Implement RSAPrivateKey::Copy()

BUG=105220 Review URL: http://codereview.chromium.org/8727014 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@112837 0039d316-1c4b-4281-b951-d872f2087c98

Implement RSAPrivateKey::Copy()
BUG=105220 Review URL: http://codereview.chromium.org/8727014 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@112837 0039d316-1c4b-4281-b951-d872f2087c98
58782880 · sergeyu@chromium.org · ef589afc · 58782880 · 58782880 · 58782880
Commit 58782880 authored Dec 03, 2011 by sergeyu@chromium.org
8 changed files
--- a/crypto/rsa_private_key.h
+++ b/crypto/rsa_private_key.h
@@ -223,11 +223,14 @@ class CRYPTO_EXPORT RSAPrivateKey {
  CSSM_KEY_PTR public_key() { return &public_key_; }
 #endif

+  // Creates a copy of the object.
+  RSAPrivateKey* Copy() const;
+
  // Exports the private key to a PKCS #1 PrivateKey block.
-  bool ExportPrivateKey(std::vector<uint8>* output);
+  bool ExportPrivateKey(std::vector<uint8>* output) const;

  // Exports the public key to an X509 SubjectPublicKeyInfo block.
-  bool ExportPublicKey(std::vector<uint8>* output);
+  bool ExportPublicKey(std::vector<uint8>* output) const;

 private:
 #if defined(USE_NSS)

--- a/crypto/rsa_private_key_mac.cc
+++ b/crypto/rsa_private_key_mac.cc
@@ -174,7 +174,14 @@ RSAPrivateKey::~RSAPrivateKey() {
  }
 }

-bool RSAPrivateKey::ExportPrivateKey(std::vector<uint8>* output) {
+RSAPrivateKey* RSAPrivateKey::Copy() const {
+  std::vector<uint8> key_bytes;
+  if (!ExportPrivateKey(&key_bytes))
+    return NULL;
+  return CreateFromPrivateKeyInfo(key_bytes);
+}
+
+bool RSAPrivateKey::ExportPrivateKey(std::vector<uint8>* output) const {
  if (!key_.KeyData.Data || !key_.KeyData.Length) {
    return false;
  }
@@ -184,7 +191,7 @@ bool RSAPrivateKey::ExportPrivateKey(std::vector<uint8>* output) {
  return true;
 }

-bool RSAPrivateKey::ExportPublicKey(std::vector<uint8>* output) {
+bool RSAPrivateKey::ExportPublicKey(std::vector<uint8>* output) const {
  PrivateKeyInfoCodec private_key_info(true);
  std::vector<uint8> private_key_data;
  private_key_data.assign(key_.KeyData.Data,

--- a/crypto/rsa_private_key_nss.cc
+++ b/crypto/rsa_private_key_nss.cc
@@ -138,8 +138,14 @@ RSAPrivateKey* RSAPrivateKey::FindFromPublicKeyInfo(
  return NULL;
 }

+RSAPrivateKey* RSAPrivateKey::Copy() const {
+  RSAPrivateKey* copy = new RSAPrivateKey();
+  copy->key_ = SECKEY_CopyPrivateKey(key_);
+  copy->public_key_ = SECKEY_CopyPublicKey(public_key_);
+  return copy;
+}

-bool RSAPrivateKey::ExportPrivateKey(std::vector<uint8>* output) {
+bool RSAPrivateKey::ExportPrivateKey(std::vector<uint8>* output) const {
  PrivateKeyInfoCodec private_key_info(true);

  // Manually read the component attributes of the private key and build up
@@ -161,7 +167,7 @@ bool RSAPrivateKey::ExportPrivateKey(std::vector<uint8>* output) {
  return private_key_info.Export(output);
 }

-bool RSAPrivateKey::ExportPublicKey(std::vector<uint8>* output) {
+bool RSAPrivateKey::ExportPublicKey(std::vector<uint8>* output) const {
  ScopedSECItem der_pubkey(SECKEY_EncodeDERSubjectPublicKeyInfo(public_key_));
  if (!der_pubkey.get()) {
    NOTREACHED();

--- a/crypto/rsa_private_key_openssl.cc
+++ b/crypto/rsa_private_key_openssl.cc
@@ -124,11 +124,22 @@ RSAPrivateKey::~RSAPrivateKey() {
    EVP_PKEY_free(key_);
 }

-bool RSAPrivateKey::ExportPrivateKey(std::vector<uint8>* output) {
+RSAPrivateKey* RSAPrivateKey::Copy() const {
+  scoped_ptr<RSAPrivateKey> copy(new RSAPrivateKey());
+  RSA* rsa = EVP_PKEY_get1_RSA(key_);
+  if (!rsa)
+    return NULL;
+  copy->key_ = EVP_PKEY_new();
+  if (!EVP_PKEY_set1_RSA(copy->key_, rsa))
+    return NULL;
+  return copy.release();
+}
+
+bool RSAPrivateKey::ExportPrivateKey(std::vector<uint8>* output) const {
  return ExportKey(key_, i2d_PKCS8PrivateKeyInfo_bio, output);
 }

-bool RSAPrivateKey::ExportPublicKey(std::vector<uint8>* output) {
+bool RSAPrivateKey::ExportPublicKey(std::vector<uint8>* output) const {
  return ExportKey(key_, i2d_PUBKEY_bio, output);
 }


--- a/crypto/rsa_private_key_unittest.cc
+++ b/crypto/rsa_private_key_unittest.cc
@@ -7,51 +7,9 @@
 #include "base/memory/scoped_ptr.h"
 #include "testing/gtest/include/gtest/gtest.h"

-// Generate random private keys with two different sizes. Reimport, then
-// export them again. We should get back the same exact bytes.
-TEST(RSAPrivateKeyUnitTest, InitRandomTest) {
-  scoped_ptr<crypto::RSAPrivateKey> keypair1(
-      crypto::RSAPrivateKey::Create(1024));
-  scoped_ptr<crypto::RSAPrivateKey> keypair2(
-      crypto::RSAPrivateKey::Create(2048));
-  ASSERT_TRUE(keypair1.get());
-  ASSERT_TRUE(keypair2.get());
-
-  std::vector<uint8> privkey1;
-  std::vector<uint8> privkey2;
-  std::vector<uint8> pubkey1;
-  std::vector<uint8> pubkey2;
-
-  ASSERT_TRUE(keypair1->ExportPrivateKey(&privkey1));
-  ASSERT_TRUE(keypair2->ExportPrivateKey(&privkey2));
-  ASSERT_TRUE(keypair1->ExportPublicKey(&pubkey1));
-  ASSERT_TRUE(keypair2->ExportPublicKey(&pubkey2));
-
-  scoped_ptr<crypto::RSAPrivateKey> keypair3(
-      crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(privkey1));
-  scoped_ptr<crypto::RSAPrivateKey> keypair4(
-      crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(privkey2));
-  ASSERT_TRUE(keypair3.get());
-  ASSERT_TRUE(keypair4.get());
-
-  std::vector<uint8> privkey3;
-  std::vector<uint8> privkey4;
-  ASSERT_TRUE(keypair3->ExportPrivateKey(&privkey3));
-  ASSERT_TRUE(keypair4->ExportPrivateKey(&privkey4));
-
-  ASSERT_EQ(privkey1.size(), privkey3.size());
-  ASSERT_EQ(privkey2.size(), privkey4.size());
-  ASSERT_TRUE(0 == memcmp(&privkey1.front(), &privkey3.front(),
-                          privkey1.size()));
-  ASSERT_TRUE(0 == memcmp(&privkey2.front(), &privkey4.front(),
-                          privkey2.size()));
-}
+namespace {

-
-// Verify that generated public keys look good. This test data was generated
-// with the openssl command line tool.
-TEST(RSAPrivateKeyUnitTest, PublicKeyTest) {
-  const uint8 private_key_info[] = {
+const uint8 kTestPrivateKeyInfo[] = {
  0x30, 0x82, 0x02, 0x78, 0x02, 0x01, 0x00, 0x30,
  0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
  0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
@@ -132,8 +90,70 @@ TEST(RSAPrivateKeyUnitTest, PublicKeyTest) {
  0x21, 0xb3, 0x02, 0x87, 0xe4, 0xfd, 0x61, 0xca,
  0x00, 0x42, 0x19, 0xf0, 0xda, 0x5a, 0x53, 0xe3,
  0xb1, 0xc5, 0x15, 0xf3
-  };
+};
+
+}  // namespace
+
+// Generate random private keys with two different sizes. Reimport, then
+// export them again. We should get back the same exact bytes.
+TEST(RSAPrivateKeyUnitTest, InitRandomTest) {
+  scoped_ptr<crypto::RSAPrivateKey> keypair1(
+      crypto::RSAPrivateKey::Create(1024));
+  scoped_ptr<crypto::RSAPrivateKey> keypair2(
+      crypto::RSAPrivateKey::Create(2048));
+  ASSERT_TRUE(keypair1.get());
+  ASSERT_TRUE(keypair2.get());
+
+  std::vector<uint8> privkey1;
+  std::vector<uint8> privkey2;
+  std::vector<uint8> pubkey1;
+  std::vector<uint8> pubkey2;
+
+  ASSERT_TRUE(keypair1->ExportPrivateKey(&privkey1));
+  ASSERT_TRUE(keypair2->ExportPrivateKey(&privkey2));
+  ASSERT_TRUE(keypair1->ExportPublicKey(&pubkey1));
+  ASSERT_TRUE(keypair2->ExportPublicKey(&pubkey2));
+
+  scoped_ptr<crypto::RSAPrivateKey> keypair3(
+      crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(privkey1));
+  scoped_ptr<crypto::RSAPrivateKey> keypair4(
+      crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(privkey2));
+  ASSERT_TRUE(keypair3.get());
+  ASSERT_TRUE(keypair4.get());

+  std::vector<uint8> privkey3;
+  std::vector<uint8> privkey4;
+  ASSERT_TRUE(keypair3->ExportPrivateKey(&privkey3));
+  ASSERT_TRUE(keypair4->ExportPrivateKey(&privkey4));
+
+  ASSERT_EQ(privkey1.size(), privkey3.size());
+  ASSERT_EQ(privkey2.size(), privkey4.size());
+  ASSERT_TRUE(0 == memcmp(&privkey1.front(), &privkey3.front(),
+                          privkey1.size()));
+  ASSERT_TRUE(0 == memcmp(&privkey2.front(), &privkey4.front(),
+                          privkey2.size()));
+}
+
+// Test Copy() method.
+TEST(RSAPrivateKeyUnitTest, CopyTest) {
+  std::vector<uint8> input(
+      kTestPrivateKeyInfo, kTestPrivateKeyInfo + sizeof(kTestPrivateKeyInfo));
+
+  scoped_ptr<crypto::RSAPrivateKey> key(
+      crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(input));
+
+  scoped_ptr<crypto::RSAPrivateKey> key_copy(key->Copy());
+  ASSERT_TRUE(key_copy.get());
+
+  std::vector<uint8> privkey_copy;
+  ASSERT_TRUE(key_copy->ExportPrivateKey(&privkey_copy));
+  ASSERT_EQ(input, privkey_copy);
+}
+
+
+// Verify that generated public keys look good. This test data was generated
+// with the openssl command line tool.
+TEST(RSAPrivateKeyUnitTest, PublicKeyTest) {
  const uint8 expected_public_key_info[] = {
    0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a,
    0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
@@ -158,9 +178,8 @@ TEST(RSAPrivateKeyUnitTest, PublicKeyTest) {
    0x00, 0x01
  };

-  std::vector<uint8> input;
-  input.resize(sizeof(private_key_info));
-  memcpy(&input.front(), private_key_info, sizeof(private_key_info));
+  std::vector<uint8> input(
+      kTestPrivateKeyInfo, kTestPrivateKeyInfo + sizeof(kTestPrivateKeyInfo));

  scoped_ptr<crypto::RSAPrivateKey> key(
      crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(input));

--- a/crypto/rsa_private_key_win.cc
+++ b/crypto/rsa_private_key_win.cc
@@ -134,7 +134,19 @@ bool RSAPrivateKey::InitProvider() {
                                      PROV_RSA_FULL, CRYPT_VERIFYCONTEXT);
 }

-bool RSAPrivateKey::ExportPrivateKey(std::vector<uint8>* output) {
+RSAPrivateKey* RSAPrivateKey::Copy() const {
+  scoped_ptr<RSAPrivateKey> copy(new RSAPrivateKey());
+  if (!CryptContextAddRef(provider_, NULL, 0)) {
+    NOTREACHED();
+    return NULL;
+  }
+  copy->provider_.reset(provider_.get());
+  if (!CryptDuplicateKey(key_.get(), NULL, 0, copy->key_.receive()))
+    return NULL;
+  return copy.release();
+}
+
+bool RSAPrivateKey::ExportPrivateKey(std::vector<uint8>* output) const {
  // Export the key
  DWORD blob_length = 0;
  if (!CryptExportKey(key_, 0, PRIVATEKEYBLOB, 0, NULL, &blob_length)) {
@@ -187,7 +199,7 @@ bool RSAPrivateKey::ExportPrivateKey(std::vector<uint8>* output) {
  return pki.Export(output);
 }

-bool RSAPrivateKey::ExportPublicKey(std::vector<uint8>* output) {
+bool RSAPrivateKey::ExportPublicKey(std::vector<uint8>* output) const {
  DWORD key_info_len;
  if (!CryptExportPublicKeyInfo(
      provider_, AT_SIGNATURE, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,

--- a/remoting/protocol/v1_authenticator.cc
+++ b/remoting/protocol/v1_authenticator.cc
@@ -87,11 +87,11 @@ V1ClientAuthenticator::CreateChannelAuthenticator() const {

 V1HostAuthenticator::V1HostAuthenticator(
    const std::string& local_cert,
-    crypto::RSAPrivateKey* local_private_key,
+    const crypto::RSAPrivateKey* local_private_key,
    const std::string& shared_secret,
    const std::string& remote_jid)
    : local_cert_(local_cert),
-      local_private_key_(local_private_key),
+      local_private_key_(local_private_key->Copy()),
      shared_secret_(shared_secret),
      remote_jid_(remote_jid),
      state_(WAITING_MESSAGE) {
@@ -141,22 +141,16 @@ ChannelAuthenticator*
 V1HostAuthenticator::CreateChannelAuthenticator() const {
  DCHECK_EQ(state_, ACCEPTED);
  return new V1HostChannelAuthenticator(
-      local_cert_, local_private_key_, shared_secret_);
+      local_cert_, local_private_key_.get(), shared_secret_);
 };

 V1HostAuthenticatorFactory::V1HostAuthenticatorFactory(
    const std::string& local_cert,
-    crypto::RSAPrivateKey* local_private_key,
+    const crypto::RSAPrivateKey* local_private_key,
    const std::string& shared_secret)
    : local_cert_(local_cert),
+      local_private_key_(local_private_key->Copy()),
      shared_secret_(shared_secret) {
-  DCHECK(local_private_key);
-
-  // TODO(hclam): Need a better way to clone a key. See crbug.com/105220 .
-  std::vector<uint8> key_bytes;
-  CHECK(local_private_key->ExportPrivateKey(&key_bytes));
-  local_private_key_.reset(
-      crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(key_bytes));
  CHECK(local_private_key_.get());
 }


--- a/remoting/protocol/v1_authenticator.h
+++ b/remoting/protocol/v1_authenticator.h
@@ -42,7 +42,7 @@ class V1HostAuthenticator : public Authenticator {
 public:
  // Doesn't take ownership of |local_private_key|.
  V1HostAuthenticator(const std::string& local_cert,
-                      crypto::RSAPrivateKey* local_private_key,
+                      const crypto::RSAPrivateKey* local_private_key,
                      const std::string& shared_secret,
                      const std::string& remote_jid);
  virtual ~V1HostAuthenticator();
@@ -55,7 +55,7 @@ class V1HostAuthenticator : public Authenticator {

 private:
  std::string local_cert_;
-  crypto::RSAPrivateKey* local_private_key_;
+  scoped_ptr<crypto::RSAPrivateKey> local_private_key_;
  std::string shared_secret_;
  std::string remote_jid_;
  State state_;
@@ -67,7 +67,7 @@ class V1HostAuthenticatorFactory : public AuthenticatorFactory {
 public:
  // Doesn't take ownership of |local_private_key|.
  V1HostAuthenticatorFactory(const std::string& local_cert,
-                             crypto::RSAPrivateKey* local_private_key,
+                             const crypto::RSAPrivateKey* local_private_key,
                             const std::string& shared_secret);
  virtual ~V1HostAuthenticatorFactory();