Chromium Code Reviews Chromium Code Reviews
Issue 5047003:
Implements RSAPrivateKey for openssl. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| Index: base/crypto/rsa_private_key_openssl.cc |
| diff --git a/base/crypto/rsa_private_key_openssl.cc b/base/crypto/rsa_private_key_openssl.cc |
| index ec1d8b5d7feca94f96d7ca7de1f797e51f1d1e55..f28d616d6b611a5f9aff336ef03e7f1675c582e5 100644 |
| --- a/base/crypto/rsa_private_key_openssl.cc |
| +++ b/base/crypto/rsa_private_key_openssl.cc |
| @@ -4,35 +4,66 @@ |
| #include "base/crypto/rsa_private_key.h" |
| +#include <openssl/evp.h> |
| +#include <openssl/pkcs12.h> |
| +#include <openssl/rsa.h> |
| + |
| #include "base/logging.h" |
| +#include "base/openssl_util.h" |
| +#include "base/scoped_ptr.h" |
| +#include "base/stl_util-inl.h" |
| namespace base { |
| -// static |
| -RSAPrivateKey* RSAPrivateKey::CreateWithParams(uint16 num_bits, |
| - bool permanent, |
| - bool sensitive) { |
| - NOTIMPLEMENTED(); |
| - return NULL; |
| +namespace { |
| + |
| +// Helper to export the specified key in the required format. If |
| +// |export_private| is true the full key is exported, otherwise only the |
| +// public part is written. |
| +bool ExportKey(EVP_PKEY* key, bool export_private, std::vector<uint8>* output) { |
| + if (!key) |
| + return false; |
| + |
| + ScopedOpenSSL<BIO, BIO_free_all> bio(BIO_new(BIO_s_mem())); |
| + |
| + // Call the appropriate function depending on the flag. |
| + int res = (export_private ? i2d_PKCS8PrivateKeyInfo_bio : i2d_PUBKEY_bio)( |
|
bulach
2010/11/17 11:52:30
the object code would probably be the same, by I t
joth
2010/11/17 14:31:24
Once we have the typedef, I think it's even cleare
|
| + bio.get(), key); |
| + ClearOpenSSLERRStack(); |
| + if (!res) |
| + return false; |
| + |
| + char* data = NULL; |
| + long len = BIO_get_mem_data(bio.get(), &data); |
| + if (!data || len < 0) |
| + return false; |
| + |
| + STLAssignToVector(output, reinterpret_cast<const uint8*>(data), len); |
| + return true; |
| } |
| +} // namespace |
| + |
| // static |
| RSAPrivateKey* RSAPrivateKey::Create(uint16 num_bits) { |
| - return CreateWithParams(num_bits, |
| - false /* not permanent */, |
| - false /* not sensitive */); |
| -} |
| + EnsureOpenSSLInit(); |
| -// static |
| -RSAPrivateKey* RSAPrivateKey::CreateSensitive(uint16 num_bits) { |
| - return CreateWithParams(num_bits, |
| - true /* permanent */, |
| - true /* sensitive */); |
| + ScopedOpenSSL<RSA, RSA_free> rsa_key(RSA_generate_key(num_bits, 65537L, |
| + NULL, NULL)); |
| + ClearOpenSSLERRStack(); |
| + if (!rsa_key.get()) |
| + return NULL; |
| + |
| + scoped_ptr<RSAPrivateKey> self(new RSAPrivateKey); |
|
bulach
2010/11/17 11:52:30
not really "self", perhaps new_key ?
joth
2010/11/17 14:31:24
Huh, I've got a habit of using self as a surrogate
|
| + self->key_ = EVP_PKEY_new(); |
| + if (!self->key_ || !EVP_PKEY_set1_RSA(self->key_, rsa_key.get())) |
| + return NULL; |
| + |
| + return self.release(); |
| } |
| // static |
| -RSAPrivateKey* RSAPrivateKey::CreateFromPrivateKeyInfoWithParams( |
| - const std::vector<uint8>& input, bool permanent, bool sensitive) { |
| +RSAPrivateKey* RSAPrivateKey::CreateSensitive(uint16 num_bits) { |
| NOTIMPLEMENTED(); |
| return NULL; |
| } |
| @@ -40,17 +71,37 @@ RSAPrivateKey* RSAPrivateKey::CreateFromPrivateKeyInfoWithParams( |
| // static |
| RSAPrivateKey* RSAPrivateKey::CreateFromPrivateKeyInfo( |
| const std::vector<uint8>& input) { |
| - return CreateFromPrivateKeyInfoWithParams(input, |
| - false /* not permanent */, |
| - false /* not sensitive */); |
| + EnsureOpenSSLInit(); |
| + |
| + // BIO_new_mem_buf is not const aware, but it does not modify the buffer. |
| + char* data = reinterpret_cast<char*>(const_cast<uint8*>(input.data())); |
| + ScopedOpenSSL<BIO, BIO_free_all> bio(BIO_new_mem_buf(data, input.size())); |
| + if (!bio.get()) |
| + return NULL; |
| + |
| + // Importing is a little more involved than exporting, as we must first |
| + // PKCS#8 decode the input, and then import the EVP_PKEY from Private Key |
| + // Info structure returned. |
| + ScopedOpenSSL<PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_free> p8inf( |
| + d2i_PKCS8_PRIV_KEY_INFO_bio(bio.get(), NULL)); |
| + ClearOpenSSLERRStack(); |
| + if (!p8inf.get()) |
| + return NULL; |
| + |
| + scoped_ptr<RSAPrivateKey> self(new RSAPrivateKey); |
|
bulach
2010/11/17 11:52:30
ditto
joth
2010/11/17 14:31:24
Done.
|
| + self->key_ = EVP_PKCS82PKEY(p8inf.get()); |
| + ClearOpenSSLERRStack(); |
| + if (!self->key_) |
| + return NULL; |
| + |
| + return self.release(); |
| } |
| // static |
| RSAPrivateKey* RSAPrivateKey::CreateSensitiveFromPrivateKeyInfo( |
| const std::vector<uint8>& input) { |
| - return CreateFromPrivateKeyInfoWithParams(input, |
| - true /* permanent */, |
| - true /* seneitive */); |
| + NOTIMPLEMENTED(); |
| + return NULL; |
| } |
| // static |
| @@ -60,20 +111,21 @@ RSAPrivateKey* RSAPrivateKey::FindFromPublicKeyInfo( |
| return NULL; |
| } |
| -RSAPrivateKey::RSAPrivateKey() { |
| +RSAPrivateKey::RSAPrivateKey() |
| + : key_(NULL) { |
| } |
| RSAPrivateKey::~RSAPrivateKey() { |
| + if (key_) |
| + EVP_PKEY_free(key_); |
|
bulach
2010/11/17 11:52:30
we should really add release to the ScopedOpenSSL.
joth
2010/11/17 14:31:24
I think you mean reset() ?
I'm doing that in my ne
|
| } |
| bool RSAPrivateKey::ExportPrivateKey(std::vector<uint8>* output) { |
| - NOTIMPLEMENTED(); |
| - return false; |
| + return ExportKey(key_, true /* private */, output); |
| } |
| bool RSAPrivateKey::ExportPublicKey(std::vector<uint8>* output) { |
| - NOTIMPLEMENTED(); |
| - return false; |
| + return ExportKey(key_, false /* !private */, output); |
| } |
| } // namespace base |
