1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/quic/crypto/p256_key_exchange.h"
6
7 #include <openssl/ec.h>
8 #include <openssl/ecdh.h>
9 #include <openssl/evp.h>
10
11 #include "base/logging.h"
12
13 using base::StringPiece;
14 using std::string;
15
16 namespace net {
17
P256KeyExchange(EC_KEY * private_key,const uint8 * public_key)18 P256KeyExchange::P256KeyExchange(EC_KEY* private_key, const uint8* public_key)
19 : private_key_(private_key) {
20 memcpy(public_key_, public_key, sizeof(public_key_));
21 }
22
~P256KeyExchange()23 P256KeyExchange::~P256KeyExchange() {}
24
25 // static
New(StringPiece key)26 P256KeyExchange* P256KeyExchange::New(StringPiece key) {
27 if (key.empty()) {
28 DVLOG(1) << "Private key is empty";
29 return NULL;
30 }
31
32 const uint8* keyp = reinterpret_cast<const uint8*>(key.data());
33 crypto::ScopedOpenSSL<EC_KEY, EC_KEY_free> private_key(
34 d2i_ECPrivateKey(NULL, &keyp, key.size()));
35 if (!private_key.get() || !EC_KEY_check_key(private_key.get())) {
36 DVLOG(1) << "Private key is invalid.";
37 return NULL;
38 }
39
40 uint8 public_key[kUncompressedP256PointBytes];
41 if (EC_POINT_point2oct(EC_KEY_get0_group(private_key.get()),
42 EC_KEY_get0_public_key(private_key.get()),
43 POINT_CONVERSION_UNCOMPRESSED, public_key,
44 sizeof(public_key), NULL) != sizeof(public_key)) {
45 DVLOG(1) << "Can't get public key.";
46 return NULL;
47 }
48
49 return new P256KeyExchange(private_key.release(), public_key);
50 }
51
52 // static
NewPrivateKey()53 string P256KeyExchange::NewPrivateKey() {
54 crypto::ScopedOpenSSL<EC_KEY, EC_KEY_free> key(
55 EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
56 if (!key.get() || !EC_KEY_generate_key(key.get())) {
57 DVLOG(1) << "Can't generate a new private key.";
58 return string();
59 }
60
61 int key_len = i2d_ECPrivateKey(key.get(), NULL);
62 if (key_len <= 0) {
63 DVLOG(1) << "Can't convert private key to string";
64 return string();
65 }
66 scoped_ptr<uint8[]> private_key(new uint8[key_len]);
67 uint8* keyp = private_key.get();
68 if (!i2d_ECPrivateKey(key.get(), &keyp)) {
69 DVLOG(1) << "Can't convert private key to string.";
70 return string();
71 }
72 return string(reinterpret_cast<char*>(private_key.get()), key_len);
73 }
74
NewKeyPair(QuicRandom *) const75 KeyExchange* P256KeyExchange::NewKeyPair(QuicRandom* /*rand*/) const {
76 // TODO(agl): avoid the serialisation/deserialisation in this function.
77 const string private_value = NewPrivateKey();
78 return P256KeyExchange::New(private_value);
79 }
80
CalculateSharedKey(const StringPiece & peer_public_value,string * out_result) const81 bool P256KeyExchange::CalculateSharedKey(const StringPiece& peer_public_value,
82 string* out_result) const {
83 if (peer_public_value.size() != kUncompressedP256PointBytes) {
84 DVLOG(1) << "Peer public value is invalid";
85 return false;
86 }
87
88 crypto::ScopedOpenSSL<EC_POINT, EC_POINT_free> point(
89 EC_POINT_new(EC_KEY_get0_group(private_key_.get())));
90 if (!point.get() ||
91 !EC_POINT_oct2point( /* also test if point is on curve */
92 EC_KEY_get0_group(private_key_.get()),
93 point.get(),
94 reinterpret_cast<const uint8*>(peer_public_value.data()),
95 peer_public_value.size(), NULL)) {
96 DVLOG(1) << "Can't convert peer public value to curve point.";
97 return false;
98 }
99
100 uint8 result[kP256FieldBytes];
101 if (ECDH_compute_key(result, sizeof(result), point.get(), private_key_.get(),
102 NULL) != sizeof(result)) {
103 DVLOG(1) << "Can't compute ECDH shared key.";
104 return false;
105 }
106
107 out_result->assign(reinterpret_cast<char*>(result), sizeof(result));
108 return true;
109 }
110
public_value() const111 StringPiece P256KeyExchange::public_value() const {
112 return StringPiece(reinterpret_cast<const char*>(public_key_),
113 sizeof(public_key_));
114 }
115
tag() const116 QuicTag P256KeyExchange::tag() const { return kP256; }
117
118 } // namespace net
119
120