Google Git
Sign in
chromium / chromium / src / 2662ed5650f65efe8c59acba3db6366d006e6a7d / . / net / quic / crypto / proof_test.cc
blob: b30c9aa2626abb1fc4991c8722fec9acb19e160c [file] [log] [blame]
[email protected]c244c5a12013-05-07 20:55:04[diff] [blame]1// Copyright (c) 2013 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
[email protected]2662ed562013-07-03 10:27:46[diff] [blame^]5#include "base/files/file_path.h"
6#include "net/base/net_errors.h"
7#include "net/base/test_completion_callback.h"
8#include "net/base/test_data_directory.h"
9#include "net/cert/x509_certificate.h"
[email protected]c244c5a12013-05-07 20:55:04[diff] [blame]10#include "net/quic/crypto/proof_source.h"
11#include "net/quic/crypto/proof_verifier.h"
12#include "net/quic/test_tools/crypto_test_utils.h"
[email protected]2662ed562013-07-03 10:27:46[diff] [blame^]13#include "net/test/cert_test_util.h"
[email protected]c244c5a12013-05-07 20:55:04[diff] [blame]14#include "testing/gtest/include/gtest/gtest.h"
15
[email protected]2662ed562013-07-03 10:27:46[diff] [blame^]16#if defined(OS_WIN)
17#include "base/win/windows_version.h"
18#endif
19
[email protected]c244c5a12013-05-07 20:55:04[diff] [blame]20using std::string;
21using std::vector;
22
23namespace net {
24namespace test {
25
26TEST(Proof, Verify) {
27 // TODO(rtenneti): Enable testing of ProofVerifier.
28#if 0
29 scoped_ptr<ProofSource> source(CryptoTestUtils::ProofSourceForTesting());
30 scoped_ptr<ProofVerifier> verifier(
31 CryptoTestUtils::ProofVerifierForTesting());
32
33 const string server_config = "server config bytes";
34 const string hostname = "test.example.com";
35 const vector<string>* certs;
36 const vector<string>* first_certs;
37 string error_details, signature, first_signature;
38
39 ASSERT_TRUE(source->GetProof(hostname, server_config, &first_certs,
40 &first_signature));
41 ASSERT_TRUE(source->GetProof(hostname, server_config, &certs, &signature));
42
43 // Check that the proof source is caching correctly:
44 ASSERT_EQ(first_certs, certs);
45 ASSERT_EQ(signature, first_signature);
46
[email protected]2662ed562013-07-03 10:27:46[diff] [blame^]47 int rv;
48 TestCompletionCallback callback;
49 rv = verifier->VerifyProof(hostname, server_config, *certs, signature,
50 &error_details, callback.callback());
51 rv = callback.GetResult(rv);
52 ASSERT_EQ(OK, rv);
53 ASSERT_EQ("", error_details);
54
55 rv = verifier->VerifyProof("foo.com", server_config, *certs, signature,
56 &error_details, callback.callback());
57 rv = callback.GetResult(rv);
58 ASSERT_EQ(ERR_FAILED, rv);
59 ASSERT_NE("", error_details);
60
61 rv = verifier->VerifyProof(hostname, server_config.substr(1, string::npos),
62 *certs, signature, &error_details,
63 callback.callback());
64 rv = callback.GetResult(rv);
65 ASSERT_EQ(ERR_FAILED, rv);
66 ASSERT_NE("", error_details);
67
[email protected]c244c5a12013-05-07 20:55:04[diff] [blame]68 const string corrupt_signature = "1" + signature;
[email protected]2662ed562013-07-03 10:27:46[diff] [blame^]69 rv = verifier->VerifyProof(hostname, server_config, *certs, corrupt_signature,
70 &error_details, callback.callback());
71 rv = callback.GetResult(rv);
72 ASSERT_EQ(ERR_FAILED, rv);
73 ASSERT_NE("", error_details);
[email protected]c244c5a12013-05-07 20:55:04[diff] [blame]74
75 vector<string> wrong_certs;
76 for (size_t i = 1; i < certs->size(); i++) {
77 wrong_certs.push_back((*certs)[i]);
78 }
[email protected]2662ed562013-07-03 10:27:46[diff] [blame^]79 rv = verifier->VerifyProof("foo.com", server_config, wrong_certs, signature,
80 &error_details, callback.callback());
81 rv = callback.GetResult(rv);
82 ASSERT_EQ(ERR_FAILED, rv);
83 ASSERT_NE("", error_details);
[email protected]c244c5a12013-05-07 20:55:04[diff] [blame]84#endif // 0
85}
86
[email protected]2662ed562013-07-03 10:27:46[diff] [blame^]87static string PEMCertFileToDER(const string& file_name) {
88 base::FilePath certs_dir = GetTestCertsDirectory();
89 scoped_refptr<X509Certificate> cert =
90 ImportCertFromFile(certs_dir, file_name);
91 CHECK_NE(static_cast<X509Certificate*>(NULL), cert);
92
93 string der_bytes;
94 CHECK(X509Certificate::GetDEREncoded(cert->os_cert_handle(), &der_bytes));
95 return der_bytes;
96}
97
98// A known answer test that allows us to test ProofVerifier without a working
99// ProofSource.
100TEST(Proof, VerifyRSAKnownAnswerTest) {
101 // These sample signatures were generated by running the Proof.Verify test
102 // and dumping the bytes of the |signature| output of ProofSource::GetProof().
103#if 0
104 // In the future, we will change the |sLen| parameter of RSA-PSS to be the
105 // same as |hLen|, and these are the sample signatures with the parameter
106 // |sLen| equal to |hLen|.
107 static const unsigned char signature_data_0[] = {
108 0x9e, 0xe6, 0x74, 0x3b, 0x8f, 0xb8, 0x66, 0x77, 0x57, 0x09,
109 0x8a, 0x04, 0xe9, 0xf0, 0x7c, 0x91, 0xa9, 0x5c, 0xe9, 0xdf,
110 0x12, 0x4d, 0x23, 0x82, 0x8c, 0x29, 0x72, 0x7f, 0xc2, 0x20,
111 0xa7, 0xb3, 0xe5, 0xbc, 0xcf, 0x3c, 0x0d, 0x8f, 0xae, 0x46,
112 0x6a, 0xb9, 0xee, 0x0c, 0xe1, 0x13, 0x21, 0xc0, 0x7e, 0x45,
113 0x24, 0x24, 0x4b, 0x72, 0x43, 0x5e, 0xc4, 0x0d, 0xdf, 0x6c,
114 0xd8, 0xaa, 0x35, 0x97, 0x05, 0x40, 0x76, 0xd3, 0x2c, 0xee,
115 0x82, 0x16, 0x6a, 0x43, 0xf9, 0xa2, 0xd0, 0x41, 0x3c, 0xed,
116 0x3f, 0x40, 0x10, 0x95, 0xc7, 0xa9, 0x1f, 0x04, 0xdb, 0xd5,
117 0x98, 0x9f, 0xe2, 0xbf, 0x77, 0x3d, 0xc9, 0x9a, 0xaf, 0xf7,
118 0xef, 0x63, 0x0b, 0x7d, 0xc8, 0x37, 0xda, 0x37, 0x23, 0x88,
119 0x78, 0xc8, 0x8b, 0xf5, 0xb9, 0x36, 0x5d, 0x72, 0x1f, 0xfc,
120 0x14, 0xff, 0xa7, 0x81, 0x27, 0x49, 0xae, 0xe1,
121 };
122 static const unsigned char signature_data_1[] = {
123 0x5e, 0xc2, 0xab, 0x6b, 0x16, 0xe6, 0x55, 0xf3, 0x16, 0x46,
124 0x35, 0xdc, 0xcc, 0xde, 0xd0, 0xbd, 0x6c, 0x66, 0xb2, 0x3d,
125 0xd3, 0x14, 0x78, 0xed, 0x47, 0x55, 0xfb, 0xdb, 0xe1, 0x7d,
126 0xbf, 0x31, 0xf6, 0xf4, 0x10, 0x4c, 0x8d, 0x22, 0x17, 0xaa,
127 0xe1, 0x85, 0xc7, 0x96, 0x4c, 0x42, 0xfb, 0xf4, 0x63, 0x53,
128 0x8a, 0x79, 0x01, 0x63, 0x48, 0xa8, 0x3a, 0xbc, 0xc9, 0xd2,
129 0xf5, 0xec, 0xe9, 0x09, 0x71, 0xaf, 0xce, 0x34, 0x56, 0xe5,
130 0x00, 0xbe, 0xee, 0x3c, 0x1c, 0xc4, 0xa0, 0x07, 0xd5, 0x77,
131 0xb8, 0x83, 0x57, 0x7d, 0x1a, 0xc9, 0xd0, 0xc0, 0x59, 0x9a,
132 0x88, 0x19, 0x3f, 0xb9, 0xf0, 0x45, 0x37, 0xc3, 0x00, 0x8b,
133 0xb3, 0x89, 0xf4, 0x89, 0x07, 0xa9, 0xc3, 0x26, 0xbf, 0x81,
134 0xaf, 0x6b, 0x47, 0xbc, 0x16, 0x55, 0x37, 0x0a, 0xbe, 0x0e,
135 0xc5, 0x75, 0x3f, 0x3d, 0x8e, 0xe8, 0x44, 0xe3,
136 };
137 static const unsigned char signature_data_2[] = {
138 0x8e, 0x5c, 0x78, 0x63, 0x74, 0x99, 0x2e, 0x96, 0xc0, 0x14,
139 0x8d, 0xb5, 0x13, 0x74, 0xa3, 0xa4, 0xe0, 0x43, 0x3e, 0x85,
140 0xba, 0x8f, 0x3c, 0x5e, 0x14, 0x64, 0x0e, 0x5e, 0xff, 0x89,
141 0x88, 0x8a, 0x65, 0xe2, 0xa2, 0x79, 0xe4, 0xe9, 0x3a, 0x7f,
142 0xf6, 0x9d, 0x3d, 0xe2, 0xb0, 0x8a, 0x35, 0x55, 0xed, 0x21,
143 0xee, 0x20, 0xd8, 0x8a, 0x60, 0x47, 0xca, 0x52, 0x54, 0x91,
144 0x99, 0x69, 0x8d, 0x16, 0x34, 0x69, 0xe1, 0x46, 0x56, 0x67,
145 0x5f, 0x50, 0xf0, 0x94, 0xe7, 0x8b, 0xf2, 0x6a, 0x73, 0x0f,
146 0x30, 0x30, 0xde, 0x59, 0xdc, 0xc7, 0xfe, 0xb6, 0x83, 0xe1,
147 0x86, 0x1d, 0x88, 0xd3, 0x2f, 0x2f, 0x74, 0x68, 0xbd, 0x6c,
148 0xd1, 0x46, 0x76, 0x06, 0xa9, 0xd4, 0x03, 0x3f, 0xda, 0x7d,
149 0xa7, 0xff, 0x48, 0xe4, 0xb4, 0x42, 0x06, 0xac, 0x19, 0x12,
150 0xe6, 0x05, 0xae, 0xbe, 0x29, 0x94, 0x8f, 0x99,
151 };
152#else
153 // sLen = special value -2 used by OpenSSL.
154 static const unsigned char signature_data_0[] = {
155 0x4c, 0x68, 0x3c, 0xc2, 0x1f, 0x31, 0x73, 0xa5, 0x29, 0xd3,
156 0x56, 0x75, 0xb1, 0xbf, 0xbd, 0x31, 0x17, 0xfb, 0x2e, 0x24,
157 0xb3, 0xc4, 0x0d, 0xfa, 0x56, 0xb8, 0x65, 0x94, 0x12, 0x38,
158 0x6e, 0xff, 0xb3, 0x10, 0x2e, 0xf8, 0x5c, 0xc1, 0x21, 0x9d,
159 0x29, 0x0c, 0x3a, 0x0a, 0x1a, 0xbf, 0x6b, 0x1c, 0x63, 0x77,
160 0xf7, 0x86, 0xd3, 0xa4, 0x36, 0xf2, 0xb1, 0x6f, 0xac, 0xc3,
161 0x23, 0x8d, 0xda, 0xe6, 0xd5, 0x83, 0xba, 0xdf, 0x28, 0x3e,
162 0x7f, 0x4e, 0x79, 0xfc, 0xba, 0xdb, 0xf7, 0xd0, 0x4b, 0xad,
163 0x79, 0xd0, 0xeb, 0xcf, 0xfa, 0x6e, 0x84, 0x44, 0x7a, 0x26,
164 0xb1, 0x29, 0xa3, 0x08, 0xa8, 0x63, 0xfd, 0xed, 0x85, 0xff,
165 0x9a, 0xe6, 0x79, 0x8b, 0xb6, 0x81, 0x13, 0x2c, 0xde, 0xe2,
166 0xd8, 0x31, 0x29, 0xa4, 0xe0, 0x1b, 0x75, 0x2d, 0x8a, 0xf8,
167 0x27, 0x55, 0xbc, 0xc7, 0x3b, 0x1e, 0xc1, 0x42,
168 };
169 static const unsigned char signature_data_1[] = {
170 0xbb, 0xd1, 0x17, 0x43, 0xf3, 0x42, 0x16, 0xe9, 0xf9, 0x76,
171 0xe6, 0xe3, 0xaa, 0x50, 0x47, 0x5f, 0x93, 0xb6, 0x7d, 0x35,
172 0x03, 0x49, 0x0a, 0x07, 0x61, 0xd5, 0xf1, 0x9c, 0x6b, 0xaf,
173 0xaa, 0xd7, 0x64, 0xe4, 0x0a, 0x0c, 0xab, 0x97, 0xfb, 0x4e,
174 0x5c, 0x14, 0x08, 0xf6, 0xb9, 0xa9, 0x1d, 0xa9, 0xf8, 0x6d,
175 0xb0, 0x2b, 0x2a, 0x0e, 0xc4, 0xd0, 0xd2, 0xe9, 0x96, 0x4f,
176 0x44, 0x70, 0x90, 0x46, 0xb9, 0xd5, 0x89, 0x72, 0xb9, 0xa8,
177 0xe4, 0xfb, 0x88, 0xbc, 0x69, 0x7f, 0xc9, 0xdc, 0x84, 0x87,
178 0x18, 0x21, 0x9b, 0xde, 0x22, 0x33, 0xde, 0x16, 0x3f, 0xe6,
179 0xfd, 0x27, 0x56, 0xd3, 0xa4, 0x97, 0x91, 0x65, 0x1a, 0xe7,
180 0x5e, 0x80, 0x9a, 0xbf, 0xbf, 0x1a, 0x29, 0x8a, 0xbe, 0xa2,
181 0x8c, 0x9c, 0x23, 0xf4, 0xcb, 0xba, 0x79, 0x31, 0x28, 0xab,
182 0x77, 0x94, 0x92, 0xb2, 0xc2, 0x35, 0xb2, 0xfa,
183 };
184 static const unsigned char signature_data_2[] = {
185 0x7e, 0x17, 0x01, 0xcb, 0x76, 0x9e, 0x9f, 0xce, 0xeb, 0x66,
186 0x3e, 0xaa, 0xc9, 0x36, 0x5b, 0x7e, 0x48, 0x25, 0x99, 0xf8,
187 0x0d, 0xe1, 0xa8, 0x48, 0x93, 0x3c, 0xe8, 0x97, 0x2e, 0x98,
188 0xd6, 0x73, 0x0f, 0xd0, 0x74, 0x9c, 0x17, 0xef, 0xee, 0xf8,
189 0x0e, 0x2a, 0x27, 0x3f, 0xc6, 0x55, 0xc6, 0xb9, 0xfe, 0x17,
190 0xcc, 0xeb, 0x5d, 0xa1, 0xdc, 0xbd, 0x64, 0xd9, 0x5e, 0xec,
191 0x57, 0x9d, 0xc3, 0xdc, 0x11, 0xbf, 0x23, 0x02, 0x58, 0xc4,
192 0xf1, 0x18, 0xc1, 0x6f, 0x3f, 0xef, 0x18, 0x4d, 0xa6, 0x1e,
193 0xe8, 0x25, 0x32, 0x8f, 0x92, 0x1e, 0xad, 0xbc, 0xbe, 0xde,
194 0x83, 0x2a, 0x92, 0xd5, 0x59, 0x6f, 0xe4, 0x95, 0x6f, 0xe6,
195 0xb1, 0xf9, 0xaf, 0x3f, 0xdb, 0x69, 0x6f, 0xae, 0xa6, 0x36,
196 0xd2, 0x50, 0x81, 0x78, 0x41, 0x13, 0x2c, 0x65, 0x9c, 0x9e,
197 0xf4, 0xd2, 0xd5, 0x58, 0x5b, 0x8b, 0x87, 0xcf,
198 };
199#endif
200
201 scoped_ptr<ProofVerifier> verifier(
202 CryptoTestUtils::ProofVerifierForTesting());
203
204 const string server_config = "server config bytes";
205 const string hostname = "test.example.com";
206 string error_details;
207
208 vector<string> certs(2);
209 certs[0] = PEMCertFileToDER("quic_test.example.com.crt");
210 certs[1] = PEMCertFileToDER("quic_intermediate.crt");
211
212 // Signatures are nondeterministic, so we test multiple signatures on the
213 // same server_config.
214 vector<string> signatures(3);
215 signatures[0].assign(reinterpret_cast<const char*>(signature_data_0),
216 sizeof(signature_data_0));
217 signatures[1].assign(reinterpret_cast<const char*>(signature_data_1),
218 sizeof(signature_data_1));
219 signatures[2].assign(reinterpret_cast<const char*>(signature_data_2),
220 sizeof(signature_data_2));
221
222 for (size_t i = 0; i < signatures.size(); i++) {
223 const string& signature = signatures[i];
224 int rv;
225 TestCompletionCallback callback;
226 rv = verifier->VerifyProof(hostname, server_config, certs, signature,
227 &error_details, callback.callback());
228 rv = callback.GetResult(rv);
229 ASSERT_EQ(OK, rv);
230 ASSERT_EQ("", error_details);
231
232 rv = verifier->VerifyProof("foo.com", server_config, certs, signature,
233 &error_details, callback.callback());
234 rv = callback.GetResult(rv);
235 ASSERT_EQ(ERR_FAILED, rv);
236 ASSERT_NE("", error_details);
237
238 rv = verifier->VerifyProof(hostname, server_config.substr(1, string::npos),
239 certs, signature, &error_details,
240 callback.callback());
241 rv = callback.GetResult(rv);
242 ASSERT_EQ(ERR_FAILED, rv);
243 ASSERT_NE("", error_details);
244
245 const string corrupt_signature = "1" + signature;
246 rv = verifier->VerifyProof(hostname, server_config, certs,
247 corrupt_signature, &error_details,
248 callback.callback());
249 rv = callback.GetResult(rv);
250 ASSERT_EQ(ERR_FAILED, rv);
251 ASSERT_NE("", error_details);
252
253 vector<string> wrong_certs;
254 for (size_t i = 1; i < certs.size(); i++) {
255 wrong_certs.push_back(certs[i]);
256 }
257 rv = verifier->VerifyProof("foo.com", server_config, wrong_certs, signature,
258 &error_details, callback.callback());
259 rv = callback.GetResult(rv);
260 ASSERT_EQ(ERR_FAILED, rv);
261 ASSERT_NE("", error_details);
262 }
263}
264
265// A known answer test that allows us to test ProofVerifier without a working
266// ProofSource.
267// TODO(rtenneti): Enable VerifyECDSAKnownAnswerTest on win_rel and XP.
268#if defined(OS_WIN)
269#define MAYBE_VerifyECDSAKnownAnswerTest DISABLED_VerifyECDSAKnownAnswerTest
270#else
271#define MAYBE_VerifyECDSAKnownAnswerTest VerifyECDSAKnownAnswerTest
272#endif
273TEST(Proof, MAYBE_VerifyECDSAKnownAnswerTest) {
274 // These sample signatures were generated by running the Proof.Verify test
275 // (modified to use ECDSA for signing proofs) and dumping the bytes of the
276 // |signature| output of ProofSource::GetProof().
277 static const unsigned char signature_data_0[] = {
278 0x30, 0x45, 0x02, 0x20, 0x15, 0xb7, 0x9f, 0xe3, 0xd9, 0x7a,
279 0x3c, 0x3b, 0x18, 0xb0, 0xdb, 0x60, 0x23, 0x56, 0xa0, 0x06,
280 0x4e, 0x70, 0xa3, 0xf7, 0x4b, 0xe5, 0x0d, 0x69, 0xf0, 0x35,
281 0x8c, 0xae, 0xb5, 0x54, 0x32, 0xe9, 0x02, 0x21, 0x00, 0xf7,
282 0xe3, 0x06, 0x99, 0x16, 0x56, 0x7e, 0xab, 0x33, 0x53, 0x0d,
283 0xde, 0xbe, 0xef, 0x6d, 0xb0, 0xc7, 0xa6, 0x63, 0xaf, 0x8d,
284 0xab, 0x34, 0xa9, 0xc0, 0x63, 0x88, 0x47, 0x17, 0x4c, 0x4c,
285 0x04,
286 };
287 static const unsigned char signature_data_1[] = {
288 0x30, 0x44, 0x02, 0x20, 0x69, 0x60, 0x55, 0xbb, 0x11, 0x93,
289 0x6a, 0xdc, 0x9b, 0x61, 0x2c, 0x60, 0x19, 0xbc, 0x15, 0x55,
290 0xcf, 0xf2, 0x8e, 0x2e, 0x27, 0x0b, 0x69, 0xef, 0x33, 0x25,
291 0x1e, 0x5d, 0x8c, 0x00, 0x11, 0xef, 0x02, 0x20, 0x0c, 0x26,
292 0xfe, 0x0b, 0x06, 0x8f, 0xe8, 0xe2, 0x02, 0x63, 0xe5, 0x43,
293 0x0d, 0xc9, 0x80, 0x4d, 0xe9, 0x6f, 0x6e, 0x18, 0xdb, 0xb0,
294 0x04, 0x2a, 0x45, 0x37, 0x1a, 0x60, 0x0e, 0xc6, 0xc4, 0x8f,
295 };
296 static const unsigned char signature_data_2[] = {
297 0x30, 0x45, 0x02, 0x21, 0x00, 0xd5, 0x43, 0x36, 0x60, 0x50,
298 0xce, 0xe0, 0x00, 0x51, 0x02, 0x84, 0x95, 0x51, 0x47, 0xaf,
299 0xe4, 0xf9, 0xe1, 0x23, 0xae, 0x21, 0xb4, 0x98, 0xd1, 0xa3,
300 0x5f, 0x3b, 0xf3, 0x6a, 0x65, 0x44, 0x6b, 0x02, 0x20, 0x30,
301 0x7e, 0xb4, 0xea, 0xf0, 0xda, 0xdb, 0xbd, 0x38, 0xb9, 0x7a,
302 0x5d, 0x12, 0x04, 0x0e, 0xc2, 0xf0, 0xb1, 0x0e, 0x25, 0xf8,
303 0x0a, 0x27, 0xa3, 0x16, 0x94, 0xac, 0x1e, 0xb8, 0x6e, 0x00,
304 0x05,
305 };
306
307 scoped_ptr<ProofVerifier> verifier(
308 CryptoTestUtils::ProofVerifierForTesting());
309
310 const string server_config = "server config bytes";
311 const string hostname = "test.example.com";
312 string error_details;
313
314 vector<string> certs(2);
315 certs[0] = PEMCertFileToDER("quic_test_ecc.example.com.crt");
316 certs[1] = PEMCertFileToDER("quic_intermediate.crt");
317
318 // Signatures are nondeterministic, so we test multiple signatures on the
319 // same server_config.
320 vector<string> signatures(3);
321 signatures[0].assign(reinterpret_cast<const char*>(signature_data_0),
322 sizeof(signature_data_0));
323 signatures[1].assign(reinterpret_cast<const char*>(signature_data_1),
324 sizeof(signature_data_1));
325 signatures[2].assign(reinterpret_cast<const char*>(signature_data_2),
326 sizeof(signature_data_2));
327
328 for (size_t i = 0; i < signatures.size(); i++) {
329 const string& signature = signatures[i];
330 int rv;
331 TestCompletionCallback callback;
332 rv = verifier->VerifyProof(hostname, server_config, certs, signature,
333 &error_details, callback.callback());
334 rv = callback.GetResult(rv);
335 ASSERT_EQ(OK, rv);
336 ASSERT_EQ("", error_details);
337
338 rv = verifier->VerifyProof("foo.com", server_config, certs, signature,
339 &error_details, callback.callback());
340 rv = callback.GetResult(rv);
341 ASSERT_EQ(ERR_FAILED, rv);
342 ASSERT_NE("", error_details);
343
344 rv = verifier->VerifyProof(hostname, server_config.substr(1, string::npos),
345 certs, signature, &error_details,
346 callback.callback());
347 rv = callback.GetResult(rv);
348 ASSERT_EQ(ERR_FAILED, rv);
349 ASSERT_NE("", error_details);
350
351 // An ECDSA signature is DER-encoded. Corrupt the last byte so that the
352 // signature can still be DER-decoded correctly.
353 string corrupt_signature = signature;
354 corrupt_signature[corrupt_signature.size() - 1] += 1;
355 rv = verifier->VerifyProof(hostname, server_config, certs,
356 corrupt_signature, &error_details,
357 callback.callback());
358 rv = callback.GetResult(rv);
359 ASSERT_EQ(ERR_FAILED, rv);
360 ASSERT_NE("", error_details);
361
362 // Prepending a "1" makes the DER invalid.
363 const string bad_der_signature1 = "1" + signature;
364 rv = verifier->VerifyProof(hostname, server_config, certs,
365 bad_der_signature1, &error_details,
366 callback.callback());
367 rv = callback.GetResult(rv);
368 ASSERT_EQ(ERR_FAILED, rv);
369 ASSERT_NE("", error_details);
370
371 vector<string> wrong_certs;
372 for (size_t i = 1; i < certs.size(); i++) {
373 wrong_certs.push_back(certs[i]);
374 }
375 rv = verifier->VerifyProof("foo.com", server_config, wrong_certs, signature,
376 &error_details, callback.callback());
377 rv = callback.GetResult(rv);
378 ASSERT_EQ(ERR_FAILED, rv);
379 ASSERT_NE("", error_details);
380 }
381}
382
[email protected]c244c5a12013-05-07 20:55:04[diff] [blame]383} // namespace test
384} // namespace net