xref: /aosp_15_r20/external/webrtc/rtc_base/openssl_key_pair.cc (revision d9f758449e529ab9291ac668be2861e7a55c2422) 
1 /*
2  *  Copyright 2004 The WebRTC Project Authors. All rights reserved.
3  *
4  *  Use of this source code is governed by a BSD-style license
5  *  that can be found in the LICENSE file in the root of the source
6  *  tree. An additional intellectual property rights grant can be found
7  *  in the file PATENTS.  All contributing project authors may
8  *  be found in the AUTHORS file in the root of the source tree.
9  */
10 
11 #include "rtc_base/openssl_key_pair.h"
12 
13 #include <memory>
14 #include <utility>
15 
16 #include "absl/strings/string_view.h"
17 
18 #if defined(WEBRTC_WIN)
19 // Must be included first before openssl headers.
20 #include "rtc_base/win32.h"  // NOLINT
21 #endif                       // WEBRTC_WIN
22 
23 #include <openssl/bio.h>
24 #include <openssl/bn.h>
25 #include <openssl/pem.h>
26 #include <openssl/rsa.h>
27 
28 #include "rtc_base/checks.h"
29 #include "rtc_base/logging.h"
30 #include "rtc_base/openssl.h"
31 #include "rtc_base/openssl_utility.h"
32 
33 namespace rtc {
34 
35 // We could have exposed a myriad of parameters for the crypto stuff,
36 // but keeping it simple seems best.
37 
38 // Generate a key pair. Caller is responsible for freeing the returned object.
MakeKey(const KeyParams & key_params)39 static EVP_PKEY* MakeKey(const KeyParams& key_params) {
40   RTC_LOG(LS_INFO) << "Making key pair";
41   EVP_PKEY* pkey = EVP_PKEY_new();
42   if (key_params.type() == KT_RSA) {
43     int key_length = key_params.rsa_params().mod_size;
44     BIGNUM* exponent = BN_new();
45     RSA* rsa = RSA_new();
46     if (!pkey || !exponent || !rsa ||
47         !BN_set_word(exponent, key_params.rsa_params().pub_exp) ||
48         !RSA_generate_key_ex(rsa, key_length, exponent, nullptr) ||
49         !EVP_PKEY_assign_RSA(pkey, rsa)) {
50       EVP_PKEY_free(pkey);
51       BN_free(exponent);
52       RSA_free(rsa);
53       RTC_LOG(LS_ERROR) << "Failed to make RSA key pair";
54       return nullptr;
55     }
56     // ownership of rsa struct was assigned, don't free it.
57     BN_free(exponent);
58   } else if (key_params.type() == KT_ECDSA) {
59     if (key_params.ec_curve() == EC_NIST_P256) {
60       EC_KEY* ec_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
61       if (!ec_key) {
62         EVP_PKEY_free(pkey);
63         RTC_LOG(LS_ERROR) << "Failed to allocate EC key";
64         return nullptr;
65       }
66 
67       // Ensure curve name is included when EC key is serialized.
68       // Without this call, OpenSSL versions before 1.1.0 will create
69       // certificates that don't work for TLS.
70       // This is a no-op for BoringSSL and OpenSSL 1.1.0+
71       EC_KEY_set_asn1_flag(ec_key, OPENSSL_EC_NAMED_CURVE);
72 
73       if (!pkey || !ec_key || !EC_KEY_generate_key(ec_key) ||
74           !EVP_PKEY_assign_EC_KEY(pkey, ec_key)) {
75         EVP_PKEY_free(pkey);
76         EC_KEY_free(ec_key);
77         RTC_LOG(LS_ERROR) << "Failed to make EC key pair";
78         return nullptr;
79       }
80       // ownership of ec_key struct was assigned, don't free it.
81     } else {
82       // Add generation of any other curves here.
83       EVP_PKEY_free(pkey);
84       RTC_LOG(LS_ERROR) << "ECDSA key requested for unknown curve";
85       return nullptr;
86     }
87   } else {
88     EVP_PKEY_free(pkey);
89     RTC_LOG(LS_ERROR) << "Key type requested not understood";
90     return nullptr;
91   }
92 
93   RTC_LOG(LS_INFO) << "Returning key pair";
94   return pkey;
95 }
96 
Generate(const KeyParams & key_params)97 std::unique_ptr<OpenSSLKeyPair> OpenSSLKeyPair::Generate(
98     const KeyParams& key_params) {
99   EVP_PKEY* pkey = MakeKey(key_params);
100   if (!pkey) {
101     openssl::LogSSLErrors("Generating key pair");
102     return nullptr;
103   }
104   return std::make_unique<OpenSSLKeyPair>(pkey);
105 }
106 
FromPrivateKeyPEMString(absl::string_view pem_string)107 std::unique_ptr<OpenSSLKeyPair> OpenSSLKeyPair::FromPrivateKeyPEMString(
108     absl::string_view pem_string) {
109   BIO* bio =
110       BIO_new_mem_buf(const_cast<char*>(pem_string.data()), pem_string.size());
111   if (!bio) {
112     RTC_LOG(LS_ERROR) << "Failed to create a new BIO buffer.";
113     return nullptr;
114   }
115   BIO_set_mem_eof_return(bio, 0);
116   EVP_PKEY* pkey = PEM_read_bio_PrivateKey(bio, nullptr, nullptr, nullptr);
117   BIO_free(bio);  // Frees the BIO, but not the pointed-to string.
118   if (!pkey) {
119     RTC_LOG(LS_ERROR) << "Failed to create the private key from PEM string.";
120     return nullptr;
121   }
122   if (EVP_PKEY_missing_parameters(pkey) != 0) {
123     RTC_LOG(LS_ERROR)
124         << "The resulting key pair is missing public key parameters.";
125     EVP_PKEY_free(pkey);
126     return nullptr;
127   }
128   return std::make_unique<OpenSSLKeyPair>(pkey);
129 }
130 
~OpenSSLKeyPair()131 OpenSSLKeyPair::~OpenSSLKeyPair() {
132   EVP_PKEY_free(pkey_);
133 }
134 
Clone()135 std::unique_ptr<OpenSSLKeyPair> OpenSSLKeyPair::Clone() {
136   AddReference();
137   return std::make_unique<OpenSSLKeyPair>(pkey_);
138 }
139 
AddReference()140 void OpenSSLKeyPair::AddReference() {
141   EVP_PKEY_up_ref(pkey_);
142 }
143 
PrivateKeyToPEMString() const144 std::string OpenSSLKeyPair::PrivateKeyToPEMString() const {
145   BIO* temp_memory_bio = BIO_new(BIO_s_mem());
146   if (!temp_memory_bio) {
147     RTC_LOG_F(LS_ERROR) << "Failed to allocate temporary memory bio";
148     RTC_DCHECK_NOTREACHED();
149     return "";
150   }
151   if (!PEM_write_bio_PrivateKey(temp_memory_bio, pkey_, nullptr, nullptr, 0,
152                                 nullptr, nullptr)) {
153     RTC_LOG_F(LS_ERROR) << "Failed to write private key";
154     BIO_free(temp_memory_bio);
155     RTC_DCHECK_NOTREACHED();
156     return "";
157   }
158   char* buffer;
159   size_t len = BIO_get_mem_data(temp_memory_bio, &buffer);
160   std::string priv_key_str(buffer, len);
161   BIO_free(temp_memory_bio);
162   return priv_key_str;
163 }
164 
PublicKeyToPEMString() const165 std::string OpenSSLKeyPair::PublicKeyToPEMString() const {
166   BIO* temp_memory_bio = BIO_new(BIO_s_mem());
167   if (!temp_memory_bio) {
168     RTC_LOG_F(LS_ERROR) << "Failed to allocate temporary memory bio";
169     RTC_DCHECK_NOTREACHED();
170     return "";
171   }
172   if (!PEM_write_bio_PUBKEY(temp_memory_bio, pkey_)) {
173     RTC_LOG_F(LS_ERROR) << "Failed to write public key";
174     BIO_free(temp_memory_bio);
175     RTC_DCHECK_NOTREACHED();
176     return "";
177   }
178   BIO_write(temp_memory_bio, "\0", 1);
179   char* buffer;
180   BIO_get_mem_data(temp_memory_bio, &buffer);
181   std::string pub_key_str = buffer;
182   BIO_free(temp_memory_bio);
183   return pub_key_str;
184 }
185 
operator ==(const OpenSSLKeyPair & other) const186 bool OpenSSLKeyPair::operator==(const OpenSSLKeyPair& other) const {
187   return EVP_PKEY_cmp(this->pkey_, other.pkey_) == 1;
188 }
189 
operator !=(const OpenSSLKeyPair & other) const190 bool OpenSSLKeyPair::operator!=(const OpenSSLKeyPair& other) const {
191   return !(*this == other);
192 }
193 
194 }  // namespace rtc
195