OLD | NEW |
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <openssl/bn.h> | 5 #include <openssl/bn.h> |
6 #include <openssl/dsa.h> | 6 #include <openssl/dsa.h> |
7 #include <openssl/ecdsa.h> | 7 #include <openssl/ecdsa.h> |
8 #include <openssl/err.h> | 8 #include <openssl/err.h> |
9 #include <openssl/evp.h> | 9 #include <openssl/evp.h> |
10 #include <openssl/pem.h> | 10 #include <openssl/pem.h> |
11 #include <openssl/rsa.h> | 11 #include <openssl/rsa.h> |
12 #include <openssl/x509.h> | 12 #include <openssl/x509.h> |
13 | 13 |
14 #include "base/android/build_info.h" | 14 #include "base/android/build_info.h" |
15 #include "base/android/jni_android.h" | 15 #include "base/android/jni_android.h" |
16 #include "base/android/jni_array.h" | 16 #include "base/android/jni_array.h" |
17 #include "base/android/scoped_java_ref.h" | 17 #include "base/android/scoped_java_ref.h" |
18 #include "base/basictypes.h" | 18 #include "base/basictypes.h" |
19 #include "base/bind.h" | 19 #include "base/bind.h" |
20 #include "base/callback.h" | 20 #include "base/callback.h" |
21 #include "base/compiler_specific.h" | 21 #include "base/compiler_specific.h" |
22 #include "base/file_util.h" | 22 #include "base/file_util.h" |
23 #include "base/files/file_path.h" | 23 #include "base/files/file_path.h" |
24 #include "base/files/scoped_file.h" | 24 #include "base/files/scoped_file.h" |
25 #include "base/strings/string_number_conversions.h" | 25 #include "base/strings/string_number_conversions.h" |
26 #include "base/strings/string_util.h" | 26 #include "base/strings/string_util.h" |
27 #include "crypto/openssl_util.h" | 27 #include "crypto/openssl_util.h" |
| 28 #include "crypto/scoped_openssl_types.h" |
28 #include "jni/AndroidKeyStoreTestUtil_jni.h" | 29 #include "jni/AndroidKeyStoreTestUtil_jni.h" |
29 #include "net/android/keystore.h" | 30 #include "net/android/keystore.h" |
30 #include "net/android/keystore_openssl.h" | 31 #include "net/android/keystore_openssl.h" |
31 #include "net/base/test_data_directory.h" | 32 #include "net/base/test_data_directory.h" |
32 #include "testing/gtest/include/gtest/gtest.h" | 33 #include "testing/gtest/include/gtest/gtest.h" |
33 | 34 |
34 // Technical note: | 35 // Technical note: |
35 // | 36 // |
36 // This source file not only checks that signing with | 37 // This source file not only checks that signing with |
37 // RawSignDigestWithPrivateKey() works correctly, it also verifies that | 38 // RawSignDigestWithPrivateKey() works correctly, it also verifies that |
(...skipping 11 matching lines...) Expand all Loading... |
49 // For more details, read the comments in AndroidKeyStore.java. | 50 // For more details, read the comments in AndroidKeyStore.java. |
50 // | 51 // |
51 // Finally, it also checks that using the EVP_PKEY generated with | 52 // Finally, it also checks that using the EVP_PKEY generated with |
52 // GetOpenSSLPrivateKeyWrapper() works correctly. | 53 // GetOpenSSLPrivateKeyWrapper() works correctly. |
53 | 54 |
54 namespace net { | 55 namespace net { |
55 namespace android { | 56 namespace android { |
56 | 57 |
57 namespace { | 58 namespace { |
58 | 59 |
59 typedef crypto::ScopedOpenSSL<EVP_PKEY, EVP_PKEY_free> ScopedEVP_PKEY; | 60 typedef crypto::ScopedOpenSSL<PKCS8_PRIV_KEY_INFO, |
60 typedef crypto::ScopedOpenSSL<RSA, RSA_free> ScopedRSA; | 61 PKCS8_PRIV_KEY_INFO_free>::Type |
61 typedef crypto::ScopedOpenSSL<DSA, DSA_free> ScopedDSA; | 62 ScopedPKCS8_PRIV_KEY_INFO; |
62 typedef crypto::ScopedOpenSSL<EC_KEY, EC_KEY_free> ScopedEC_KEY; | |
63 typedef crypto::ScopedOpenSSL<BIGNUM, BN_free> ScopedBIGNUM; | |
64 | |
65 typedef crypto::ScopedOpenSSL< | |
66 PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_free> | |
67 ScopedPKCS8_PRIV_KEY_INFO; | |
68 | 63 |
69 typedef base::android::ScopedJavaLocalRef<jobject> ScopedJava; | 64 typedef base::android::ScopedJavaLocalRef<jobject> ScopedJava; |
70 | 65 |
71 JNIEnv* InitEnv() { | 66 JNIEnv* InitEnv() { |
72 JNIEnv* env = base::android::AttachCurrentThread(); | 67 JNIEnv* env = base::android::AttachCurrentThread(); |
73 static bool inited = false; | 68 static bool inited = false; |
74 if (!inited) { | 69 if (!inited) { |
75 RegisterNativesImpl(env); | 70 RegisterNativesImpl(env); |
76 inited = true; | 71 inited = true; |
77 } | 72 } |
(...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
129 << ", " << GetOpenSSLErrorString(); | 124 << ", " << GetOpenSSLErrorString(); |
130 return NULL; | 125 return NULL; |
131 } | 126 } |
132 return pkey; | 127 return pkey; |
133 } | 128 } |
134 | 129 |
135 // Convert a private key into its PKCS#8 encoded representation. | 130 // Convert a private key into its PKCS#8 encoded representation. |
136 // |pkey| is the EVP_PKEY handle for the private key. | 131 // |pkey| is the EVP_PKEY handle for the private key. |
137 // |pkcs8| will receive the PKCS#8 bytes. | 132 // |pkcs8| will receive the PKCS#8 bytes. |
138 // Returns true on success, false otherwise. | 133 // Returns true on success, false otherwise. |
139 bool GetPrivateKeyPkcs8Bytes(const ScopedEVP_PKEY& pkey, | 134 bool GetPrivateKeyPkcs8Bytes(const crypto::ScopedEVP_PKEY& pkey, |
140 std::string* pkcs8) { | 135 std::string* pkcs8) { |
141 // Convert to PKCS#8 object. | 136 // Convert to PKCS#8 object. |
142 ScopedPKCS8_PRIV_KEY_INFO p8_info(EVP_PKEY2PKCS8(pkey.get())); | 137 ScopedPKCS8_PRIV_KEY_INFO p8_info(EVP_PKEY2PKCS8(pkey.get())); |
143 if (!p8_info.get()) { | 138 if (!p8_info.get()) { |
144 LOG(ERROR) << "Can't get PKCS#8 private key from EVP_PKEY: " | 139 LOG(ERROR) << "Can't get PKCS#8 private key from EVP_PKEY: " |
145 << GetOpenSSLErrorString(); | 140 << GetOpenSSLErrorString(); |
146 return false; | 141 return false; |
147 } | 142 } |
148 | 143 |
149 // Then convert it | 144 // Then convert it |
150 int len = i2d_PKCS8_PRIV_KEY_INFO(p8_info.get(), NULL); | 145 int len = i2d_PKCS8_PRIV_KEY_INFO(p8_info.get(), NULL); |
151 unsigned char* p = OpenSSLWriteInto(pkcs8, static_cast<size_t>(len)); | 146 unsigned char* p = OpenSSLWriteInto(pkcs8, static_cast<size_t>(len)); |
152 i2d_PKCS8_PRIV_KEY_INFO(p8_info.get(), &p); | 147 i2d_PKCS8_PRIV_KEY_INFO(p8_info.get(), &p); |
153 return true; | 148 return true; |
154 } | 149 } |
155 | 150 |
156 bool ImportPrivateKeyFileAsPkcs8(const char* filename, | 151 bool ImportPrivateKeyFileAsPkcs8(const char* filename, |
157 std::string* pkcs8) { | 152 std::string* pkcs8) { |
158 ScopedEVP_PKEY pkey(ImportPrivateKeyFile(filename)); | 153 crypto::ScopedEVP_PKEY pkey(ImportPrivateKeyFile(filename)); |
159 if (!pkey.get()) | 154 if (!pkey.get()) |
160 return false; | 155 return false; |
161 return GetPrivateKeyPkcs8Bytes(pkey, pkcs8); | 156 return GetPrivateKeyPkcs8Bytes(pkey, pkcs8); |
162 } | 157 } |
163 | 158 |
164 // Same as ImportPrivateKey, but for public ones. | 159 // Same as ImportPrivateKey, but for public ones. |
165 EVP_PKEY* ImportPublicKeyFile(const char* filename) { | 160 EVP_PKEY* ImportPublicKeyFile(const char* filename) { |
166 // Load file as PEM data. | 161 // Load file as PEM data. |
167 base::FilePath certs_dir = GetTestCertsDirectory(); | 162 base::FilePath certs_dir = GetTestCertsDirectory(); |
168 base::FilePath file_path = certs_dir.AppendASCII(filename); | 163 base::FilePath file_path = certs_dir.AppendASCII(filename); |
(...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
224 return GetPKCS8PrivateKeyJava(PRIVATE_KEY_TYPE_DSA, key); | 219 return GetPKCS8PrivateKeyJava(PRIVATE_KEY_TYPE_DSA, key); |
225 } | 220 } |
226 | 221 |
227 // Call this function to verify that one message signed with our | 222 // Call this function to verify that one message signed with our |
228 // test DSA private key is correct. Since DSA signing introduces | 223 // test DSA private key is correct. Since DSA signing introduces |
229 // random elements in the signature, it is not possible to compare | 224 // random elements in the signature, it is not possible to compare |
230 // signature bits directly. However, one can use the public key | 225 // signature bits directly. However, one can use the public key |
231 // to do the check. | 226 // to do the check. |
232 bool VerifyTestDSASignature(const base::StringPiece& message, | 227 bool VerifyTestDSASignature(const base::StringPiece& message, |
233 const base::StringPiece& signature) { | 228 const base::StringPiece& signature) { |
234 ScopedEVP_PKEY pkey(ImportPublicKeyFile(kTestDsaPublicKeyFile)); | 229 crypto::ScopedEVP_PKEY pkey(ImportPublicKeyFile(kTestDsaPublicKeyFile)); |
235 if (!pkey.get()) | 230 if (!pkey.get()) |
236 return false; | 231 return false; |
237 | 232 |
238 ScopedDSA pub_key(EVP_PKEY_get1_DSA(pkey.get())); | 233 crypto::ScopedDSA pub_key(EVP_PKEY_get1_DSA(pkey.get())); |
239 if (!pub_key.get()) { | 234 if (!pub_key.get()) { |
240 LOG(ERROR) << "Could not get DSA public key: " | 235 LOG(ERROR) << "Could not get DSA public key: " |
241 << GetOpenSSLErrorString(); | 236 << GetOpenSSLErrorString(); |
242 return false; | 237 return false; |
243 } | 238 } |
244 | 239 |
245 const unsigned char* digest = | 240 const unsigned char* digest = |
246 reinterpret_cast<const unsigned char*>(message.data()); | 241 reinterpret_cast<const unsigned char*>(message.data()); |
247 int digest_len = static_cast<int>(message.size()); | 242 int digest_len = static_cast<int>(message.size()); |
248 const unsigned char* sigbuf = | 243 const unsigned char* sigbuf = |
(...skipping 23 matching lines...) Expand all Loading... |
272 return GetPKCS8PrivateKeyJava(PRIVATE_KEY_TYPE_ECDSA, key); | 267 return GetPKCS8PrivateKeyJava(PRIVATE_KEY_TYPE_ECDSA, key); |
273 } | 268 } |
274 | 269 |
275 // Call this function to verify that one message signed with our | 270 // Call this function to verify that one message signed with our |
276 // test DSA private key is correct. Since DSA signing introduces | 271 // test DSA private key is correct. Since DSA signing introduces |
277 // random elements in the signature, it is not possible to compare | 272 // random elements in the signature, it is not possible to compare |
278 // signature bits directly. However, one can use the public key | 273 // signature bits directly. However, one can use the public key |
279 // to do the check. | 274 // to do the check. |
280 bool VerifyTestECDSASignature(const base::StringPiece& message, | 275 bool VerifyTestECDSASignature(const base::StringPiece& message, |
281 const base::StringPiece& signature) { | 276 const base::StringPiece& signature) { |
282 ScopedEVP_PKEY pkey(ImportPublicKeyFile(kTestEcdsaPublicKeyFile)); | 277 crypto::ScopedEVP_PKEY pkey(ImportPublicKeyFile(kTestEcdsaPublicKeyFile)); |
283 if (!pkey.get()) | 278 if (!pkey.get()) |
284 return false; | 279 return false; |
285 ScopedEC_KEY pub_key(EVP_PKEY_get1_EC_KEY(pkey.get())); | 280 crypto::ScopedEC_KEY pub_key(EVP_PKEY_get1_EC_KEY(pkey.get())); |
286 if (!pub_key.get()) { | 281 if (!pub_key.get()) { |
287 LOG(ERROR) << "Could not get ECDSA public key: " | 282 LOG(ERROR) << "Could not get ECDSA public key: " |
288 << GetOpenSSLErrorString(); | 283 << GetOpenSSLErrorString(); |
289 return false; | 284 return false; |
290 } | 285 } |
291 | 286 |
292 const unsigned char* digest = | 287 const unsigned char* digest = |
293 reinterpret_cast<const unsigned char*>(message.data()); | 288 reinterpret_cast<const unsigned char*>(message.data()); |
294 int digest_len = static_cast<int>(message.size()); | 289 int digest_len = static_cast<int>(message.size()); |
295 const unsigned char* sigbuf = | 290 const unsigned char* sigbuf = |
(...skipping 20 matching lines...) Expand all Loading... |
316 const unsigned char* digest = | 311 const unsigned char* digest = |
317 reinterpret_cast<const unsigned char*>(message.data()); | 312 reinterpret_cast<const unsigned char*>(message.data()); |
318 unsigned int digest_len = static_cast<unsigned int>(message.size()); | 313 unsigned int digest_len = static_cast<unsigned int>(message.size()); |
319 std::string signature; | 314 std::string signature; |
320 size_t signature_size; | 315 size_t signature_size; |
321 size_t max_signature_size; | 316 size_t max_signature_size; |
322 int key_type = EVP_PKEY_id(openssl_key); | 317 int key_type = EVP_PKEY_id(openssl_key); |
323 switch (key_type) { | 318 switch (key_type) { |
324 case EVP_PKEY_RSA: | 319 case EVP_PKEY_RSA: |
325 { | 320 { |
326 ScopedRSA rsa(EVP_PKEY_get1_RSA(openssl_key)); | 321 crypto::ScopedRSA rsa(EVP_PKEY_get1_RSA(openssl_key)); |
327 if (!rsa.get()) { | 322 if (!rsa.get()) { |
328 LOG(ERROR) << "Could not get RSA from EVP_PKEY: " | 323 LOG(ERROR) << "Could not get RSA from EVP_PKEY: " |
329 << GetOpenSSLErrorString(); | 324 << GetOpenSSLErrorString(); |
330 return false; | 325 return false; |
331 } | 326 } |
332 // With RSA, the signature will always be RSA_size() bytes. | 327 // With RSA, the signature will always be RSA_size() bytes. |
333 max_signature_size = static_cast<size_t>(RSA_size(rsa.get())); | 328 max_signature_size = static_cast<size_t>(RSA_size(rsa.get())); |
334 unsigned char* p = OpenSSLWriteInto(&signature, | 329 unsigned char* p = OpenSSLWriteInto(&signature, |
335 max_signature_size); | 330 max_signature_size); |
336 unsigned int p_len = 0; | 331 unsigned int p_len = 0; |
337 int ret = RSA_sign( | 332 int ret = RSA_sign( |
338 NID_md5_sha1, digest, digest_len, p, &p_len, rsa.get()); | 333 NID_md5_sha1, digest, digest_len, p, &p_len, rsa.get()); |
339 if (ret != 1) { | 334 if (ret != 1) { |
340 LOG(ERROR) << "RSA_sign() failed: " << GetOpenSSLErrorString(); | 335 LOG(ERROR) << "RSA_sign() failed: " << GetOpenSSLErrorString(); |
341 return false; | 336 return false; |
342 } | 337 } |
343 signature_size = static_cast<size_t>(p_len); | 338 signature_size = static_cast<size_t>(p_len); |
344 break; | 339 break; |
345 } | 340 } |
346 case EVP_PKEY_DSA: | 341 case EVP_PKEY_DSA: |
347 { | 342 { |
348 ScopedDSA dsa(EVP_PKEY_get1_DSA(openssl_key)); | 343 crypto::ScopedDSA dsa(EVP_PKEY_get1_DSA(openssl_key)); |
349 if (!dsa.get()) { | 344 if (!dsa.get()) { |
350 LOG(ERROR) << "Could not get DSA from EVP_PKEY: " | 345 LOG(ERROR) << "Could not get DSA from EVP_PKEY: " |
351 << GetOpenSSLErrorString(); | 346 << GetOpenSSLErrorString(); |
352 return false; | 347 return false; |
353 } | 348 } |
354 // Note, the actual signature can be smaller than DSA_size() | 349 // Note, the actual signature can be smaller than DSA_size() |
355 max_signature_size = static_cast<size_t>(DSA_size(dsa.get())); | 350 max_signature_size = static_cast<size_t>(DSA_size(dsa.get())); |
356 unsigned char* p = OpenSSLWriteInto(&signature, | 351 unsigned char* p = OpenSSLWriteInto(&signature, |
357 max_signature_size); | 352 max_signature_size); |
358 unsigned int p_len = 0; | 353 unsigned int p_len = 0; |
359 // Note: first parameter is ignored by function. | 354 // Note: first parameter is ignored by function. |
360 int ret = DSA_sign(0, digest, digest_len, p, &p_len, dsa.get()); | 355 int ret = DSA_sign(0, digest, digest_len, p, &p_len, dsa.get()); |
361 if (ret != 1) { | 356 if (ret != 1) { |
362 LOG(ERROR) << "DSA_sign() failed: " << GetOpenSSLErrorString(); | 357 LOG(ERROR) << "DSA_sign() failed: " << GetOpenSSLErrorString(); |
363 return false; | 358 return false; |
364 } | 359 } |
365 signature_size = static_cast<size_t>(p_len); | 360 signature_size = static_cast<size_t>(p_len); |
366 break; | 361 break; |
367 } | 362 } |
368 case EVP_PKEY_EC: | 363 case EVP_PKEY_EC: |
369 { | 364 { |
370 ScopedEC_KEY ecdsa(EVP_PKEY_get1_EC_KEY(openssl_key)); | 365 crypto::ScopedEC_KEY ecdsa(EVP_PKEY_get1_EC_KEY(openssl_key)); |
371 if (!ecdsa.get()) { | 366 if (!ecdsa.get()) { |
372 LOG(ERROR) << "Could not get EC_KEY from EVP_PKEY: " | 367 LOG(ERROR) << "Could not get EC_KEY from EVP_PKEY: " |
373 << GetOpenSSLErrorString(); | 368 << GetOpenSSLErrorString(); |
374 return false; | 369 return false; |
375 } | 370 } |
376 // Note, the actual signature can be smaller than ECDSA_size() | 371 // Note, the actual signature can be smaller than ECDSA_size() |
377 max_signature_size = ECDSA_size(ecdsa.get()); | 372 max_signature_size = ECDSA_size(ecdsa.get()); |
378 unsigned char* p = OpenSSLWriteInto(&signature, | 373 unsigned char* p = OpenSSLWriteInto(&signature, |
379 max_signature_size); | 374 max_signature_size); |
380 unsigned int p_len = 0; | 375 unsigned int p_len = 0; |
(...skipping 106 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
487 wrapper_signature.size()); | 482 wrapper_signature.size()); |
488 } | 483 } |
489 | 484 |
490 } // namespace | 485 } // namespace |
491 | 486 |
492 TEST(AndroidKeyStore,GetRSAKeyModulus) { | 487 TEST(AndroidKeyStore,GetRSAKeyModulus) { |
493 crypto::OpenSSLErrStackTracer err_trace(FROM_HERE); | 488 crypto::OpenSSLErrStackTracer err_trace(FROM_HERE); |
494 InitEnv(); | 489 InitEnv(); |
495 | 490 |
496 // Load the test RSA key. | 491 // Load the test RSA key. |
497 ScopedEVP_PKEY pkey(ImportPrivateKeyFile(kTestRsaKeyFile)); | 492 crypto::ScopedEVP_PKEY pkey(ImportPrivateKeyFile(kTestRsaKeyFile)); |
498 ASSERT_TRUE(pkey.get()); | 493 ASSERT_TRUE(pkey.get()); |
499 | 494 |
500 // Convert it to encoded PKCS#8 bytes. | 495 // Convert it to encoded PKCS#8 bytes. |
501 std::string pkcs8_data; | 496 std::string pkcs8_data; |
502 ASSERT_TRUE(GetPrivateKeyPkcs8Bytes(pkey, &pkcs8_data)); | 497 ASSERT_TRUE(GetPrivateKeyPkcs8Bytes(pkey, &pkcs8_data)); |
503 | 498 |
504 // Create platform PrivateKey object from it. | 499 // Create platform PrivateKey object from it. |
505 ScopedJava key_java = GetPKCS8PrivateKeyJava(PRIVATE_KEY_TYPE_RSA, | 500 ScopedJava key_java = GetPKCS8PrivateKeyJava(PRIVATE_KEY_TYPE_RSA, |
506 pkcs8_data); | 501 pkcs8_data); |
507 ASSERT_FALSE(key_java.is_null()); | 502 ASSERT_FALSE(key_java.is_null()); |
508 | 503 |
509 // Retrieve the corresponding modulus through JNI | 504 // Retrieve the corresponding modulus through JNI |
510 std::vector<uint8> modulus_java; | 505 std::vector<uint8> modulus_java; |
511 ASSERT_TRUE(GetRSAKeyModulus(key_java.obj(), &modulus_java)); | 506 ASSERT_TRUE(GetRSAKeyModulus(key_java.obj(), &modulus_java)); |
512 | 507 |
513 // Create an OpenSSL BIGNUM from it. | 508 // Create an OpenSSL BIGNUM from it. |
514 ScopedBIGNUM bn( | 509 crypto::ScopedBIGNUM bn( |
515 BN_bin2bn( | 510 BN_bin2bn(reinterpret_cast<const unsigned char*>(&modulus_java[0]), |
516 reinterpret_cast<const unsigned char*>(&modulus_java[0]), | 511 static_cast<int>(modulus_java.size()), |
517 static_cast<int>(modulus_java.size()), | 512 NULL)); |
518 NULL)); | |
519 ASSERT_TRUE(bn.get()); | 513 ASSERT_TRUE(bn.get()); |
520 | 514 |
521 // Compare it to the one in the RSA key, they must be identical. | 515 // Compare it to the one in the RSA key, they must be identical. |
522 ScopedRSA rsa(EVP_PKEY_get1_RSA(pkey.get())); | 516 crypto::ScopedRSA rsa(EVP_PKEY_get1_RSA(pkey.get())); |
523 ASSERT_TRUE(rsa.get()) << GetOpenSSLErrorString(); | 517 ASSERT_TRUE(rsa.get()) << GetOpenSSLErrorString(); |
524 | 518 |
525 ASSERT_EQ(0, BN_cmp(bn.get(), rsa.get()->n)); | 519 ASSERT_EQ(0, BN_cmp(bn.get(), rsa.get()->n)); |
526 } | 520 } |
527 | 521 |
528 TEST(AndroidKeyStore,GetDSAKeyParamQ) { | 522 TEST(AndroidKeyStore,GetDSAKeyParamQ) { |
529 crypto::OpenSSLErrStackTracer err_trace(FROM_HERE); | 523 crypto::OpenSSLErrStackTracer err_trace(FROM_HERE); |
530 InitEnv(); | 524 InitEnv(); |
531 | 525 |
532 // Load the test DSA key. | 526 // Load the test DSA key. |
533 ScopedEVP_PKEY pkey(ImportPrivateKeyFile(kTestDsaKeyFile)); | 527 crypto::ScopedEVP_PKEY pkey(ImportPrivateKeyFile(kTestDsaKeyFile)); |
534 ASSERT_TRUE(pkey.get()); | 528 ASSERT_TRUE(pkey.get()); |
535 | 529 |
536 // Convert it to encoded PKCS#8 bytes. | 530 // Convert it to encoded PKCS#8 bytes. |
537 std::string pkcs8_data; | 531 std::string pkcs8_data; |
538 ASSERT_TRUE(GetPrivateKeyPkcs8Bytes(pkey, &pkcs8_data)); | 532 ASSERT_TRUE(GetPrivateKeyPkcs8Bytes(pkey, &pkcs8_data)); |
539 | 533 |
540 // Create platform PrivateKey object from it. | 534 // Create platform PrivateKey object from it. |
541 ScopedJava key_java = GetPKCS8PrivateKeyJava(PRIVATE_KEY_TYPE_DSA, | 535 ScopedJava key_java = GetPKCS8PrivateKeyJava(PRIVATE_KEY_TYPE_DSA, |
542 pkcs8_data); | 536 pkcs8_data); |
543 ASSERT_FALSE(key_java.is_null()); | 537 ASSERT_FALSE(key_java.is_null()); |
544 | 538 |
545 // Retrieve the corresponding Q parameter through JNI | 539 // Retrieve the corresponding Q parameter through JNI |
546 std::vector<uint8> q_java; | 540 std::vector<uint8> q_java; |
547 ASSERT_TRUE(GetDSAKeyParamQ(key_java.obj(), &q_java)); | 541 ASSERT_TRUE(GetDSAKeyParamQ(key_java.obj(), &q_java)); |
548 | 542 |
549 // Create an OpenSSL BIGNUM from it. | 543 // Create an OpenSSL BIGNUM from it. |
550 ScopedBIGNUM bn( | 544 crypto::ScopedBIGNUM bn( |
551 BN_bin2bn( | 545 BN_bin2bn(reinterpret_cast<const unsigned char*>(&q_java[0]), |
552 reinterpret_cast<const unsigned char*>(&q_java[0]), | 546 static_cast<int>(q_java.size()), |
553 static_cast<int>(q_java.size()), | 547 NULL)); |
554 NULL)); | |
555 ASSERT_TRUE(bn.get()); | 548 ASSERT_TRUE(bn.get()); |
556 | 549 |
557 // Compare it to the one in the RSA key, they must be identical. | 550 // Compare it to the one in the RSA key, they must be identical. |
558 ScopedDSA dsa(EVP_PKEY_get1_DSA(pkey.get())); | 551 crypto::ScopedDSA dsa(EVP_PKEY_get1_DSA(pkey.get())); |
559 ASSERT_TRUE(dsa.get()) << GetOpenSSLErrorString(); | 552 ASSERT_TRUE(dsa.get()) << GetOpenSSLErrorString(); |
560 | 553 |
561 ASSERT_EQ(0, BN_cmp(bn.get(), dsa.get()->q)); | 554 ASSERT_EQ(0, BN_cmp(bn.get(), dsa.get()->q)); |
562 } | 555 } |
563 | 556 |
564 TEST(AndroidKeyStore,GetPrivateKeyTypeRSA) { | 557 TEST(AndroidKeyStore,GetPrivateKeyTypeRSA) { |
565 crypto::OpenSSLErrStackTracer err_trace(FROM_HERE); | 558 crypto::OpenSSLErrStackTracer err_trace(FROM_HERE); |
566 | 559 |
567 ScopedJava rsa_key = GetRSATestKeyJava(); | 560 ScopedJava rsa_key = GetRSATestKeyJava(); |
568 ASSERT_FALSE(rsa_key.is_null()); | 561 ASSERT_FALSE(rsa_key.is_null()); |
569 EXPECT_EQ(PRIVATE_KEY_TYPE_RSA, | 562 EXPECT_EQ(PRIVATE_KEY_TYPE_RSA, |
570 GetPrivateKeyType(rsa_key.obj())); | 563 GetPrivateKeyType(rsa_key.obj())); |
571 } | 564 } |
572 | 565 |
573 TEST(AndroidKeyStore,SignWithPrivateKeyRSA) { | 566 TEST(AndroidKeyStore,SignWithPrivateKeyRSA) { |
574 ScopedJava rsa_key = GetRSATestKeyJava(); | 567 ScopedJava rsa_key = GetRSATestKeyJava(); |
575 ASSERT_FALSE(rsa_key.is_null()); | 568 ASSERT_FALSE(rsa_key.is_null()); |
576 | 569 |
577 if (IsOnAndroidOlderThan_4_2()) { | 570 if (IsOnAndroidOlderThan_4_2()) { |
578 LOG(INFO) << "This test can't run on Android < 4.2"; | 571 LOG(INFO) << "This test can't run on Android < 4.2"; |
579 return; | 572 return; |
580 } | 573 } |
581 | 574 |
582 ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestRsaKeyFile)); | 575 crypto::ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestRsaKeyFile)); |
583 ASSERT_TRUE(openssl_key.get()); | 576 ASSERT_TRUE(openssl_key.get()); |
584 | 577 |
585 std::string message = kTestRsaHash; | 578 std::string message = kTestRsaHash; |
586 ASSERT_EQ(36U, message.size()); | 579 ASSERT_EQ(36U, message.size()); |
587 | 580 |
588 std::string signature; | 581 std::string signature; |
589 DoKeySigning(rsa_key.obj(), openssl_key.get(), message, &signature); | 582 DoKeySigning(rsa_key.obj(), openssl_key.get(), message, &signature); |
590 ASSERT_TRUE( | 583 ASSERT_TRUE( |
591 CompareSignatureWithOpenSSL(message, signature, openssl_key.get())); | 584 CompareSignatureWithOpenSSL(message, signature, openssl_key.get())); |
592 // All good. | 585 // All good. |
593 } | 586 } |
594 | 587 |
595 TEST(AndroidKeyStore,SignWithWrapperKeyRSA) { | 588 TEST(AndroidKeyStore,SignWithWrapperKeyRSA) { |
596 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); | 589 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
597 | 590 |
598 ScopedJava rsa_key = GetRSATestKeyJava(); | 591 ScopedJava rsa_key = GetRSATestKeyJava(); |
599 ASSERT_FALSE(rsa_key.is_null()); | 592 ASSERT_FALSE(rsa_key.is_null()); |
600 | 593 |
601 ScopedEVP_PKEY wrapper_key(GetOpenSSLPrivateKeyWrapper(rsa_key.obj())); | 594 crypto::ScopedEVP_PKEY wrapper_key( |
| 595 GetOpenSSLPrivateKeyWrapper(rsa_key.obj())); |
602 ASSERT_TRUE(wrapper_key.get() != NULL); | 596 ASSERT_TRUE(wrapper_key.get() != NULL); |
603 | 597 |
604 ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestRsaKeyFile)); | 598 crypto::ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestRsaKeyFile)); |
605 ASSERT_TRUE(openssl_key.get()); | 599 ASSERT_TRUE(openssl_key.get()); |
606 | 600 |
607 // Check that RSA_size() works properly on the wrapper key. | 601 // Check that RSA_size() works properly on the wrapper key. |
608 EXPECT_EQ(EVP_PKEY_size(openssl_key.get()), | 602 EXPECT_EQ(EVP_PKEY_size(openssl_key.get()), |
609 EVP_PKEY_size(wrapper_key.get())); | 603 EVP_PKEY_size(wrapper_key.get())); |
610 | 604 |
611 // Message size must be 36 for RSA_sign(NID_md5_sha1,...) to return | 605 // Message size must be 36 for RSA_sign(NID_md5_sha1,...) to return |
612 // without an error. | 606 // without an error. |
613 std::string message = kTestRsaHash; | 607 std::string message = kTestRsaHash; |
614 ASSERT_EQ(36U, message.size()); | 608 ASSERT_EQ(36U, message.size()); |
(...skipping 13 matching lines...) Expand all Loading... |
628 ScopedJava dsa_key = GetDSATestKeyJava(); | 622 ScopedJava dsa_key = GetDSATestKeyJava(); |
629 ASSERT_FALSE(dsa_key.is_null()); | 623 ASSERT_FALSE(dsa_key.is_null()); |
630 EXPECT_EQ(PRIVATE_KEY_TYPE_DSA, | 624 EXPECT_EQ(PRIVATE_KEY_TYPE_DSA, |
631 GetPrivateKeyType(dsa_key.obj())); | 625 GetPrivateKeyType(dsa_key.obj())); |
632 } | 626 } |
633 | 627 |
634 TEST(AndroidKeyStore,SignWithPrivateKeyDSA) { | 628 TEST(AndroidKeyStore,SignWithPrivateKeyDSA) { |
635 ScopedJava dsa_key = GetDSATestKeyJava(); | 629 ScopedJava dsa_key = GetDSATestKeyJava(); |
636 ASSERT_FALSE(dsa_key.is_null()); | 630 ASSERT_FALSE(dsa_key.is_null()); |
637 | 631 |
638 ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestDsaKeyFile)); | 632 crypto::ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestDsaKeyFile)); |
639 ASSERT_TRUE(openssl_key.get()); | 633 ASSERT_TRUE(openssl_key.get()); |
640 | 634 |
641 std::string message = kTestDsaHash; | 635 std::string message = kTestDsaHash; |
642 ASSERT_EQ(20U, message.size()); | 636 ASSERT_EQ(20U, message.size()); |
643 | 637 |
644 std::string signature; | 638 std::string signature; |
645 DoKeySigning(dsa_key.obj(), openssl_key.get(), message, &signature); | 639 DoKeySigning(dsa_key.obj(), openssl_key.get(), message, &signature); |
646 ASSERT_TRUE(VerifyTestDSASignature(message, signature)); | 640 ASSERT_TRUE(VerifyTestDSASignature(message, signature)); |
647 } | 641 } |
648 | 642 |
649 TEST(AndroidKeyStore,SignWithWrapperKeyDSA) { | 643 TEST(AndroidKeyStore,SignWithWrapperKeyDSA) { |
650 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); | 644 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
651 | 645 |
652 ScopedJava dsa_key = GetDSATestKeyJava(); | 646 ScopedJava dsa_key = GetDSATestKeyJava(); |
653 ASSERT_FALSE(dsa_key.is_null()); | 647 ASSERT_FALSE(dsa_key.is_null()); |
654 | 648 |
655 ScopedEVP_PKEY wrapper_key( | 649 crypto::ScopedEVP_PKEY wrapper_key( |
656 GetOpenSSLPrivateKeyWrapper(dsa_key.obj())); | 650 GetOpenSSLPrivateKeyWrapper(dsa_key.obj())); |
657 ASSERT_TRUE(wrapper_key.get()); | 651 ASSERT_TRUE(wrapper_key.get()); |
658 | 652 |
659 ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestDsaKeyFile)); | 653 crypto::ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestDsaKeyFile)); |
660 ASSERT_TRUE(openssl_key.get()); | 654 ASSERT_TRUE(openssl_key.get()); |
661 | 655 |
662 // Check that DSA_size() works correctly on the wrapper. | 656 // Check that DSA_size() works correctly on the wrapper. |
663 EXPECT_EQ(EVP_PKEY_size(openssl_key.get()), | 657 EXPECT_EQ(EVP_PKEY_size(openssl_key.get()), |
664 EVP_PKEY_size(wrapper_key.get())); | 658 EVP_PKEY_size(wrapper_key.get())); |
665 | 659 |
666 std::string message = kTestDsaHash; | 660 std::string message = kTestDsaHash; |
667 std::string signature; | 661 std::string signature; |
668 DoKeySigningWithWrapper(wrapper_key.get(), | 662 DoKeySigningWithWrapper(wrapper_key.get(), |
669 openssl_key.get(), | 663 openssl_key.get(), |
670 message, | 664 message, |
671 &signature); | 665 &signature); |
672 ASSERT_TRUE(VerifyTestDSASignature(message, signature)); | 666 ASSERT_TRUE(VerifyTestDSASignature(message, signature)); |
673 } | 667 } |
674 | 668 |
675 TEST(AndroidKeyStore,GetPrivateKeyTypeECDSA) { | 669 TEST(AndroidKeyStore,GetPrivateKeyTypeECDSA) { |
676 crypto::OpenSSLErrStackTracer err_trace(FROM_HERE); | 670 crypto::OpenSSLErrStackTracer err_trace(FROM_HERE); |
677 | 671 |
678 ScopedJava ecdsa_key = GetECDSATestKeyJava(); | 672 ScopedJava ecdsa_key = GetECDSATestKeyJava(); |
679 ASSERT_FALSE(ecdsa_key.is_null()); | 673 ASSERT_FALSE(ecdsa_key.is_null()); |
680 EXPECT_EQ(PRIVATE_KEY_TYPE_ECDSA, | 674 EXPECT_EQ(PRIVATE_KEY_TYPE_ECDSA, |
681 GetPrivateKeyType(ecdsa_key.obj())); | 675 GetPrivateKeyType(ecdsa_key.obj())); |
682 } | 676 } |
683 | 677 |
684 TEST(AndroidKeyStore,SignWithPrivateKeyECDSA) { | 678 TEST(AndroidKeyStore,SignWithPrivateKeyECDSA) { |
685 ScopedJava ecdsa_key = GetECDSATestKeyJava(); | 679 ScopedJava ecdsa_key = GetECDSATestKeyJava(); |
686 ASSERT_FALSE(ecdsa_key.is_null()); | 680 ASSERT_FALSE(ecdsa_key.is_null()); |
687 | 681 |
688 ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestEcdsaKeyFile)); | 682 crypto::ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestEcdsaKeyFile)); |
689 ASSERT_TRUE(openssl_key.get()); | 683 ASSERT_TRUE(openssl_key.get()); |
690 | 684 |
691 std::string message = kTestEcdsaHash; | 685 std::string message = kTestEcdsaHash; |
692 std::string signature; | 686 std::string signature; |
693 DoKeySigning(ecdsa_key.obj(), openssl_key.get(), message, &signature); | 687 DoKeySigning(ecdsa_key.obj(), openssl_key.get(), message, &signature); |
694 ASSERT_TRUE(VerifyTestECDSASignature(message, signature)); | 688 ASSERT_TRUE(VerifyTestECDSASignature(message, signature)); |
695 } | 689 } |
696 | 690 |
697 TEST(AndroidKeyStore, SignWithWrapperKeyECDSA) { | 691 TEST(AndroidKeyStore, SignWithWrapperKeyECDSA) { |
698 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); | 692 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
699 | 693 |
700 ScopedJava ecdsa_key = GetECDSATestKeyJava(); | 694 ScopedJava ecdsa_key = GetECDSATestKeyJava(); |
701 ASSERT_FALSE(ecdsa_key.is_null()); | 695 ASSERT_FALSE(ecdsa_key.is_null()); |
702 | 696 |
703 ScopedEVP_PKEY wrapper_key( | 697 crypto::ScopedEVP_PKEY wrapper_key( |
704 GetOpenSSLPrivateKeyWrapper(ecdsa_key.obj())); | 698 GetOpenSSLPrivateKeyWrapper(ecdsa_key.obj())); |
705 ASSERT_TRUE(wrapper_key.get()); | 699 ASSERT_TRUE(wrapper_key.get()); |
706 | 700 |
707 ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestEcdsaKeyFile)); | 701 crypto::ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestEcdsaKeyFile)); |
708 ASSERT_TRUE(openssl_key.get()); | 702 ASSERT_TRUE(openssl_key.get()); |
709 | 703 |
710 // Check that ECDSA size works correctly on the wrapper. | 704 // Check that ECDSA size works correctly on the wrapper. |
711 EXPECT_EQ(EVP_PKEY_size(openssl_key.get()), | 705 EXPECT_EQ(EVP_PKEY_size(openssl_key.get()), |
712 EVP_PKEY_size(wrapper_key.get())); | 706 EVP_PKEY_size(wrapper_key.get())); |
713 | 707 |
714 std::string message = kTestEcdsaHash; | 708 std::string message = kTestEcdsaHash; |
715 std::string signature; | 709 std::string signature; |
716 DoKeySigningWithWrapper(wrapper_key.get(), | 710 DoKeySigningWithWrapper(wrapper_key.get(), |
717 openssl_key.get(), | 711 openssl_key.get(), |
718 message, | 712 message, |
719 &signature); | 713 &signature); |
720 ASSERT_TRUE(VerifyTestECDSASignature(message, signature)); | 714 ASSERT_TRUE(VerifyTestECDSASignature(message, signature)); |
721 } | 715 } |
722 | 716 |
723 } // namespace android | 717 } // namespace android |
724 } // namespace net | 718 } // namespace net |
OLD | NEW |