xref: /aosp_15_r20/external/cronet/net/ssl/openssl_private_key.cc (revision 6777b5387eb2ff775bb5750e3f5d96f37fb7352b) 
1 // Copyright 2024 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #include "net/ssl/openssl_private_key.h"
6 
7 #include "base/check.h"
8 #include "net/base/net_errors.h"
9 #include "net/ssl/ssl_platform_key_util.h"
10 #include "net/ssl/ssl_private_key.h"
11 #include "net/ssl/threaded_ssl_private_key.h"
12 #include "third_party/boringssl/src/include/openssl/evp.h"
13 #include "third_party/boringssl/src/include/openssl/rsa.h"
14 #include "third_party/boringssl/src/include/openssl/ssl.h"
15 
16 namespace net {
17 
18 namespace {
19 
20 class OpenSSLPrivateKey : public ThreadedSSLPrivateKey::Delegate {
21  public:
OpenSSLPrivateKey(bssl::UniquePtr<EVP_PKEY> key)22   explicit OpenSSLPrivateKey(bssl::UniquePtr<EVP_PKEY> key)
23       : key_(std::move(key)) {}
24 
25   OpenSSLPrivateKey(const OpenSSLPrivateKey&) = delete;
26   OpenSSLPrivateKey& operator=(const OpenSSLPrivateKey&) = delete;
27 
28   ~OpenSSLPrivateKey() override = default;
29 
GetProviderName()30   std::string GetProviderName() override { return "EVP_PKEY"; }
31 
GetAlgorithmPreferences()32   std::vector<uint16_t> GetAlgorithmPreferences() override {
33     return SSLPrivateKey::DefaultAlgorithmPreferences(EVP_PKEY_id(key_.get()),
34                                                       true /* supports PSS */);
35   }
36 
Sign(uint16_t algorithm,base::span<const uint8_t> input,std::vector<uint8_t> * signature)37   Error Sign(uint16_t algorithm,
38              base::span<const uint8_t> input,
39              std::vector<uint8_t>* signature) override {
40     bssl::ScopedEVP_MD_CTX ctx;
41     EVP_PKEY_CTX* pctx;
42     if (!EVP_DigestSignInit(ctx.get(), &pctx,
43                             SSL_get_signature_algorithm_digest(algorithm),
44                             nullptr, key_.get())) {
45       return ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED;
46     }
47     if (SSL_is_signature_algorithm_rsa_pss(algorithm)) {
48       if (!EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) ||
49           !EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1 /* hash length */)) {
50         return ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED;
51       }
52     }
53     size_t sig_len = 0;
54     if (!EVP_DigestSign(ctx.get(), nullptr, &sig_len, input.data(),
55                         input.size())) {
56       return ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED;
57     }
58     signature->resize(sig_len);
59     if (!EVP_DigestSign(ctx.get(), signature->data(), &sig_len, input.data(),
60                         input.size())) {
61       return ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED;
62     }
63     signature->resize(sig_len);
64     return OK;
65   }
66 
67  private:
68   bssl::UniquePtr<EVP_PKEY> key_;
69 };
70 
71 }  // namespace
72 
WrapOpenSSLPrivateKey(bssl::UniquePtr<EVP_PKEY> key)73 scoped_refptr<SSLPrivateKey> WrapOpenSSLPrivateKey(
74     bssl::UniquePtr<EVP_PKEY> key) {
75   CHECK(key);
76   return base::MakeRefCounted<ThreadedSSLPrivateKey>(
77       std::make_unique<OpenSSLPrivateKey>(std::move(key)),
78       GetSSLPlatformKeyTaskRunner());
79 }
80 
81 }  // namespace net
82