| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. | 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. |
| 3 * | 3 * |
| 4 * Use of this source code is governed by a BSD-style license | 4 * Use of this source code is governed by a BSD-style license |
| 5 * that can be found in the LICENSE file in the root of the source | 5 * that can be found in the LICENSE file in the root of the source |
| 6 * tree. An additional intellectual property rights grant can be found | 6 * tree. An additional intellectual property rights grant can be found |
| 7 * in the file PATENTS. All contributing project authors may | 7 * in the file PATENTS. All contributing project authors may |
| 8 * be found in the AUTHORS file in the root of the source tree. | 8 * be found in the AUTHORS file in the root of the source tree. |
| 9 */ | 9 */ |
| 10 | 10 |
| 11 // Handling of certificates and keypairs for SSLStreamAdapter's peer mode. | 11 // Handling of certificates and keypairs for SSLStreamAdapter's peer mode. |
| 12 | 12 |
| 13 #ifndef WEBRTC_BASE_SSLIDENTITY_H_ | 13 #ifndef WEBRTC_BASE_SSLIDENTITY_H_ |
| 14 #define WEBRTC_BASE_SSLIDENTITY_H_ | 14 #define WEBRTC_BASE_SSLIDENTITY_H_ |
| 15 | 15 |
| 16 #include <algorithm> | 16 #include <algorithm> |
| 17 #include <string> | 17 #include <string> |
| 18 #include <vector> | 18 #include <vector> |
| 19 | 19 |
| 20 #include "webrtc/base/buffer.h" | 20 #include "webrtc/base/buffer.h" |
| 21 #include "webrtc/base/checks.h" | |
| 22 #include "webrtc/base/messagedigest.h" | 21 #include "webrtc/base/messagedigest.h" |
| 23 | 22 |
| 24 namespace rtc { | 23 namespace rtc { |
| 25 | 24 |
| 26 // Forward declaration due to circular dependency with SSLCertificate. | 25 // Forward declaration due to circular dependency with SSLCertificate. |
| 27 class SSLCertChain; | 26 class SSLCertChain; |
| 28 | 27 |
| 29 // Abstract interface overridden by SSL library specific | 28 // Abstract interface overridden by SSL library specific |
| 30 // implementations. | 29 // implementations. |
| 31 | 30 |
| (...skipping 69 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 101 } | 100 } |
| 102 | 101 |
| 103 // Helper function for deleting a vector of certificates. | 102 // Helper function for deleting a vector of certificates. |
| 104 static void DeleteCert(SSLCertificate* cert) { delete cert; } | 103 static void DeleteCert(SSLCertificate* cert) { delete cert; } |
| 105 | 104 |
| 106 std::vector<SSLCertificate*> certs_; | 105 std::vector<SSLCertificate*> certs_; |
| 107 | 106 |
| 108 RTC_DISALLOW_COPY_AND_ASSIGN(SSLCertChain); | 107 RTC_DISALLOW_COPY_AND_ASSIGN(SSLCertChain); |
| 109 }; | 108 }; |
| 110 | 109 |
| 111 // KT_DEFAULT is currently an alias for KT_RSA. This is likely to change. | |
| 112 // KT_LAST is intended for vector declarations and loops over all key types; | |
| 113 // it does not represent any key type in itself. | |
| 114 // TODO(hbos,torbjorng): Don't change KT_DEFAULT without first updating | 110 // TODO(hbos,torbjorng): Don't change KT_DEFAULT without first updating |
| 115 // PeerConnectionFactory_nativeCreatePeerConnection's certificate generation | 111 // PeerConnectionFactory_nativeCreatePeerConnection's certificate generation |
| 116 // code. | 112 // code. |
| 117 enum KeyType { KT_RSA, KT_ECDSA, KT_LAST, KT_DEFAULT = KT_RSA }; | 113 enum KeyType { KT_RSA, KT_ECDSA, KT_LAST, KT_DEFAULT = KT_RSA }; |
| 118 | 114 |
| 119 static const int kRsaDefaultModSize = 1024; | |
| 120 static const int kRsaDefaultExponent = 0x10001; // = 2^16+1 = 65537 | |
| 121 static const int kRsaMinModSize = 1024; | |
| 122 static const int kRsaMaxModSize = 8192; | |
| 123 | |
| 124 struct RSAParams { | |
| 125 unsigned int mod_size; | |
| 126 unsigned int pub_exp; | |
| 127 }; | |
| 128 | |
| 129 enum ECCurve { EC_NIST_P256, /* EC_FANCY, */ EC_LAST }; | |
| 130 | |
| 131 class KeyParams { | |
| 132 public: | |
| 133 // Generate a KeyParams object from a simple KeyType, using default params. | |
| 134 explicit KeyParams(KeyType key_type = KT_DEFAULT) { | |
| 135 if (key_type == KT_ECDSA) { | |
| 136 type_ = KT_ECDSA; | |
| 137 params_.curve = EC_NIST_P256; | |
| 138 } else if (key_type == KT_RSA) { | |
| 139 type_ = KT_RSA; | |
| 140 params_.rsa.mod_size = kRsaDefaultModSize; | |
| 141 params_.rsa.pub_exp = kRsaDefaultExponent; | |
| 142 } else { | |
| 143 RTC_NOTREACHED(); | |
| 144 } | |
| 145 } | |
| 146 | |
| 147 // Generate a a KeyParams for RSA with explicit parameters. | |
| 148 static KeyParams RSA(int mod_size = kRsaDefaultModSize, | |
| 149 int pub_exp = kRsaDefaultExponent) { | |
| 150 KeyParams kt(KT_RSA); | |
| 151 kt.params_.rsa.mod_size = mod_size; | |
| 152 kt.params_.rsa.pub_exp = pub_exp; | |
| 153 return kt; | |
| 154 } | |
| 155 | |
| 156 // Generate a a KeyParams for ECDSA specifying the curve. | |
| 157 static KeyParams ECDSA(ECCurve curve = EC_NIST_P256) { | |
| 158 KeyParams kt(KT_ECDSA); | |
| 159 kt.params_.curve = curve; | |
| 160 return kt; | |
| 161 } | |
| 162 | |
| 163 // Check validity of a KeyParams object. Since the factory functions have | |
| 164 // no way of returning errors, this function can be called after creation | |
| 165 // to make sure the parameters are OK. | |
| 166 bool IsValid() { | |
| 167 if (type_ == KT_RSA) { | |
| 168 return (params_.rsa.mod_size >= kRsaMinModSize && | |
| 169 params_.rsa.mod_size <= kRsaMaxModSize && | |
| 170 params_.rsa.pub_exp > params_.rsa.mod_size); | |
| 171 } else if (type_ == KT_ECDSA) { | |
| 172 return (params_.curve == EC_NIST_P256); | |
| 173 } | |
| 174 return false; | |
| 175 } | |
| 176 | |
| 177 RSAParams rsa_params() const { | |
| 178 RTC_DCHECK(type_ == KT_RSA); | |
| 179 return params_.rsa; | |
| 180 } | |
| 181 | |
| 182 ECCurve ec_curve() const { | |
| 183 RTC_DCHECK(type_ == KT_ECDSA); | |
| 184 return params_.curve; | |
| 185 } | |
| 186 | |
| 187 KeyType type() const { return type_; } | |
| 188 | |
| 189 private: | |
| 190 KeyType type_; | |
| 191 union { | |
| 192 RSAParams rsa; | |
| 193 ECCurve curve; | |
| 194 } params_; | |
| 195 }; | |
| 196 | |
| 197 // TODO(hbos): Remove once rtc::KeyType (to be modified) and | 115 // TODO(hbos): Remove once rtc::KeyType (to be modified) and |
| 198 // blink::WebRTCKeyType (to be landed) match. By using this function in Chromium | 116 // blink::WebRTCKeyType (to be landed) match. By using this function in Chromium |
| 199 // appropriately we can change KeyType enum -> class without breaking Chromium. | 117 // appropriately we can change KeyType enum -> class without breaking Chromium. |
| 200 KeyType IntKeyTypeFamilyToKeyType(int key_type_family); | 118 KeyType IntKeyTypeFamilyToKeyType(int key_type_family); |
| 201 | 119 |
| 202 // Parameters for generating a certificate. If |common_name| is non-empty, it | 120 // Parameters for generating an identity for testing. If common_name is |
| 203 // will be used for the certificate's subject and issuer name, otherwise a | 121 // non-empty, it will be used for the certificate's subject and issuer name, |
| 204 // random string will be used. | 122 // otherwise a random string will be used. |not_before| and |not_after| are |
| 123 // offsets to the current time in number of seconds. |
| 205 struct SSLIdentityParams { | 124 struct SSLIdentityParams { |
| 206 std::string common_name; | 125 std::string common_name; |
| 207 int not_before; // offset from current time in seconds. | 126 int not_before; // in seconds. |
| 208 int not_after; // offset from current time in seconds. | 127 int not_after; // in seconds. |
| 209 KeyParams key_params; | 128 KeyType key_type; |
| 210 }; | 129 }; |
| 211 | 130 |
| 212 // Our identity in an SSL negotiation: a keypair and certificate (both | 131 // Our identity in an SSL negotiation: a keypair and certificate (both |
| 213 // with the same public key). | 132 // with the same public key). |
| 214 // This too is pretty much immutable once created. | 133 // This too is pretty much immutable once created. |
| 215 class SSLIdentity { | 134 class SSLIdentity { |
| 216 public: | 135 public: |
| 217 // Generates an identity (keypair and self-signed certificate). If | 136 // Generates an identity (keypair and self-signed certificate). If |
| 218 // common_name is non-empty, it will be used for the certificate's | 137 // common_name is non-empty, it will be used for the certificate's |
| 219 // subject and issuer name, otherwise a random string will be used. | 138 // subject and issuer name, otherwise a random string will be used. |
| 220 // Returns NULL on failure. | 139 // Returns NULL on failure. |
| 221 // Caller is responsible for freeing the returned object. | 140 // Caller is responsible for freeing the returned object. |
| 222 static SSLIdentity* Generate(const std::string& common_name, | 141 static SSLIdentity* Generate(const std::string& common_name, |
| 223 const KeyParams& key_param); | 142 KeyType key_type); |
| 224 static SSLIdentity* Generate(const std::string& common_name, | |
| 225 KeyType key_type) { | |
| 226 return Generate(common_name, KeyParams(key_type)); | |
| 227 } | |
| 228 | 143 |
| 229 // Generates an identity with the specified validity period. | 144 // Generates an identity with the specified validity period. |
| 230 static SSLIdentity* GenerateForTest(const SSLIdentityParams& params); | 145 static SSLIdentity* GenerateForTest(const SSLIdentityParams& params); |
| 231 | 146 |
| 232 // Construct an identity from a private key and a certificate. | 147 // Construct an identity from a private key and a certificate. |
| 233 static SSLIdentity* FromPEMStrings(const std::string& private_key, | 148 static SSLIdentity* FromPEMStrings(const std::string& private_key, |
| 234 const std::string& certificate); | 149 const std::string& certificate); |
| 235 | 150 |
| 236 virtual ~SSLIdentity() {} | 151 virtual ~SSLIdentity() {} |
| 237 | 152 |
| (...skipping 15 matching lines...) Expand all Loading... |
| 253 size_t length); | 168 size_t length); |
| 254 }; | 169 }; |
| 255 | 170 |
| 256 extern const char kPemTypeCertificate[]; | 171 extern const char kPemTypeCertificate[]; |
| 257 extern const char kPemTypeRsaPrivateKey[]; | 172 extern const char kPemTypeRsaPrivateKey[]; |
| 258 extern const char kPemTypeEcPrivateKey[]; | 173 extern const char kPemTypeEcPrivateKey[]; |
| 259 | 174 |
| 260 } // namespace rtc | 175 } // namespace rtc |
| 261 | 176 |
| 262 #endif // WEBRTC_BASE_SSLIDENTITY_H_ | 177 #endif // WEBRTC_BASE_SSLIDENTITY_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1397703002:
Revert of Provide RSA2048 as per RFC (Closed)
Base URL: https://chromium.googlesource.com/external/webrtc.git@master