1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/base/openssl_private_key_store.h"
6
7 #include <openssl/evp.h>
8 #include <openssl/x509.h>
9
10 #include "base/logging.h"
11 #include "base/memory/singleton.h"
12 #include "crypto/openssl_util.h"
13 #include "net/android/network_library.h"
14
15 namespace net {
16
StoreKeyPair(const GURL & url,EVP_PKEY * pkey)17 bool OpenSSLPrivateKeyStore::StoreKeyPair(const GURL& url,
18 EVP_PKEY* pkey) {
19 // Always clear openssl errors on exit.
20 crypto::OpenSSLErrStackTracer err_trace(FROM_HERE);
21
22 // Important: Do not use i2d_PublicKey() here, which returns data in
23 // PKCS#1 format, use i2d_PUBKEY() which returns it as DER-encoded
24 // SubjectPublicKeyInfo (X.509), as expected by the platform.
25 unsigned char* public_key = NULL;
26 int public_len = i2d_PUBKEY(pkey, &public_key);
27
28 // Important: Do not use i2d_PrivateKey() here, it returns data
29 // in a format that is incompatible with what the platform expects.
30 unsigned char* private_key = NULL;
31 int private_len = 0;
32 crypto::ScopedOpenSSL<
33 PKCS8_PRIV_KEY_INFO,
34 PKCS8_PRIV_KEY_INFO_free> pkcs8(EVP_PKEY2PKCS8(pkey));
35 if (pkcs8.get() != NULL) {
36 private_len = i2d_PKCS8_PRIV_KEY_INFO(pkcs8.get(), &private_key);
37 }
38 bool ret = false;
39 if (public_len > 0 && private_len > 0) {
40 ret = net::android::StoreKeyPair(
41 static_cast<const uint8*>(public_key), public_len,
42 static_cast<const uint8*>(private_key), private_len);
43 }
44 LOG_IF(ERROR, !ret) << "StoreKeyPair failed. pub len = " << public_len
45 << " priv len = " << private_len;
46 OPENSSL_free(public_key);
47 OPENSSL_free(private_key);
48 return ret;
49 }
50
51 } // namespace net
52