| OLD | NEW |
|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/ssl/ssl_private_key_test_util.h" | 5 #include "net/ssl/ssl_private_key_test_util.h" |
| 6 | 6 |
| 7 #include <stdint.h> | 7 #include <stdint.h> |
| 8 | 8 |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| (...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 59 case SSLPrivateKey::Hash::SHA384: | 59 case SSLPrivateKey::Hash::SHA384: |
| 60 return EVP_sha384(); | 60 return EVP_sha384(); |
| 61 case SSLPrivateKey::Hash::SHA512: | 61 case SSLPrivateKey::Hash::SHA512: |
| 62 return EVP_sha512(); | 62 return EVP_sha512(); |
| 63 } | 63 } |
| 64 | 64 |
| 65 NOTREACHED(); | 65 NOTREACHED(); |
| 66 return nullptr; | 66 return nullptr; |
| 67 } | 67 } |
| 68 | 68 |
| 69 SSLPrivateKey::Type TypeForOpenSSLKey(EVP_PKEY* pkey) { | |
| 70 switch (EVP_PKEY_id(pkey)) { | |
| 71 case EVP_PKEY_RSA: | |
| 72 return SSLPrivateKey::Type::RSA; | |
| 73 case EVP_PKEY_EC: { | |
| 74 switch (EC_GROUP_get_curve_name( | |
| 75 EC_KEY_get0_group(EVP_PKEY_get0_EC_KEY(pkey)))) { | |
| 76 case NID_X9_62_prime256v1: | |
| 77 return SSLPrivateKey::Type::ECDSA_P256; | |
| 78 case NID_secp384r1: | |
| 79 return SSLPrivateKey::Type::ECDSA_P384; | |
| 80 case NID_secp521r1: | |
| 81 return SSLPrivateKey::Type::ECDSA_P521; | |
| 82 } | |
| 83 } | |
| 84 } | |
| 85 | |
| 86 NOTREACHED(); | |
| 87 return SSLPrivateKey::Type::RSA; | |
| 88 } | |
| 89 | |
| 90 // Resize a string to |size| bytes of data, then return its data buffer address | 69 // Resize a string to |size| bytes of data, then return its data buffer address |
| 91 // cast as an 'uint8_t*', as expected by OpenSSL functions. | 70 // cast as an 'uint8_t*', as expected by OpenSSL functions. |
| 92 // |str| the target string. | 71 // |str| the target string. |
| 93 // |size| the number of bytes to write into the string. | 72 // |size| the number of bytes to write into the string. |
| 94 // Return the string's new buffer in memory, as an 'uint8_t*' pointer. | 73 // Return the string's new buffer in memory, as an 'uint8_t*' pointer. |
| 95 uint8_t* OpenSSLWriteInto(std::string* str, size_t size) { | 74 uint8_t* OpenSSLWriteInto(std::string* str, size_t size) { |
| 96 return reinterpret_cast<uint8_t*>(base::WriteInto(str, size + 1)); | 75 return reinterpret_cast<uint8_t*>(base::WriteInto(str, size + 1)); |
| 97 } | 76 } |
| 98 | 77 |
| 99 bool VerifyWithOpenSSL(const EVP_MD* md, | 78 bool VerifyWithOpenSSL(const EVP_MD* md, |
| (...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 150 key->SignDigest( | 129 key->SignDigest( |
| 151 hash, message, | 130 hash, message, |
| 152 base::Bind(OnSignComplete, base::Unretained(&loop), | 131 base::Bind(OnSignComplete, base::Unretained(&loop), |
| 153 base::Unretained(&error), base::Unretained(result))); | 132 base::Unretained(&error), base::Unretained(result))); |
| 154 loop.Run(); | 133 loop.Run(); |
| 155 return error; | 134 return error; |
| 156 } | 135 } |
| 157 | 136 |
| 158 } // namespace | 137 } // namespace |
| 159 | 138 |
| 160 const char* SSLPrivateKeyTypeToString(SSLPrivateKey::Type type) { | |
| 161 switch (type) { | |
| 162 case SSLPrivateKey::Type::RSA: | |
| 163 return "RSA"; | |
| 164 case SSLPrivateKey::Type::ECDSA_P256: | |
| 165 return "ECDSA_P256"; | |
| 166 case SSLPrivateKey::Type::ECDSA_P384: | |
| 167 return "ECDSA_P384"; | |
| 168 case SSLPrivateKey::Type::ECDSA_P521: | |
| 169 return "ECDSA_P521"; | |
| 170 } | |
| 171 | |
| 172 NOTREACHED(); | |
| 173 return ""; | |
| 174 } | |
| 175 | |
| 176 void TestSSLPrivateKeyMatches(SSLPrivateKey* key, const std::string& pkcs8) { | 139 void TestSSLPrivateKeyMatches(SSLPrivateKey* key, const std::string& pkcs8) { |
| 177 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); | 140 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| 178 | 141 |
| 179 // Create the equivalent OpenSSL key. | 142 // Create the equivalent OpenSSL key. |
| 180 CBS cbs; | 143 CBS cbs; |
| 181 CBS_init(&cbs, reinterpret_cast<const uint8_t*>(pkcs8.data()), pkcs8.size()); | 144 CBS_init(&cbs, reinterpret_cast<const uint8_t*>(pkcs8.data()), pkcs8.size()); |
| 182 bssl::UniquePtr<EVP_PKEY> openssl_key(EVP_parse_private_key(&cbs)); | 145 bssl::UniquePtr<EVP_PKEY> openssl_key(EVP_parse_private_key(&cbs)); |
| 183 ASSERT_TRUE(openssl_key); | 146 ASSERT_TRUE(openssl_key); |
| 184 EXPECT_EQ(0u, CBS_len(&cbs)); | 147 EXPECT_EQ(0u, CBS_len(&cbs)); |
| 185 | 148 |
| 186 // Check the length and type matches. | |
| 187 EXPECT_EQ(TypeForOpenSSLKey(openssl_key.get()), key->GetType()); | |
| 188 EXPECT_EQ(static_cast<size_t>(EVP_PKEY_size(openssl_key.get())), | |
| 189 key->GetMaxSignatureLengthInBytes()); | |
| 190 | |
| 191 // Test all supported hash algorithms. | 149 // Test all supported hash algorithms. |
| 192 std::vector<SSLPrivateKey::Hash> hashes = key->GetDigestPreferences(); | 150 std::vector<SSLPrivateKey::Hash> hashes = key->GetDigestPreferences(); |
| 193 | 151 |
| 194 // To support TLS 1.1 and earlier, RSA keys must implicitly support MD5-SHA1, | 152 // To support TLS 1.1 and earlier, RSA keys must implicitly support MD5-SHA1, |
| 195 // despite not being advertised. | 153 // despite not being advertised. |
| 196 if (key->GetType() == SSLPrivateKey::Type::RSA) | 154 if (EVP_PKEY_id(openssl_key.get()) == EVP_PKEY_RSA) |
| 197 hashes.push_back(SSLPrivateKey::Hash::MD5_SHA1); | 155 hashes.push_back(SSLPrivateKey::Hash::MD5_SHA1); |
| 198 | 156 |
| 199 for (SSLPrivateKey::Hash hash : hashes) { | 157 for (SSLPrivateKey::Hash hash : hashes) { |
| 200 SCOPED_TRACE(HashToString(hash)); | 158 SCOPED_TRACE(HashToString(hash)); |
| 201 const EVP_MD* md = HashToMD(hash); | 159 const EVP_MD* md = HashToMD(hash); |
| 202 | 160 |
| 203 std::string digest(EVP_MD_size(md), 'a'); | 161 std::string digest(EVP_MD_size(md), 'a'); |
| 204 | 162 |
| 205 // Test the key generates valid signatures. | 163 // Test the key generates valid signatures. |
| 206 std::string signature; | 164 std::string signature; |
| 207 Error error = DoKeySigningWithWrapper(key, hash, digest, &signature); | 165 Error error = DoKeySigningWithWrapper(key, hash, digest, &signature); |
| 208 EXPECT_THAT(error, IsOk()); | 166 EXPECT_THAT(error, IsOk()); |
| 209 EXPECT_TRUE(VerifyWithOpenSSL(md, digest, openssl_key.get(), signature)); | 167 EXPECT_TRUE(VerifyWithOpenSSL(md, digest, openssl_key.get(), signature)); |
| 210 | 168 |
| 211 // RSA signing is deterministic, so further check the signature matches. | 169 // RSA signing is deterministic, so further check the signature matches. |
| 212 if (key->GetType() == SSLPrivateKey::Type::RSA) { | 170 if (EVP_PKEY_id(openssl_key.get()) == EVP_PKEY_RSA) { |
| 213 std::string openssl_signature; | 171 std::string openssl_signature; |
| 214 ASSERT_TRUE( | 172 ASSERT_TRUE( |
| 215 SignWithOpenSSL(md, digest, openssl_key.get(), &openssl_signature)); | 173 SignWithOpenSSL(md, digest, openssl_key.get(), &openssl_signature)); |
| 216 EXPECT_EQ(openssl_signature, signature); | 174 EXPECT_EQ(openssl_signature, signature); |
| 217 } | 175 } |
| 218 } | 176 } |
| 219 } | 177 } |
| 220 | 178 |
| 221 } // namespace net | 179 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2822283002:
Remove SSLPrivateKey metadata hooks. (Closed)
