Chromium Code Reviews Chromium Code Reviews
Issue 21561003:
Add a utility method to convert SPKI from DER to JWK, so far implemented only for EC P256v1 (which … (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@domain-bound-public-key| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/x509_util.h" | 5 #include "net/cert/x509_util.h" |
| 6 #include "net/cert/x509_util_nss.h" | 6 #include "net/cert/x509_util_nss.h" |
| 7 | 7 |
| 8 #include <cert.h> | 8 #include <cert.h> |
| 9 #include <secoid.h> | 9 #include <secoid.h> |
| 10 | 10 |
| 11 #include "base/base64.h" | |
| 11 #include "base/memory/ref_counted.h" | 12 #include "base/memory/ref_counted.h" |
| 12 #include "base/memory/scoped_ptr.h" | 13 #include "base/memory/scoped_ptr.h" |
| 14 #include "base/values.h" | |
| 13 #include "crypto/ec_private_key.h" | 15 #include "crypto/ec_private_key.h" |
| 14 #include "crypto/scoped_nss_types.h" | 16 #include "crypto/scoped_nss_types.h" |
| 15 #include "crypto/signature_verifier.h" | 17 #include "crypto/signature_verifier.h" |
| 16 #include "net/cert/x509_certificate.h" | 18 #include "net/cert/x509_certificate.h" |
| 17 #include "testing/gtest/include/gtest/gtest.h" | 19 #include "testing/gtest/include/gtest/gtest.h" |
| 18 | 20 |
| 19 namespace net { | 21 namespace net { |
| 20 | 22 |
| 21 namespace { | 23 namespace { |
| 22 | 24 |
| (...skipping 138 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 161 VerifyDomainBoundCert(domain, der_cert); | 163 VerifyDomainBoundCert(domain, der_cert); |
| 162 | 164 |
| 163 #if !defined(OS_WIN) && !defined(OS_MACOSX) | 165 #if !defined(OS_WIN) && !defined(OS_MACOSX) |
| 164 // signature_verifier_win and signature_verifier_mac can't handle EC certs. | 166 // signature_verifier_win and signature_verifier_mac can't handle EC certs. |
| 165 std::vector<uint8> spki; | 167 std::vector<uint8> spki; |
| 166 ASSERT_TRUE(private_key->ExportPublicKey(&spki)); | 168 ASSERT_TRUE(private_key->ExportPublicKey(&spki)); |
| 167 VerifyCertificateSignature(der_cert, spki); | 169 VerifyCertificateSignature(der_cert, spki); |
| 168 #endif | 170 #endif |
| 169 } | 171 } |
| 170 | 172 |
| 173 static const unsigned char kP256SpkiPrefix[] = { | |
| 174 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, | |
| 175 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, | |
| 176 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, | |
| 177 0x42, 0x00, 0x04 | |
| 178 }; | |
| 179 static const unsigned int kEcPointSize = 32U; | |
| 180 | |
| 181 static const unsigned char spki_ec[] = { | |
|
Ryan Sleevi
2013/08/02 23:08:43
kSpkiEc, as per http://google-styleguide.googlecod
| |
| 182 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, | |
| 183 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, | |
| 184 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, | |
| 185 0x42, 0x00, 0x04, | |
| 186 0x29, 0x5d, 0x6e, 0xfe, 0x33, 0x77, 0x26, 0xea, | |
| 187 0x5b, 0xa4, 0xe6, 0x1b, 0x34, 0x6e, 0x7b, 0xa0, | |
| 188 0xa3, 0x8f, 0x33, 0x49, 0xa0, 0x9c, 0xae, 0x98, | |
| 189 0xbd, 0x46, 0x0d, 0xf6, 0xd4, 0x5a, 0xdc, 0x8a, | |
| 190 0x1f, 0x8a, 0xb2, 0x20, 0x51, 0xb7, 0xd2, 0x87, | |
| 191 0x0d, 0x53, 0x7e, 0x5d, 0x94, 0xa3, 0xe0, 0x34, | |
| 192 0x16, 0xa1, 0xcc, 0x10, 0x48, 0xcd, 0x70, 0x9c, | |
| 193 0x05, 0xd3, 0xd2, 0xca, 0xdf, 0x44, 0x2f, 0xf4 | |
| 194 }; | |
| 195 | |
| 196 static const unsigned char spki_ec_with_zero_x_y[] = { | |
| 197 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, | |
| 198 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, | |
| 199 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, | |
| 200 0x42, 0x00, 0x04, | |
| 201 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | |
| 202 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | |
| 203 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | |
| 204 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | |
| 205 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | |
| 206 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | |
| 207 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | |
| 208 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 | |
| 209 }; | |
| 210 | |
| 211 TEST(X509UtilNSSTest, ConvertSPKIFromDERToJwkEC) { | |
| 212 base::StringPiece spki; | |
| 213 base::DictionaryValue public_key_jwk; | |
| 214 | |
| 215 EXPECT_FALSE(x509_util::ConvertSPKIFromDERToJWK( | |
| 216 spki, | |
| 217 &public_key_jwk)); | |
| 218 EXPECT_TRUE(public_key_jwk.empty()); | |
| 219 | |
| 220 // Test the result of a "normal" point on this curve. | |
| 221 spki.set(reinterpret_cast<const char*>(spki_ec), sizeof(spki_ec)); | |
| 222 EXPECT_TRUE(x509_util::ConvertSPKIFromDERToJWK( | |
| 223 spki, | |
| 224 &public_key_jwk)); | |
| 225 | |
| 226 std::string string_value; | |
| 227 EXPECT_TRUE(public_key_jwk.GetString("alg", &string_value)); | |
| 228 EXPECT_EQ(std::string("EC"), string_value); | |
| 229 EXPECT_TRUE(public_key_jwk.GetString("crv", &string_value)); | |
| 230 EXPECT_EQ(std::string("P-256"), string_value); | |
|
Ryan Sleevi
2013/08/02 23:08:43
eliminate all the extra std::string() stuff here.
| |
| 231 | |
| 232 EXPECT_TRUE(public_key_jwk.GetString("x", &string_value)); | |
| 233 std::string decoded_coordinate; | |
| 234 EXPECT_TRUE(base::Base64Decode(string_value, &decoded_coordinate)); | |
| 235 EXPECT_EQ(kEcPointSize, decoded_coordinate.size()); | |
| 236 EXPECT_EQ(0, memcmp(decoded_coordinate.data(), | |
| 237 spki_ec + sizeof(kP256SpkiPrefix), | |
| 238 kEcPointSize)); | |
| 239 | |
| 240 EXPECT_TRUE(public_key_jwk.GetString("y", &string_value)); | |
| 241 EXPECT_TRUE(base::Base64Decode(string_value, &decoded_coordinate)); | |
| 242 EXPECT_EQ(kEcPointSize, decoded_coordinate.size()); | |
| 243 EXPECT_EQ(0, memcmp(decoded_coordinate.data(), | |
| 244 spki_ec + sizeof(kP256SpkiPrefix) + kEcPointSize, | |
| 245 kEcPointSize)); | |
| 246 | |
| 247 // Test the result of a corner case: leading 0s in the x, y coordinates are | |
| 248 // not trimmed, but the point is fixed-length encoded. | |
| 249 spki.set(reinterpret_cast<const char*>(spki_ec_with_zero_x_y), | |
| 250 sizeof(spki_ec_with_zero_x_y)); | |
| 251 EXPECT_TRUE(x509_util::ConvertSPKIFromDERToJWK( | |
| 252 spki, | |
| 253 &public_key_jwk)); | |
| 254 | |
| 255 EXPECT_TRUE(public_key_jwk.GetString("alg", &string_value)); | |
| 256 EXPECT_EQ(std::string("EC"), string_value); | |
| 257 EXPECT_TRUE(public_key_jwk.GetString("crv", &string_value)); | |
| 258 EXPECT_EQ(std::string("P-256"), string_value); | |
| 259 | |
| 260 EXPECT_TRUE(public_key_jwk.GetString("x", &string_value)); | |
| 261 EXPECT_TRUE(base::Base64Decode(string_value, &decoded_coordinate)); | |
| 262 EXPECT_EQ(kEcPointSize, decoded_coordinate.size()); | |
| 263 EXPECT_EQ(0, memcmp(decoded_coordinate.data(), | |
| 264 spki_ec_with_zero_x_y + sizeof(kP256SpkiPrefix), | |
| 265 kEcPointSize)); | |
| 266 | |
| 267 EXPECT_TRUE(public_key_jwk.GetString("y", &string_value)); | |
| 268 EXPECT_TRUE(base::Base64Decode(string_value, &decoded_coordinate)); | |
| 269 EXPECT_EQ(kEcPointSize, decoded_coordinate.size()); | |
| 270 EXPECT_EQ(0, | |
| 271 memcmp(decoded_coordinate.data(), | |
| 272 spki_ec_with_zero_x_y + sizeof(kP256SpkiPrefix) + kEcPointSize, | |
| 273 kEcPointSize)); | |
|
Ryan Sleevi
2013/08/02 23:08:43
Please consider running clang-format on this test.
| |
| 274 } | |
| 275 | |
| 171 } // namespace net | 276 } // namespace net |
| OLD | NEW |
