1 // Copyright 2016 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/ssl/ssl_platform_key_util.h"
6
7 #include <stddef.h>
8
9 #include "base/memory/ref_counted.h"
10 #include "net/cert/asn1_util.h"
11 #include "net/cert/x509_certificate.h"
12 #include "net/cert/x509_util.h"
13 #include "net/ssl/ssl_private_key.h"
14 #include "net/test/cert_test_util.h"
15 #include "net/test/test_data_directory.h"
16 #include "testing/gtest/include/gtest/gtest.h"
17 #include "third_party/boringssl/src/include/openssl/ecdsa.h"
18 #include "third_party/boringssl/src/include/openssl/evp.h"
19
20 namespace net {
21
22 namespace {
23
GetClientCertInfoFromFile(const char * filename,int * out_type,size_t * out_max_length)24 bool GetClientCertInfoFromFile(const char* filename,
25 int* out_type,
26 size_t* out_max_length) {
27 scoped_refptr<X509Certificate> cert =
28 ImportCertFromFile(GetTestCertsDirectory(), filename);
29 if (!cert) {
30 ADD_FAILURE() << "Could not read " << filename;
31 return false;
32 }
33
34 return GetClientCertInfo(cert.get(), out_type, out_max_length);
35 }
36
GetPublicKeyInfoFromCertificateFile(const char * filename,int * out_type,size_t * out_max_length)37 bool GetPublicKeyInfoFromCertificateFile(const char* filename,
38 int* out_type,
39 size_t* out_max_length) {
40 scoped_refptr<X509Certificate> cert =
41 ImportCertFromFile(GetTestCertsDirectory(), filename);
42 if (!cert) {
43 ADD_FAILURE() << "Could not read " << filename;
44 return false;
45 }
46
47 std::string_view spki;
48 if (!asn1::ExtractSPKIFromDERCert(
49 x509_util::CryptoBufferAsStringPiece(cert->cert_buffer()), &spki)) {
50 LOG(ERROR) << "Could not extract SPKI from certificate.";
51 return false;
52 }
53
54 return GetPublicKeyInfo(base::as_byte_span(spki), out_type, out_max_length);
55 }
56
BitsToBytes(size_t bits)57 size_t BitsToBytes(size_t bits) {
58 return (bits + 7) / 8;
59 }
60
61 } // namespace
62
TEST(SSLPlatformKeyUtil,GetClientCertInfo)63 TEST(SSLPlatformKeyUtil, GetClientCertInfo) {
64 int type;
65 size_t max_length;
66
67 ASSERT_TRUE(GetClientCertInfoFromFile("client_1.pem", &type, &max_length));
68 EXPECT_EQ(EVP_PKEY_RSA, type);
69 EXPECT_EQ(2048u / 8u, max_length);
70
71 ASSERT_TRUE(GetClientCertInfoFromFile("client_4.pem", &type, &max_length));
72 EXPECT_EQ(EVP_PKEY_EC, type);
73 EXPECT_EQ(ECDSA_SIG_max_len(BitsToBytes(256)), max_length);
74
75 ASSERT_TRUE(GetClientCertInfoFromFile("client_5.pem", &type, &max_length));
76 EXPECT_EQ(EVP_PKEY_EC, type);
77 EXPECT_EQ(ECDSA_SIG_max_len(BitsToBytes(384)), max_length);
78
79 ASSERT_TRUE(GetClientCertInfoFromFile("client_6.pem", &type, &max_length));
80 EXPECT_EQ(EVP_PKEY_EC, type);
81 EXPECT_EQ(ECDSA_SIG_max_len(BitsToBytes(521)), max_length);
82 }
83
TEST(SSLPlatformKeyUtil,GetPublicKeyInfo)84 TEST(SSLPlatformKeyUtil, GetPublicKeyInfo) {
85 int type;
86 size_t max_length;
87
88 ASSERT_TRUE(
89 GetPublicKeyInfoFromCertificateFile("client_1.pem", &type, &max_length));
90 EXPECT_EQ(EVP_PKEY_RSA, type);
91 EXPECT_EQ(2048u / 8u, max_length);
92
93 ASSERT_TRUE(
94 GetPublicKeyInfoFromCertificateFile("client_4.pem", &type, &max_length));
95 EXPECT_EQ(EVP_PKEY_EC, type);
96 EXPECT_EQ(ECDSA_SIG_max_len(BitsToBytes(256)), max_length);
97
98 ASSERT_TRUE(
99 GetPublicKeyInfoFromCertificateFile("client_5.pem", &type, &max_length));
100 EXPECT_EQ(EVP_PKEY_EC, type);
101 EXPECT_EQ(ECDSA_SIG_max_len(BitsToBytes(384)), max_length);
102
103 ASSERT_TRUE(
104 GetPublicKeyInfoFromCertificateFile("client_6.pem", &type, &max_length));
105 EXPECT_EQ(EVP_PKEY_EC, type);
106 EXPECT_EQ(ECDSA_SIG_max_len(BitsToBytes(521)), max_length);
107 }
108
109 } // namespace net
110