search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Updating trunk VERSION from 2139.0 to 2140.0
[chromium-blink-merge.git] / net / quic / test_tools / crypto_test_utils_openssl.cc
blobf998193596bf5e00a72e983097f0a0e7a0a69cb4
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/quic/test_tools/crypto_test_utils.h"
6
7 #include <openssl/bn.h>
8 #include <openssl/ec.h>
9 #include <openssl/ecdsa.h>
10 #include <openssl/evp.h>
11 #include <openssl/obj_mac.h>
12 #include <openssl/sha.h>
13
14 #include "crypto/openssl_util.h"
15 #include "crypto/scoped_openssl_types.h"
16 #include "crypto/secure_hash.h"
17 #include "net/quic/crypto/channel_id.h"
18
19 using base::StringPiece;
20 using std::string;
21
22 namespace net {
23
24 namespace test {
25
26 class TestChannelIDKey : public ChannelIDKey {
27 public:
28 explicit TestChannelIDKey(EVP_PKEY* ecdsa_key) : ecdsa_key_(ecdsa_key) {}
29 virtual ~TestChannelIDKey() OVERRIDE {}
30
31 // ChannelIDKey implementation.
32
33 virtual bool Sign(StringPiece signed_data,
34 string* out_signature) const OVERRIDE {
35 crypto::ScopedEVP_MD_CTX md_ctx(EVP_MD_CTX_create());
36 if (!md_ctx ||
37 EVP_DigestSignInit(md_ctx.get(), NULL, EVP_sha256(), NULL,
38 ecdsa_key_.get()) != 1) {
39 return false;
40 }
41
42 EVP_DigestUpdate(md_ctx.get(), ChannelIDVerifier::kContextStr,
43 strlen(ChannelIDVerifier::kContextStr) + 1);
44 EVP_DigestUpdate(md_ctx.get(), ChannelIDVerifier::kClientToServerStr,
45 strlen(ChannelIDVerifier::kClientToServerStr) + 1);
46 EVP_DigestUpdate(md_ctx.get(), signed_data.data(), signed_data.size());
47
48 size_t sig_len;
49 if (!EVP_DigestSignFinal(md_ctx.get(), NULL, &sig_len)) {
50 return false;
51 }
52
53 scoped_ptr<uint8[]> der_sig(new uint8[sig_len]);
54 if (!EVP_DigestSignFinal(md_ctx.get(), der_sig.get(), &sig_len)) {
55 return false;
56 }
57
58 uint8* derp = der_sig.get();
59 crypto::ScopedECDSA_SIG sig(
60 d2i_ECDSA_SIG(NULL, const_cast<const uint8**>(&derp), sig_len));
61 if (sig.get() == NULL) {
62 return false;
63 }
64
65 // The signature consists of a pair of 32-byte numbers.
66 static const size_t kSignatureLength = 32 * 2;
67 scoped_ptr<uint8[]> signature(new uint8[kSignatureLength]);
68 memset(signature.get(), 0, kSignatureLength);
69 BN_bn2bin(sig.get()->r, signature.get() + 32 - BN_num_bytes(sig.get()->r));
70 BN_bn2bin(sig.get()->s, signature.get() + 64 - BN_num_bytes(sig.get()->s));
71
72 *out_signature = string(reinterpret_cast<char*>(signature.get()),
73 kSignatureLength);
74
75 return true;
76 }
77
78 virtual string SerializeKey() const OVERRIDE {
79 // i2d_PublicKey will produce an ANSI X9.62 public key which, for a P-256
80 // key, is 0x04 (meaning uncompressed) followed by the x and y field
81 // elements as 32-byte, big-endian numbers.
82 static const int kExpectedKeyLength = 65;
83
84 int len = i2d_PublicKey(ecdsa_key_.get(), NULL);
85 if (len != kExpectedKeyLength) {
86 return "";
87 }
88
89 uint8 buf[kExpectedKeyLength];
90 uint8* derp = buf;
91 i2d_PublicKey(ecdsa_key_.get(), &derp);
92
93 return string(reinterpret_cast<char*>(buf + 1), kExpectedKeyLength - 1);
94 }
95
96 private:
97 crypto::ScopedEVP_PKEY ecdsa_key_;
98 };
99
100 class TestChannelIDSource : public ChannelIDSource {
101 public:
102 virtual ~TestChannelIDSource() {}
103
104 // ChannelIDSource implementation.
105
106 virtual QuicAsyncStatus GetChannelIDKey(
107 const string& hostname,
108 scoped_ptr<ChannelIDKey>* channel_id_key,
109 ChannelIDSourceCallback* /*callback*/) OVERRIDE {
110 channel_id_key->reset(new TestChannelIDKey(HostnameToKey(hostname)));
111 return QUIC_SUCCESS;
112 }
113
114 private:
115 static EVP_PKEY* HostnameToKey(const string& hostname) {
116 // In order to generate a deterministic key for a given hostname the
117 // hostname is hashed with SHA-256 and the resulting digest is treated as a
118 // big-endian number. The most-significant bit is cleared to ensure that
119 // the resulting value is less than the order of the group and then it's
120 // taken as a private key. Given the private key, the public key is
121 // calculated with a group multiplication.
122 SHA256_CTX sha256;
123 SHA256_Init(&sha256);
124 SHA256_Update(&sha256, hostname.data(), hostname.size());
125
126 unsigned char digest[SHA256_DIGEST_LENGTH];
127 SHA256_Final(digest, &sha256);
128
129 // Ensure that the digest is less than the order of the P-256 group by
130 // clearing the most-significant bit.
131 digest[0] &= 0x7f;
132
133 crypto::ScopedBIGNUM k(BN_new());
134 CHECK(BN_bin2bn(digest, sizeof(digest), k.get()) != NULL);
135
136 crypto::ScopedOpenSSL<EC_GROUP, EC_GROUP_free>::Type p256(
137 EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1));
138 CHECK(p256.get());
139
140 crypto::ScopedEC_KEY ecdsa_key(EC_KEY_new());
141 CHECK(ecdsa_key.get() != NULL &&
142 EC_KEY_set_group(ecdsa_key.get(), p256.get()));
143
144 crypto::ScopedOpenSSL<EC_POINT, EC_POINT_free>::Type point(
145 EC_POINT_new(p256.get()));
146 CHECK(EC_POINT_mul(p256.get(), point.get(), k.get(), NULL, NULL, NULL));
147
148 EC_KEY_set_private_key(ecdsa_key.get(), k.get());
149 EC_KEY_set_public_key(ecdsa_key.get(), point.get());
150
151 crypto::ScopedEVP_PKEY pkey(EVP_PKEY_new());
152 // EVP_PKEY_set1_EC_KEY takes a reference so no |release| here.
153 EVP_PKEY_set1_EC_KEY(pkey.get(), ecdsa_key.get());
154
155 return pkey.release();
156 }
157 };
158
159 // static
160 ChannelIDSource* CryptoTestUtils::ChannelIDSourceForTesting() {
161 return new TestChannelIDSource();
162 }
163
164 } // namespace test
165
166 } // namespace net