• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #include "net/base/keygen_handler.h"
6 
7 #include <string>
8 
9 #include "base/base64.h"
10 #include "base/bind.h"
11 #include "base/location.h"
12 #include "base/logging.h"
13 #include "base/threading/worker_pool.h"
14 #include "base/threading/thread_restrictions.h"
15 #include "base/synchronization/waitable_event.h"
16 #include "build/build_config.h"
17 #include "testing/gtest/include/gtest/gtest.h"
18 
19 #if defined(USE_NSS)
20 #include <private/pprthred.h>  // PR_DetachThread
21 #include "crypto/nss_crypto_module_delegate.h"
22 #include "crypto/scoped_test_nss_db.h"
23 #endif
24 
25 namespace net {
26 
27 namespace {
28 
29 #if defined(USE_NSS)
30 class StubCryptoModuleDelegate : public crypto::NSSCryptoModuleDelegate {
31   public:
StubCryptoModuleDelegate(crypto::ScopedPK11Slot slot)32    explicit StubCryptoModuleDelegate(crypto::ScopedPK11Slot slot)
33        : slot_(slot.Pass()) {}
34 
RequestPassword(const std::string & slot_name,bool retry,bool * cancelled)35    virtual std::string RequestPassword(const std::string& slot_name,
36                                        bool retry,
37                                        bool* cancelled) OVERRIDE{
38      return std::string();
39    }
40 
RequestSlot()41    virtual crypto::ScopedPK11Slot RequestSlot() OVERRIDE {
42      return crypto::ScopedPK11Slot(PK11_ReferenceSlot(slot_.get()));
43    }
44 
45   private:
46    crypto::ScopedPK11Slot slot_;
47 };
48 #endif
49 
50 class KeygenHandlerTest : public ::testing::Test {
51  public:
KeygenHandlerTest()52   KeygenHandlerTest() {}
~KeygenHandlerTest()53   virtual ~KeygenHandlerTest() {}
54 
CreateKeygenHandler()55   scoped_ptr<KeygenHandler> CreateKeygenHandler() {
56     scoped_ptr<KeygenHandler> handler(new KeygenHandler(
57         768, "some challenge", GURL("http://www.example.com")));
58 #if defined(USE_NSS)
59     handler->set_crypto_module_delegate(
60         scoped_ptr<crypto::NSSCryptoModuleDelegate>(
61             new StubCryptoModuleDelegate(crypto::ScopedPK11Slot(
62                 PK11_ReferenceSlot(test_nss_db_.slot())))));
63 #endif
64     return handler.Pass();
65   }
66 
67  private:
68 #if defined(USE_NSS)
69   crypto::ScopedTestNSSDB test_nss_db_;
70 #endif
71 };
72 
73 // Assert that |result| is a valid output for KeygenHandler given challenge
74 // string of |challenge|.
AssertValidSignedPublicKeyAndChallenge(const std::string & result,const std::string & challenge)75 void AssertValidSignedPublicKeyAndChallenge(const std::string& result,
76                                             const std::string& challenge) {
77   ASSERT_GT(result.length(), 0U);
78 
79   // Verify it's valid base64:
80   std::string spkac;
81   ASSERT_TRUE(base::Base64Decode(result, &spkac));
82   // In lieu of actually parsing and validating the DER data,
83   // just check that it exists and has a reasonable length.
84   // (It's almost always 590 bytes, but the DER encoding of the random key
85   // and signature could sometimes be a few bytes different.)
86   ASSERT_GE(spkac.length(), 200U);
87   ASSERT_LE(spkac.length(), 300U);
88 
89   // NOTE:
90   // The value of |result| can be validated by prefixing 'SPKAC=' to it
91   // and piping it through
92   //   openssl spkac -verify
93   // whose output should look like:
94   //   Netscape SPKI:
95   //     Public Key Algorithm: rsaEncryption
96   //     RSA Public Key: (2048 bit)
97   //     Modulus (2048 bit):
98   //         00:b6:cc:14:c9:43:b5:2d:51:65:7e:11:8b:80:9e: .....
99   //     Exponent: 65537 (0x10001)
100   //     Challenge String: some challenge
101   //     Signature Algorithm: md5WithRSAEncryption
102   //         92:f3:cc:ff:0b:d3:d0:4a:3a:4c:ba:ff:d6:38:7f:a5:4b:b5: .....
103   //   Signature OK
104   //
105   // The value of |spkac| can be ASN.1-parsed with:
106   //    openssl asn1parse -inform DER
107 }
108 
TEST_F(KeygenHandlerTest,SmokeTest)109 TEST_F(KeygenHandlerTest, SmokeTest) {
110   scoped_ptr<KeygenHandler> handler(CreateKeygenHandler());
111   handler->set_stores_key(false);  // Don't leave the key-pair behind
112   std::string result = handler->GenKeyAndSignChallenge();
113   VLOG(1) << "KeygenHandler produced: " << result;
114   AssertValidSignedPublicKeyAndChallenge(result, "some challenge");
115 }
116 
ConcurrencyTestCallback(const std::string & challenge,base::WaitableEvent * event,scoped_ptr<KeygenHandler> handler,std::string * result)117 void ConcurrencyTestCallback(const std::string& challenge,
118                              base::WaitableEvent* event,
119                              scoped_ptr<KeygenHandler> handler,
120                              std::string* result) {
121   // We allow Singleton use on the worker thread here since we use a
122   // WaitableEvent to synchronize, so it's safe.
123   base::ThreadRestrictions::ScopedAllowSingleton scoped_allow_singleton;
124   handler->set_stores_key(false);  // Don't leave the key-pair behind.
125   *result = handler->GenKeyAndSignChallenge();
126   event->Signal();
127 #if defined(USE_NSS)
128   // Detach the thread from NSPR.
129   // Calling NSS functions attaches the thread to NSPR, which stores
130   // the NSPR thread ID in thread-specific data.
131   // The threads in our thread pool terminate after we have called
132   // PR_Cleanup.  Unless we detach them from NSPR, net_unittests gets
133   // segfaults on shutdown when the threads' thread-specific data
134   // destructors run.
135   PR_DetachThread();
136 #endif
137 }
138 
139 // We asynchronously generate the keys so as not to hang up the IO thread. This
140 // test tries to catch concurrency problems in the keygen implementation.
TEST_F(KeygenHandlerTest,ConcurrencyTest)141 TEST_F(KeygenHandlerTest, ConcurrencyTest) {
142   const int NUM_HANDLERS = 5;
143   base::WaitableEvent* events[NUM_HANDLERS] = { NULL };
144   std::string results[NUM_HANDLERS];
145   for (int i = 0; i < NUM_HANDLERS; i++) {
146     scoped_ptr<KeygenHandler> handler(CreateKeygenHandler());
147     events[i] = new base::WaitableEvent(false, false);
148     base::WorkerPool::PostTask(FROM_HERE,
149                                base::Bind(ConcurrencyTestCallback,
150                                           "some challenge",
151                                           events[i],
152                                           base::Passed(&handler),
153                                           &results[i]),
154                                true);
155   }
156 
157   for (int i = 0; i < NUM_HANDLERS; i++) {
158     // Make sure the job completed
159     events[i]->Wait();
160     delete events[i];
161     events[i] = NULL;
162 
163     VLOG(1) << "KeygenHandler " << i << " produced: " << results[i];
164     AssertValidSignedPublicKeyAndChallenge(results[i], "some challenge");
165   }
166 }
167 
168 }  // namespace
169 
170 }  // namespace net
171