Provide RSA2048 as per RFC

webrtc/base/sslidentity.h

Index: webrtc/base/sslidentity.h
diff --git a/webrtc/base/sslidentity.h b/webrtc/base/sslidentity.h
index 3a1bbd08563bf5d58faaaf184633220fecb45709..bf5f85227d704be71820ef86ce2ffa3df10028b0 100644
--- a/webrtc/base/sslidentity.h
+++ b/webrtc/base/sslidentity.h
@@ -107,25 +107,126 @@ class SSLCertChain {
   RTC_DISALLOW_COPY_AND_ASSIGN(SSLCertChain);
 };
 
+// KT_DEFAULT is currently an alias for KT_RSA.  This is likely to change.
+// KT_LAST is intended for vector declarations and loops over all key types;
+// it does not represent any key type in itself.
 // TODO(hbos,torbjorng): Don't change KT_DEFAULT without first updating
 // PeerConnectionFactory_nativeCreatePeerConnection's certificate generation
 // code.
-enum KeyType { KT_RSA, KT_ECDSA, KT_LAST, KT_DEFAULT = KT_RSA };
+enum KeyType { KT_RSA, KT_ECDSA, KT_LAST, KT_INVALID, KT_DEFAULT = KT_RSA };
+
+static const int kRsaDefaultModSize = 1024;
+static const int kRsaDefaultExponent = 0x10001;  // = 2^16+1 = 65537
+
+struct RSAParams {
+  int mod_size;
+  int pub_exp;
+};
+
+enum ECCurve { EC_NIST_P256, /* EC_FANCY, */ EC_LAST };
+
+class KeyParams {
+ public:
+  // Default ctor only needed by gtest, it would be nice to avoid this.
+  // We set grossly invalid parameters to discourage its use.
+  KeyParams() {
+    type_ = KT_INVALID;                       // Bad type.
+    memset(&params_, 0xff, sizeof(params_));  // Bad values.
+  }
+
+  // Generate a KeyParams object from a simple KeyType, using default params.
+  explicit KeyParams(KeyType key_type) {
+    if (key_type == KT_ECDSA) {
+      type_ = KT_ECDSA;
+      params_.curve = EC_NIST_P256;
+    } else {
+      type_ = KT_RSA;
+      params_.rsa.mod_size = kRsaDefaultModSize;
+      params_.rsa.pub_exp = kRsaDefaultExponent;
+    }

[hbos, 2015/10/05 15:17:06]

I think "else" should be "else if (key_type == KT_RSA)" and another else that
does what the default constructor is doing otherwise (set to KT_INVALID).
Currently KeyParams(KT_LAST or KT_INVALID) would construct KeyParams(KT_RSA).
Kind of a "nit" but if more key types are added and we for some reason forget to
update this constructor (unlikely) we wouldn't get a usable RSA when we use our
new key type and perhaps think that our new key type is being used.

[torbjorng (webrtc), 2015/10/05 16:16:49]

OK, I added checks and appropriate crashes to the code.

+  }
+
+  // Generate a a KeyParams for RSA with explicit parameters.
+  static KeyParams RSA(int mod_size, int pub_exp) {
+    KeyParams kt(KT_RSA);
+    kt.params_.rsa.mod_size = mod_size;
+    kt.params_.rsa.pub_exp = pub_exp;
+    return kt;
+  }
+
+  // Generate a a KeyParams for RSA defaulting parameters.
+  static KeyParams RSA() {
+    KeyParams kt(KT_RSA);
+    kt.params_.rsa.mod_size = kRsaDefaultModSize;
+    kt.params_.rsa.pub_exp = kRsaDefaultExponent;
+    return kt;
+  }
+
+  // Generate a a KeyParams for ECDSA specifying the curve.
+  static KeyParams ECDSA(ECCurve curve) {
+    KeyParams kt(KT_ECDSA);
+    kt.params_.curve = curve;
+    return kt;
+  }
+
+  // Generate a a KeyParams for ECDSA defaulting the curve.
+  static KeyParams ECDSA() {
+    KeyParams kt(KT_ECDSA);
+    kt.params_.curve = EC_NIST_P256;
+    return kt;
+  }
+
+  // Check validity of a KeyParams object. Since the factory functions have
+  // no way of returning errors, this function can be called after creation
+  // to make sure the parameters are OK.
+  bool isValid() {
+    if (this->type_ == KT_RSA && this->params_.rsa.mod_size >= 1024 &&
+        this->params_.rsa.mod_size <= 8192 &&
+        this->params_.rsa.pub_exp > this->params_.rsa.mod_size) {
+      return true;
+    }
+    if (this->type_ == KT_ECDSA) {
+      if (this->params_.curve == EC_NIST_P256)
+        return true;
+    }
+    return false;
+  }

[hbos, 2015/10/05 15:17:06]

No need for "this_->".

[torbjorng (webrtc), 2015/10/05 16:16:49]

Done.

+
+  RSAParams rsa_params() const {
+    // RTC_DCHECK(type_ == KT_RSA);
+    return params_.rsa;
+  }
+
+  ECCurve ec_curve() const {
+    // RTC_DCHECK(type_ == KT_ECDSA);
+    return params_.curve;
+  }

[hbos, 2015/10/05 15:17:06]

Here and rsa_params: Remove "//" and use RTC_DCHECK

[torbjorng (webrtc), 2015/10/05 16:16:49]

Done.

+
+  KeyType type() const { return type_; }
+
+ private:
+  KeyType type_;
+  union {
+    RSAParams rsa;
+    ECCurve curve;
+  } params_;
+};
 
 // TODO(hbos): Remove once rtc::KeyType (to be modified) and
 // blink::WebRTCKeyType (to be landed) match. By using this function in Chromium
 // appropriately we can change KeyType enum -> class without breaking Chromium.
 KeyType IntKeyTypeFamilyToKeyType(int key_type_family);
 
-// Parameters for generating an identity for testing. If common_name is
-// non-empty, it will be used for the certificate's subject and issuer name,
-// otherwise a random string will be used. |not_before| and |not_after| are
-// offsets to the current time in number of seconds.
+// Parameters for generating a certificate. If common_name is non-empty, it

[hbos, 2015/10/05 15:17:05]

nit: common_name -> |common_name|

[torbjorng (webrtc), 2015/10/05 16:16:49]

Done.

+// will be used for the certificate's subject and issuer name, otherwise a
+// random string will be used.
 struct SSLIdentityParams {
+  SSLIdentityParams(const KeyParams& key_params) : key_params(key_params) {}
+
   std::string common_name;
-  int not_before;  // in seconds.
-  int not_after;  // in seconds.
-  KeyType key_type;
+  int not_before;  // offset from current time in seconds.
+  int not_after;   // offset from current time in seconds.
+  KeyParams key_params;
 };
 
 // Our identity in an SSL negotiation: a keypair and certificate (both
@@ -139,7 +240,11 @@ class SSLIdentity {
   // Returns NULL on failure.
   // Caller is responsible for freeing the returned object.
   static SSLIdentity* Generate(const std::string& common_name,
-                               KeyType key_type);
+                               const KeyParams& key_param);
+  static SSLIdentity* Generate(const std::string& common_name,
+                               KeyType key_type) {
+    return Generate(common_name, KeyParams(key_type));
+  }
 
   // Generates an identity with the specified validity period.
   static SSLIdentity* GenerateForTest(const SSLIdentityParams& params);