Commit 58782880 authored by sergeyu@chromium.org's avatar sergeyu@chromium.org

Implement RSAPrivateKey::Copy()

BUG=105220

Review URL: http://codereview.chromium.org/8727014

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@112837 0039d316-1c4b-4281-b951-d872f2087c98
parent ef589afc
...@@ -223,11 +223,14 @@ class CRYPTO_EXPORT RSAPrivateKey { ...@@ -223,11 +223,14 @@ class CRYPTO_EXPORT RSAPrivateKey {
CSSM_KEY_PTR public_key() { return &public_key_; } CSSM_KEY_PTR public_key() { return &public_key_; }
#endif #endif
// Creates a copy of the object.
RSAPrivateKey* Copy() const;
// Exports the private key to a PKCS #1 PrivateKey block. // Exports the private key to a PKCS #1 PrivateKey block.
bool ExportPrivateKey(std::vector<uint8>* output); bool ExportPrivateKey(std::vector<uint8>* output) const;
// Exports the public key to an X509 SubjectPublicKeyInfo block. // Exports the public key to an X509 SubjectPublicKeyInfo block.
bool ExportPublicKey(std::vector<uint8>* output); bool ExportPublicKey(std::vector<uint8>* output) const;
private: private:
#if defined(USE_NSS) #if defined(USE_NSS)
......
...@@ -174,7 +174,14 @@ RSAPrivateKey::~RSAPrivateKey() { ...@@ -174,7 +174,14 @@ RSAPrivateKey::~RSAPrivateKey() {
} }
} }
bool RSAPrivateKey::ExportPrivateKey(std::vector<uint8>* output) { RSAPrivateKey* RSAPrivateKey::Copy() const {
std::vector<uint8> key_bytes;
if (!ExportPrivateKey(&key_bytes))
return NULL;
return CreateFromPrivateKeyInfo(key_bytes);
}
bool RSAPrivateKey::ExportPrivateKey(std::vector<uint8>* output) const {
if (!key_.KeyData.Data || !key_.KeyData.Length) { if (!key_.KeyData.Data || !key_.KeyData.Length) {
return false; return false;
} }
...@@ -184,7 +191,7 @@ bool RSAPrivateKey::ExportPrivateKey(std::vector<uint8>* output) { ...@@ -184,7 +191,7 @@ bool RSAPrivateKey::ExportPrivateKey(std::vector<uint8>* output) {
return true; return true;
} }
bool RSAPrivateKey::ExportPublicKey(std::vector<uint8>* output) { bool RSAPrivateKey::ExportPublicKey(std::vector<uint8>* output) const {
PrivateKeyInfoCodec private_key_info(true); PrivateKeyInfoCodec private_key_info(true);
std::vector<uint8> private_key_data; std::vector<uint8> private_key_data;
private_key_data.assign(key_.KeyData.Data, private_key_data.assign(key_.KeyData.Data,
......
...@@ -138,8 +138,14 @@ RSAPrivateKey* RSAPrivateKey::FindFromPublicKeyInfo( ...@@ -138,8 +138,14 @@ RSAPrivateKey* RSAPrivateKey::FindFromPublicKeyInfo(
return NULL; return NULL;
} }
RSAPrivateKey* RSAPrivateKey::Copy() const {
RSAPrivateKey* copy = new RSAPrivateKey();
copy->key_ = SECKEY_CopyPrivateKey(key_);
copy->public_key_ = SECKEY_CopyPublicKey(public_key_);
return copy;
}
bool RSAPrivateKey::ExportPrivateKey(std::vector<uint8>* output) { bool RSAPrivateKey::ExportPrivateKey(std::vector<uint8>* output) const {
PrivateKeyInfoCodec private_key_info(true); PrivateKeyInfoCodec private_key_info(true);
// Manually read the component attributes of the private key and build up // Manually read the component attributes of the private key and build up
...@@ -161,7 +167,7 @@ bool RSAPrivateKey::ExportPrivateKey(std::vector<uint8>* output) { ...@@ -161,7 +167,7 @@ bool RSAPrivateKey::ExportPrivateKey(std::vector<uint8>* output) {
return private_key_info.Export(output); return private_key_info.Export(output);
} }
bool RSAPrivateKey::ExportPublicKey(std::vector<uint8>* output) { bool RSAPrivateKey::ExportPublicKey(std::vector<uint8>* output) const {
ScopedSECItem der_pubkey(SECKEY_EncodeDERSubjectPublicKeyInfo(public_key_)); ScopedSECItem der_pubkey(SECKEY_EncodeDERSubjectPublicKeyInfo(public_key_));
if (!der_pubkey.get()) { if (!der_pubkey.get()) {
NOTREACHED(); NOTREACHED();
......
...@@ -124,11 +124,22 @@ RSAPrivateKey::~RSAPrivateKey() { ...@@ -124,11 +124,22 @@ RSAPrivateKey::~RSAPrivateKey() {
EVP_PKEY_free(key_); EVP_PKEY_free(key_);
} }
bool RSAPrivateKey::ExportPrivateKey(std::vector<uint8>* output) { RSAPrivateKey* RSAPrivateKey::Copy() const {
scoped_ptr<RSAPrivateKey> copy(new RSAPrivateKey());
RSA* rsa = EVP_PKEY_get1_RSA(key_);
if (!rsa)
return NULL;
copy->key_ = EVP_PKEY_new();
if (!EVP_PKEY_set1_RSA(copy->key_, rsa))
return NULL;
return copy.release();
}
bool RSAPrivateKey::ExportPrivateKey(std::vector<uint8>* output) const {
return ExportKey(key_, i2d_PKCS8PrivateKeyInfo_bio, output); return ExportKey(key_, i2d_PKCS8PrivateKeyInfo_bio, output);
} }
bool RSAPrivateKey::ExportPublicKey(std::vector<uint8>* output) { bool RSAPrivateKey::ExportPublicKey(std::vector<uint8>* output) const {
return ExportKey(key_, i2d_PUBKEY_bio, output); return ExportKey(key_, i2d_PUBKEY_bio, output);
} }
......
...@@ -7,51 +7,9 @@ ...@@ -7,51 +7,9 @@
#include "base/memory/scoped_ptr.h" #include "base/memory/scoped_ptr.h"
#include "testing/gtest/include/gtest/gtest.h" #include "testing/gtest/include/gtest/gtest.h"
// Generate random private keys with two different sizes. Reimport, then namespace {
// export them again. We should get back the same exact bytes.
TEST(RSAPrivateKeyUnitTest, InitRandomTest) {
scoped_ptr<crypto::RSAPrivateKey> keypair1(
crypto::RSAPrivateKey::Create(1024));
scoped_ptr<crypto::RSAPrivateKey> keypair2(
crypto::RSAPrivateKey::Create(2048));
ASSERT_TRUE(keypair1.get());
ASSERT_TRUE(keypair2.get());
std::vector<uint8> privkey1;
std::vector<uint8> privkey2;
std::vector<uint8> pubkey1;
std::vector<uint8> pubkey2;
ASSERT_TRUE(keypair1->ExportPrivateKey(&privkey1));
ASSERT_TRUE(keypair2->ExportPrivateKey(&privkey2));
ASSERT_TRUE(keypair1->ExportPublicKey(&pubkey1));
ASSERT_TRUE(keypair2->ExportPublicKey(&pubkey2));
scoped_ptr<crypto::RSAPrivateKey> keypair3(
crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(privkey1));
scoped_ptr<crypto::RSAPrivateKey> keypair4(
crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(privkey2));
ASSERT_TRUE(keypair3.get());
ASSERT_TRUE(keypair4.get());
std::vector<uint8> privkey3;
std::vector<uint8> privkey4;
ASSERT_TRUE(keypair3->ExportPrivateKey(&privkey3));
ASSERT_TRUE(keypair4->ExportPrivateKey(&privkey4));
ASSERT_EQ(privkey1.size(), privkey3.size());
ASSERT_EQ(privkey2.size(), privkey4.size());
ASSERT_TRUE(0 == memcmp(&privkey1.front(), &privkey3.front(),
privkey1.size()));
ASSERT_TRUE(0 == memcmp(&privkey2.front(), &privkey4.front(),
privkey2.size()));
}
const uint8 kTestPrivateKeyInfo[] = {
// Verify that generated public keys look good. This test data was generated
// with the openssl command line tool.
TEST(RSAPrivateKeyUnitTest, PublicKeyTest) {
const uint8 private_key_info[] = {
0x30, 0x82, 0x02, 0x78, 0x02, 0x01, 0x00, 0x30, 0x30, 0x82, 0x02, 0x78, 0x02, 0x01, 0x00, 0x30,
0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
...@@ -132,8 +90,70 @@ TEST(RSAPrivateKeyUnitTest, PublicKeyTest) { ...@@ -132,8 +90,70 @@ TEST(RSAPrivateKeyUnitTest, PublicKeyTest) {
0x21, 0xb3, 0x02, 0x87, 0xe4, 0xfd, 0x61, 0xca, 0x21, 0xb3, 0x02, 0x87, 0xe4, 0xfd, 0x61, 0xca,
0x00, 0x42, 0x19, 0xf0, 0xda, 0x5a, 0x53, 0xe3, 0x00, 0x42, 0x19, 0xf0, 0xda, 0x5a, 0x53, 0xe3,
0xb1, 0xc5, 0x15, 0xf3 0xb1, 0xc5, 0x15, 0xf3
}; };
} // namespace
// Generate random private keys with two different sizes. Reimport, then
// export them again. We should get back the same exact bytes.
TEST(RSAPrivateKeyUnitTest, InitRandomTest) {
scoped_ptr<crypto::RSAPrivateKey> keypair1(
crypto::RSAPrivateKey::Create(1024));
scoped_ptr<crypto::RSAPrivateKey> keypair2(
crypto::RSAPrivateKey::Create(2048));
ASSERT_TRUE(keypair1.get());
ASSERT_TRUE(keypair2.get());
std::vector<uint8> privkey1;
std::vector<uint8> privkey2;
std::vector<uint8> pubkey1;
std::vector<uint8> pubkey2;
ASSERT_TRUE(keypair1->ExportPrivateKey(&privkey1));
ASSERT_TRUE(keypair2->ExportPrivateKey(&privkey2));
ASSERT_TRUE(keypair1->ExportPublicKey(&pubkey1));
ASSERT_TRUE(keypair2->ExportPublicKey(&pubkey2));
scoped_ptr<crypto::RSAPrivateKey> keypair3(
crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(privkey1));
scoped_ptr<crypto::RSAPrivateKey> keypair4(
crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(privkey2));
ASSERT_TRUE(keypair3.get());
ASSERT_TRUE(keypair4.get());
std::vector<uint8> privkey3;
std::vector<uint8> privkey4;
ASSERT_TRUE(keypair3->ExportPrivateKey(&privkey3));
ASSERT_TRUE(keypair4->ExportPrivateKey(&privkey4));
ASSERT_EQ(privkey1.size(), privkey3.size());
ASSERT_EQ(privkey2.size(), privkey4.size());
ASSERT_TRUE(0 == memcmp(&privkey1.front(), &privkey3.front(),
privkey1.size()));
ASSERT_TRUE(0 == memcmp(&privkey2.front(), &privkey4.front(),
privkey2.size()));
}
// Test Copy() method.
TEST(RSAPrivateKeyUnitTest, CopyTest) {
std::vector<uint8> input(
kTestPrivateKeyInfo, kTestPrivateKeyInfo + sizeof(kTestPrivateKeyInfo));
scoped_ptr<crypto::RSAPrivateKey> key(
crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(input));
scoped_ptr<crypto::RSAPrivateKey> key_copy(key->Copy());
ASSERT_TRUE(key_copy.get());
std::vector<uint8> privkey_copy;
ASSERT_TRUE(key_copy->ExportPrivateKey(&privkey_copy));
ASSERT_EQ(input, privkey_copy);
}
// Verify that generated public keys look good. This test data was generated
// with the openssl command line tool.
TEST(RSAPrivateKeyUnitTest, PublicKeyTest) {
const uint8 expected_public_key_info[] = { const uint8 expected_public_key_info[] = {
0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a,
0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
...@@ -158,9 +178,8 @@ TEST(RSAPrivateKeyUnitTest, PublicKeyTest) { ...@@ -158,9 +178,8 @@ TEST(RSAPrivateKeyUnitTest, PublicKeyTest) {
0x00, 0x01 0x00, 0x01
}; };
std::vector<uint8> input; std::vector<uint8> input(
input.resize(sizeof(private_key_info)); kTestPrivateKeyInfo, kTestPrivateKeyInfo + sizeof(kTestPrivateKeyInfo));
memcpy(&input.front(), private_key_info, sizeof(private_key_info));
scoped_ptr<crypto::RSAPrivateKey> key( scoped_ptr<crypto::RSAPrivateKey> key(
crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(input)); crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(input));
......
...@@ -134,7 +134,19 @@ bool RSAPrivateKey::InitProvider() { ...@@ -134,7 +134,19 @@ bool RSAPrivateKey::InitProvider() {
PROV_RSA_FULL, CRYPT_VERIFYCONTEXT); PROV_RSA_FULL, CRYPT_VERIFYCONTEXT);
} }
bool RSAPrivateKey::ExportPrivateKey(std::vector<uint8>* output) { RSAPrivateKey* RSAPrivateKey::Copy() const {
scoped_ptr<RSAPrivateKey> copy(new RSAPrivateKey());
if (!CryptContextAddRef(provider_, NULL, 0)) {
NOTREACHED();
return NULL;
}
copy->provider_.reset(provider_.get());
if (!CryptDuplicateKey(key_.get(), NULL, 0, copy->key_.receive()))
return NULL;
return copy.release();
}
bool RSAPrivateKey::ExportPrivateKey(std::vector<uint8>* output) const {
// Export the key // Export the key
DWORD blob_length = 0; DWORD blob_length = 0;
if (!CryptExportKey(key_, 0, PRIVATEKEYBLOB, 0, NULL, &blob_length)) { if (!CryptExportKey(key_, 0, PRIVATEKEYBLOB, 0, NULL, &blob_length)) {
...@@ -187,7 +199,7 @@ bool RSAPrivateKey::ExportPrivateKey(std::vector<uint8>* output) { ...@@ -187,7 +199,7 @@ bool RSAPrivateKey::ExportPrivateKey(std::vector<uint8>* output) {
return pki.Export(output); return pki.Export(output);
} }
bool RSAPrivateKey::ExportPublicKey(std::vector<uint8>* output) { bool RSAPrivateKey::ExportPublicKey(std::vector<uint8>* output) const {
DWORD key_info_len; DWORD key_info_len;
if (!CryptExportPublicKeyInfo( if (!CryptExportPublicKeyInfo(
provider_, AT_SIGNATURE, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, provider_, AT_SIGNATURE, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
......
...@@ -87,11 +87,11 @@ V1ClientAuthenticator::CreateChannelAuthenticator() const { ...@@ -87,11 +87,11 @@ V1ClientAuthenticator::CreateChannelAuthenticator() const {
V1HostAuthenticator::V1HostAuthenticator( V1HostAuthenticator::V1HostAuthenticator(
const std::string& local_cert, const std::string& local_cert,
crypto::RSAPrivateKey* local_private_key, const crypto::RSAPrivateKey* local_private_key,
const std::string& shared_secret, const std::string& shared_secret,
const std::string& remote_jid) const std::string& remote_jid)
: local_cert_(local_cert), : local_cert_(local_cert),
local_private_key_(local_private_key), local_private_key_(local_private_key->Copy()),
shared_secret_(shared_secret), shared_secret_(shared_secret),
remote_jid_(remote_jid), remote_jid_(remote_jid),
state_(WAITING_MESSAGE) { state_(WAITING_MESSAGE) {
...@@ -141,22 +141,16 @@ ChannelAuthenticator* ...@@ -141,22 +141,16 @@ ChannelAuthenticator*
V1HostAuthenticator::CreateChannelAuthenticator() const { V1HostAuthenticator::CreateChannelAuthenticator() const {
DCHECK_EQ(state_, ACCEPTED); DCHECK_EQ(state_, ACCEPTED);
return new V1HostChannelAuthenticator( return new V1HostChannelAuthenticator(
local_cert_, local_private_key_, shared_secret_); local_cert_, local_private_key_.get(), shared_secret_);
}; };
V1HostAuthenticatorFactory::V1HostAuthenticatorFactory( V1HostAuthenticatorFactory::V1HostAuthenticatorFactory(
const std::string& local_cert, const std::string& local_cert,
crypto::RSAPrivateKey* local_private_key, const crypto::RSAPrivateKey* local_private_key,
const std::string& shared_secret) const std::string& shared_secret)
: local_cert_(local_cert), : local_cert_(local_cert),
local_private_key_(local_private_key->Copy()),
shared_secret_(shared_secret) { shared_secret_(shared_secret) {
DCHECK(local_private_key);
// TODO(hclam): Need a better way to clone a key. See crbug.com/105220 .
std::vector<uint8> key_bytes;
CHECK(local_private_key->ExportPrivateKey(&key_bytes));
local_private_key_.reset(
crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(key_bytes));
CHECK(local_private_key_.get()); CHECK(local_private_key_.get());
} }
......
...@@ -42,7 +42,7 @@ class V1HostAuthenticator : public Authenticator { ...@@ -42,7 +42,7 @@ class V1HostAuthenticator : public Authenticator {
public: public:
// Doesn't take ownership of |local_private_key|. // Doesn't take ownership of |local_private_key|.
V1HostAuthenticator(const std::string& local_cert, V1HostAuthenticator(const std::string& local_cert,
crypto::RSAPrivateKey* local_private_key, const crypto::RSAPrivateKey* local_private_key,
const std::string& shared_secret, const std::string& shared_secret,
const std::string& remote_jid); const std::string& remote_jid);
virtual ~V1HostAuthenticator(); virtual ~V1HostAuthenticator();
...@@ -55,7 +55,7 @@ class V1HostAuthenticator : public Authenticator { ...@@ -55,7 +55,7 @@ class V1HostAuthenticator : public Authenticator {
private: private:
std::string local_cert_; std::string local_cert_;
crypto::RSAPrivateKey* local_private_key_; scoped_ptr<crypto::RSAPrivateKey> local_private_key_;
std::string shared_secret_; std::string shared_secret_;
std::string remote_jid_; std::string remote_jid_;
State state_; State state_;
...@@ -67,7 +67,7 @@ class V1HostAuthenticatorFactory : public AuthenticatorFactory { ...@@ -67,7 +67,7 @@ class V1HostAuthenticatorFactory : public AuthenticatorFactory {
public: public:
// Doesn't take ownership of |local_private_key|. // Doesn't take ownership of |local_private_key|.
V1HostAuthenticatorFactory(const std::string& local_cert, V1HostAuthenticatorFactory(const std::string& local_cert,
crypto::RSAPrivateKey* local_private_key, const crypto::RSAPrivateKey* local_private_key,
const std::string& shared_secret); const std::string& shared_secret);
virtual ~V1HostAuthenticatorFactory(); virtual ~V1HostAuthenticatorFactory();
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment