Add support for certificates with public key algorithm ECDSA. (#64)

RSA is not allowed in WebTransport serverCertificateHash API. See
Chromium change
https://chromium-review.googlesource.com/c/chromium/src/+/3399288

Author: jianjunz

web_transport/sdk/impl/proof_source_owt.cc

@@ -24,7 +24,8 @@
 namespace owt {
 namespace quic {
 
-ProofSourceOwt::ProofSourceOwt() {}
+ProofSourceOwt::ProofSourceOwt()
+    : private_key_(nullptr), ticket_crypter_(nullptr) {}
 
 ProofSourceOwt::~ProofSourceOwt() {}
 
@@ -72,7 +73,8 @@ bool ProofSourceOwt::Initialize(const base::FilePath& pfx_path,
   }
 
   chain_ = new ::quic::ProofSource::Chain(certs_string);
-  private_key_ = crypto::RSAPrivateKey::CreateFromKey(key);
+  private_key_ = std::make_unique<::quic::CertificatePrivateKey>(
+      bssl::UniquePtr<EVP_PKEY>(key));
   return true;
 }
 
@@ -101,18 +103,19 @@ bool ProofSourceOwt::GetProofInner(
     ::quic::QuicCryptoProof* proof) {
   // This function is copied from `ProofSourceChromium`, but `leaf_cert_scts` is
   // not set.
-  DCHECK(proof != nullptr);
-  DCHECK(private_key_.get()) << " this: " << this;
+  DCHECK(proof);
+  DCHECK(private_key_);
 
   crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
   bssl::ScopedEVP_MD_CTX sign_context;
   EVP_PKEY_CTX* pkey_ctx;
 
   uint32_t len_tmp = chlo_hash.length();
   if (!EVP_DigestSignInit(sign_context.get(), &pkey_ctx, EVP_sha256(), nullptr,
-                          private_key_->key()) ||
-      !EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING) ||
-      !EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, -1) ||
+                          private_key_->private_key()) ||
+      (EVP_PKEY_id(private_key_->private_key()) == EVP_PKEY_RSA &&
+       (!EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING) ||
+        !EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, -1))) ||
       !EVP_DigestSignUpdate(
           sign_context.get(),
           reinterpret_cast<const uint8_t*>(::quic::kProofSignatureLabel),
@@ -198,9 +201,10 @@ void ProofSourceOwt::ComputeTlsSignature(
   size_t siglen;
   std::string sig;
   if (!EVP_DigestSignInit(sign_context.get(), &pkey_ctx, EVP_sha256(), nullptr,
-                          private_key_->key()) ||
-      !EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING) ||
-      !EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, -1) ||
+                          private_key_->private_key()) ||
+      (EVP_PKEY_id(private_key_->private_key()) == EVP_PKEY_RSA &&
+       (!EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING) ||
+        !EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, -1))) ||
       !EVP_DigestSignUpdate(sign_context.get(),
                             reinterpret_cast<const uint8_t*>(in.data()),
                             in.size()) ||

web_transport/sdk/impl/proof_source_owt.h

@@ -72,7 +72,7 @@ class ProofSourceOwt : public ::quic::ProofSource {
           out_chain,
       ::quic::QuicCryptoProof* proof);
 
-  std::unique_ptr<crypto::RSAPrivateKey> private_key_;
+  std::unique_ptr<::quic::CertificatePrivateKey> private_key_;
   std::vector<scoped_refptr<net::X509Certificate>> certs_in_file_;
   ::quic::QuicReferenceCountedPointer<::quic::ProofSource::Chain> chain_;
   std::unique_ptr<::quic::ProofSource::TicketCrypter> ticket_crypter_;