Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(43)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/android/keystore_unittest.cc

Issue 11571059: Add net/android/keystore.h (Closed) Base URL: http://git.chromium.org/chromium/src.git@master
Patch Set: Add DSA + ECDSA test keys and signing tests Created 7 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« net/android/keystore.h ('K') | « net/android/keystore_openssl.cc ('k') | net/android/net_jni_registrar.cc » ('j') | net/net.gyp » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/android/keystore_unittest.cc
diff --git a/net/android/keystore_unittest.cc b/net/android/keystore_unittest.cc
new file mode 100644
index 0000000000000000000000000000000000000000..8716d7328a92416b717fc544e1a3bdbcd9679085
--- /dev/null
+++ b/net/android/keystore_unittest.cc
@@ -0,0 +1,807 @@
+// Copyright (c) 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include <openssl/dsa.h>
+#include <openssl/ecdsa.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/rsa.h>
+#include <openssl/x509.h>
+
+#include "base/android/jni_android.h"
+#include "base/android/jni_array.h"
+#include "base/android/scoped_java_ref.h"
+#include "base/basictypes.h"
+#include "base/bind.h"
+#include "base/callback.h"
+#include "base/compiler_specific.h"
+#include "crypto/openssl_util.h"
+#include "jni/AndroidKeyStoreTestUtil_jni.h"
+#include "net/android/keystore.h"
+#include "net/android/keystore_openssl.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+using base::android::AttachCurrentThread;
+using base::android::ScopedJavaLocalRef;
+using base::android::ToJavaByteArray;
+
+// Technical note:
+//
+// This source file not only checks that signing with SignWithPrivateKey()
+// works correctly, it also verifies that the generated signature matches
+// 100% of what OpenSSL generates when calling RSA_sign(NID_md5_sha1,...),
+// DSA_sign(0, ...) or ECDSA_sign(0, ...).
+//
+// That's crucial to ensure that this function can later be used to
+// implement client certificate support. More specifically, that it is
+// possible to create a custom EVP_PKEY that uses SignWithPrivateKey()
+// internally to perform RSA/DSA/ECDSA signing, as invoked by the
+// OpenSSL code at ssl/s3_clnt.c:ssl3_send_client_verify().
+//
+// Finally, it also checks that using the EVP_PKEY generated with
+// GetOpenSSLPrivateKeyWrapper() works too as well.
+//
+
+namespace net {
+namespace android {
+
+namespace {
+
+JNIEnv* InitEnv() {
+ JNIEnv* env = AttachCurrentThread();
+ static bool inited = false;
+ if (!inited) {
+ RegisterNativesImpl(env);
+ inited = true;
+ }
+ return env;
+}
+
+// Returns true if running on an Android version older than 4.2
+bool IsOnAndroidOlderThan_4_2(void) {
+ JNIEnv* env = InitEnv();
+ const int kAndroid42ApiLevel = 16;
+ int level = Java_AndroidKeyStoreTestUtil_GetSdkApiLevel(env);
+ return level < kAndroid42ApiLevel;
+}
+
+// Implements the callback expected by ERR_print_errors_cb().
+// used by GetOpenSSLErrorString.
+int openssl_print_error_callback(const char* msg, size_t msglen, void* u) {
+ std::string* result = reinterpret_cast<std::string*>(u);
+ result->append(msg, msglen);
+ return 1;
+}
+
+// Retrieve OpenSSL error as a string
+std::string GetOpenSSLErrorString(void) {
+ std::string result;
+ ERR_print_errors_cb(openssl_print_error_callback, &result);
+ return result;
+}
+
+// Retrieve a JNI local ref from encoded PKCS#8 data.
+ScopedJavaLocalRef<jobject> GetPKCS8PrivateKey(
+ SSLClientCertType key_type,
+ const unsigned char* pkcs8_bytes,
+ size_t pkcs8_size) {
+ JNIEnv* env = InitEnv();
+ ScopedJavaLocalRef<jbyteArray> bytes(
+ ToJavaByteArray(env,
+ reinterpret_cast<const uint8*>(pkcs8_bytes),
+ pkcs8_size));
+
+ ScopedJavaLocalRef<jobject> key(
+ Java_AndroidKeyStoreTestUtil_CreatePrivateKeyFromPKCS8(
+ env, key_type, bytes.obj()));
+
+ return key;
+}
+
+// Create an OpenSSL EVP_PKEY object from a PKCS#8 in-memory content.
+EVP_PKEY* GetOpenSSLPKCS8PrivateKey(int type,
+ const unsigned char* key_bytes,
+ size_t key_size) {
+ const unsigned char* p = key_bytes;
+ long p_length = static_cast<long>(key_size);
+ return d2i_PrivateKey(type, NULL, &p, p_length);
+}
+
+// A simple test RSA 2048-bits key, in PKCS#8 format, the following was
+// generated with:
+//
+// openssl genrsa -out key.pem 2048
+// openssl pkcs8 -topk8 -inform PEM -outform DER -in key.pem
+// -out key.pkcs8 -nocrypt
+// xxd -i key.pkcs8
+//
+const unsigned char test_rsa_key_pkcs8[] = {
Ryan Sleevi 2013/01/26 01:51:57 Why can you not just keep these as separate files,
digit1 2013/01/28 10:16:30 Yes, I'll move the data to files.
+ 0x30, 0x82, 0x04, 0xbd, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
+ 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
+ 0x04, 0xa7, 0x30, 0x82, 0x04, 0xa3, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01,
+ 0x01, 0x00, 0xc0, 0x41, 0x18, 0x86, 0x1c, 0xe3, 0x60, 0xd7, 0xec, 0x38,
+ 0x70, 0xd0, 0x35, 0x64, 0x6e, 0x0e, 0x4f, 0xaf, 0x3f, 0x05, 0x57, 0x05,
+ 0xc3, 0xe9, 0x8d, 0xc3, 0x92, 0x14, 0xa1, 0xea, 0xab, 0xe3, 0x5f, 0x61,
+ 0x70, 0x9a, 0xd7, 0x43, 0x2f, 0xc2, 0x31, 0xd7, 0x8c, 0x65, 0x89, 0xea,
+ 0x8b, 0xdb, 0xa7, 0x9f, 0x9e, 0xba, 0xea, 0x48, 0x7d, 0x71, 0x10, 0x11,
+ 0x86, 0x9d, 0x55, 0x68, 0xd4, 0x31, 0xa0, 0x33, 0x06, 0x5f, 0x0f, 0x43,
+ 0xe5, 0x52, 0x46, 0x8d, 0xc1, 0x26, 0xb2, 0x08, 0xd6, 0xa5, 0x9f, 0x85,
+ 0x24, 0xb0, 0x4d, 0x7e, 0x2a, 0x7b, 0x4e, 0xcd, 0x54, 0xe5, 0x11, 0xf8,
+ 0x39, 0xf5, 0x13, 0x5c, 0xb4, 0xff, 0x07, 0x82, 0xaf, 0xdc, 0x05, 0x27,
+ 0x35, 0x5a, 0x48, 0xc9, 0xa0, 0x3b, 0xe5, 0x03, 0x33, 0x32, 0x9a, 0x60,
+ 0xe7, 0x0d, 0xce, 0x23, 0xb7, 0xbf, 0x6e, 0x9e, 0x14, 0x6f, 0xe0, 0x5f,
+ 0x36, 0x98, 0xdd, 0x1e, 0xde, 0x29, 0x51, 0x2c, 0x10, 0xc1, 0x4b, 0x07,
+ 0x98, 0x60, 0x51, 0x88, 0x75, 0x76, 0x4b, 0xcb, 0x19, 0x22, 0x0c, 0x4e,
+ 0xc5, 0x5f, 0xb0, 0x40, 0xb7, 0x6b, 0x5b, 0x45, 0xd7, 0x5d, 0xaa, 0x09,
+ 0xe2, 0xdc, 0x8f, 0x6c, 0x07, 0xa7, 0x75, 0x4f, 0x2c, 0x5d, 0xd8, 0xa4,
+ 0x2f, 0xdd, 0x8c, 0xc8, 0xa6, 0x3a, 0xaf, 0x5c, 0xf5, 0x2d, 0xbb, 0x4d,
+ 0x8c, 0xf4, 0xc7, 0x01, 0x9b, 0x95, 0x1b, 0x51, 0x3d, 0x44, 0x87, 0xa0,
+ 0x48, 0x79, 0xc0, 0x79, 0x23, 0x98, 0x86, 0xae, 0x20, 0xa1, 0x67, 0xf0,
+ 0x20, 0x03, 0x46, 0x8c, 0xc2, 0x96, 0xdf, 0x22, 0x70, 0xa8, 0xed, 0xef,
+ 0x8e, 0xa9, 0x09, 0x32, 0x9d, 0xe5, 0x95, 0x53, 0x36, 0x67, 0x69, 0xfe,
+ 0x11, 0x38, 0x74, 0xda, 0x9f, 0x7f, 0xba, 0x17, 0xd3, 0x31, 0x94, 0xd3,
+ 0xe3, 0x66, 0xb6, 0x84, 0x79, 0x01, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02,
+ 0x82, 0x01, 0x00, 0x55, 0xc5, 0x34, 0xe1, 0xb0, 0x45, 0xa8, 0xd0, 0xeb,
+ 0xec, 0x0a, 0x38, 0x79, 0x79, 0x82, 0xb8, 0x13, 0xc8, 0xc5, 0x3e, 0xe6,
+ 0xa2, 0x05, 0xd3, 0x4e, 0x91, 0xaf, 0xbc, 0x50, 0xb8, 0x57, 0x53, 0x2b,
+ 0x1c, 0x57, 0x96, 0x5c, 0xee, 0xf6, 0x81, 0x96, 0xa6, 0xe9, 0x55, 0xeb,
+ 0x7f, 0x9e, 0x41, 0xb2, 0xb8, 0xbd, 0xa1, 0xfa, 0x1f, 0xb9, 0x07, 0x15,
+ 0xfa, 0x1b, 0xaa, 0x59, 0x8e, 0x59, 0x0c, 0x82, 0xc2, 0x00, 0xd7, 0xac,
+ 0x01, 0xc8, 0x6f, 0x3a, 0x56, 0xc7, 0x93, 0x31, 0xde, 0x4b, 0x94, 0xbc,
+ 0x64, 0x34, 0x08, 0x0b, 0xaa, 0x7b, 0xdd, 0x63, 0x3c, 0xab, 0xe1, 0x3e,
+ 0x71, 0x15, 0xba, 0x46, 0x97, 0x17, 0x90, 0xa7, 0x93, 0x20, 0x4d, 0xf2,
+ 0x66, 0x99, 0xa0, 0xdb, 0xd4, 0x48, 0x0e, 0x30, 0x8f, 0x8a, 0xe9, 0xca,
+ 0x81, 0xec, 0xd2, 0xf5, 0xe2, 0x6d, 0x79, 0x94, 0x2a, 0x26, 0x47, 0x34,
+ 0xa4, 0x2a, 0xf6, 0x31, 0x78, 0x4e, 0xcc, 0xea, 0x1c, 0xf1, 0xa5, 0x64,
+ 0x29, 0x32, 0x0d, 0xab, 0xe0, 0x34, 0x5a, 0xec, 0xb7, 0x38, 0xca, 0x96,
+ 0x3b, 0x04, 0x42, 0xfc, 0xbc, 0xd0, 0x7b, 0x44, 0xc7, 0x10, 0xa4, 0xac,
+ 0x02, 0x12, 0x60, 0xbd, 0x2a, 0xf5, 0x1a, 0x1f, 0xa4, 0x21, 0xc5, 0x83,
+ 0x42, 0x25, 0xcb, 0x1a, 0x51, 0xe7, 0x38, 0xe7, 0xa8, 0x21, 0xeb, 0x33,
+ 0xf7, 0x0a, 0x78, 0x4d, 0xf9, 0x7c, 0x39, 0x79, 0xa3, 0x36, 0x45, 0x6b,
+ 0x68, 0x73, 0x39, 0x15, 0x4b, 0x01, 0x39, 0x45, 0xae, 0xb4, 0xd5, 0x18,
+ 0xce, 0xab, 0x7d, 0x0b, 0x94, 0xd2, 0x45, 0x0c, 0xec, 0x88, 0x43, 0x84,
+ 0x36, 0x3d, 0x5f, 0x4f, 0x23, 0x90, 0x86, 0x40, 0x2c, 0xd5, 0xdd, 0x93,
+ 0x3a, 0x08, 0x16, 0xb1, 0x92, 0x9d, 0x23, 0xe2, 0xc1, 0x56, 0xd8, 0x17,
+ 0x2b, 0x72, 0xd1, 0xa0, 0xa8, 0xfc, 0x21, 0x02, 0x81, 0x81, 0x00, 0xf0,
+ 0x7f, 0x17, 0x65, 0x8e, 0xd1, 0x5e, 0x30, 0x14, 0xa7, 0x93, 0x37, 0x11,
+ 0xde, 0xbe, 0x25, 0xc5, 0x5b, 0x40, 0x60, 0x94, 0x28, 0x9b, 0x88, 0x74,
+ 0x47, 0xe2, 0x04, 0x65, 0xc6, 0x30, 0xc3, 0x3c, 0xa1, 0xa6, 0x76, 0x3a,
+ 0xb2, 0x8e, 0x5f, 0xec, 0xb6, 0xe4, 0x06, 0x2c, 0x19, 0x24, 0x09, 0x5b,
+ 0xc5, 0xa7, 0xf4, 0x06, 0xdb, 0xa3, 0x2b, 0x35, 0xbc, 0x28, 0x91, 0xc4,
+ 0xff, 0x61, 0x72, 0x3f, 0xb3, 0x7e, 0x22, 0x4c, 0x52, 0xa7, 0xe3, 0x12,
+ 0x29, 0xc4, 0xdd, 0x7f, 0x8c, 0xa6, 0x76, 0x82, 0x82, 0x91, 0x6d, 0xd7,
+ 0xec, 0x2d, 0x2f, 0xaa, 0x6a, 0x44, 0x11, 0xdc, 0x5b, 0xa5, 0xb6, 0xfe,
+ 0x3d, 0x2c, 0x36, 0x06, 0x84, 0x8a, 0x82, 0xbd, 0x24, 0xe5, 0x0c, 0xd6,
+ 0x1a, 0x5f, 0x10, 0x1c, 0x92, 0x9c, 0xdb, 0xce, 0x8f, 0x9e, 0x2f, 0x3d,
+ 0x01, 0xd2, 0x75, 0x58, 0xdd, 0x0b, 0x4d, 0x02, 0x81, 0x81, 0x00, 0xcc,
+ 0xa5, 0xdd, 0x5f, 0x26, 0x99, 0x91, 0x3a, 0xab, 0x30, 0xf2, 0x01, 0x75,
+ 0xe2, 0x59, 0x75, 0x98, 0xc9, 0x32, 0x89, 0x29, 0x36, 0x77, 0x7d, 0x7a,
+ 0xa0, 0xee, 0x9d, 0xce, 0xe6, 0xe9, 0x47, 0xd0, 0x2b, 0x6b, 0x69, 0x81,
+ 0x1b, 0xd7, 0x19, 0x04, 0x51, 0xb0, 0x72, 0x9c, 0x87, 0x41, 0x7d, 0x94,
+ 0x01, 0x3f, 0x36, 0x10, 0x92, 0x9f, 0x2f, 0x7e, 0xf1, 0x49, 0x1f, 0x1b,
+ 0x40, 0x9c, 0xbe, 0xa4, 0x37, 0xe8, 0xa4, 0x9c, 0xc3, 0xfd, 0xb0, 0xe0,
+ 0x48, 0xb2, 0xd7, 0xc5, 0x41, 0xd1, 0x4e, 0xda, 0xee, 0x4c, 0xbf, 0x45,
+ 0xa9, 0xef, 0xe3, 0x1d, 0x9d, 0x99, 0xdf, 0xa3, 0xc3, 0x55, 0x25, 0x22,
+ 0xba, 0x32, 0xc4, 0xfe, 0xa0, 0x8f, 0x50, 0xfa, 0x05, 0x64, 0xa5, 0xd9,
+ 0x92, 0x2b, 0x27, 0xc9, 0x96, 0x23, 0xe3, 0xe3, 0xeb, 0xde, 0x47, 0xa7,
+ 0x3d, 0x33, 0x8d, 0xb6, 0x73, 0x02, 0x85, 0x02, 0x81, 0x80, 0x58, 0xe8,
+ 0x63, 0x19, 0xe4, 0x66, 0x7a, 0x4f, 0x84, 0x13, 0x3f, 0x55, 0x48, 0x81,
+ 0xf4, 0x01, 0xba, 0xa8, 0x35, 0x70, 0x7e, 0xd5, 0x54, 0x4a, 0x69, 0xd2,
+ 0x79, 0x37, 0xee, 0xf8, 0x09, 0xe6, 0xe3, 0x6f, 0x4f, 0x3e, 0xbe, 0x0c,
+ 0x6c, 0x9e, 0x01, 0xc0, 0xcb, 0x23, 0x8d, 0x01, 0xee, 0x54, 0x97, 0x5c,
+ 0xc6, 0xee, 0x6b, 0xea, 0x9e, 0xb3, 0xc6, 0xb5, 0xbc, 0xb9, 0xc6, 0xfe,
+ 0x32, 0x64, 0x2e, 0x30, 0x89, 0x1c, 0xdc, 0xe2, 0x61, 0xb6, 0x8c, 0x6c,
+ 0x6c, 0x9f, 0x06, 0x1c, 0x55, 0x1d, 0xd2, 0xb9, 0xba, 0x51, 0xc5, 0x55,
+ 0x46, 0x8f, 0x2c, 0x8d, 0x04, 0x85, 0x25, 0xd5, 0xab, 0xb9, 0xae, 0xdb,
+ 0xa6, 0x90, 0x82, 0x70, 0x55, 0x54, 0x67, 0xe0, 0x4f, 0xdd, 0x22, 0xf9,
+ 0xb4, 0xd3, 0x1b, 0xfd, 0x07, 0x88, 0x2b, 0x20, 0xe4, 0xf5, 0xc9, 0xb3,
+ 0xf6, 0xbd, 0xf3, 0x10, 0x24, 0xb1, 0x02, 0x81, 0x80, 0x7b, 0x67, 0x3d,
+ 0x51, 0x26, 0x36, 0x8e, 0x23, 0xa1, 0x9d, 0x57, 0x21, 0x58, 0x53, 0x90,
+ 0x7c, 0x60, 0x10, 0x5a, 0xff, 0xe8, 0xb1, 0x26, 0x66, 0xac, 0xee, 0xa4,
+ 0x54, 0xd6, 0xb1, 0xd9, 0x53, 0xeb, 0x8c, 0x73, 0x2d, 0xe0, 0xa3, 0xc8,
+ 0x16, 0x16, 0xcb, 0xa7, 0xa9, 0xc5, 0x07, 0xae, 0x8f, 0x2a, 0x13, 0x82,
+ 0x69, 0x78, 0x9e, 0xe1, 0x8c, 0xc3, 0x70, 0x7e, 0x16, 0x5a, 0xd9, 0xa0,
+ 0x6b, 0x39, 0x1d, 0x59, 0x95, 0x01, 0xcf, 0x11, 0x88, 0x7a, 0x06, 0x7c,
+ 0x89, 0xae, 0x32, 0x1d, 0x23, 0xfe, 0xd2, 0x99, 0xc6, 0xf1, 0x1c, 0x23,
+ 0x42, 0x81, 0xd6, 0x4a, 0x36, 0x58, 0x4a, 0xee, 0x6a, 0x01, 0x41, 0xe4,
+ 0x61, 0x73, 0xe5, 0x9f, 0xe6, 0x45, 0x8d, 0xc0, 0xfe, 0x5d, 0x6f, 0x4d,
+ 0xc4, 0xa5, 0x43, 0x7b, 0x0a, 0xed, 0xa2, 0x8a, 0x9c, 0x0c, 0x95, 0xd4,
+ 0x23, 0x8d, 0x34, 0x56, 0xfd, 0x02, 0x81, 0x81, 0x00, 0xe2, 0x05, 0xb1,
+ 0xe7, 0x6b, 0xf1, 0xa9, 0xa5, 0xe1, 0x48, 0xb5, 0xe0, 0x76, 0x95, 0xa0,
+ 0x7e, 0xb0, 0xa6, 0x32, 0x2d, 0x16, 0x07, 0xe9, 0x30, 0x90, 0xf4, 0xfe,
+ 0x54, 0x98, 0x7c, 0xdc, 0xf5, 0x67, 0x87, 0xa1, 0x1c, 0x18, 0x49, 0x06,
+ 0x4a, 0xaf, 0xbb, 0xbb, 0xb1, 0x0b, 0xcc, 0x3d, 0x89, 0x2a, 0x70, 0x18,
+ 0x39, 0x92, 0x6f, 0xc4, 0xcb, 0x76, 0xe6, 0x1e, 0xd5, 0x72, 0xc1, 0x98,
+ 0x75, 0x5c, 0xdb, 0x15, 0x01, 0x1f, 0xb7, 0xcd, 0xc2, 0x88, 0xc5, 0x2c,
+ 0x5d, 0x1d, 0x76, 0x1c, 0xd5, 0xcd, 0xb5, 0xa0, 0x18, 0xd7, 0x0d, 0x53,
+ 0x43, 0xb7, 0x31, 0x51, 0x30, 0x27, 0xf5, 0x60, 0x8c, 0x8e, 0x17, 0x44,
+ 0xac, 0xeb, 0xac, 0xde, 0x39, 0x28, 0x78, 0x02, 0x95, 0xeb, 0x2f, 0xaa,
+ 0xd8, 0x26, 0x76, 0xbd, 0xeb, 0x0e, 0x3f, 0x99, 0xe6, 0xb6, 0xf5, 0xcf,
+ 0xd3, 0xe2, 0xf4, 0xa2, 0xab
+};
+
+// Retrieve a JNI local ref for our test RSA key.
+ScopedJavaLocalRef<jobject> GetRSATestKey() {
+ return GetPKCS8PrivateKey(CLIENT_CERT_RSA_SIGN,
+ test_rsa_key_pkcs8,
+ sizeof(test_rsa_key_pkcs8));
+}
+
+// Retrieve the OpenSSL object for our test RSA key.
+EVP_PKEY* GetRSATestKeyOpenSSL() {
+ return GetOpenSSLPKCS8PrivateKey(EVP_PKEY_RSA,
+ test_rsa_key_pkcs8,
+ sizeof(test_rsa_key_pkcs8));
+}
+
+// A simple 2048-bits DSA test key.
+//
+// openssl dsaparam -out dsaparam.pem 2048
+// openssl gendsa -out key.pem dsaparam.pem
+// openssl pkcs8 -topk8 -inform PEM -outform DER -in key.pem key.pkcs8
+// -out key.pkcs8 -nocrypt
+// xxd -i key.pkcs8
+const unsigned char test_dsa_key_pkcs8[] = {
+ 0x30, 0x82, 0x02, 0x64, 0x02, 0x01, 0x00, 0x30, 0x82, 0x02, 0x39, 0x06,
+ 0x07, 0x2a, 0x86, 0x48, 0xce, 0x38, 0x04, 0x01, 0x30, 0x82, 0x02, 0x2c,
+ 0x02, 0x82, 0x01, 0x01, 0x00, 0xef, 0xea, 0xa5, 0x9b, 0xd7, 0x39, 0xd4,
+ 0x47, 0x6e, 0x69, 0xd5, 0xb2, 0x6c, 0xce, 0xa4, 0xdd, 0x87, 0xd9, 0xc5,
+ 0x6a, 0x6f, 0x9c, 0x00, 0x68, 0x6d, 0xa3, 0x7a, 0x5c, 0x6b, 0x88, 0xcb,
+ 0x88, 0xc1, 0x2b, 0x3c, 0x2d, 0x2d, 0x37, 0xaf, 0x10, 0x3f, 0xba, 0x62,
+ 0xf2, 0x4f, 0x85, 0xc2, 0xb9, 0xe4, 0xaf, 0xbe, 0x3c, 0x7c, 0xcd, 0x44,
+ 0xdf, 0x92, 0xa7, 0x73, 0xd7, 0x9d, 0xed, 0x06, 0x1c, 0x42, 0x98, 0xab,
+ 0xc6, 0x0a, 0x4b, 0x05, 0x50, 0x44, 0xd1, 0xec, 0xbb, 0xd3, 0x0b, 0x26,
+ 0x45, 0xce, 0xf0, 0x71, 0xda, 0xd6, 0xe6, 0x83, 0xa3, 0x7a, 0x8d, 0x76,
+ 0xf5, 0x21, 0xe4, 0x5e, 0x0f, 0x32, 0x44, 0x31, 0xc5, 0x2c, 0x50, 0x88,
+ 0xe5, 0x2c, 0xec, 0x94, 0x85, 0xa3, 0xdc, 0x69, 0x2a, 0xcd, 0xa1, 0x14,
+ 0xea, 0x9e, 0xac, 0x11, 0xd5, 0xda, 0x2c, 0x47, 0x34, 0xdf, 0xd6, 0x0f,
+ 0x30, 0xd5, 0xa6, 0x2f, 0xc0, 0x82, 0x31, 0x38, 0xa8, 0x16, 0x68, 0x3d,
+ 0x22, 0x11, 0x11, 0x2c, 0x03, 0x3c, 0x4e, 0x01, 0x0a, 0x8a, 0x37, 0x1c,
+ 0x91, 0x2f, 0x11, 0x2a, 0x1c, 0x9e, 0xec, 0x25, 0x4b, 0xb7, 0xa5, 0xb5,
+ 0x14, 0x4e, 0xcb, 0xa6, 0xfc, 0x10, 0xa0, 0x6c, 0x00, 0x0e, 0x2d, 0x8e,
+ 0xe6, 0x69, 0x8d, 0x4e, 0x8e, 0x04, 0x84, 0xbc, 0x83, 0x83, 0xd4, 0x46,
+ 0x07, 0x6c, 0x04, 0x96, 0x04, 0xc0, 0x72, 0xfc, 0xee, 0xaf, 0xbe, 0x6c,
+ 0x73, 0x34, 0xd4, 0x57, 0xcf, 0xc6, 0xed, 0x01, 0xd1, 0x9f, 0xe7, 0x69,
+ 0x7f, 0x92, 0x80, 0xf3, 0xdf, 0x96, 0xda, 0x78, 0x2c, 0x16, 0xb9, 0x4c,
+ 0x62, 0x79, 0x37, 0x1d, 0x97, 0xb4, 0xaa, 0x77, 0xa6, 0x56, 0x6f, 0xb1,
+ 0x36, 0xab, 0xb1, 0xd4, 0x56, 0x16, 0xc6, 0x86, 0x51, 0xe0, 0xe4, 0x22,
+ 0x9b, 0xae, 0x99, 0xbd, 0x60, 0x0d, 0xbd, 0x9e, 0x13, 0x02, 0x21, 0x00,
+ 0x89, 0xe8, 0x1a, 0xac, 0xbf, 0x62, 0xc5, 0x57, 0x24, 0x90, 0x83, 0xfc,
+ 0x2f, 0xf1, 0x57, 0x2e, 0x16, 0xa5, 0x99, 0xea, 0x13, 0xc7, 0xb4, 0xe5,
+ 0xc0, 0xf2, 0x3a, 0x38, 0x07, 0x88, 0xcc, 0x8f, 0x02, 0x82, 0x01, 0x00,
+ 0x3c, 0x97, 0xd5, 0x97, 0xd9, 0xa5, 0xf9, 0xac, 0xa6, 0x8d, 0xf0, 0xf4,
+ 0xd3, 0x41, 0x3a, 0x37, 0x67, 0x9d, 0xf8, 0x97, 0xa6, 0x2f, 0xe8, 0x44,
+ 0xa3, 0x9e, 0x9c, 0xca, 0xed, 0x56, 0x2c, 0x25, 0x6e, 0x7f, 0xbb, 0x7a,
+ 0x30, 0x52, 0x5e, 0x8b, 0xb2, 0x10, 0x22, 0xd6, 0x29, 0x88, 0xc8, 0x3b,
+ 0x27, 0xa6, 0xfb, 0x30, 0xdf, 0xa9, 0xd8, 0x02, 0x4e, 0x51, 0xcb, 0xfd,
+ 0x38, 0x97, 0x6d, 0x1c, 0x96, 0x4e, 0x4e, 0xd2, 0x0b, 0xba, 0x6b, 0x86,
+ 0xfb, 0x58, 0xb9, 0xd0, 0xdd, 0xb7, 0x44, 0xc1, 0x5a, 0xec, 0xd9, 0x8f,
+ 0x77, 0x0b, 0xc9, 0xe4, 0xef, 0xed, 0xd6, 0x62, 0x75, 0xc8, 0x99, 0xfd,
+ 0x09, 0x20, 0xac, 0x2c, 0xc1, 0xfc, 0xd3, 0x54, 0x13, 0x99, 0x27, 0x6e,
+ 0x6c, 0x6d, 0x0c, 0x28, 0x25, 0xe2, 0xa1, 0x4e, 0x6c, 0x47, 0x19, 0x22,
+ 0xcf, 0x2a, 0xf9, 0x6b, 0x99, 0x03, 0x88, 0xb5, 0x7f, 0x15, 0x6e, 0x0f,
+ 0xe3, 0x86, 0x0a, 0x02, 0x85, 0x29, 0x09, 0xcc, 0xcb, 0xa3, 0xd7, 0x95,
+ 0x9b, 0xeb, 0x80, 0x5d, 0x4c, 0x19, 0xa8, 0x3b, 0x2e, 0x3f, 0x0a, 0x04,
+ 0x27, 0x5b, 0x04, 0x5c, 0xa1, 0x75, 0xcb, 0x54, 0xcf, 0x3c, 0x0d, 0x42,
+ 0x19, 0x62, 0x33, 0x08, 0x70, 0x7b, 0x78, 0x11, 0xcf, 0x6d, 0xb5, 0x8d,
+ 0x77, 0x2b, 0xac, 0xbe, 0xde, 0x9e, 0x4a, 0x0b, 0x36, 0xa0, 0x4a, 0x34,
+ 0x2c, 0x95, 0x92, 0x49, 0x10, 0x82, 0x4b, 0x9f, 0xe0, 0xf8, 0xb5, 0xd9,
+ 0x32, 0x61, 0x47, 0x0f, 0xc4, 0x87, 0xc3, 0x06, 0x33, 0x9f, 0x6b, 0x28,
+ 0xee, 0xac, 0x24, 0xbc, 0xfe, 0xba, 0xa3, 0xeb, 0x20, 0x7f, 0x67, 0x42,
+ 0x73, 0xb3, 0xe5, 0xf9, 0xc3, 0x2f, 0x6e, 0xef, 0xb3, 0xc5, 0x52, 0x1a,
+ 0xfb, 0x96, 0x70, 0x96, 0x47, 0x54, 0x31, 0xd4, 0x25, 0xbd, 0x29, 0x7b,
+ 0x19, 0xa5, 0xdc, 0xb9, 0x04, 0x22, 0x02, 0x20, 0x03, 0x82, 0xb9, 0xc8,
+ 0x3e, 0xee, 0x73, 0x81, 0x4e, 0x7c, 0xfa, 0x3d, 0xad, 0x10, 0xc4, 0x3a,
+ 0xfc, 0x76, 0x7a, 0x1f, 0x8c, 0xf3, 0x6d, 0x40, 0xda, 0x2d, 0x1b, 0x41,
+ 0x95, 0xcb, 0x74, 0x1d
+};
+
+// Retrieve a JNI local ref for our test DSA key.
+ScopedJavaLocalRef<jobject> GetDSATestKey() {
+ return GetPKCS8PrivateKey(CLIENT_CERT_DSS_SIGN,
+ test_dsa_key_pkcs8,
+ sizeof(test_dsa_key_pkcs8));
+}
+
+// Retrieve the OpenSSL object for our test DSA key.
+EVP_PKEY* GetDSATestKeyOpenSSL() {
+ return GetOpenSSLPKCS8PrivateKey(EVP_PKEY_DSA,
+ test_dsa_key_pkcs8,
+ sizeof(test_dsa_key_pkcs8));
+}
+
+// The DSA public key generated from the previous DSA private one, with:
+// openssl dsa -in key.pem -outform DER -out key_public.der
+// xxd -i key_public.der
+const unsigned char test_dsa_public_der[] = {
+ 0x30, 0x82, 0x03, 0x46, 0x30, 0x82, 0x02, 0x39, 0x06, 0x07, 0x2a, 0x86,
+ 0x48, 0xce, 0x38, 0x04, 0x01, 0x30, 0x82, 0x02, 0x2c, 0x02, 0x82, 0x01,
+ 0x01, 0x00, 0xef, 0xea, 0xa5, 0x9b, 0xd7, 0x39, 0xd4, 0x47, 0x6e, 0x69,
+ 0xd5, 0xb2, 0x6c, 0xce, 0xa4, 0xdd, 0x87, 0xd9, 0xc5, 0x6a, 0x6f, 0x9c,
+ 0x00, 0x68, 0x6d, 0xa3, 0x7a, 0x5c, 0x6b, 0x88, 0xcb, 0x88, 0xc1, 0x2b,
+ 0x3c, 0x2d, 0x2d, 0x37, 0xaf, 0x10, 0x3f, 0xba, 0x62, 0xf2, 0x4f, 0x85,
+ 0xc2, 0xb9, 0xe4, 0xaf, 0xbe, 0x3c, 0x7c, 0xcd, 0x44, 0xdf, 0x92, 0xa7,
+ 0x73, 0xd7, 0x9d, 0xed, 0x06, 0x1c, 0x42, 0x98, 0xab, 0xc6, 0x0a, 0x4b,
+ 0x05, 0x50, 0x44, 0xd1, 0xec, 0xbb, 0xd3, 0x0b, 0x26, 0x45, 0xce, 0xf0,
+ 0x71, 0xda, 0xd6, 0xe6, 0x83, 0xa3, 0x7a, 0x8d, 0x76, 0xf5, 0x21, 0xe4,
+ 0x5e, 0x0f, 0x32, 0x44, 0x31, 0xc5, 0x2c, 0x50, 0x88, 0xe5, 0x2c, 0xec,
+ 0x94, 0x85, 0xa3, 0xdc, 0x69, 0x2a, 0xcd, 0xa1, 0x14, 0xea, 0x9e, 0xac,
+ 0x11, 0xd5, 0xda, 0x2c, 0x47, 0x34, 0xdf, 0xd6, 0x0f, 0x30, 0xd5, 0xa6,
+ 0x2f, 0xc0, 0x82, 0x31, 0x38, 0xa8, 0x16, 0x68, 0x3d, 0x22, 0x11, 0x11,
+ 0x2c, 0x03, 0x3c, 0x4e, 0x01, 0x0a, 0x8a, 0x37, 0x1c, 0x91, 0x2f, 0x11,
+ 0x2a, 0x1c, 0x9e, 0xec, 0x25, 0x4b, 0xb7, 0xa5, 0xb5, 0x14, 0x4e, 0xcb,
+ 0xa6, 0xfc, 0x10, 0xa0, 0x6c, 0x00, 0x0e, 0x2d, 0x8e, 0xe6, 0x69, 0x8d,
+ 0x4e, 0x8e, 0x04, 0x84, 0xbc, 0x83, 0x83, 0xd4, 0x46, 0x07, 0x6c, 0x04,
+ 0x96, 0x04, 0xc0, 0x72, 0xfc, 0xee, 0xaf, 0xbe, 0x6c, 0x73, 0x34, 0xd4,
+ 0x57, 0xcf, 0xc6, 0xed, 0x01, 0xd1, 0x9f, 0xe7, 0x69, 0x7f, 0x92, 0x80,
+ 0xf3, 0xdf, 0x96, 0xda, 0x78, 0x2c, 0x16, 0xb9, 0x4c, 0x62, 0x79, 0x37,
+ 0x1d, 0x97, 0xb4, 0xaa, 0x77, 0xa6, 0x56, 0x6f, 0xb1, 0x36, 0xab, 0xb1,
+ 0xd4, 0x56, 0x16, 0xc6, 0x86, 0x51, 0xe0, 0xe4, 0x22, 0x9b, 0xae, 0x99,
+ 0xbd, 0x60, 0x0d, 0xbd, 0x9e, 0x13, 0x02, 0x21, 0x00, 0x89, 0xe8, 0x1a,
+ 0xac, 0xbf, 0x62, 0xc5, 0x57, 0x24, 0x90, 0x83, 0xfc, 0x2f, 0xf1, 0x57,
+ 0x2e, 0x16, 0xa5, 0x99, 0xea, 0x13, 0xc7, 0xb4, 0xe5, 0xc0, 0xf2, 0x3a,
+ 0x38, 0x07, 0x88, 0xcc, 0x8f, 0x02, 0x82, 0x01, 0x00, 0x3c, 0x97, 0xd5,
+ 0x97, 0xd9, 0xa5, 0xf9, 0xac, 0xa6, 0x8d, 0xf0, 0xf4, 0xd3, 0x41, 0x3a,
+ 0x37, 0x67, 0x9d, 0xf8, 0x97, 0xa6, 0x2f, 0xe8, 0x44, 0xa3, 0x9e, 0x9c,
+ 0xca, 0xed, 0x56, 0x2c, 0x25, 0x6e, 0x7f, 0xbb, 0x7a, 0x30, 0x52, 0x5e,
+ 0x8b, 0xb2, 0x10, 0x22, 0xd6, 0x29, 0x88, 0xc8, 0x3b, 0x27, 0xa6, 0xfb,
+ 0x30, 0xdf, 0xa9, 0xd8, 0x02, 0x4e, 0x51, 0xcb, 0xfd, 0x38, 0x97, 0x6d,
+ 0x1c, 0x96, 0x4e, 0x4e, 0xd2, 0x0b, 0xba, 0x6b, 0x86, 0xfb, 0x58, 0xb9,
+ 0xd0, 0xdd, 0xb7, 0x44, 0xc1, 0x5a, 0xec, 0xd9, 0x8f, 0x77, 0x0b, 0xc9,
+ 0xe4, 0xef, 0xed, 0xd6, 0x62, 0x75, 0xc8, 0x99, 0xfd, 0x09, 0x20, 0xac,
+ 0x2c, 0xc1, 0xfc, 0xd3, 0x54, 0x13, 0x99, 0x27, 0x6e, 0x6c, 0x6d, 0x0c,
+ 0x28, 0x25, 0xe2, 0xa1, 0x4e, 0x6c, 0x47, 0x19, 0x22, 0xcf, 0x2a, 0xf9,
+ 0x6b, 0x99, 0x03, 0x88, 0xb5, 0x7f, 0x15, 0x6e, 0x0f, 0xe3, 0x86, 0x0a,
+ 0x02, 0x85, 0x29, 0x09, 0xcc, 0xcb, 0xa3, 0xd7, 0x95, 0x9b, 0xeb, 0x80,
+ 0x5d, 0x4c, 0x19, 0xa8, 0x3b, 0x2e, 0x3f, 0x0a, 0x04, 0x27, 0x5b, 0x04,
+ 0x5c, 0xa1, 0x75, 0xcb, 0x54, 0xcf, 0x3c, 0x0d, 0x42, 0x19, 0x62, 0x33,
+ 0x08, 0x70, 0x7b, 0x78, 0x11, 0xcf, 0x6d, 0xb5, 0x8d, 0x77, 0x2b, 0xac,
+ 0xbe, 0xde, 0x9e, 0x4a, 0x0b, 0x36, 0xa0, 0x4a, 0x34, 0x2c, 0x95, 0x92,
+ 0x49, 0x10, 0x82, 0x4b, 0x9f, 0xe0, 0xf8, 0xb5, 0xd9, 0x32, 0x61, 0x47,
+ 0x0f, 0xc4, 0x87, 0xc3, 0x06, 0x33, 0x9f, 0x6b, 0x28, 0xee, 0xac, 0x24,
+ 0xbc, 0xfe, 0xba, 0xa3, 0xeb, 0x20, 0x7f, 0x67, 0x42, 0x73, 0xb3, 0xe5,
+ 0xf9, 0xc3, 0x2f, 0x6e, 0xef, 0xb3, 0xc5, 0x52, 0x1a, 0xfb, 0x96, 0x70,
+ 0x96, 0x47, 0x54, 0x31, 0xd4, 0x25, 0xbd, 0x29, 0x7b, 0x19, 0xa5, 0xdc,
+ 0xb9, 0x03, 0x82, 0x01, 0x05, 0x00, 0x02, 0x82, 0x01, 0x00, 0x7e, 0x8c,
+ 0x72, 0x95, 0xc6, 0x27, 0xef, 0x1a, 0xd1, 0x5c, 0xfd, 0xe1, 0xc7, 0xdf,
+ 0x92, 0xdd, 0xaf, 0x59, 0x1b, 0x9a, 0xec, 0x9f, 0x87, 0x09, 0xe8, 0x9f,
+ 0x4e, 0x89, 0x42, 0xcc, 0x40, 0x80, 0x1d, 0x73, 0x4b, 0x05, 0xfe, 0x68,
+ 0x41, 0xdb, 0xda, 0x7a, 0x37, 0xd1, 0xdc, 0x99, 0xc1, 0xdb, 0x95, 0x63,
+ 0x37, 0x3d, 0xef, 0x7a, 0x21, 0x20, 0x06, 0x69, 0xa2, 0xfa, 0x36, 0xf5,
+ 0xbd, 0xee, 0x3f, 0x13, 0xc1, 0x49, 0xb8, 0xbb, 0x85, 0x3e, 0x80, 0x63,
+ 0xe3, 0xf1, 0xba, 0x5f, 0xad, 0x9a, 0xf6, 0x22, 0xb0, 0xd2, 0x4c, 0x7e,
+ 0xc0, 0x8a, 0x81, 0x8f, 0xa5, 0x71, 0x03, 0xde, 0xf4, 0x73, 0x7e, 0xf9,
+ 0x05, 0x91, 0x36, 0x5f, 0x3c, 0x79, 0x7f, 0x3f, 0xeb, 0xb9, 0x36, 0xca,
+ 0xb8, 0x40, 0x9b, 0x1d, 0xce, 0xce, 0x04, 0x89, 0xc8, 0xc4, 0xa0, 0xc9,
+ 0x63, 0x42, 0x81, 0xdc, 0x80, 0xe1, 0xa5, 0x58, 0xd4, 0x10, 0xd4, 0x2c,
+ 0x6c, 0xae, 0xdd, 0xb8, 0x17, 0xdc, 0xcb, 0x7f, 0x62, 0x4f, 0x51, 0xcf,
+ 0x0a, 0x10, 0x44, 0x0b, 0xe9, 0xf4, 0x5d, 0x3d, 0x78, 0xd0, 0xe3, 0xf9,
+ 0xc5, 0x0f, 0xde, 0x09, 0x72, 0xa1, 0xaf, 0xaf, 0xd7, 0x30, 0x57, 0xca,
+ 0xb7, 0xb1, 0xa6, 0x8a, 0x04, 0x71, 0x63, 0x30, 0xf8, 0xa9, 0x44, 0x2f,
+ 0x8f, 0xc4, 0x37, 0x0c, 0xc9, 0x9d, 0x72, 0x12, 0x7c, 0x7b, 0xd9, 0x2a,
+ 0x52, 0x34, 0x47, 0xf1, 0x98, 0xc4, 0xbc, 0xa7, 0x74, 0x1c, 0x0a, 0xd3,
+ 0x6d, 0x7f, 0x8c, 0xce, 0x28, 0x78, 0x59, 0xc9, 0x50, 0x38, 0xc6, 0xf7,
+ 0x4c, 0x74, 0x83, 0x04, 0x60, 0x34, 0x64, 0x4f, 0xc1, 0x99, 0x8e, 0x6a,
+ 0x7e, 0x30, 0x59, 0x3b, 0xd5, 0x65, 0xb3, 0x56, 0x68, 0x7d, 0xa4, 0xec,
+ 0xf0, 0x3c, 0xb2, 0x5a, 0x09, 0xf3, 0xc7, 0xeb, 0x8d, 0x09, 0xab, 0x1d,
+ 0x6f, 0x5c
+};
+
+// Call this function to verify that one message signed with our
+// test DSA private key is correct. Since DSA signing introduces
+// random elements in the signature, it is not possible to compare
+// signature bits directly. However, one can use the public key
+// to do the check.
+void VerifyTestDSASignature(const base::StringPiece& message,
+ const base::StringPiece& signature) {
+ const unsigned char* p = test_dsa_public_der;
+ long length = static_cast<long>(sizeof(test_dsa_public_der));
+ DSA* pub_key = d2i_DSA_PUBKEY(NULL, &p, length);
+ ASSERT_TRUE(pub_key != NULL);
+
+ const unsigned char* digest =
+ reinterpret_cast<const unsigned char*>(message.data());
+ int digest_len = static_cast<int>(message.size());
+ const unsigned char* sigbuf =
+ reinterpret_cast<const unsigned char*>(signature.data());
+ int siglen = static_cast<int>(signature.size());
+
+ ASSERT_EQ(1, DSA_verify(0, digest, digest_len, sigbuf, siglen, pub_key));
+ DSA_free(pub_key);
+}
+
+// A simple ECDSA test key.
+//
+// openssl ecparam -genkey -name prime256v1 -out key.pem
+// openssl pkcs8 -topk8 -inform PEM -outform DER -in key.pem
+// -out key.pkcs8 -nocrypt
+// xxd -i key.pkcs8
+const unsigned char test_ecdsa_key_pkcs8[] = {
+ 0x30, 0x81, 0x87, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86,
+ 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
+ 0x03, 0x01, 0x07, 0x04, 0x6d, 0x30, 0x6b, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0xd8, 0x57, 0x0f, 0xee, 0x4c, 0x93, 0xbe, 0x42, 0x2e, 0x2b, 0x2e, 0xf2,
+ 0x7d, 0x56, 0xd9, 0x7b, 0x41, 0xc2, 0xc5, 0xd8, 0xbc, 0x77, 0x90, 0x0c,
+ 0x38, 0xf4, 0xc2, 0x01, 0xc3, 0xd1, 0x6c, 0x24, 0xa1, 0x44, 0x03, 0x42,
+ 0x00, 0x04, 0x97, 0x7a, 0x0e, 0x39, 0x93, 0xc7, 0x21, 0xc9, 0x3f, 0x68,
+ 0xf5, 0x77, 0x56, 0xc5, 0xbb, 0xb2, 0x28, 0x64, 0x73, 0x90, 0x73, 0xbd,
+ 0xaa, 0x4d, 0x98, 0x27, 0x47, 0xa1, 0x30, 0x55, 0x2e, 0x36, 0x91, 0x4e,
+ 0x25, 0xea, 0x83, 0x13, 0x97, 0xc8, 0x0a, 0xc8, 0xcf, 0xaa, 0xb4, 0x55,
+ 0x34, 0x6b, 0x11, 0x4b, 0xbd, 0x7e, 0x94, 0xe4, 0x77, 0x98, 0xa8, 0x10,
+ 0x7b, 0x63, 0x21, 0x7f, 0xa9, 0xcf
+};
+
+// Retrieve a JNI local ref for our test ECDSA key.
+ScopedJavaLocalRef<jobject> GetECDSATestKey() {
+ return GetPKCS8PrivateKey(CLIENT_CERT_ECDSA_SIGN,
+ test_ecdsa_key_pkcs8,
+ sizeof(test_ecdsa_key_pkcs8));
+}
+
+// Retrieve the OpenSSL object for our test ECDSA key.
+EVP_PKEY* GetECDSATestKeyOpenSSL() {
+ return GetOpenSSLPKCS8PrivateKey(EVP_PKEY_EC,
+ test_ecdsa_key_pkcs8,
+ sizeof(test_ecdsa_key_pkcs8));
+}
+
+// The DSA public key generated from the previous ECDSA private one, with:
+// openssl ec -in key.pem -outform DER -out key_public.der -pubout
+// xxd -i key_public.der
+const unsigned char test_ecdsa_public_der[] = {
+ 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
+ 0x42, 0x00, 0x04, 0x97, 0x7a, 0x0e, 0x39, 0x93, 0xc7, 0x21, 0xc9, 0x3f,
+ 0x68, 0xf5, 0x77, 0x56, 0xc5, 0xbb, 0xb2, 0x28, 0x64, 0x73, 0x90, 0x73,
+ 0xbd, 0xaa, 0x4d, 0x98, 0x27, 0x47, 0xa1, 0x30, 0x55, 0x2e, 0x36, 0x91,
+ 0x4e, 0x25, 0xea, 0x83, 0x13, 0x97, 0xc8, 0x0a, 0xc8, 0xcf, 0xaa, 0xb4,
+ 0x55, 0x34, 0x6b, 0x11, 0x4b, 0xbd, 0x7e, 0x94, 0xe4, 0x77, 0x98, 0xa8,
+ 0x10, 0x7b, 0x63, 0x21, 0x7f, 0xa9, 0xcf
+};
+
+// Call this function to verify that one message signed with our
+// test DSA private key is correct. Since DSA signing introduces
+// random elements in the signature, it is not possible to compare
+// signature bits directly. However, one can use the public key
+// to do the check.
+void VerifyTestECDSASignature(const base::StringPiece& message,
+ const base::StringPiece& signature) {
+ const unsigned char* p = test_ecdsa_public_der;
+ long length = static_cast<long>(sizeof(test_ecdsa_public_der));
+ EC_KEY* pub_key = d2i_EC_PUBKEY(NULL, &p, length);
+ ASSERT_TRUE(pub_key != NULL);
+
+ const unsigned char* digest =
+ reinterpret_cast<const unsigned char*>(message.data());
+ int digest_len = static_cast<int>(message.size());
+ const unsigned char* sigbuf =
+ reinterpret_cast<const unsigned char*>(signature.data());
+ int siglen = static_cast<int>(signature.size());
+
+ ASSERT_EQ(
+ 1, ECDSA_verify(0, digest, digest_len, sigbuf, siglen, pub_key));
+ EC_KEY_free(pub_key);
+}
+
+// Sign a message with OpenSSL, return the result as a string.
+// |message| is the message to be signed.
+// |openssl_key| is an OpenSSL EVP_PKEY to use.
+// |result| receives the result.
+void SignWithOpenSSL(const base::StringPiece& message,
+ EVP_PKEY* openssl_key,
+ std::string* result) {
+ const unsigned char* digest =
+ reinterpret_cast<const unsigned char*>(message.data());
+ unsigned int digest_len = static_cast<unsigned int>(message.size());
+ // Calling size functions like "RSA_size()" doesn't work at all
+ // with custom RSA_METHOD implementations. That's probably a bug
+ // in OpenSSL, so instead just use a very large buffer.
+ // Note that the code in ssl/s3_clnt.c does something similar.
+ unsigned char openssl_signature[8192];
+ unsigned int openssl_signature_len = 0;
+ int key_type = EVP_PKEY_id(openssl_key);
+ switch (key_type) {
+ case EVP_PKEY_RSA:
+ {
+ RSA* rsa = EVP_PKEY_get1_RSA(openssl_key);
+ ASSERT_TRUE(rsa != NULL);
+ int ret = RSA_sign(NID_md5_sha1,
+ digest,
+ digest_len,
+ openssl_signature,
+ &openssl_signature_len,
+ rsa);
+ ASSERT_EQ(1, ret) << GetOpenSSLErrorString();
+ RSA_free(rsa);
+ }
+ break;
+ case EVP_PKEY_DSA:
+ {
+ DSA* dsa = EVP_PKEY_get1_DSA(openssl_key);
+ ASSERT_TRUE(dsa != NULL);
+ int ret = DSA_sign(0, // ignored by the function
+ digest,
+ digest_len,
+ openssl_signature,
+ &openssl_signature_len,
+ dsa);
+ ASSERT_EQ(1, ret) << GetOpenSSLErrorString();
+ DSA_free(dsa);
+ }
+ break;
+ case EVP_PKEY_EC:
+ {
+ EC_KEY* ecdsa = EVP_PKEY_get1_EC_KEY(openssl_key);
+ ASSERT_TRUE(ecdsa != NULL);
+ LOG(INFO) << "Calling ECDSA_sign";
+ int ret = ECDSA_sign(0, // ignored by the function
+ digest,
+ digest_len,
+ openssl_signature,
+ &openssl_signature_len,
+ ecdsa);
+ ASSERT_EQ(1, ret) << GetOpenSSLErrorString();
+ EC_KEY_free(ecdsa);
+ }
+ break;
+ default:
+ LOG(WARNING) << "Invalid OpenSSL key type: " + key_type;
+ return;
+ }
+ result->assign(reinterpret_cast<const char*>(openssl_signature),
+ static_cast<size_t>(openssl_signature_len));
+}
+
+// Check that a generated signature for a given message matches
+// OpenSSL output byte-by-byte.
+// |message| is the input message.
+// |signature| is the generated signature for the message.
+// |openssl_key| is a raw EVP_PKEY for the same private key than the
+// one which was used to generate the signature.
+void CompareSignatureWithOpenSSL(const base::StringPiece& message,
+ const base::StringPiece& signature,
+ EVP_PKEY* openssl_key) {
+ std::string openssl_signature;
+ SignWithOpenSSL(message, openssl_key, &openssl_signature);
+
+ ASSERT_EQ(signature.size(), openssl_signature.size());
+ for (size_t n = 0; n < signature.size(); ++n)
+ ASSERT_EQ(openssl_signature[n], signature[n]);
+
+ // All good, just exit.
+}
+
+// Sign a message with our platform API.
+//
+// |android_key| is a JNI reference to the platform PrivateKey object.
+// |openssl_key| is a pointer to an OpenSSL key object for the exact
+// same key content.
+// |message| is a message.
+// |result| will receive the result.
+void DoKeySigning(jobject android_key,
+ EVP_PKEY* openssl_key,
+ const base::StringPiece& message,
+ std::string* result) {
+ // First, get the platform signature.
+ std::vector<uint8> android_signature;
+ ASSERT_TRUE(
+ SignWithPrivateKey(android_key,
+ message,
+ &android_signature));
+
+ result->assign(
+ reinterpret_cast<const char*>(&android_signature[0]),
+ android_signature.size());
+}
+
+// Sign a message with our OpenSSL EVP_PKEY wrapper around platform
+// APIS.
+//
+// |android_key| is a JNI reference to the platform PrivateKey object.
+// |openssl_key| is a pointer to an OpenSSL key object for the exact
+// same key content.
+// |message| is a message.
+// |result| will receive the result.
+void DoKeySigningWithWrapper(EVP_PKEY* wrapper_key,
+ EVP_PKEY* openssl_key,
+ const base::StringPiece& message,
+ std::string* result) {
+ // First, get the signature platform signature.
ppi 2013/01/29 17:57:10 nit: double "signature".
+ std::string wrapper_signature;
+ SignWithOpenSSL(message, wrapper_key, &wrapper_signature);
+ ASSERT_NE(0U, wrapper_signature.size());
+
+ result->assign(
+ reinterpret_cast<const char*>(&wrapper_signature[0]),
+ wrapper_signature.size());
+}
+
+} // namespace
+
+TEST(AndroidKeyStore,GetPrivateKeySigningTypeRSA) {
+ crypto::OpenSSLErrStackTracer err_trace(FROM_HERE);
+
+ ScopedJavaLocalRef<jobject> rsa_key = GetRSATestKey();
+ ASSERT_FALSE(rsa_key.is_null());
+ EXPECT_EQ(CLIENT_CERT_RSA_SIGN,
+ GetPrivateKeySigningType(rsa_key.obj()));
+}
+
+TEST(AndroidKeyStore,SignWithPrivateKeyRSA) {
+
+ ScopedJavaLocalRef<jobject> rsa_key = GetRSATestKey();
+ ASSERT_FALSE(rsa_key.is_null());
+
+ if (IsOnAndroidOlderThan_4_2()) {
+ LOG(INFO) << "This test can't run on Android < 4.2";
ppi 2013/01/29 17:57:10 nit: should this be indented with two spaces?
digit1 2013/01/29 23:17:39 Done.
+ return;
+ }
+
+ crypto::ScopedOpenSSL<EVP_PKEY, EVP_PKEY_free> openssl_key(
+ GetRSATestKeyOpenSSL());
+ ASSERT_TRUE(openssl_key.get() != NULL);
+
+ // Message size must be 36 for RSA_sign(NID_md5_sha1,...) to return
+ // without an error.
+ // See third_party/openssl/openssl/crypto/rsa/rsa_sign.c
+ std::string message = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
+ ASSERT_EQ(36U, message.size());
+
+ std::string signature;
+ DoKeySigning(rsa_key.obj(), openssl_key.get(), message, &signature);
+ CompareSignatureWithOpenSSL(message, signature, openssl_key.get());
+ // All good.
+}
+
+TEST(AndroidKeyStore,SignWithWrapperKeyRSA) {
+ crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
+
+ ScopedJavaLocalRef<jobject> rsa_key = GetRSATestKey();
+ ASSERT_FALSE(rsa_key.is_null());
+
+ if (IsOnAndroidOlderThan_4_2()) {
+ LOG(INFO) << "This test can't run on Android < 4.2";
ppi 2013/01/29 17:57:11 nit: should this be indented with two spaces?
digit1 2013/01/29 23:17:39 Yes, I probably forgot to change my editor's setti
+ return;
+ }
+
+ crypto::ScopedOpenSSL<EVP_PKEY, EVP_PKEY_free> wrapper_key(
+ GetOpenSSLPrivateKeyWrapper(rsa_key.obj()));
+ ASSERT_TRUE(wrapper_key.get() != NULL);
+
+ crypto::ScopedOpenSSL<EVP_PKEY, EVP_PKEY_free> openssl_key(
+ GetRSATestKeyOpenSSL());
+ ASSERT_TRUE(openssl_key.get() != NULL);
+
+ // Message size must be 36 for RSA_sign(NID_md5_sha1,...) to return
+ // without an error.
+ std::string message = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
+ ASSERT_EQ(36U, message.size());
+
+ std::string signature;
+ DoKeySigningWithWrapper(wrapper_key.get(),
+ openssl_key.get(),
+ message,
+ &signature);
+ CompareSignatureWithOpenSSL(message, signature, openssl_key.get());
+ // All good.
+}
+
+TEST(AndroidKeyStore,GetPrivateKeySigningTypeDSA) {
+ crypto::OpenSSLErrStackTracer err_trace(FROM_HERE);
+
+ ScopedJavaLocalRef<jobject> dsa_key = GetDSATestKey();
+ ASSERT_FALSE(dsa_key.is_null());
+ EXPECT_EQ(CLIENT_CERT_DSS_SIGN,
+ GetPrivateKeySigningType(dsa_key.obj()));
+}
+
+TEST(AndroidKeyStore,SignWithPrivateKeyDSA) {
+ ScopedJavaLocalRef<jobject> dsa_key = GetDSATestKey();
+ ASSERT_FALSE(dsa_key.is_null());
+
+ crypto::ScopedOpenSSL<EVP_PKEY, EVP_PKEY_free> openssl_key(
+ GetDSATestKeyOpenSSL());
+ ASSERT_TRUE(openssl_key.get() != NULL);
+
+ // Message size must be 36 for DSA_sign(NID_md5_sha1,...) to return
+ // without an error.
+ // See third_party/openssl/openssl/crypto/dsa/dsa_sign.c
+ std::string message = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
+ ASSERT_EQ(36U, message.size());
+
+ std::string signature;
+ DoKeySigning(dsa_key.obj(), openssl_key.get(), message, &signature);
+ VerifyTestDSASignature(message, signature);
+ // All good.
+}
+
+// TODO(digit): Enable by implementing DSA_METHOD wrapper.
+TEST(AndroidKeyStore,DISABLED_SignWithWrapperKeyDSA) {
+ crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
+
+ ScopedJavaLocalRef<jobject> dsa_key = GetDSATestKey();
+ ASSERT_FALSE(dsa_key.is_null());
+
+ crypto::ScopedOpenSSL<EVP_PKEY, EVP_PKEY_free> wrapper_key(
+ GetOpenSSLPrivateKeyWrapper(dsa_key.obj()));
+ ASSERT_TRUE(wrapper_key.get() != NULL);
+
+ crypto::ScopedOpenSSL<EVP_PKEY, EVP_PKEY_free> openssl_key(
+ GetDSATestKeyOpenSSL());
+ ASSERT_TRUE(openssl_key.get() != NULL);
+
+ // Message size must be 36 for DSA_sign(NID_md5_sha1,...) to return
+ // without an error.
+ std::string message = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
+ ASSERT_EQ(36U, message.size());
+
+ std::string signature;
+ DoKeySigningWithWrapper(wrapper_key.get(),
+ openssl_key.get(),
+ message,
+ &signature);
+ VerifyTestDSASignature(message, signature);
+ // All good.
+}
+
+TEST(AndroidKeyStore,GetPrivateKeySigningTypeECDSA) {
+ crypto::OpenSSLErrStackTracer err_trace(FROM_HERE);
+
+ ScopedJavaLocalRef<jobject> ecdsa_key = GetECDSATestKey();
+ ASSERT_FALSE(ecdsa_key.is_null());
+ EXPECT_EQ(CLIENT_CERT_ECDSA_SIGN,
+ GetPrivateKeySigningType(ecdsa_key.obj()));
+}
+
+TEST(AndroidKeyStore,SignWithPrivateKeyECDSA) {
+ ScopedJavaLocalRef<jobject> ecdsa_key = GetECDSATestKey();
+ ASSERT_FALSE(ecdsa_key.is_null());
+
+ crypto::ScopedOpenSSL<EVP_PKEY, EVP_PKEY_free> openssl_key(
+ GetECDSATestKeyOpenSSL());
+ ASSERT_TRUE(openssl_key.get() != NULL);
+
+ // Message size must be 36 for ECDSA_sign(NID_md5_sha1,...) to return
+ // without an error.
+ // See third_party/openssl/openssl/crypto/dsa/ecdsa_sign.c
+ std::string message = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
+ ASSERT_EQ(36U, message.size());
+
+ std::string signature;
+ DoKeySigning(ecdsa_key.obj(), openssl_key.get(), message, &signature);
+ VerifyTestECDSASignature(message, signature);
+ // All good.
+}
+
+// TODO(digit): Enable by implement ECDSA_METHOD wrapper.
+TEST(AndroidKeyStore,DISABLED_SignWithWrapperKeyECDSA) {
+ crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
+
+ ScopedJavaLocalRef<jobject> ecdsa_key = GetECDSATestKey();
+ ASSERT_FALSE(ecdsa_key.is_null());
+
+ crypto::ScopedOpenSSL<EVP_PKEY, EVP_PKEY_free> wrapper_key(
+ GetOpenSSLPrivateKeyWrapper(ecdsa_key.obj()));
+ ASSERT_TRUE(wrapper_key.get() != NULL);
+
+ crypto::ScopedOpenSSL<EVP_PKEY, EVP_PKEY_free> openssl_key(
+ GetECDSATestKeyOpenSSL());
+ ASSERT_TRUE(openssl_key.get() != NULL);
+
+ // Message size must be 36 for ECDSA_sign(NID_md5_sha1,...) to return
+ // without an error.
+ std::string message = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
+ ASSERT_EQ(36U, message.size());
+
+ std::string signature;
+ DoKeySigningWithWrapper(wrapper_key.get(),
+ openssl_key.get(),
+ message,
+ &signature);
+ VerifyTestECDSASignature(message, signature);
+ // All good.
+}
+
+} // namespace android
+} // namespace net
« net/android/keystore.h ('K') | « net/android/keystore_openssl.cc ('k') | net/android/net_jni_registrar.cc » ('j') | net/net.gyp » ('J')

Powered by Google App Engine
This is Rietveld 408576698