diff options
author | Adhishree Abhyankar <adhishree.abhyankar@mongodb.com> | 2022-07-15 13:57:17 +0000 |
---|---|---|
committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2022-07-15 14:42:30 +0000 |
commit | 8f895e99ade9d42f015595a60500bb694b9027ce (patch) | |
tree | feb75a3e51f4c322b19cf70024f53b87858fa476 | |
parent | f2678ea3658acd35548f770ebb68c15815b46040 (diff) | |
download | mongo-8f895e99ade9d42f015595a60500bb694b9027ce.tar.gz |
SERVER-67552: Creates a generic RsaPublicKey class that serves as a wrapper around RSA public key material in OpenSSL.
-rw-r--r-- | src/mongo/crypto/SConscript | 12 | ||||
-rw-r--r-- | src/mongo/crypto/rsa_public_key.cpp | 49 | ||||
-rw-r--r-- | src/mongo/crypto/rsa_public_key.h | 71 | ||||
-rw-r--r-- | src/mongo/crypto/rsa_public_key_test.cpp | 60 | ||||
-rw-r--r-- | src/mongo/db/auth/SConscript | 1 |
5 files changed, 193 insertions, 0 deletions
diff --git a/src/mongo/crypto/SConscript b/src/mongo/crypto/SConscript index 4ce7ede944a..af457d27050 100644 --- a/src/mongo/crypto/SConscript +++ b/src/mongo/crypto/SConscript @@ -63,6 +63,16 @@ cryptoEnv.Library( ], ) +cryptoEnv.Library( + target='rsa_public_key', + source=[ + 'rsa_public_key.cpp', + ], + LIBDEPS=[ + '$BUILD_DIR/mongo/base', + ], +) + env.Library( target="aead_encryption", source=[ @@ -129,6 +139,7 @@ env.CppUnitTest( 'encryption_fields_util_test.cpp', 'fle_crypto_test.cpp', 'mechanism_scram_test.cpp', + 'rsa_public_key_test.cpp', 'sha1_block_test.cpp', 'sha256_block_test.cpp', 'sha512_block_test.cpp', @@ -141,6 +152,7 @@ env.CppUnitTest( 'aead_encryption', 'encrypted_field_config', 'fle_crypto', + 'rsa_public_key', 'sha_block_${MONGO_CRYPTO}', ], ) diff --git a/src/mongo/crypto/rsa_public_key.cpp b/src/mongo/crypto/rsa_public_key.cpp new file mode 100644 index 00000000000..76390e44606 --- /dev/null +++ b/src/mongo/crypto/rsa_public_key.cpp @@ -0,0 +1,49 @@ +/** + * Copyright (C) 2022-present MongoDB, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the Server Side Public License, version 1, + * as published by MongoDB, Inc. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * Server Side Public License for more details. + * + * You should have received a copy of the Server Side Public License + * along with this program. If not, see + * <http://www.mongodb.com/licensing/server-side-public-license>. + * + * As a special exception, the copyright holders give permission to link the + * code of portions of this program with the OpenSSL library under certain + * conditions as described in each individual source file and distribute + * linked combinations including the program with the OpenSSL library. You + * must comply with the Server Side Public License in all respects for + * all of the code used other than as permitted herein. If you modify file(s) + * with this exception, you may extend this exception to your version of the + * file(s), but you are not obligated to do so. If you do not wish to do so, + * delete this exception statement from your version. If you delete this + * exception statement from all source files in the program, then also delete + * it in the license file. + */ + +#include "mongo/crypto/rsa_public_key.h" + +#include <iterator> + +#include "fmt/format.h" +#include "mongo/base/string_data.h" +#include "mongo/util/base64.h" + +namespace mongo::crypto { + +RsaPublicKey::RsaPublicKey(StringData keyId, StringData e, StringData n) + : _keyId(keyId.toString()) { + fmt::memory_buffer eBuffer; + base64url::decode(eBuffer, e); + std::copy(eBuffer.begin(), eBuffer.end(), std::back_inserter(_e)); + fmt::memory_buffer nBuffer; + base64url::decode(nBuffer, n); + std::copy(nBuffer.begin(), nBuffer.end(), std::back_inserter(_n)); +} +} // namespace mongo::crypto diff --git a/src/mongo/crypto/rsa_public_key.h b/src/mongo/crypto/rsa_public_key.h new file mode 100644 index 00000000000..e5773d2af33 --- /dev/null +++ b/src/mongo/crypto/rsa_public_key.h @@ -0,0 +1,71 @@ +/** + * Copyright (C) 2022-present MongoDB, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the Server Side Public License, version 1, + * as published by MongoDB, Inc. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * Server Side Public License for more details. + * + * You should have received a copy of the Server Side Public License + * along with this program. If not, see + * <http://www.mongodb.com/licensing/server-side-public-license>. + * + * As a special exception, the copyright holders give permission to link the + * code of portions of this program with the OpenSSL library under certain + * conditions as described in each individual source file and distribute + * linked combinations including the program with the OpenSSL library. You + * must comply with the Server Side Public License in all respects for + * all of the code used other than as permitted herein. If you modify file(s) + * with this exception, you may extend this exception to your version of the + * file(s), but you are not obligated to do so. If you do not wish to do so, + * delete this exception statement from your version. If you delete this + * exception statement from all source files in the program, then also delete + * it in the license file. + */ + +#pragma once + +#include "mongo/base/data_range.h" +#include "mongo/base/string_data.h" +#include "mongo/util/base64.h" + +namespace mongo::crypto { +/** + * Provides an interface for managing parameters to an RSA signing operation. + * Note that this key contains public material only, and is not suitable for decryption. + */ +class RsaPublicKey { +public: + /** + * Creates an `RsaPublicKey` instance identified by the opaque string name {keyId}. + * The RSA operation parameters of {E} and {N} must be passed as Base64URL encoded values (RFC + * 4648 ยง5). + */ + RsaPublicKey(StringData keyId, StringData e, StringData n); + std::size_t getKeySizeBytes() const { + return _n.size(); + } + + ConstDataRange getE() const { + return ConstDataRange(_e); + } + + ConstDataRange getN() const { + return ConstDataRange(_n); + } + + StringData getKeyId() const { + return _keyId; + } + +private: + std::vector<std::uint8_t> _e; + std::vector<std::uint8_t> _n; + std::string _keyId; +}; + +} // namespace mongo::crypto diff --git a/src/mongo/crypto/rsa_public_key_test.cpp b/src/mongo/crypto/rsa_public_key_test.cpp new file mode 100644 index 00000000000..8b61773c037 --- /dev/null +++ b/src/mongo/crypto/rsa_public_key_test.cpp @@ -0,0 +1,60 @@ +/** + * Copyright (C) 2022-present MongoDB, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the Server Side Public License, version 1, + * as published by MongoDB, Inc. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * Server Side Public License for more details. + * + * You should have received a copy of the Server Side Public License + * along with this program. If not, see + * <http://www.mongodb.com/licensing/server-side-public-license>. + * + * As a special exception, the copyright holders give permission to link the + * code of portions of this program with the OpenSSL library under certain + * conditions as described in each individual source file and distribute + * linked combinations including the program with the OpenSSL library. You + * must comply with the Server Side Public License in all respects for + * all of the code used other than as permitted herein. If you modify file(s) + * with this exception, you may extend this exception to your version of the + * file(s), but you are not obligated to do so. If you do not wish to do so, + * delete this exception statement from your version. If you delete this + * exception statement from all source files in the program, then also delete + * it in the license file. + */ + +#include "mongo/crypto/rsa_public_key.h" + +#include <iostream> +#include <vector> + +#include "mongo/base/string_data.h" +#include "mongo/unittest/unittest.h" +#include "mongo/util/base64.h" + +namespace mongo::crypto { + +TEST(RSAPublickKeyTest, rsaKeyDecode) { + const auto keyID = "0UhWwyvtfIdxPvR9zCWYJB5_AM0LE2qc6RGOcI0cQjw"_sd; + const auto e = "AQAB"_sd; + const auto n = + "ionlnDDd4AG2rRFgjEowRUiZ8x7LTfM-cwwBTuV4TAWgZKb3RycprPwdPODtbKSxnyoM6-Bi-" + "qM0FInx13vsC3h3xxzMIreH-vRQPWWocsJ6CZrgfbXyUclcLzgJX_E2V_6hpG0CeUBfNYsgfgwm4Y_" + "wjUu3HKsKPdIPqjf6zdrgv8W3OySt-QSFVBy_OQXraZ2wA7gJPyPmNhBr8L9M3AYRS_" + "E1XRpsldMSrIe8bfxGyP2B9txiUQXIycWLC-e172SPjAjdUyaK3YLqGRtki6EgQ3qlzRPjoQheE-" + "r3l62UaaAgHOo6FercdjdsIzT2-vhqZMQk59WhGuvygymiLw"_sd; + RsaPublicKey key(keyID, e, n); + + std::string strE; + strE.assign(key.getE().data(), key.getE().length()); + ASSERT_EQ(base64url::encode(strE), e); + + std::string strN; + strN.assign(key.getN().data(), key.getN().length()); + ASSERT_EQ(base64url::encode(strN), n); +} +} // namespace mongo::crypto diff --git a/src/mongo/db/auth/SConscript b/src/mongo/db/auth/SConscript index 1df94b4707b..c2b97e4b604 100644 --- a/src/mongo/db/auth/SConscript +++ b/src/mongo/db/auth/SConscript @@ -427,6 +427,7 @@ env.Library( LIBDEPS=[ '$BUILD_DIR/mongo/base', '$BUILD_DIR/mongo/base/secure_allocator', + '$BUILD_DIR/mongo/crypto/rsa_public_key', '$BUILD_DIR/mongo/crypto/sha_block_${MONGO_CRYPTO}', '$BUILD_DIR/mongo/db/commands/test_commands_enabled', '$BUILD_DIR/mongo/util/icu', |