x56, 0x85, 0x43, 0x64,
197 0x5f, 0xaa, 0xb7, 0xff, 0x31, 0x4c, 0x2e, 0x6c, 0x17, 0xcf, 0xe5, 0xbe,
198 0x7f, 0x7e, 0xad, 0xf5, 0x6f, 0x84, 0x50, 0x20, 0x29, 0xb3, 0x57, 0xe7,
199 0xb1, 0xdc, 0x2c, 0x95, 0x48, 0xfe, 0xb0, 0xc1, 0x92, 0xda, 0xc5, 0x58,
200 0x95, 0xb0, 0x1a, 0x3a, 0x05, 0x71, 0x3c, 0x6d, 0x20, 0x01, 0x4c, 0xa9,
201 0xe4, 0x38, 0x08, 0x65, 0xb4, 0xbd, 0x86, 0x76, 0xbd, 0xad, 0x25, 0x06,
202 0x74, 0x0b, 0xca, 0x95, 0x27, 0x0c, 0x13, 0x08, 0x7e, 0x30, 0xcf, 0xf6,
203 0xb5, 0xc1, 0x2a, 0x08, 0xfc, 0x4b, 0xc6, 0xb5, 0x2f, 0x23, 0x27, 0x32,
204 0x89, 0xdb, 0x0e, 0x4a,
205 };
206 static const unsigned char signature_data_2[] = {
207 0x6d, 0x7d, 0x22, 0x8c, 0x85, 0xc4, 0x8a, 0x80, 0x05, 0xe4, 0x3c, 0xaf,
208 0x10, 0x3b, 0xe3, 0x51, 0xb1, 0x86, 0x52, 0x63, 0xb6, 0x17, 0x33, 0xbd,
209 0x1b, 0x1e, 0xc4, 0x50, 0x10, 0xfc, 0xcc, 0xea, 0x6b, 0x11, 0xeb, 0x6d,
210 0x5e, 0x00, 0xe7, 0xf3, 0x67, 0x99, 0x74, 0x53, 0x12, 0x8f, 0xe4, 0x3e,
211 0x20, 0x17, 0x8e, 0x83, 0xe6, 0xdc, 0x83, 0x91, 0x0e, 0xf3, 0x69, 0x22,
212 0x95, 0x14, 0xdf, 0xc1, 0xda, 0xb5, 0xdb, 0x6a, 0x1a, 0xb4, 0x4f, 0x26,
213 0xd0, 0x32, 0x1d, 0x73, 0x95, 0x1f, 0x39, 0x1d, 0x00, 0xcb, 0xc3, 0x92,
214 0x49, 0x53, 0xcb, 0x5c, 0x36, 0x70, 0x19, 0xd9, 0x64, 0x36, 0xda, 0xfb,
215 0x20, 0xe5, 0x47, 0xd9, 0x08, 0xc6, 0x5a, 0x9e, 0x87, 0x1a, 0xdb, 0x11,
216 0x7b, 0x17, 0xfc, 0x53, 0x7b, 0xc1, 0xa0, 0xc0, 0x33, 0xcf, 0x96, 0xba,
217 0x03, 0x79, 0x8e, 0xc6, 0x05, 0xd2, 0xb7, 0xa2, 0xe2, 0xc1, 0x67, 0xb7,
218 0x6a, 0xeb, 0xb1, 0x40, 0xbb, 0x7d, 0x57, 0xcb, 0xc2, 0x60, 0x9f, 0xf1,
219 0x72, 0xe5, 0xad, 0xce, 0x95, 0x45, 0x7c, 0xbc, 0x75, 0x81, 0x45, 0x19,
220 0xe1, 0xa7, 0x2f, 0x05, 0x52, 0xeb, 0xed, 0xdd, 0x19, 0xd9, 0x1a, 0xc9,
221 0x5a, 0x06, 0x8e, 0x29, 0x54, 0xb5, 0x4f, 0x80, 0xaa, 0x36, 0x36, 0xc0,
222 0xff, 0x64, 0xac, 0xe8, 0x0f, 0x99, 0x35, 0x5e, 0xc6, 0x72, 0x1f, 0x8c,
223 0xc4, 0x2b, 0x7d, 0xc1, 0xfb, 0xf0, 0x12, 0x61, 0xb1, 0x18, 0x65, 0xdd,
224 0xc2, 0x38, 0x92, 0xba, 0x84, 0xf8, 0xc8, 0x5e, 0x17, 0x63, 0xe0, 0x9c,
225 0x2c, 0xe6, 0x70, 0x71, 0xdc, 0xe5, 0xc1, 0xea, 0xb3, 0x9a, 0xb6, 0x91,
226 0xdc, 0xc5, 0x56, 0x84, 0x8a, 0x31, 0x31, 0x23, 0x61, 0x94, 0x7e, 0x01,
227 0x22, 0x49, 0xf3, 0xcb, 0x0e, 0x31, 0x03, 0x04, 0x1b, 0x14, 0x43, 0x7c,
228 0xad, 0x42, 0xe5, 0x55,
229 };
230
231 scoped_ptr<ProofVerifier> verifier(
232 CryptoTestUtils::ProofVerifierForTesting());
233
234 const string server_config = "server config bytes";
235 const string hostname = "test.example.com";
236
237 vector<string> certs(2);
238 certs[0] = LoadTestCert("test.example.com.crt");
239 certs[1] = LoadTestCert("intermediate.crt");
240
241 // Signatures are nondeterministic, so we test multiple signatures on the
242 // same server_config.
243 vector<string> signatures(3);
244 signatures[0].assign(reinterpret_cast<const char*>(signature_data_0),
245 sizeof(signature_data_0));
246 signatures[1].assign(reinterpret_cast<const char*>(signature_data_1),
247 sizeof(signature_data_1));
248 signatures[2].assign(reinterpret_cast<const char*>(signature_data_2),
249 sizeof(signature_data_2));
250
251 for (size_t i = 0; i < signatures.size(); i++) {
252 const string& signature = signatures[i];
253
254 RunVerification(
255 verifier.get(), hostname, server_config, certs, signature, true);
256 RunVerification(
257 verifier.get(), "foo.com", server_config, certs, signature, false);
258 RunVerification(
259 verifier.get(), hostname, server_config.substr(1, string::npos),
260 certs, signature, false);
261
262 const string corrupt_signature = "1" + signature;
263 RunVerification(
264 verifier.get(), hostname, server_config, certs, corrupt_signature,
265 false);
266
267 vector<string> wrong_certs;
268 for (size_t i = 1; i < certs.size(); i++) {
269 wrong_certs.push_back(certs[i]);
270 }
271 RunVerification(verifier.get(), hostname, server_config, wrong_certs,
272 signature, false);
273 }
274 }
275
276 // A known answer test that allows us to test ProofVerifier without a working
277 // ProofSource.
278 TEST(ProofTest, VerifyECDSAKnownAnswerTest) {
279 // Disable this test on platforms that do not support ECDSA certificates.
280 #if defined(OS_WIN)
281 if (base::win::GetVersion() < base::win::VERSION_VISTA)
282 return;
283 #endif
284
285 // These sample signatures were generated by running the Proof.Verify test
286 // (modified to use ECDSA for signing proofs) and dumping the bytes of the
287 // |signature| output of ProofSource::GetProof().
288 static const unsigned char signature_data_0[] = {
289 0x30, 0x45, 0x02, 0x21, 0x00, 0x89, 0xc4, 0x7d, 0x08, 0xd1, 0x49, 0x19,
290 0x6c, 0xd1, 0x7c, 0xb9, 0x25, 0xe0, 0xe3, 0xbd, 0x6a, 0x5c, 0xd7, 0xaa,
291 0x0c, 0xdc, 0x4f, 0x8e, 0xeb, 0xde, 0xbf, 0x32, 0xf8, 0xd1, 0x84, 0x95,
292 0x97, 0x02, 0x20, 0x29, 0x3d, 0x49, 0x22, 0x73, 0xed, 0x8b, 0xde, 0x3d,
293 0xc2, 0xa4, 0x20, 0xcc, 0xe7, 0xc8, 0x2a, 0x85, 0x20, 0x9b, 0x5b, 0xda,
294 0xcd, 0x58, 0x23, 0xbe, 0x89, 0x73, 0x31, 0x87, 0x51, 0xd1, 0x01,
295 };
296 static const unsigned char signature_data_1[] = {
297 0x30, 0x46, 0x02, 0x21, 0x00, 0xec, 0xdf, 0x69, 0xc8, 0x24, 0x59, 0x93,
298 0xda, 0x49, 0xee, 0x37, 0x28, 0xaf, 0xeb, 0x0e, 0x2f, 0x80, 0x17, 0x4b,
299 0x3b, 0xf6, 0x54, 0xcd, 0x3b, 0x86, 0xc5, 0x98, 0x0d, 0xff, 0xc6, 0xb1,
300 0xe7, 0x02, 0x21, 0x00, 0xe1, 0x36, 0x8c, 0xc0, 0xf4, 0x50, 0x5f, 0xba,
301 0xfb, 0xe2, 0xff, 0x1d, 0x5d, 0x64, 0xe4, 0x07, 0xbb, 0x5a, 0x4b, 0x19,
302 0xb6, 0x39, 0x7a, 0xc4, 0x12, 0xc6, 0xe5, 0x42, 0xc8, 0x78, 0x33, 0xcd,
303 };
304 static const unsigned char signature_data_2[] = {
305 0x30, 0x45, 0x02, 0x20, 0x09, 0x51, 0xe9, 0xde, 0xdb, 0x01, 0xfd, 0xb4,
306 0xd8, 0x20, 0xbb, 0xad, 0x41, 0xe3, 0xaa, 0xe7, 0xa3, 0xc3, 0x32, 0x10,
307 0x9d, 0xfa, 0x37, 0xce, 0x17, 0xd1, 0x29, 0xf9, 0xd4, 0x1d, 0x0d, 0x19,
308 0x02, 0x21, 0x00, 0xc6, 0x20, 0xd4, 0x28, 0xf9, 0x70, 0xb5, 0xb4, 0xff,
309 0x4a, 0x35, 0xba, 0xa0, 0xf2, 0x8e, 0x00, 0xf7, 0xcb, 0x43, 0xaf, 0x2d,
310 0x1f, 0xce, 0x92, 0x05, 0xca, 0x29, 0xfe, 0xd2, 0x8f, 0xd9, 0x31,
311 };
312
313 scoped_ptr<ProofVerifier> verifier(
314 CryptoTestUtils::ProofVerifierForTesting());
315
316 const string server_config = "server config bytes";
317 const string hostname = "test.example.com";
318
319 vector<string> certs(2);
320 certs[0] = LoadTestCert("test_ecc.example.com.crt");
321 certs[1] = LoadTestCert("intermediate.crt");
322
323 // Signatures are nondeterministic, so we test multiple signatures on the
324 // same server_config.
325 vector<string> signatures(3);
326 signatures[0].assign(reinterpret_cast<const char*>(signature_data_0),
327 sizeof(signature_data_0));
328 signatures[1].assign(reinterpret_cast<const char*>(signature_data_1),
329 sizeof(signature_data_1));
330 signatures[2].assign(reinterpret_cast<const char*>(signature_data_2),
331 sizeof(signature_data_2));
332
333 for (size_t i = 0; i < signatures.size(); i++) {
334 const string& signature = signatures[i];
335
336 RunVerification(
337 verifier.get(), hostname, server_config, certs, signature, true);
338 RunVerification(
339 verifier.get(), "foo.com", server_config, certs, signature, false);
340 RunVerification(
341 verifier.get(), hostname, server_config.substr(1, string::npos),
342 certs, signature, false);
343
344 // An ECDSA signature is DER-encoded. Corrupt the last byte so that the
345 // signature can still be DER-decoded correctly.
346 string corrupt_signature = signature;
347 corrupt_signature[corrupt_signature.size() - 1] += 1;
348 RunVerification(
349 verifier.get(), hostname, server_config, certs, corrupt_signature,
350 false);
351
352 // Prepending a "1" makes the DER invalid.
353 const string bad_der_signature1 = "1" + signature;
354 RunVerification(
355 verifier.get(), hostname, server_config, certs, bad_der_signature1,
356 false);
357
358 vector<string> wrong_certs;
359 for (size_t i = 1; i < certs.size(); i++) {
360 wrong_certs.push_back(certs[i]);
361 }
362 RunVerification(
363 verifier.get(), hostname, server_config, wrong_certs, signature,
364 false);
365 }
366 }
367
368 } // namespace test
369 } // namespace net