From 2662ed5650f65efe8c59acba3db6366d006e6a7d Mon Sep 17 00:00:00 2001 From: "rtenneti@chromium.org" Date: Wed, 3 Jul 2013 10:27:46 +0000 Subject: OpenSSL/NSS implementation of ProofVerfifier. Changes to make ProofVerifier asynchronous. Each QuicSession's ProofVerifier is used to verify the signature and cert chain. Implemented generation counter in QuicCryptoClientConfig's CachedState in case certs change when we are verifying the Proof. Review URL: https://chromiumcodereview.appspot.com/17385010 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@209946 0039d316-1c4b-4281-b951-d872f2087c98 --- net/data/ssl/certificates/README | 5 + net/data/ssl/certificates/quic_intermediate.crt | 53 +++++++++++ net/data/ssl/certificates/quic_proof_verify.crt | 106 +++++++++++++++++++++ .../ssl/certificates/quic_test.example.com.crt | 56 +++++++++++ .../ssl/certificates/quic_test_ecc.example.com.crt | 50 ++++++++++ 5 files changed, 270 insertions(+) create mode 100644 net/data/ssl/certificates/quic_intermediate.crt create mode 100644 net/data/ssl/certificates/quic_proof_verify.crt create mode 100644 net/data/ssl/certificates/quic_test.example.com.crt create mode 100644 net/data/ssl/certificates/quic_test_ecc.example.com.crt (limited to 'net/data') diff --git a/net/data/ssl/certificates/README b/net/data/ssl/certificates/README index 84844ea..84e65e9 100644 --- a/net/data/ssl/certificates/README +++ b/net/data/ssl/certificates/README @@ -214,3 +214,8 @@ unit tests. server for simulating HTTPS connections. They are generated by running the script net/data/ssl/scripts/generate-test-certs.sh. +- quic_intermediate.crt +- quic_test_ecc.example.com.crt +- quic_test.example.com.crt +- quic_proof_verify.crt + These certificates are used by the ProofVerifier's unit tests of QUIC. diff --git a/net/data/ssl/certificates/quic_intermediate.crt b/net/data/ssl/certificates/quic_intermediate.crt new file mode 100644 index 0000000..ca1e6f6 --- /dev/null +++ b/net/data/ssl/certificates/quic_intermediate.crt @@ -0,0 +1,53 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha1WithRSAEncryption + Issuer: O=Acme Co, CN=Root CA + Validity + Not Before: Jan 1 10:00:00 2013 GMT + Not After : Dec 31 10:00:00 2023 GMT + Subject: O=Acme Co, CN=Intermediate CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:af:95:dd:a0:eb:d7:c3:ba:a6:ae:db:6e:05:68: + a0:00:15:a1:85:d1:89:ba:be:3a:7a:3b:8c:3b:41: + 07:76:63:71:28:f7:bf:a5:fb:b3:28:94:f9:9a:de: + 1d:03:00:ce:5e:25:06:6a:e6:c7:0a:6b:6d:d3:76: + 95:57:f5:16:f8:f0:43:de:b7:c7:1b:0b:83:f4:70: + e6:29:a1:8d:22:12:9a:df:4b:31:e8:9b:86:7d:95: + 29:97:18:c1:34:2f:b6:a7:c1:c7:46:d6:9c:c6:a6: + ae:6e:dd:8f:be:c2:ec:02:00:d2:54:f6:0f:a0:cc: + af:04:85:65:98:a1:ea:73:f1 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign + X509v3 Extended Key Usage: + TLS Web Server Authentication + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha1WithRSAEncryption + 9a:68:79:17:6c:13:20:b3:5f:01:ca:ae:c0:bf:d2:7b:98:bf: + dd:4d:d1:c3:a5:ab:01:47:2e:c8:61:b4:f5:1d:55:04:f0:eb: + 5d:84:5a:78:09:b0:f1:42:64:14:e8:9e:ba:c3:38:32:d3:16: + fe:e1:65:1f:76:da:e4:c0:83:62:4a:ae:d0:4e:00:2e:38:52: + 91:81:62:94:b0:3d:69:b3:87:72:39:55:94:9e:ca:2c:ca:51: + 3c:d3:3f:d2:1c:92:d3:de:df:ba:bc:45:9b:30:99:b4:39:f8: + 17:55:94:7d:3a:ba:0e:e9:3f:2d:bc:f0:ea:6d:17:85:23:e4: + ca:94 +-----BEGIN CERTIFICATE----- +MIIB+DCCAWOgAwIBAgIBAjALBgkqhkiG9w0BAQUwJDEQMA4GA1UEChMHQWNtZSBD +bzEQMA4GA1UEAxMHUm9vdCBDQTAeFw0xMzAxMDExMDAwMDBaFw0yMzEyMzExMDAw +MDBaMCwxEDAOBgNVBAoTB0FjbWUgQ28xGDAWBgNVBAMTD0ludGVybWVkaWF0ZSBD +QTCBnTALBgkqhkiG9w0BAQEDgY0AMIGJAoGBAK+V3aDr18O6pq7bbgVooAAVoYXR +ibq+Ono7jDtBB3ZjcSj3v6X7syiU+ZreHQMAzl4lBmrmxwprbdN2lVf1FvjwQ963 +xxsLg/Rw5imhjSISmt9LMeibhn2VKZcYwTQvtqfBx0bWnMamrm7dj77C7AIA0lT2 +D6DMrwSFZZih6nPxAgMBAAGjODA2MA4GA1UdDwEB/wQEAwIABDATBgNVHSUEDDAK +BggrBgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MAsGCSqGSIb3DQEBBQOBgQCaaHkX +bBMgs18Byq7Av9J7mL/dTdHDpasBRy7IYbT1HVUE8OtdhFp4CbDxQmQU6J66wzgy +0xb+4WUfdtrkwINiSq7QTgAuOFKRgWKUsD1ps4dyOVWUnsosylE80z/SHJLT3t+6 +vEWbMJm0OfgXVZR9OroO6T8tvPDqbReFI+TKlA== +-----END CERTIFICATE----- diff --git a/net/data/ssl/certificates/quic_proof_verify.crt b/net/data/ssl/certificates/quic_proof_verify.crt new file mode 100644 index 0000000..55502e6 --- /dev/null +++ b/net/data/ssl/certificates/quic_proof_verify.crt @@ -0,0 +1,106 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: O=Acme Co, CN=Root CA + Validity + Not Before: Jan 1 10:00:00 2013 GMT + Not After : Dec 31 10:00:00 2023 GMT + Subject: O=Acme Co, CN=Root CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:f3:8f:b5:01:f7:8f:bf:0e:c3:bc:2e:43:f9:63: + 32:ae:e2:70:2d:77:70:bf:32:57:77:dd:00:f4:16: + 08:e2:f4:b8:b4:c9:bc:41:be:54:ba:44:3f:6f:77: + f9:d1:1b:52:25:16:7d:df:f9:29:79:3c:7c:8f:16: + e3:85:d5:7c:96:5e:2e:60:b3:80:e1:fc:09:b9:04: + 4d:ff:bc:05:25:55:96:b8:e7:7e:03:ed:f4:a1:93: + 54:66:b6:d5:e4:1f:92:94:52:7d:c3:60:89:5f:79: + f9:63:d1:f4:bb:4d:fa:da:4d:2e:d2:1d:ac:dc:7a: + 4f:52:67:3f:ad:eb:ed:ba:cd + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign + X509v3 Extended Key Usage: + TLS Web Server Authentication + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha1WithRSAEncryption + 7c:0f:20:54:85:ea:e9:68:c5:15:fc:10:8a:09:98:0e:51:53: + 7a:a3:37:c3:ec:8d:61:2c:49:66:d0:34:0b:8b:68:50:58:75: + 1f:fb:76:87:89:16:7d:56:d1:be:2f:bb:ef:95:26:92:55:37: + 6f:ca:82:e2:d4:93:33:80:1f:9c:b9:2d:1e:ee:3b:90:7d:13: + 2e:28:9b:17:8c:15:5f:12:eb:ed:f2:86:2f:a5:f5:59:e4:f3: + 07:a9:99:2d:32:70:d4:2a:d0:43:f2:1c:92:6d:75:f8:60:fa: + b5:8f:4f:07:6b:f6:c0:80:b3:4f:c8:9f:ed:11:bd:4d:d9:d7: + 4a:2c +-----BEGIN CERTIFICATE----- +MIIB8DCCAVugAwIBAgIBATALBgkqhkiG9w0BAQUwJDEQMA4GA1UEChMHQWNtZSBD +bzEQMA4GA1UEAxMHUm9vdCBDQTAeFw0xMzAxMDExMDAwMDBaFw0yMzEyMzExMDAw +MDBaMCQxEDAOBgNVBAoTB0FjbWUgQ28xEDAOBgNVBAMTB1Jvb3QgQ0EwgZ0wCwYJ +KoZIhvcNAQEBA4GNADCBiQKBgQDzj7UB94+/DsO8LkP5YzKu4nAtd3C/Mld33QD0 +Fgji9Li0ybxBvlS6RD9vd/nRG1IlFn3f+Sl5PHyPFuOF1XyWXi5gs4Dh/Am5BE3/ +vAUlVZa4534D7fShk1RmttXkH5KUUn3DYIlfeflj0fS7TfraTS7SHazcek9SZz+t +6+26zQIDAQABozgwNjAOBgNVHQ8BAf8EBAMCAAQwEwYDVR0lBAwwCgYIKwYBBQUH +AwEwDwYDVR0TAQH/BAUwAwEB/zALBgkqhkiG9w0BAQUDgYEAfA8gVIXq6WjFFfwQ +igmYDlFTeqM3w+yNYSxJZtA0C4toUFh1H/t2h4kWfVbRvi+775UmklU3b8qC4tST +M4AfnLktHu47kH0TLiibF4wVXxLr7fKGL6X1WeTzB6mZLTJw1CrQQ/Ickm11+GD6 +tY9PB2v2wICzT8if7RG9TdnXSiw= +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: O=Acme Co, CN=Root CA + Validity + Not Before: Jan 1 10:00:00 2013 GMT + Not After : Dec 31 10:00:00 2023 GMT + Subject: O=Acme Co, CN=Root CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:f3:8f:b5:01:f7:8f:bf:0e:c3:bc:2e:43:f9:63: + 32:ae:e2:70:2d:77:70:bf:32:57:77:dd:00:f4:16: + 08:e2:f4:b8:b4:c9:bc:41:be:54:ba:44:3f:6f:77: + f9:d1:1b:52:25:16:7d:df:f9:29:79:3c:7c:8f:16: + e3:85:d5:7c:96:5e:2e:60:b3:80:e1:fc:09:b9:04: + 4d:ff:bc:05:25:55:96:b8:e7:7e:03:ed:f4:a1:93: + 54:66:b6:d5:e4:1f:92:94:52:7d:c3:60:89:5f:79: + f9:63:d1:f4:bb:4d:fa:da:4d:2e:d2:1d:ac:dc:7a: + 4f:52:67:3f:ad:eb:ed:ba:cd + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign + X509v3 Extended Key Usage: + TLS Web Server Authentication + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha1WithRSAEncryption + 7c:0f:20:54:85:ea:e9:68:c5:15:fc:10:8a:09:98:0e:51:53: + 7a:a3:37:c3:ec:8d:61:2c:49:66:d0:34:0b:8b:68:50:58:75: + 1f:fb:76:87:89:16:7d:56:d1:be:2f:bb:ef:95:26:92:55:37: + 6f:ca:82:e2:d4:93:33:80:1f:9c:b9:2d:1e:ee:3b:90:7d:13: + 2e:28:9b:17:8c:15:5f:12:eb:ed:f2:86:2f:a5:f5:59:e4:f3: + 07:a9:99:2d:32:70:d4:2a:d0:43:f2:1c:92:6d:75:f8:60:fa: + b5:8f:4f:07:6b:f6:c0:80:b3:4f:c8:9f:ed:11:bd:4d:d9:d7: + 4a:2c +-----BEGIN CERTIFICATE----- +MIIB8DCCAVugAwIBAgIBATALBgkqhkiG9w0BAQUwJDEQMA4GA1UEChMHQWNtZSBD +bzEQMA4GA1UEAxMHUm9vdCBDQTAeFw0xMzAxMDExMDAwMDBaFw0yMzEyMzExMDAw +MDBaMCQxEDAOBgNVBAoTB0FjbWUgQ28xEDAOBgNVBAMTB1Jvb3QgQ0EwgZ0wCwYJ +KoZIhvcNAQEBA4GNADCBiQKBgQDzj7UB94+/DsO8LkP5YzKu4nAtd3C/Mld33QD0 +Fgji9Li0ybxBvlS6RD9vd/nRG1IlFn3f+Sl5PHyPFuOF1XyWXi5gs4Dh/Am5BE3/ +vAUlVZa4534D7fShk1RmttXkH5KUUn3DYIlfeflj0fS7TfraTS7SHazcek9SZz+t +6+26zQIDAQABozgwNjAOBgNVHQ8BAf8EBAMCAAQwEwYDVR0lBAwwCgYIKwYBBQUH +AwEwDwYDVR0TAQH/BAUwAwEB/zALBgkqhkiG9w0BAQUDgYEAfA8gVIXq6WjFFfwQ +igmYDlFTeqM3w+yNYSxJZtA0C4toUFh1H/t2h4kWfVbRvi+775UmklU3b8qC4tST +M4AfnLktHu47kH0TLiibF4wVXxLr7fKGL6X1WeTzB6mZLTJw1CrQQ/Ickm11+GD6 +tY9PB2v2wICzT8if7RG9TdnXSiw= +-----END CERTIFICATE----- diff --git a/net/data/ssl/certificates/quic_test.example.com.crt b/net/data/ssl/certificates/quic_test.example.com.crt new file mode 100644 index 0000000..375cedd --- /dev/null +++ b/net/data/ssl/certificates/quic_test.example.com.crt @@ -0,0 +1,56 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 3 (0x3) + Signature Algorithm: sha1WithRSAEncryption + Issuer: O=Acme Co, CN=Intermediate CA + Validity + Not Before: Jan 1 10:00:00 2013 GMT + Not After : Dec 31 10:00:00 2023 GMT + Subject: O=Acme Co, CN=Leaf certificate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:c1:31:32:b2:28:dc:0d:a4:e0:4b:54:d6:fa:b7: + d2:0c:45:29:bf:67:c7:d1:b8:a9:90:63:51:c4:96: + 9f:86:a9:47:d7:67:f6:f9:1d:37:29:c2:0a:55:a7: + 8c:29:97:dc:f2:7f:f4:97:d0:d5:44:c9:04:1c:48: + ea:cc:a9:48:5c:eb:69:11:75:6e:db:7d:1a:5a:c0: + 9f:ad:a7:b8:0e:3b:a1:61:24:24:6f:64:84:ad:bb: + 28:06:c2:4a:c8:07:7b:46:33:8a:c7:81:77:92:4f: + 9d:88:1c:52:04:23:61:12:97:c7:e4:af:90:67:7e: + fb:ac:3d:23:92:f0:c9:39:6d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Alternative Name: + DNS:test.example.com + Signature Algorithm: sha1WithRSAEncryption + ad:33:55:2a:80:4c:ab:bc:b3:34:f7:b3:7e:fb:05:a8:11:3f: + a1:35:56:4c:46:2f:8d:24:70:35:3a:66:8d:14:c4:fb:7f:d9: + 76:de:c4:52:a7:42:8f:70:1d:fd:d5:33:04:69:5d:3c:18:03: + 8f:db:19:d0:14:d8:1c:0b:b6:74:9c:cf:41:ba:24:d9:c4:c3: + cf:86:fb:15:3d:c4:99:ea:af:6a:29:34:ed:97:03:38:ed:38: + b3:21:39:a0:f0:16:ac:81:d3:88:52:d8:5e:a3:6d:e6:ec:3f: + e9:20:ac:d3:78:7b:ae:59:9e:5d:3b:5e:61:bb:43:88:cd:8e: + d0:0d +-----BEGIN CERTIFICATE----- +MIICGzCCAYagAwIBAgIBAzALBgkqhkiG9w0BAQUwLDEQMA4GA1UEChMHQWNtZSBD +bzEYMBYGA1UEAxMPSW50ZXJtZWRpYXRlIENBMB4XDTEzMDEwMTEwMDAwMFoXDTIz +MTIzMTEwMDAwMFowLTEQMA4GA1UEChMHQWNtZSBDbzEZMBcGA1UEAxMQTGVhZiBj +ZXJ0aWZpY2F0ZTCBnTALBgkqhkiG9w0BAQEDgY0AMIGJAoGBAMExMrIo3A2k4EtU +1vq30gxFKb9nx9G4qZBjUcSWn4apR9dn9vkdNynCClWnjCmX3PJ/9JfQ1UTJBBxI +6sypSFzraRF1btt9GlrAn62nuA47oWEkJG9khK27KAbCSsgHe0YziseBd5JPnYgc +UgQjYRKXx+SvkGd++6w9I5LwyTltAgMBAAGjUjBQMA4GA1UdDwEB/wQEAwIAoDAT +BgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMBsGA1UdEQQUMBKCEHRl +c3QuZXhhbXBsZS5jb20wCwYJKoZIhvcNAQEFA4GBAK0zVSqATKu8szT3s377BagR +P6E1VkxGL40kcDU6Zo0UxPt/2XbexFKnQo9wHf3VMwRpXTwYA4/bGdAU2BwLtnSc +z0G6JNnEw8+G+xU9xJnqr2opNO2XAzjtOLMhOaDwFqyB04hS2F6jbebsP+kgrNN4 +e65Znl07XmG7Q4jNjtAN +-----END CERTIFICATE----- diff --git a/net/data/ssl/certificates/quic_test_ecc.example.com.crt b/net/data/ssl/certificates/quic_test_ecc.example.com.crt new file mode 100644 index 0000000..0e6bfba --- /dev/null +++ b/net/data/ssl/certificates/quic_test_ecc.example.com.crt @@ -0,0 +1,50 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4 (0x4) + Signature Algorithm: sha1WithRSAEncryption + Issuer: O=Acme Co, CN=Intermediate CA + Validity + Not Before: Jan 1 10:00:00 2013 GMT + Not After : Dec 31 10:00:00 2023 GMT + Subject: O=Acme Co, CN=ECDSA Leaf certificate + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:6d:48:d0:30:76:bb:bf:91:b1:d7:03:c2:fc:95: + 9b:e0:ea:42:ed:43:2c:a6:b2:23:c4:52:33:93:95: + 25:fc:16:75:83:9e:0f:0f:91:a5:47:b1:21:91:d4: + 94:94:30:b8:00:dc:1c:79:2c:fa:72:99:62:b2:fa: + af:b0:ca:f2:42 + ASN1 OID: prime256v1 + X509v3 extensions: + X509v3 Key Usage: critical + Digital Signature + X509v3 Extended Key Usage: + TLS Web Server Authentication + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Alternative Name: + DNS:test.example.com + Signature Algorithm: sha1WithRSAEncryption + 5d:23:47:b4:b5:0f:38:18:cd:63:90:24:37:f1:da:67:66:a4: + fe:8d:53:3f:c5:a7:10:e6:21:a3:1d:b7:42:b0:1a:e7:d7:83: + 3d:ea:7b:6b:89:85:bb:13:77:4d:45:ab:b2:e7:1e:ac:6e:74: + b6:9f:c4:e0:76:1c:e4:13:e9:6c:b1:20:a3:34:e8:1e:8a:71: + 51:cb:00:44:71:64:f6:4b:9e:9a:2d:d9:9a:44:62:f5:8c:3c: + c5:ec:c1:1c:d5:bb:05:53:33:af:70:44:1d:5b:aa:23:67:30: + 3e:d3:a9:5e:a2:57:84:86:aa:be:bd:7b:4f:74:d9:3b:cd:2e: + 7e:d1 +-----BEGIN CERTIFICATE----- +MIIB3DCCAUegAwIBAgIBBDALBgkqhkiG9w0BAQUwLDEQMA4GA1UEChMHQWNtZSBD +bzEYMBYGA1UEAxMPSW50ZXJtZWRpYXRlIENBMB4XDTEzMDEwMTEwMDAwMFoXDTIz +MTIzMTEwMDAwMFowMzEQMA4GA1UEChMHQWNtZSBDbzEfMB0GA1UEAxMWRUNEU0Eg +TGVhZiBjZXJ0aWZpY2F0ZTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABG1I0DB2 +u7+RsdcDwvyVm+DqQu1DLKayI8RSM5OVJfwWdYOeDw+RpUexIZHUlJQwuADcHHks ++nKZYrL6r7DK8kKjUjBQMA4GA1UdDwEB/wQEAwIAgDATBgNVHSUEDDAKBggrBgEF +BQcDATAMBgNVHRMBAf8EAjAAMBsGA1UdEQQUMBKCEHRlc3QuZXhhbXBsZS5jb20w +CwYJKoZIhvcNAQEFA4GBAF0jR7S1DzgYzWOQJDfx2mdmpP6NUz/FpxDmIaMdt0Kw +GufXgz3qe2uJhbsTd01Fq7LnHqxudLafxOB2HOQT6WyxIKM06B6KcVHLAERxZPZL +npot2ZpEYvWMPMXswRzVuwVTM69wRB1bqiNnMD7TqV6iV4SGqr69e0902TvNLn7R +-----END CERTIFICATE----- -- cgit v1.1