| OLD | NEW |
|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/quic/core/crypto/p256_key_exchange.h" | 5 #include "net/quic/core/crypto/p256_key_exchange.h" |
| 6 | 6 |
| 7 #include <openssl/ec.h> | 7 #include <openssl/ec.h> |
| 8 #include <openssl/ecdh.h> | 8 #include <openssl/ecdh.h> |
| 9 #include <openssl/evp.h> | 9 #include <openssl/evp.h> |
| 10 | 10 |
| (...skipping 12 matching lines...) Expand all Loading... |
| 23 P256KeyExchange::~P256KeyExchange() {} | 23 P256KeyExchange::~P256KeyExchange() {} |
| 24 | 24 |
| 25 // static | 25 // static |
| 26 P256KeyExchange* P256KeyExchange::New(StringPiece key) { | 26 P256KeyExchange* P256KeyExchange::New(StringPiece key) { |
| 27 if (key.empty()) { | 27 if (key.empty()) { |
| 28 DVLOG(1) << "Private key is empty"; | 28 DVLOG(1) << "Private key is empty"; |
| 29 return nullptr; | 29 return nullptr; |
| 30 } | 30 } |
| 31 | 31 |
| 32 const uint8_t* keyp = reinterpret_cast<const uint8_t*>(key.data()); | 32 const uint8_t* keyp = reinterpret_cast<const uint8_t*>(key.data()); |
| 33 crypto::ScopedEC_KEY private_key( | 33 bssl::UniquePtr<EC_KEY> private_key( |
| 34 d2i_ECPrivateKey(nullptr, &keyp, key.size())); | 34 d2i_ECPrivateKey(nullptr, &keyp, key.size())); |
| 35 if (!private_key.get() || !EC_KEY_check_key(private_key.get())) { | 35 if (!private_key.get() || !EC_KEY_check_key(private_key.get())) { |
| 36 DVLOG(1) << "Private key is invalid."; | 36 DVLOG(1) << "Private key is invalid."; |
| 37 return nullptr; | 37 return nullptr; |
| 38 } | 38 } |
| 39 | 39 |
| 40 uint8_t public_key[kUncompressedP256PointBytes]; | 40 uint8_t public_key[kUncompressedP256PointBytes]; |
| 41 if (EC_POINT_point2oct(EC_KEY_get0_group(private_key.get()), | 41 if (EC_POINT_point2oct(EC_KEY_get0_group(private_key.get()), |
| 42 EC_KEY_get0_public_key(private_key.get()), | 42 EC_KEY_get0_public_key(private_key.get()), |
| 43 POINT_CONVERSION_UNCOMPRESSED, public_key, | 43 POINT_CONVERSION_UNCOMPRESSED, public_key, |
| 44 sizeof(public_key), nullptr) != sizeof(public_key)) { | 44 sizeof(public_key), nullptr) != sizeof(public_key)) { |
| 45 DVLOG(1) << "Can't get public key."; | 45 DVLOG(1) << "Can't get public key."; |
| 46 return nullptr; | 46 return nullptr; |
| 47 } | 47 } |
| 48 | 48 |
| 49 return new P256KeyExchange(private_key.release(), public_key); | 49 return new P256KeyExchange(private_key.release(), public_key); |
| 50 } | 50 } |
| 51 | 51 |
| 52 // static | 52 // static |
| 53 string P256KeyExchange::NewPrivateKey() { | 53 string P256KeyExchange::NewPrivateKey() { |
| 54 crypto::ScopedEC_KEY key(EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); | 54 bssl::UniquePtr<EC_KEY> key(EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); |
| 55 if (!key.get() || !EC_KEY_generate_key(key.get())) { | 55 if (!key.get() || !EC_KEY_generate_key(key.get())) { |
| 56 DVLOG(1) << "Can't generate a new private key."; | 56 DVLOG(1) << "Can't generate a new private key."; |
| 57 return string(); | 57 return string(); |
| 58 } | 58 } |
| 59 | 59 |
| 60 int key_len = i2d_ECPrivateKey(key.get(), nullptr); | 60 int key_len = i2d_ECPrivateKey(key.get(), nullptr); |
| 61 if (key_len <= 0) { | 61 if (key_len <= 0) { |
| 62 DVLOG(1) << "Can't convert private key to string"; | 62 DVLOG(1) << "Can't convert private key to string"; |
| 63 return string(); | 63 return string(); |
| 64 } | 64 } |
| (...skipping 12 matching lines...) Expand all Loading... |
| 77 return P256KeyExchange::New(private_value); | 77 return P256KeyExchange::New(private_value); |
| 78 } | 78 } |
| 79 | 79 |
| 80 bool P256KeyExchange::CalculateSharedKey(StringPiece peer_public_value, | 80 bool P256KeyExchange::CalculateSharedKey(StringPiece peer_public_value, |
| 81 string* out_result) const { | 81 string* out_result) const { |
| 82 if (peer_public_value.size() != kUncompressedP256PointBytes) { | 82 if (peer_public_value.size() != kUncompressedP256PointBytes) { |
| 83 DVLOG(1) << "Peer public value is invalid"; | 83 DVLOG(1) << "Peer public value is invalid"; |
| 84 return false; | 84 return false; |
| 85 } | 85 } |
| 86 | 86 |
| 87 crypto::ScopedEC_POINT point( | 87 bssl::UniquePtr<EC_POINT> point( |
| 88 EC_POINT_new(EC_KEY_get0_group(private_key_.get()))); | 88 EC_POINT_new(EC_KEY_get0_group(private_key_.get()))); |
| 89 if (!point || | 89 if (!point || |
| 90 !EC_POINT_oct2point(/* also test if point is on curve */ | 90 !EC_POINT_oct2point(/* also test if point is on curve */ |
| 91 EC_KEY_get0_group(private_key_.get()), point.get(), | 91 EC_KEY_get0_group(private_key_.get()), point.get(), |
| 92 reinterpret_cast<const uint8_t*>( | 92 reinterpret_cast<const uint8_t*>( |
| 93 peer_public_value.data()), | 93 peer_public_value.data()), |
| 94 peer_public_value.size(), nullptr)) { | 94 peer_public_value.size(), nullptr)) { |
| 95 DVLOG(1) << "Can't convert peer public value to curve point."; | 95 DVLOG(1) << "Can't convert peer public value to curve point."; |
| 96 return false; | 96 return false; |
| 97 } | 97 } |
| (...skipping 12 matching lines...) Expand all Loading... |
| 110 StringPiece P256KeyExchange::public_value() const { | 110 StringPiece P256KeyExchange::public_value() const { |
| 111 return StringPiece(reinterpret_cast<const char*>(public_key_), | 111 return StringPiece(reinterpret_cast<const char*>(public_key_), |
| 112 sizeof(public_key_)); | 112 sizeof(public_key_)); |
| 113 } | 113 } |
| 114 | 114 |
| 115 QuicTag P256KeyExchange::tag() const { | 115 QuicTag P256KeyExchange::tag() const { |
| 116 return kP256; | 116 return kP256; |
| 117 } | 117 } |
| 118 | 118 |
| 119 } // namespace net | 119 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2400033005:
Use BoringSSL scopers in //net. (Closed)
