OLD | NEW |
---|---|
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/quic/core/crypto/curve25519_key_exchange.h" | 5 #include "net/quic/core/crypto/curve25519_key_exchange.h" |
6 | 6 |
7 #include "base/logging.h" | 7 #include "base/logging.h" |
8 #include "crypto/curve25519.h" | |
9 #include "net/quic/core/crypto/quic_random.h" | 8 #include "net/quic/core/crypto/quic_random.h" |
9 #include "third_party/boringssl/src/include/openssl/curve25519.h" | |
10 | 10 |
11 using base::StringPiece; | 11 using base::StringPiece; |
12 using std::string; | 12 using std::string; |
13 | 13 |
14 namespace net { | 14 namespace net { |
15 | 15 |
16 Curve25519KeyExchange::Curve25519KeyExchange() {} | 16 Curve25519KeyExchange::Curve25519KeyExchange() {} |
17 | 17 |
18 Curve25519KeyExchange::~Curve25519KeyExchange() {} | 18 Curve25519KeyExchange::~Curve25519KeyExchange() {} |
19 | 19 |
20 // static | 20 // static |
21 Curve25519KeyExchange* Curve25519KeyExchange::New(StringPiece private_key) { | 21 Curve25519KeyExchange* Curve25519KeyExchange::New(StringPiece private_key) { |
22 Curve25519KeyExchange* ka; | 22 if (private_key.size() != 32) { |
Ryan Hamilton
2016/10/31 18:31:11
This file is key in sync with the internal reposit
davidben
2016/10/31 18:36:19
Sure. Though probably after the latter comment is
Ryan Hamilton
2016/10/31 18:46:07
Great, thanks! Let me know if I can help...
| |
23 // We don't want to #include the NaCl headers in the public header file, so | |
24 // we use literals for the sizes of private_key_ and public_key_. Here we | |
25 // assert that those values are equal to the values from the NaCl header. | |
26 static_assert(sizeof(ka->private_key_) == crypto::curve25519::kScalarBytes, | |
27 "header out of sync"); | |
28 static_assert(sizeof(ka->public_key_) == crypto::curve25519::kBytes, | |
29 "header out of sync"); | |
30 | |
31 if (private_key.size() != crypto::curve25519::kScalarBytes) { | |
32 return nullptr; | 23 return nullptr; |
33 } | 24 } |
34 | 25 |
35 ka = new Curve25519KeyExchange(); | 26 Curve25519KeyExchange* ka = new Curve25519KeyExchange(); |
36 memcpy(ka->private_key_, private_key.data(), | 27 memcpy(ka->private_key_, private_key.data(), 32); |
Ryan Hamilton
2016/10/31 18:31:11
instead of 32 in several places, can we make this
davidben
2016/10/31 18:36:19
They're just 32 in the header. I can add some cons
Ryan Hamilton
2016/10/31 18:46:07
Fee free to make the constant local to this file.
davidben
2016/10/31 18:49:56
Eh, it's a fair comment and one that I think shoul
| |
37 crypto::curve25519::kScalarBytes); | 28 X25519_public_from_private(ka->public_key_, ka->private_key_); |
38 crypto::curve25519::ScalarBaseMult(ka->private_key_, ka->public_key_); | |
39 return ka; | 29 return ka; |
40 } | 30 } |
41 | 31 |
42 // static | 32 // static |
43 string Curve25519KeyExchange::NewPrivateKey(QuicRandom* rand) { | 33 string Curve25519KeyExchange::NewPrivateKey(QuicRandom* rand) { |
44 uint8_t private_key[crypto::curve25519::kScalarBytes]; | 34 uint8_t private_key[32]; |
45 rand->RandBytes(private_key, sizeof(private_key)); | 35 rand->RandBytes(private_key, sizeof(private_key)); |
46 | 36 |
47 // This makes |private_key| a valid scalar, as specified on | 37 // This makes |private_key| a valid scalar, as specified on |
48 // http://cr.yp.to/ecdh.html | 38 // http://cr.yp.to/ecdh.html |
49 private_key[0] &= 248; | 39 private_key[0] &= 248; |
50 private_key[31] &= 127; | 40 private_key[31] &= 127; |
51 private_key[31] |= 64; | 41 private_key[31] |= 64; |
52 return string(reinterpret_cast<char*>(private_key), sizeof(private_key)); | 42 return string(reinterpret_cast<char*>(private_key), sizeof(private_key)); |
53 } | 43 } |
54 | 44 |
55 KeyExchange* Curve25519KeyExchange::NewKeyPair(QuicRandom* rand) const { | 45 KeyExchange* Curve25519KeyExchange::NewKeyPair(QuicRandom* rand) const { |
56 const string private_value = NewPrivateKey(rand); | 46 const string private_value = NewPrivateKey(rand); |
57 return Curve25519KeyExchange::New(private_value); | 47 return Curve25519KeyExchange::New(private_value); |
58 } | 48 } |
59 | 49 |
60 bool Curve25519KeyExchange::CalculateSharedKey(StringPiece peer_public_value, | 50 bool Curve25519KeyExchange::CalculateSharedKey(StringPiece peer_public_value, |
61 string* out_result) const { | 51 string* out_result) const { |
62 if (peer_public_value.size() != crypto::curve25519::kBytes) { | 52 if (peer_public_value.size() != 32) { |
63 return false; | 53 return false; |
64 } | 54 } |
65 | 55 |
66 uint8_t result[crypto::curve25519::kBytes]; | 56 uint8_t result[32]; |
67 if (!crypto::curve25519::ScalarMult( | 57 if (!X25519(result, private_key_, |
68 private_key_, | 58 reinterpret_cast<const uint8_t*>(peer_public_value.data()))) { |
69 reinterpret_cast<const uint8_t*>(peer_public_value.data()), result)) { | |
70 return false; | 59 return false; |
71 } | 60 } |
72 out_result->assign(reinterpret_cast<char*>(result), sizeof(result)); | 61 out_result->assign(reinterpret_cast<char*>(result), sizeof(result)); |
73 | 62 |
74 return true; | 63 return true; |
75 } | 64 } |
76 | 65 |
77 StringPiece Curve25519KeyExchange::public_value() const { | 66 StringPiece Curve25519KeyExchange::public_value() const { |
78 return StringPiece(reinterpret_cast<const char*>(public_key_), | 67 return StringPiece(reinterpret_cast<const char*>(public_key_), |
79 sizeof(public_key_)); | 68 sizeof(public_key_)); |
80 } | 69 } |
81 | 70 |
82 QuicTag Curve25519KeyExchange::tag() const { | 71 QuicTag Curve25519KeyExchange::tag() const { |
83 return kC255; | 72 return kC255; |
84 } | 73 } |
85 | 74 |
86 } // namespace net | 75 } // namespace net |
OLD | NEW |