1 // Copyright 2014 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 #include "chrome/common/extensions/api/networking_private/networking_private_crypto.h" 5 6 #include "base/base64.h" 7 #include "base/logging.h" 8 #include "base/strings/stringprintf.h" 9 #include "testing/gtest/include/gtest/gtest.h" 10 11 // Tests of networking_private_crypto support for Networking Private API. 12 class NetworkingPrivateCryptoTest : public testing::Test { 13 protected: 14 // Verify that decryption of |encrypted| data using |private_key_pem| matches 15 // |plain| data. 16 bool VerifyByteString(const std::string& private_key_pem, 17 const std::string& plain, 18 const std::vector<uint8>& encrypted) { 19 std::string decrypted; 20 if (networking_private_crypto::DecryptByteString( 21 private_key_pem, encrypted, &decrypted)) 22 return decrypted == plain; 23 return false; 24 } 25 }; 26 27 // Test that networking_private_crypto::VerifyCredentials behaves as expected. 28 TEST_F(NetworkingPrivateCryptoTest, VerifyCredentials) { 29 static const char kCertData[] = 30 "-----BEGIN CERTIFICATE-----" 31 "MIIDhzCCAm8CBFE2SCMwDQYJKoZIhvcNAQEFBQAwfTELMAkGA1UEBhMCVVMxEzARBgNVBAgM" 32 "CkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxEzARBgNVBAoMCkdvb2dsZSBJ" 33 "bmMxEjAQBgNVBAsMCUdvb2dsZSBUVjEYMBYGA1UEAwwPRXVyZWthIEdlbjEgSUNBMB4XDTEz" 34 "MDMwNTE5MzE0N1oXDTMzMDIyODE5MzE0N1owgYMxFjAUBgNVBAcTDU1vdW50YWluIFZpZXcx" 35 "EjAQBgNVBAsTCUdvb2dsZSBUVjETMBEGA1UEChMKR29vZ2xlIEluYzETMBEGA1UECBMKQ2Fs" 36 "aWZvcm5pYTELMAkGA1UEBhMCVVMxHjAcBgNVBAMUFWV2dF9lMTYxIDAwMWExMWZmYWNkZjCC" 37 "ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPHGDV0lLoTYK78q13y/2u77YTjgbBlW" 38 "AOxgrSNcMmGHx1K0aPyo50p99dGQnjapW6jtGrMzReWV2Wz3VL8rYlqY7oWjeJwsLQwo2tcn" 39 "7vIZ/PuvPz9xgnGMUbBOfhCf3Epb1N4Jz82pxxrOFhUawWAglC9C4fUeZLCZpOJsQd4QeAzn" 40 "kydl3xbqdSm74kwxE6vkGEzSCDnC7aYx0Rvvr1mZOKdl4AinYrxzWgmVsTnaFT1soSjmC5e/" 41 "i6Jcrs4dDFgY6mKy9Qtly2XPSCYljm6L4SgqgJNmlpY0qYJgO++BdofIbU2jsOiCMvIuKkbM" 42 "n72NsPQG0QhnVMwk7kYg6kkCAwEAAaMNMAswCQYDVR0TBAIwADANBgkqhkiG9w0BAQUFAAOC" 43 "AQEAW0bQl9yjBc7DgMp94i7ZDOUxKQrzthephuwzb3/wWiTHcw6KK6FRPefXn6NPWxKKeQmv" 44 "/tBxHbVlmYRXUbrhksnD0aUki4InvtL2m0H1fPfMxmJRFE+HoSXu+s0sGON831JaMcYRbAku" 45 "5uHnltaGNzOI0KPHFGoCDmjAZD+IuoR2LR4FuuTrECK7KLjkdf//z5d5j7nBDPZS7uTCwC/B" 46 "wM9asRj3tJA5VRFbLbsit1VI7IaRCk9rsSKkpBUaVeKbPLz+y/Z6JonXXT6AxsfgUSKDd4B7" 47 "MYLrTwMQfGuUaaaKko6ldKIrovjrcPloQr1Hxb2bipFcjLmG7nxQLoS6vQ==" 48 "-----END CERTIFICATE-----"; 49 static const char kName[] = "eureka8997"; 50 static const char kSsdpUdn[] = "c5b2a83b-5958-7ce6-b179-e1f44699429b"; 51 static const char kHotspotBssid[] = "00:1A:11:FF:AC:DF"; 52 static const char kPublicKey[] = 53 "MIGJAoGBAK3SXmWZBOhJibv8It05qIbgHXXhnCXxHkW+C6jNMHR5sZgDpFaOY1xwXERjKdJx" 54 "cwrEy3VAT5Uv9MgHPBvxxJku76HYh1yVfIw1rhLnHBTHSxwUzJNCrgc3l3t/UACacLjVNIzc" 55 "cDpYf2vnOcA+t1t6IXRjzuU2NdwY4dJXNtWPAgMBAAE="; 56 static const char kNonce[] = "+6KSGuRu833m1+TP"; 57 static const char kSignedData[] = 58 "vwMBgANrp5XpCswLyk/OTXT56ORPeIWjH7xAdCk3qgjkwI6+8o56zJS02+tC5hhIHWh7oppT" 59 "mWYF4tKvBQ3GeCz7IW9f7HWDMtO7x7yRWxzJyehaJbCfXvLdfs0/WKllzvGVBgNpcIAwU2NS" 60 "FUG/jpXclntFzds0EUJG9wHxS6PXXSYRu+PlIFdCDcQJsUlnwO9AGFOJRV/aARGh8YUTWCFI" 61 "QPOtPEqT5eegt+TLf01Gq0YcrRwSTKy1I3twOnWiMfIdkJdQKPtBwwbvuAyGuqYFocfjKABb" 62 "nH9Tvl04yyO3euKbYlSqaF/l8CXmzDJTyO7tDOFK59bV9auE4KljrQ=="; 63 static const char kBadSubjectCertData[] = 64 "-----BEGIN CERTIFICATE-----" 65 "MIIDejCCAmICBFEtN4wwDQYJKoZIhvcNAQEFBQAwfTELMAkGA1UEBhMCVVMxEzARBgNVBAgM" 66 "CkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxEzARBgNVBAoMCkdvb2dsZSBJ" 67 "bmMxEjAQBgNVBAsMCUdvb2dsZSBUVjEYMBYGA1UEAwwPRXVyZWthIEdlbjEgSUNBMB4XDTEz" 68 "MDIyNjIyMzAzNloXDTMzMDIyMTIyMzAzNlowdzETMBEGA1UECBMKQ2FsaWZvcm5pYTELMAkG" 69 "A1UEBhMCVVMxFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxEjAQBgNVBAsTCUdvb2dsZSBUVjET" 70 "MBEGA1UEChMKR29vZ2xlIEluYzESMBAGA1UEAxQJZXZ0X2UxMjYyMIIBIjANBgkqhkiG9w0B" 71 "AQEFAAOCAQ8AMIIBCgKCAQEAo7Uu+bdyCjtiUYpmNU4ZvRjDg6VkEh/g0YPDG2pICBU4XKvs" 72 "qHH1i0hbtWp1J79hV9Rqst1yHT02Oeh3o1SOd2zeamYzmvXRVN7AZqfQlzWxwxk/ltpXGwew" 73 "m+EIR2bP4kpvyEKvvziTMtTxviOK+A395QyodMhMXClKTus/Gme2r1fBoQqJJR/zrmwXCsl5" 74 "kpdhj7FOIII3BCYV0zejjQquzywjsKfCVON28VGgJdaKgmXxkeRYYWVNnuTNna57vXe16FP6" 75 "hS1ty1U77ESffLTpNJ/M4tsd2dMVVTDuGeX3q8Ix4TN8cqpqu1AKEf59hygys9j6cHZRKR/d" 76 "iv0+uQIDAQABow0wCzAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBBQUAA4IBAQAZx6XyEK9SLHE+" 77 "rbKCVsLN9+hTEa50aikPmxOZt+lFuB4+VJZ/GCPQCZJIde2tlWUe2YBgoZw2xUKgIsM3Yq42" 78 "Gawi35/oZ3qycTgYU8KJP9kUMbYNAH90mz9BDH7MmnRID5dFexHyBCG88EJ+ZvxmUVn0EVDc" 79 "sSMt11wIAZ/T+/gsE1120d/GxhjYQ9YZz7SZXBQfRdqCdcPNl2+QSHHl+WvYLzdJa2xYj39/" 80 "kQu47Vp7X5rZrHSBvzdVymH0Od2D18t+Q6lxbSdyUNhP1MVhdkT1Ct4OmRS3FJ4aannXMhfq" 81 "Ng7k4Sfif5iktYT4VRKpThe0EGJNfqKJKYtvHEVC" 82 "-----END CERTIFICATE-----"; 83 static const char kBadCertData[] = "not a certificate"; 84 static const char kBadNonce[] = "bad nonce"; 85 static const char kBadHotspotBssid[] = "bad bssid"; 86 87 std::string unsigned_data = base::StringPrintf( 88 "%s,%s,%s,%s,%s", kName, kSsdpUdn, kHotspotBssid, kPublicKey, kNonce); 89 std::string signed_data; 90 base::Base64Decode(kSignedData, &signed_data); 91 92 // Checking basic verification operation. 93 EXPECT_TRUE(networking_private_crypto::VerifyCredentials( 94 kCertData, signed_data, unsigned_data, kHotspotBssid)); 95 96 // Checking that verification fails when the certificate is signed, but 97 // subject is malformed. 98 EXPECT_FALSE(networking_private_crypto::VerifyCredentials( 99 kBadSubjectCertData, signed_data, unsigned_data, kHotspotBssid)); 100 101 // Checking that verification fails when certificate has invalid format. 102 EXPECT_FALSE(networking_private_crypto::VerifyCredentials( 103 kBadCertData, signed_data, unsigned_data, kHotspotBssid)); 104 105 // Checking that verification fails when Hotspot Bssid is invalid. 106 EXPECT_FALSE(networking_private_crypto::VerifyCredentials( 107 kCertData, signed_data, unsigned_data, kBadHotspotBssid)); 108 109 // Checking that verification fails when there is bad nonce in unsigned_data. 110 unsigned_data = base::StringPrintf( 111 "%s,%s,%s,%s,%s", kName, kSsdpUdn, kHotspotBssid, kPublicKey, kBadNonce); 112 EXPECT_FALSE(networking_private_crypto::VerifyCredentials( 113 kCertData, signed_data, unsigned_data, kHotspotBssid)); 114 } 115 116 // Test that networking_private_crypto::EncryptByteString behaves as expected. 117 TEST_F(NetworkingPrivateCryptoTest, EncryptByteString) { 118 static const char kPublicKey[] = 119 "MIGJAoGBANTjeoILNkSKHVkd3my/rSwNi+9t473vPJU0lkM8nn9C7+gmaPvEWg4ZNkMd12aI" 120 "XDXVHrjgjcS80bPE0ykhN9J7EYkJ+43oulJMrEnyDy5KQo7U3MKBdjaKFTS+OPyohHpI8GqH" 121 "KM8UMkLPVtAKu1BXgGTSDvEaBAuoVT2PM4XNAgMBAAE="; 122 static const char kPrivateKey[] = 123 "-----BEGIN PRIVATE KEY-----" 124 "MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBANTjeoILNkSKHVkd" 125 "3my/rSwNi+9t473vPJU0lkM8nn9C7+gmaPvEWg4ZNkMd12aIXDXVHrjgjcS80bPE" 126 "0ykhN9J7EYkJ+43oulJMrEnyDy5KQo7U3MKBdjaKFTS+OPyohHpI8GqHKM8UMkLP" 127 "VtAKu1BXgGTSDvEaBAuoVT2PM4XNAgMBAAECgYEAt91H/2zjj8qhkkhDxDS/wd5p" 128 "T37fRTmMX2ktpiCC23LadOxHm7p39Nk9jjYFxV5cFXpdsFrw1kwl6VdC8LDp3eGu" 129 "Ku1GCqj5H2fpnkmL2goD01HRkPR3ro4uBHPtTXDbCIz0qp+NGlGG4gPUysMXxHSb" 130 "E5FIWeUx6gcPvidwrpkCQQD40FXY46KDJT8JVYJMqY6nFQZvptFl+9BGWfheVVSF" 131 "KBlTQBx/QA+XcC/W9Q/I+NEhdGcxLlkEMUpihSpYffKbAkEA2wmFfccdheTtoOuY" 132 "8oTurbnFHsS7gLtcR2IbRJKXw80CJxTQA/LMWz0YuFOAYJNl/9ILMfp6MQiI4L9F" 133 "l6pbtwJAJqkAXcXo72WvKL0flNfXsYBj0p9h8+2vi+7Y15d8nYAAh13zz5XdllM5" 134 "K7ZCMKDwpbkXe53O+QbLnwk/7iYLtwJAERT6AygfJk0HNzCIeglh78x4EgE3uj9i" 135 "X/LHu55PFacMTu3xlw09YLQwFFf2wBFeuAeyddBZ7S8ENbrU+5H+mwJBAO2E6gwG" 136 "e5ZqY4RmsQmv6K0rn5k+UT4qlPeVp1e6LnvO/PcKWOaUvDK59qFZoX4vN+iFUAbk" 137 "IuvhmL9u/uPWWck=" 138 "-----END PRIVATE KEY-----"; 139 static const std::vector<uint8> kBadKeyData(5, 111); 140 static const char kTestData[] = "disco boy"; 141 static const char kEmptyData[] = ""; 142 143 std::string public_key_string; 144 base::Base64Decode(kPublicKey, &public_key_string); 145 std::vector<uint8> public_key(public_key_string.begin(), 146 public_key_string.end()); 147 std::string plain; 148 std::vector<uint8> encrypted_output; 149 150 // Checking basic encryption operation. 151 plain = kTestData; 152 EXPECT_TRUE(networking_private_crypto::EncryptByteString( 153 public_key, plain, &encrypted_output)); 154 EXPECT_TRUE(VerifyByteString(kPrivateKey, plain, encrypted_output)); 155 156 // Checking that we can encrypt the empty string. 157 plain = kEmptyData; 158 EXPECT_TRUE(networking_private_crypto::EncryptByteString( 159 public_key, plain, &encrypted_output)); 160 161 // Checking graceful fail for too much data to encrypt. 162 EXPECT_FALSE(networking_private_crypto::EncryptByteString( 163 public_key, std::string(500, 'x'), &encrypted_output)); 164 165 // Checking graceful fail for a bad key format. 166 EXPECT_FALSE(networking_private_crypto::EncryptByteString( 167 kBadKeyData, kTestData, &encrypted_output)); 168 } 169