1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "net/quic/crypto/p256_key_exchange.h"
7 #include <openssl/ec.h>
8 #include <openssl/ecdh.h>
9 #include <openssl/evp.h>
11 #include "base/logging.h"
13 using base::StringPiece
;
18 P256KeyExchange::P256KeyExchange(EC_KEY
* private_key
, const uint8
* public_key
)
19 : private_key_(private_key
) {
20 memcpy(public_key_
, public_key
, sizeof(public_key_
));
23 P256KeyExchange::~P256KeyExchange() {}
26 P256KeyExchange
* P256KeyExchange::New(StringPiece key
) {
28 DVLOG(1) << "Private key is empty";
32 const uint8
* keyp
= reinterpret_cast<const uint8
*>(key
.data());
33 crypto::ScopedEC_KEY
private_key(d2i_ECPrivateKey(nullptr, &keyp
,
35 if (!private_key
.get() || !EC_KEY_check_key(private_key
.get())) {
36 DVLOG(1) << "Private key is invalid.";
40 uint8 public_key
[kUncompressedP256PointBytes
];
41 if (EC_POINT_point2oct(EC_KEY_get0_group(private_key
.get()),
42 EC_KEY_get0_public_key(private_key
.get()),
43 POINT_CONVERSION_UNCOMPRESSED
, public_key
,
44 sizeof(public_key
), nullptr) != sizeof(public_key
)) {
45 DVLOG(1) << "Can't get public key.";
49 return new P256KeyExchange(private_key
.release(), public_key
);
53 string
P256KeyExchange::NewPrivateKey() {
54 crypto::ScopedEC_KEY
key(EC_KEY_new_by_curve_name(NID_X9_62_prime256v1
));
55 if (!key
.get() || !EC_KEY_generate_key(key
.get())) {
56 DVLOG(1) << "Can't generate a new private key.";
60 int key_len
= i2d_ECPrivateKey(key
.get(), nullptr);
62 DVLOG(1) << "Can't convert private key to string";
65 scoped_ptr
<uint8
[]> private_key(new uint8
[key_len
]);
66 uint8
* keyp
= private_key
.get();
67 if (!i2d_ECPrivateKey(key
.get(), &keyp
)) {
68 DVLOG(1) << "Can't convert private key to string.";
71 return string(reinterpret_cast<char*>(private_key
.get()), key_len
);
74 KeyExchange
* P256KeyExchange::NewKeyPair(QuicRandom
* /*rand*/) const {
75 // TODO(agl): avoid the serialisation/deserialisation in this function.
76 const string private_value
= NewPrivateKey();
77 return P256KeyExchange::New(private_value
);
80 bool P256KeyExchange::CalculateSharedKey(const StringPiece
& peer_public_value
,
81 string
* out_result
) const {
82 if (peer_public_value
.size() != kUncompressedP256PointBytes
) {
83 DVLOG(1) << "Peer public value is invalid";
87 crypto::ScopedEC_POINT
point(
88 EC_POINT_new(EC_KEY_get0_group(private_key_
.get())));
90 !EC_POINT_oct2point(/* also test if point is on curve */
91 EC_KEY_get0_group(private_key_
.get()), point
.get(),
92 reinterpret_cast<const uint8
*>(
93 peer_public_value
.data()),
94 peer_public_value
.size(), nullptr)) {
95 DVLOG(1) << "Can't convert peer public value to curve point.";
99 uint8 result
[kP256FieldBytes
];
100 if (ECDH_compute_key(result
, sizeof(result
), point
.get(), private_key_
.get(),
101 nullptr) != sizeof(result
)) {
102 DVLOG(1) << "Can't compute ECDH shared key.";
106 out_result
->assign(reinterpret_cast<char*>(result
), sizeof(result
));
110 StringPiece
P256KeyExchange::public_value() const {
111 return StringPiece(reinterpret_cast<const char*>(public_key_
),
112 sizeof(public_key_
));
115 QuicTag
P256KeyExchange::tag() const { return kP256
; }