19 #include "packager/media/base/rsa_key.h"
21 #include <openssl/err.h>
22 #include <openssl/rsa.h>
23 #include <openssl/x509.h>
26 #include "packager/base/logging.h"
27 #include "packager/base/sha1.h"
31 const size_t kPssSaltLength = 20u;
34 RSA* DeserializeRsaKey(
const std::string& serialized_key,
35 bool deserialize_private_key) {
36 if (serialized_key.empty()) {
37 LOG(ERROR) <<
"Serialized RSA Key is empty.";
41 BIO* bio = BIO_new_mem_buf(
const_cast<char*
>(serialized_key.data()),
42 serialized_key.size());
44 LOG(ERROR) <<
"BIO_new_mem_buf returned NULL.";
47 RSA* rsa_key = deserialize_private_key ? d2i_RSAPrivateKey_bio(bio, NULL)
48 : d2i_RSAPublicKey_bio(bio, NULL);
53 RSA* DeserializeRsaPrivateKey(
const std::string& serialized_key) {
54 RSA* rsa_key = DeserializeRsaKey(serialized_key,
true);
56 LOG(ERROR) <<
"Private RSA key deserialization failure.";
59 if (RSA_check_key(rsa_key) != 1) {
60 LOG(ERROR) <<
"Invalid RSA Private key: " << ERR_error_string(
61 ERR_get_error(), NULL);
68 RSA* DeserializeRsaPublicKey(
const std::string& serialized_key) {
69 RSA* rsa_key = DeserializeRsaKey(serialized_key,
false);
71 LOG(ERROR) <<
"Private RSA key deserialization failure.";
74 if (RSA_size(rsa_key) <= 0) {
75 LOG(ERROR) <<
"Invalid RSA Public key: " << ERR_error_string(
76 ERR_get_error(), NULL);
88 RsaPrivateKey::RsaPrivateKey(RSA* rsa_key) : rsa_key_(rsa_key) {
91 RsaPrivateKey::~RsaPrivateKey() {
96 RsaPrivateKey* RsaPrivateKey::Create(
const std::string& serialized_key) {
97 RSA* rsa_key = DeserializeRsaPrivateKey(serialized_key);
101 bool RsaPrivateKey::Decrypt(
const std::string& encrypted_message,
102 std::string* decrypted_message) {
103 DCHECK(decrypted_message);
105 size_t rsa_size = RSA_size(rsa_key_);
106 if (encrypted_message.size() != rsa_size) {
107 LOG(ERROR) <<
"Encrypted RSA message has the wrong size (expected "
108 << rsa_size <<
", actual " << encrypted_message.size() <<
").";
112 decrypted_message->resize(rsa_size);
113 int decrypted_size = RSA_private_decrypt(
114 rsa_size,
reinterpret_cast<const uint8_t*
>(encrypted_message.data()),
115 reinterpret_cast<uint8_t*
>(&(*decrypted_message)[0]), rsa_key_,
116 RSA_PKCS1_OAEP_PADDING);
118 if (decrypted_size == -1) {
119 LOG(ERROR) <<
"RSA private decrypt failure: " << ERR_error_string(
120 ERR_get_error(), NULL);
123 decrypted_message->resize(decrypted_size);
127 bool RsaPrivateKey::GenerateSignature(
const std::string& message,
128 std::string* signature) {
130 if (message.empty()) {
131 LOG(ERROR) <<
"Message to be signed is empty.";
135 std::string message_digest = base::SHA1HashString(message);
138 size_t rsa_size = RSA_size(rsa_key_);
139 std::vector<uint8_t> padded_digest(rsa_size);
140 if (!RSA_padding_add_PKCS1_PSS_mgf1(
141 rsa_key_, &padded_digest[0],
142 reinterpret_cast<uint8_t*
>(&message_digest[0]), EVP_sha1(),
143 EVP_sha1(), kPssSaltLength)) {
144 LOG(ERROR) <<
"RSA padding failure: " << ERR_error_string(ERR_get_error(),
150 signature->resize(rsa_size);
151 int signature_size = RSA_private_encrypt(
152 padded_digest.size(), &padded_digest[0],
153 reinterpret_cast<uint8_t*
>(&(*signature)[0]), rsa_key_, RSA_NO_PADDING);
155 if (signature_size !=
static_cast<int>(rsa_size)) {
156 LOG(ERROR) <<
"RSA private encrypt failure: " << ERR_error_string(
157 ERR_get_error(), NULL);
163 RsaPublicKey::RsaPublicKey(RSA* rsa_key) : rsa_key_(rsa_key) {
166 RsaPublicKey::~RsaPublicKey() {
167 if (rsa_key_ != NULL)
172 RSA* rsa_key = DeserializeRsaPublicKey(serialized_key);
173 return rsa_key == NULL ? NULL :
new RsaPublicKey(rsa_key);
177 std::string* encrypted_message) {
178 DCHECK(encrypted_message);
179 if (clear_message.empty()) {
180 LOG(ERROR) <<
"Message to be encrypted is empty.";
184 size_t rsa_size = RSA_size(rsa_key_);
185 encrypted_message->resize(rsa_size);
187 RSA_public_encrypt(clear_message.size(),
188 reinterpret_cast<const uint8_t*
>(clear_message.data()),
189 reinterpret_cast<uint8_t*
>(&(*encrypted_message)[0]),
190 rsa_key_, RSA_PKCS1_OAEP_PADDING);
192 if (encrypted_size !=
static_cast<int>(rsa_size)) {
193 LOG(ERROR) <<
"RSA public encrypt failure: " << ERR_error_string(
194 ERR_get_error(), NULL);
201 const std::string& signature) {
202 if (message.empty()) {
203 LOG(ERROR) <<
"Signed message is empty.";
207 size_t rsa_size = RSA_size(rsa_key_);
208 if (signature.size() != rsa_size) {
209 LOG(ERROR) <<
"Message signature is of the wrong size (expected "
210 << rsa_size <<
", actual " << signature.size() <<
").";
215 std::vector<uint8_t> padded_digest(signature.size());
217 RSA_public_decrypt(signature.size(),
218 reinterpret_cast<const uint8_t*
>(signature.data()),
223 if (decrypted_size !=
static_cast<int>(rsa_size)) {
224 LOG(ERROR) <<
"RSA public decrypt failure: " << ERR_error_string(
225 ERR_get_error(), NULL);
229 std::string message_digest = base::SHA1HashString(message);
232 return RSA_verify_PKCS1_PSS_mgf1(
234 reinterpret_cast<const uint8_t*
>(message_digest.data()),
238 kPssSaltLength) != 0;
All the methods that are virtual are virtual for mocking.