search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
don't mix system and bundled ICU
[chromium-blink-merge.git] / net / android / keystore_unittest.cc
blobae03b3e3b918942e8f74b6b4ccad4a8e5bab7ab8
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include <openssl/bn.h>
6 #include <openssl/dsa.h>
7 #include <openssl/ecdsa.h>
8 #include <openssl/err.h>
9 #include <openssl/evp.h>
10 #include <openssl/pem.h>
11 #include <openssl/rsa.h>
12 #include <openssl/x509.h>
13
14 #include "base/android/build_info.h"
15 #include "base/android/jni_android.h"
16 #include "base/android/jni_array.h"
17 #include "base/android/scoped_java_ref.h"
18 #include "base/basictypes.h"
19 #include "base/bind.h"
20 #include "base/callback.h"
21 #include "base/compiler_specific.h"
22 #include "base/files/file_path.h"
23 #include "base/files/file_util.h"
24 #include "base/files/scoped_file.h"
25 #include "base/strings/string_number_conversions.h"
26 #include "base/strings/string_util.h"
27 #include "crypto/openssl_util.h"
28 #include "jni/AndroidKeyStoreTestUtil_jni.h"
29 #include "net/android/keystore.h"
30 #include "net/android/keystore_openssl.h"
31 #include "net/base/test_data_directory.h"
32 #include "net/ssl/scoped_openssl_types.h"
33 #include "testing/gtest/include/gtest/gtest.h"
34
35 // Technical note:
36 //
37 // This source file not only checks that signing with
38 // RawSignDigestWithPrivateKey() works correctly, it also verifies that
39 // the generated signature matches 100% of what OpenSSL generates when
40 // calling RSA_sign(NID_md5_sha1,...), DSA_sign(0, ...) or
41 // ECDSA_sign(0, ...).
42 //
43 // That's crucial to ensure that this function can later be used to
44 // implement client certificate support. More specifically, that it is
45 // possible to create a custom EVP_PKEY that uses
46 // RawSignDigestWithPrivateKey() internally to perform RSA/DSA/ECDSA
47 // signing, as invoked by the OpenSSL code at
48 // openssl/ssl/s3_clnt.c:ssl3_send_client_verify().
49 //
50 // For more details, read the comments in AndroidKeyStore.java.
51 //
52 // Finally, it also checks that using the EVP_PKEY generated with
53 // GetOpenSSLPrivateKeyWrapper() works correctly.
54
55 namespace net {
56 namespace android {
57
58 namespace {
59
60 typedef base::android::ScopedJavaLocalRef<jobject> ScopedJava;
61
62 JNIEnv* InitEnv() {
63 JNIEnv* env = base::android::AttachCurrentThread();
64 static bool inited = false;
65 if (!inited) {
66 RegisterNativesImpl(env);
67 inited = true;
68 }
69 return env;
70 }
71
72 // Returns true if running on an Android version older than 4.2
73 bool IsOnAndroidOlderThan_4_2(void) {
74 const int kAndroid42ApiLevel = 17;
75 int level = base::android::BuildInfo::GetInstance()->sdk_int();
76 return level < kAndroid42ApiLevel;
77 }
78
79 // Implements the callback expected by ERR_print_errors_cb().
80 // used by GetOpenSSLErrorString below.
81 int openssl_print_error_callback(const char* msg, size_t msglen, void* u) {
82 std::string* result = reinterpret_cast<std::string*>(u);
83 result->append(msg, msglen);
84 return 1;
85 }
86
87 // Retrieves the OpenSSL error as a string
88 std::string GetOpenSSLErrorString(void) {
89 std::string result;
90 ERR_print_errors_cb(openssl_print_error_callback, &result);
91 return result;
92 }
93
94 // Resize a string to |size| bytes of data, then return its data buffer
95 // address cast as an 'unsigned char*', as expected by OpenSSL functions.
96 // |str| the target string.
97 // |size| the number of bytes to write into the string.
98 // Return the string's new buffer in memory, as an 'unsigned char*'
99 // pointer.
100 unsigned char* OpenSSLWriteInto(std::string* str, size_t size) {
101 return reinterpret_cast<unsigned char*>(WriteInto(str, size + 1));
102 }
103
104 // Load a given private key file into an EVP_PKEY.
105 // |filename| is the key file path.
106 // Returns a new EVP_PKEY on success, NULL on failure.
107 EVP_PKEY* ImportPrivateKeyFile(const char* filename) {
108 // Load file in memory.
109 base::FilePath certs_dir = GetTestCertsDirectory();
110 base::FilePath file_path = certs_dir.AppendASCII(filename);
111 base::ScopedFILE handle(base::OpenFile(file_path, "rb"));
112 if (!handle.get()) {
113 LOG(ERROR) << "Could not open private key file: " << filename;
114 return NULL;
115 }
116 // Assume it is PEM_encoded. Load it as an EVP_PKEY.
117 EVP_PKEY* pkey = PEM_read_PrivateKey(handle.get(), NULL, NULL, NULL);
118 if (!pkey) {
119 LOG(ERROR) << "Could not load public key file: " << filename
120 << ", " << GetOpenSSLErrorString();
121 return NULL;
122 }
123 return pkey;
124 }
125
126 // Convert a private key into its PKCS#8 encoded representation.
127 // |pkey| is the EVP_PKEY handle for the private key.
128 // |pkcs8| will receive the PKCS#8 bytes.
129 // Returns true on success, false otherwise.
130 bool GetPrivateKeyPkcs8Bytes(const crypto::ScopedEVP_PKEY& pkey,
131 std::string* pkcs8) {
132 // Convert to PKCS#8 object.
133 ScopedPKCS8_PRIV_KEY_INFO p8_info(EVP_PKEY2PKCS8(pkey.get()));
134 if (!p8_info.get()) {
135 LOG(ERROR) << "Can't get PKCS#8 private key from EVP_PKEY: "
136 << GetOpenSSLErrorString();
137 return false;
138 }
139
140 // Then convert it
141 int len = i2d_PKCS8_PRIV_KEY_INFO(p8_info.get(), NULL);
142 unsigned char* p = OpenSSLWriteInto(pkcs8, static_cast<size_t>(len));
143 i2d_PKCS8_PRIV_KEY_INFO(p8_info.get(), &p);
144 return true;
145 }
146
147 bool ImportPrivateKeyFileAsPkcs8(const char* filename,
148 std::string* pkcs8) {
149 crypto::ScopedEVP_PKEY pkey(ImportPrivateKeyFile(filename));
150 if (!pkey.get())
151 return false;
152 return GetPrivateKeyPkcs8Bytes(pkey, pkcs8);
153 }
154
155 // Same as ImportPrivateKey, but for public ones.
156 EVP_PKEY* ImportPublicKeyFile(const char* filename) {
157 // Load file as PEM data.
158 base::FilePath certs_dir = GetTestCertsDirectory();
159 base::FilePath file_path = certs_dir.AppendASCII(filename);
160 base::ScopedFILE handle(base::OpenFile(file_path, "rb"));
161 if (!handle.get()) {
162 LOG(ERROR) << "Could not open public key file: " << filename;
163 return NULL;
164 }
165 EVP_PKEY* pkey = PEM_read_PUBKEY(handle.get(), NULL, NULL, NULL);
166 if (!pkey) {
167 LOG(ERROR) << "Could not load public key file: " << filename
168 << ", " << GetOpenSSLErrorString();
169 return NULL;
170 }
171 return pkey;
172 }
173
174 // Retrieve a JNI local ref from encoded PKCS#8 data.
175 ScopedJava GetPKCS8PrivateKeyJava(PrivateKeyType key_type,
176 const std::string& pkcs8_key) {
177 JNIEnv* env = InitEnv();
178 base::android::ScopedJavaLocalRef<jbyteArray> bytes(
179 base::android::ToJavaByteArray(
180 env,
181 reinterpret_cast<const uint8*>(pkcs8_key.data()),
182 pkcs8_key.size()));
183
184 ScopedJava key(
185 Java_AndroidKeyStoreTestUtil_createPrivateKeyFromPKCS8(
186 env, key_type, bytes.obj()));
187
188 return key;
189 }
190
191 const char kTestRsaKeyFile[] = "android-test-key-rsa.pem";
192
193 // The RSA test hash must be 36 bytes exactly.
194 const char kTestRsaHash[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
195
196 // Retrieve a JNI local ref for our test RSA key.
197 ScopedJava GetRSATestKeyJava() {
198 std::string key;
199 if (!ImportPrivateKeyFileAsPkcs8(kTestRsaKeyFile, &key))
200 return ScopedJava();
201 return GetPKCS8PrivateKeyJava(PRIVATE_KEY_TYPE_RSA, key);
202 }
203
204 const char kTestEcdsaKeyFile[] = "android-test-key-ecdsa.pem";
205 const char kTestEcdsaPublicKeyFile[] = "android-test-key-ecdsa-public.pem";
206
207 // The test hash for ECDSA keys must be 20 bytes exactly.
208 const char kTestEcdsaHash[] = "0123456789ABCDEFGHIJ";
209
210 // Retrieve a JNI local ref for our test ECDSA key.
211 ScopedJava GetECDSATestKeyJava() {
212 std::string key;
213 if (!ImportPrivateKeyFileAsPkcs8(kTestEcdsaKeyFile, &key))
214 return ScopedJava();
215 return GetPKCS8PrivateKeyJava(PRIVATE_KEY_TYPE_ECDSA, key);
216 }
217
218 // Call this function to verify that one message signed with our
219 // test ECDSA private key is correct. Since ECDSA signing introduces
220 // random elements in the signature, it is not possible to compare
221 // signature bits directly. However, one can use the public key
222 // to do the check.
223 bool VerifyTestECDSASignature(const base::StringPiece& message,
224 const base::StringPiece& signature) {
225 crypto::ScopedEVP_PKEY pkey(ImportPublicKeyFile(kTestEcdsaPublicKeyFile));
226 if (!pkey.get())
227 return false;
228 crypto::ScopedEC_KEY pub_key(EVP_PKEY_get1_EC_KEY(pkey.get()));
229 if (!pub_key.get()) {
230 LOG(ERROR) << "Could not get ECDSA public key: "
231 << GetOpenSSLErrorString();
232 return false;
233 }
234
235 const unsigned char* digest =
236 reinterpret_cast<const unsigned char*>(message.data());
237 int digest_len = static_cast<int>(message.size());
238 const unsigned char* sigbuf =
239 reinterpret_cast<const unsigned char*>(signature.data());
240 int siglen = static_cast<int>(signature.size());
241
242 int ret = ECDSA_verify(
243 0, digest, digest_len, sigbuf, siglen, pub_key.get());
244 if (ret != 1) {
245 LOG(ERROR) << "ECDSA_verify() failed: " << GetOpenSSLErrorString();
246 return false;
247 }
248 return true;
249 }
250
251 // Sign a message with OpenSSL, return the result as a string.
252 // |message| is the message to be signed.
253 // |openssl_key| is an OpenSSL EVP_PKEY to use.
254 // |result| receives the result.
255 // Returns true on success, false otherwise.
256 bool SignWithOpenSSL(const base::StringPiece& message,
257 EVP_PKEY* openssl_key,
258 std::string* result) {
259 const unsigned char* digest =
260 reinterpret_cast<const unsigned char*>(message.data());
261 unsigned int digest_len = static_cast<unsigned int>(message.size());
262 std::string signature;
263 size_t signature_size;
264 size_t max_signature_size;
265 int key_type = EVP_PKEY_id(openssl_key);
266 switch (key_type) {
267 case EVP_PKEY_RSA:
268 {
269 crypto::ScopedRSA rsa(EVP_PKEY_get1_RSA(openssl_key));
270 if (!rsa.get()) {
271 LOG(ERROR) << "Could not get RSA from EVP_PKEY: "
272 << GetOpenSSLErrorString();
273 return false;
274 }
275 // With RSA, the signature will always be RSA_size() bytes.
276 max_signature_size = static_cast<size_t>(RSA_size(rsa.get()));
277 unsigned char* p = OpenSSLWriteInto(&signature,
278 max_signature_size);
279 unsigned int p_len = 0;
280 int ret = RSA_sign(
281 NID_md5_sha1, digest, digest_len, p, &p_len, rsa.get());
282 if (ret != 1) {
283 LOG(ERROR) << "RSA_sign() failed: " << GetOpenSSLErrorString();
284 return false;
285 }
286 signature_size = static_cast<size_t>(p_len);
287 break;
288 }
289 case EVP_PKEY_EC:
290 {
291 crypto::ScopedEC_KEY ecdsa(EVP_PKEY_get1_EC_KEY(openssl_key));
292 if (!ecdsa.get()) {
293 LOG(ERROR) << "Could not get EC_KEY from EVP_PKEY: "
294 << GetOpenSSLErrorString();
295 return false;
296 }
297 // Note, the actual signature can be smaller than ECDSA_size()
298 max_signature_size = ECDSA_size(ecdsa.get());
299 unsigned char* p = OpenSSLWriteInto(&signature,
300 max_signature_size);
301 unsigned int p_len = 0;
302 // Note: first parameter is ignored by function.
303 int ret = ECDSA_sign(
304 0, digest, digest_len, p, &p_len, ecdsa.get());
305 if (ret != 1) {
306 LOG(ERROR) << "ECDSA_sign() fialed: " << GetOpenSSLErrorString();
307 return false;
308 }
309 signature_size = static_cast<size_t>(p_len);
310 break;
311 }
312 default:
313 LOG(WARNING) << "Invalid OpenSSL key type: " << key_type;
314 return false;
315 }
316
317 if (signature_size == 0) {
318 LOG(ERROR) << "Signature is empty!";
319 return false;
320 }
321 if (signature_size > max_signature_size) {
322 LOG(ERROR) << "Signature size mismatch, actual " << signature_size
323 << ", expected <= " << max_signature_size;
324 return false;
325 }
326 signature.resize(signature_size);
327 result->swap(signature);
328 return true;
329 }
330
331 // Check that a generated signature for a given message matches
332 // OpenSSL output byte-by-byte.
333 // |message| is the input message.
334 // |signature| is the generated signature for the message.
335 // |openssl_key| is a raw EVP_PKEY for the same private key than the
336 // one which was used to generate the signature.
337 // Returns true on success, false otherwise.
338 bool CompareSignatureWithOpenSSL(const base::StringPiece& message,
339 const base::StringPiece& signature,
340 EVP_PKEY* openssl_key) {
341 std::string openssl_signature;
342 SignWithOpenSSL(message, openssl_key, &openssl_signature);
343
344 if (signature.size() != openssl_signature.size()) {
345 LOG(ERROR) << "Signature size mismatch, actual "
346 << signature.size() << ", expected "
347 << openssl_signature.size();
348 return false;
349 }
350 for (size_t n = 0; n < signature.size(); ++n) {
351 if (openssl_signature[n] != signature[n]) {
352 LOG(ERROR) << "Signature byte mismatch at index " << n
353 << "actual " << signature[n] << ", expected "
354 << openssl_signature[n];
355 LOG(ERROR) << "Actual signature : "
356 << base::HexEncode(signature.data(), signature.size());
357 LOG(ERROR) << "Expected signature: "
358 << base::HexEncode(openssl_signature.data(),
359 openssl_signature.size());
360 return false;
361 }
362 }
363 return true;
364 }
365
366 // Sign a message with our platform API.
367 //
368 // |android_key| is a JNI reference to the platform PrivateKey object.
369 // |openssl_key| is a pointer to an OpenSSL key object for the exact
370 // same key content.
371 // |message| is a message.
372 // |result| will receive the result.
373 void DoKeySigning(jobject android_key,
374 EVP_PKEY* openssl_key,
375 const base::StringPiece& message,
376 std::string* result) {
377 // First, get the platform signature.
378 std::vector<uint8> android_signature;
379 ASSERT_TRUE(
380 RawSignDigestWithPrivateKey(android_key,
381 message,
382 &android_signature));
383
384 result->assign(
385 reinterpret_cast<const char*>(&android_signature[0]),
386 android_signature.size());
387 }
388
389 // Sign a message with our OpenSSL EVP_PKEY wrapper around platform
390 // APIS.
391 //
392 // |android_key| is a JNI reference to the platform PrivateKey object.
393 // |openssl_key| is a pointer to an OpenSSL key object for the exact
394 // same key content.
395 // |message| is a message.
396 // |result| will receive the result.
397 void DoKeySigningWithWrapper(EVP_PKEY* wrapper_key,
398 EVP_PKEY* openssl_key,
399 const base::StringPiece& message,
400 std::string* result) {
401 // First, get the platform signature.
402 std::string wrapper_signature;
403 SignWithOpenSSL(message, wrapper_key, &wrapper_signature);
404 ASSERT_NE(0U, wrapper_signature.size());
405
406 result->assign(
407 reinterpret_cast<const char*>(&wrapper_signature[0]),
408 wrapper_signature.size());
409 }
410
411 } // namespace
412
413 TEST(AndroidKeyStore,GetRSAKeyModulus) {
414 crypto::OpenSSLErrStackTracer err_trace(FROM_HERE);
415 InitEnv();
416
417 // Load the test RSA key.
418 crypto::ScopedEVP_PKEY pkey(ImportPrivateKeyFile(kTestRsaKeyFile));
419 ASSERT_TRUE(pkey.get());
420
421 // Convert it to encoded PKCS#8 bytes.
422 std::string pkcs8_data;
423 ASSERT_TRUE(GetPrivateKeyPkcs8Bytes(pkey, &pkcs8_data));
424
425 // Create platform PrivateKey object from it.
426 ScopedJava key_java = GetPKCS8PrivateKeyJava(PRIVATE_KEY_TYPE_RSA,
427 pkcs8_data);
428 ASSERT_FALSE(key_java.is_null());
429
430 // Retrieve the corresponding modulus through JNI
431 std::vector<uint8> modulus_java;
432 ASSERT_TRUE(GetRSAKeyModulus(key_java.obj(), &modulus_java));
433
434 // Create an OpenSSL BIGNUM from it.
435 crypto::ScopedBIGNUM bn(
436 BN_bin2bn(reinterpret_cast<const unsigned char*>(&modulus_java[0]),
437 static_cast<int>(modulus_java.size()),
438 NULL));
439 ASSERT_TRUE(bn.get());
440
441 // Compare it to the one in the RSA key, they must be identical.
442 crypto::ScopedRSA rsa(EVP_PKEY_get1_RSA(pkey.get()));
443 ASSERT_TRUE(rsa.get()) << GetOpenSSLErrorString();
444
445 ASSERT_EQ(0, BN_cmp(bn.get(), rsa.get()->n));
446 }
447
448 TEST(AndroidKeyStore,GetPrivateKeyTypeRSA) {
449 crypto::OpenSSLErrStackTracer err_trace(FROM_HERE);
450
451 ScopedJava rsa_key = GetRSATestKeyJava();
452 ASSERT_FALSE(rsa_key.is_null());
453 EXPECT_EQ(PRIVATE_KEY_TYPE_RSA,
454 GetPrivateKeyType(rsa_key.obj()));
455 }
456
457 TEST(AndroidKeyStore,SignWithPrivateKeyRSA) {
458 ScopedJava rsa_key = GetRSATestKeyJava();
459 ASSERT_FALSE(rsa_key.is_null());
460
461 if (IsOnAndroidOlderThan_4_2()) {
462 LOG(INFO) << "This test can't run on Android < 4.2";
463 return;
464 }
465
466 crypto::ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestRsaKeyFile));
467 ASSERT_TRUE(openssl_key.get());
468
469 std::string message = kTestRsaHash;
470 ASSERT_EQ(36U, message.size());
471
472 std::string signature;
473 DoKeySigning(rsa_key.obj(), openssl_key.get(), message, &signature);
474 ASSERT_TRUE(
475 CompareSignatureWithOpenSSL(message, signature, openssl_key.get()));
476 // All good.
477 }
478
479 TEST(AndroidKeyStore,SignWithWrapperKeyRSA) {
480 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
481
482 ScopedJava rsa_key = GetRSATestKeyJava();
483 ASSERT_FALSE(rsa_key.is_null());
484
485 crypto::ScopedEVP_PKEY wrapper_key(
486 GetOpenSSLPrivateKeyWrapper(rsa_key.obj()));
487 ASSERT_TRUE(wrapper_key.get() != NULL);
488
489 crypto::ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestRsaKeyFile));
490 ASSERT_TRUE(openssl_key.get());
491
492 // Check that RSA_size() works properly on the wrapper key.
493 EXPECT_EQ(EVP_PKEY_size(openssl_key.get()),
494 EVP_PKEY_size(wrapper_key.get()));
495
496 // Message size must be 36 for RSA_sign(NID_md5_sha1,...) to return
497 // without an error.
498 std::string message = kTestRsaHash;
499 ASSERT_EQ(36U, message.size());
500
501 std::string signature;
502 DoKeySigningWithWrapper(wrapper_key.get(),
503 openssl_key.get(),
504 message,
505 &signature);
506 ASSERT_TRUE(
507 CompareSignatureWithOpenSSL(message, signature, openssl_key.get()));
508 }
509
510 TEST(AndroidKeyStore,GetPrivateKeyTypeECDSA) {
511 crypto::OpenSSLErrStackTracer err_trace(FROM_HERE);
512
513 ScopedJava ecdsa_key = GetECDSATestKeyJava();
514 ASSERT_FALSE(ecdsa_key.is_null());
515 EXPECT_EQ(PRIVATE_KEY_TYPE_ECDSA,
516 GetPrivateKeyType(ecdsa_key.obj()));
517 }
518
519 TEST(AndroidKeyStore,SignWithPrivateKeyECDSA) {
520 ScopedJava ecdsa_key = GetECDSATestKeyJava();
521 ASSERT_FALSE(ecdsa_key.is_null());
522
523 crypto::ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestEcdsaKeyFile));
524 ASSERT_TRUE(openssl_key.get());
525
526 std::string message = kTestEcdsaHash;
527 std::string signature;
528 DoKeySigning(ecdsa_key.obj(), openssl_key.get(), message, &signature);
529 ASSERT_TRUE(VerifyTestECDSASignature(message, signature));
530 }
531
532 TEST(AndroidKeyStore, SignWithWrapperKeyECDSA) {
533 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
534
535 ScopedJava ecdsa_key = GetECDSATestKeyJava();
536 ASSERT_FALSE(ecdsa_key.is_null());
537
538 crypto::ScopedEVP_PKEY wrapper_key(
539 GetOpenSSLPrivateKeyWrapper(ecdsa_key.obj()));
540 ASSERT_TRUE(wrapper_key.get());
541
542 crypto::ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestEcdsaKeyFile));
543 ASSERT_TRUE(openssl_key.get());
544
545 // Check that ECDSA size works correctly on the wrapper.
546 EXPECT_EQ(EVP_PKEY_size(openssl_key.get()),
547 EVP_PKEY_size(wrapper_key.get()));
548
549 std::string message = kTestEcdsaHash;
550 std::string signature;
551 DoKeySigningWithWrapper(wrapper_key.get(),
552 openssl_key.get(),
553 message,
554 &signature);
555 ASSERT_TRUE(VerifyTestECDSASignature(message, signature));
556 }
557
558 } // namespace android
559 } // namespace net