net/quic/test_tools/crypto_test_utils_openssl.cc

   1 // Copyright 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "net/quic/test_tools/crypto_test_utils.h"
   6
   7 #include <openssl/bn.h>
   8 #include <openssl/ec.h>
   9 #include <openssl/ecdsa.h>
  10 #include <openssl/evp.h>
  11 #include <openssl/obj_mac.h>
  12 #include <openssl/sha.h>
  13
  14 #include "crypto/openssl_util.h"
  15 #include "crypto/scoped_openssl_types.h"
  16 #include "crypto/secure_hash.h"
  17 #include "net/quic/crypto/channel_id.h"
  18
  19 using base::StringPiece;
  20 using std::string;
  21
  22 namespace net {
  23
  24 namespace test {
  25
  26 class TestChannelIDKey : public ChannelIDKey {
  27  public:
  28   explicit TestChannelIDKey(EVP_PKEY* ecdsa_key) : ecdsa_key_(ecdsa_key) {}
  29   ~TestChannelIDKey() override {}
  30
  31   // ChannelIDKey implementation.
  32
  33   bool Sign(StringPiece signed_data, string* out_signature) const override {
  34     crypto::ScopedEVP_MD_CTX md_ctx(EVP_MD_CTX_create());
  35     if (!md_ctx ||
  36         EVP_DigestSignInit(md_ctx.get(), nullptr, EVP_sha256(), nullptr,
  37                            ecdsa_key_.get()) != 1) {
  38       return false;
  39     }
  40
  41     EVP_DigestUpdate(md_ctx.get(), ChannelIDVerifier::kContextStr,
  42                      strlen(ChannelIDVerifier::kContextStr) + 1);
  43     EVP_DigestUpdate(md_ctx.get(), ChannelIDVerifier::kClientToServerStr,
  44                      strlen(ChannelIDVerifier::kClientToServerStr) + 1);
  45     EVP_DigestUpdate(md_ctx.get(), signed_data.data(), signed_data.size());
  46
  47     size_t sig_len;
  48     if (!EVP_DigestSignFinal(md_ctx.get(), nullptr, &sig_len)) {
  49       return false;
  50     }
  51
  52     scoped_ptr<uint8[]> der_sig(new uint8[sig_len]);
  53     if (!EVP_DigestSignFinal(md_ctx.get(), der_sig.get(), &sig_len)) {
  54       return false;
  55     }
  56
  57     uint8* derp = der_sig.get();
  58     crypto::ScopedECDSA_SIG sig(
  59         d2i_ECDSA_SIG(nullptr, const_cast<const uint8**>(&derp), sig_len));
  60     if (sig.get() == nullptr) {
  61       return false;
  62     }
  63
  64     // The signature consists of a pair of 32-byte numbers.
  65     static const size_t kSignatureLength = 32 * 2;
  66     scoped_ptr<uint8[]> signature(new uint8[kSignatureLength]);
  67     if (!BN_bn2bin_padded(&signature[0], 32, sig->r) ||
  68         !BN_bn2bin_padded(&signature[32], 32, sig->s)) {
  69       return false;
  70     }
  71
  72     *out_signature = string(reinterpret_cast<char*>(signature.get()),
  73                             kSignatureLength);
  74
  75     return true;
  76   }
  77
  78   string SerializeKey() const override {
  79     // i2d_PublicKey will produce an ANSI X9.62 public key which, for a P-256
  80     // key, is 0x04 (meaning uncompressed) followed by the x and y field
  81     // elements as 32-byte, big-endian numbers.
  82     static const int kExpectedKeyLength = 65;
  83
  84     int len = i2d_PublicKey(ecdsa_key_.get(), nullptr);
  85     if (len != kExpectedKeyLength) {
  86       return "";
  87     }
  88
  89     uint8 buf[kExpectedKeyLength];
  90     uint8* derp = buf;
  91     i2d_PublicKey(ecdsa_key_.get(), &derp);
  92
  93     return string(reinterpret_cast<char*>(buf + 1), kExpectedKeyLength - 1);
  94   }
  95
  96  private:
  97   crypto::ScopedEVP_PKEY ecdsa_key_;
  98 };
  99
 100 class TestChannelIDSource : public ChannelIDSource {
 101  public:
 102   ~TestChannelIDSource() override {}
 103
 104   // ChannelIDSource implementation.
 105
 106   QuicAsyncStatus GetChannelIDKey(
 107       const string& hostname,
 108       scoped_ptr<ChannelIDKey>* channel_id_key,
 109       ChannelIDSourceCallback* /*callback*/) override {
 110     channel_id_key->reset(new TestChannelIDKey(HostnameToKey(hostname)));
 111     return QUIC_SUCCESS;
 112   }
 113
 114  private:
 115   static EVP_PKEY* HostnameToKey(const string& hostname) {
 116     // In order to generate a deterministic key for a given hostname the
 117     // hostname is hashed with SHA-256 and the resulting digest is treated as a
 118     // big-endian number. The most-significant bit is cleared to ensure that
 119     // the resulting value is less than the order of the group and then it's
 120     // taken as a private key. Given the private key, the public key is
 121     // calculated with a group multiplication.
 122     SHA256_CTX sha256;
 123     SHA256_Init(&sha256);
 124     SHA256_Update(&sha256, hostname.data(), hostname.size());
 125
 126     unsigned char digest[SHA256_DIGEST_LENGTH];
 127     SHA256_Final(digest, &sha256);
 128
 129     // Ensure that the digest is less than the order of the P-256 group by
 130     // clearing the most-significant bit.
 131     digest[0] &= 0x7f;
 132
 133     crypto::ScopedBIGNUM k(BN_new());
 134     CHECK(BN_bin2bn(digest, sizeof(digest), k.get()) != nullptr);
 135
 136     crypto::ScopedEC_GROUP p256(
 137         EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1));
 138     CHECK(p256);
 139
 140     crypto::ScopedEC_KEY ecdsa_key(EC_KEY_new());
 141     CHECK(ecdsa_key && EC_KEY_set_group(ecdsa_key.get(), p256.get()));
 142
 143     crypto::ScopedEC_POINT point(EC_POINT_new(p256.get()));
 144     CHECK(EC_POINT_mul(p256.get(), point.get(), k.get(), nullptr, nullptr,
 145                        nullptr));
 146
 147     EC_KEY_set_private_key(ecdsa_key.get(), k.get());
 148     EC_KEY_set_public_key(ecdsa_key.get(), point.get());
 149
 150     crypto::ScopedEVP_PKEY pkey(EVP_PKEY_new());
 151     // EVP_PKEY_set1_EC_KEY takes a reference so no |release| here.
 152     EVP_PKEY_set1_EC_KEY(pkey.get(), ecdsa_key.get());
 153
 154     return pkey.release();
 155   }
 156 };
 157
 158 // static
 159 ChannelIDSource* CryptoTestUtils::ChannelIDSourceForTesting() {
 160   return new TestChannelIDSource();
 161 }
 162
 163 }  // namespace test
 164
 165 }  // namespace net