1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include <openssl/bn.h>
6 #include <openssl/dsa.h>
7 #include <openssl/ecdsa.h>
8 #include <openssl/err.h>
9 #include <openssl/evp.h>
10 #include <openssl/pem.h>
11 #include <openssl/rsa.h>
12 #include <openssl/x509.h>
14 #include "base/android/build_info.h"
15 #include "base/android/jni_android.h"
16 #include "base/android/jni_array.h"
17 #include "base/android/scoped_java_ref.h"
18 #include "base/basictypes.h"
19 #include "base/bind.h"
20 #include "base/callback.h"
21 #include "base/compiler_specific.h"
22 #include "base/files/file_path.h"
23 #include "base/files/file_util.h"
24 #include "base/files/scoped_file.h"
25 #include "base/strings/string_number_conversions.h"
26 #include "base/strings/string_util.h"
27 #include "crypto/openssl_util.h"
28 #include "crypto/scoped_openssl_types.h"
29 #include "jni/AndroidKeyStoreTestUtil_jni.h"
30 #include "net/android/keystore.h"
31 #include "net/android/keystore_openssl.h"
32 #include "net/base/test_data_directory.h"
33 #include "testing/gtest/include/gtest/gtest.h"
37 // This source file not only checks that signing with
38 // RawSignDigestWithPrivateKey() works correctly, it also verifies that
39 // the generated signature matches 100% of what OpenSSL generates when
40 // calling RSA_sign(NID_md5_sha1,...), DSA_sign(0, ...) or
41 // ECDSA_sign(0, ...).
43 // That's crucial to ensure that this function can later be used to
44 // implement client certificate support. More specifically, that it is
45 // possible to create a custom EVP_PKEY that uses
46 // RawSignDigestWithPrivateKey() internally to perform RSA/DSA/ECDSA
47 // signing, as invoked by the OpenSSL code at
48 // openssl/ssl/s3_clnt.c:ssl3_send_client_verify().
50 // For more details, read the comments in AndroidKeyStore.java.
52 // Finally, it also checks that using the EVP_PKEY generated with
53 // GetOpenSSLPrivateKeyWrapper() works correctly.
60 typedef crypto::ScopedOpenSSL<PKCS8_PRIV_KEY_INFO,
61 PKCS8_PRIV_KEY_INFO_free>::Type
62 ScopedPKCS8_PRIV_KEY_INFO;
64 typedef base::android::ScopedJavaLocalRef<jobject> ScopedJava;
67 JNIEnv* env = base::android::AttachCurrentThread();
68 static bool inited = false;
70 RegisterNativesImpl(env);
76 // Returns true if running on an Android version older than 4.2
77 bool IsOnAndroidOlderThan_4_2(void) {
78 const int kAndroid42ApiLevel = 17;
79 int level = base::android::BuildInfo::GetInstance()->sdk_int();
80 return level < kAndroid42ApiLevel;
83 // Implements the callback expected by ERR_print_errors_cb().
84 // used by GetOpenSSLErrorString below.
85 int openssl_print_error_callback(const char* msg, size_t msglen, void* u) {
86 std::string* result = reinterpret_cast<std::string*>(u);
87 result->append(msg, msglen);
91 // Retrieves the OpenSSL error as a string
92 std::string GetOpenSSLErrorString(void) {
94 ERR_print_errors_cb(openssl_print_error_callback, &result);
98 // Resize a string to |size| bytes of data, then return its data buffer
99 // address cast as an 'unsigned char*', as expected by OpenSSL functions.
100 // |str| the target string.
101 // |size| the number of bytes to write into the string.
102 // Return the string's new buffer in memory, as an 'unsigned char*'
104 unsigned char* OpenSSLWriteInto(std::string* str, size_t size) {
105 return reinterpret_cast<unsigned char*>(WriteInto(str, size + 1));
108 // Load a given private key file into an EVP_PKEY.
109 // |filename| is the key file path.
110 // Returns a new EVP_PKEY on success, NULL on failure.
111 EVP_PKEY* ImportPrivateKeyFile(const char* filename) {
112 // Load file in memory.
113 base::FilePath certs_dir = GetTestCertsDirectory();
114 base::FilePath file_path = certs_dir.AppendASCII(filename);
115 base::ScopedFILE handle(base::OpenFile(file_path, "rb"));
117 LOG(ERROR) << "Could not open private key file: " << filename;
120 // Assume it is PEM_encoded. Load it as an EVP_PKEY.
121 EVP_PKEY* pkey = PEM_read_PrivateKey(handle.get(), NULL, NULL, NULL);
123 LOG(ERROR) << "Could not load public key file: " << filename
124 << ", " << GetOpenSSLErrorString();
130 // Convert a private key into its PKCS#8 encoded representation.
131 // |pkey| is the EVP_PKEY handle for the private key.
132 // |pkcs8| will receive the PKCS#8 bytes.
133 // Returns true on success, false otherwise.
134 bool GetPrivateKeyPkcs8Bytes(const crypto::ScopedEVP_PKEY& pkey,
135 std::string* pkcs8) {
136 // Convert to PKCS#8 object.
137 ScopedPKCS8_PRIV_KEY_INFO p8_info(EVP_PKEY2PKCS8(pkey.get()));
138 if (!p8_info.get()) {
139 LOG(ERROR) << "Can't get PKCS#8 private key from EVP_PKEY: "
140 << GetOpenSSLErrorString();
145 int len = i2d_PKCS8_PRIV_KEY_INFO(p8_info.get(), NULL);
146 unsigned char* p = OpenSSLWriteInto(pkcs8, static_cast<size_t>(len));
147 i2d_PKCS8_PRIV_KEY_INFO(p8_info.get(), &p);
151 bool ImportPrivateKeyFileAsPkcs8(const char* filename,
152 std::string* pkcs8) {
153 crypto::ScopedEVP_PKEY pkey(ImportPrivateKeyFile(filename));
156 return GetPrivateKeyPkcs8Bytes(pkey, pkcs8);
159 // Same as ImportPrivateKey, but for public ones.
160 EVP_PKEY* ImportPublicKeyFile(const char* filename) {
161 // Load file as PEM data.
162 base::FilePath certs_dir = GetTestCertsDirectory();
163 base::FilePath file_path = certs_dir.AppendASCII(filename);
164 base::ScopedFILE handle(base::OpenFile(file_path, "rb"));
166 LOG(ERROR) << "Could not open public key file: " << filename;
169 EVP_PKEY* pkey = PEM_read_PUBKEY(handle.get(), NULL, NULL, NULL);
171 LOG(ERROR) << "Could not load public key file: " << filename
172 << ", " << GetOpenSSLErrorString();
178 // Retrieve a JNI local ref from encoded PKCS#8 data.
179 ScopedJava GetPKCS8PrivateKeyJava(PrivateKeyType key_type,
180 const std::string& pkcs8_key) {
181 JNIEnv* env = InitEnv();
182 base::android::ScopedJavaLocalRef<jbyteArray> bytes(
183 base::android::ToJavaByteArray(
185 reinterpret_cast<const uint8*>(pkcs8_key.data()),
189 Java_AndroidKeyStoreTestUtil_createPrivateKeyFromPKCS8(
190 env, key_type, bytes.obj()));
195 const char kTestRsaKeyFile[] = "android-test-key-rsa.pem";
197 // The RSA test hash must be 36 bytes exactly.
198 const char kTestRsaHash[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
200 // Retrieve a JNI local ref for our test RSA key.
201 ScopedJava GetRSATestKeyJava() {
203 if (!ImportPrivateKeyFileAsPkcs8(kTestRsaKeyFile, &key))
205 return GetPKCS8PrivateKeyJava(PRIVATE_KEY_TYPE_RSA, key);
208 const char kTestEcdsaKeyFile[] = "android-test-key-ecdsa.pem";
209 const char kTestEcdsaPublicKeyFile[] = "android-test-key-ecdsa-public.pem";
211 // The test hash for ECDSA keys must be 20 bytes exactly.
212 const char kTestEcdsaHash[] = "0123456789ABCDEFGHIJ";
214 // Retrieve a JNI local ref for our test ECDSA key.
215 ScopedJava GetECDSATestKeyJava() {
217 if (!ImportPrivateKeyFileAsPkcs8(kTestEcdsaKeyFile, &key))
219 return GetPKCS8PrivateKeyJava(PRIVATE_KEY_TYPE_ECDSA, key);
222 // Call this function to verify that one message signed with our
223 // test ECDSA private key is correct. Since ECDSA signing introduces
224 // random elements in the signature, it is not possible to compare
225 // signature bits directly. However, one can use the public key
227 bool VerifyTestECDSASignature(const base::StringPiece& message,
228 const base::StringPiece& signature) {
229 crypto::ScopedEVP_PKEY pkey(ImportPublicKeyFile(kTestEcdsaPublicKeyFile));
232 crypto::ScopedEC_KEY pub_key(EVP_PKEY_get1_EC_KEY(pkey.get()));
233 if (!pub_key.get()) {
234 LOG(ERROR) << "Could not get ECDSA public key: "
235 << GetOpenSSLErrorString();
239 const unsigned char* digest =
240 reinterpret_cast<const unsigned char*>(message.data());
241 int digest_len = static_cast<int>(message.size());
242 const unsigned char* sigbuf =
243 reinterpret_cast<const unsigned char*>(signature.data());
244 int siglen = static_cast<int>(signature.size());
246 int ret = ECDSA_verify(
247 0, digest, digest_len, sigbuf, siglen, pub_key.get());
249 LOG(ERROR) << "ECDSA_verify() failed: " << GetOpenSSLErrorString();
255 // Sign a message with OpenSSL, return the result as a string.
256 // |message| is the message to be signed.
257 // |openssl_key| is an OpenSSL EVP_PKEY to use.
258 // |result| receives the result.
259 // Returns true on success, false otherwise.
260 bool SignWithOpenSSL(const base::StringPiece& message,
261 EVP_PKEY* openssl_key,
262 std::string* result) {
263 const unsigned char* digest =
264 reinterpret_cast<const unsigned char*>(message.data());
265 unsigned int digest_len = static_cast<unsigned int>(message.size());
266 std::string signature;
267 size_t signature_size;
268 size_t max_signature_size;
269 int key_type = EVP_PKEY_id(openssl_key);
273 crypto::ScopedRSA rsa(EVP_PKEY_get1_RSA(openssl_key));
275 LOG(ERROR) << "Could not get RSA from EVP_PKEY: "
276 << GetOpenSSLErrorString();
279 // With RSA, the signature will always be RSA_size() bytes.
280 max_signature_size = static_cast<size_t>(RSA_size(rsa.get()));
281 unsigned char* p = OpenSSLWriteInto(&signature,
283 unsigned int p_len = 0;
285 NID_md5_sha1, digest, digest_len, p, &p_len, rsa.get());
287 LOG(ERROR) << "RSA_sign() failed: " << GetOpenSSLErrorString();
290 signature_size = static_cast<size_t>(p_len);
295 crypto::ScopedEC_KEY ecdsa(EVP_PKEY_get1_EC_KEY(openssl_key));
297 LOG(ERROR) << "Could not get EC_KEY from EVP_PKEY: "
298 << GetOpenSSLErrorString();
301 // Note, the actual signature can be smaller than ECDSA_size()
302 max_signature_size = ECDSA_size(ecdsa.get());
303 unsigned char* p = OpenSSLWriteInto(&signature,
305 unsigned int p_len = 0;
306 // Note: first parameter is ignored by function.
307 int ret = ECDSA_sign(
308 0, digest, digest_len, p, &p_len, ecdsa.get());
310 LOG(ERROR) << "ECDSA_sign() fialed: " << GetOpenSSLErrorString();
313 signature_size = static_cast<size_t>(p_len);
317 LOG(WARNING) << "Invalid OpenSSL key type: " << key_type;
321 if (signature_size == 0) {
322 LOG(ERROR) << "Signature is empty!";
325 if (signature_size > max_signature_size) {
326 LOG(ERROR) << "Signature size mismatch, actual " << signature_size
327 << ", expected <= " << max_signature_size;
330 signature.resize(signature_size);
331 result->swap(signature);
335 // Check that a generated signature for a given message matches
336 // OpenSSL output byte-by-byte.
337 // |message| is the input message.
338 // |signature| is the generated signature for the message.
339 // |openssl_key| is a raw EVP_PKEY for the same private key than the
340 // one which was used to generate the signature.
341 // Returns true on success, false otherwise.
342 bool CompareSignatureWithOpenSSL(const base::StringPiece& message,
343 const base::StringPiece& signature,
344 EVP_PKEY* openssl_key) {
345 std::string openssl_signature;
346 SignWithOpenSSL(message, openssl_key, &openssl_signature);
348 if (signature.size() != openssl_signature.size()) {
349 LOG(ERROR) << "Signature size mismatch, actual "
350 << signature.size() << ", expected "
351 << openssl_signature.size();
354 for (size_t n = 0; n < signature.size(); ++n) {
355 if (openssl_signature[n] != signature[n]) {
356 LOG(ERROR) << "Signature byte mismatch at index " << n
357 << "actual " << signature[n] << ", expected "
358 << openssl_signature[n];
359 LOG(ERROR) << "Actual signature : "
360 << base::HexEncode(signature.data(), signature.size());
361 LOG(ERROR) << "Expected signature: "
362 << base::HexEncode(openssl_signature.data(),
363 openssl_signature.size());
370 // Sign a message with our platform API.
372 // |android_key| is a JNI reference to the platform PrivateKey object.
373 // |openssl_key| is a pointer to an OpenSSL key object for the exact
375 // |message| is a message.
376 // |result| will receive the result.
377 void DoKeySigning(jobject android_key,
378 EVP_PKEY* openssl_key,
379 const base::StringPiece& message,
380 std::string* result) {
381 // First, get the platform signature.
382 std::vector<uint8> android_signature;
384 RawSignDigestWithPrivateKey(android_key,
386 &android_signature));
389 reinterpret_cast<const char*>(&android_signature[0]),
390 android_signature.size());
393 // Sign a message with our OpenSSL EVP_PKEY wrapper around platform
396 // |android_key| is a JNI reference to the platform PrivateKey object.
397 // |openssl_key| is a pointer to an OpenSSL key object for the exact
399 // |message| is a message.
400 // |result| will receive the result.
401 void DoKeySigningWithWrapper(EVP_PKEY* wrapper_key,
402 EVP_PKEY* openssl_key,
403 const base::StringPiece& message,
404 std::string* result) {
405 // First, get the platform signature.
406 std::string wrapper_signature;
407 SignWithOpenSSL(message, wrapper_key, &wrapper_signature);
408 ASSERT_NE(0U, wrapper_signature.size());
411 reinterpret_cast<const char*>(&wrapper_signature[0]),
412 wrapper_signature.size());
417 TEST(AndroidKeyStore,GetRSAKeyModulus) {
418 crypto::OpenSSLErrStackTracer err_trace(FROM_HERE);
421 // Load the test RSA key.
422 crypto::ScopedEVP_PKEY pkey(ImportPrivateKeyFile(kTestRsaKeyFile));
423 ASSERT_TRUE(pkey.get());
425 // Convert it to encoded PKCS#8 bytes.
426 std::string pkcs8_data;
427 ASSERT_TRUE(GetPrivateKeyPkcs8Bytes(pkey, &pkcs8_data));
429 // Create platform PrivateKey object from it.
430 ScopedJava key_java = GetPKCS8PrivateKeyJava(PRIVATE_KEY_TYPE_RSA,
432 ASSERT_FALSE(key_java.is_null());
434 // Retrieve the corresponding modulus through JNI
435 std::vector<uint8> modulus_java;
436 ASSERT_TRUE(GetRSAKeyModulus(key_java.obj(), &modulus_java));
438 // Create an OpenSSL BIGNUM from it.
439 crypto::ScopedBIGNUM bn(
440 BN_bin2bn(reinterpret_cast<const unsigned char*>(&modulus_java[0]),
441 static_cast<int>(modulus_java.size()),
443 ASSERT_TRUE(bn.get());
445 // Compare it to the one in the RSA key, they must be identical.
446 crypto::ScopedRSA rsa(EVP_PKEY_get1_RSA(pkey.get()));
447 ASSERT_TRUE(rsa.get()) << GetOpenSSLErrorString();
449 ASSERT_EQ(0, BN_cmp(bn.get(), rsa.get()->n));
452 TEST(AndroidKeyStore,GetPrivateKeyTypeRSA) {
453 crypto::OpenSSLErrStackTracer err_trace(FROM_HERE);
455 ScopedJava rsa_key = GetRSATestKeyJava();
456 ASSERT_FALSE(rsa_key.is_null());
457 EXPECT_EQ(PRIVATE_KEY_TYPE_RSA,
458 GetPrivateKeyType(rsa_key.obj()));
461 TEST(AndroidKeyStore,SignWithPrivateKeyRSA) {
462 ScopedJava rsa_key = GetRSATestKeyJava();
463 ASSERT_FALSE(rsa_key.is_null());
465 if (IsOnAndroidOlderThan_4_2()) {
466 LOG(INFO) << "This test can't run on Android < 4.2";
470 crypto::ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestRsaKeyFile));
471 ASSERT_TRUE(openssl_key.get());
473 std::string message = kTestRsaHash;
474 ASSERT_EQ(36U, message.size());
476 std::string signature;
477 DoKeySigning(rsa_key.obj(), openssl_key.get(), message, &signature);
479 CompareSignatureWithOpenSSL(message, signature, openssl_key.get()));
483 TEST(AndroidKeyStore,SignWithWrapperKeyRSA) {
484 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
486 ScopedJava rsa_key = GetRSATestKeyJava();
487 ASSERT_FALSE(rsa_key.is_null());
489 crypto::ScopedEVP_PKEY wrapper_key(
490 GetOpenSSLPrivateKeyWrapper(rsa_key.obj()));
491 ASSERT_TRUE(wrapper_key.get() != NULL);
493 crypto::ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestRsaKeyFile));
494 ASSERT_TRUE(openssl_key.get());
496 // Check that RSA_size() works properly on the wrapper key.
497 EXPECT_EQ(EVP_PKEY_size(openssl_key.get()),
498 EVP_PKEY_size(wrapper_key.get()));
500 // Message size must be 36 for RSA_sign(NID_md5_sha1,...) to return
502 std::string message = kTestRsaHash;
503 ASSERT_EQ(36U, message.size());
505 std::string signature;
506 DoKeySigningWithWrapper(wrapper_key.get(),
511 CompareSignatureWithOpenSSL(message, signature, openssl_key.get()));
514 TEST(AndroidKeyStore,GetPrivateKeyTypeECDSA) {
515 crypto::OpenSSLErrStackTracer err_trace(FROM_HERE);
517 ScopedJava ecdsa_key = GetECDSATestKeyJava();
518 ASSERT_FALSE(ecdsa_key.is_null());
519 EXPECT_EQ(PRIVATE_KEY_TYPE_ECDSA,
520 GetPrivateKeyType(ecdsa_key.obj()));
523 TEST(AndroidKeyStore,SignWithPrivateKeyECDSA) {
524 ScopedJava ecdsa_key = GetECDSATestKeyJava();
525 ASSERT_FALSE(ecdsa_key.is_null());
527 crypto::ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestEcdsaKeyFile));
528 ASSERT_TRUE(openssl_key.get());
530 std::string message = kTestEcdsaHash;
531 std::string signature;
532 DoKeySigning(ecdsa_key.obj(), openssl_key.get(), message, &signature);
533 ASSERT_TRUE(VerifyTestECDSASignature(message, signature));
536 TEST(AndroidKeyStore, SignWithWrapperKeyECDSA) {
537 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
539 ScopedJava ecdsa_key = GetECDSATestKeyJava();
540 ASSERT_FALSE(ecdsa_key.is_null());
542 crypto::ScopedEVP_PKEY wrapper_key(
543 GetOpenSSLPrivateKeyWrapper(ecdsa_key.obj()));
544 ASSERT_TRUE(wrapper_key.get());
546 crypto::ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestEcdsaKeyFile));
547 ASSERT_TRUE(openssl_key.get());
549 // Check that ECDSA size works correctly on the wrapper.
550 EXPECT_EQ(EVP_PKEY_size(openssl_key.get()),
551 EVP_PKEY_size(wrapper_key.get()));
553 std::string message = kTestEcdsaHash;
554 std::string signature;
555 DoKeySigningWithWrapper(wrapper_key.get(),
559 ASSERT_TRUE(VerifyTestECDSASignature(message, signature));
562 } // namespace android
projects / platform / framework / web / crosswalk.git / blob