OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/quic/test_tools/crypto_test_utils.h" | 5 #include "net/quic/test_tools/crypto_test_utils.h" |
6 | 6 |
7 #include <openssl/bn.h> | 7 #include <openssl/bn.h> |
8 #include <openssl/ec.h> | 8 #include <openssl/ec.h> |
9 #include <openssl/ecdsa.h> | 9 #include <openssl/ecdsa.h> |
10 #include <openssl/evp.h> | 10 #include <openssl/evp.h> |
(...skipping 16 matching lines...) Expand all Loading... |
27 public: | 27 public: |
28 explicit TestChannelIDKey(EVP_PKEY* ecdsa_key) : ecdsa_key_(ecdsa_key) {} | 28 explicit TestChannelIDKey(EVP_PKEY* ecdsa_key) : ecdsa_key_(ecdsa_key) {} |
29 virtual ~TestChannelIDKey() OVERRIDE {} | 29 virtual ~TestChannelIDKey() OVERRIDE {} |
30 | 30 |
31 // ChannelIDKey implementation. | 31 // ChannelIDKey implementation. |
32 | 32 |
33 virtual bool Sign(StringPiece signed_data, | 33 virtual bool Sign(StringPiece signed_data, |
34 string* out_signature) const OVERRIDE { | 34 string* out_signature) const OVERRIDE { |
35 crypto::ScopedEVP_MD_CTX md_ctx(EVP_MD_CTX_create()); | 35 crypto::ScopedEVP_MD_CTX md_ctx(EVP_MD_CTX_create()); |
36 if (!md_ctx || | 36 if (!md_ctx || |
37 EVP_DigestSignInit(md_ctx.get(), NULL, EVP_sha256(), NULL, | 37 EVP_DigestSignInit(md_ctx.get(), nullptr, EVP_sha256(), nullptr, |
38 ecdsa_key_.get()) != 1) { | 38 ecdsa_key_.get()) != 1) { |
39 return false; | 39 return false; |
40 } | 40 } |
41 | 41 |
42 EVP_DigestUpdate(md_ctx.get(), ChannelIDVerifier::kContextStr, | 42 EVP_DigestUpdate(md_ctx.get(), ChannelIDVerifier::kContextStr, |
43 strlen(ChannelIDVerifier::kContextStr) + 1); | 43 strlen(ChannelIDVerifier::kContextStr) + 1); |
44 EVP_DigestUpdate(md_ctx.get(), ChannelIDVerifier::kClientToServerStr, | 44 EVP_DigestUpdate(md_ctx.get(), ChannelIDVerifier::kClientToServerStr, |
45 strlen(ChannelIDVerifier::kClientToServerStr) + 1); | 45 strlen(ChannelIDVerifier::kClientToServerStr) + 1); |
46 EVP_DigestUpdate(md_ctx.get(), signed_data.data(), signed_data.size()); | 46 EVP_DigestUpdate(md_ctx.get(), signed_data.data(), signed_data.size()); |
47 | 47 |
48 size_t sig_len; | 48 size_t sig_len; |
49 if (!EVP_DigestSignFinal(md_ctx.get(), NULL, &sig_len)) { | 49 if (!EVP_DigestSignFinal(md_ctx.get(), nullptr, &sig_len)) { |
50 return false; | 50 return false; |
51 } | 51 } |
52 | 52 |
53 scoped_ptr<uint8[]> der_sig(new uint8[sig_len]); | 53 scoped_ptr<uint8[]> der_sig(new uint8[sig_len]); |
54 if (!EVP_DigestSignFinal(md_ctx.get(), der_sig.get(), &sig_len)) { | 54 if (!EVP_DigestSignFinal(md_ctx.get(), der_sig.get(), &sig_len)) { |
55 return false; | 55 return false; |
56 } | 56 } |
57 | 57 |
58 uint8* derp = der_sig.get(); | 58 uint8* derp = der_sig.get(); |
59 crypto::ScopedECDSA_SIG sig( | 59 crypto::ScopedECDSA_SIG sig( |
60 d2i_ECDSA_SIG(NULL, const_cast<const uint8**>(&derp), sig_len)); | 60 d2i_ECDSA_SIG(nullptr, const_cast<const uint8**>(&derp), sig_len)); |
61 if (sig.get() == NULL) { | 61 if (sig.get() == nullptr) { |
62 return false; | 62 return false; |
63 } | 63 } |
64 | 64 |
65 // The signature consists of a pair of 32-byte numbers. | 65 // The signature consists of a pair of 32-byte numbers. |
66 static const size_t kSignatureLength = 32 * 2; | 66 static const size_t kSignatureLength = 32 * 2; |
67 scoped_ptr<uint8[]> signature(new uint8[kSignatureLength]); | 67 scoped_ptr<uint8[]> signature(new uint8[kSignatureLength]); |
68 memset(signature.get(), 0, kSignatureLength); | 68 memset(signature.get(), 0, kSignatureLength); |
69 BN_bn2bin(sig.get()->r, signature.get() + 32 - BN_num_bytes(sig.get()->r)); | 69 BN_bn2bin(sig.get()->r, signature.get() + 32 - BN_num_bytes(sig.get()->r)); |
70 BN_bn2bin(sig.get()->s, signature.get() + 64 - BN_num_bytes(sig.get()->s)); | 70 BN_bn2bin(sig.get()->s, signature.get() + 64 - BN_num_bytes(sig.get()->s)); |
71 | 71 |
72 *out_signature = string(reinterpret_cast<char*>(signature.get()), | 72 *out_signature = string(reinterpret_cast<char*>(signature.get()), |
73 kSignatureLength); | 73 kSignatureLength); |
74 | 74 |
75 return true; | 75 return true; |
76 } | 76 } |
77 | 77 |
78 virtual string SerializeKey() const OVERRIDE { | 78 virtual string SerializeKey() const OVERRIDE { |
79 // i2d_PublicKey will produce an ANSI X9.62 public key which, for a P-256 | 79 // i2d_PublicKey will produce an ANSI X9.62 public key which, for a P-256 |
80 // key, is 0x04 (meaning uncompressed) followed by the x and y field | 80 // key, is 0x04 (meaning uncompressed) followed by the x and y field |
81 // elements as 32-byte, big-endian numbers. | 81 // elements as 32-byte, big-endian numbers. |
82 static const int kExpectedKeyLength = 65; | 82 static const int kExpectedKeyLength = 65; |
83 | 83 |
84 int len = i2d_PublicKey(ecdsa_key_.get(), NULL); | 84 int len = i2d_PublicKey(ecdsa_key_.get(), nullptr); |
85 if (len != kExpectedKeyLength) { | 85 if (len != kExpectedKeyLength) { |
86 return ""; | 86 return ""; |
87 } | 87 } |
88 | 88 |
89 uint8 buf[kExpectedKeyLength]; | 89 uint8 buf[kExpectedKeyLength]; |
90 uint8* derp = buf; | 90 uint8* derp = buf; |
91 i2d_PublicKey(ecdsa_key_.get(), &derp); | 91 i2d_PublicKey(ecdsa_key_.get(), &derp); |
92 | 92 |
93 return string(reinterpret_cast<char*>(buf + 1), kExpectedKeyLength - 1); | 93 return string(reinterpret_cast<char*>(buf + 1), kExpectedKeyLength - 1); |
94 } | 94 } |
(...skipping 29 matching lines...) Expand all Loading... |
124 SHA256_Update(&sha256, hostname.data(), hostname.size()); | 124 SHA256_Update(&sha256, hostname.data(), hostname.size()); |
125 | 125 |
126 unsigned char digest[SHA256_DIGEST_LENGTH]; | 126 unsigned char digest[SHA256_DIGEST_LENGTH]; |
127 SHA256_Final(digest, &sha256); | 127 SHA256_Final(digest, &sha256); |
128 | 128 |
129 // Ensure that the digest is less than the order of the P-256 group by | 129 // Ensure that the digest is less than the order of the P-256 group by |
130 // clearing the most-significant bit. | 130 // clearing the most-significant bit. |
131 digest[0] &= 0x7f; | 131 digest[0] &= 0x7f; |
132 | 132 |
133 crypto::ScopedBIGNUM k(BN_new()); | 133 crypto::ScopedBIGNUM k(BN_new()); |
134 CHECK(BN_bin2bn(digest, sizeof(digest), k.get()) != NULL); | 134 CHECK(BN_bin2bn(digest, sizeof(digest), k.get()) != nullptr); |
135 | 135 |
136 crypto::ScopedOpenSSL<EC_GROUP, EC_GROUP_free>::Type p256( | 136 crypto::ScopedOpenSSL<EC_GROUP, EC_GROUP_free>::Type p256( |
137 EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)); | 137 EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)); |
138 CHECK(p256.get()); | 138 CHECK(p256.get()); |
139 | 139 |
140 crypto::ScopedEC_KEY ecdsa_key(EC_KEY_new()); | 140 crypto::ScopedEC_KEY ecdsa_key(EC_KEY_new()); |
141 CHECK(ecdsa_key.get() != NULL && | 141 CHECK(ecdsa_key.get() != nullptr && |
142 EC_KEY_set_group(ecdsa_key.get(), p256.get())); | 142 EC_KEY_set_group(ecdsa_key.get(), p256.get())); |
143 | 143 |
144 crypto::ScopedOpenSSL<EC_POINT, EC_POINT_free>::Type point( | 144 crypto::ScopedOpenSSL<EC_POINT, EC_POINT_free>::Type point( |
145 EC_POINT_new(p256.get())); | 145 EC_POINT_new(p256.get())); |
146 CHECK(EC_POINT_mul(p256.get(), point.get(), k.get(), NULL, NULL, NULL)); | 146 CHECK(EC_POINT_mul(p256.get(), point.get(), k.get(), nullptr, nullptr, |
| 147 nullptr)); |
147 | 148 |
148 EC_KEY_set_private_key(ecdsa_key.get(), k.get()); | 149 EC_KEY_set_private_key(ecdsa_key.get(), k.get()); |
149 EC_KEY_set_public_key(ecdsa_key.get(), point.get()); | 150 EC_KEY_set_public_key(ecdsa_key.get(), point.get()); |
150 | 151 |
151 crypto::ScopedEVP_PKEY pkey(EVP_PKEY_new()); | 152 crypto::ScopedEVP_PKEY pkey(EVP_PKEY_new()); |
152 // EVP_PKEY_set1_EC_KEY takes a reference so no |release| here. | 153 // EVP_PKEY_set1_EC_KEY takes a reference so no |release| here. |
153 EVP_PKEY_set1_EC_KEY(pkey.get(), ecdsa_key.get()); | 154 EVP_PKEY_set1_EC_KEY(pkey.get(), ecdsa_key.get()); |
154 | 155 |
155 return pkey.release(); | 156 return pkey.release(); |
156 } | 157 } |
157 }; | 158 }; |
158 | 159 |
159 // static | 160 // static |
160 ChannelIDSource* CryptoTestUtils::ChannelIDSourceForTesting() { | 161 ChannelIDSource* CryptoTestUtils::ChannelIDSourceForTesting() { |
161 return new TestChannelIDSource(); | 162 return new TestChannelIDSource(); |
162 } | 163 } |
163 | 164 |
164 } // namespace test | 165 } // namespace test |
165 | 166 |
166 } // namespace net | 167 } // namespace net |
OLD | NEW |