Implements RSAPrivateKey for openssl.

base/crypto/rsa_private_key_openssl.cc

 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "base/crypto/rsa_private_key.h"
 
+#include <openssl/evp.h>
+#include <openssl/pkcs12.h>
+#include <openssl/rsa.h>
+
 #include "base/logging.h"
+#include "base/openssl_util.h"
+#include "base/scoped_ptr.h"
+#include "base/stl_util-inl.h"
 
 namespace base {
 
-// static
-RSAPrivateKey* RSAPrivateKey::CreateWithParams(uint16 num_bits,
-                                               bool permanent,
-                                               bool sensitive) {
-  NOTIMPLEMENTED();
-  return NULL;
+namespace {
+
+// Helper to export the specified key in the required format. If
+// |export_private| is true the full key is exported, otherwise only the
+// public part is written.
+bool ExportKey(EVP_PKEY* key, bool export_private, std::vector<uint8>* output) {
+  if (!key)
+    return false;
+
+  ScopedOpenSSL<BIO, BIO_free_all> bio(BIO_new(BIO_s_mem()));
+
+  // Call the appropriate function depending on the flag.
+  int res = (export_private ? i2d_PKCS8PrivateKeyInfo_bio : i2d_PUBKEY_bio)(

[bulach, 2010/11/17 11:52:30]

the object code would probably be the same, by I think it'd  be more readable to
split:

typedef int (Function)(BIO*, EVP_PKEY*);

// Choose the appropriate function depending on the flag.
Function* f = export_private ? i2d_PKCS8PrivateKeyInfo_bio : i2d_PUBKEY_bio;

int res = (*f)(bio.get(), key);

[joth, 2010/11/17 14:31:24]

Once we have the typedef, I think it's even clearer to just pass the function
pointer in instead of a bool.
-> Done.

+      bio.get(), key);
+  ClearOpenSSLERRStack();
+  if (!res)
+    return false;
+
+  char* data = NULL;
+  long len = BIO_get_mem_data(bio.get(), &data);
+  if (!data || len < 0)
+    return false;
+
+  STLAssignToVector(output, reinterpret_cast<const uint8*>(data), len);
+  return true;
 }
 
+}  // namespace
+
 // static
 RSAPrivateKey* RSAPrivateKey::Create(uint16 num_bits) {
-  return CreateWithParams(num_bits,
-                          false /* not permanent */,
-                          false /* not sensitive */);
+  EnsureOpenSSLInit();
+
+  ScopedOpenSSL<RSA, RSA_free> rsa_key(RSA_generate_key(num_bits, 65537L,
+                                                        NULL, NULL));
+  ClearOpenSSLERRStack();
+  if (!rsa_key.get())
+    return NULL;
+
+  scoped_ptr<RSAPrivateKey> self(new RSAPrivateKey);

[bulach, 2010/11/17 11:52:30]

not really "self", perhaps new_key ?

[joth, 2010/11/17 14:31:24]

Huh, I've got a habit of using self as a surrogate 'this' in static factory
functions. The other platforms use result, so switched to that.

+  self->key_ = EVP_PKEY_new();
+  if (!self->key_ || !EVP_PKEY_set1_RSA(self->key_, rsa_key.get()))
+    return NULL;
+
+  return self.release();
 }
 
 // static
 RSAPrivateKey* RSAPrivateKey::CreateSensitive(uint16 num_bits) {
-  return CreateWithParams(num_bits,
-                          true /* permanent */,
-                          true /* sensitive */);
-}
-
-// static
-RSAPrivateKey* RSAPrivateKey::CreateFromPrivateKeyInfoWithParams(
-    const std::vector<uint8>& input, bool permanent, bool sensitive) {
   NOTIMPLEMENTED();
   return NULL;
 }
 
 // static
 RSAPrivateKey* RSAPrivateKey::CreateFromPrivateKeyInfo(
     const std::vector<uint8>& input) {
-  return CreateFromPrivateKeyInfoWithParams(input,
-                                            false /* not permanent */,
-                                            false /* not sensitive */);
+  EnsureOpenSSLInit();
+
+  // BIO_new_mem_buf is not const aware, but it does not modify the buffer.
+  char* data = reinterpret_cast<char*>(const_cast<uint8*>(input.data()));
+  ScopedOpenSSL<BIO, BIO_free_all> bio(BIO_new_mem_buf(data, input.size()));
+  if (!bio.get())
+    return NULL;
+
+  // Importing is a little more involved than exporting, as we must first
+  // PKCS#8 decode the input, and then import the EVP_PKEY from Private Key
+  // Info structure returned.
+  ScopedOpenSSL<PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_free> p8inf(
+      d2i_PKCS8_PRIV_KEY_INFO_bio(bio.get(), NULL));
+  ClearOpenSSLERRStack();
+  if (!p8inf.get())
+    return NULL;
+
+  scoped_ptr<RSAPrivateKey> self(new RSAPrivateKey);

[bulach, 2010/11/17 11:52:30]

ditto

[joth, 2010/11/17 14:31:24]

Done.

+  self->key_ = EVP_PKCS82PKEY(p8inf.get());
+  ClearOpenSSLERRStack();
+  if (!self->key_)
+    return NULL;
+
+  return self.release();
 }
 
 // static
 RSAPrivateKey* RSAPrivateKey::CreateSensitiveFromPrivateKeyInfo(
     const std::vector<uint8>& input) {
-  return CreateFromPrivateKeyInfoWithParams(input,
-                                            true /* permanent */,
-                                            true /* seneitive */);
+  NOTIMPLEMENTED();
+  return NULL;
 }
 
 // static
 RSAPrivateKey* RSAPrivateKey::FindFromPublicKeyInfo(
     const std::vector<uint8>& input) {
   NOTIMPLEMENTED();
   return NULL;
 }
 
-RSAPrivateKey::RSAPrivateKey() {
+RSAPrivateKey::RSAPrivateKey()
+    : key_(NULL) {
 }
 
 RSAPrivateKey::~RSAPrivateKey() {
+  if (key_)
+    EVP_PKEY_free(key_);

[bulach, 2010/11/17 11:52:30]

we should really add release to the ScopedOpenSSL..

[joth, 2010/11/17 14:31:24]

I think you mean reset() ?
I'm doing that in my next CL, but it won't really help here as I'd then have to
pull openssl_util.h and worse <openssl/evp.h> into the cross platform header
that declares this class, which doesn't sound good.

 }
 
 bool RSAPrivateKey::ExportPrivateKey(std::vector<uint8>* output) {
-  NOTIMPLEMENTED();
-  return false;
+  return ExportKey(key_, true /* private */, output);
 }
 
 bool RSAPrivateKey::ExportPublicKey(std::vector<uint8>* output) {
-  NOTIMPLEMENTED();
-  return false;
+  return ExportKey(key_, false /* !private */, output);
 }
 
 }  // namespace base