Provide RSA2048 as per RFC

webrtc/base/opensslidentity.cc

Index: webrtc/base/opensslidentity.cc
diff --git a/webrtc/base/opensslidentity.cc b/webrtc/base/opensslidentity.cc
index de4e6a771e04f5f0c1924ba83313f790a16988a2..7dbebef1dd412a838a6527b6f2ec7e11c1cc9322 100644
--- a/webrtc/base/opensslidentity.cc
+++ b/webrtc/base/opensslidentity.cc
@@ -33,9 +33,6 @@ namespace rtc {
 // We could have exposed a myriad of parameters for the crypto stuff,
 // but keeping it simple seems best.
 
-// Strength of generated keys. Those are RSA.
-static const int KEY_LENGTH = 1024;
-
 // Random bits for certificate serial number
 static const int SERIAL_RAND_BITS = 64;
 
@@ -46,15 +43,16 @@ static const int CERTIFICATE_LIFETIME = 60*60*24*30;  // 30 days, arbitrarily
 static const int CERTIFICATE_WINDOW = -60*60*24;
 
 // Generate a key pair. Caller is responsible for freeing the returned object.
-static EVP_PKEY* MakeKey(KeyType key_type) {
+static EVP_PKEY* MakeKey(const KeyParams& key_params) {
   LOG(LS_INFO) << "Making key pair";
   EVP_PKEY* pkey = EVP_PKEY_new();
-  if (key_type == KT_RSA) {
+  if (key_params.type() == KT_RSA) {
+    int key_length = key_params.rsa_params().mod_size;
     BIGNUM* exponent = BN_new();
     RSA* rsa = RSA_new();
     if (!pkey || !exponent || !rsa ||
-        !BN_set_word(exponent, 0x10001) ||  // 65537 RSA exponent
-        !RSA_generate_key_ex(rsa, KEY_LENGTH, exponent, NULL) ||
+        !BN_set_word(exponent, key_params.rsa_params().pub_exp) ||
+        !RSA_generate_key_ex(rsa, key_length, exponent, NULL) ||
         !EVP_PKEY_assign_RSA(pkey, rsa)) {
       EVP_PKEY_free(pkey);
       BN_free(exponent);
@@ -64,7 +62,8 @@ static EVP_PKEY* MakeKey(KeyType key_type) {
     }
     // ownership of rsa struct was assigned, don't free it.
     BN_free(exponent);
-  } else if (key_type == KT_ECDSA) {
+  } else if (key_params.type() == KT_ECDSA &&
+             key_params.ec_curve() == EC_NIST_P256) {

[juberti, 2015/10/07 06:35:22]

I think you want to check the curve inside this if block, so you get an
appropriate error (instead of "Key type not understood")

[torbjorng (webrtc), 2015/10/07 13:30:03]

Done.

     EC_KEY* ec_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
     if (!pkey || !ec_key || !EC_KEY_generate_key(ec_key) ||
         !EVP_PKEY_assign_EC_KEY(pkey, ec_key)) {
@@ -155,8 +154,8 @@ static void LogSSLErrors(const std::string& prefix) {
   }
 }
 
-OpenSSLKeyPair* OpenSSLKeyPair::Generate(KeyType key_type) {
-  EVP_PKEY* pkey = MakeKey(key_type);
+OpenSSLKeyPair* OpenSSLKeyPair::Generate(const KeyParams& key_params) {
+  EVP_PKEY* pkey = MakeKey(key_params);
   if (!pkey) {
     LogSSLErrors("Generating key pair");
     return NULL;
@@ -164,6 +163,10 @@ OpenSSLKeyPair* OpenSSLKeyPair::Generate(KeyType key_type) {
   return new OpenSSLKeyPair(pkey);
 }
 
+OpenSSLKeyPair* OpenSSLKeyPair::Generate(KeyType key_type) {
+  return OpenSSLKeyPair::Generate(KeyParams(key_type));
+}
+
 OpenSSLKeyPair::~OpenSSLKeyPair() {
   EVP_PKEY_free(pkey_);
 }
@@ -379,7 +382,7 @@ OpenSSLIdentity::~OpenSSLIdentity() = default;
 
 OpenSSLIdentity* OpenSSLIdentity::GenerateInternal(
     const SSLIdentityParams& params) {
-  OpenSSLKeyPair* key_pair = OpenSSLKeyPair::Generate(params.key_type);
+  OpenSSLKeyPair* key_pair = OpenSSLKeyPair::Generate(params.key_params);
   if (key_pair) {
     OpenSSLCertificate* certificate =
         OpenSSLCertificate::Generate(key_pair, params);
@@ -392,12 +395,11 @@ OpenSSLIdentity* OpenSSLIdentity::GenerateInternal(
 }
 
 OpenSSLIdentity* OpenSSLIdentity::Generate(const std::string& common_name,
-                                           KeyType key_type) {
-  SSLIdentityParams params;
+                                           const KeyParams& key_params) {
+  SSLIdentityParams params(key_params);
   params.common_name = common_name;
   params.not_before = CERTIFICATE_WINDOW;
   params.not_after = CERTIFICATE_LIFETIME;
-  params.key_type = key_type;
   return GenerateInternal(params);
 }