1// Copyright (c) 2013 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "net/quic/crypto/p256_key_exchange.h" 6 7#include <openssl/ec.h> 8#include <openssl/ecdh.h> 9#include <openssl/evp.h> 10 11#include "base/logging.h" 12 13using base::StringPiece; 14using std::string; 15 16namespace net { 17 18P256KeyExchange::P256KeyExchange(EC_KEY* private_key, const uint8* public_key) 19 : private_key_(private_key) { 20 memcpy(public_key_, public_key, sizeof(public_key_)); 21} 22 23P256KeyExchange::~P256KeyExchange() {} 24 25// static 26P256KeyExchange* P256KeyExchange::New(StringPiece key) { 27 if (key.empty()) { 28 DVLOG(1) << "Private key is empty"; 29 return NULL; 30 } 31 32 const uint8* keyp = reinterpret_cast<const uint8*>(key.data()); 33 crypto::ScopedEC_KEY private_key(d2i_ECPrivateKey(NULL, &keyp, key.size())); 34 if (!private_key.get() || !EC_KEY_check_key(private_key.get())) { 35 DVLOG(1) << "Private key is invalid."; 36 return NULL; 37 } 38 39 uint8 public_key[kUncompressedP256PointBytes]; 40 if (EC_POINT_point2oct(EC_KEY_get0_group(private_key.get()), 41 EC_KEY_get0_public_key(private_key.get()), 42 POINT_CONVERSION_UNCOMPRESSED, public_key, 43 sizeof(public_key), NULL) != sizeof(public_key)) { 44 DVLOG(1) << "Can't get public key."; 45 return NULL; 46 } 47 48 return new P256KeyExchange(private_key.release(), public_key); 49} 50 51// static 52string P256KeyExchange::NewPrivateKey() { 53 crypto::ScopedEC_KEY key(EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); 54 if (!key.get() || !EC_KEY_generate_key(key.get())) { 55 DVLOG(1) << "Can't generate a new private key."; 56 return string(); 57 } 58 59 int key_len = i2d_ECPrivateKey(key.get(), NULL); 60 if (key_len <= 0) { 61 DVLOG(1) << "Can't convert private key to string"; 62 return string(); 63 } 64 scoped_ptr<uint8[]> private_key(new uint8[key_len]); 65 uint8* keyp = private_key.get(); 66 if (!i2d_ECPrivateKey(key.get(), &keyp)) { 67 DVLOG(1) << "Can't convert private key to string."; 68 return string(); 69 } 70 return string(reinterpret_cast<char*>(private_key.get()), key_len); 71} 72 73KeyExchange* P256KeyExchange::NewKeyPair(QuicRandom* /*rand*/) const { 74 // TODO(agl): avoid the serialisation/deserialisation in this function. 75 const string private_value = NewPrivateKey(); 76 return P256KeyExchange::New(private_value); 77} 78 79bool P256KeyExchange::CalculateSharedKey(const StringPiece& peer_public_value, 80 string* out_result) const { 81 if (peer_public_value.size() != kUncompressedP256PointBytes) { 82 DVLOG(1) << "Peer public value is invalid"; 83 return false; 84 } 85 86 crypto::ScopedOpenSSL<EC_POINT, EC_POINT_free>::Type point( 87 EC_POINT_new(EC_KEY_get0_group(private_key_.get()))); 88 if (!point.get() || 89 !EC_POINT_oct2point( /* also test if point is on curve */ 90 EC_KEY_get0_group(private_key_.get()), 91 point.get(), 92 reinterpret_cast<const uint8*>(peer_public_value.data()), 93 peer_public_value.size(), NULL)) { 94 DVLOG(1) << "Can't convert peer public value to curve point."; 95 return false; 96 } 97 98 uint8 result[kP256FieldBytes]; 99 if (ECDH_compute_key(result, sizeof(result), point.get(), private_key_.get(), 100 NULL) != sizeof(result)) { 101 DVLOG(1) << "Can't compute ECDH shared key."; 102 return false; 103 } 104 105 out_result->assign(reinterpret_cast<char*>(result), sizeof(result)); 106 return true; 107} 108 109StringPiece P256KeyExchange::public_value() const { 110 return StringPiece(reinterpret_cast<const char*>(public_key_), 111 sizeof(public_key_)); 112} 113 114QuicTag P256KeyExchange::tag() const { return kP256; } 115 116} // namespace net 117 118