| OLD | NEW |
|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <openssl/bn.h> | 5 #include <openssl/bn.h> |
| 6 #include <openssl/dsa.h> | 6 #include <openssl/dsa.h> |
| 7 #include <openssl/ecdsa.h> | 7 #include <openssl/ecdsa.h> |
| 8 #include <openssl/err.h> | 8 #include <openssl/err.h> |
| 9 #include <openssl/evp.h> | 9 #include <openssl/evp.h> |
| 10 #include <openssl/pem.h> | 10 #include <openssl/pem.h> |
| 11 #include <openssl/rsa.h> | 11 #include <openssl/rsa.h> |
| 12 #include <openssl/x509.h> | 12 #include <openssl/x509.h> |
| 13 | 13 |
| 14 #include "base/android/build_info.h" | 14 #include "base/android/build_info.h" |
| 15 #include "base/android/jni_android.h" | 15 #include "base/android/jni_android.h" |
| 16 #include "base/android/jni_array.h" | 16 #include "base/android/jni_array.h" |
| 17 #include "base/android/scoped_java_ref.h" | 17 #include "base/android/scoped_java_ref.h" |
| 18 #include "base/basictypes.h" | 18 #include "base/basictypes.h" |
| 19 #include "base/bind.h" | 19 #include "base/bind.h" |
| 20 #include "base/callback.h" | 20 #include "base/callback.h" |
| 21 #include "base/compiler_specific.h" | 21 #include "base/compiler_specific.h" |
| 22 #include "base/file_util.h" | 22 #include "base/file_util.h" |
| 23 #include "base/files/file_path.h" | 23 #include "base/files/file_path.h" |
| 24 #include "base/files/scoped_file.h" | 24 #include "base/files/scoped_file.h" |
| 25 #include "base/strings/string_number_conversions.h" | 25 #include "base/strings/string_number_conversions.h" |
| 26 #include "base/strings/string_util.h" | 26 #include "base/strings/string_util.h" |
| 27 #include "crypto/openssl_util.h" | 27 #include "crypto/openssl_util.h" |
| 28 #include "crypto/scoped_openssl_types.h" |
| 28 #include "jni/AndroidKeyStoreTestUtil_jni.h" | 29 #include "jni/AndroidKeyStoreTestUtil_jni.h" |
| 29 #include "net/android/keystore.h" | 30 #include "net/android/keystore.h" |
| 30 #include "net/android/keystore_openssl.h" | 31 #include "net/android/keystore_openssl.h" |
| 31 #include "net/base/test_data_directory.h" | 32 #include "net/base/test_data_directory.h" |
| 32 #include "testing/gtest/include/gtest/gtest.h" | 33 #include "testing/gtest/include/gtest/gtest.h" |
| 33 | 34 |
| 34 // Technical note: | 35 // Technical note: |
| 35 // | 36 // |
| 36 // This source file not only checks that signing with | 37 // This source file not only checks that signing with |
| 37 // RawSignDigestWithPrivateKey() works correctly, it also verifies that | 38 // RawSignDigestWithPrivateKey() works correctly, it also verifies that |
| (...skipping 11 matching lines...) Expand all Loading... |
| 49 // For more details, read the comments in AndroidKeyStore.java. | 50 // For more details, read the comments in AndroidKeyStore.java. |
| 50 // | 51 // |
| 51 // Finally, it also checks that using the EVP_PKEY generated with | 52 // Finally, it also checks that using the EVP_PKEY generated with |
| 52 // GetOpenSSLPrivateKeyWrapper() works correctly. | 53 // GetOpenSSLPrivateKeyWrapper() works correctly. |
| 53 | 54 |
| 54 namespace net { | 55 namespace net { |
| 55 namespace android { | 56 namespace android { |
| 56 | 57 |
| 57 namespace { | 58 namespace { |
| 58 | 59 |
| 59 typedef crypto::ScopedOpenSSL<EVP_PKEY, EVP_PKEY_free> ScopedEVP_PKEY; | 60 typedef scoped_ptr<PKCS8_PRIV_KEY_INFO, |
| 60 typedef crypto::ScopedOpenSSL<RSA, RSA_free> ScopedRSA; | 61 crypto::OpenSSLDestroyer<PKCS8_PRIV_KEY_INFO, |
| 61 typedef crypto::ScopedOpenSSL<DSA, DSA_free> ScopedDSA; | 62 PKCS8_PRIV_KEY_INFO_free> > |
| 62 typedef crypto::ScopedOpenSSL<EC_KEY, EC_KEY_free> ScopedEC_KEY; | 63 ScopedPKCS8_PRIV_KEY_INFO; |
| 63 typedef crypto::ScopedOpenSSL<BIGNUM, BN_free> ScopedBIGNUM; | |
| 64 | |
| 65 typedef crypto::ScopedOpenSSL< | |
| 66 PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_free> | |
| 67 ScopedPKCS8_PRIV_KEY_INFO; | |
| 68 | 64 |
| 69 typedef base::android::ScopedJavaLocalRef<jobject> ScopedJava; | 65 typedef base::android::ScopedJavaLocalRef<jobject> ScopedJava; |
| 70 | 66 |
| 71 JNIEnv* InitEnv() { | 67 JNIEnv* InitEnv() { |
| 72 JNIEnv* env = base::android::AttachCurrentThread(); | 68 JNIEnv* env = base::android::AttachCurrentThread(); |
| 73 static bool inited = false; | 69 static bool inited = false; |
| 74 if (!inited) { | 70 if (!inited) { |
| 75 RegisterNativesImpl(env); | 71 RegisterNativesImpl(env); |
| 76 inited = true; | 72 inited = true; |
| 77 } | 73 } |
| (...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 129 << ", " << GetOpenSSLErrorString(); | 125 << ", " << GetOpenSSLErrorString(); |
| 130 return NULL; | 126 return NULL; |
| 131 } | 127 } |
| 132 return pkey; | 128 return pkey; |
| 133 } | 129 } |
| 134 | 130 |
| 135 // Convert a private key into its PKCS#8 encoded representation. | 131 // Convert a private key into its PKCS#8 encoded representation. |
| 136 // |pkey| is the EVP_PKEY handle for the private key. | 132 // |pkey| is the EVP_PKEY handle for the private key. |
| 137 // |pkcs8| will receive the PKCS#8 bytes. | 133 // |pkcs8| will receive the PKCS#8 bytes. |
| 138 // Returns true on success, false otherwise. | 134 // Returns true on success, false otherwise. |
| 139 bool GetPrivateKeyPkcs8Bytes(const ScopedEVP_PKEY& pkey, | 135 bool GetPrivateKeyPkcs8Bytes(const crypto::ScopedEVP_PKEY& pkey, |
| 140 std::string* pkcs8) { | 136 std::string* pkcs8) { |
| 141 // Convert to PKCS#8 object. | 137 // Convert to PKCS#8 object. |
| 142 ScopedPKCS8_PRIV_KEY_INFO p8_info(EVP_PKEY2PKCS8(pkey.get())); | 138 ScopedPKCS8_PRIV_KEY_INFO p8_info(EVP_PKEY2PKCS8(pkey.get())); |
| 143 if (!p8_info.get()) { | 139 if (!p8_info.get()) { |
| 144 LOG(ERROR) << "Can't get PKCS#8 private key from EVP_PKEY: " | 140 LOG(ERROR) << "Can't get PKCS#8 private key from EVP_PKEY: " |
| 145 << GetOpenSSLErrorString(); | 141 << GetOpenSSLErrorString(); |
| 146 return false; | 142 return false; |
| 147 } | 143 } |
| 148 | 144 |
| 149 // Then convert it | 145 // Then convert it |
| 150 int len = i2d_PKCS8_PRIV_KEY_INFO(p8_info.get(), NULL); | 146 int len = i2d_PKCS8_PRIV_KEY_INFO(p8_info.get(), NULL); |
| 151 unsigned char* p = OpenSSLWriteInto(pkcs8, static_cast<size_t>(len)); | 147 unsigned char* p = OpenSSLWriteInto(pkcs8, static_cast<size_t>(len)); |
| 152 i2d_PKCS8_PRIV_KEY_INFO(p8_info.get(), &p); | 148 i2d_PKCS8_PRIV_KEY_INFO(p8_info.get(), &p); |
| 153 return true; | 149 return true; |
| 154 } | 150 } |
| 155 | 151 |
| 156 bool ImportPrivateKeyFileAsPkcs8(const char* filename, | 152 bool ImportPrivateKeyFileAsPkcs8(const char* filename, |
| 157 std::string* pkcs8) { | 153 std::string* pkcs8) { |
| 158 ScopedEVP_PKEY pkey(ImportPrivateKeyFile(filename)); | 154 crypto::ScopedEVP_PKEY pkey(ImportPrivateKeyFile(filename)); |
| 159 if (!pkey.get()) | 155 if (!pkey.get()) |
| 160 return false; | 156 return false; |
| 161 return GetPrivateKeyPkcs8Bytes(pkey, pkcs8); | 157 return GetPrivateKeyPkcs8Bytes(pkey, pkcs8); |
| 162 } | 158 } |
| 163 | 159 |
| 164 // Same as ImportPrivateKey, but for public ones. | 160 // Same as ImportPrivateKey, but for public ones. |
| 165 EVP_PKEY* ImportPublicKeyFile(const char* filename) { | 161 EVP_PKEY* ImportPublicKeyFile(const char* filename) { |
| 166 // Load file as PEM data. | 162 // Load file as PEM data. |
| 167 base::FilePath certs_dir = GetTestCertsDirectory(); | 163 base::FilePath certs_dir = GetTestCertsDirectory(); |
| 168 base::FilePath file_path = certs_dir.AppendASCII(filename); | 164 base::FilePath file_path = certs_dir.AppendASCII(filename); |
| (...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 224 return GetPKCS8PrivateKeyJava(PRIVATE_KEY_TYPE_DSA, key); | 220 return GetPKCS8PrivateKeyJava(PRIVATE_KEY_TYPE_DSA, key); |
| 225 } | 221 } |
| 226 | 222 |
| 227 // Call this function to verify that one message signed with our | 223 // Call this function to verify that one message signed with our |
| 228 // test DSA private key is correct. Since DSA signing introduces | 224 // test DSA private key is correct. Since DSA signing introduces |
| 229 // random elements in the signature, it is not possible to compare | 225 // random elements in the signature, it is not possible to compare |
| 230 // signature bits directly. However, one can use the public key | 226 // signature bits directly. However, one can use the public key |
| 231 // to do the check. | 227 // to do the check. |
| 232 bool VerifyTestDSASignature(const base::StringPiece& message, | 228 bool VerifyTestDSASignature(const base::StringPiece& message, |
| 233 const base::StringPiece& signature) { | 229 const base::StringPiece& signature) { |
| 234 ScopedEVP_PKEY pkey(ImportPublicKeyFile(kTestDsaPublicKeyFile)); | 230 crypto::ScopedEVP_PKEY pkey(ImportPublicKeyFile(kTestDsaPublicKeyFile)); |
| 235 if (!pkey.get()) | 231 if (!pkey.get()) |
| 236 return false; | 232 return false; |
| 237 | 233 |
| 238 ScopedDSA pub_key(EVP_PKEY_get1_DSA(pkey.get())); | 234 crypto::ScopedDSA pub_key(EVP_PKEY_get1_DSA(pkey.get())); |
| 239 if (!pub_key.get()) { | 235 if (!pub_key.get()) { |
| 240 LOG(ERROR) << "Could not get DSA public key: " | 236 LOG(ERROR) << "Could not get DSA public key: " |
| 241 << GetOpenSSLErrorString(); | 237 << GetOpenSSLErrorString(); |
| 242 return false; | 238 return false; |
| 243 } | 239 } |
| 244 | 240 |
| 245 const unsigned char* digest = | 241 const unsigned char* digest = |
| 246 reinterpret_cast<const unsigned char*>(message.data()); | 242 reinterpret_cast<const unsigned char*>(message.data()); |
| 247 int digest_len = static_cast<int>(message.size()); | 243 int digest_len = static_cast<int>(message.size()); |
| 248 const unsigned char* sigbuf = | 244 const unsigned char* sigbuf = |
| (...skipping 23 matching lines...) Expand all Loading... |
| 272 return GetPKCS8PrivateKeyJava(PRIVATE_KEY_TYPE_ECDSA, key); | 268 return GetPKCS8PrivateKeyJava(PRIVATE_KEY_TYPE_ECDSA, key); |
| 273 } | 269 } |
| 274 | 270 |
| 275 // Call this function to verify that one message signed with our | 271 // Call this function to verify that one message signed with our |
| 276 // test DSA private key is correct. Since DSA signing introduces | 272 // test DSA private key is correct. Since DSA signing introduces |
| 277 // random elements in the signature, it is not possible to compare | 273 // random elements in the signature, it is not possible to compare |
| 278 // signature bits directly. However, one can use the public key | 274 // signature bits directly. However, one can use the public key |
| 279 // to do the check. | 275 // to do the check. |
| 280 bool VerifyTestECDSASignature(const base::StringPiece& message, | 276 bool VerifyTestECDSASignature(const base::StringPiece& message, |
| 281 const base::StringPiece& signature) { | 277 const base::StringPiece& signature) { |
| 282 ScopedEVP_PKEY pkey(ImportPublicKeyFile(kTestEcdsaPublicKeyFile)); | 278 crypto::ScopedEVP_PKEY pkey(ImportPublicKeyFile(kTestEcdsaPublicKeyFile)); |
| 283 if (!pkey.get()) | 279 if (!pkey.get()) |
| 284 return false; | 280 return false; |
| 285 ScopedEC_KEY pub_key(EVP_PKEY_get1_EC_KEY(pkey.get())); | 281 crypto::ScopedEC_KEY pub_key(EVP_PKEY_get1_EC_KEY(pkey.get())); |
| 286 if (!pub_key.get()) { | 282 if (!pub_key.get()) { |
| 287 LOG(ERROR) << "Could not get ECDSA public key: " | 283 LOG(ERROR) << "Could not get ECDSA public key: " |
| 288 << GetOpenSSLErrorString(); | 284 << GetOpenSSLErrorString(); |
| 289 return false; | 285 return false; |
| 290 } | 286 } |
| 291 | 287 |
| 292 const unsigned char* digest = | 288 const unsigned char* digest = |
| 293 reinterpret_cast<const unsigned char*>(message.data()); | 289 reinterpret_cast<const unsigned char*>(message.data()); |
| 294 int digest_len = static_cast<int>(message.size()); | 290 int digest_len = static_cast<int>(message.size()); |
| 295 const unsigned char* sigbuf = | 291 const unsigned char* sigbuf = |
| (...skipping 20 matching lines...) Expand all Loading... |
| 316 const unsigned char* digest = | 312 const unsigned char* digest = |
| 317 reinterpret_cast<const unsigned char*>(message.data()); | 313 reinterpret_cast<const unsigned char*>(message.data()); |
| 318 unsigned int digest_len = static_cast<unsigned int>(message.size()); | 314 unsigned int digest_len = static_cast<unsigned int>(message.size()); |
| 319 std::string signature; | 315 std::string signature; |
| 320 size_t signature_size; | 316 size_t signature_size; |
| 321 size_t max_signature_size; | 317 size_t max_signature_size; |
| 322 int key_type = EVP_PKEY_id(openssl_key); | 318 int key_type = EVP_PKEY_id(openssl_key); |
| 323 switch (key_type) { | 319 switch (key_type) { |
| 324 case EVP_PKEY_RSA: | 320 case EVP_PKEY_RSA: |
| 325 { | 321 { |
| 326 ScopedRSA rsa(EVP_PKEY_get1_RSA(openssl_key)); | 322 crypto::ScopedRSA rsa(EVP_PKEY_get1_RSA(openssl_key)); |
| 327 if (!rsa.get()) { | 323 if (!rsa.get()) { |
| 328 LOG(ERROR) << "Could not get RSA from EVP_PKEY: " | 324 LOG(ERROR) << "Could not get RSA from EVP_PKEY: " |
| 329 << GetOpenSSLErrorString(); | 325 << GetOpenSSLErrorString(); |
| 330 return false; | 326 return false; |
| 331 } | 327 } |
| 332 // With RSA, the signature will always be RSA_size() bytes. | 328 // With RSA, the signature will always be RSA_size() bytes. |
| 333 max_signature_size = static_cast<size_t>(RSA_size(rsa.get())); | 329 max_signature_size = static_cast<size_t>(RSA_size(rsa.get())); |
| 334 unsigned char* p = OpenSSLWriteInto(&signature, | 330 unsigned char* p = OpenSSLWriteInto(&signature, |
| 335 max_signature_size); | 331 max_signature_size); |
| 336 unsigned int p_len = 0; | 332 unsigned int p_len = 0; |
| 337 int ret = RSA_sign( | 333 int ret = RSA_sign( |
| 338 NID_md5_sha1, digest, digest_len, p, &p_len, rsa.get()); | 334 NID_md5_sha1, digest, digest_len, p, &p_len, rsa.get()); |
| 339 if (ret != 1) { | 335 if (ret != 1) { |
| 340 LOG(ERROR) << "RSA_sign() failed: " << GetOpenSSLErrorString(); | 336 LOG(ERROR) << "RSA_sign() failed: " << GetOpenSSLErrorString(); |
| 341 return false; | 337 return false; |
| 342 } | 338 } |
| 343 signature_size = static_cast<size_t>(p_len); | 339 signature_size = static_cast<size_t>(p_len); |
| 344 break; | 340 break; |
| 345 } | 341 } |
| 346 case EVP_PKEY_DSA: | 342 case EVP_PKEY_DSA: |
| 347 { | 343 { |
| 348 ScopedDSA dsa(EVP_PKEY_get1_DSA(openssl_key)); | 344 crypto::ScopedDSA dsa(EVP_PKEY_get1_DSA(openssl_key)); |
| 349 if (!dsa.get()) { | 345 if (!dsa.get()) { |
| 350 LOG(ERROR) << "Could not get DSA from EVP_PKEY: " | 346 LOG(ERROR) << "Could not get DSA from EVP_PKEY: " |
| 351 << GetOpenSSLErrorString(); | 347 << GetOpenSSLErrorString(); |
| 352 return false; | 348 return false; |
| 353 } | 349 } |
| 354 // Note, the actual signature can be smaller than DSA_size() | 350 // Note, the actual signature can be smaller than DSA_size() |
| 355 max_signature_size = static_cast<size_t>(DSA_size(dsa.get())); | 351 max_signature_size = static_cast<size_t>(DSA_size(dsa.get())); |
| 356 unsigned char* p = OpenSSLWriteInto(&signature, | 352 unsigned char* p = OpenSSLWriteInto(&signature, |
| 357 max_signature_size); | 353 max_signature_size); |
| 358 unsigned int p_len = 0; | 354 unsigned int p_len = 0; |
| 359 // Note: first parameter is ignored by function. | 355 // Note: first parameter is ignored by function. |
| 360 int ret = DSA_sign(0, digest, digest_len, p, &p_len, dsa.get()); | 356 int ret = DSA_sign(0, digest, digest_len, p, &p_len, dsa.get()); |
| 361 if (ret != 1) { | 357 if (ret != 1) { |
| 362 LOG(ERROR) << "DSA_sign() failed: " << GetOpenSSLErrorString(); | 358 LOG(ERROR) << "DSA_sign() failed: " << GetOpenSSLErrorString(); |
| 363 return false; | 359 return false; |
| 364 } | 360 } |
| 365 signature_size = static_cast<size_t>(p_len); | 361 signature_size = static_cast<size_t>(p_len); |
| 366 break; | 362 break; |
| 367 } | 363 } |
| 368 case EVP_PKEY_EC: | 364 case EVP_PKEY_EC: |
| 369 { | 365 { |
| 370 ScopedEC_KEY ecdsa(EVP_PKEY_get1_EC_KEY(openssl_key)); | 366 crypto::ScopedEC_KEY ecdsa(EVP_PKEY_get1_EC_KEY(openssl_key)); |
| 371 if (!ecdsa.get()) { | 367 if (!ecdsa.get()) { |
| 372 LOG(ERROR) << "Could not get EC_KEY from EVP_PKEY: " | 368 LOG(ERROR) << "Could not get EC_KEY from EVP_PKEY: " |
| 373 << GetOpenSSLErrorString(); | 369 << GetOpenSSLErrorString(); |
| 374 return false; | 370 return false; |
| 375 } | 371 } |
| 376 // Note, the actual signature can be smaller than ECDSA_size() | 372 // Note, the actual signature can be smaller than ECDSA_size() |
| 377 max_signature_size = ECDSA_size(ecdsa.get()); | 373 max_signature_size = ECDSA_size(ecdsa.get()); |
| 378 unsigned char* p = OpenSSLWriteInto(&signature, | 374 unsigned char* p = OpenSSLWriteInto(&signature, |
| 379 max_signature_size); | 375 max_signature_size); |
| 380 unsigned int p_len = 0; | 376 unsigned int p_len = 0; |
| (...skipping 106 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 487 wrapper_signature.size()); | 483 wrapper_signature.size()); |
| 488 } | 484 } |
| 489 | 485 |
| 490 } // namespace | 486 } // namespace |
| 491 | 487 |
| 492 TEST(AndroidKeyStore,GetRSAKeyModulus) { | 488 TEST(AndroidKeyStore,GetRSAKeyModulus) { |
| 493 crypto::OpenSSLErrStackTracer err_trace(FROM_HERE); | 489 crypto::OpenSSLErrStackTracer err_trace(FROM_HERE); |
| 494 InitEnv(); | 490 InitEnv(); |
| 495 | 491 |
| 496 // Load the test RSA key. | 492 // Load the test RSA key. |
| 497 ScopedEVP_PKEY pkey(ImportPrivateKeyFile(kTestRsaKeyFile)); | 493 crypto::ScopedEVP_PKEY pkey(ImportPrivateKeyFile(kTestRsaKeyFile)); |
| 498 ASSERT_TRUE(pkey.get()); | 494 ASSERT_TRUE(pkey.get()); |
| 499 | 495 |
| 500 // Convert it to encoded PKCS#8 bytes. | 496 // Convert it to encoded PKCS#8 bytes. |
| 501 std::string pkcs8_data; | 497 std::string pkcs8_data; |
| 502 ASSERT_TRUE(GetPrivateKeyPkcs8Bytes(pkey, &pkcs8_data)); | 498 ASSERT_TRUE(GetPrivateKeyPkcs8Bytes(pkey, &pkcs8_data)); |
| 503 | 499 |
| 504 // Create platform PrivateKey object from it. | 500 // Create platform PrivateKey object from it. |
| 505 ScopedJava key_java = GetPKCS8PrivateKeyJava(PRIVATE_KEY_TYPE_RSA, | 501 ScopedJava key_java = GetPKCS8PrivateKeyJava(PRIVATE_KEY_TYPE_RSA, |
| 506 pkcs8_data); | 502 pkcs8_data); |
| 507 ASSERT_FALSE(key_java.is_null()); | 503 ASSERT_FALSE(key_java.is_null()); |
| 508 | 504 |
| 509 // Retrieve the corresponding modulus through JNI | 505 // Retrieve the corresponding modulus through JNI |
| 510 std::vector<uint8> modulus_java; | 506 std::vector<uint8> modulus_java; |
| 511 ASSERT_TRUE(GetRSAKeyModulus(key_java.obj(), &modulus_java)); | 507 ASSERT_TRUE(GetRSAKeyModulus(key_java.obj(), &modulus_java)); |
| 512 | 508 |
| 513 // Create an OpenSSL BIGNUM from it. | 509 // Create an OpenSSL BIGNUM from it. |
| 514 ScopedBIGNUM bn( | 510 crypto::ScopedBIGNUM bn( |
| 515 BN_bin2bn( | 511 BN_bin2bn( |
| 516 reinterpret_cast<const unsigned char*>(&modulus_java[0]), | 512 reinterpret_cast<const unsigned char*>(&modulus_java[0]), |
| 517 static_cast<int>(modulus_java.size()), | 513 static_cast<int>(modulus_java.size()), |
| 518 NULL)); | 514 NULL)); |
| 519 ASSERT_TRUE(bn.get()); | 515 ASSERT_TRUE(bn.get()); |
| 520 | 516 |
| 521 // Compare it to the one in the RSA key, they must be identical. | 517 // Compare it to the one in the RSA key, they must be identical. |
| 522 ScopedRSA rsa(EVP_PKEY_get1_RSA(pkey.get())); | 518 crypto::ScopedRSA rsa(EVP_PKEY_get1_RSA(pkey.get())); |
| 523 ASSERT_TRUE(rsa.get()) << GetOpenSSLErrorString(); | 519 ASSERT_TRUE(rsa.get()) << GetOpenSSLErrorString(); |
| 524 | 520 |
| 525 ASSERT_EQ(0, BN_cmp(bn.get(), rsa.get()->n)); | 521 ASSERT_EQ(0, BN_cmp(bn.get(), rsa.get()->n)); |
| 526 } | 522 } |
| 527 | 523 |
| 528 TEST(AndroidKeyStore,GetDSAKeyParamQ) { | 524 TEST(AndroidKeyStore,GetDSAKeyParamQ) { |
| 529 crypto::OpenSSLErrStackTracer err_trace(FROM_HERE); | 525 crypto::OpenSSLErrStackTracer err_trace(FROM_HERE); |
| 530 InitEnv(); | 526 InitEnv(); |
| 531 | 527 |
| 532 // Load the test DSA key. | 528 // Load the test DSA key. |
| 533 ScopedEVP_PKEY pkey(ImportPrivateKeyFile(kTestDsaKeyFile)); | 529 crypto::ScopedEVP_PKEY pkey(ImportPrivateKeyFile(kTestDsaKeyFile)); |
| 534 ASSERT_TRUE(pkey.get()); | 530 ASSERT_TRUE(pkey.get()); |
| 535 | 531 |
| 536 // Convert it to encoded PKCS#8 bytes. | 532 // Convert it to encoded PKCS#8 bytes. |
| 537 std::string pkcs8_data; | 533 std::string pkcs8_data; |
| 538 ASSERT_TRUE(GetPrivateKeyPkcs8Bytes(pkey, &pkcs8_data)); | 534 ASSERT_TRUE(GetPrivateKeyPkcs8Bytes(pkey, &pkcs8_data)); |
| 539 | 535 |
| 540 // Create platform PrivateKey object from it. | 536 // Create platform PrivateKey object from it. |
| 541 ScopedJava key_java = GetPKCS8PrivateKeyJava(PRIVATE_KEY_TYPE_DSA, | 537 ScopedJava key_java = GetPKCS8PrivateKeyJava(PRIVATE_KEY_TYPE_DSA, |
| 542 pkcs8_data); | 538 pkcs8_data); |
| 543 ASSERT_FALSE(key_java.is_null()); | 539 ASSERT_FALSE(key_java.is_null()); |
| 544 | 540 |
| 545 // Retrieve the corresponding Q parameter through JNI | 541 // Retrieve the corresponding Q parameter through JNI |
| 546 std::vector<uint8> q_java; | 542 std::vector<uint8> q_java; |
| 547 ASSERT_TRUE(GetDSAKeyParamQ(key_java.obj(), &q_java)); | 543 ASSERT_TRUE(GetDSAKeyParamQ(key_java.obj(), &q_java)); |
| 548 | 544 |
| 549 // Create an OpenSSL BIGNUM from it. | 545 // Create an OpenSSL BIGNUM from it. |
| 550 ScopedBIGNUM bn( | 546 crypto::ScopedBIGNUM bn( |
| 551 BN_bin2bn( | 547 BN_bin2bn( |
| 552 reinterpret_cast<const unsigned char*>(&q_java[0]), | 548 reinterpret_cast<const unsigned char*>(&q_java[0]), |
| 553 static_cast<int>(q_java.size()), | 549 static_cast<int>(q_java.size()), |
| 554 NULL)); | 550 NULL)); |
| 555 ASSERT_TRUE(bn.get()); | 551 ASSERT_TRUE(bn.get()); |
| 556 | 552 |
| 557 // Compare it to the one in the RSA key, they must be identical. | 553 // Compare it to the one in the RSA key, they must be identical. |
| 558 ScopedDSA dsa(EVP_PKEY_get1_DSA(pkey.get())); | 554 crypto::ScopedDSA dsa(EVP_PKEY_get1_DSA(pkey.get())); |
| 559 ASSERT_TRUE(dsa.get()) << GetOpenSSLErrorString(); | 555 ASSERT_TRUE(dsa.get()) << GetOpenSSLErrorString(); |
| 560 | 556 |
| 561 ASSERT_EQ(0, BN_cmp(bn.get(), dsa.get()->q)); | 557 ASSERT_EQ(0, BN_cmp(bn.get(), dsa.get()->q)); |
| 562 } | 558 } |
| 563 | 559 |
| 564 TEST(AndroidKeyStore,GetPrivateKeyTypeRSA) { | 560 TEST(AndroidKeyStore,GetPrivateKeyTypeRSA) { |
| 565 crypto::OpenSSLErrStackTracer err_trace(FROM_HERE); | 561 crypto::OpenSSLErrStackTracer err_trace(FROM_HERE); |
| 566 | 562 |
| 567 ScopedJava rsa_key = GetRSATestKeyJava(); | 563 ScopedJava rsa_key = GetRSATestKeyJava(); |
| 568 ASSERT_FALSE(rsa_key.is_null()); | 564 ASSERT_FALSE(rsa_key.is_null()); |
| 569 EXPECT_EQ(PRIVATE_KEY_TYPE_RSA, | 565 EXPECT_EQ(PRIVATE_KEY_TYPE_RSA, |
| 570 GetPrivateKeyType(rsa_key.obj())); | 566 GetPrivateKeyType(rsa_key.obj())); |
| 571 } | 567 } |
| 572 | 568 |
| 573 TEST(AndroidKeyStore,SignWithPrivateKeyRSA) { | 569 TEST(AndroidKeyStore,SignWithPrivateKeyRSA) { |
| 574 ScopedJava rsa_key = GetRSATestKeyJava(); | 570 ScopedJava rsa_key = GetRSATestKeyJava(); |
| 575 ASSERT_FALSE(rsa_key.is_null()); | 571 ASSERT_FALSE(rsa_key.is_null()); |
| 576 | 572 |
| 577 if (IsOnAndroidOlderThan_4_2()) { | 573 if (IsOnAndroidOlderThan_4_2()) { |
| 578 LOG(INFO) << "This test can't run on Android < 4.2"; | 574 LOG(INFO) << "This test can't run on Android < 4.2"; |
| 579 return; | 575 return; |
| 580 } | 576 } |
| 581 | 577 |
| 582 ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestRsaKeyFile)); | 578 crypto::ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestRsaKeyFile)); |
| 583 ASSERT_TRUE(openssl_key.get()); | 579 ASSERT_TRUE(openssl_key.get()); |
| 584 | 580 |
| 585 std::string message = kTestRsaHash; | 581 std::string message = kTestRsaHash; |
| 586 ASSERT_EQ(36U, message.size()); | 582 ASSERT_EQ(36U, message.size()); |
| 587 | 583 |
| 588 std::string signature; | 584 std::string signature; |
| 589 DoKeySigning(rsa_key.obj(), openssl_key.get(), message, &signature); | 585 DoKeySigning(rsa_key.obj(), openssl_key.get(), message, &signature); |
| 590 ASSERT_TRUE( | 586 ASSERT_TRUE( |
| 591 CompareSignatureWithOpenSSL(message, signature, openssl_key.get())); | 587 CompareSignatureWithOpenSSL(message, signature, openssl_key.get())); |
| 592 // All good. | 588 // All good. |
| 593 } | 589 } |
| 594 | 590 |
| 595 TEST(AndroidKeyStore,SignWithWrapperKeyRSA) { | 591 TEST(AndroidKeyStore,SignWithWrapperKeyRSA) { |
| 596 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); | 592 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| 597 | 593 |
| 598 ScopedJava rsa_key = GetRSATestKeyJava(); | 594 ScopedJava rsa_key = GetRSATestKeyJava(); |
| 599 ASSERT_FALSE(rsa_key.is_null()); | 595 ASSERT_FALSE(rsa_key.is_null()); |
| 600 | 596 |
| 601 ScopedEVP_PKEY wrapper_key(GetOpenSSLPrivateKeyWrapper(rsa_key.obj())); | 597 crypto::ScopedEVP_PKEY wrapper_key( |
| 598 GetOpenSSLPrivateKeyWrapper(rsa_key.obj())); |
| 602 ASSERT_TRUE(wrapper_key.get() != NULL); | 599 ASSERT_TRUE(wrapper_key.get() != NULL); |
| 603 | 600 |
| 604 ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestRsaKeyFile)); | 601 crypto::ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestRsaKeyFile)); |
| 605 ASSERT_TRUE(openssl_key.get()); | 602 ASSERT_TRUE(openssl_key.get()); |
| 606 | 603 |
| 607 // Check that RSA_size() works properly on the wrapper key. | 604 // Check that RSA_size() works properly on the wrapper key. |
| 608 EXPECT_EQ(EVP_PKEY_size(openssl_key.get()), | 605 EXPECT_EQ(EVP_PKEY_size(openssl_key.get()), |
| 609 EVP_PKEY_size(wrapper_key.get())); | 606 EVP_PKEY_size(wrapper_key.get())); |
| 610 | 607 |
| 611 // Message size must be 36 for RSA_sign(NID_md5_sha1,...) to return | 608 // Message size must be 36 for RSA_sign(NID_md5_sha1,...) to return |
| 612 // without an error. | 609 // without an error. |
| 613 std::string message = kTestRsaHash; | 610 std::string message = kTestRsaHash; |
| 614 ASSERT_EQ(36U, message.size()); | 611 ASSERT_EQ(36U, message.size()); |
| (...skipping 13 matching lines...) Expand all Loading... |
| 628 ScopedJava dsa_key = GetDSATestKeyJava(); | 625 ScopedJava dsa_key = GetDSATestKeyJava(); |
| 629 ASSERT_FALSE(dsa_key.is_null()); | 626 ASSERT_FALSE(dsa_key.is_null()); |
| 630 EXPECT_EQ(PRIVATE_KEY_TYPE_DSA, | 627 EXPECT_EQ(PRIVATE_KEY_TYPE_DSA, |
| 631 GetPrivateKeyType(dsa_key.obj())); | 628 GetPrivateKeyType(dsa_key.obj())); |
| 632 } | 629 } |
| 633 | 630 |
| 634 TEST(AndroidKeyStore,SignWithPrivateKeyDSA) { | 631 TEST(AndroidKeyStore,SignWithPrivateKeyDSA) { |
| 635 ScopedJava dsa_key = GetDSATestKeyJava(); | 632 ScopedJava dsa_key = GetDSATestKeyJava(); |
| 636 ASSERT_FALSE(dsa_key.is_null()); | 633 ASSERT_FALSE(dsa_key.is_null()); |
| 637 | 634 |
| 638 ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestDsaKeyFile)); | 635 crypto::ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestDsaKeyFile)); |
| 639 ASSERT_TRUE(openssl_key.get()); | 636 ASSERT_TRUE(openssl_key.get()); |
| 640 | 637 |
| 641 std::string message = kTestDsaHash; | 638 std::string message = kTestDsaHash; |
| 642 ASSERT_EQ(20U, message.size()); | 639 ASSERT_EQ(20U, message.size()); |
| 643 | 640 |
| 644 std::string signature; | 641 std::string signature; |
| 645 DoKeySigning(dsa_key.obj(), openssl_key.get(), message, &signature); | 642 DoKeySigning(dsa_key.obj(), openssl_key.get(), message, &signature); |
| 646 ASSERT_TRUE(VerifyTestDSASignature(message, signature)); | 643 ASSERT_TRUE(VerifyTestDSASignature(message, signature)); |
| 647 } | 644 } |
| 648 | 645 |
| 649 TEST(AndroidKeyStore,SignWithWrapperKeyDSA) { | 646 TEST(AndroidKeyStore,SignWithWrapperKeyDSA) { |
| 650 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); | 647 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| 651 | 648 |
| 652 ScopedJava dsa_key = GetDSATestKeyJava(); | 649 ScopedJava dsa_key = GetDSATestKeyJava(); |
| 653 ASSERT_FALSE(dsa_key.is_null()); | 650 ASSERT_FALSE(dsa_key.is_null()); |
| 654 | 651 |
| 655 ScopedEVP_PKEY wrapper_key( | 652 crypto::ScopedEVP_PKEY wrapper_key( |
| 656 GetOpenSSLPrivateKeyWrapper(dsa_key.obj())); | 653 GetOpenSSLPrivateKeyWrapper(dsa_key.obj())); |
| 657 ASSERT_TRUE(wrapper_key.get()); | 654 ASSERT_TRUE(wrapper_key.get()); |
| 658 | 655 |
| 659 ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestDsaKeyFile)); | 656 crypto::ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestDsaKeyFile)); |
| 660 ASSERT_TRUE(openssl_key.get()); | 657 ASSERT_TRUE(openssl_key.get()); |
| 661 | 658 |
| 662 // Check that DSA_size() works correctly on the wrapper. | 659 // Check that DSA_size() works correctly on the wrapper. |
| 663 EXPECT_EQ(EVP_PKEY_size(openssl_key.get()), | 660 EXPECT_EQ(EVP_PKEY_size(openssl_key.get()), |
| 664 EVP_PKEY_size(wrapper_key.get())); | 661 EVP_PKEY_size(wrapper_key.get())); |
| 665 | 662 |
| 666 std::string message = kTestDsaHash; | 663 std::string message = kTestDsaHash; |
| 667 std::string signature; | 664 std::string signature; |
| 668 DoKeySigningWithWrapper(wrapper_key.get(), | 665 DoKeySigningWithWrapper(wrapper_key.get(), |
| 669 openssl_key.get(), | 666 openssl_key.get(), |
| 670 message, | 667 message, |
| 671 &signature); | 668 &signature); |
| 672 ASSERT_TRUE(VerifyTestDSASignature(message, signature)); | 669 ASSERT_TRUE(VerifyTestDSASignature(message, signature)); |
| 673 } | 670 } |
| 674 | 671 |
| 675 TEST(AndroidKeyStore,GetPrivateKeyTypeECDSA) { | 672 TEST(AndroidKeyStore,GetPrivateKeyTypeECDSA) { |
| 676 crypto::OpenSSLErrStackTracer err_trace(FROM_HERE); | 673 crypto::OpenSSLErrStackTracer err_trace(FROM_HERE); |
| 677 | 674 |
| 678 ScopedJava ecdsa_key = GetECDSATestKeyJava(); | 675 ScopedJava ecdsa_key = GetECDSATestKeyJava(); |
| 679 ASSERT_FALSE(ecdsa_key.is_null()); | 676 ASSERT_FALSE(ecdsa_key.is_null()); |
| 680 EXPECT_EQ(PRIVATE_KEY_TYPE_ECDSA, | 677 EXPECT_EQ(PRIVATE_KEY_TYPE_ECDSA, |
| 681 GetPrivateKeyType(ecdsa_key.obj())); | 678 GetPrivateKeyType(ecdsa_key.obj())); |
| 682 } | 679 } |
| 683 | 680 |
| 684 TEST(AndroidKeyStore,SignWithPrivateKeyECDSA) { | 681 TEST(AndroidKeyStore,SignWithPrivateKeyECDSA) { |
| 685 ScopedJava ecdsa_key = GetECDSATestKeyJava(); | 682 ScopedJava ecdsa_key = GetECDSATestKeyJava(); |
| 686 ASSERT_FALSE(ecdsa_key.is_null()); | 683 ASSERT_FALSE(ecdsa_key.is_null()); |
| 687 | 684 |
| 688 ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestEcdsaKeyFile)); | 685 crypto::ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestEcdsaKeyFile)); |
| 689 ASSERT_TRUE(openssl_key.get()); | 686 ASSERT_TRUE(openssl_key.get()); |
| 690 | 687 |
| 691 std::string message = kTestEcdsaHash; | 688 std::string message = kTestEcdsaHash; |
| 692 std::string signature; | 689 std::string signature; |
| 693 DoKeySigning(ecdsa_key.obj(), openssl_key.get(), message, &signature); | 690 DoKeySigning(ecdsa_key.obj(), openssl_key.get(), message, &signature); |
| 694 ASSERT_TRUE(VerifyTestECDSASignature(message, signature)); | 691 ASSERT_TRUE(VerifyTestECDSASignature(message, signature)); |
| 695 } | 692 } |
| 696 | 693 |
| 697 TEST(AndroidKeyStore, SignWithWrapperKeyECDSA) { | 694 TEST(AndroidKeyStore, SignWithWrapperKeyECDSA) { |
| 698 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); | 695 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| 699 | 696 |
| 700 ScopedJava ecdsa_key = GetECDSATestKeyJava(); | 697 ScopedJava ecdsa_key = GetECDSATestKeyJava(); |
| 701 ASSERT_FALSE(ecdsa_key.is_null()); | 698 ASSERT_FALSE(ecdsa_key.is_null()); |
| 702 | 699 |
| 703 ScopedEVP_PKEY wrapper_key( | 700 crypto::ScopedEVP_PKEY wrapper_key( |
| 704 GetOpenSSLPrivateKeyWrapper(ecdsa_key.obj())); | 701 GetOpenSSLPrivateKeyWrapper(ecdsa_key.obj())); |
| 705 ASSERT_TRUE(wrapper_key.get()); | 702 ASSERT_TRUE(wrapper_key.get()); |
| 706 | 703 |
| 707 ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestEcdsaKeyFile)); | 704 crypto::ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestEcdsaKeyFile)); |
| 708 ASSERT_TRUE(openssl_key.get()); | 705 ASSERT_TRUE(openssl_key.get()); |
| 709 | 706 |
| 710 // Check that ECDSA size works correctly on the wrapper. | 707 // Check that ECDSA size works correctly on the wrapper. |
| 711 EXPECT_EQ(EVP_PKEY_size(openssl_key.get()), | 708 EXPECT_EQ(EVP_PKEY_size(openssl_key.get()), |
| 712 EVP_PKEY_size(wrapper_key.get())); | 709 EVP_PKEY_size(wrapper_key.get())); |
| 713 | 710 |
| 714 std::string message = kTestEcdsaHash; | 711 std::string message = kTestEcdsaHash; |
| 715 std::string signature; | 712 std::string signature; |
| 716 DoKeySigningWithWrapper(wrapper_key.get(), | 713 DoKeySigningWithWrapper(wrapper_key.get(), |
| 717 openssl_key.get(), | 714 openssl_key.get(), |
| 718 message, | 715 message, |
| 719 &signature); | 716 &signature); |
| 720 ASSERT_TRUE(VerifyTestECDSASignature(message, signature)); | 717 ASSERT_TRUE(VerifyTestECDSASignature(message, signature)); |
| 721 } | 718 } |
| 722 | 719 |
| 723 } // namespace android | 720 } // namespace android |
| 724 } // namespace net | 721 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 361193003:
Eliminate ScopedOpenSSL in favour of scoped_ptr<> specializations. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src