SERVER-67552: Creates a generic RsaPublicKey class that serves as a wrapper around RSA public key material in OpenSSL.

5 files changed, 193 insertions, 0 deletions

diff --git a/src/mongo/crypto/SConscript b/src/mongo/crypto/SConscript
index 4ce7ede944a..af457d27050 100644
--- a/src/mongo/crypto/SConscript
+++ b/src/mongo/crypto/SConscript
@@ -63,6 +63,16 @@ cryptoEnv.Library(
     ],
 )
 
+cryptoEnv.Library(
+    target='rsa_public_key',
+    source=[
+        'rsa_public_key.cpp',
+    ],
+    LIBDEPS=[
+        '$BUILD_DIR/mongo/base',
+    ],
+)
+
 env.Library(
     target="aead_encryption",
     source=[
@@ -129,6 +139,7 @@ env.CppUnitTest(
         'encryption_fields_util_test.cpp',
         'fle_crypto_test.cpp',
         'mechanism_scram_test.cpp',
+        'rsa_public_key_test.cpp',
         'sha1_block_test.cpp',
         'sha256_block_test.cpp',
         'sha512_block_test.cpp',
@@ -141,6 +152,7 @@ env.CppUnitTest(
         'aead_encryption',
         'encrypted_field_config',
         'fle_crypto',
+        'rsa_public_key',
         'sha_block_${MONGO_CRYPTO}',
     ],
 )
diff --git a/src/mongo/crypto/rsa_public_key.cpp b/src/mongo/crypto/rsa_public_key.cpp
new file mode 100644
index 00000000000..76390e44606
--- /dev/null
+++ b/src/mongo/crypto/rsa_public_key.cpp
@@ -0,0 +1,49 @@
+/**
+ *    Copyright (C) 2022-present MongoDB, Inc.
+ *
+ *    This program is free software: you can redistribute it and/or modify
+ *    it under the terms of the Server Side Public License, version 1,
+ *    as published by MongoDB, Inc.
+ *
+ *    This program is distributed in the hope that it will be useful,
+ *    but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *    Server Side Public License for more details.
+ *
+ *    You should have received a copy of the Server Side Public License
+ *    along with this program. If not, see
+ *    <http://www.mongodb.com/licensing/server-side-public-license>.
+ *
+ *    As a special exception, the copyright holders give permission to link the
+ *    code of portions of this program with the OpenSSL library under certain
+ *    conditions as described in each individual source file and distribute
+ *    linked combinations including the program with the OpenSSL library. You
+ *    must comply with the Server Side Public License in all respects for
+ *    all of the code used other than as permitted herein. If you modify file(s)
+ *    with this exception, you may extend this exception to your version of the
+ *    file(s), but you are not obligated to do so. If you do not wish to do so,
+ *    delete this exception statement from your version. If you delete this
+ *    exception statement from all source files in the program, then also delete
+ *    it in the license file.
+ */
+
+#include "mongo/crypto/rsa_public_key.h"
+
+#include <iterator>
+
+#include "fmt/format.h"
+#include "mongo/base/string_data.h"
+#include "mongo/util/base64.h"
+
+namespace mongo::crypto {
+
+RsaPublicKey::RsaPublicKey(StringData keyId, StringData e, StringData n)
+    : _keyId(keyId.toString()) {
+    fmt::memory_buffer eBuffer;
+    base64url::decode(eBuffer, e);
+    std::copy(eBuffer.begin(), eBuffer.end(), std::back_inserter(_e));
+    fmt::memory_buffer nBuffer;
+    base64url::decode(nBuffer, n);
+    std::copy(nBuffer.begin(), nBuffer.end(), std::back_inserter(_n));
+}
+}  // namespace mongo::crypto
diff --git a/src/mongo/crypto/rsa_public_key.h b/src/mongo/crypto/rsa_public_key.h
new file mode 100644
index 00000000000..e5773d2af33
--- /dev/null
+++ b/src/mongo/crypto/rsa_public_key.h
@@ -0,0 +1,71 @@
+/**
+ *    Copyright (C) 2022-present MongoDB, Inc.
+ *
+ *    This program is free software: you can redistribute it and/or modify
+ *    it under the terms of the Server Side Public License, version 1,
+ *    as published by MongoDB, Inc.
+ *
+ *    This program is distributed in the hope that it will be useful,
+ *    but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *    Server Side Public License for more details.
+ *
+ *    You should have received a copy of the Server Side Public License
+ *    along with this program. If not, see
+ *    <http://www.mongodb.com/licensing/server-side-public-license>.
+ *
+ *    As a special exception, the copyright holders give permission to link the
+ *    code of portions of this program with the OpenSSL library under certain
+ *    conditions as described in each individual source file and distribute
+ *    linked combinations including the program with the OpenSSL library. You
+ *    must comply with the Server Side Public License in all respects for
+ *    all of the code used other than as permitted herein. If you modify file(s)
+ *    with this exception, you may extend this exception to your version of the
+ *    file(s), but you are not obligated to do so. If you do not wish to do so,
+ *    delete this exception statement from your version. If you delete this
+ *    exception statement from all source files in the program, then also delete
+ *    it in the license file.
+ */
+
+#pragma once
+
+#include "mongo/base/data_range.h"
+#include "mongo/base/string_data.h"
+#include "mongo/util/base64.h"
+
+namespace mongo::crypto {
+/**
+ * Provides an interface for managing parameters to an RSA signing operation.
+ * Note that this key contains public material only, and is not suitable for decryption.
+ */
+class RsaPublicKey {
+public:
+    /**
+     * Creates an `RsaPublicKey` instance identified by the opaque string name {keyId}.
+     * The RSA operation parameters of {E} and {N} must be passed as Base64URL encoded values (RFC
+     * 4648 §5).
+     */
+    RsaPublicKey(StringData keyId, StringData e, StringData n);
+    std::size_t getKeySizeBytes() const {
+        return _n.size();
+    }
+
+    ConstDataRange getE() const {
+        return ConstDataRange(_e);
+    }
+
+    ConstDataRange getN() const {
+        return ConstDataRange(_n);
+    }
+
+    StringData getKeyId() const {
+        return _keyId;
+    }
+
+private:
+    std::vector<std::uint8_t> _e;
+    std::vector<std::uint8_t> _n;
+    std::string _keyId;
+};
+
+}  // namespace mongo::crypto
diff --git a/src/mongo/crypto/rsa_public_key_test.cpp b/src/mongo/crypto/rsa_public_key_test.cpp
new file mode 100644
index 00000000000..8b61773c037
--- /dev/null
+++ b/src/mongo/crypto/rsa_public_key_test.cpp
@@ -0,0 +1,60 @@
+/**
+ *    Copyright (C) 2022-present MongoDB, Inc.
+ *
+ *    This program is free software: you can redistribute it and/or modify
+ *    it under the terms of the Server Side Public License, version 1,
+ *    as published by MongoDB, Inc.
+ *
+ *    This program is distributed in the hope that it will be useful,
+ *    but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *    Server Side Public License for more details.
+ *
+ *    You should have received a copy of the Server Side Public License
+ *    along with this program. If not, see
+ *    <http://www.mongodb.com/licensing/server-side-public-license>.
+ *
+ *    As a special exception, the copyright holders give permission to link the
+ *    code of portions of this program with the OpenSSL library under certain
+ *    conditions as described in each individual source file and distribute
+ *    linked combinations including the program with the OpenSSL library. You
+ *    must comply with the Server Side Public License in all respects for
+ *    all of the code used other than as permitted herein. If you modify file(s)
+ *    with this exception, you may extend this exception to your version of the
+ *    file(s), but you are not obligated to do so. If you do not wish to do so,
+ *    delete this exception statement from your version. If you delete this
+ *    exception statement from all source files in the program, then also delete
+ *    it in the license file.
+ */
+
+#include "mongo/crypto/rsa_public_key.h"
+
+#include <iostream>
+#include <vector>
+
+#include "mongo/base/string_data.h"
+#include "mongo/unittest/unittest.h"
+#include "mongo/util/base64.h"
+
+namespace mongo::crypto {
+
+TEST(RSAPublickKeyTest, rsaKeyDecode) {
+    const auto keyID = "0UhWwyvtfIdxPvR9zCWYJB5_AM0LE2qc6RGOcI0cQjw"_sd;
+    const auto e = "AQAB"_sd;
+    const auto n =
+        "ionlnDDd4AG2rRFgjEowRUiZ8x7LTfM-cwwBTuV4TAWgZKb3RycprPwdPODtbKSxnyoM6-Bi-"
+        "qM0FInx13vsC3h3xxzMIreH-vRQPWWocsJ6CZrgfbXyUclcLzgJX_E2V_6hpG0CeUBfNYsgfgwm4Y_"
+        "wjUu3HKsKPdIPqjf6zdrgv8W3OySt-QSFVBy_OQXraZ2wA7gJPyPmNhBr8L9M3AYRS_"
+        "E1XRpsldMSrIe8bfxGyP2B9txiUQXIycWLC-e172SPjAjdUyaK3YLqGRtki6EgQ3qlzRPjoQheE-"
+        "r3l62UaaAgHOo6FercdjdsIzT2-vhqZMQk59WhGuvygymiLw"_sd;
+    RsaPublicKey key(keyID, e, n);
+
+    std::string strE;
+    strE.assign(key.getE().data(), key.getE().length());
+    ASSERT_EQ(base64url::encode(strE), e);
+
+    std::string strN;
+    strN.assign(key.getN().data(), key.getN().length());
+    ASSERT_EQ(base64url::encode(strN), n);
+}
+}  // namespace mongo::crypto
diff --git a/src/mongo/db/auth/SConscript b/src/mongo/db/auth/SConscript
index 1df94b4707b..c2b97e4b604 100644
--- a/src/mongo/db/auth/SConscript
+++ b/src/mongo/db/auth/SConscript
@@ -427,6 +427,7 @@ env.Library(
     LIBDEPS=[
         '$BUILD_DIR/mongo/base',
         '$BUILD_DIR/mongo/base/secure_allocator',
+        '$BUILD_DIR/mongo/crypto/rsa_public_key',
         '$BUILD_DIR/mongo/crypto/sha_block_${MONGO_CRYPTO}',
         '$BUILD_DIR/mongo/db/commands/test_commands_enabled',
         '$BUILD_DIR/mongo/util/icu',