Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(473)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/quic/crypto/proof_source_chromium_openssl.cc

Issue 1309813003: Implement an openssl version of a QUIC ProofSource. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Fix comments Created 5 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/quic/crypto/proof_source_chromium_nss.cc ('k') | net/quic/quic_crypto_server_stream_test.cc » ('j') | net/quic/test_tools/crypto_test_utils_chromium.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/quic/crypto/proof_source_chromium.h"
6
davidben 2015/08/25 19:33:02 This should include: #include <openssl/digest.h>
Ryan Hamilton 2015/08/26 18:52:14 Done.
7 #include "base/strings/string_number_conversions.h"
8 #include "crypto/openssl_util.h"
9 #include "net/quic/crypto/crypto_protocol.h"
10 #include "net/ssl/scoped_openssl_types.h"
11
12 using std::string;
13 using std::vector;
14
15 namespace net {
16
17 ProofSourceChromium::ProofSourceChromium() {}
18
19 ProofSourceChromium::~ProofSourceChromium() {}
20
21 bool ProofSourceChromium::Initialize(const base::FilePath& cert_path,
22 const base::FilePath& key_path) {
23 crypto::EnsureOpenSSLInit();
24
25 std::string cert_data;
26 if (!base::ReadFileToString(cert_path, &cert_data)) {
27 DLOG(FATAL) << "Unable to read certificates.";
28 return false;
29 }
30
31 CertificateList certs_in_file =
32 X509Certificate::CreateCertificateListFromBytes(
33 cert_data.data(), cert_data.size(), X509Certificate::FORMAT_AUTO);
34
35 if (certs_in_file.empty()) {
36 DLOG(FATAL) << "No certificates.";
37 return false;
38 }
39
40 for (const scoped_refptr<X509Certificate>& cert : certs_in_file) {
41 std::string der_encoded_cert;
42 if (!X509Certificate::GetDEREncoded(cert->os_cert_handle(),
43 &der_encoded_cert)) {
44 return false;
45 }
46 certificates_.push_back(der_encoded_cert);
47 }
48
49 std::string key_data;
50 if (!base::ReadFileToString(key_path, &key_data)) {
51 DLOG(FATAL) << "Unable to read key.";
52 return false;
53 }
54
55 const uint8_t* p = reinterpret_cast<const uint8_t*>(key_data.data());
56 std::vector<uint8_t> input(p, p + key_data.size());
57 private_key_.reset(crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(input));
58 if (private_key_.get() == nullptr) {
59 DLOG(FATAL) << "Unable to create private key.";
60 return false;
61 }
62 return true;
63 }
64
65 bool ProofSourceChromium::GetProof(const IPAddressNumber& server_ip,
66 const string& hostname,
67 const string& server_config,
68 bool ecdsa_ok,
69 const vector<string>** out_certs,
70 string* out_signature) {
71 DCHECK(private_key_.get()) << " this: " << this;
72
73 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
74 const EVP_MD* const digest = EVP_sha256();
75 DCHECK(digest);
davidben 2015/08/25 19:33:02 Nit: I wouldn't even bother with that. :-) This fu
Ryan Hamilton 2015/08/26 18:52:14 Done.
76 crypto::ScopedEVP_MD_CTX sign_context(EVP_MD_CTX_create());
77 EVP_PKEY_CTX* pkey_ctx;
78 if (!EVP_DigestSignInit(sign_context.get(), &pkey_ctx, digest, NULL,
davidben 2015/08/25 19:33:02 Nit: nullptr
Ryan Hamilton 2015/08/26 18:52:14 Done.
79 private_key_->key()) ||
80 !EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING) ||
81 !EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, -1) ||
82 !EVP_DigestSignUpdate(sign_context.get(), reinterpret_cast<const uint8*>(
83 kProofSignatureLabel),
84 sizeof(kProofSignatureLabel)) ||
85 !EVP_DigestSignUpdate(sign_context.get(), reinterpret_cast<const uint8*>(
86 server_config.data()),
87 server_config.size())) {
88 return false;
89 }
90
91 // Determine the maximum length of the signature.
92 size_t len = 0;
93 if (!EVP_DigestSignFinal(sign_context.get(), NULL, &len)) {
davidben 2015/08/25 19:33:02 Nit: nullptr
Ryan Hamilton 2015/08/26 18:52:14 Done.
94 DLOG(ERROR) << "Unable to finalize signature.";
davidben 2015/08/25 19:33:02 Nit: I wouldn't bother. :-) *shrug*
Ryan Hamilton 2015/08/26 18:52:14 Done. Because it can't fail?
95 return false;
96 }
97 std::vector<uint8_t> signature(len);
98 // Sign it.
99 if (!EVP_DigestSignFinal(sign_context.get(), vector_as_array(&signature),
100 &len)) {
101 return false;
102 }
103 signature.resize(len);
104 out_signature->assign(reinterpret_cast<const char*>(&signature[0]),
105 signature.size());
106 *out_certs = &certificates_;
107 VLOG(1) << "signature: "
108 << base::HexEncode(out_signature->data(), out_signature->size());
109 return true;
110 }
111
112 } // namespace net
OLDNEW
« no previous file with comments | « net/quic/crypto/proof_source_chromium_nss.cc ('k') | net/quic/quic_crypto_server_stream_test.cc » ('j') | net/quic/test_tools/crypto_test_utils_chromium.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698