1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include <openssl/bn.h>
6 #include <openssl/dsa.h>
7 #include <openssl/ecdsa.h>
8 #include <openssl/err.h>
9 #include <openssl/evp.h>
10 #include <openssl/pem.h>
11 #include <openssl/rsa.h>
12 #include <openssl/x509.h>
13
14 #include "base/android/build_info.h"
15 #include "base/android/jni_android.h"
16 #include "base/android/jni_array.h"
17 #include "base/android/scoped_java_ref.h"
18 #include "base/basictypes.h"
19 #include "base/bind.h"
20 #include "base/callback.h"
21 #include "base/compiler_specific.h"
22 #include "base/file_util.h"
23 #include "base/files/file_path.h"
24 #include "base/memory/scoped_handle.h"
25 #include "base/strings/string_number_conversions.h"
26 #include "base/strings/string_util.h"
27 #include "crypto/openssl_util.h"
28 #include "jni/AndroidKeyStoreTestUtil_jni.h"
29 #include "net/android/keystore.h"
30 #include "net/android/keystore_openssl.h"
31 #include "net/base/test_data_directory.h"
32 #include "testing/gtest/include/gtest/gtest.h"
33
34 // Technical note:
35 //
36 // This source file not only checks that signing with
37 // RawSignDigestWithPrivateKey() works correctly, it also verifies that
38 // the generated signature matches 100% of what OpenSSL generates when
39 // calling RSA_sign(NID_md5_sha1,...), DSA_sign(0, ...) or
40 // ECDSA_sign(0, ...).
41 //
42 // That's crucial to ensure that this function can later be used to
43 // implement client certificate support. More specifically, that it is
44 // possible to create a custom EVP_PKEY that uses
45 // RawSignDigestWithPrivateKey() internally to perform RSA/DSA/ECDSA
46 // signing, as invoked by the OpenSSL code at
47 // openssl/ssl/s3_clnt.c:ssl3_send_client_verify().
48 //
49 // For more details, read the comments in AndroidKeyStore.java.
50 //
51 // Finally, it also checks that using the EVP_PKEY generated with
52 // GetOpenSSLPrivateKeyWrapper() works correctly.
53
54 namespace net {
55 namespace android {
56
57 namespace {
58
59 typedef crypto::ScopedOpenSSL<EVP_PKEY, EVP_PKEY_free> ScopedEVP_PKEY;
60 typedef crypto::ScopedOpenSSL<RSA, RSA_free> ScopedRSA;
61 typedef crypto::ScopedOpenSSL<DSA, DSA_free> ScopedDSA;
62 typedef crypto::ScopedOpenSSL<EC_KEY, EC_KEY_free> ScopedEC_KEY;
63 typedef crypto::ScopedOpenSSL<BIGNUM, BN_free> ScopedBIGNUM;
64
65 typedef crypto::ScopedOpenSSL<
66 PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_free>
67 ScopedPKCS8_PRIV_KEY_INFO;
68
69 typedef base::android::ScopedJavaLocalRef<jobject> ScopedJava;
70
InitEnv()71 JNIEnv* InitEnv() {
72 JNIEnv* env = base::android::AttachCurrentThread();
73 static bool inited = false;
74 if (!inited) {
75 RegisterNativesImpl(env);
76 inited = true;
77 }
78 return env;
79 }
80
81 // Returns true if running on an Android version older than 4.2
IsOnAndroidOlderThan_4_2(void)82 bool IsOnAndroidOlderThan_4_2(void) {
83 const int kAndroid42ApiLevel = 17;
84 int level = base::android::BuildInfo::GetInstance()->sdk_int();
85 return level < kAndroid42ApiLevel;
86 }
87
88 // Implements the callback expected by ERR_print_errors_cb().
89 // used by GetOpenSSLErrorString below.
openssl_print_error_callback(const char * msg,size_t msglen,void * u)90 int openssl_print_error_callback(const char* msg, size_t msglen, void* u) {
91 std::string* result = reinterpret_cast<std::string*>(u);
92 result->append(msg, msglen);
93 return 1;
94 }
95
96 // Retrieves the OpenSSL error as a string
GetOpenSSLErrorString(void)97 std::string GetOpenSSLErrorString(void) {
98 std::string result;
99 ERR_print_errors_cb(openssl_print_error_callback, &result);
100 return result;
101 }
102
103 // Resize a string to |size| bytes of data, then return its data buffer
104 // address cast as an 'unsigned char*', as expected by OpenSSL functions.
105 // |str| the target string.
106 // |size| the number of bytes to write into the string.
107 // Return the string's new buffer in memory, as an 'unsigned char*'
108 // pointer.
OpenSSLWriteInto(std::string * str,size_t size)109 unsigned char* OpenSSLWriteInto(std::string* str, size_t size) {
110 return reinterpret_cast<unsigned char*>(WriteInto(str, size + 1));
111 }
112
113 // Load a given private key file into an EVP_PKEY.
114 // |filename| is the key file path.
115 // Returns a new EVP_PKEY on success, NULL on failure.
ImportPrivateKeyFile(const char * filename)116 EVP_PKEY* ImportPrivateKeyFile(const char* filename) {
117 // Load file in memory.
118 base::FilePath certs_dir = GetTestCertsDirectory();
119 base::FilePath file_path = certs_dir.AppendASCII(filename);
120 ScopedStdioHandle handle(base::OpenFile(file_path, "rb"));
121 if (!handle.get()) {
122 LOG(ERROR) << "Could not open private key file: " << filename;
123 return NULL;
124 }
125 // Assume it is PEM_encoded. Load it as an EVP_PKEY.
126 EVP_PKEY* pkey = PEM_read_PrivateKey(handle.get(), NULL, NULL, NULL);
127 if (!pkey) {
128 LOG(ERROR) << "Could not load public key file: " << filename
129 << ", " << GetOpenSSLErrorString();
130 return NULL;
131 }
132 return pkey;
133 }
134
135 // Convert a private key into its PKCS#8 encoded representation.
136 // |pkey| is the EVP_PKEY handle for the private key.
137 // |pkcs8| will receive the PKCS#8 bytes.
138 // Returns true on success, false otherwise.
GetPrivateKeyPkcs8Bytes(const ScopedEVP_PKEY & pkey,std::string * pkcs8)139 bool GetPrivateKeyPkcs8Bytes(const ScopedEVP_PKEY& pkey,
140 std::string* pkcs8) {
141 // Convert to PKCS#8 object.
142 ScopedPKCS8_PRIV_KEY_INFO p8_info(EVP_PKEY2PKCS8(pkey.get()));
143 if (!p8_info.get()) {
144 LOG(ERROR) << "Can't get PKCS#8 private key from EVP_PKEY: "
145 << GetOpenSSLErrorString();
146 return false;
147 }
148
149 // Then convert it
150 int len = i2d_PKCS8_PRIV_KEY_INFO(p8_info.get(), NULL);
151 unsigned char* p = OpenSSLWriteInto(pkcs8, static_cast<size_t>(len));
152 i2d_PKCS8_PRIV_KEY_INFO(p8_info.get(), &p);
153 return true;
154 }
155
ImportPrivateKeyFileAsPkcs8(const char * filename,std::string * pkcs8)156 bool ImportPrivateKeyFileAsPkcs8(const char* filename,
157 std::string* pkcs8) {
158 ScopedEVP_PKEY pkey(ImportPrivateKeyFile(filename));
159 if (!pkey.get())
160 return false;
161 return GetPrivateKeyPkcs8Bytes(pkey, pkcs8);
162 }
163
164 // Same as ImportPrivateKey, but for public ones.
ImportPublicKeyFile(const char * filename)165 EVP_PKEY* ImportPublicKeyFile(const char* filename) {
166 // Load file as PEM data.
167 base::FilePath certs_dir = GetTestCertsDirectory();
168 base::FilePath file_path = certs_dir.AppendASCII(filename);
169 ScopedStdioHandle handle(base::OpenFile(file_path, "rb"));
170 if (!handle.get()) {
171 LOG(ERROR) << "Could not open public key file: " << filename;
172 return NULL;
173 }
174 EVP_PKEY* pkey = PEM_read_PUBKEY(handle.get(), NULL, NULL, NULL);
175 if (!pkey) {
176 LOG(ERROR) << "Could not load public key file: " << filename
177 << ", " << GetOpenSSLErrorString();
178 return NULL;
179 }
180 return pkey;
181 }
182
183 // Retrieve a JNI local ref from encoded PKCS#8 data.
GetPKCS8PrivateKeyJava(PrivateKeyType key_type,const std::string & pkcs8_key)184 ScopedJava GetPKCS8PrivateKeyJava(PrivateKeyType key_type,
185 const std::string& pkcs8_key) {
186 JNIEnv* env = InitEnv();
187 base::android::ScopedJavaLocalRef<jbyteArray> bytes(
188 base::android::ToJavaByteArray(
189 env,
190 reinterpret_cast<const uint8*>(pkcs8_key.data()),
191 pkcs8_key.size()));
192
193 ScopedJava key(
194 Java_AndroidKeyStoreTestUtil_createPrivateKeyFromPKCS8(
195 env, key_type, bytes.obj()));
196
197 return key;
198 }
199
200 const char kTestRsaKeyFile[] = "android-test-key-rsa.pem";
201
202 // The RSA test hash must be 36 bytes exactly.
203 const char kTestRsaHash[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
204
205 // Retrieve a JNI local ref for our test RSA key.
GetRSATestKeyJava()206 ScopedJava GetRSATestKeyJava() {
207 std::string key;
208 if (!ImportPrivateKeyFileAsPkcs8(kTestRsaKeyFile, &key))
209 return ScopedJava();
210 return GetPKCS8PrivateKeyJava(PRIVATE_KEY_TYPE_RSA, key);
211 }
212
213 const char kTestDsaKeyFile[] = "android-test-key-dsa.pem";
214 const char kTestDsaPublicKeyFile[] = "android-test-key-dsa-public.pem";
215
216 // The DSA test hash must be 20 bytes exactly.
217 const char kTestDsaHash[] = "0123456789ABCDEFGHIJ";
218
219 // Retrieve a JNI local ref for our test DSA key.
GetDSATestKeyJava()220 ScopedJava GetDSATestKeyJava() {
221 std::string key;
222 if (!ImportPrivateKeyFileAsPkcs8(kTestDsaKeyFile, &key))
223 return ScopedJava();
224 return GetPKCS8PrivateKeyJava(PRIVATE_KEY_TYPE_DSA, key);
225 }
226
227 // Call this function to verify that one message signed with our
228 // test DSA private key is correct. Since DSA signing introduces
229 // random elements in the signature, it is not possible to compare
230 // signature bits directly. However, one can use the public key
231 // to do the check.
VerifyTestDSASignature(const base::StringPiece & message,const base::StringPiece & signature)232 bool VerifyTestDSASignature(const base::StringPiece& message,
233 const base::StringPiece& signature) {
234 ScopedEVP_PKEY pkey(ImportPublicKeyFile(kTestDsaPublicKeyFile));
235 if (!pkey.get())
236 return false;
237
238 ScopedDSA pub_key(EVP_PKEY_get1_DSA(pkey.get()));
239 if (!pub_key.get()) {
240 LOG(ERROR) << "Could not get DSA public key: "
241 << GetOpenSSLErrorString();
242 return false;
243 }
244
245 const unsigned char* digest =
246 reinterpret_cast<const unsigned char*>(message.data());
247 int digest_len = static_cast<int>(message.size());
248 const unsigned char* sigbuf =
249 reinterpret_cast<const unsigned char*>(signature.data());
250 int siglen = static_cast<int>(signature.size());
251
252 int ret = DSA_verify(
253 0, digest, digest_len, sigbuf, siglen, pub_key.get());
254 if (ret != 1) {
255 LOG(ERROR) << "DSA_verify() failed: " << GetOpenSSLErrorString();
256 return false;
257 }
258 return true;
259 }
260
261 const char kTestEcdsaKeyFile[] = "android-test-key-ecdsa.pem";
262 const char kTestEcdsaPublicKeyFile[] = "android-test-key-ecdsa-public.pem";
263
264 // The test hash for ECDSA keys must be 20 bytes exactly.
265 const char kTestEcdsaHash[] = "0123456789ABCDEFGHIJ";
266
267 // Retrieve a JNI local ref for our test ECDSA key.
GetECDSATestKeyJava()268 ScopedJava GetECDSATestKeyJava() {
269 std::string key;
270 if (!ImportPrivateKeyFileAsPkcs8(kTestEcdsaKeyFile, &key))
271 return ScopedJava();
272 return GetPKCS8PrivateKeyJava(PRIVATE_KEY_TYPE_ECDSA, key);
273 }
274
275 // Call this function to verify that one message signed with our
276 // test DSA private key is correct. Since DSA signing introduces
277 // random elements in the signature, it is not possible to compare
278 // signature bits directly. However, one can use the public key
279 // to do the check.
VerifyTestECDSASignature(const base::StringPiece & message,const base::StringPiece & signature)280 bool VerifyTestECDSASignature(const base::StringPiece& message,
281 const base::StringPiece& signature) {
282 ScopedEVP_PKEY pkey(ImportPublicKeyFile(kTestEcdsaPublicKeyFile));
283 if (!pkey.get())
284 return false;
285 ScopedEC_KEY pub_key(EVP_PKEY_get1_EC_KEY(pkey.get()));
286 if (!pub_key.get()) {
287 LOG(ERROR) << "Could not get ECDSA public key: "
288 << GetOpenSSLErrorString();
289 return false;
290 }
291
292 const unsigned char* digest =
293 reinterpret_cast<const unsigned char*>(message.data());
294 int digest_len = static_cast<int>(message.size());
295 const unsigned char* sigbuf =
296 reinterpret_cast<const unsigned char*>(signature.data());
297 int siglen = static_cast<int>(signature.size());
298
299 int ret = ECDSA_verify(
300 0, digest, digest_len, sigbuf, siglen, pub_key.get());
301 if (ret != 1) {
302 LOG(ERROR) << "ECDSA_verify() failed: " << GetOpenSSLErrorString();
303 return false;
304 }
305 return true;
306 }
307
308 // Sign a message with OpenSSL, return the result as a string.
309 // |message| is the message to be signed.
310 // |openssl_key| is an OpenSSL EVP_PKEY to use.
311 // |result| receives the result.
312 // Returns true on success, false otherwise.
SignWithOpenSSL(const base::StringPiece & message,EVP_PKEY * openssl_key,std::string * result)313 bool SignWithOpenSSL(const base::StringPiece& message,
314 EVP_PKEY* openssl_key,
315 std::string* result) {
316 const unsigned char* digest =
317 reinterpret_cast<const unsigned char*>(message.data());
318 unsigned int digest_len = static_cast<unsigned int>(message.size());
319 std::string signature;
320 size_t signature_size;
321 size_t max_signature_size;
322 int key_type = EVP_PKEY_id(openssl_key);
323 switch (key_type) {
324 case EVP_PKEY_RSA:
325 {
326 ScopedRSA rsa(EVP_PKEY_get1_RSA(openssl_key));
327 if (!rsa.get()) {
328 LOG(ERROR) << "Could not get RSA from EVP_PKEY: "
329 << GetOpenSSLErrorString();
330 return false;
331 }
332 // With RSA, the signature will always be RSA_size() bytes.
333 max_signature_size = static_cast<size_t>(RSA_size(rsa.get()));
334 unsigned char* p = OpenSSLWriteInto(&signature,
335 max_signature_size);
336 unsigned int p_len = 0;
337 int ret = RSA_sign(
338 NID_md5_sha1, digest, digest_len, p, &p_len, rsa.get());
339 if (ret != 1) {
340 LOG(ERROR) << "RSA_sign() failed: " << GetOpenSSLErrorString();
341 return false;
342 }
343 signature_size = static_cast<size_t>(p_len);
344 break;
345 }
346 case EVP_PKEY_DSA:
347 {
348 ScopedDSA dsa(EVP_PKEY_get1_DSA(openssl_key));
349 if (!dsa.get()) {
350 LOG(ERROR) << "Could not get DSA from EVP_PKEY: "
351 << GetOpenSSLErrorString();
352 return false;
353 }
354 // Note, the actual signature can be smaller than DSA_size()
355 max_signature_size = static_cast<size_t>(DSA_size(dsa.get()));
356 unsigned char* p = OpenSSLWriteInto(&signature,
357 max_signature_size);
358 unsigned int p_len = 0;
359 // Note: first parameter is ignored by function.
360 int ret = DSA_sign(0, digest, digest_len, p, &p_len, dsa.get());
361 if (ret != 1) {
362 LOG(ERROR) << "DSA_sign() failed: " << GetOpenSSLErrorString();
363 return false;
364 }
365 signature_size = static_cast<size_t>(p_len);
366 break;
367 }
368 case EVP_PKEY_EC:
369 {
370 ScopedEC_KEY ecdsa(EVP_PKEY_get1_EC_KEY(openssl_key));
371 if (!ecdsa.get()) {
372 LOG(ERROR) << "Could not get EC_KEY from EVP_PKEY: "
373 << GetOpenSSLErrorString();
374 return false;
375 }
376 // Note, the actual signature can be smaller than ECDSA_size()
377 max_signature_size = ECDSA_size(ecdsa.get());
378 unsigned char* p = OpenSSLWriteInto(&signature,
379 max_signature_size);
380 unsigned int p_len = 0;
381 // Note: first parameter is ignored by function.
382 int ret = ECDSA_sign(
383 0, digest, digest_len, p, &p_len, ecdsa.get());
384 if (ret != 1) {
385 LOG(ERROR) << "ECDSA_sign() fialed: " << GetOpenSSLErrorString();
386 return false;
387 }
388 signature_size = static_cast<size_t>(p_len);
389 break;
390 }
391 default:
392 LOG(WARNING) << "Invalid OpenSSL key type: " << key_type;
393 return false;
394 }
395
396 if (signature_size == 0) {
397 LOG(ERROR) << "Signature is empty!";
398 return false;
399 }
400 if (signature_size > max_signature_size) {
401 LOG(ERROR) << "Signature size mismatch, actual " << signature_size
402 << ", expected <= " << max_signature_size;
403 return false;
404 }
405 signature.resize(signature_size);
406 result->swap(signature);
407 return true;
408 }
409
410 // Check that a generated signature for a given message matches
411 // OpenSSL output byte-by-byte.
412 // |message| is the input message.
413 // |signature| is the generated signature for the message.
414 // |openssl_key| is a raw EVP_PKEY for the same private key than the
415 // one which was used to generate the signature.
416 // Returns true on success, false otherwise.
CompareSignatureWithOpenSSL(const base::StringPiece & message,const base::StringPiece & signature,EVP_PKEY * openssl_key)417 bool CompareSignatureWithOpenSSL(const base::StringPiece& message,
418 const base::StringPiece& signature,
419 EVP_PKEY* openssl_key) {
420 std::string openssl_signature;
421 SignWithOpenSSL(message, openssl_key, &openssl_signature);
422
423 if (signature.size() != openssl_signature.size()) {
424 LOG(ERROR) << "Signature size mismatch, actual "
425 << signature.size() << ", expected "
426 << openssl_signature.size();
427 return false;
428 }
429 for (size_t n = 0; n < signature.size(); ++n) {
430 if (openssl_signature[n] != signature[n]) {
431 LOG(ERROR) << "Signature byte mismatch at index " << n
432 << "actual " << signature[n] << ", expected "
433 << openssl_signature[n];
434 LOG(ERROR) << "Actual signature : "
435 << base::HexEncode(signature.data(), signature.size());
436 LOG(ERROR) << "Expected signature: "
437 << base::HexEncode(openssl_signature.data(),
438 openssl_signature.size());
439 return false;
440 }
441 }
442 return true;
443 }
444
445 // Sign a message with our platform API.
446 //
447 // |android_key| is a JNI reference to the platform PrivateKey object.
448 // |openssl_key| is a pointer to an OpenSSL key object for the exact
449 // same key content.
450 // |message| is a message.
451 // |result| will receive the result.
DoKeySigning(jobject android_key,EVP_PKEY * openssl_key,const base::StringPiece & message,std::string * result)452 void DoKeySigning(jobject android_key,
453 EVP_PKEY* openssl_key,
454 const base::StringPiece& message,
455 std::string* result) {
456 // First, get the platform signature.
457 std::vector<uint8> android_signature;
458 ASSERT_TRUE(
459 RawSignDigestWithPrivateKey(android_key,
460 message,
461 &android_signature));
462
463 result->assign(
464 reinterpret_cast<const char*>(&android_signature[0]),
465 android_signature.size());
466 }
467
468 // Sign a message with our OpenSSL EVP_PKEY wrapper around platform
469 // APIS.
470 //
471 // |android_key| is a JNI reference to the platform PrivateKey object.
472 // |openssl_key| is a pointer to an OpenSSL key object for the exact
473 // same key content.
474 // |message| is a message.
475 // |result| will receive the result.
DoKeySigningWithWrapper(EVP_PKEY * wrapper_key,EVP_PKEY * openssl_key,const base::StringPiece & message,std::string * result)476 void DoKeySigningWithWrapper(EVP_PKEY* wrapper_key,
477 EVP_PKEY* openssl_key,
478 const base::StringPiece& message,
479 std::string* result) {
480 // First, get the platform signature.
481 std::string wrapper_signature;
482 SignWithOpenSSL(message, wrapper_key, &wrapper_signature);
483 ASSERT_NE(0U, wrapper_signature.size());
484
485 result->assign(
486 reinterpret_cast<const char*>(&wrapper_signature[0]),
487 wrapper_signature.size());
488 }
489
490 } // namespace
491
TEST(AndroidKeyStore,GetRSAKeyModulus)492 TEST(AndroidKeyStore,GetRSAKeyModulus) {
493 crypto::OpenSSLErrStackTracer err_trace(FROM_HERE);
494 InitEnv();
495
496 // Load the test RSA key.
497 ScopedEVP_PKEY pkey(ImportPrivateKeyFile(kTestRsaKeyFile));
498 ASSERT_TRUE(pkey.get());
499
500 // Convert it to encoded PKCS#8 bytes.
501 std::string pkcs8_data;
502 ASSERT_TRUE(GetPrivateKeyPkcs8Bytes(pkey, &pkcs8_data));
503
504 // Create platform PrivateKey object from it.
505 ScopedJava key_java = GetPKCS8PrivateKeyJava(PRIVATE_KEY_TYPE_RSA,
506 pkcs8_data);
507 ASSERT_FALSE(key_java.is_null());
508
509 // Retrieve the corresponding modulus through JNI
510 std::vector<uint8> modulus_java;
511 ASSERT_TRUE(GetRSAKeyModulus(key_java.obj(), &modulus_java));
512
513 // Create an OpenSSL BIGNUM from it.
514 ScopedBIGNUM bn(
515 BN_bin2bn(
516 reinterpret_cast<const unsigned char*>(&modulus_java[0]),
517 static_cast<int>(modulus_java.size()),
518 NULL));
519 ASSERT_TRUE(bn.get());
520
521 // Compare it to the one in the RSA key, they must be identical.
522 ScopedRSA rsa(EVP_PKEY_get1_RSA(pkey.get()));
523 ASSERT_TRUE(rsa.get()) << GetOpenSSLErrorString();
524
525 ASSERT_EQ(0, BN_cmp(bn.get(), rsa.get()->n));
526 }
527
TEST(AndroidKeyStore,GetDSAKeyParamQ)528 TEST(AndroidKeyStore,GetDSAKeyParamQ) {
529 crypto::OpenSSLErrStackTracer err_trace(FROM_HERE);
530 InitEnv();
531
532 // Load the test DSA key.
533 ScopedEVP_PKEY pkey(ImportPrivateKeyFile(kTestDsaKeyFile));
534 ASSERT_TRUE(pkey.get());
535
536 // Convert it to encoded PKCS#8 bytes.
537 std::string pkcs8_data;
538 ASSERT_TRUE(GetPrivateKeyPkcs8Bytes(pkey, &pkcs8_data));
539
540 // Create platform PrivateKey object from it.
541 ScopedJava key_java = GetPKCS8PrivateKeyJava(PRIVATE_KEY_TYPE_DSA,
542 pkcs8_data);
543 ASSERT_FALSE(key_java.is_null());
544
545 // Retrieve the corresponding Q parameter through JNI
546 std::vector<uint8> q_java;
547 ASSERT_TRUE(GetDSAKeyParamQ(key_java.obj(), &q_java));
548
549 // Create an OpenSSL BIGNUM from it.
550 ScopedBIGNUM bn(
551 BN_bin2bn(
552 reinterpret_cast<const unsigned char*>(&q_java[0]),
553 static_cast<int>(q_java.size()),
554 NULL));
555 ASSERT_TRUE(bn.get());
556
557 // Compare it to the one in the RSA key, they must be identical.
558 ScopedDSA dsa(EVP_PKEY_get1_DSA(pkey.get()));
559 ASSERT_TRUE(dsa.get()) << GetOpenSSLErrorString();
560
561 ASSERT_EQ(0, BN_cmp(bn.get(), dsa.get()->q));
562 }
563
TEST(AndroidKeyStore,GetPrivateKeyTypeRSA)564 TEST(AndroidKeyStore,GetPrivateKeyTypeRSA) {
565 crypto::OpenSSLErrStackTracer err_trace(FROM_HERE);
566
567 ScopedJava rsa_key = GetRSATestKeyJava();
568 ASSERT_FALSE(rsa_key.is_null());
569 EXPECT_EQ(PRIVATE_KEY_TYPE_RSA,
570 GetPrivateKeyType(rsa_key.obj()));
571 }
572
TEST(AndroidKeyStore,SignWithPrivateKeyRSA)573 TEST(AndroidKeyStore,SignWithPrivateKeyRSA) {
574 ScopedJava rsa_key = GetRSATestKeyJava();
575 ASSERT_FALSE(rsa_key.is_null());
576
577 if (IsOnAndroidOlderThan_4_2()) {
578 LOG(INFO) << "This test can't run on Android < 4.2";
579 return;
580 }
581
582 ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestRsaKeyFile));
583 ASSERT_TRUE(openssl_key.get());
584
585 std::string message = kTestRsaHash;
586 ASSERT_EQ(36U, message.size());
587
588 std::string signature;
589 DoKeySigning(rsa_key.obj(), openssl_key.get(), message, &signature);
590 ASSERT_TRUE(
591 CompareSignatureWithOpenSSL(message, signature, openssl_key.get()));
592 // All good.
593 }
594
TEST(AndroidKeyStore,SignWithWrapperKeyRSA)595 TEST(AndroidKeyStore,SignWithWrapperKeyRSA) {
596 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
597
598 ScopedJava rsa_key = GetRSATestKeyJava();
599 ASSERT_FALSE(rsa_key.is_null());
600
601 ScopedEVP_PKEY wrapper_key(GetOpenSSLPrivateKeyWrapper(rsa_key.obj()));
602 ASSERT_TRUE(wrapper_key.get() != NULL);
603
604 ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestRsaKeyFile));
605 ASSERT_TRUE(openssl_key.get());
606
607 // Check that RSA_size() works properly on the wrapper key.
608 EXPECT_EQ(EVP_PKEY_size(openssl_key.get()),
609 EVP_PKEY_size(wrapper_key.get()));
610
611 // Message size must be 36 for RSA_sign(NID_md5_sha1,...) to return
612 // without an error.
613 std::string message = kTestRsaHash;
614 ASSERT_EQ(36U, message.size());
615
616 std::string signature;
617 DoKeySigningWithWrapper(wrapper_key.get(),
618 openssl_key.get(),
619 message,
620 &signature);
621 ASSERT_TRUE(
622 CompareSignatureWithOpenSSL(message, signature, openssl_key.get()));
623 }
624
TEST(AndroidKeyStore,GetPrivateKeyTypeDSA)625 TEST(AndroidKeyStore,GetPrivateKeyTypeDSA) {
626 crypto::OpenSSLErrStackTracer err_trace(FROM_HERE);
627
628 ScopedJava dsa_key = GetDSATestKeyJava();
629 ASSERT_FALSE(dsa_key.is_null());
630 EXPECT_EQ(PRIVATE_KEY_TYPE_DSA,
631 GetPrivateKeyType(dsa_key.obj()));
632 }
633
TEST(AndroidKeyStore,SignWithPrivateKeyDSA)634 TEST(AndroidKeyStore,SignWithPrivateKeyDSA) {
635 ScopedJava dsa_key = GetDSATestKeyJava();
636 ASSERT_FALSE(dsa_key.is_null());
637
638 ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestDsaKeyFile));
639 ASSERT_TRUE(openssl_key.get());
640
641 std::string message = kTestDsaHash;
642 ASSERT_EQ(20U, message.size());
643
644 std::string signature;
645 DoKeySigning(dsa_key.obj(), openssl_key.get(), message, &signature);
646 ASSERT_TRUE(VerifyTestDSASignature(message, signature));
647 }
648
TEST(AndroidKeyStore,SignWithWrapperKeyDSA)649 TEST(AndroidKeyStore,SignWithWrapperKeyDSA) {
650 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
651
652 ScopedJava dsa_key = GetDSATestKeyJava();
653 ASSERT_FALSE(dsa_key.is_null());
654
655 ScopedEVP_PKEY wrapper_key(
656 GetOpenSSLPrivateKeyWrapper(dsa_key.obj()));
657 ASSERT_TRUE(wrapper_key.get());
658
659 ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestDsaKeyFile));
660 ASSERT_TRUE(openssl_key.get());
661
662 // Check that DSA_size() works correctly on the wrapper.
663 EXPECT_EQ(EVP_PKEY_size(openssl_key.get()),
664 EVP_PKEY_size(wrapper_key.get()));
665
666 std::string message = kTestDsaHash;
667 std::string signature;
668 DoKeySigningWithWrapper(wrapper_key.get(),
669 openssl_key.get(),
670 message,
671 &signature);
672 ASSERT_TRUE(VerifyTestDSASignature(message, signature));
673 }
674
TEST(AndroidKeyStore,GetPrivateKeyTypeECDSA)675 TEST(AndroidKeyStore,GetPrivateKeyTypeECDSA) {
676 crypto::OpenSSLErrStackTracer err_trace(FROM_HERE);
677
678 ScopedJava ecdsa_key = GetECDSATestKeyJava();
679 ASSERT_FALSE(ecdsa_key.is_null());
680 EXPECT_EQ(PRIVATE_KEY_TYPE_ECDSA,
681 GetPrivateKeyType(ecdsa_key.obj()));
682 }
683
TEST(AndroidKeyStore,SignWithPrivateKeyECDSA)684 TEST(AndroidKeyStore,SignWithPrivateKeyECDSA) {
685 ScopedJava ecdsa_key = GetECDSATestKeyJava();
686 ASSERT_FALSE(ecdsa_key.is_null());
687
688 ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestEcdsaKeyFile));
689 ASSERT_TRUE(openssl_key.get());
690
691 std::string message = kTestEcdsaHash;
692 std::string signature;
693 DoKeySigning(ecdsa_key.obj(), openssl_key.get(), message, &signature);
694 ASSERT_TRUE(VerifyTestECDSASignature(message, signature));
695 }
696
TEST(AndroidKeyStore,SignWithWrapperKeyECDSA)697 TEST(AndroidKeyStore, SignWithWrapperKeyECDSA) {
698 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
699
700 ScopedJava ecdsa_key = GetECDSATestKeyJava();
701 ASSERT_FALSE(ecdsa_key.is_null());
702
703 ScopedEVP_PKEY wrapper_key(
704 GetOpenSSLPrivateKeyWrapper(ecdsa_key.obj()));
705 ASSERT_TRUE(wrapper_key.get());
706
707 ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestEcdsaKeyFile));
708 ASSERT_TRUE(openssl_key.get());
709
710 // Check that ECDSA size works correctly on the wrapper.
711 EXPECT_EQ(EVP_PKEY_size(openssl_key.get()),
712 EVP_PKEY_size(wrapper_key.get()));
713
714 std::string message = kTestEcdsaHash;
715 std::string signature;
716 DoKeySigningWithWrapper(wrapper_key.get(),
717 openssl_key.get(),
718 message,
719 &signature);
720 ASSERT_TRUE(VerifyTestECDSASignature(message, signature));
721 }
722
723 } // namespace android
724 } // namespace net
725