Merge Chromium + Blink git repositories
[chromium-blink-merge.git] / net / android / keystore_unittest.cc
blobb7eb083b39d75d10799c7b0dc6c48ac60cfe721c
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include <openssl/bn.h>
6 #include <openssl/dsa.h>
7 #include <openssl/ecdsa.h>
8 #include <openssl/err.h>
9 #include <openssl/evp.h>
10 #include <openssl/pem.h>
11 #include <openssl/rsa.h>
12 #include <openssl/x509.h>
14 #include "base/android/build_info.h"
15 #include "base/android/jni_android.h"
16 #include "base/android/jni_array.h"
17 #include "base/android/scoped_java_ref.h"
18 #include "base/bind.h"
19 #include "base/callback.h"
20 #include "base/compiler_specific.h"
21 #include "base/files/file_path.h"
22 #include "base/files/file_util.h"
23 #include "base/files/scoped_file.h"
24 #include "base/strings/string_number_conversions.h"
25 #include "base/strings/string_util.h"
26 #include "crypto/openssl_util.h"
27 #include "net/android/keystore.h"
28 #include "net/android/keystore_openssl.h"
29 #include "net/base/test_data_directory.h"
30 #include "net/ssl/scoped_openssl_types.h"
31 #include "net/test/jni/AndroidKeyStoreTestUtil_jni.h"
32 #include "testing/gtest/include/gtest/gtest.h"
34 // Technical note:
36 // This source file not only checks that signing with
37 // RawSignDigestWithPrivateKey() works correctly, it also verifies that
38 // the generated signature matches 100% of what OpenSSL generates when
39 // calling RSA_sign(NID_md5_sha1,...), DSA_sign(0, ...) or
40 // ECDSA_sign(0, ...).
42 // That's crucial to ensure that this function can later be used to
43 // implement client certificate support. More specifically, that it is
44 // possible to create a custom EVP_PKEY that uses
45 // RawSignDigestWithPrivateKey() internally to perform RSA/DSA/ECDSA
46 // signing, as invoked by the OpenSSL code at
47 // openssl/ssl/s3_clnt.c:ssl3_send_client_verify().
49 // For more details, read the comments in AndroidKeyStore.java.
51 // Finally, it also checks that using the EVP_PKEY generated with
52 // GetOpenSSLPrivateKeyWrapper() works correctly.
54 namespace net {
55 namespace android {
57 namespace {
59 typedef base::android::ScopedJavaLocalRef<jobject> ScopedJava;
61 JNIEnv* InitEnv() {
62 JNIEnv* env = base::android::AttachCurrentThread();
63 static bool inited = false;
64 if (!inited) {
65 RegisterNativesImpl(env);
66 inited = true;
68 return env;
71 // Returns true if running on an Android version older than 4.2
72 bool IsOnAndroidOlderThan_4_2(void) {
73 const int kAndroid42ApiLevel = 17;
74 int level = base::android::BuildInfo::GetInstance()->sdk_int();
75 return level < kAndroid42ApiLevel;
78 // Implements the callback expected by ERR_print_errors_cb().
79 // used by GetOpenSSLErrorString below.
80 int openssl_print_error_callback(const char* msg, size_t msglen, void* u) {
81 std::string* result = reinterpret_cast<std::string*>(u);
82 result->append(msg, msglen);
83 return 1;
86 // Retrieves the OpenSSL error as a string
87 std::string GetOpenSSLErrorString(void) {
88 std::string result;
89 ERR_print_errors_cb(openssl_print_error_callback, &result);
90 return result;
93 // Resize a string to |size| bytes of data, then return its data buffer
94 // address cast as an 'unsigned char*', as expected by OpenSSL functions.
95 // |str| the target string.
96 // |size| the number of bytes to write into the string.
97 // Return the string's new buffer in memory, as an 'unsigned char*'
98 // pointer.
99 unsigned char* OpenSSLWriteInto(std::string* str, size_t size) {
100 return reinterpret_cast<unsigned char*>(base::WriteInto(str, size + 1));
103 // Load a given private key file into an EVP_PKEY.
104 // |filename| is the key file path.
105 // Returns a new EVP_PKEY on success, NULL on failure.
106 EVP_PKEY* ImportPrivateKeyFile(const char* filename) {
107 // Load file in memory.
108 base::FilePath certs_dir = GetTestCertsDirectory();
109 base::FilePath file_path = certs_dir.AppendASCII(filename);
110 base::ScopedFILE handle(base::OpenFile(file_path, "rb"));
111 if (!handle.get()) {
112 LOG(ERROR) << "Could not open private key file: " << filename;
113 return NULL;
115 // Assume it is PEM_encoded. Load it as an EVP_PKEY.
116 EVP_PKEY* pkey = PEM_read_PrivateKey(handle.get(), NULL, NULL, NULL);
117 if (!pkey) {
118 LOG(ERROR) << "Could not load public key file: " << filename
119 << ", " << GetOpenSSLErrorString();
120 return NULL;
122 return pkey;
125 // Convert a private key into its PKCS#8 encoded representation.
126 // |pkey| is the EVP_PKEY handle for the private key.
127 // |pkcs8| will receive the PKCS#8 bytes.
128 // Returns true on success, false otherwise.
129 bool GetPrivateKeyPkcs8Bytes(const crypto::ScopedEVP_PKEY& pkey,
130 std::string* pkcs8) {
131 // Convert to PKCS#8 object.
132 ScopedPKCS8_PRIV_KEY_INFO p8_info(EVP_PKEY2PKCS8(pkey.get()));
133 if (!p8_info.get()) {
134 LOG(ERROR) << "Can't get PKCS#8 private key from EVP_PKEY: "
135 << GetOpenSSLErrorString();
136 return false;
139 // Then convert it
140 int len = i2d_PKCS8_PRIV_KEY_INFO(p8_info.get(), NULL);
141 unsigned char* p = OpenSSLWriteInto(pkcs8, static_cast<size_t>(len));
142 i2d_PKCS8_PRIV_KEY_INFO(p8_info.get(), &p);
143 return true;
146 bool ImportPrivateKeyFileAsPkcs8(const char* filename,
147 std::string* pkcs8) {
148 crypto::ScopedEVP_PKEY pkey(ImportPrivateKeyFile(filename));
149 if (!pkey.get())
150 return false;
151 return GetPrivateKeyPkcs8Bytes(pkey, pkcs8);
154 // Same as ImportPrivateKey, but for public ones.
155 EVP_PKEY* ImportPublicKeyFile(const char* filename) {
156 // Load file as PEM data.
157 base::FilePath certs_dir = GetTestCertsDirectory();
158 base::FilePath file_path = certs_dir.AppendASCII(filename);
159 base::ScopedFILE handle(base::OpenFile(file_path, "rb"));
160 if (!handle.get()) {
161 LOG(ERROR) << "Could not open public key file: " << filename;
162 return NULL;
164 EVP_PKEY* pkey = PEM_read_PUBKEY(handle.get(), NULL, NULL, NULL);
165 if (!pkey) {
166 LOG(ERROR) << "Could not load public key file: " << filename
167 << ", " << GetOpenSSLErrorString();
168 return NULL;
170 return pkey;
173 // Retrieve a JNI local ref from encoded PKCS#8 data.
174 ScopedJava GetPKCS8PrivateKeyJava(PrivateKeyType key_type,
175 const std::string& pkcs8_key) {
176 JNIEnv* env = InitEnv();
177 base::android::ScopedJavaLocalRef<jbyteArray> bytes(
178 base::android::ToJavaByteArray(
179 env, reinterpret_cast<const uint8_t*>(pkcs8_key.data()),
180 pkcs8_key.size()));
182 ScopedJava key(
183 Java_AndroidKeyStoreTestUtil_createPrivateKeyFromPKCS8(
184 env, key_type, bytes.obj()));
186 return key;
189 const char kTestRsaKeyFile[] = "android-test-key-rsa.pem";
191 // The RSA test hash must be 36 bytes exactly.
192 const char kTestRsaHash[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
194 // Retrieve a JNI local ref for our test RSA key.
195 ScopedJava GetRSATestKeyJava() {
196 std::string key;
197 if (!ImportPrivateKeyFileAsPkcs8(kTestRsaKeyFile, &key))
198 return ScopedJava();
199 return GetPKCS8PrivateKeyJava(PRIVATE_KEY_TYPE_RSA, key);
202 const char kTestEcdsaKeyFile[] = "android-test-key-ecdsa.pem";
203 const char kTestEcdsaPublicKeyFile[] = "android-test-key-ecdsa-public.pem";
205 // The test hash for ECDSA keys must be 20 bytes exactly.
206 const char kTestEcdsaHash[] = "0123456789ABCDEFGHIJ";
208 // Retrieve a JNI local ref for our test ECDSA key.
209 ScopedJava GetECDSATestKeyJava() {
210 std::string key;
211 if (!ImportPrivateKeyFileAsPkcs8(kTestEcdsaKeyFile, &key))
212 return ScopedJava();
213 return GetPKCS8PrivateKeyJava(PRIVATE_KEY_TYPE_ECDSA, key);
216 // Call this function to verify that one message signed with our
217 // test ECDSA private key is correct. Since ECDSA signing introduces
218 // random elements in the signature, it is not possible to compare
219 // signature bits directly. However, one can use the public key
220 // to do the check.
221 bool VerifyTestECDSASignature(const base::StringPiece& message,
222 const base::StringPiece& signature) {
223 crypto::ScopedEVP_PKEY pkey(ImportPublicKeyFile(kTestEcdsaPublicKeyFile));
224 if (!pkey.get())
225 return false;
226 crypto::ScopedEC_KEY pub_key(EVP_PKEY_get1_EC_KEY(pkey.get()));
227 if (!pub_key.get()) {
228 LOG(ERROR) << "Could not get ECDSA public key: "
229 << GetOpenSSLErrorString();
230 return false;
233 const unsigned char* digest =
234 reinterpret_cast<const unsigned char*>(message.data());
235 int digest_len = static_cast<int>(message.size());
236 const unsigned char* sigbuf =
237 reinterpret_cast<const unsigned char*>(signature.data());
238 int siglen = static_cast<int>(signature.size());
240 int ret = ECDSA_verify(
241 0, digest, digest_len, sigbuf, siglen, pub_key.get());
242 if (ret != 1) {
243 LOG(ERROR) << "ECDSA_verify() failed: " << GetOpenSSLErrorString();
244 return false;
246 return true;
249 // Sign a message with OpenSSL, return the result as a string.
250 // |message| is the message to be signed.
251 // |openssl_key| is an OpenSSL EVP_PKEY to use.
252 // |result| receives the result.
253 // Returns true on success, false otherwise.
254 bool SignWithOpenSSL(const base::StringPiece& message,
255 EVP_PKEY* openssl_key,
256 std::string* result) {
257 const unsigned char* digest =
258 reinterpret_cast<const unsigned char*>(message.data());
259 unsigned int digest_len = static_cast<unsigned int>(message.size());
260 std::string signature;
261 size_t signature_size;
262 size_t max_signature_size;
263 int key_type = EVP_PKEY_id(openssl_key);
264 switch (key_type) {
265 case EVP_PKEY_RSA:
267 crypto::ScopedRSA rsa(EVP_PKEY_get1_RSA(openssl_key));
268 if (!rsa.get()) {
269 LOG(ERROR) << "Could not get RSA from EVP_PKEY: "
270 << GetOpenSSLErrorString();
271 return false;
273 // With RSA, the signature will always be RSA_size() bytes.
274 max_signature_size = static_cast<size_t>(RSA_size(rsa.get()));
275 unsigned char* p = OpenSSLWriteInto(&signature,
276 max_signature_size);
277 unsigned int p_len = 0;
278 int ret = RSA_sign(
279 NID_md5_sha1, digest, digest_len, p, &p_len, rsa.get());
280 if (ret != 1) {
281 LOG(ERROR) << "RSA_sign() failed: " << GetOpenSSLErrorString();
282 return false;
284 signature_size = static_cast<size_t>(p_len);
285 break;
287 case EVP_PKEY_EC:
289 crypto::ScopedEC_KEY ecdsa(EVP_PKEY_get1_EC_KEY(openssl_key));
290 if (!ecdsa.get()) {
291 LOG(ERROR) << "Could not get EC_KEY from EVP_PKEY: "
292 << GetOpenSSLErrorString();
293 return false;
295 // Note, the actual signature can be smaller than ECDSA_size()
296 max_signature_size = ECDSA_size(ecdsa.get());
297 unsigned char* p = OpenSSLWriteInto(&signature,
298 max_signature_size);
299 unsigned int p_len = 0;
300 // Note: first parameter is ignored by function.
301 int ret = ECDSA_sign(
302 0, digest, digest_len, p, &p_len, ecdsa.get());
303 if (ret != 1) {
304 LOG(ERROR) << "ECDSA_sign() fialed: " << GetOpenSSLErrorString();
305 return false;
307 signature_size = static_cast<size_t>(p_len);
308 break;
310 default:
311 LOG(WARNING) << "Invalid OpenSSL key type: " << key_type;
312 return false;
315 if (signature_size == 0) {
316 LOG(ERROR) << "Signature is empty!";
317 return false;
319 if (signature_size > max_signature_size) {
320 LOG(ERROR) << "Signature size mismatch, actual " << signature_size
321 << ", expected <= " << max_signature_size;
322 return false;
324 signature.resize(signature_size);
325 result->swap(signature);
326 return true;
329 // Check that a generated signature for a given message matches
330 // OpenSSL output byte-by-byte.
331 // |message| is the input message.
332 // |signature| is the generated signature for the message.
333 // |openssl_key| is a raw EVP_PKEY for the same private key than the
334 // one which was used to generate the signature.
335 // Returns true on success, false otherwise.
336 bool CompareSignatureWithOpenSSL(const base::StringPiece& message,
337 const base::StringPiece& signature,
338 EVP_PKEY* openssl_key) {
339 std::string openssl_signature;
340 SignWithOpenSSL(message, openssl_key, &openssl_signature);
342 if (signature.size() != openssl_signature.size()) {
343 LOG(ERROR) << "Signature size mismatch, actual "
344 << signature.size() << ", expected "
345 << openssl_signature.size();
346 return false;
348 for (size_t n = 0; n < signature.size(); ++n) {
349 if (openssl_signature[n] != signature[n]) {
350 LOG(ERROR) << "Signature byte mismatch at index " << n
351 << "actual " << signature[n] << ", expected "
352 << openssl_signature[n];
353 LOG(ERROR) << "Actual signature : "
354 << base::HexEncode(signature.data(), signature.size());
355 LOG(ERROR) << "Expected signature: "
356 << base::HexEncode(openssl_signature.data(),
357 openssl_signature.size());
358 return false;
361 return true;
364 // Sign a message with our platform API.
366 // |android_key| is a JNI reference to the platform PrivateKey object.
367 // |openssl_key| is a pointer to an OpenSSL key object for the exact
368 // same key content.
369 // |message| is a message.
370 // |result| will receive the result.
371 void DoKeySigning(jobject android_key,
372 EVP_PKEY* openssl_key,
373 const base::StringPiece& message,
374 std::string* result) {
375 // First, get the platform signature.
376 std::vector<uint8_t> android_signature;
377 ASSERT_TRUE(
378 RawSignDigestWithPrivateKey(android_key,
379 message,
380 &android_signature));
382 result->assign(
383 reinterpret_cast<const char*>(&android_signature[0]),
384 android_signature.size());
387 // Sign a message with our OpenSSL EVP_PKEY wrapper around platform
388 // APIS.
390 // |android_key| is a JNI reference to the platform PrivateKey object.
391 // |openssl_key| is a pointer to an OpenSSL key object for the exact
392 // same key content.
393 // |message| is a message.
394 // |result| will receive the result.
395 void DoKeySigningWithWrapper(EVP_PKEY* wrapper_key,
396 EVP_PKEY* openssl_key,
397 const base::StringPiece& message,
398 std::string* result) {
399 // First, get the platform signature.
400 std::string wrapper_signature;
401 SignWithOpenSSL(message, wrapper_key, &wrapper_signature);
402 ASSERT_NE(0U, wrapper_signature.size());
404 result->assign(
405 reinterpret_cast<const char*>(&wrapper_signature[0]),
406 wrapper_signature.size());
409 } // namespace
411 TEST(AndroidKeyStore,GetRSAKeyModulus) {
412 crypto::OpenSSLErrStackTracer err_trace(FROM_HERE);
413 InitEnv();
415 // Load the test RSA key.
416 crypto::ScopedEVP_PKEY pkey(ImportPrivateKeyFile(kTestRsaKeyFile));
417 ASSERT_TRUE(pkey.get());
419 // Convert it to encoded PKCS#8 bytes.
420 std::string pkcs8_data;
421 ASSERT_TRUE(GetPrivateKeyPkcs8Bytes(pkey, &pkcs8_data));
423 // Create platform PrivateKey object from it.
424 ScopedJava key_java = GetPKCS8PrivateKeyJava(PRIVATE_KEY_TYPE_RSA,
425 pkcs8_data);
426 ASSERT_FALSE(key_java.is_null());
428 // Retrieve the corresponding modulus through JNI
429 std::vector<uint8_t> modulus_java;
430 ASSERT_TRUE(GetRSAKeyModulus(key_java.obj(), &modulus_java));
432 // Create an OpenSSL BIGNUM from it.
433 crypto::ScopedBIGNUM bn(
434 BN_bin2bn(reinterpret_cast<const unsigned char*>(&modulus_java[0]),
435 static_cast<int>(modulus_java.size()),
436 NULL));
437 ASSERT_TRUE(bn.get());
439 // Compare it to the one in the RSA key, they must be identical.
440 crypto::ScopedRSA rsa(EVP_PKEY_get1_RSA(pkey.get()));
441 ASSERT_TRUE(rsa.get()) << GetOpenSSLErrorString();
443 ASSERT_EQ(0, BN_cmp(bn.get(), rsa.get()->n));
446 TEST(AndroidKeyStore,GetPrivateKeyTypeRSA) {
447 crypto::OpenSSLErrStackTracer err_trace(FROM_HERE);
449 ScopedJava rsa_key = GetRSATestKeyJava();
450 ASSERT_FALSE(rsa_key.is_null());
451 EXPECT_EQ(PRIVATE_KEY_TYPE_RSA,
452 GetPrivateKeyType(rsa_key.obj()));
455 TEST(AndroidKeyStore,SignWithPrivateKeyRSA) {
456 ScopedJava rsa_key = GetRSATestKeyJava();
457 ASSERT_FALSE(rsa_key.is_null());
459 if (IsOnAndroidOlderThan_4_2()) {
460 LOG(INFO) << "This test can't run on Android < 4.2";
461 return;
464 crypto::ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestRsaKeyFile));
465 ASSERT_TRUE(openssl_key.get());
467 std::string message = kTestRsaHash;
468 ASSERT_EQ(36U, message.size());
470 std::string signature;
471 DoKeySigning(rsa_key.obj(), openssl_key.get(), message, &signature);
472 ASSERT_TRUE(
473 CompareSignatureWithOpenSSL(message, signature, openssl_key.get()));
474 // All good.
477 TEST(AndroidKeyStore,SignWithWrapperKeyRSA) {
478 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
480 ScopedJava rsa_key = GetRSATestKeyJava();
481 ASSERT_FALSE(rsa_key.is_null());
483 crypto::ScopedEVP_PKEY wrapper_key(
484 GetOpenSSLPrivateKeyWrapper(rsa_key.obj()));
485 ASSERT_TRUE(wrapper_key.get() != NULL);
487 crypto::ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestRsaKeyFile));
488 ASSERT_TRUE(openssl_key.get());
490 // Check that RSA_size() works properly on the wrapper key.
491 EXPECT_EQ(EVP_PKEY_size(openssl_key.get()),
492 EVP_PKEY_size(wrapper_key.get()));
494 // Message size must be 36 for RSA_sign(NID_md5_sha1,...) to return
495 // without an error.
496 std::string message = kTestRsaHash;
497 ASSERT_EQ(36U, message.size());
499 std::string signature;
500 DoKeySigningWithWrapper(wrapper_key.get(),
501 openssl_key.get(),
502 message,
503 &signature);
504 ASSERT_TRUE(
505 CompareSignatureWithOpenSSL(message, signature, openssl_key.get()));
508 TEST(AndroidKeyStore,GetPrivateKeyTypeECDSA) {
509 crypto::OpenSSLErrStackTracer err_trace(FROM_HERE);
511 ScopedJava ecdsa_key = GetECDSATestKeyJava();
512 ASSERT_FALSE(ecdsa_key.is_null());
513 EXPECT_EQ(PRIVATE_KEY_TYPE_ECDSA,
514 GetPrivateKeyType(ecdsa_key.obj()));
517 TEST(AndroidKeyStore,SignWithPrivateKeyECDSA) {
518 ScopedJava ecdsa_key = GetECDSATestKeyJava();
519 ASSERT_FALSE(ecdsa_key.is_null());
521 crypto::ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestEcdsaKeyFile));
522 ASSERT_TRUE(openssl_key.get());
524 std::string message = kTestEcdsaHash;
525 std::string signature;
526 DoKeySigning(ecdsa_key.obj(), openssl_key.get(), message, &signature);
527 ASSERT_TRUE(VerifyTestECDSASignature(message, signature));
530 TEST(AndroidKeyStore, SignWithWrapperKeyECDSA) {
531 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
533 ScopedJava ecdsa_key = GetECDSATestKeyJava();
534 ASSERT_FALSE(ecdsa_key.is_null());
536 crypto::ScopedEVP_PKEY wrapper_key(
537 GetOpenSSLPrivateKeyWrapper(ecdsa_key.obj()));
538 ASSERT_TRUE(wrapper_key.get());
540 crypto::ScopedEVP_PKEY openssl_key(ImportPrivateKeyFile(kTestEcdsaKeyFile));
541 ASSERT_TRUE(openssl_key.get());
543 // Check that ECDSA size works correctly on the wrapper.
544 EXPECT_EQ(EVP_PKEY_size(openssl_key.get()),
545 EVP_PKEY_size(wrapper_key.get()));
547 std::string message = kTestEcdsaHash;
548 std::string signature;
549 DoKeySigningWithWrapper(wrapper_key.get(),
550 openssl_key.get(),
551 message,
552 &signature);
553 ASSERT_TRUE(VerifyTestECDSASignature(message, signature));
556 } // namespace android
557 } // namespace net