Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(399)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/quic/crypto/proof_source_chromium_openssl.cc

Issue 1309813003: Implement an openssl version of a QUIC ProofSource. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: More iOS fix Created 5 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/quic/crypto/proof_source_chromium_nss.cc ('k') | net/quic/quic_crypto_server_stream_test.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/quic/crypto/proof_source_chromium.h"
6
7 #include <openssl/digest.h>
8 #include <openssl/evp.h>
9 #include <openssl/rsa.h>
10
11 #include "base/strings/string_number_conversions.h"
12 #include "crypto/openssl_util.h"
13 #include "net/quic/crypto/crypto_protocol.h"
14 #include "net/ssl/scoped_openssl_types.h"
15
16 using std::string;
17 using std::vector;
18
19 namespace net {
20
21 ProofSourceChromium::ProofSourceChromium() {}
22
23 ProofSourceChromium::~ProofSourceChromium() {}
24
25 bool ProofSourceChromium::Initialize(const base::FilePath& cert_path,
26 const base::FilePath& key_path) {
27 crypto::EnsureOpenSSLInit();
28
29 std::string cert_data;
30 if (!base::ReadFileToString(cert_path, &cert_data)) {
31 DLOG(FATAL) << "Unable to read certificates.";
32 return false;
33 }
34
35 CertificateList certs_in_file =
36 X509Certificate::CreateCertificateListFromBytes(
37 cert_data.data(), cert_data.size(), X509Certificate::FORMAT_AUTO);
38
39 if (certs_in_file.empty()) {
40 DLOG(FATAL) << "No certificates.";
41 return false;
42 }
43
44 for (const scoped_refptr<X509Certificate>& cert : certs_in_file) {
45 std::string der_encoded_cert;
46 if (!X509Certificate::GetDEREncoded(cert->os_cert_handle(),
47 &der_encoded_cert)) {
48 return false;
49 }
50 certificates_.push_back(der_encoded_cert);
51 }
52
53 std::string key_data;
54 if (!base::ReadFileToString(key_path, &key_data)) {
55 DLOG(FATAL) << "Unable to read key.";
56 return false;
57 }
58
59 const uint8_t* p = reinterpret_cast<const uint8_t*>(key_data.data());
60 std::vector<uint8_t> input(p, p + key_data.size());
61 private_key_.reset(crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(input));
62 if (private_key_.get() == nullptr) {
63 DLOG(FATAL) << "Unable to create private key.";
64 return false;
65 }
66 return true;
67 }
68
69 bool ProofSourceChromium::GetProof(const IPAddressNumber& server_ip,
70 const string& hostname,
71 const string& server_config,
72 bool ecdsa_ok,
73 const vector<string>** out_certs,
74 string* out_signature) {
75 DCHECK(private_key_.get()) << " this: " << this;
76
77 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
78 crypto::ScopedEVP_MD_CTX sign_context(EVP_MD_CTX_create());
79 EVP_PKEY_CTX* pkey_ctx;
80 if (!EVP_DigestSignInit(sign_context.get(), &pkey_ctx, EVP_sha256(), nullptr,
81 private_key_->key()) ||
82 !EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING) ||
83 !EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, -1) ||
84 !EVP_DigestSignUpdate(sign_context.get(), reinterpret_cast<const uint8*>(
85 kProofSignatureLabel),
86 sizeof(kProofSignatureLabel)) ||
87 !EVP_DigestSignUpdate(sign_context.get(), reinterpret_cast<const uint8*>(
88 server_config.data()),
89 server_config.size())) {
90 return false;
91 }
92
93 // Determine the maximum length of the signature.
94 size_t len = 0;
95 if (!EVP_DigestSignFinal(sign_context.get(), nullptr, &len)) {
96 return false;
97 }
98 std::vector<uint8_t> signature(len);
99 // Sign it.
100 if (!EVP_DigestSignFinal(sign_context.get(), vector_as_array(&signature),
101 &len)) {
102 return false;
103 }
104 signature.resize(len);
105 out_signature->assign(reinterpret_cast<const char*>(&signature[0]),
106 signature.size());
107 *out_certs = &certificates_;
108 VLOG(1) << "signature: "
109 << base::HexEncode(out_signature->data(), out_signature->size());
110 return true;
111 }
112
113 } // namespace net
OLDNEW
« no previous file with comments | « net/quic/crypto/proof_source_chromium_nss.cc ('k') | net/quic/quic_crypto_server_stream_test.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698