Encrypt certificate reports before uploading to HTTP URLs

This CL introduces a new protobuf to store encrypted CertLoggerRequests. Serialized certificate reports are encrypted with an AES-CTR-128-HMAC-SHA256 AEAD (from BoringSSL, thus encrypted reports are only supported on BoringSSL platforms) before being uploaded to HTTP endpoints. |CertificateErrorReporter::IsHttpUploadUrlSupported| allows users of the class to set an HTTP URL if supported. BUG=461590 Committed: https://crrev.com/0a3351c2a7c81284f82e6531380a21d079f55056 Cr-Commit-Position: refs/heads/master@{#326876} Review URL: https://codereview.chromium.org/1083493003 Cr-Commit-Position: refs/heads/master@{#326957}
author: estark <estark@chromium.org> 2015-04-24 21:52:25 -0700
committer: Commit bot <commit-bot@chromium.org> 2015-04-25 04:53:31 +0000
commit: 03206a1fcfe475604570d49dca0a885591e45ad7 (patch)
tree: 9db0b365d0feffcd71793a677d7c377f1c875d96 /crypto/aead_openssl_unittest.cc
parent: 5d190be1a5da69d013592f5590a9f825a48c1200 (diff)
download: chromium_src-03206a1fcfe475604570d49dca0a885591e45ad7.zip
chromium_src-03206a1fcfe475604570d49dca0a885591e45ad7.tar.gz
chromium_src-03206a1fcfe475604570d49dca0a885591e45ad7.tar.bz2
1 files changed, 54 insertions, 0 deletions
diff --git a/crypto/aead_openssl_unittest.cc b/crypto/aead_openssl_unittest.cc
new file mode 100644
index 0000000..446bca2
--- /dev/null
+++ b/crypto/aead_openssl_unittest.cc
@@ -0,0 +1,54 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "crypto/aead_openssl.h"
+
+#include <string>
+
+#include "testing/gtest/include/gtest/gtest.h"
+
+namespace {
+
+#if defined(USE_OPENSSL)
+
+TEST(AeadTest, SealOpen) {
+  crypto::Aead aead(crypto::Aead::AES_128_CTR_HMAC_SHA256);
+  std::string key(aead.KeyLength(), 0);
+  aead.Init(&key);
+  std::string nonce(aead.NonceLength(), 0);
+  std::string plaintext("this is the plaintext");
+  std::string ad("this is the additional data");
+  std::string ciphertext;
+  EXPECT_TRUE(aead.Seal(plaintext, nonce, ad, &ciphertext));
+  EXPECT_LT(0U, ciphertext.size());
+
+  std::string decrypted;
+  EXPECT_TRUE(aead.Open(ciphertext, nonce, ad, &decrypted));
+
+  EXPECT_EQ(plaintext, decrypted);
+}
+
+TEST(AeadTest, SealOpenWrongKey) {
+  crypto::Aead aead(crypto::Aead::AES_128_CTR_HMAC_SHA256);
+  std::string key(aead.KeyLength(), 0);
+  std::string wrong_key(aead.KeyLength(), 1);
+  aead.Init(&key);
+  crypto::Aead aead_wrong_key(crypto::Aead::AES_128_CTR_HMAC_SHA256);
+  aead_wrong_key.Init(&wrong_key);
+
+  std::string nonce(aead.NonceLength(), 0);
+  std::string plaintext("this is the plaintext");
+  std::string ad("this is the additional data");
+  std::string ciphertext;
+  EXPECT_TRUE(aead.Seal(plaintext, nonce, ad, &ciphertext));
+  EXPECT_LT(0U, ciphertext.size());
+
+  std::string decrypted;
+  EXPECT_FALSE(aead_wrong_key.Open(ciphertext, nonce, ad, &decrypted));
+  EXPECT_EQ(0U, decrypted.size());
+}
+
+#endif
+
+}  // namespace
author	estark <estark@chromium.org>	2015-04-24 21:52:25 -0700
committer	Commit bot <commit-bot@chromium.org>	2015-04-25 04:53:31 +0000
commit	03206a1fcfe475604570d49dca0a885591e45ad7 (patch)
tree	9db0b365d0feffcd71793a677d7c377f1c875d96 /crypto/aead_openssl_unittest.cc
parent	5d190be1a5da69d013592f5590a9f825a48c1200 (diff)
download	chromium_src-03206a1fcfe475604570d49dca0a885591e45ad7.zip chromium_src-03206a1fcfe475604570d49dca0a885591e45ad7.tar.gz chromium_src-03206a1fcfe475604570d49dca0a885591e45ad7.tar.bz2