| OLD | NEW |
|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <openssl/bn.h> | 5 #include <openssl/bn.h> |
| 6 #include <openssl/dsa.h> | 6 #include <openssl/dsa.h> |
| 7 #include <openssl/ecdsa.h> | 7 #include <openssl/ecdsa.h> |
| 8 #include <openssl/err.h> | 8 #include <openssl/err.h> |
| 9 #include <openssl/evp.h> | 9 #include <openssl/evp.h> |
| 10 #include <openssl/pem.h> | 10 #include <openssl/pem.h> |
| 11 #include <openssl/rsa.h> | 11 #include <openssl/rsa.h> |
| 12 #include <openssl/x509.h> | 12 #include <openssl/x509.h> |
| 13 | 13 |
| 14 #include "base/android/build_info.h" | 14 #include "base/android/build_info.h" |
| 15 #include "base/android/jni_android.h" | 15 #include "base/android/jni_android.h" |
| 16 #include "base/android/jni_array.h" | 16 #include "base/android/jni_array.h" |
| 17 #include "base/android/scoped_java_ref.h" | 17 #include "base/android/scoped_java_ref.h" |
| 18 #include "base/basictypes.h" | 18 #include "base/basictypes.h" |
| 19 #include "base/bind.h" | 19 #include "base/bind.h" |
| 20 #include "base/callback.h" | 20 #include "base/callback.h" |
| 21 #include "base/compiler_specific.h" | 21 #include "base/compiler_specific.h" |
| 22 #include "base/file_util.h" | 22 #include "base/file_util.h" |
| 23 #include "base/files/file_path.h" | 23 #include "base/files/file_path.h" |
| 24 #include "base/files/scoped_file.h" | 24 #include "base/files/scoped_file.h" |
| 25 #include "base/strings/string_number_conversions.h" | 25 #include "base/strings/string_number_conversions.h" |
| 26 #include "base/strings/string_util.h" | 26 #include "base/strings/string_util.h" |
| 27 #include "crypto/openssl_util.h" | 27 #include "crypto/openssl_util.h" |
| 28 #include "crypto/scoped_openssl_types.h" |
| 28 #include "jni/AndroidKeyStoreTestUtil_jni.h" | 29 #include "jni/AndroidKeyStoreTestUtil_jni.h" |
| 29 #include "net/android/keystore.h" | 30 #include "net/android/keystore.h" |
| 30 #include "net/android/keystore_openssl.h" | 31 #include "net/android/keystore_openssl.h" |
| 31 #include "net/base/test_data_directory.h" | 32 #include "net/base/test_data_directory.h" |
| 32 #include "testing/gtest/include/gtest/gtest.h" | 33 #include "testing/gtest/include/gtest/gtest.h" |
| 33 | 34 |
| 34 // Technical note: | 35 // Technical note: |
| 35 // | 36 // |
| 36 // This source file not only checks that signing with | 37 // This source file not only checks that signing with |
| 37 // RawSignDigestWithPrivateKey() works correctly, it also verifies that | 38 // RawSignDigestWithPrivateKey() works correctly, it also verifies that |
| (...skipping 11 matching lines...) Expand all Loading... |
| 49 // For more details, read the comments in AndroidKeyStore.java. | 50 // For more details, read the comments in AndroidKeyStore.java. |
| 50 // | 51 // |
| 51 // Finally, it also checks that using the EVP_PKEY generated with | 52 // Finally, it also checks that using the EVP_PKEY generated with |
| 52 // GetOpenSSLPrivateKeyWrapper() works correctly. | 53 // GetOpenSSLPrivateKeyWrapper() works correctly. |
| 53 | 54 |
| 54 namespace net { | 55 namespace net { |
| 55 namespace android { | 56 namespace android { |
| 56 | 57 |
| 57 namespace { | 58 namespace { |
| 58 | 59 |
| 59 typedef crypto::ScopedOpenSSL<EVP_PKEY, EVP_PKEY_free> ScopedEVP_PKEY; | 60 typedef crypto::ScopedOpenSSL<PKCS8_PRIV_KEY_INFO, |
| 60 typedef crypto::ScopedOpenSSL<RSA, RSA_free> ScopedRSA; | 61 PKCS8_PRIV_KEY_INFO_free>::Type |
| 61 typedef crypto::ScopedOpenSSL<DSA, DSA_free> ScopedDSA; | 62 ScopedPKCS8_PRIV_KEY_INFO; |
| 62 typedef crypto::ScopedOpenSSL<EC_KEY, EC_KEY_free> ScopedEC_KEY; | |
| 63 typedef crypto::ScopedOpenSSL<BIGNUM, BN_free> ScopedBIGNUM; | |
| 64 | |
| 65 typedef crypto::ScopedOpenSSL< | |
| 66 PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_free> | |
| 67 ScopedPKCS8_PRIV_KEY_INFO; | |
| 68 | 63 |
| 69 typedef base::android::ScopedJavaLocalRef<jobject> ScopedJava; | 64 typedef base::android::ScopedJavaLocalRef<jobject> ScopedJava; |
| 70 | 65 |
| 71 JNIEnv* InitEnv() { | 66 JNIEnv* InitEnv() { |
| 72 JNIEnv* env = base::android::AttachCurrentThread(); | 67 JNIEnv* env = base::android::AttachCurrentThread(); |
| 73 static bool inited = false; | 68 static bool inited = false; |
| 74 if (!inited) { | 69 if (!inited) { |
| 75 RegisterNativesImpl(env); | 70 RegisterNativesImpl(env); |
| 76 inited = true; | 71 inited = true; |
| 77 } | 72 } |
| (...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 129 << ", " << GetOpenSSLErrorString(); | 124 << ", " << GetOpenSSLErrorString(); |
| 130 return NULL; | 125 return NULL; |
| 131 } | 126 } |
| 132 return pkey; | 127 return pkey; |
| 133 } | 128 } |
| 134 | 129 |
| 135 // Convert a private key into its PKCS#8 encoded representation. | 130 // Convert a private key into its PKCS#8 encoded representation. |
| 136 // |pkey| is the EVP_PKEY handle for the private key. | 131 // |pkey| is the EVP_PKEY handle for the private key. |
| 137 // |pkcs8| will receive the PKCS#8 bytes. | 132 // |pkcs8| will receive the PKCS#8 bytes. |
| 138 // Returns true on success, false otherwise. | 133 // Returns true on success, false otherwise. |
| 139 bool GetPrivateKeyPkcs8Bytes(const ScopedEVP_PKEY& pkey, | 134 bool GetPrivateKeyPkcs8Bytes(const crypto::ScopedEVP_PKEY& pkey, |
| 140 std::string* pkcs8) { | 135 std::string* pkcs8) { |
| 141 // Convert to PKCS#8 object. | 136 // Convert to PKCS#8 object. |
| 142 ScopedPKCS8_PRIV_KEY_INFO p8_info(EVP_PKEY2PKCS8(pkey.get())); | 137 ScopedPKCS8_PRIV_KEY_INFO p8_info(EVP_PKEY2PKCS8(pkey.get())); |
| 143 if (!p8_info.get()) { | 138 if (!p8_info.get()) { |
| 144 LOG(ERROR) << "Can't get PKCS#8 private key from EVP_PKEY: " | 139 LOG(ERROR) << "Can't get PKCS#8 private key from EVP_PKEY: " |
| 145 << GetOpenSSLErrorString(); | 140 << GetOpenSSLErrorString(); |
| 146 return false; | 141 return false; |
| 147 } | 142 } |
| 148 | 143 |
| 149 // Then convert it | 144 // Then convert it |
| 150 int len = i2d_PKCS8_PRIV_KEY_INFO(p8_info.get(), NULL); | 145 int len = i2d_PKCS8_PRIV_KEY_INFO(p8_info.get(), NULL); |
| 151 unsigned char* p = OpenSSLWriteInto(pkcs8, static_cast<size_t>(len)); | 146 unsigned char* p = OpenSSLWriteInto(pkcs8, static_cast<size_t>(len)); |
| 152 i2d_PKCS8_PRIV_KEY_INFO(p8_info.get(), &p); | 147 i2d_PKCS8_PRIV_KEY_INFO(p8_info.get(), &p); |
| 153 return true; | 148 return true; |
| 154 } | 149 } |
| 155 | 150 |
| 156 bool ImportPrivateKeyFileAsPkcs8(const char* filename, | 151 bool ImportPrivateKeyFileAsPkcs8(const char* filename, |
| 157 std::string* pkcs8) { | 152 std::string* pkcs8) { |
| 158 ScopedEVP_PKEY pkey(ImportPrivateKeyFile(filename)); | 153 crypto::ScopedEVP_PKEY pkey(ImportPrivateKeyFile(filename)); |
| 159 if (!pkey.get()) | 154 if (!pkey.get()) |
| 160 return false; | 155 return false; |
| 161 return GetPrivateKeyPkcs8Bytes(pkey, pkcs8); | 156 return GetPrivateKeyPkcs8Bytes(pkey, pkcs8); |
| 162 } | 157 } |
| 163 | 158 |
| 164 // Same as ImportPrivateKey, but for public ones. | 159 // Same as ImportPrivateKey, but for public ones. |
| 165 EVP_PKEY* ImportPublicKeyFile(const char* filename) { | 160 EVP_PKEY* ImportPublicKeyFile(const char* filename) { |
| 166 // Load file as PEM data. | 161 // Load file as PEM data. |
| 167 base::FilePath certs_dir = GetTestCertsDirectory(); | 162 base::FilePath certs_dir = GetTestCertsDirectory(); |
| 168 base::FilePath file_path = certs_dir.AppendASCII(filename); | 163 base::FilePath file_path = certs_dir.AppendASCII(filename); |
| (...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 224 return GetPKCS8PrivateKeyJava(PRIVATE_KEY_TYPE_DSA, key); | 219 return GetPKCS8PrivateKeyJava(PRIVATE_KEY_TYPE_DSA, key); |
| 225 } | 220 } |
| 226 | 221 |
| 227 // Call this function to verify that one message signed with our | 222 // Call this function to verify that one message signed with our |
| 228 // test DSA private key is correct. Since DSA signing introduces | 223 // test DSA private key is correct. Since DSA signing introduces |
| 229 // random elements in the signature, it is not possible to compare | 224 // random elements in the signature, it is not possible to compare |
| 230 // signature bits directly. However, one can use the public key | 225 // signature bits directly. However, one can use the public key |
| 231 // to do the check. | 226 // to do the check. |
| 232 bool VerifyTestDSASignature(const base::StringPiece& message, | 227 bool VerifyTestDSASignature(const base::StringPiece& message, |
| 233 const base::StringPiece& signature) { | 228 const base::StringPiece& signature) { |
| 234 ScopedEVP_PKEY pkey(ImportPublicKeyFile(kTestDsaPublicKeyFile)); | 229 crypto::ScopedEVP_PKEY pkey(ImportPublicKeyFile(kTestDsaPublicKeyFile)); |
| 235 if (!pkey.get()) | 230 if (!pkey.get()) |
| 236 return false; | 231 return false; |
| 237 | 232 |
| 238 ScopedDSA pub_key(EVP_PKEY_get1_DSA(pkey.get())); | 233 crypto::ScopedDSA pub_key(EVP_PKEY_get1_DSA(pkey.get())); |
| 239 if (!pub_key.get()) { | 234 if (!pub_key.get()) { |
| 240 LOG(ERROR) << "Could not get DSA public key: " | 235 LOG(ERROR) << "Could not get DSA public key: " |
| 241 << GetOpenSSLErrorString(); | 236 << GetOpenSSLErrorString(); |
| 242 return false; | 237 return false; |
| 243 } | 238 } |
| 244 | 239 |
| 245 const unsigned char* digest = | 240 const unsigned char* digest = |
| 246 reinterpret_cast<const unsigned char*>(message.data()); | 241 reinterpret_cast<const unsigned char*>(message.data()); |
| 247 int digest_len = static_cast<int>(message.size()); | 242 int digest_len = static_cast<int>(message.size()); |
| 248 const unsigned char* sigbuf = | 243 const unsigned char* sigbuf = |
| (...skipping 23 matching lines...) Expand all Loading... |
| 272 return GetPKCS8PrivateKeyJava(PRIVATE_KEY_TYPE_ECDSA, key); | 267 return GetPKCS8PrivateKeyJava(PRIVATE_KEY_TYPE_ECDSA, key); |
| 273 } | 268 } |
| 274 | 269 |
| 275 // Call this function to verify that one message signed with our | 270 // Call this function to verify that one message signed with our |
| 276 // test DSA private key is correct. Since DSA signing introduces | 271 // test DSA private key is correct. Since DSA signing introduces |
| 277 // random elements in the signature, it is not possible to compare | 272 // random elements in the signature, it is not possible to compare |
| 278 // signature bits directly. However, one can use the public key | 273 // signature bits directly. However, one can use the public key |
| 279 // to do the check. | 274 // to do the check. |
| 280 bool VerifyTestECDSASignature(const base::StringPiece& message, | 275 bool VerifyTestECDSASignature(const base::StringPiece& message, |
| 281 const base::StringPiece& signature) { | 276 const base::StringPiece& signature) { |
| 282 ScopedEVP_PKEY pkey(ImportPublicKeyFile(kTestEcdsaPublicKeyFile)); | 277 crypto::ScopedEVP_PKEY pkey(ImportPublicKeyFile(kTestEcdsaPublicKeyFile)); |
| 283 if (!pkey.get()) | 278 if (!pkey.get()) |
| 284 return false; | 279 return false; |
| 285 ScopedEC_KEY pub_key(EVP_PKEY_get1_EC_KEY(pkey.get())); | 280 crypto::ScopedEC_KEY pub_key(EVP_PKEY_get1_EC_KEY(pkey.get())); |
| 286 if (!pub_key.get()) { | 281 if (!pub_key.get()) { |
| 287 LOG(ERROR) << "Could not get ECDSA public key: " | 282 LOG(ERROR) << "Could not get ECDSA public key: " |
| 288 << GetOpenSSLErrorString(); | 283 << GetOpenSSLErrorString(); |
| 289 return false; | 284 return false; |
| 290 } | 285 } |
| 291 | 286 |
| 292 const unsigned char* digest = | 287 const unsigned char* digest = |
| 293 reinterpret_cast<const unsigned char*>(message.data()); | 288 reinterpret_cast<const unsigned char*>(message.data()); |
| 294 int digest_len = static_cast<int>(message.size()); | 289 int digest_len = static_cast<int>(message.size()); |
| 295 const unsigned char* sigbuf = | 290 const unsigned char* sigbuf = |
| (...skipping 20 matching lines...) Expand all Loading... |
| 316 const unsigned char* digest = | 311 const unsigned char* digest = |
| 317 reinterpret_cast<const unsigned char*>(message.data()); | 312 reinterpret_cast<const unsigned char*>(message.data()); |
| 318 unsigned int digest_len = static_cast<unsigned int>(message.size()); | 313 unsigned int digest_len = static_cast<unsigned int>(message.size()); |
| 319 std::string signature; | 314 std::string signature; |
| 320 size_t signature_size; | 315 size_t signature_size; |
| 321 size_t max_signature_size; | 316 size_t max_signature_size; |
| 322 int key_type = EVP_PKEY_id(openssl_key); | 317 int key_type = EVP_PKEY_id(openssl_key); |
| 323 switch (key_type) { | 318 switch (key_type) { |
| 324 case EVP_PKEY_RSA: | 319 case EVP_PKEY_RSA: |
| 325 { | 320 { |
| 326 ScopedRSA rsa(EVP_PKEY_get1_RSA(openssl_key)); | 321 crypto::ScopedRSA rsa(EVP_PKEY_get1_RSA(openssl_key)); |
| 327 if (!rsa.get()) { | 322 if (!rsa.get()) { |
| 328 LOG(ERROR) << "Could not get RSA from EVP_PKEY: " | 323 LOG(ERROR) << "Could not get RSA from EVP_PKEY: " |
| 329 << GetOpenSSLErrorString(); | 324 << GetOpenSSLErrorString(); |
| 330 return false; | 325 return false; |
| 331 } | 326 } |
| 332 // With RSA, the signature will always be RSA_size() bytes. | 327 // With RSA, the signature will always be RSA_size() bytes. |
| 333 max_signature_size = static_cast<size_t>(RSA_size(rsa.get())); | 328 max_signature_size = static_cast<size_t>(RSA_size(rsa.get())); |
| 334 unsigned char* p = OpenSSLWriteInto(&signature, | 329 unsigned char* p = OpenSSLWriteInto(&signature, |
| 335 max_signature_size); | 330 max_signature_size); |
| 336 unsigned int p_len = 0; | 331 unsigned int p_len = 0; |
| 337 int ret = RSA_sign( | 332 int ret = RSA_sign( |
| 338 NID_md5_sha1, digest, digest_len, p, &p_len, rsa.get()); | 333 NID_md5_sha1, digest, digest_len, p, &p_len, rsa.get()); |
| 339 if (ret != 1) { | 334 if (ret != 1) { |
| 340 LOG(ERROR) << "RSA_sign() failed: " << GetOpenSSLErrorString(); | 335 LOG(ERROR) << "RSA_sign() failed: " << GetOpenSSLErrorString(); |
| 341 return false; | 336 return false; |
| 342 } | 337 } |
| 343 signature_size = static_cast<size_t>(p_len); | 338 signature_size = static_cast<size_t>(p_len); |
| 344 break; | 339 break; |
| 345 } | 340 } |
| 346 case EVP_PKEY_DSA: | 341 case EVP_PKEY_DSA: |
| 347 { | 342 { |
| 348 ScopedDSA dsa(EVP_PKEY_get1_DSA(openssl_key)); | 343 crypto::ScopedDSA dsa(EVP_PKEY_get1_DSA(openssl_key)); |
| 349 if (!dsa.get()) { | 344 if (!dsa.get()) { |
| 350 LOG(ERROR) << "Could not get DSA from EVP_PKEY: " | 345 LOG(ERROR) << "Could not get DSA from EVP_PKEY: " |
| 351 << GetOpenSSLErrorString(); | 346 << GetOpenSSLErrorString(); |
| 352 return false; | 347 return false; |
| 353 } | 348 } |
| 354 // Note, the actual signature can be smaller than DSA_size() | 349 // Note, the actual signature can be smaller than DSA_size() |
| 355 max_signature_size = static_cast<size_t>(DSA_size(dsa.get())); | 350 max_signature_size = static_cast<size_t>(DSA_size(dsa.get())); |
| 356 unsigned char* p = OpenSSLWriteInto(&signature, | 351 unsigned char* p = OpenSSLWriteInto(&signature, |
| 357 max_signature_size); | 352 max_signature_size); |
| 358 unsigned int p_len = 0; | 353 unsigned int p_len = 0; |
| 359 // Note: first parameter is ignored by function. | 354 // Note: first parameter is ignored by function. |
| 360 int ret = DSA_sign(0, digest, digest_len, p, &p_len, dsa.get()); | 355 int ret = DSA_sign(0, digest, digest_len, p, &p_len, dsa.get()); |
| 361 if (ret != 1) { | 356 if (ret != 1) { |
| 362 LOG(ERROR) << "DSA_sign() failed: " << GetOpenSSLErrorString(); | 357 LOG(ERROR) << "DSA_sign() failed: " << GetOpenSSLErrorString(); |
| 363 return false; | 358 return false; |
| 364 } | 359 } |
| 365 signature_size = static_cast<size_t>(p_len); | 360 signature_size = static_cast<size_t>(p_len); |
| 366 break; | 361 break; |
| 367 } | 362 } |
| 368 case EVP_PKEY_EC: | 363 case EVP_PKEY_EC: |
| 369 { | 364 { |
| 370 ScopedEC_KEY ecdsa(EVP_PKEY_get1_EC_KEY(openssl_key)); | 365 crypto::ScopedEC_KEY ecdsa(EVP_PKEY_get1_EC_KEY(openssl_key)); |
| 371 if (!ecdsa.get()) { | 366 if (!ecdsa.get()) { |
| 372 LOG(ERROR) << "Could not get EC_KEY from EVP_PKEY: " | 367 LOG(ERROR) << "Could not get EC_KEY from EVP_PKEY: " |
| 373 << GetOpenSSLErrorString(); | 368 << GetOpenSSLErrorString(); |
| 374 return false; | 369 return false; |
| 375 } | 370 } |
| 376 // Note, the actual signature can be smaller than ECDSA_size() | 371 // Note, the actual signature can be smaller than ECDSA_size() |
| 377 max_signature_size = ECDSA_size(ecdsa.get()); | 372 max_signature_size = ECDSA_size(ecdsa.get()); |
| 378 unsigned char* p = OpenSSLWriteInto(&signature, | 373 unsigned char* p = OpenSSLWriteInto(&signature, |
| 379 max_signature_size); | 374 max_signature_size); |
| 380 unsigned int p_len = 0; | 375 unsigned int p_len = 0; |
| (...skipping 106 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 487 wrapper_signature.size()); | 482 wrapper_signature.size()); |
| 488 } | 483 } |
| 489 | 484 |
| 490 } // namespace | 485 } // namespace |
| 491 | 486 |
| 492 TEST(AndroidKeyStore,GetRSAKeyModulus) { | 487 TEST(AndroidKeyStore,GetRSAKeyModulus) { |
| 493 crypto::OpenSSLErrStackTracer err_trace(FROM_HERE); | 488 crypto::OpenSSLErrStackTracer err_trace(FROM_HERE); |
| 494 InitEnv(); | 489 InitEnv(); |
| 495 | 490 |
| 496 // Load the test RSA key. | 491 // Load the test RSA key. |
| 497 ScopedEVP_PKEY pkey(ImportPrivateKeyFile(kTestRsaKeyFile)); | 492 crypto::ScopedEVP_PKEY pkey(ImportPrivateKeyFile(kTestRsaKeyFile)); |
| 498 ASSERT_TRUE(pkey.get()); | 493 ASSERT_TRUE(pkey.get()); |
| 499 | 494 |
| 500 // Convert it to encoded PKCS#8 bytes. | 495 // Convert it to encoded PKCS#8 bytes. |
| 501 std::string pkcs8_data; | 496 std::string pkcs8_data; |
| 502 ASSERT_TRUE(GetPrivateKeyPkcs8Bytes(pkey, &pkcs8_data)); | 497 ASSERT_TRUE(GetPrivateKeyPkcs8Bytes(pkey, &pkcs8_data)); |
| 503 | 498 |
| 504 // Create platform PrivateKey object from it. | 499 // Create platform PrivateKey object from it. |
| 505 ScopedJava key_java = GetPKCS8PrivateKeyJava(PRIVATE_KEY_TYPE_RSA, | 500 ScopedJava key_java = GetPKCS8PrivateKeyJava(PRIVATE_KEY_TYPE_RSA, |
| 506 pkcs8_data); | 501 pkcs8_data); |
| 507 ASSERT_FALSE(key_java.is_null()); | 502 ASSERT_FALSE(key_java.is_null()); |
| 508 | 503 |
| 509 // Retrieve the corresponding modulus through JNI | 504 // Retrieve the corresponding modulus through JNI |
| 510 std::vector<uint8> modulus_java; | 505 std::vector<uint8> modulus_java; |
| 511 ASSERT_TRUE(GetRSAKeyModulus(key_java.obj(), &modulus_java)); | 506 ASSERT_TRUE(GetRSAKeyModulus(key_java.obj(), &modulus_java)); |
| 512 | 507 |
| 513 // Create an OpenSSL BIGNUM from it. | 508 // Create an OpenSSL BIGNUM from it. |
| 514 ScopedBIGNUM bn( | 509 crypto::ScopedBIGNUM bn( |
| 515 BN_bin2bn( | 510 BN_bin2bn(reinterpret_cast<const unsigned char*>(&modulus_java[0]), |
| 516 reinterpret_cast<const unsigned char*>(&modulus_java[0]), | 511 static_cast<int>(modulus_java.size()), |
| 517 static_cast<int>(modulus_java.size()), | 512 NULL)); |
| 518 NULL)); | |
| 519 ASSERT_TRUE(bn.get()); | 513 ASSERT_TRUE(bn.get()); |
| 520 | 514 |
| 521 // Compare it to the one in the RSA key, they must be identical. | 515 // Compare it to the one in the RSA key, they must be identical. |
| 522 ScopedRSA rsa(EVP_PKEY_get1_RSA(pkey.get())); | 516 crypto::ScopedRSA rsa(EVP_PKEY_get1_RSA(pkey.get())); |
| 523 ASSERT_TRUE(rsa.get()) << GetOpenSSLErrorString(); | 517 ASSERT_TRUE(rsa.get()) << GetOpenSSLErrorString(); |
| 524 | 518 |
| 525 ASSERT_EQ(0, BN_cmp(bn.get(), rsa.get()->n)); | 519 ASSERT_EQ(0, BN_cmp(bn.get(), rsa.get()->n)); |
| 526 } | 520 } |
| 527 | 521 |
| 528 TEST(AndroidKeyStore,GetDSAKeyParamQ) { | 522 TEST(AndroidKeyStore,GetDSAKeyParamQ) { |
| 529 crypto::OpenSSLErrStackTracer err_trace(FROM_HERE); | 523 crypto::OpenSSLErrStackTracer err_trace(FROM_HERE); |
| 530 InitEnv(); | 524 InitEnv(); |
| 531 | 525 |
| 532 // Load the test DSA key. | 526 // Load the test DSA key. |
| 533 ScopedEVP_PKEY pkey(ImportPrivateKeyFile(kTestDsaKeyFile)); | 527 crypto::ScopedEVP_PKEY pkey(ImportPrivateKeyFile(kTestDsaKeyFile)); |
| 534 ASSERT_TRUE(pkey.get()); | 528 ASSERT_TRUE(pkey.get()); |
| 535 | 529 |
| 536 // Convert it to encoded PKCS#8 bytes. | 530 // Convert it to encoded PKCS#8 bytes. |
| 537 std::string pkcs8_data; | 531 std::string pkcs8_data; |
| 538 ASSERT_TRUE(GetPrivateKeyPkcs8Bytes(pkey, &pkcs8_data)); | 532 ASSERT_TRUE(GetPrivateKeyPkcs8Bytes(pkey, &pkcs8_data)); |
| 539 | 533 |
| 540 // Create platform PrivateKey object from it. | 534 // Create platform PrivateKey object from it. |
| 541 ScopedJava key_java = GetPKCS8PrivateKeyJava(PRIVATE_KEY_TYPE_DSA, | 535 ScopedJava key_java = GetPKCS8PrivateKeyJava(PRIVATE_KEY_TYPE_DSA, |
| 542 pkcs8_data); | 536 pkcs8_data); |
| 543 ASSERT_FALSE(key_java.is_null()); | 537 ASSERT_FALSE(key_java.is_null()); |
| 544 | 538 |
| 545 // Retrieve the corresponding Q parameter through JNI | 539 // Retrieve the corresponding Q parameter through JNI |
| 546 std::vector<uint8> q_java; | 540 std::vector<uint8> q_java; |
| 547 ASSERT_TRUE(GetDSAKeyParamQ(key_java.obj(), &q_java)); | 541 ASSERT_TRUE(GetDSAKeyParamQ(key_java.obj(), &q_java)); |
| 548 | 542 |
| 549 // Create an OpenSSL BIGNUM from it. | 543 // Create an OpenSSL BIGNUM from it. |
| 550 ScopedBIGNUM bn( | 544 crypto::ScopedBIGNUM bn( |
| 551 BN_bin2bn( | 545 BN_bin2bn(reinterpret_cast<const unsigned char*>(&q_java[0]), |
| 552 reinterpret_cast<const unsigned char*>(&q_java[0]), | 546 static_cast<int>(q_java.size()), |
| 553 static_cast<int>(q_java.size()), | 547 NULL)); |
| 554 NULL)); | |
| 555 ASSERT_TRUE(bn.get()); | 548 ASSERT_TRUE(bn.get()); |
| 556 | 549 |
| 557 // Compare it to the one in the RSA key, they must be identical. | 550 // Compare it to the one in the RSA key, they must be identical. |
| 558 ScopedDSA dsa(EVP_PKEY_get1_DSA(pkey.get())); | 551 crypto::ScopedDSA dsa(EVP_PKEY_get1_DSA(pkey.get())); |
| 559 ASSERT_TRUE(dsa.get()) << GetOpenSSLErrorString(); | 552 ASSERT_TRUE(dsa.get()) << GetOpenSSLErrorString(); |
| 560 | 553 |
| 561 ASSERT_EQ(0, BN_cmp(bn.get(), dsa.get()->q)); | 554 ASSERT_EQ(0, BN_cmp(bn.get(), dsa.get()->q)); |
| 562 } | 555 } |
| 563 | 556 |
| 564 TEST(AndroidKeyStore,GetPrivateKeyTypeRSA) { | 557 TEST(AndroidKeyStore,GetPrivateKeyTypeRSA) { |
| 565 crypto::OpenSSLErrStackTracer err_trace(FROM_HERE); | 558 crypto::OpenSSLErrStackTracer err_trace(FROM_HERE); |
| 566 | 559 |
| 567 ScopedJava rsa_key = GetRSATestKeyJava(); | 560 ScopedJava rsa_key = GetRSATestKeyJava(); |
| 568 ASSERT_FALSE(rsa_key.is_null()); | 561 ASSERT_FALSE(rsa_key.is_null()); |
| 569 EXPECT_EQ(PRIVATE_KEY_TYPE_RSA, | 562 EXPECT_EQ(PRIVATE_KEY_TYPE_RSA, |
| 570 GetPrivateKeyType(rsa_key.obj())); | 563 GetPrivateKeyType(rsa_key.obj())); |
| 571 } | 564 } |
| 572 | 565 |
| 573 TEST(AndroidKeyStore,SignWithPrivateKeyRSA) { | 566 TEST(AndroidKeyStore,SignWithPrivateKeyRSA) { |
| 574 ScopedJava rsa_key = GetRSATestKeyJava(); | 567 ScopedJava rsa_key = GetRSATestKeyJava(); |
| 575 ASSERT_FALSE(rsa_key.is_null()); | 568 ASSERT_FALSE(rsa_key.is_null()); |
| 576 | 569 |
| 577 if (IsOnAndroidOlderThan_4_2()) { | 570 if (IsOnAndroidOlderThan_4_2()) { |
| 578 LOG(INFO) << "This test can't run on Android < 4.2"; | 571 LOG(INFO) << "This test can't run on Android < 4.2"; |
| 579 return; | 572 return; |
| 580 } | 573 } |
| 581 | 574 |
| 582 ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestRsaKeyFile)); | 575 crypto::ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestRsaKeyFile)); |
| 583 ASSERT_TRUE(openssl_key.get()); | 576 ASSERT_TRUE(openssl_key.get()); |
| 584 | 577 |
| 585 std::string message = kTestRsaHash; | 578 std::string message = kTestRsaHash; |
| 586 ASSERT_EQ(36U, message.size()); | 579 ASSERT_EQ(36U, message.size()); |
| 587 | 580 |
| 588 std::string signature; | 581 std::string signature; |
| 589 DoKeySigning(rsa_key.obj(), openssl_key.get(), message, &signature); | 582 DoKeySigning(rsa_key.obj(), openssl_key.get(), message, &signature); |
| 590 ASSERT_TRUE( | 583 ASSERT_TRUE( |
| 591 CompareSignatureWithOpenSSL(message, signature, openssl_key.get())); | 584 CompareSignatureWithOpenSSL(message, signature, openssl_key.get())); |
| 592 // All good. | 585 // All good. |
| 593 } | 586 } |
| 594 | 587 |
| 595 TEST(AndroidKeyStore,SignWithWrapperKeyRSA) { | 588 TEST(AndroidKeyStore,SignWithWrapperKeyRSA) { |
| 596 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); | 589 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| 597 | 590 |
| 598 ScopedJava rsa_key = GetRSATestKeyJava(); | 591 ScopedJava rsa_key = GetRSATestKeyJava(); |
| 599 ASSERT_FALSE(rsa_key.is_null()); | 592 ASSERT_FALSE(rsa_key.is_null()); |
| 600 | 593 |
| 601 ScopedEVP_PKEY wrapper_key(GetOpenSSLPrivateKeyWrapper(rsa_key.obj())); | 594 crypto::ScopedEVP_PKEY wrapper_key( |
| 595 GetOpenSSLPrivateKeyWrapper(rsa_key.obj())); |
| 602 ASSERT_TRUE(wrapper_key.get() != NULL); | 596 ASSERT_TRUE(wrapper_key.get() != NULL); |
| 603 | 597 |
| 604 ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestRsaKeyFile)); | 598 crypto::ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestRsaKeyFile)); |
| 605 ASSERT_TRUE(openssl_key.get()); | 599 ASSERT_TRUE(openssl_key.get()); |
| 606 | 600 |
| 607 // Check that RSA_size() works properly on the wrapper key. | 601 // Check that RSA_size() works properly on the wrapper key. |
| 608 EXPECT_EQ(EVP_PKEY_size(openssl_key.get()), | 602 EXPECT_EQ(EVP_PKEY_size(openssl_key.get()), |
| 609 EVP_PKEY_size(wrapper_key.get())); | 603 EVP_PKEY_size(wrapper_key.get())); |
| 610 | 604 |
| 611 // Message size must be 36 for RSA_sign(NID_md5_sha1,...) to return | 605 // Message size must be 36 for RSA_sign(NID_md5_sha1,...) to return |
| 612 // without an error. | 606 // without an error. |
| 613 std::string message = kTestRsaHash; | 607 std::string message = kTestRsaHash; |
| 614 ASSERT_EQ(36U, message.size()); | 608 ASSERT_EQ(36U, message.size()); |
| (...skipping 13 matching lines...) Expand all Loading... |
| 628 ScopedJava dsa_key = GetDSATestKeyJava(); | 622 ScopedJava dsa_key = GetDSATestKeyJava(); |
| 629 ASSERT_FALSE(dsa_key.is_null()); | 623 ASSERT_FALSE(dsa_key.is_null()); |
| 630 EXPECT_EQ(PRIVATE_KEY_TYPE_DSA, | 624 EXPECT_EQ(PRIVATE_KEY_TYPE_DSA, |
| 631 GetPrivateKeyType(dsa_key.obj())); | 625 GetPrivateKeyType(dsa_key.obj())); |
| 632 } | 626 } |
| 633 | 627 |
| 634 TEST(AndroidKeyStore,SignWithPrivateKeyDSA) { | 628 TEST(AndroidKeyStore,SignWithPrivateKeyDSA) { |
| 635 ScopedJava dsa_key = GetDSATestKeyJava(); | 629 ScopedJava dsa_key = GetDSATestKeyJava(); |
| 636 ASSERT_FALSE(dsa_key.is_null()); | 630 ASSERT_FALSE(dsa_key.is_null()); |
| 637 | 631 |
| 638 ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestDsaKeyFile)); | 632 crypto::ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestDsaKeyFile)); |
| 639 ASSERT_TRUE(openssl_key.get()); | 633 ASSERT_TRUE(openssl_key.get()); |
| 640 | 634 |
| 641 std::string message = kTestDsaHash; | 635 std::string message = kTestDsaHash; |
| 642 ASSERT_EQ(20U, message.size()); | 636 ASSERT_EQ(20U, message.size()); |
| 643 | 637 |
| 644 std::string signature; | 638 std::string signature; |
| 645 DoKeySigning(dsa_key.obj(), openssl_key.get(), message, &signature); | 639 DoKeySigning(dsa_key.obj(), openssl_key.get(), message, &signature); |
| 646 ASSERT_TRUE(VerifyTestDSASignature(message, signature)); | 640 ASSERT_TRUE(VerifyTestDSASignature(message, signature)); |
| 647 } | 641 } |
| 648 | 642 |
| 649 TEST(AndroidKeyStore,SignWithWrapperKeyDSA) { | 643 TEST(AndroidKeyStore,SignWithWrapperKeyDSA) { |
| 650 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); | 644 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| 651 | 645 |
| 652 ScopedJava dsa_key = GetDSATestKeyJava(); | 646 ScopedJava dsa_key = GetDSATestKeyJava(); |
| 653 ASSERT_FALSE(dsa_key.is_null()); | 647 ASSERT_FALSE(dsa_key.is_null()); |
| 654 | 648 |
| 655 ScopedEVP_PKEY wrapper_key( | 649 crypto::ScopedEVP_PKEY wrapper_key( |
| 656 GetOpenSSLPrivateKeyWrapper(dsa_key.obj())); | 650 GetOpenSSLPrivateKeyWrapper(dsa_key.obj())); |
| 657 ASSERT_TRUE(wrapper_key.get()); | 651 ASSERT_TRUE(wrapper_key.get()); |
| 658 | 652 |
| 659 ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestDsaKeyFile)); | 653 crypto::ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestDsaKeyFile)); |
| 660 ASSERT_TRUE(openssl_key.get()); | 654 ASSERT_TRUE(openssl_key.get()); |
| 661 | 655 |
| 662 // Check that DSA_size() works correctly on the wrapper. | 656 // Check that DSA_size() works correctly on the wrapper. |
| 663 EXPECT_EQ(EVP_PKEY_size(openssl_key.get()), | 657 EXPECT_EQ(EVP_PKEY_size(openssl_key.get()), |
| 664 EVP_PKEY_size(wrapper_key.get())); | 658 EVP_PKEY_size(wrapper_key.get())); |
| 665 | 659 |
| 666 std::string message = kTestDsaHash; | 660 std::string message = kTestDsaHash; |
| 667 std::string signature; | 661 std::string signature; |
| 668 DoKeySigningWithWrapper(wrapper_key.get(), | 662 DoKeySigningWithWrapper(wrapper_key.get(), |
| 669 openssl_key.get(), | 663 openssl_key.get(), |
| 670 message, | 664 message, |
| 671 &signature); | 665 &signature); |
| 672 ASSERT_TRUE(VerifyTestDSASignature(message, signature)); | 666 ASSERT_TRUE(VerifyTestDSASignature(message, signature)); |
| 673 } | 667 } |
| 674 | 668 |
| 675 TEST(AndroidKeyStore,GetPrivateKeyTypeECDSA) { | 669 TEST(AndroidKeyStore,GetPrivateKeyTypeECDSA) { |
| 676 crypto::OpenSSLErrStackTracer err_trace(FROM_HERE); | 670 crypto::OpenSSLErrStackTracer err_trace(FROM_HERE); |
| 677 | 671 |
| 678 ScopedJava ecdsa_key = GetECDSATestKeyJava(); | 672 ScopedJava ecdsa_key = GetECDSATestKeyJava(); |
| 679 ASSERT_FALSE(ecdsa_key.is_null()); | 673 ASSERT_FALSE(ecdsa_key.is_null()); |
| 680 EXPECT_EQ(PRIVATE_KEY_TYPE_ECDSA, | 674 EXPECT_EQ(PRIVATE_KEY_TYPE_ECDSA, |
| 681 GetPrivateKeyType(ecdsa_key.obj())); | 675 GetPrivateKeyType(ecdsa_key.obj())); |
| 682 } | 676 } |
| 683 | 677 |
| 684 TEST(AndroidKeyStore,SignWithPrivateKeyECDSA) { | 678 TEST(AndroidKeyStore,SignWithPrivateKeyECDSA) { |
| 685 ScopedJava ecdsa_key = GetECDSATestKeyJava(); | 679 ScopedJava ecdsa_key = GetECDSATestKeyJava(); |
| 686 ASSERT_FALSE(ecdsa_key.is_null()); | 680 ASSERT_FALSE(ecdsa_key.is_null()); |
| 687 | 681 |
| 688 ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestEcdsaKeyFile)); | 682 crypto::ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestEcdsaKeyFile)); |
| 689 ASSERT_TRUE(openssl_key.get()); | 683 ASSERT_TRUE(openssl_key.get()); |
| 690 | 684 |
| 691 std::string message = kTestEcdsaHash; | 685 std::string message = kTestEcdsaHash; |
| 692 std::string signature; | 686 std::string signature; |
| 693 DoKeySigning(ecdsa_key.obj(), openssl_key.get(), message, &signature); | 687 DoKeySigning(ecdsa_key.obj(), openssl_key.get(), message, &signature); |
| 694 ASSERT_TRUE(VerifyTestECDSASignature(message, signature)); | 688 ASSERT_TRUE(VerifyTestECDSASignature(message, signature)); |
| 695 } | 689 } |
| 696 | 690 |
| 697 TEST(AndroidKeyStore, SignWithWrapperKeyECDSA) { | 691 TEST(AndroidKeyStore, SignWithWrapperKeyECDSA) { |
| 698 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); | 692 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| 699 | 693 |
| 700 ScopedJava ecdsa_key = GetECDSATestKeyJava(); | 694 ScopedJava ecdsa_key = GetECDSATestKeyJava(); |
| 701 ASSERT_FALSE(ecdsa_key.is_null()); | 695 ASSERT_FALSE(ecdsa_key.is_null()); |
| 702 | 696 |
| 703 ScopedEVP_PKEY wrapper_key( | 697 crypto::ScopedEVP_PKEY wrapper_key( |
| 704 GetOpenSSLPrivateKeyWrapper(ecdsa_key.obj())); | 698 GetOpenSSLPrivateKeyWrapper(ecdsa_key.obj())); |
| 705 ASSERT_TRUE(wrapper_key.get()); | 699 ASSERT_TRUE(wrapper_key.get()); |
| 706 | 700 |
| 707 ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestEcdsaKeyFile)); | 701 crypto::ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestEcdsaKeyFile)); |
| 708 ASSERT_TRUE(openssl_key.get()); | 702 ASSERT_TRUE(openssl_key.get()); |
| 709 | 703 |
| 710 // Check that ECDSA size works correctly on the wrapper. | 704 // Check that ECDSA size works correctly on the wrapper. |
| 711 EXPECT_EQ(EVP_PKEY_size(openssl_key.get()), | 705 EXPECT_EQ(EVP_PKEY_size(openssl_key.get()), |
| 712 EVP_PKEY_size(wrapper_key.get())); | 706 EVP_PKEY_size(wrapper_key.get())); |
| 713 | 707 |
| 714 std::string message = kTestEcdsaHash; | 708 std::string message = kTestEcdsaHash; |
| 715 std::string signature; | 709 std::string signature; |
| 716 DoKeySigningWithWrapper(wrapper_key.get(), | 710 DoKeySigningWithWrapper(wrapper_key.get(), |
| 717 openssl_key.get(), | 711 openssl_key.get(), |
| 718 message, | 712 message, |
| 719 &signature); | 713 &signature); |
| 720 ASSERT_TRUE(VerifyTestECDSASignature(message, signature)); | 714 ASSERT_TRUE(VerifyTestECDSASignature(message, signature)); |
| 721 } | 715 } |
| 722 | 716 |
| 723 } // namespace android | 717 } // namespace android |
| 724 } // namespace net | 718 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 361193003:
Eliminate ScopedOpenSSL in favour of scoped_ptr<> specializations. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src