OLD | NEW |
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <openssl/bn.h> | 5 #include <openssl/bn.h> |
6 #include <openssl/dsa.h> | 6 #include <openssl/dsa.h> |
7 #include <openssl/ecdsa.h> | 7 #include <openssl/ecdsa.h> |
8 #include <openssl/err.h> | 8 #include <openssl/err.h> |
9 #include <openssl/evp.h> | 9 #include <openssl/evp.h> |
10 #include <openssl/pem.h> | 10 #include <openssl/pem.h> |
11 #include <openssl/rsa.h> | 11 #include <openssl/rsa.h> |
12 #include <openssl/x509.h> | 12 #include <openssl/x509.h> |
13 | 13 |
14 #include "base/android/build_info.h" | 14 #include "base/android/build_info.h" |
15 #include "base/android/jni_android.h" | 15 #include "base/android/jni_android.h" |
16 #include "base/android/jni_array.h" | 16 #include "base/android/jni_array.h" |
17 #include "base/android/scoped_java_ref.h" | 17 #include "base/android/scoped_java_ref.h" |
18 #include "base/basictypes.h" | 18 #include "base/basictypes.h" |
19 #include "base/bind.h" | 19 #include "base/bind.h" |
20 #include "base/callback.h" | 20 #include "base/callback.h" |
21 #include "base/compiler_specific.h" | 21 #include "base/compiler_specific.h" |
22 #include "base/file_util.h" | 22 #include "base/file_util.h" |
23 #include "base/files/file_path.h" | 23 #include "base/files/file_path.h" |
24 #include "base/files/scoped_file.h" | 24 #include "base/files/scoped_file.h" |
25 #include "base/strings/string_number_conversions.h" | 25 #include "base/strings/string_number_conversions.h" |
26 #include "base/strings/string_util.h" | 26 #include "base/strings/string_util.h" |
27 #include "crypto/openssl_util.h" | 27 #include "crypto/openssl_util.h" |
| 28 #include "crypto/scoped_openssl_types.h" |
28 #include "jni/AndroidKeyStoreTestUtil_jni.h" | 29 #include "jni/AndroidKeyStoreTestUtil_jni.h" |
29 #include "net/android/keystore.h" | 30 #include "net/android/keystore.h" |
30 #include "net/android/keystore_openssl.h" | 31 #include "net/android/keystore_openssl.h" |
31 #include "net/base/test_data_directory.h" | 32 #include "net/base/test_data_directory.h" |
32 #include "testing/gtest/include/gtest/gtest.h" | 33 #include "testing/gtest/include/gtest/gtest.h" |
33 | 34 |
34 // Technical note: | 35 // Technical note: |
35 // | 36 // |
36 // This source file not only checks that signing with | 37 // This source file not only checks that signing with |
37 // RawSignDigestWithPrivateKey() works correctly, it also verifies that | 38 // RawSignDigestWithPrivateKey() works correctly, it also verifies that |
(...skipping 11 matching lines...) Expand all Loading... |
49 // For more details, read the comments in AndroidKeyStore.java. | 50 // For more details, read the comments in AndroidKeyStore.java. |
50 // | 51 // |
51 // Finally, it also checks that using the EVP_PKEY generated with | 52 // Finally, it also checks that using the EVP_PKEY generated with |
52 // GetOpenSSLPrivateKeyWrapper() works correctly. | 53 // GetOpenSSLPrivateKeyWrapper() works correctly. |
53 | 54 |
54 namespace net { | 55 namespace net { |
55 namespace android { | 56 namespace android { |
56 | 57 |
57 namespace { | 58 namespace { |
58 | 59 |
59 typedef crypto::ScopedOpenSSL<EVP_PKEY, EVP_PKEY_free> ScopedEVP_PKEY; | 60 typedef scoped_ptr<PKCS8_PRIV_KEY_INFO, |
60 typedef crypto::ScopedOpenSSL<RSA, RSA_free> ScopedRSA; | 61 crypto::OpenSSLDestroyer<PKCS8_PRIV_KEY_INFO, |
61 typedef crypto::ScopedOpenSSL<DSA, DSA_free> ScopedDSA; | 62 PKCS8_PRIV_KEY_INFO_free> > |
62 typedef crypto::ScopedOpenSSL<EC_KEY, EC_KEY_free> ScopedEC_KEY; | 63 ScopedPKCS8_PRIV_KEY_INFO; |
63 typedef crypto::ScopedOpenSSL<BIGNUM, BN_free> ScopedBIGNUM; | |
64 | |
65 typedef crypto::ScopedOpenSSL< | |
66 PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_free> | |
67 ScopedPKCS8_PRIV_KEY_INFO; | |
68 | 64 |
69 typedef base::android::ScopedJavaLocalRef<jobject> ScopedJava; | 65 typedef base::android::ScopedJavaLocalRef<jobject> ScopedJava; |
70 | 66 |
71 JNIEnv* InitEnv() { | 67 JNIEnv* InitEnv() { |
72 JNIEnv* env = base::android::AttachCurrentThread(); | 68 JNIEnv* env = base::android::AttachCurrentThread(); |
73 static bool inited = false; | 69 static bool inited = false; |
74 if (!inited) { | 70 if (!inited) { |
75 RegisterNativesImpl(env); | 71 RegisterNativesImpl(env); |
76 inited = true; | 72 inited = true; |
77 } | 73 } |
(...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
129 << ", " << GetOpenSSLErrorString(); | 125 << ", " << GetOpenSSLErrorString(); |
130 return NULL; | 126 return NULL; |
131 } | 127 } |
132 return pkey; | 128 return pkey; |
133 } | 129 } |
134 | 130 |
135 // Convert a private key into its PKCS#8 encoded representation. | 131 // Convert a private key into its PKCS#8 encoded representation. |
136 // |pkey| is the EVP_PKEY handle for the private key. | 132 // |pkey| is the EVP_PKEY handle for the private key. |
137 // |pkcs8| will receive the PKCS#8 bytes. | 133 // |pkcs8| will receive the PKCS#8 bytes. |
138 // Returns true on success, false otherwise. | 134 // Returns true on success, false otherwise. |
139 bool GetPrivateKeyPkcs8Bytes(const ScopedEVP_PKEY& pkey, | 135 bool GetPrivateKeyPkcs8Bytes(const crypto::ScopedEVP_PKEY& pkey, |
140 std::string* pkcs8) { | 136 std::string* pkcs8) { |
141 // Convert to PKCS#8 object. | 137 // Convert to PKCS#8 object. |
142 ScopedPKCS8_PRIV_KEY_INFO p8_info(EVP_PKEY2PKCS8(pkey.get())); | 138 ScopedPKCS8_PRIV_KEY_INFO p8_info(EVP_PKEY2PKCS8(pkey.get())); |
143 if (!p8_info.get()) { | 139 if (!p8_info.get()) { |
144 LOG(ERROR) << "Can't get PKCS#8 private key from EVP_PKEY: " | 140 LOG(ERROR) << "Can't get PKCS#8 private key from EVP_PKEY: " |
145 << GetOpenSSLErrorString(); | 141 << GetOpenSSLErrorString(); |
146 return false; | 142 return false; |
147 } | 143 } |
148 | 144 |
149 // Then convert it | 145 // Then convert it |
150 int len = i2d_PKCS8_PRIV_KEY_INFO(p8_info.get(), NULL); | 146 int len = i2d_PKCS8_PRIV_KEY_INFO(p8_info.get(), NULL); |
151 unsigned char* p = OpenSSLWriteInto(pkcs8, static_cast<size_t>(len)); | 147 unsigned char* p = OpenSSLWriteInto(pkcs8, static_cast<size_t>(len)); |
152 i2d_PKCS8_PRIV_KEY_INFO(p8_info.get(), &p); | 148 i2d_PKCS8_PRIV_KEY_INFO(p8_info.get(), &p); |
153 return true; | 149 return true; |
154 } | 150 } |
155 | 151 |
156 bool ImportPrivateKeyFileAsPkcs8(const char* filename, | 152 bool ImportPrivateKeyFileAsPkcs8(const char* filename, |
157 std::string* pkcs8) { | 153 std::string* pkcs8) { |
158 ScopedEVP_PKEY pkey(ImportPrivateKeyFile(filename)); | 154 crypto::ScopedEVP_PKEY pkey(ImportPrivateKeyFile(filename)); |
159 if (!pkey.get()) | 155 if (!pkey.get()) |
160 return false; | 156 return false; |
161 return GetPrivateKeyPkcs8Bytes(pkey, pkcs8); | 157 return GetPrivateKeyPkcs8Bytes(pkey, pkcs8); |
162 } | 158 } |
163 | 159 |
164 // Same as ImportPrivateKey, but for public ones. | 160 // Same as ImportPrivateKey, but for public ones. |
165 EVP_PKEY* ImportPublicKeyFile(const char* filename) { | 161 EVP_PKEY* ImportPublicKeyFile(const char* filename) { |
166 // Load file as PEM data. | 162 // Load file as PEM data. |
167 base::FilePath certs_dir = GetTestCertsDirectory(); | 163 base::FilePath certs_dir = GetTestCertsDirectory(); |
168 base::FilePath file_path = certs_dir.AppendASCII(filename); | 164 base::FilePath file_path = certs_dir.AppendASCII(filename); |
(...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
224 return GetPKCS8PrivateKeyJava(PRIVATE_KEY_TYPE_DSA, key); | 220 return GetPKCS8PrivateKeyJava(PRIVATE_KEY_TYPE_DSA, key); |
225 } | 221 } |
226 | 222 |
227 // Call this function to verify that one message signed with our | 223 // Call this function to verify that one message signed with our |
228 // test DSA private key is correct. Since DSA signing introduces | 224 // test DSA private key is correct. Since DSA signing introduces |
229 // random elements in the signature, it is not possible to compare | 225 // random elements in the signature, it is not possible to compare |
230 // signature bits directly. However, one can use the public key | 226 // signature bits directly. However, one can use the public key |
231 // to do the check. | 227 // to do the check. |
232 bool VerifyTestDSASignature(const base::StringPiece& message, | 228 bool VerifyTestDSASignature(const base::StringPiece& message, |
233 const base::StringPiece& signature) { | 229 const base::StringPiece& signature) { |
234 ScopedEVP_PKEY pkey(ImportPublicKeyFile(kTestDsaPublicKeyFile)); | 230 crypto::ScopedEVP_PKEY pkey(ImportPublicKeyFile(kTestDsaPublicKeyFile)); |
235 if (!pkey.get()) | 231 if (!pkey.get()) |
236 return false; | 232 return false; |
237 | 233 |
238 ScopedDSA pub_key(EVP_PKEY_get1_DSA(pkey.get())); | 234 crypto::ScopedDSA pub_key(EVP_PKEY_get1_DSA(pkey.get())); |
239 if (!pub_key.get()) { | 235 if (!pub_key.get()) { |
240 LOG(ERROR) << "Could not get DSA public key: " | 236 LOG(ERROR) << "Could not get DSA public key: " |
241 << GetOpenSSLErrorString(); | 237 << GetOpenSSLErrorString(); |
242 return false; | 238 return false; |
243 } | 239 } |
244 | 240 |
245 const unsigned char* digest = | 241 const unsigned char* digest = |
246 reinterpret_cast<const unsigned char*>(message.data()); | 242 reinterpret_cast<const unsigned char*>(message.data()); |
247 int digest_len = static_cast<int>(message.size()); | 243 int digest_len = static_cast<int>(message.size()); |
248 const unsigned char* sigbuf = | 244 const unsigned char* sigbuf = |
(...skipping 23 matching lines...) Expand all Loading... |
272 return GetPKCS8PrivateKeyJava(PRIVATE_KEY_TYPE_ECDSA, key); | 268 return GetPKCS8PrivateKeyJava(PRIVATE_KEY_TYPE_ECDSA, key); |
273 } | 269 } |
274 | 270 |
275 // Call this function to verify that one message signed with our | 271 // Call this function to verify that one message signed with our |
276 // test DSA private key is correct. Since DSA signing introduces | 272 // test DSA private key is correct. Since DSA signing introduces |
277 // random elements in the signature, it is not possible to compare | 273 // random elements in the signature, it is not possible to compare |
278 // signature bits directly. However, one can use the public key | 274 // signature bits directly. However, one can use the public key |
279 // to do the check. | 275 // to do the check. |
280 bool VerifyTestECDSASignature(const base::StringPiece& message, | 276 bool VerifyTestECDSASignature(const base::StringPiece& message, |
281 const base::StringPiece& signature) { | 277 const base::StringPiece& signature) { |
282 ScopedEVP_PKEY pkey(ImportPublicKeyFile(kTestEcdsaPublicKeyFile)); | 278 crypto::ScopedEVP_PKEY pkey(ImportPublicKeyFile(kTestEcdsaPublicKeyFile)); |
283 if (!pkey.get()) | 279 if (!pkey.get()) |
284 return false; | 280 return false; |
285 ScopedEC_KEY pub_key(EVP_PKEY_get1_EC_KEY(pkey.get())); | 281 crypto::ScopedEC_KEY pub_key(EVP_PKEY_get1_EC_KEY(pkey.get())); |
286 if (!pub_key.get()) { | 282 if (!pub_key.get()) { |
287 LOG(ERROR) << "Could not get ECDSA public key: " | 283 LOG(ERROR) << "Could not get ECDSA public key: " |
288 << GetOpenSSLErrorString(); | 284 << GetOpenSSLErrorString(); |
289 return false; | 285 return false; |
290 } | 286 } |
291 | 287 |
292 const unsigned char* digest = | 288 const unsigned char* digest = |
293 reinterpret_cast<const unsigned char*>(message.data()); | 289 reinterpret_cast<const unsigned char*>(message.data()); |
294 int digest_len = static_cast<int>(message.size()); | 290 int digest_len = static_cast<int>(message.size()); |
295 const unsigned char* sigbuf = | 291 const unsigned char* sigbuf = |
(...skipping 20 matching lines...) Expand all Loading... |
316 const unsigned char* digest = | 312 const unsigned char* digest = |
317 reinterpret_cast<const unsigned char*>(message.data()); | 313 reinterpret_cast<const unsigned char*>(message.data()); |
318 unsigned int digest_len = static_cast<unsigned int>(message.size()); | 314 unsigned int digest_len = static_cast<unsigned int>(message.size()); |
319 std::string signature; | 315 std::string signature; |
320 size_t signature_size; | 316 size_t signature_size; |
321 size_t max_signature_size; | 317 size_t max_signature_size; |
322 int key_type = EVP_PKEY_id(openssl_key); | 318 int key_type = EVP_PKEY_id(openssl_key); |
323 switch (key_type) { | 319 switch (key_type) { |
324 case EVP_PKEY_RSA: | 320 case EVP_PKEY_RSA: |
325 { | 321 { |
326 ScopedRSA rsa(EVP_PKEY_get1_RSA(openssl_key)); | 322 crypto::ScopedRSA rsa(EVP_PKEY_get1_RSA(openssl_key)); |
327 if (!rsa.get()) { | 323 if (!rsa.get()) { |
328 LOG(ERROR) << "Could not get RSA from EVP_PKEY: " | 324 LOG(ERROR) << "Could not get RSA from EVP_PKEY: " |
329 << GetOpenSSLErrorString(); | 325 << GetOpenSSLErrorString(); |
330 return false; | 326 return false; |
331 } | 327 } |
332 // With RSA, the signature will always be RSA_size() bytes. | 328 // With RSA, the signature will always be RSA_size() bytes. |
333 max_signature_size = static_cast<size_t>(RSA_size(rsa.get())); | 329 max_signature_size = static_cast<size_t>(RSA_size(rsa.get())); |
334 unsigned char* p = OpenSSLWriteInto(&signature, | 330 unsigned char* p = OpenSSLWriteInto(&signature, |
335 max_signature_size); | 331 max_signature_size); |
336 unsigned int p_len = 0; | 332 unsigned int p_len = 0; |
337 int ret = RSA_sign( | 333 int ret = RSA_sign( |
338 NID_md5_sha1, digest, digest_len, p, &p_len, rsa.get()); | 334 NID_md5_sha1, digest, digest_len, p, &p_len, rsa.get()); |
339 if (ret != 1) { | 335 if (ret != 1) { |
340 LOG(ERROR) << "RSA_sign() failed: " << GetOpenSSLErrorString(); | 336 LOG(ERROR) << "RSA_sign() failed: " << GetOpenSSLErrorString(); |
341 return false; | 337 return false; |
342 } | 338 } |
343 signature_size = static_cast<size_t>(p_len); | 339 signature_size = static_cast<size_t>(p_len); |
344 break; | 340 break; |
345 } | 341 } |
346 case EVP_PKEY_DSA: | 342 case EVP_PKEY_DSA: |
347 { | 343 { |
348 ScopedDSA dsa(EVP_PKEY_get1_DSA(openssl_key)); | 344 crypto::ScopedDSA dsa(EVP_PKEY_get1_DSA(openssl_key)); |
349 if (!dsa.get()) { | 345 if (!dsa.get()) { |
350 LOG(ERROR) << "Could not get DSA from EVP_PKEY: " | 346 LOG(ERROR) << "Could not get DSA from EVP_PKEY: " |
351 << GetOpenSSLErrorString(); | 347 << GetOpenSSLErrorString(); |
352 return false; | 348 return false; |
353 } | 349 } |
354 // Note, the actual signature can be smaller than DSA_size() | 350 // Note, the actual signature can be smaller than DSA_size() |
355 max_signature_size = static_cast<size_t>(DSA_size(dsa.get())); | 351 max_signature_size = static_cast<size_t>(DSA_size(dsa.get())); |
356 unsigned char* p = OpenSSLWriteInto(&signature, | 352 unsigned char* p = OpenSSLWriteInto(&signature, |
357 max_signature_size); | 353 max_signature_size); |
358 unsigned int p_len = 0; | 354 unsigned int p_len = 0; |
359 // Note: first parameter is ignored by function. | 355 // Note: first parameter is ignored by function. |
360 int ret = DSA_sign(0, digest, digest_len, p, &p_len, dsa.get()); | 356 int ret = DSA_sign(0, digest, digest_len, p, &p_len, dsa.get()); |
361 if (ret != 1) { | 357 if (ret != 1) { |
362 LOG(ERROR) << "DSA_sign() failed: " << GetOpenSSLErrorString(); | 358 LOG(ERROR) << "DSA_sign() failed: " << GetOpenSSLErrorString(); |
363 return false; | 359 return false; |
364 } | 360 } |
365 signature_size = static_cast<size_t>(p_len); | 361 signature_size = static_cast<size_t>(p_len); |
366 break; | 362 break; |
367 } | 363 } |
368 case EVP_PKEY_EC: | 364 case EVP_PKEY_EC: |
369 { | 365 { |
370 ScopedEC_KEY ecdsa(EVP_PKEY_get1_EC_KEY(openssl_key)); | 366 crypto::ScopedEC_KEY ecdsa(EVP_PKEY_get1_EC_KEY(openssl_key)); |
371 if (!ecdsa.get()) { | 367 if (!ecdsa.get()) { |
372 LOG(ERROR) << "Could not get EC_KEY from EVP_PKEY: " | 368 LOG(ERROR) << "Could not get EC_KEY from EVP_PKEY: " |
373 << GetOpenSSLErrorString(); | 369 << GetOpenSSLErrorString(); |
374 return false; | 370 return false; |
375 } | 371 } |
376 // Note, the actual signature can be smaller than ECDSA_size() | 372 // Note, the actual signature can be smaller than ECDSA_size() |
377 max_signature_size = ECDSA_size(ecdsa.get()); | 373 max_signature_size = ECDSA_size(ecdsa.get()); |
378 unsigned char* p = OpenSSLWriteInto(&signature, | 374 unsigned char* p = OpenSSLWriteInto(&signature, |
379 max_signature_size); | 375 max_signature_size); |
380 unsigned int p_len = 0; | 376 unsigned int p_len = 0; |
(...skipping 106 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
487 wrapper_signature.size()); | 483 wrapper_signature.size()); |
488 } | 484 } |
489 | 485 |
490 } // namespace | 486 } // namespace |
491 | 487 |
492 TEST(AndroidKeyStore,GetRSAKeyModulus) { | 488 TEST(AndroidKeyStore,GetRSAKeyModulus) { |
493 crypto::OpenSSLErrStackTracer err_trace(FROM_HERE); | 489 crypto::OpenSSLErrStackTracer err_trace(FROM_HERE); |
494 InitEnv(); | 490 InitEnv(); |
495 | 491 |
496 // Load the test RSA key. | 492 // Load the test RSA key. |
497 ScopedEVP_PKEY pkey(ImportPrivateKeyFile(kTestRsaKeyFile)); | 493 crypto::ScopedEVP_PKEY pkey(ImportPrivateKeyFile(kTestRsaKeyFile)); |
498 ASSERT_TRUE(pkey.get()); | 494 ASSERT_TRUE(pkey.get()); |
499 | 495 |
500 // Convert it to encoded PKCS#8 bytes. | 496 // Convert it to encoded PKCS#8 bytes. |
501 std::string pkcs8_data; | 497 std::string pkcs8_data; |
502 ASSERT_TRUE(GetPrivateKeyPkcs8Bytes(pkey, &pkcs8_data)); | 498 ASSERT_TRUE(GetPrivateKeyPkcs8Bytes(pkey, &pkcs8_data)); |
503 | 499 |
504 // Create platform PrivateKey object from it. | 500 // Create platform PrivateKey object from it. |
505 ScopedJava key_java = GetPKCS8PrivateKeyJava(PRIVATE_KEY_TYPE_RSA, | 501 ScopedJava key_java = GetPKCS8PrivateKeyJava(PRIVATE_KEY_TYPE_RSA, |
506 pkcs8_data); | 502 pkcs8_data); |
507 ASSERT_FALSE(key_java.is_null()); | 503 ASSERT_FALSE(key_java.is_null()); |
508 | 504 |
509 // Retrieve the corresponding modulus through JNI | 505 // Retrieve the corresponding modulus through JNI |
510 std::vector<uint8> modulus_java; | 506 std::vector<uint8> modulus_java; |
511 ASSERT_TRUE(GetRSAKeyModulus(key_java.obj(), &modulus_java)); | 507 ASSERT_TRUE(GetRSAKeyModulus(key_java.obj(), &modulus_java)); |
512 | 508 |
513 // Create an OpenSSL BIGNUM from it. | 509 // Create an OpenSSL BIGNUM from it. |
514 ScopedBIGNUM bn( | 510 crypto::ScopedBIGNUM bn( |
515 BN_bin2bn( | 511 BN_bin2bn( |
516 reinterpret_cast<const unsigned char*>(&modulus_java[0]), | 512 reinterpret_cast<const unsigned char*>(&modulus_java[0]), |
517 static_cast<int>(modulus_java.size()), | 513 static_cast<int>(modulus_java.size()), |
518 NULL)); | 514 NULL)); |
519 ASSERT_TRUE(bn.get()); | 515 ASSERT_TRUE(bn.get()); |
520 | 516 |
521 // Compare it to the one in the RSA key, they must be identical. | 517 // Compare it to the one in the RSA key, they must be identical. |
522 ScopedRSA rsa(EVP_PKEY_get1_RSA(pkey.get())); | 518 crypto::ScopedRSA rsa(EVP_PKEY_get1_RSA(pkey.get())); |
523 ASSERT_TRUE(rsa.get()) << GetOpenSSLErrorString(); | 519 ASSERT_TRUE(rsa.get()) << GetOpenSSLErrorString(); |
524 | 520 |
525 ASSERT_EQ(0, BN_cmp(bn.get(), rsa.get()->n)); | 521 ASSERT_EQ(0, BN_cmp(bn.get(), rsa.get()->n)); |
526 } | 522 } |
527 | 523 |
528 TEST(AndroidKeyStore,GetDSAKeyParamQ) { | 524 TEST(AndroidKeyStore,GetDSAKeyParamQ) { |
529 crypto::OpenSSLErrStackTracer err_trace(FROM_HERE); | 525 crypto::OpenSSLErrStackTracer err_trace(FROM_HERE); |
530 InitEnv(); | 526 InitEnv(); |
531 | 527 |
532 // Load the test DSA key. | 528 // Load the test DSA key. |
533 ScopedEVP_PKEY pkey(ImportPrivateKeyFile(kTestDsaKeyFile)); | 529 crypto::ScopedEVP_PKEY pkey(ImportPrivateKeyFile(kTestDsaKeyFile)); |
534 ASSERT_TRUE(pkey.get()); | 530 ASSERT_TRUE(pkey.get()); |
535 | 531 |
536 // Convert it to encoded PKCS#8 bytes. | 532 // Convert it to encoded PKCS#8 bytes. |
537 std::string pkcs8_data; | 533 std::string pkcs8_data; |
538 ASSERT_TRUE(GetPrivateKeyPkcs8Bytes(pkey, &pkcs8_data)); | 534 ASSERT_TRUE(GetPrivateKeyPkcs8Bytes(pkey, &pkcs8_data)); |
539 | 535 |
540 // Create platform PrivateKey object from it. | 536 // Create platform PrivateKey object from it. |
541 ScopedJava key_java = GetPKCS8PrivateKeyJava(PRIVATE_KEY_TYPE_DSA, | 537 ScopedJava key_java = GetPKCS8PrivateKeyJava(PRIVATE_KEY_TYPE_DSA, |
542 pkcs8_data); | 538 pkcs8_data); |
543 ASSERT_FALSE(key_java.is_null()); | 539 ASSERT_FALSE(key_java.is_null()); |
544 | 540 |
545 // Retrieve the corresponding Q parameter through JNI | 541 // Retrieve the corresponding Q parameter through JNI |
546 std::vector<uint8> q_java; | 542 std::vector<uint8> q_java; |
547 ASSERT_TRUE(GetDSAKeyParamQ(key_java.obj(), &q_java)); | 543 ASSERT_TRUE(GetDSAKeyParamQ(key_java.obj(), &q_java)); |
548 | 544 |
549 // Create an OpenSSL BIGNUM from it. | 545 // Create an OpenSSL BIGNUM from it. |
550 ScopedBIGNUM bn( | 546 crypto::ScopedBIGNUM bn( |
551 BN_bin2bn( | 547 BN_bin2bn( |
552 reinterpret_cast<const unsigned char*>(&q_java[0]), | 548 reinterpret_cast<const unsigned char*>(&q_java[0]), |
553 static_cast<int>(q_java.size()), | 549 static_cast<int>(q_java.size()), |
554 NULL)); | 550 NULL)); |
555 ASSERT_TRUE(bn.get()); | 551 ASSERT_TRUE(bn.get()); |
556 | 552 |
557 // Compare it to the one in the RSA key, they must be identical. | 553 // Compare it to the one in the RSA key, they must be identical. |
558 ScopedDSA dsa(EVP_PKEY_get1_DSA(pkey.get())); | 554 crypto::ScopedDSA dsa(EVP_PKEY_get1_DSA(pkey.get())); |
559 ASSERT_TRUE(dsa.get()) << GetOpenSSLErrorString(); | 555 ASSERT_TRUE(dsa.get()) << GetOpenSSLErrorString(); |
560 | 556 |
561 ASSERT_EQ(0, BN_cmp(bn.get(), dsa.get()->q)); | 557 ASSERT_EQ(0, BN_cmp(bn.get(), dsa.get()->q)); |
562 } | 558 } |
563 | 559 |
564 TEST(AndroidKeyStore,GetPrivateKeyTypeRSA) { | 560 TEST(AndroidKeyStore,GetPrivateKeyTypeRSA) { |
565 crypto::OpenSSLErrStackTracer err_trace(FROM_HERE); | 561 crypto::OpenSSLErrStackTracer err_trace(FROM_HERE); |
566 | 562 |
567 ScopedJava rsa_key = GetRSATestKeyJava(); | 563 ScopedJava rsa_key = GetRSATestKeyJava(); |
568 ASSERT_FALSE(rsa_key.is_null()); | 564 ASSERT_FALSE(rsa_key.is_null()); |
569 EXPECT_EQ(PRIVATE_KEY_TYPE_RSA, | 565 EXPECT_EQ(PRIVATE_KEY_TYPE_RSA, |
570 GetPrivateKeyType(rsa_key.obj())); | 566 GetPrivateKeyType(rsa_key.obj())); |
571 } | 567 } |
572 | 568 |
573 TEST(AndroidKeyStore,SignWithPrivateKeyRSA) { | 569 TEST(AndroidKeyStore,SignWithPrivateKeyRSA) { |
574 ScopedJava rsa_key = GetRSATestKeyJava(); | 570 ScopedJava rsa_key = GetRSATestKeyJava(); |
575 ASSERT_FALSE(rsa_key.is_null()); | 571 ASSERT_FALSE(rsa_key.is_null()); |
576 | 572 |
577 if (IsOnAndroidOlderThan_4_2()) { | 573 if (IsOnAndroidOlderThan_4_2()) { |
578 LOG(INFO) << "This test can't run on Android < 4.2"; | 574 LOG(INFO) << "This test can't run on Android < 4.2"; |
579 return; | 575 return; |
580 } | 576 } |
581 | 577 |
582 ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestRsaKeyFile)); | 578 crypto::ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestRsaKeyFile)); |
583 ASSERT_TRUE(openssl_key.get()); | 579 ASSERT_TRUE(openssl_key.get()); |
584 | 580 |
585 std::string message = kTestRsaHash; | 581 std::string message = kTestRsaHash; |
586 ASSERT_EQ(36U, message.size()); | 582 ASSERT_EQ(36U, message.size()); |
587 | 583 |
588 std::string signature; | 584 std::string signature; |
589 DoKeySigning(rsa_key.obj(), openssl_key.get(), message, &signature); | 585 DoKeySigning(rsa_key.obj(), openssl_key.get(), message, &signature); |
590 ASSERT_TRUE( | 586 ASSERT_TRUE( |
591 CompareSignatureWithOpenSSL(message, signature, openssl_key.get())); | 587 CompareSignatureWithOpenSSL(message, signature, openssl_key.get())); |
592 // All good. | 588 // All good. |
593 } | 589 } |
594 | 590 |
595 TEST(AndroidKeyStore,SignWithWrapperKeyRSA) { | 591 TEST(AndroidKeyStore,SignWithWrapperKeyRSA) { |
596 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); | 592 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
597 | 593 |
598 ScopedJava rsa_key = GetRSATestKeyJava(); | 594 ScopedJava rsa_key = GetRSATestKeyJava(); |
599 ASSERT_FALSE(rsa_key.is_null()); | 595 ASSERT_FALSE(rsa_key.is_null()); |
600 | 596 |
601 ScopedEVP_PKEY wrapper_key(GetOpenSSLPrivateKeyWrapper(rsa_key.obj())); | 597 crypto::ScopedEVP_PKEY wrapper_key( |
| 598 GetOpenSSLPrivateKeyWrapper(rsa_key.obj())); |
602 ASSERT_TRUE(wrapper_key.get() != NULL); | 599 ASSERT_TRUE(wrapper_key.get() != NULL); |
603 | 600 |
604 ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestRsaKeyFile)); | 601 crypto::ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestRsaKeyFile)); |
605 ASSERT_TRUE(openssl_key.get()); | 602 ASSERT_TRUE(openssl_key.get()); |
606 | 603 |
607 // Check that RSA_size() works properly on the wrapper key. | 604 // Check that RSA_size() works properly on the wrapper key. |
608 EXPECT_EQ(EVP_PKEY_size(openssl_key.get()), | 605 EXPECT_EQ(EVP_PKEY_size(openssl_key.get()), |
609 EVP_PKEY_size(wrapper_key.get())); | 606 EVP_PKEY_size(wrapper_key.get())); |
610 | 607 |
611 // Message size must be 36 for RSA_sign(NID_md5_sha1,...) to return | 608 // Message size must be 36 for RSA_sign(NID_md5_sha1,...) to return |
612 // without an error. | 609 // without an error. |
613 std::string message = kTestRsaHash; | 610 std::string message = kTestRsaHash; |
614 ASSERT_EQ(36U, message.size()); | 611 ASSERT_EQ(36U, message.size()); |
(...skipping 13 matching lines...) Expand all Loading... |
628 ScopedJava dsa_key = GetDSATestKeyJava(); | 625 ScopedJava dsa_key = GetDSATestKeyJava(); |
629 ASSERT_FALSE(dsa_key.is_null()); | 626 ASSERT_FALSE(dsa_key.is_null()); |
630 EXPECT_EQ(PRIVATE_KEY_TYPE_DSA, | 627 EXPECT_EQ(PRIVATE_KEY_TYPE_DSA, |
631 GetPrivateKeyType(dsa_key.obj())); | 628 GetPrivateKeyType(dsa_key.obj())); |
632 } | 629 } |
633 | 630 |
634 TEST(AndroidKeyStore,SignWithPrivateKeyDSA) { | 631 TEST(AndroidKeyStore,SignWithPrivateKeyDSA) { |
635 ScopedJava dsa_key = GetDSATestKeyJava(); | 632 ScopedJava dsa_key = GetDSATestKeyJava(); |
636 ASSERT_FALSE(dsa_key.is_null()); | 633 ASSERT_FALSE(dsa_key.is_null()); |
637 | 634 |
638 ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestDsaKeyFile)); | 635 crypto::ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestDsaKeyFile)); |
639 ASSERT_TRUE(openssl_key.get()); | 636 ASSERT_TRUE(openssl_key.get()); |
640 | 637 |
641 std::string message = kTestDsaHash; | 638 std::string message = kTestDsaHash; |
642 ASSERT_EQ(20U, message.size()); | 639 ASSERT_EQ(20U, message.size()); |
643 | 640 |
644 std::string signature; | 641 std::string signature; |
645 DoKeySigning(dsa_key.obj(), openssl_key.get(), message, &signature); | 642 DoKeySigning(dsa_key.obj(), openssl_key.get(), message, &signature); |
646 ASSERT_TRUE(VerifyTestDSASignature(message, signature)); | 643 ASSERT_TRUE(VerifyTestDSASignature(message, signature)); |
647 } | 644 } |
648 | 645 |
649 TEST(AndroidKeyStore,SignWithWrapperKeyDSA) { | 646 TEST(AndroidKeyStore,SignWithWrapperKeyDSA) { |
650 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); | 647 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
651 | 648 |
652 ScopedJava dsa_key = GetDSATestKeyJava(); | 649 ScopedJava dsa_key = GetDSATestKeyJava(); |
653 ASSERT_FALSE(dsa_key.is_null()); | 650 ASSERT_FALSE(dsa_key.is_null()); |
654 | 651 |
655 ScopedEVP_PKEY wrapper_key( | 652 crypto::ScopedEVP_PKEY wrapper_key( |
656 GetOpenSSLPrivateKeyWrapper(dsa_key.obj())); | 653 GetOpenSSLPrivateKeyWrapper(dsa_key.obj())); |
657 ASSERT_TRUE(wrapper_key.get()); | 654 ASSERT_TRUE(wrapper_key.get()); |
658 | 655 |
659 ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestDsaKeyFile)); | 656 crypto::ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestDsaKeyFile)); |
660 ASSERT_TRUE(openssl_key.get()); | 657 ASSERT_TRUE(openssl_key.get()); |
661 | 658 |
662 // Check that DSA_size() works correctly on the wrapper. | 659 // Check that DSA_size() works correctly on the wrapper. |
663 EXPECT_EQ(EVP_PKEY_size(openssl_key.get()), | 660 EXPECT_EQ(EVP_PKEY_size(openssl_key.get()), |
664 EVP_PKEY_size(wrapper_key.get())); | 661 EVP_PKEY_size(wrapper_key.get())); |
665 | 662 |
666 std::string message = kTestDsaHash; | 663 std::string message = kTestDsaHash; |
667 std::string signature; | 664 std::string signature; |
668 DoKeySigningWithWrapper(wrapper_key.get(), | 665 DoKeySigningWithWrapper(wrapper_key.get(), |
669 openssl_key.get(), | 666 openssl_key.get(), |
670 message, | 667 message, |
671 &signature); | 668 &signature); |
672 ASSERT_TRUE(VerifyTestDSASignature(message, signature)); | 669 ASSERT_TRUE(VerifyTestDSASignature(message, signature)); |
673 } | 670 } |
674 | 671 |
675 TEST(AndroidKeyStore,GetPrivateKeyTypeECDSA) { | 672 TEST(AndroidKeyStore,GetPrivateKeyTypeECDSA) { |
676 crypto::OpenSSLErrStackTracer err_trace(FROM_HERE); | 673 crypto::OpenSSLErrStackTracer err_trace(FROM_HERE); |
677 | 674 |
678 ScopedJava ecdsa_key = GetECDSATestKeyJava(); | 675 ScopedJava ecdsa_key = GetECDSATestKeyJava(); |
679 ASSERT_FALSE(ecdsa_key.is_null()); | 676 ASSERT_FALSE(ecdsa_key.is_null()); |
680 EXPECT_EQ(PRIVATE_KEY_TYPE_ECDSA, | 677 EXPECT_EQ(PRIVATE_KEY_TYPE_ECDSA, |
681 GetPrivateKeyType(ecdsa_key.obj())); | 678 GetPrivateKeyType(ecdsa_key.obj())); |
682 } | 679 } |
683 | 680 |
684 TEST(AndroidKeyStore,SignWithPrivateKeyECDSA) { | 681 TEST(AndroidKeyStore,SignWithPrivateKeyECDSA) { |
685 ScopedJava ecdsa_key = GetECDSATestKeyJava(); | 682 ScopedJava ecdsa_key = GetECDSATestKeyJava(); |
686 ASSERT_FALSE(ecdsa_key.is_null()); | 683 ASSERT_FALSE(ecdsa_key.is_null()); |
687 | 684 |
688 ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestEcdsaKeyFile)); | 685 crypto::ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestEcdsaKeyFile)); |
689 ASSERT_TRUE(openssl_key.get()); | 686 ASSERT_TRUE(openssl_key.get()); |
690 | 687 |
691 std::string message = kTestEcdsaHash; | 688 std::string message = kTestEcdsaHash; |
692 std::string signature; | 689 std::string signature; |
693 DoKeySigning(ecdsa_key.obj(), openssl_key.get(), message, &signature); | 690 DoKeySigning(ecdsa_key.obj(), openssl_key.get(), message, &signature); |
694 ASSERT_TRUE(VerifyTestECDSASignature(message, signature)); | 691 ASSERT_TRUE(VerifyTestECDSASignature(message, signature)); |
695 } | 692 } |
696 | 693 |
697 TEST(AndroidKeyStore, SignWithWrapperKeyECDSA) { | 694 TEST(AndroidKeyStore, SignWithWrapperKeyECDSA) { |
698 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); | 695 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
699 | 696 |
700 ScopedJava ecdsa_key = GetECDSATestKeyJava(); | 697 ScopedJava ecdsa_key = GetECDSATestKeyJava(); |
701 ASSERT_FALSE(ecdsa_key.is_null()); | 698 ASSERT_FALSE(ecdsa_key.is_null()); |
702 | 699 |
703 ScopedEVP_PKEY wrapper_key( | 700 crypto::ScopedEVP_PKEY wrapper_key( |
704 GetOpenSSLPrivateKeyWrapper(ecdsa_key.obj())); | 701 GetOpenSSLPrivateKeyWrapper(ecdsa_key.obj())); |
705 ASSERT_TRUE(wrapper_key.get()); | 702 ASSERT_TRUE(wrapper_key.get()); |
706 | 703 |
707 ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestEcdsaKeyFile)); | 704 crypto::ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestEcdsaKeyFile)); |
708 ASSERT_TRUE(openssl_key.get()); | 705 ASSERT_TRUE(openssl_key.get()); |
709 | 706 |
710 // Check that ECDSA size works correctly on the wrapper. | 707 // Check that ECDSA size works correctly on the wrapper. |
711 EXPECT_EQ(EVP_PKEY_size(openssl_key.get()), | 708 EXPECT_EQ(EVP_PKEY_size(openssl_key.get()), |
712 EVP_PKEY_size(wrapper_key.get())); | 709 EVP_PKEY_size(wrapper_key.get())); |
713 | 710 |
714 std::string message = kTestEcdsaHash; | 711 std::string message = kTestEcdsaHash; |
715 std::string signature; | 712 std::string signature; |
716 DoKeySigningWithWrapper(wrapper_key.get(), | 713 DoKeySigningWithWrapper(wrapper_key.get(), |
717 openssl_key.get(), | 714 openssl_key.get(), |
718 message, | 715 message, |
719 &signature); | 716 &signature); |
720 ASSERT_TRUE(VerifyTestECDSASignature(message, signature)); | 717 ASSERT_TRUE(VerifyTestECDSASignature(message, signature)); |
721 } | 718 } |
722 | 719 |
723 } // namespace android | 720 } // namespace android |
724 } // namespace net | 721 } // namespace net |
OLD | NEW |