| // Copyright 2013 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "net/quic/test_tools/crypto_test_utils.h" |
| |
| #include <openssl/bn.h> |
| #include <openssl/ec.h> |
| #include <openssl/ecdsa.h> |
| #include <openssl/evp.h> |
| #include <openssl/obj_mac.h> |
| #include <openssl/sha.h> |
| |
| #include "crypto/openssl_util.h" |
| #include "crypto/scoped_openssl_types.h" |
| #include "crypto/secure_hash.h" |
| #include "net/quic/crypto/channel_id.h" |
| |
| using base::StringPiece; |
| using std::string; |
| |
| namespace net { |
| |
| namespace test { |
| |
| class TestChannelIDKey : public ChannelIDKey { |
| public: |
| explicit TestChannelIDKey(EVP_PKEY* ecdsa_key) : ecdsa_key_(ecdsa_key) {} |
| ~TestChannelIDKey() override {} |
| |
| // ChannelIDKey implementation. |
| |
| bool Sign(StringPiece signed_data, string* out_signature) const override { |
| crypto::ScopedEVP_MD_CTX md_ctx(EVP_MD_CTX_create()); |
| if (!md_ctx || |
| EVP_DigestSignInit(md_ctx.get(), nullptr, EVP_sha256(), nullptr, |
| ecdsa_key_.get()) != 1) { |
| return false; |
| } |
| |
| EVP_DigestUpdate(md_ctx.get(), ChannelIDVerifier::kContextStr, |
| strlen(ChannelIDVerifier::kContextStr) + 1); |
| EVP_DigestUpdate(md_ctx.get(), ChannelIDVerifier::kClientToServerStr, |
| strlen(ChannelIDVerifier::kClientToServerStr) + 1); |
| EVP_DigestUpdate(md_ctx.get(), signed_data.data(), signed_data.size()); |
| |
| size_t sig_len; |
| if (!EVP_DigestSignFinal(md_ctx.get(), nullptr, &sig_len)) { |
| return false; |
| } |
| |
| scoped_ptr<uint8[]> der_sig(new uint8[sig_len]); |
| if (!EVP_DigestSignFinal(md_ctx.get(), der_sig.get(), &sig_len)) { |
| return false; |
| } |
| |
| uint8* derp = der_sig.get(); |
| crypto::ScopedECDSA_SIG sig( |
| d2i_ECDSA_SIG(nullptr, const_cast<const uint8**>(&derp), sig_len)); |
| if (sig.get() == nullptr) { |
| return false; |
| } |
| |
| // The signature consists of a pair of 32-byte numbers. |
| static const size_t kSignatureLength = 32 * 2; |
| scoped_ptr<uint8[]> signature(new uint8[kSignatureLength]); |
| if (!BN_bn2bin_padded(&signature[0], 32, sig->r) || |
| !BN_bn2bin_padded(&signature[32], 32, sig->s)) { |
| return false; |
| } |
| |
| *out_signature = string(reinterpret_cast<char*>(signature.get()), |
| kSignatureLength); |
| |
| return true; |
| } |
| |
| string SerializeKey() const override { |
| // i2d_PublicKey will produce an ANSI X9.62 public key which, for a P-256 |
| // key, is 0x04 (meaning uncompressed) followed by the x and y field |
| // elements as 32-byte, big-endian numbers. |
| static const int kExpectedKeyLength = 65; |
| |
| int len = i2d_PublicKey(ecdsa_key_.get(), nullptr); |
| if (len != kExpectedKeyLength) { |
| return ""; |
| } |
| |
| uint8 buf[kExpectedKeyLength]; |
| uint8* derp = buf; |
| i2d_PublicKey(ecdsa_key_.get(), &derp); |
| |
| return string(reinterpret_cast<char*>(buf + 1), kExpectedKeyLength - 1); |
| } |
| |
| private: |
| crypto::ScopedEVP_PKEY ecdsa_key_; |
| }; |
| |
| class TestChannelIDSource : public ChannelIDSource { |
| public: |
| ~TestChannelIDSource() override {} |
| |
| // ChannelIDSource implementation. |
| |
| QuicAsyncStatus GetChannelIDKey( |
| const string& hostname, |
| scoped_ptr<ChannelIDKey>* channel_id_key, |
| ChannelIDSourceCallback* /*callback*/) override { |
| channel_id_key->reset(new TestChannelIDKey(HostnameToKey(hostname))); |
| return QUIC_SUCCESS; |
| } |
| |
| private: |
| static EVP_PKEY* HostnameToKey(const string& hostname) { |
| // In order to generate a deterministic key for a given hostname the |
| // hostname is hashed with SHA-256 and the resulting digest is treated as a |
| // big-endian number. The most-significant bit is cleared to ensure that |
| // the resulting value is less than the order of the group and then it's |
| // taken as a private key. Given the private key, the public key is |
| // calculated with a group multiplication. |
| SHA256_CTX sha256; |
| SHA256_Init(&sha256); |
| SHA256_Update(&sha256, hostname.data(), hostname.size()); |
| |
| unsigned char digest[SHA256_DIGEST_LENGTH]; |
| SHA256_Final(digest, &sha256); |
| |
| // Ensure that the digest is less than the order of the P-256 group by |
| // clearing the most-significant bit. |
| digest[0] &= 0x7f; |
| |
| crypto::ScopedBIGNUM k(BN_new()); |
| CHECK(BN_bin2bn(digest, sizeof(digest), k.get()) != nullptr); |
| |
| crypto::ScopedEC_GROUP p256( |
| EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)); |
| CHECK(p256); |
| |
| crypto::ScopedEC_KEY ecdsa_key(EC_KEY_new()); |
| CHECK(ecdsa_key && EC_KEY_set_group(ecdsa_key.get(), p256.get())); |
| |
| crypto::ScopedEC_POINT point(EC_POINT_new(p256.get())); |
| CHECK(EC_POINT_mul(p256.get(), point.get(), k.get(), nullptr, nullptr, |
| nullptr)); |
| |
| EC_KEY_set_private_key(ecdsa_key.get(), k.get()); |
| EC_KEY_set_public_key(ecdsa_key.get(), point.get()); |
| |
| crypto::ScopedEVP_PKEY pkey(EVP_PKEY_new()); |
| // EVP_PKEY_set1_EC_KEY takes a reference so no |release| here. |
| EVP_PKEY_set1_EC_KEY(pkey.get(), ecdsa_key.get()); |
| |
| return pkey.release(); |
| } |
| }; |
| |
| // static |
| ChannelIDSource* CryptoTestUtils::ChannelIDSourceForTesting() { |
| return new TestChannelIDSource(); |
| } |
| |
| } // namespace test |
| |
| } // namespace net |
