summaryrefslogtreecommitdiffstats
path: root/net/data
diff options
context:
space:
mode:
authordigit@chromium.org <digit@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2013-02-11 20:13:45 +0000
committerdigit@chromium.org <digit@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2013-02-11 20:13:45 +0000
commit03a07b2ea1a0cb314a7ef409d142cd0f668b2254 (patch)
tree87af038f051e44830d200d5ca7464b67ad3ea3b1 /net/data
parenta298f6e45114bdee170ed807033ba9fb5e00f35a (diff)
downloadchromium_src-03a07b2ea1a0cb314a7ef409d142cd0f668b2254.zip
chromium_src-03a07b2ea1a0cb314a7ef409d142cd0f668b2254.tar.gz
chromium_src-03a07b2ea1a0cb314a7ef409d142cd0f668b2254.tar.bz2
This patch adds some Android-support code to allow the network
stack to use platform-specific private key objects to perform signing in the context of SSL handshakes which require a client certificate. More specifically: - Add net/android/keystore.h, which provides native functions to operate on JNI references pointing to java.security.PrivateKey objects provided by the platform. I.e.: net::android::GetPrivateKeyType() net::android::SignWithPrivateKey() Also provide a function that can get the system's own EVP_PKEY* handle corresponding to a given PrivateKey object. This uses reflection and should *only* be used for RSA private keys when running on Android 4.0 and 4.1, in order to route around a platform bug that was only fixed in 4.2. net::android::GetOpenSSLSytstemHandleForPrivateKey() See the comments in this source file for mode details: net/android/java/org/chromium/net/AndroidKeyStore.java - Add net/android/keystore_openssl.h, which provides a function that can wrap an existing PrivateKey JNI reference around an OpenSSL EVP_PKEY object which uses custom DSA/RSA/ECDSA methods to perform signing as expected to handle client certificates. net::android::GetOpenSSLPrivateKeyWrapper() - Add relevant unit tests for the new functions. Note that the unit test comes with its own Java helper function, which is used to create a platform PrivateKey object from encoded PKCS#8 private key data. This is called from the native unit test, but does not constitute a new Java test (AndroidKeyStoreTestUtil.java). - Add corresponding new test key files under net/data/ssl/certificates/, and their generation script in net/data/ssl/scripts/. - Add net/android/private_key_type_list.h which is used both from C++ and Java to define the list of supported private key types used by this code. - Minor improvements: Add a "release()" method to crypto::ScopedOpenSSL, add missing BASE_EXPORT to one base/android/jni_array.h function declaration. BUG=166642 Review URL: https://chromiumcodereview.appspot.com/11571059 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@181741 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/data')
-rw-r--r--net/data/ssl/certificates/README9
-rw-r--r--net/data/ssl/certificates/android-test-key-dsa-public.pem20
-rw-r--r--net/data/ssl/certificates/android-test-key-dsa.pem20
-rw-r--r--net/data/ssl/certificates/android-test-key-ecdsa-public.pem4
-rw-r--r--net/data/ssl/certificates/android-test-key-ecdsa.pem8
-rw-r--r--net/data/ssl/certificates/android-test-key-rsa.pem27
-rwxr-xr-xnet/data/ssl/scripts/generate-android-test-keys.sh56
7 files changed, 144 insertions, 0 deletions
diff --git a/net/data/ssl/certificates/README b/net/data/ssl/certificates/README
index 61d6357..f249728 100644
--- a/net/data/ssl/certificates/README
+++ b/net/data/ssl/certificates/README
@@ -136,3 +136,12 @@ unit tests.
and a private key created for WebSocket testing. The password is "".
This file is used in SSLUITest.TestWSSClientCert.
+- android-test-key-rsa.pem
+- android-test-key-dsa.pem
+- android-test-key-dsa-public.pem
+- android-test-key-ecdsa.pem
+- android-test-key-ecdsa-public.pem
+ This is a set of test RSA/DSA/ECDSA keys used by the Android-specific
+ unit test in net/android/keystore_unittest.c. They are used to verify
+ that the OpenSSL-specific wrapper for platform PrivateKey objects
+ works properly. See the generate-android-test-keys.sh script.
diff --git a/net/data/ssl/certificates/android-test-key-dsa-public.pem b/net/data/ssl/certificates/android-test-key-dsa-public.pem
new file mode 100644
index 0000000..f996809
--- /dev/null
+++ b/net/data/ssl/certificates/android-test-key-dsa-public.pem
@@ -0,0 +1,20 @@
+-----BEGIN PUBLIC KEY-----
+MIIDRjCCAjkGByqGSM44BAEwggIsAoIBAQDaJruwQmE1uMS2WnGl6L2UQy8iHmcs
+74gWjym/8HVVdLXsC3wGoXGj0vj3Zr7DpgzrXBAWj2JILVApJgbFIbEFLAHcv6Bd
+/3PjbRrva4PMQypul1o+j9IiFn2oemeVoCz77mz5aczfq7AoiMnMpdP501qcAOF2
+gDR61r1BO8QRV9gkbOLpZHX101NB9GW+PKR7C+SJBN5rVVX2YgtxPe/Km5jFgIuS
+P76eSvxGh1kUApFDhqEDh7Gck5Slt6lJDPj399MZC74XrrdbjrZbO/jt5TsLxRac
+SvI0waX+49+UnHYb3cjPynMkBgLDl7itMluTm3nS8IkgKKgYPiEAXlKbAiEAu0Ip
+TvTF7SfYMd5me26T40Fa2mAWYzWQLF10WvqheOcCggEAarH6R0LvhcWInCB1Yr4U
+FA3QjynYWfxZZ6g+Tf/NxPQmVj720SEm+QfiZnrtSReTctBHJPkcrzHVU53LNVPx
+CxvoVJUEdUhxWUV0o0PXBUfJZB3JdVXLGEu4MlXkwFh87+S3Y/+9yeMog3SaaqDA
+cISNUQSWd+q5oiAeFdYiaTjY+qD+UGBChL/w8QSrr0BRiHF1EskKI3bFmqQzDjD7
+9xm4wEGUiMvF+dHa50rjIzD+EyWvbkq3HonB7N7DDciVQ1V/qGmI6dvP5yf/Ml90
+YDL8QIrXWP2p81FlvfU3QE9tjI6Bo5cjTavRU7WORN0it9B3pmvyL++E1EGd6hBr
+qwOCAQUAAoIBAFR3VCzbhpt1iR/LpAlN2QIeQ4r2vkng6CJaxSQZBKBc1CjFHAXy
+4QIThVpagyH+QM4I5pPIxkcXpFwEPHzuZow8/4DMA6IlPJ6R8ih1IgWGqzASzXYv
+ZrlasBUjTS4no54L9PueAfZ2G0Rc9ePZ8snH9zsQVu5Rd2+zUkAUzR0jCT/zveeQ
+t9c/px8356C4beEUAFoiXbSNMDruVdFemEwC5oCIwMBamPUxf//Og74Wg0W/0DNW
+j8ffKNht51i+537vjBjVlLd/ETXARhAZg83jcqKKG0I4hECFZE5xBl0flU82pQAf
+eKk0vNRiuAXKgxNor+pnpXC3qqMkxuwQBls=
+-----END PUBLIC KEY-----
diff --git a/net/data/ssl/certificates/android-test-key-dsa.pem b/net/data/ssl/certificates/android-test-key-dsa.pem
new file mode 100644
index 0000000..3e0ec61
--- /dev/null
+++ b/net/data/ssl/certificates/android-test-key-dsa.pem
@@ -0,0 +1,20 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIDVQIBAAKCAQEA2ia7sEJhNbjEtlpxpei9lEMvIh5nLO+IFo8pv/B1VXS17At8
+BqFxo9L492a+w6YM61wQFo9iSC1QKSYGxSGxBSwB3L+gXf9z420a72uDzEMqbpda
+Po/SIhZ9qHpnlaAs++5s+WnM36uwKIjJzKXT+dNanADhdoA0eta9QTvEEVfYJGzi
+6WR19dNTQfRlvjykewvkiQTea1VV9mILcT3vypuYxYCLkj++nkr8RodZFAKRQ4ah
+A4exnJOUpbepSQz49/fTGQu+F663W462Wzv47eU7C8UWnEryNMGl/uPflJx2G93I
+z8pzJAYCw5e4rTJbk5t50vCJICioGD4hAF5SmwIhALtCKU70xe0n2DHeZntuk+NB
+WtpgFmM1kCxddFr6oXjnAoIBAGqx+kdC74XFiJwgdWK+FBQN0I8p2Fn8WWeoPk3/
+zcT0JlY+9tEhJvkH4mZ67UkXk3LQRyT5HK8x1VOdyzVT8Qsb6FSVBHVIcVlFdKND
+1wVHyWQdyXVVyxhLuDJV5MBYfO/kt2P/vcnjKIN0mmqgwHCEjVEElnfquaIgHhXW
+Imk42Pqg/lBgQoS/8PEEq69AUYhxdRLJCiN2xZqkMw4w+/cZuMBBlIjLxfnR2udK
+4yMw/hMlr25Ktx6Jwezeww3IlUNVf6hpiOnbz+cn/zJfdGAy/ECK11j9qfNRZb31
+N0BPbYyOgaOXI02r0VO1jkTdIrfQd6Zr8i/vhNRBneoQa6sCggEAVHdULNuGm3WJ
+H8ukCU3ZAh5Diva+SeDoIlrFJBkEoFzUKMUcBfLhAhOFWlqDIf5Azgjmk8jGRxek
+XAQ8fO5mjDz/gMwDoiU8npHyKHUiBYarMBLNdi9muVqwFSNNLiejngv0+54B9nYb
+RFz149nyycf3OxBW7lF3b7NSQBTNHSMJP/O955C31z+nHzfnoLht4RQAWiJdtI0w
+Ou5V0V6YTALmgIjAwFqY9TF//86DvhaDRb/QM1aPx98o2G3nWL7nfu+MGNWUt38R
+NcBGEBmDzeNyooobQjiEQIVkTnEGXR+VTzalAB94qTS81GK4BcqDE2iv6melcLeq
+oyTG7BAGWwIgUF1cgjzMuvW665RmAumSL2vvkRuNm54i8cHSq53ZVq8=
+-----END DSA PRIVATE KEY-----
diff --git a/net/data/ssl/certificates/android-test-key-ecdsa-public.pem b/net/data/ssl/certificates/android-test-key-ecdsa-public.pem
new file mode 100644
index 0000000..4512622
--- /dev/null
+++ b/net/data/ssl/certificates/android-test-key-ecdsa-public.pem
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEJH4uX5l3CYLPIQ7tXxBjtPZN7HVf
+l4uyPAs6VCPitxLjEcKq3w/wwnPAbhbXN7bnC6lq1Yro/5vlpa1RGB46yQ==
+-----END PUBLIC KEY-----
diff --git a/net/data/ssl/certificates/android-test-key-ecdsa.pem b/net/data/ssl/certificates/android-test-key-ecdsa.pem
new file mode 100644
index 0000000..6f128bd
--- /dev/null
+++ b/net/data/ssl/certificates/android-test-key-ecdsa.pem
@@ -0,0 +1,8 @@
+-----BEGIN EC PARAMETERS-----
+BggqhkjOPQMBBw==
+-----END EC PARAMETERS-----
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIFb6/5kje8LB6bKDjQbfr2d4wfvLjy+SNs7j4J1eEF+FoAoGCCqGSM49
+AwEHoUQDQgAEJH4uX5l3CYLPIQ7tXxBjtPZN7HVfl4uyPAs6VCPitxLjEcKq3w/w
+wnPAbhbXN7bnC6lq1Yro/5vlpa1RGB46yQ==
+-----END EC PRIVATE KEY-----
diff --git a/net/data/ssl/certificates/android-test-key-rsa.pem b/net/data/ssl/certificates/android-test-key-rsa.pem
new file mode 100644
index 0000000..cd771fb6
--- /dev/null
+++ b/net/data/ssl/certificates/android-test-key-rsa.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAtGeaaS0gTqtgxhVXHEvwq04nAj8G0VCC8QjJW1ULVA576lhy
+3IfdP3CxSLUYaJ4QNlXswDkbV8U8VPwresHqd1OTcCII774hLNFw7QtTmi1dM3rL
+kOHApeCUa32VzZSuzCyu9f2/T4HvEH367GDTIxk1NEoXKSuehjMUFiqmtJEZjHSK
+agq3p8NLTP/WpMm1WfEg5QRBQaQ82hOYN8CDaRSOW2GuHw+qZAtA7n033yX8cu3H
+khPT5INk04/byZVDMNK1hbf90y+0XeZRZAKZ9rklMnz3jPJvLLsVwSMexJnRbe/G
+cQyE9V1jHN9aGeBlm+9xvv3VjddNhaxhYLDYuQIDAQABAoIBAF5MCRoQzGJSkjL3
+1KCl0Ra5swoph5bBTrBOt3FV8qXtLDhCI0fCfJM8hG5MuoV0mWTNZQLU1sX6Ap8p
+cFCqK7RTqy1hnOozp4OVtkExOnHMZHsUJHOGjPwnd2z4J+VdYkC22n0aNXWJpTwp
+nY8QzUv7USQT1ide9W2QJV+wy5J1pQt4U/TH44FD6ceYXzEKCwHb1FXK4YOS0xgR
+mW3gKFdHAYwk6OTyJOTLoa8zRL+8w7cTx2uNbf5EXeSMPjVl6SsVqJxOoBxVhi6M
+Hj/pV4xs2sF2iqRlRZLpR5nOeJEwiELCymDgSzvSh0PZKAQzEvdYbH91vSEu6d+Q
+gSGgkAECgYEA1wepPWDJyYPXPfemqeNrq7uVMwO3EI9IwlI+ouZ1sPHDEcQ3dNGw
+5/QK7mgG++Wn+EfDkD1U26qGaGiWlCHTC/YlQ1tyrw3KqqV4QT+AIHJnr52PMUTu
+vpSUJEfLMEboa8nsdHRHvScqqhijgI5fY4RJa20EVAjA0DRB/BSyEuECgYEA1scO
+Q7s0jXWIfK/Y0z8WFfcHd1+xdIEueGqfI/Qx57Gsaen6mOKC6nESzq2GOiiXdX4X
+NzdqPhZ1TWt+8FtSjDx61xFYldVf/0mSMn0skUSshKkBxZoKT65mmH2aRn9Mh1W7
+PaIN/JCi20kaZqhbaNhPi/Dd6SK2CIJco9Dx2NkCgYEAjHYqrTdeWM5QeeAd9Hfk
+S4f7TBmvKZgPVTBYThzw4Cbs39wmxZ58Suh1g4pclYtND7gBHWWS2vMnXWiEhDsc
+G4IskTVZUtRVgOcaCLUsQwW4iVUIxoxa0A9KPfDP37dR96ctWFzkx8Cf9ACoPT/D
+O8ScGRpba3FUUizwtXPnZsECgYA7ltjPU/ZdtRlcNtG6sosnJvWsWiF7CIhjInnq
+2Mqr1PDYJfHAT0AxWZP1QdG2+yIimAxK5pYUidib1VJPz5aUkAco+ogQcjYDN19X
+oMEnwNz4pYd3Uqi/uMyATIDsRE9wUQn1LKwiweJdYufvSZCrAzD2y6pWD6pfrAOV
+89fV6QKBgQDADTt1uVUPm2XpAkRAgKT7hncHnMcVqXvQsrqbHlbC7SARTbX0lUga
+eO18L/k3h5XGXSQbVeVHdo5EZOEqQkiGcQbOgtRosMp/+6XtPMyvMMxWRhjIcyAJ
+5czOAcXm8iVv7m89w+QnK+zMsLkY0j0X70lDXq7Tui+VH9lXa4wjtw==
+-----END RSA PRIVATE KEY-----
diff --git a/net/data/ssl/scripts/generate-android-test-keys.sh b/net/data/ssl/scripts/generate-android-test-keys.sh
new file mode 100755
index 0000000..1c297e3
--- /dev/null
+++ b/net/data/ssl/scripts/generate-android-test-keys.sh
@@ -0,0 +1,56 @@
+#!/bin/sh
+
+# Copyright (c) 2013 The Chromium Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+# This script is used to generate the test keys for the unit test in
+# android/keystore_unittest.c.
+#
+# These are test RSA / DSA / ECDSA private keys in PKCS#8 format, as well
+# as the corresponding DSA / ECDSA public keys.
+#
+
+# Exit script as soon a something fails.
+set -e
+
+mkdir -p out
+rm -rf out/*
+
+# Generate a single 2048-bits RSA private key in PKCS#8 format.
+KEY=android-test-key-rsa
+openssl genrsa \
+ -out out/$KEY.pem \
+ 2048
+
+# Generate a 2048-bits DSA private key in PKCS#8 format,
+# as well as its public key in X.509 DER format.
+KEY=android-test-key-dsa
+openssl dsaparam \
+ -out out/$KEY.param.pem \
+ 2048
+
+openssl gendsa \
+ -out out/$KEY.pem \
+ out/$KEY.param.pem
+
+openssl dsa \
+ -in out/$KEY.pem \
+ -outform PEM \
+ -out out/$KEY-public.pem \
+ -pubout
+
+rm out/$KEY.param.pem
+
+# Generate an ECDSA private key, in PKCS#8 format,
+# as well as its public key in X.509 DER format.
+KEY=android-test-key-ecdsa
+openssl ecparam -genkey -name prime256v1 -out out/$KEY.pem
+
+openssl ec \
+ -in out/$KEY.pem \
+ -outform PEM \
+ -out out/$KEY-public.pem \
+ -pubout
+
+# We're done here.
generated by cgit v1.1 at 2025-01-26 21:35:31 +0000