Roll src/third_party/WebKit d9c6159:8139f33 (svn 201974:201975)
[chromium-blink-merge.git] / net / quic / test_tools / crypto_test_utils_openssl.cc
blob64d215d82bf620ae5592f17d5ad93cbce75c7b7e
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "net/quic/test_tools/crypto_test_utils.h"
7 #include <openssl/bn.h>
8 #include <openssl/ec.h>
9 #include <openssl/ecdsa.h>
10 #include <openssl/evp.h>
11 #include <openssl/obj_mac.h>
12 #include <openssl/sha.h>
14 #include "crypto/openssl_util.h"
15 #include "crypto/scoped_openssl_types.h"
16 #include "crypto/secure_hash.h"
17 #include "net/quic/crypto/channel_id.h"
19 using base::StringPiece;
20 using std::string;
22 namespace net {
24 namespace test {
26 class TestChannelIDKey : public ChannelIDKey {
27 public:
28 explicit TestChannelIDKey(EVP_PKEY* ecdsa_key) : ecdsa_key_(ecdsa_key) {}
29 ~TestChannelIDKey() override {}
31 // ChannelIDKey implementation.
33 bool Sign(StringPiece signed_data, string* out_signature) const override {
34 crypto::ScopedEVP_MD_CTX md_ctx(EVP_MD_CTX_create());
35 if (!md_ctx ||
36 EVP_DigestSignInit(md_ctx.get(), nullptr, EVP_sha256(), nullptr,
37 ecdsa_key_.get()) != 1) {
38 return false;
41 EVP_DigestUpdate(md_ctx.get(), ChannelIDVerifier::kContextStr,
42 strlen(ChannelIDVerifier::kContextStr) + 1);
43 EVP_DigestUpdate(md_ctx.get(), ChannelIDVerifier::kClientToServerStr,
44 strlen(ChannelIDVerifier::kClientToServerStr) + 1);
45 EVP_DigestUpdate(md_ctx.get(), signed_data.data(), signed_data.size());
47 size_t sig_len;
48 if (!EVP_DigestSignFinal(md_ctx.get(), nullptr, &sig_len)) {
49 return false;
52 scoped_ptr<uint8[]> der_sig(new uint8[sig_len]);
53 if (!EVP_DigestSignFinal(md_ctx.get(), der_sig.get(), &sig_len)) {
54 return false;
57 uint8* derp = der_sig.get();
58 crypto::ScopedECDSA_SIG sig(
59 d2i_ECDSA_SIG(nullptr, const_cast<const uint8**>(&derp), sig_len));
60 if (sig.get() == nullptr) {
61 return false;
64 // The signature consists of a pair of 32-byte numbers.
65 static const size_t kSignatureLength = 32 * 2;
66 scoped_ptr<uint8[]> signature(new uint8[kSignatureLength]);
67 if (!BN_bn2bin_padded(&signature[0], 32, sig->r) ||
68 !BN_bn2bin_padded(&signature[32], 32, sig->s)) {
69 return false;
72 *out_signature = string(reinterpret_cast<char*>(signature.get()),
73 kSignatureLength);
75 return true;
78 string SerializeKey() const override {
79 // i2d_PublicKey will produce an ANSI X9.62 public key which, for a P-256
80 // key, is 0x04 (meaning uncompressed) followed by the x and y field
81 // elements as 32-byte, big-endian numbers.
82 static const int kExpectedKeyLength = 65;
84 int len = i2d_PublicKey(ecdsa_key_.get(), nullptr);
85 if (len != kExpectedKeyLength) {
86 return "";
89 uint8 buf[kExpectedKeyLength];
90 uint8* derp = buf;
91 i2d_PublicKey(ecdsa_key_.get(), &derp);
93 return string(reinterpret_cast<char*>(buf + 1), kExpectedKeyLength - 1);
96 private:
97 crypto::ScopedEVP_PKEY ecdsa_key_;
100 class TestChannelIDSource : public ChannelIDSource {
101 public:
102 ~TestChannelIDSource() override {}
104 // ChannelIDSource implementation.
106 QuicAsyncStatus GetChannelIDKey(
107 const string& hostname,
108 scoped_ptr<ChannelIDKey>* channel_id_key,
109 ChannelIDSourceCallback* /*callback*/) override {
110 channel_id_key->reset(new TestChannelIDKey(HostnameToKey(hostname)));
111 return QUIC_SUCCESS;
114 private:
115 static EVP_PKEY* HostnameToKey(const string& hostname) {
116 // In order to generate a deterministic key for a given hostname the
117 // hostname is hashed with SHA-256 and the resulting digest is treated as a
118 // big-endian number. The most-significant bit is cleared to ensure that
119 // the resulting value is less than the order of the group and then it's
120 // taken as a private key. Given the private key, the public key is
121 // calculated with a group multiplication.
122 SHA256_CTX sha256;
123 SHA256_Init(&sha256);
124 SHA256_Update(&sha256, hostname.data(), hostname.size());
126 unsigned char digest[SHA256_DIGEST_LENGTH];
127 SHA256_Final(digest, &sha256);
129 // Ensure that the digest is less than the order of the P-256 group by
130 // clearing the most-significant bit.
131 digest[0] &= 0x7f;
133 crypto::ScopedBIGNUM k(BN_new());
134 CHECK(BN_bin2bn(digest, sizeof(digest), k.get()) != nullptr);
136 crypto::ScopedEC_GROUP p256(
137 EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1));
138 CHECK(p256);
140 crypto::ScopedEC_KEY ecdsa_key(EC_KEY_new());
141 CHECK(ecdsa_key && EC_KEY_set_group(ecdsa_key.get(), p256.get()));
143 crypto::ScopedEC_POINT point(EC_POINT_new(p256.get()));
144 CHECK(EC_POINT_mul(p256.get(), point.get(), k.get(), nullptr, nullptr,
145 nullptr));
147 EC_KEY_set_private_key(ecdsa_key.get(), k.get());
148 EC_KEY_set_public_key(ecdsa_key.get(), point.get());
150 crypto::ScopedEVP_PKEY pkey(EVP_PKEY_new());
151 // EVP_PKEY_set1_EC_KEY takes a reference so no |release| here.
152 EVP_PKEY_set1_EC_KEY(pkey.get(), ecdsa_key.get());
154 return pkey.release();
158 // static
159 ChannelIDSource* CryptoTestUtils::ChannelIDSourceForTesting() {
160 return new TestChannelIDSource();
163 } // namespace test
165 } // namespace net