| Index: webrtc/base/sslidentity.h
|
| diff --git a/webrtc/base/sslidentity.h b/webrtc/base/sslidentity.h
|
| index 3a1bbd08563bf5d58faaaf184633220fecb45709..99cbac8c3d86871cefa66950b6d82d77db25ed8a 100644
|
| --- a/webrtc/base/sslidentity.h
|
| +++ b/webrtc/base/sslidentity.h
|
| @@ -18,6 +18,7 @@
|
| #include <vector>
|
|
|
| #include "webrtc/base/buffer.h"
|
| +#include "webrtc/base/checks.h"
|
| #include "webrtc/base/messagedigest.h"
|
|
|
| namespace rtc {
|
| @@ -107,25 +108,105 @@ class SSLCertChain {
|
| RTC_DISALLOW_COPY_AND_ASSIGN(SSLCertChain);
|
| };
|
|
|
| +// KT_DEFAULT is currently an alias for KT_RSA. This is likely to change.
|
| +// KT_LAST is intended for vector declarations and loops over all key types;
|
| +// it does not represent any key type in itself.
|
| // TODO(hbos,torbjorng): Don't change KT_DEFAULT without first updating
|
| // PeerConnectionFactory_nativeCreatePeerConnection's certificate generation
|
| // code.
|
| enum KeyType { KT_RSA, KT_ECDSA, KT_LAST, KT_DEFAULT = KT_RSA };
|
|
|
| +static const int kRsaDefaultModSize = 1024;
|
| +static const int kRsaDefaultExponent = 0x10001; // = 2^16+1 = 65537
|
| +static const int kRsaMinModSize = 1024;
|
| +static const int kRsaMaxModSize = 8192;
|
| +
|
| +struct RSAParams {
|
| + unsigned int mod_size;
|
| + unsigned int pub_exp;
|
| +};
|
| +
|
| +enum ECCurve { EC_NIST_P256, /* EC_FANCY, */ EC_LAST };
|
| +
|
| +class KeyParams {
|
| + public:
|
| + // Generate a KeyParams object from a simple KeyType, using default params.
|
| + explicit KeyParams(KeyType key_type = KT_DEFAULT) {
|
| + if (key_type == KT_ECDSA) {
|
| + type_ = KT_ECDSA;
|
| + params_.curve = EC_NIST_P256;
|
| + } else if (key_type == KT_RSA) {
|
| + type_ = KT_RSA;
|
| + params_.rsa.mod_size = kRsaDefaultModSize;
|
| + params_.rsa.pub_exp = kRsaDefaultExponent;
|
| + } else {
|
| + RTC_NOTREACHED();
|
| + }
|
| + }
|
| +
|
| + // Generate a a KeyParams for RSA with explicit parameters.
|
| + static KeyParams RSA(int mod_size = kRsaDefaultModSize,
|
| + int pub_exp = kRsaDefaultExponent) {
|
| + KeyParams kt(KT_RSA);
|
| + kt.params_.rsa.mod_size = mod_size;
|
| + kt.params_.rsa.pub_exp = pub_exp;
|
| + return kt;
|
| + }
|
| +
|
| + // Generate a a KeyParams for ECDSA specifying the curve.
|
| + static KeyParams ECDSA(ECCurve curve = EC_NIST_P256) {
|
| + KeyParams kt(KT_ECDSA);
|
| + kt.params_.curve = curve;
|
| + return kt;
|
| + }
|
| +
|
| + // Check validity of a KeyParams object. Since the factory functions have
|
| + // no way of returning errors, this function can be called after creation
|
| + // to make sure the parameters are OK.
|
| + bool IsValid() {
|
| + if (type_ == KT_RSA) {
|
| + return (params_.rsa.mod_size >= kRsaMinModSize &&
|
| + params_.rsa.mod_size <= kRsaMaxModSize &&
|
| + params_.rsa.pub_exp > params_.rsa.mod_size);
|
| + } else if (type_ == KT_ECDSA) {
|
| + return (params_.curve == EC_NIST_P256);
|
| + }
|
| + return false;
|
| + }
|
| +
|
| + RSAParams rsa_params() const {
|
| + RTC_DCHECK(type_ == KT_RSA);
|
| + return params_.rsa;
|
| + }
|
| +
|
| + ECCurve ec_curve() const {
|
| + RTC_DCHECK(type_ == KT_ECDSA);
|
| + return params_.curve;
|
| + }
|
| +
|
| + KeyType type() const { return type_; }
|
| +
|
| + private:
|
| + KeyType type_;
|
| + union {
|
| + RSAParams rsa;
|
| + ECCurve curve;
|
| + } params_;
|
| +};
|
| +
|
| // TODO(hbos): Remove once rtc::KeyType (to be modified) and
|
| // blink::WebRTCKeyType (to be landed) match. By using this function in Chromium
|
| // appropriately we can change KeyType enum -> class without breaking Chromium.
|
| KeyType IntKeyTypeFamilyToKeyType(int key_type_family);
|
|
|
| -// Parameters for generating an identity for testing. If common_name is
|
| -// non-empty, it will be used for the certificate's subject and issuer name,
|
| -// otherwise a random string will be used. |not_before| and |not_after| are
|
| -// offsets to the current time in number of seconds.
|
| +// Parameters for generating a certificate. If |common_name| is non-empty, it
|
| +// will be used for the certificate's subject and issuer name, otherwise a
|
| +// random string will be used.
|
| struct SSLIdentityParams {
|
| std::string common_name;
|
| - int not_before; // in seconds.
|
| - int not_after; // in seconds.
|
| - KeyType key_type;
|
| + int not_before; // offset from current time in seconds.
|
| + int not_after; // offset from current time in seconds.
|
| + KeyParams key_params;
|
| };
|
|
|
| // Our identity in an SSL negotiation: a keypair and certificate (both
|
| @@ -139,7 +220,11 @@ class SSLIdentity {
|
| // Returns NULL on failure.
|
| // Caller is responsible for freeing the returned object.
|
| static SSLIdentity* Generate(const std::string& common_name,
|
| - KeyType key_type);
|
| + const KeyParams& key_param);
|
| + static SSLIdentity* Generate(const std::string& common_name,
|
| + KeyType key_type) {
|
| + return Generate(common_name, KeyParams(key_type));
|
| + }
|
|
|
| // Generates an identity with the specified validity period.
|
| static SSLIdentity* GenerateForTest(const SSLIdentityParams& params);
|
|
|
Chromium Code Reviews
Issue 1329493005:
Provide RSA2048 as per RFC (Closed)
Base URL: https://chromium.googlesource.com/external/webrtc.git@master