OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/quic/test_tools/crypto_test_utils.h" | 5 #include "net/quic/test_tools/crypto_test_utils.h" |
6 | 6 |
7 #include <openssl/bn.h> | 7 #include <openssl/bn.h> |
8 #include <openssl/ec.h> | 8 #include <openssl/ec.h> |
9 #include <openssl/ecdsa.h> | 9 #include <openssl/ecdsa.h> |
10 #include <openssl/evp.h> | 10 #include <openssl/evp.h> |
11 #include <openssl/obj_mac.h> | 11 #include <openssl/obj_mac.h> |
12 #include <openssl/sha.h> | 12 #include <openssl/sha.h> |
13 | 13 |
14 #include "crypto/openssl_util.h" | 14 #include "crypto/openssl_util.h" |
| 15 #include "crypto/scoped_openssl_types.h" |
15 #include "crypto/secure_hash.h" | 16 #include "crypto/secure_hash.h" |
16 #include "net/quic/crypto/channel_id.h" | 17 #include "net/quic/crypto/channel_id.h" |
17 | 18 |
18 using base::StringPiece; | 19 using base::StringPiece; |
19 using std::string; | 20 using std::string; |
20 | 21 |
21 namespace { | |
22 | |
23 void EvpMdCtxCleanUp(EVP_MD_CTX* ctx) { | |
24 (void)EVP_MD_CTX_cleanup(ctx); | |
25 } | |
26 | |
27 } // namespace anonymous | |
28 | |
29 namespace net { | 22 namespace net { |
30 | 23 |
31 namespace test { | 24 namespace test { |
32 | 25 |
33 class TestChannelIDKey : public ChannelIDKey { | 26 class TestChannelIDKey : public ChannelIDKey { |
34 public: | 27 public: |
35 explicit TestChannelIDKey(EVP_PKEY* ecdsa_key) : ecdsa_key_(ecdsa_key) {} | 28 explicit TestChannelIDKey(EVP_PKEY* ecdsa_key) : ecdsa_key_(ecdsa_key) {} |
36 virtual ~TestChannelIDKey() OVERRIDE {} | 29 virtual ~TestChannelIDKey() OVERRIDE {} |
37 | 30 |
38 // ChannelIDKey implementation. | 31 // ChannelIDKey implementation. |
39 | 32 |
40 virtual bool Sign(StringPiece signed_data, | 33 virtual bool Sign(StringPiece signed_data, |
41 string* out_signature) const OVERRIDE { | 34 string* out_signature) const OVERRIDE { |
42 EVP_MD_CTX md_ctx; | 35 EVP_MD_CTX md_ctx; |
43 EVP_MD_CTX_init(&md_ctx); | 36 EVP_MD_CTX_init(&md_ctx); |
44 crypto::ScopedOpenSSL<EVP_MD_CTX, EvpMdCtxCleanUp> | 37 crypto::ScopedEVP_MD_CTX md_ctx_cleanup(&md_ctx); |
45 md_ctx_cleanup(&md_ctx); | |
46 | 38 |
47 if (EVP_DigestSignInit(&md_ctx, NULL, EVP_sha256(), NULL, | 39 if (EVP_DigestSignInit(&md_ctx, NULL, EVP_sha256(), NULL, |
48 ecdsa_key_.get()) != 1) { | 40 ecdsa_key_.get()) != 1) { |
49 return false; | 41 return false; |
50 } | 42 } |
51 | 43 |
52 EVP_DigestUpdate(&md_ctx, ChannelIDVerifier::kContextStr, | 44 EVP_DigestUpdate(&md_ctx, ChannelIDVerifier::kContextStr, |
53 strlen(ChannelIDVerifier::kContextStr) + 1); | 45 strlen(ChannelIDVerifier::kContextStr) + 1); |
54 EVP_DigestUpdate(&md_ctx, ChannelIDVerifier::kClientToServerStr, | 46 EVP_DigestUpdate(&md_ctx, ChannelIDVerifier::kClientToServerStr, |
55 strlen(ChannelIDVerifier::kClientToServerStr) + 1); | 47 strlen(ChannelIDVerifier::kClientToServerStr) + 1); |
56 EVP_DigestUpdate(&md_ctx, signed_data.data(), signed_data.size()); | 48 EVP_DigestUpdate(&md_ctx, signed_data.data(), signed_data.size()); |
57 | 49 |
58 size_t sig_len; | 50 size_t sig_len; |
59 if (!EVP_DigestSignFinal(&md_ctx, NULL, &sig_len)) { | 51 if (!EVP_DigestSignFinal(&md_ctx, NULL, &sig_len)) { |
60 return false; | 52 return false; |
61 } | 53 } |
62 | 54 |
63 scoped_ptr<uint8[]> der_sig(new uint8[sig_len]); | 55 scoped_ptr<uint8[]> der_sig(new uint8[sig_len]); |
64 if (!EVP_DigestSignFinal(&md_ctx, der_sig.get(), &sig_len)) { | 56 if (!EVP_DigestSignFinal(&md_ctx, der_sig.get(), &sig_len)) { |
65 return false; | 57 return false; |
66 } | 58 } |
67 | 59 |
68 uint8* derp = der_sig.get(); | 60 uint8* derp = der_sig.get(); |
69 crypto::ScopedOpenSSL<ECDSA_SIG, ECDSA_SIG_free> sig( | 61 crypto::ScopedECDSA_SIG sig( |
70 d2i_ECDSA_SIG(NULL, const_cast<const uint8**>(&derp), sig_len)); | 62 d2i_ECDSA_SIG(NULL, const_cast<const uint8**>(&derp), sig_len)); |
71 if (sig.get() == NULL) { | 63 if (sig.get() == NULL) { |
72 return false; | 64 return false; |
73 } | 65 } |
74 | 66 |
75 // The signature consists of a pair of 32-byte numbers. | 67 // The signature consists of a pair of 32-byte numbers. |
76 static const size_t kSignatureLength = 32 * 2; | 68 static const size_t kSignatureLength = 32 * 2; |
77 scoped_ptr<uint8[]> signature(new uint8[kSignatureLength]); | 69 scoped_ptr<uint8[]> signature(new uint8[kSignatureLength]); |
78 memset(signature.get(), 0, kSignatureLength); | 70 memset(signature.get(), 0, kSignatureLength); |
79 BN_bn2bin(sig.get()->r, signature.get() + 32 - BN_num_bytes(sig.get()->r)); | 71 BN_bn2bin(sig.get()->r, signature.get() + 32 - BN_num_bytes(sig.get()->r)); |
(...skipping 17 matching lines...) Expand all Loading... |
97 } | 89 } |
98 | 90 |
99 uint8 buf[kExpectedKeyLength]; | 91 uint8 buf[kExpectedKeyLength]; |
100 uint8* derp = buf; | 92 uint8* derp = buf; |
101 i2d_PublicKey(ecdsa_key_.get(), &derp); | 93 i2d_PublicKey(ecdsa_key_.get(), &derp); |
102 | 94 |
103 return string(reinterpret_cast<char*>(buf + 1), kExpectedKeyLength - 1); | 95 return string(reinterpret_cast<char*>(buf + 1), kExpectedKeyLength - 1); |
104 } | 96 } |
105 | 97 |
106 private: | 98 private: |
107 crypto::ScopedOpenSSL<EVP_PKEY, EVP_PKEY_free> ecdsa_key_; | 99 crypto::ScopedEVP_PKEY ecdsa_key_; |
108 }; | 100 }; |
109 | 101 |
110 class TestChannelIDSource : public ChannelIDSource { | 102 class TestChannelIDSource : public ChannelIDSource { |
111 public: | 103 public: |
112 virtual ~TestChannelIDSource() {} | 104 virtual ~TestChannelIDSource() {} |
113 | 105 |
114 // ChannelIDSource implementation. | 106 // ChannelIDSource implementation. |
115 | 107 |
116 virtual QuicAsyncStatus GetChannelIDKey( | 108 virtual QuicAsyncStatus GetChannelIDKey( |
117 const string& hostname, | 109 const string& hostname, |
(...skipping 15 matching lines...) Expand all Loading... |
133 SHA256_Init(&sha256); | 125 SHA256_Init(&sha256); |
134 SHA256_Update(&sha256, hostname.data(), hostname.size()); | 126 SHA256_Update(&sha256, hostname.data(), hostname.size()); |
135 | 127 |
136 unsigned char digest[SHA256_DIGEST_LENGTH]; | 128 unsigned char digest[SHA256_DIGEST_LENGTH]; |
137 SHA256_Final(digest, &sha256); | 129 SHA256_Final(digest, &sha256); |
138 | 130 |
139 // Ensure that the digest is less than the order of the P-256 group by | 131 // Ensure that the digest is less than the order of the P-256 group by |
140 // clearing the most-significant bit. | 132 // clearing the most-significant bit. |
141 digest[0] &= 0x7f; | 133 digest[0] &= 0x7f; |
142 | 134 |
143 crypto::ScopedOpenSSL<BIGNUM, BN_free> k(BN_new()); | 135 crypto::ScopedBIGNUM k(BN_new()); |
144 CHECK(BN_bin2bn(digest, sizeof(digest), k.get()) != NULL); | 136 CHECK(BN_bin2bn(digest, sizeof(digest), k.get()) != NULL); |
145 | 137 |
146 crypto::ScopedOpenSSL<EC_GROUP, EC_GROUP_free> p256( | 138 crypto::ScopedOpenSSL<EC_GROUP, EC_GROUP_free>::Type p256( |
147 EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)); | 139 EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)); |
148 CHECK(p256.get()); | 140 CHECK(p256.get()); |
149 | 141 |
150 crypto::ScopedOpenSSL<EC_KEY, EC_KEY_free> ecdsa_key(EC_KEY_new()); | 142 crypto::ScopedEC_KEY ecdsa_key(EC_KEY_new()); |
151 CHECK(ecdsa_key.get() != NULL && | 143 CHECK(ecdsa_key.get() != NULL && |
152 EC_KEY_set_group(ecdsa_key.get(), p256.get())); | 144 EC_KEY_set_group(ecdsa_key.get(), p256.get())); |
153 | 145 |
154 crypto::ScopedOpenSSL<EC_POINT, EC_POINT_free> point( | 146 crypto::ScopedOpenSSL<EC_POINT, EC_POINT_free>::Type point( |
155 EC_POINT_new(p256.get())); | 147 EC_POINT_new(p256.get())); |
156 CHECK(EC_POINT_mul(p256.get(), point.get(), k.get(), NULL, NULL, NULL)); | 148 CHECK(EC_POINT_mul(p256.get(), point.get(), k.get(), NULL, NULL, NULL)); |
157 | 149 |
158 EC_KEY_set_private_key(ecdsa_key.get(), k.get()); | 150 EC_KEY_set_private_key(ecdsa_key.get(), k.get()); |
159 EC_KEY_set_public_key(ecdsa_key.get(), point.get()); | 151 EC_KEY_set_public_key(ecdsa_key.get(), point.get()); |
160 | 152 |
161 crypto::ScopedOpenSSL<EVP_PKEY, EVP_PKEY_free> pkey(EVP_PKEY_new()); | 153 crypto::ScopedEVP_PKEY pkey(EVP_PKEY_new()); |
162 // EVP_PKEY_set1_EC_KEY takes a reference so no |release| here. | 154 // EVP_PKEY_set1_EC_KEY takes a reference so no |release| here. |
163 EVP_PKEY_set1_EC_KEY(pkey.get(), ecdsa_key.get()); | 155 EVP_PKEY_set1_EC_KEY(pkey.get(), ecdsa_key.get()); |
164 | 156 |
165 return pkey.release(); | 157 return pkey.release(); |
166 } | 158 } |
167 }; | 159 }; |
168 | 160 |
169 // static | 161 // static |
170 ChannelIDSource* CryptoTestUtils::ChannelIDSourceForTesting() { | 162 ChannelIDSource* CryptoTestUtils::ChannelIDSourceForTesting() { |
171 return new TestChannelIDSource(); | 163 return new TestChannelIDSource(); |
172 } | 164 } |
173 | 165 |
174 } // namespace test | 166 } // namespace test |
175 | 167 |
176 } // namespace net | 168 } // namespace net |
OLD | NEW |