crypto/scoped_mock_unexportable_key_provider.cc

   1 // Copyright 2021 The Chromium Authors
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include <vector>
   6
   7 #include "base/check.h"
   8 #include "crypto/scoped_mock_unexportable_key_provider.h"
   9 #include "crypto/sha2.h"
  10 #include "crypto/signature_verifier.h"
  11 #include "crypto/unexportable_key.h"
  12 #include "third_party/boringssl/src/include/openssl/bytestring.h"
  13 #include "third_party/boringssl/src/include/openssl/ec.h"
  14 #include "third_party/boringssl/src/include/openssl/ec_key.h"
  15 #include "third_party/boringssl/src/include/openssl/ecdsa.h"
  16 #include "third_party/boringssl/src/include/openssl/evp.h"
  17 #include "third_party/boringssl/src/include/openssl/obj.h"
  18
  19 namespace crypto {
  20
  21 namespace {
  22
  23 std::vector<uint8_t> CBBToVector(const CBB* cbb) {
  24   return std::vector<uint8_t>(CBB_data(cbb), CBB_data(cbb) + CBB_len(cbb));
  25 }
  26
  27 class SoftwareECDSA : public UnexportableSigningKey {
  28  public:
  29   explicit SoftwareECDSA(bssl::UniquePtr<EC_KEY> key) : key_(std::move(key)) {}
  30   ~SoftwareECDSA() override = default;
  31
  32   SignatureVerifier::SignatureAlgorithm Algorithm() const override {
  33     return SignatureVerifier::SignatureAlgorithm::ECDSA_SHA256;
  34   }
  35
  36   std::vector<uint8_t> GetSubjectPublicKeyInfo() const override {
  37     bssl::UniquePtr<EVP_PKEY> pkey(EVP_PKEY_new());
  38     CHECK(EVP_PKEY_set1_EC_KEY(pkey.get(), key_.get()));
  39
  40     bssl::ScopedCBB cbb;
  41     CHECK(CBB_init(cbb.get(), /*initial_capacity=*/128) &&
  42           EVP_marshal_public_key(cbb.get(), pkey.get()));
  43     return CBBToVector(cbb.get());
  44   }
  45
  46   std::vector<uint8_t> GetWrappedKey() const override {
  47     bssl::ScopedCBB cbb;
  48     CHECK(
  49         CBB_init(cbb.get(), /*initial_capacity=*/128) &&
  50         EC_KEY_marshal_private_key(cbb.get(), key_.get(),
  51                                    EC_PKEY_NO_PARAMETERS | EC_PKEY_NO_PUBKEY));
  52     return CBBToVector(cbb.get());
  53   }
  54
  55   absl::optional<std::vector<uint8_t>> SignSlowly(
  56       base::span<const uint8_t> data) override {
  57     std::vector<uint8_t> ret(ECDSA_size(key_.get()));
  58     std::array<uint8_t, kSHA256Length> digest = SHA256Hash(data);
  59     unsigned int ret_size;
  60     CHECK(ECDSA_sign(0, digest.data(), digest.size(), ret.data(), &ret_size,
  61                      key_.get()));
  62     ret.resize(ret_size);
  63     return ret;
  64   }
  65
  66  private:
  67   bssl::UniquePtr<EC_KEY> key_;
  68 };
  69
  70 class SoftwareProvider : public UnexportableKeyProvider {
  71  public:
  72   ~SoftwareProvider() override = default;
  73
  74   absl::optional<SignatureVerifier::SignatureAlgorithm> SelectAlgorithm(
  75       base::span<const SignatureVerifier::SignatureAlgorithm>
  76           acceptable_algorithms) override {
  77     for (auto algo : acceptable_algorithms) {
  78       if (algo == SignatureVerifier::SignatureAlgorithm::ECDSA_SHA256) {
  79         return algo;
  80       }
  81     }
  82
  83     return absl::nullopt;
  84   }
  85
  86   std::unique_ptr<UnexportableSigningKey> GenerateSigningKeySlowly(
  87       base::span<const SignatureVerifier::SignatureAlgorithm>
  88           acceptable_algorithms) override {
  89     if (!SelectAlgorithm(acceptable_algorithms)) {
  90       return nullptr;
  91     }
  92
  93     bssl::UniquePtr<EC_KEY> key(EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
  94     CHECK(EC_KEY_generate_key(key.get()));
  95
  96     return std::make_unique<SoftwareECDSA>(std::move(key));
  97   }
  98
  99   std::unique_ptr<UnexportableSigningKey> FromWrappedSigningKeySlowly(
 100       base::span<const uint8_t> wrapped_key) override {
 101     bssl::UniquePtr<EC_GROUP> p256(
 102         EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1));
 103     CBS cbs;
 104     CBS_init(&cbs, wrapped_key.data(), wrapped_key.size());
 105     bssl::UniquePtr<EC_KEY> key(EC_KEY_parse_private_key(&cbs, p256.get()));
 106     if (!key || CBS_len(&cbs) != 0) {
 107       return nullptr;
 108     }
 109     return std::make_unique<SoftwareECDSA>(std::move(key));
 110   }
 111 };
 112
 113 std::unique_ptr<UnexportableKeyProvider> GetUnexportableKeyProviderMock() {
 114   return std::make_unique<SoftwareProvider>();
 115 }
 116
 117 }  // namespace
 118
 119 ScopedMockUnexportableKeyProvider::ScopedMockUnexportableKeyProvider() {
 120   internal::SetUnexportableKeyProviderForTesting(
 121       GetUnexportableKeyProviderMock);
 122 }
 123
 124 ScopedMockUnexportableKeyProvider::~ScopedMockUnexportableKeyProvider() {
 125   internal::SetUnexportableKeyProviderForTesting(nullptr);
 126 }
 127
 128 }  // namespace crypto