Provide RSA2048 as per RFC

webrtc/base/sslidentity.h

 /*
  *  Copyright 2004 The WebRTC Project Authors. All rights reserved.
  *
  *  Use of this source code is governed by a BSD-style license
  *  that can be found in the LICENSE file in the root of the source
  *  tree. An additional intellectual property rights grant can be found
  *  in the file PATENTS.  All contributing project authors may
  *  be found in the AUTHORS file in the root of the source tree.
  */
 
 // Handling of certificates and keypairs for SSLStreamAdapter's peer mode.
 
 #ifndef WEBRTC_BASE_SSLIDENTITY_H_
 #define WEBRTC_BASE_SSLIDENTITY_H_
 
 #include <algorithm>
 #include <string>
 #include <vector>
 
 #include "webrtc/base/buffer.h"
+#include "webrtc/base/checks.h"
 #include "webrtc/base/messagedigest.h"
 
 namespace rtc {
 
 // Forward declaration due to circular dependency with SSLCertificate.
 class SSLCertChain;
 
 // Abstract interface overridden by SSL library specific
 // implementations.
 
@@ skipping 69 matching lines @@
   }
 
   // Helper function for deleting a vector of certificates.
   static void DeleteCert(SSLCertificate* cert) { delete cert; }
 
   std::vector<SSLCertificate*> certs_;
 
   RTC_DISALLOW_COPY_AND_ASSIGN(SSLCertChain);
 };
 
+// KT_DEFAULT is currently an alias for KT_RSA.  This is likely to change.
+// KT_LAST is intended for vector declarations and loops over all key types;
+// it does not represent any key type in itself.
 // TODO(hbos,torbjorng): Don't change KT_DEFAULT without first updating
 // PeerConnectionFactory_nativeCreatePeerConnection's certificate generation
 // code.
 enum KeyType { KT_RSA, KT_ECDSA, KT_LAST, KT_DEFAULT = KT_RSA };
 
+static const int kRsaDefaultModSize = 1024;
+static const int kRsaDefaultExponent = 0x10001;  // = 2^16+1 = 65537
+static const int kRsaMinModSize = 1024;
+static const int kRsaMaxModSize = 8192;
+
+struct RSAParams {
+  unsigned int mod_size;
+  unsigned int pub_exp;
+};
+
+enum ECCurve { EC_NIST_P256, /* EC_FANCY, */ EC_LAST };
+
+class KeyParams {
+ public:
+  // Generate a KeyParams object from a simple KeyType, using default params.
+  explicit KeyParams(KeyType key_type = KT_DEFAULT) {
+    if (key_type == KT_ECDSA) {
+      type_ = KT_ECDSA;
+      params_.curve = EC_NIST_P256;
+    } else if (key_type == KT_RSA) {
+      type_ = KT_RSA;
+      params_.rsa.mod_size = kRsaDefaultModSize;
+      params_.rsa.pub_exp = kRsaDefaultExponent;
+    } else {
+      RTC_NOTREACHED();
+    }
+  }
+
+  // Generate a a KeyParams for RSA with explicit parameters.
+  static KeyParams RSA(int mod_size = kRsaDefaultModSize,
+                       int pub_exp = kRsaDefaultExponent) {
+    KeyParams kt(KT_RSA);
+    kt.params_.rsa.mod_size = mod_size;
+    kt.params_.rsa.pub_exp = pub_exp;
+    return kt;
+  }
+
+  // Generate a a KeyParams for ECDSA specifying the curve.
+  static KeyParams ECDSA(ECCurve curve = EC_NIST_P256) {
+    KeyParams kt(KT_ECDSA);
+    kt.params_.curve = curve;
+    return kt;
+  }
+
+  // Check validity of a KeyParams object. Since the factory functions have
+  // no way of returning errors, this function can be called after creation
+  // to make sure the parameters are OK.
+  bool IsValid() {
+    if (type_ == KT_RSA) {
+      return (params_.rsa.mod_size >= kRsaMinModSize &&
+              params_.rsa.mod_size <= kRsaMaxModSize &&
+              params_.rsa.pub_exp > params_.rsa.mod_size);
+    } else if (type_ == KT_ECDSA) {
+      return (params_.curve == EC_NIST_P256);
+    }
+    return false;
+  }
+
+  RSAParams rsa_params() const {
+    RTC_DCHECK(type_ == KT_RSA);
+    return params_.rsa;
+  }
+
+  ECCurve ec_curve() const {
+    RTC_DCHECK(type_ == KT_ECDSA);
+    return params_.curve;
+  }
+
+  KeyType type() const { return type_; }
+
+ private:
+  KeyType type_;
+  union {
+    RSAParams rsa;
+    ECCurve curve;
+  } params_;
+};
+
 // TODO(hbos): Remove once rtc::KeyType (to be modified) and
 // blink::WebRTCKeyType (to be landed) match. By using this function in Chromium
 // appropriately we can change KeyType enum -> class without breaking Chromium.
 KeyType IntKeyTypeFamilyToKeyType(int key_type_family);
 
-// Parameters for generating an identity for testing. If common_name is
-// non-empty, it will be used for the certificate's subject and issuer name,
-// otherwise a random string will be used. |not_before| and |not_after| are
-// offsets to the current time in number of seconds.
+// Parameters for generating a certificate. If |common_name| is non-empty, it
+// will be used for the certificate's subject and issuer name, otherwise a
+// random string will be used.
 struct SSLIdentityParams {
   std::string common_name;
-  int not_before;  // in seconds.
-  int not_after;  // in seconds.
-  KeyType key_type;
+  int not_before;  // offset from current time in seconds.
+  int not_after;   // offset from current time in seconds.
+  KeyParams key_params;
 };
 
 // Our identity in an SSL negotiation: a keypair and certificate (both
 // with the same public key).
 // This too is pretty much immutable once created.
 class SSLIdentity {
  public:
   // Generates an identity (keypair and self-signed certificate). If
   // common_name is non-empty, it will be used for the certificate's
   // subject and issuer name, otherwise a random string will be used.
   // Returns NULL on failure.
   // Caller is responsible for freeing the returned object.
   static SSLIdentity* Generate(const std::string& common_name,
-                               KeyType key_type);
+                               const KeyParams& key_param);
+  static SSLIdentity* Generate(const std::string& common_name,
+                               KeyType key_type) {
+    return Generate(common_name, KeyParams(key_type));
+  }
 
   // Generates an identity with the specified validity period.
   static SSLIdentity* GenerateForTest(const SSLIdentityParams& params);
 
   // Construct an identity from a private key and a certificate.
   static SSLIdentity* FromPEMStrings(const std::string& private_key,
                                      const std::string& certificate);
 
   virtual ~SSLIdentity() {}
 
@@ skipping 15 matching lines @@
                               size_t length);
 };
 
 extern const char kPemTypeCertificate[];
 extern const char kPemTypeRsaPrivateKey[];
 extern const char kPemTypeEcPrivateKey[];
 
 }  // namespace rtc
 
 #endif  // WEBRTC_BASE_SSLIDENTITY_H_