1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "net/quic/test_tools/crypto_test_utils.h"
7 #include <openssl/bn.h>
8 #include <openssl/ec.h>
9 #include <openssl/ecdsa.h>
10 #include <openssl/evp.h>
11 #include <openssl/obj_mac.h>
12 #include <openssl/sha.h>
14 #include "crypto/openssl_util.h"
15 #include "crypto/scoped_openssl_types.h"
16 #include "crypto/secure_hash.h"
17 #include "net/quic/crypto/channel_id.h"
19 using base::StringPiece;
26 class TestChannelIDKey : public ChannelIDKey {
28 explicit TestChannelIDKey(EVP_PKEY* ecdsa_key) : ecdsa_key_(ecdsa_key) {}
29 ~TestChannelIDKey() override {}
31 // ChannelIDKey implementation.
33 bool Sign(StringPiece signed_data, string* out_signature) const override {
34 crypto::ScopedEVP_MD_CTX md_ctx(EVP_MD_CTX_create());
36 EVP_DigestSignInit(md_ctx.get(), nullptr, EVP_sha256(), nullptr,
37 ecdsa_key_.get()) != 1) {
41 EVP_DigestUpdate(md_ctx.get(), ChannelIDVerifier::kContextStr,
42 strlen(ChannelIDVerifier::kContextStr) + 1);
43 EVP_DigestUpdate(md_ctx.get(), ChannelIDVerifier::kClientToServerStr,
44 strlen(ChannelIDVerifier::kClientToServerStr) + 1);
45 EVP_DigestUpdate(md_ctx.get(), signed_data.data(), signed_data.size());
48 if (!EVP_DigestSignFinal(md_ctx.get(), nullptr, &sig_len)) {
52 scoped_ptr<uint8[]> der_sig(new uint8[sig_len]);
53 if (!EVP_DigestSignFinal(md_ctx.get(), der_sig.get(), &sig_len)) {
57 uint8* derp = der_sig.get();
58 crypto::ScopedECDSA_SIG sig(
59 d2i_ECDSA_SIG(nullptr, const_cast<const uint8**>(&derp), sig_len));
60 if (sig.get() == nullptr) {
64 // The signature consists of a pair of 32-byte numbers.
65 static const size_t kSignatureLength = 32 * 2;
66 scoped_ptr<uint8[]> signature(new uint8[kSignatureLength]);
67 memset(signature.get(), 0, kSignatureLength);
68 BN_bn2bin(sig.get()->r, signature.get() + 32 - BN_num_bytes(sig.get()->r));
69 BN_bn2bin(sig.get()->s, signature.get() + 64 - BN_num_bytes(sig.get()->s));
71 *out_signature = string(reinterpret_cast<char*>(signature.get()),
77 string SerializeKey() const override {
78 // i2d_PublicKey will produce an ANSI X9.62 public key which, for a P-256
79 // key, is 0x04 (meaning uncompressed) followed by the x and y field
80 // elements as 32-byte, big-endian numbers.
81 static const int kExpectedKeyLength = 65;
83 int len = i2d_PublicKey(ecdsa_key_.get(), nullptr);
84 if (len != kExpectedKeyLength) {
88 uint8 buf[kExpectedKeyLength];
90 i2d_PublicKey(ecdsa_key_.get(), &derp);
92 return string(reinterpret_cast<char*>(buf + 1), kExpectedKeyLength - 1);
96 crypto::ScopedEVP_PKEY ecdsa_key_;
99 class TestChannelIDSource : public ChannelIDSource {
101 ~TestChannelIDSource() override {}
103 // ChannelIDSource implementation.
105 QuicAsyncStatus GetChannelIDKey(
106 const string& hostname,
107 scoped_ptr<ChannelIDKey>* channel_id_key,
108 ChannelIDSourceCallback* /*callback*/) override {
109 channel_id_key->reset(new TestChannelIDKey(HostnameToKey(hostname)));
114 static EVP_PKEY* HostnameToKey(const string& hostname) {
115 // In order to generate a deterministic key for a given hostname the
116 // hostname is hashed with SHA-256 and the resulting digest is treated as a
117 // big-endian number. The most-significant bit is cleared to ensure that
118 // the resulting value is less than the order of the group and then it's
119 // taken as a private key. Given the private key, the public key is
120 // calculated with a group multiplication.
122 SHA256_Init(&sha256);
123 SHA256_Update(&sha256, hostname.data(), hostname.size());
125 unsigned char digest[SHA256_DIGEST_LENGTH];
126 SHA256_Final(digest, &sha256);
128 // Ensure that the digest is less than the order of the P-256 group by
129 // clearing the most-significant bit.
132 crypto::ScopedBIGNUM k(BN_new());
133 CHECK(BN_bin2bn(digest, sizeof(digest), k.get()) != nullptr);
135 crypto::ScopedOpenSSL<EC_GROUP, EC_GROUP_free>::Type p256(
136 EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1));
139 crypto::ScopedEC_KEY ecdsa_key(EC_KEY_new());
140 CHECK(ecdsa_key.get() != nullptr &&
141 EC_KEY_set_group(ecdsa_key.get(), p256.get()));
143 crypto::ScopedOpenSSL<EC_POINT, EC_POINT_free>::Type point(
144 EC_POINT_new(p256.get()));
145 CHECK(EC_POINT_mul(p256.get(), point.get(), k.get(), nullptr, nullptr,
148 EC_KEY_set_private_key(ecdsa_key.get(), k.get());
149 EC_KEY_set_public_key(ecdsa_key.get(), point.get());
151 crypto::ScopedEVP_PKEY pkey(EVP_PKEY_new());
152 // EVP_PKEY_set1_EC_KEY takes a reference so no |release| here.
153 EVP_PKEY_set1_EC_KEY(pkey.get(), ecdsa_key.get());
155 return pkey.release();
160 ChannelIDSource* CryptoTestUtils::ChannelIDSourceForTesting() {
161 return new TestChannelIDSource();