OLD | NEW |
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/base/keygen_handler.h" | 5 #include "net/base/keygen_handler.h" |
6 | 6 |
7 #include <Security/SecAsn1Coder.h> | 7 #include <Security/SecAsn1Coder.h> |
8 #include <Security/SecAsn1Templates.h> | 8 #include <Security/SecAsn1Templates.h> |
9 #include <Security/Security.h> | 9 #include <Security/Security.h> |
10 | 10 |
11 #include "base/base64.h" | 11 #include "base/base64.h" |
12 #include "base/crypto/cssm_init.h" | 12 #include "base/crypto/cssm_init.h" |
13 #include "base/lock.h" | |
14 #include "base/logging.h" | 13 #include "base/logging.h" |
15 #include "base/mac/scoped_cftyperef.h" | 14 #include "base/mac/scoped_cftyperef.h" |
16 #include "base/string_util.h" | 15 #include "base/string_util.h" |
| 16 #include "base/synchronization/lock.h" |
17 #include "base/sys_string_conversions.h" | 17 #include "base/sys_string_conversions.h" |
18 | 18 |
19 // These are in Security.framework but not declared in a public header. | 19 // These are in Security.framework but not declared in a public header. |
20 extern const SecAsn1Template kSecAsn1AlgorithmIDTemplate[]; | 20 extern const SecAsn1Template kSecAsn1AlgorithmIDTemplate[]; |
21 extern const SecAsn1Template kSecAsn1SubjectPublicKeyInfoTemplate[]; | 21 extern const SecAsn1Template kSecAsn1SubjectPublicKeyInfoTemplate[]; |
22 | 22 |
23 namespace net { | 23 namespace net { |
24 | 24 |
25 // Declarations of Netscape keygen cert structures for ASN.1 encoding: | 25 // Declarations of Netscape keygen cert structures for ASN.1 encoding: |
26 | 26 |
(...skipping 200 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
227 SecKeyRef* out_priv_key) { | 227 SecKeyRef* out_priv_key) { |
228 OSStatus err; | 228 OSStatus err; |
229 SecKeychainRef keychain; | 229 SecKeychainRef keychain; |
230 err = SecKeychainCopyDefault(&keychain); | 230 err = SecKeychainCopyDefault(&keychain); |
231 if (err) { | 231 if (err) { |
232 base::LogCSSMError("SecKeychainCopyDefault", err); | 232 base::LogCSSMError("SecKeychainCopyDefault", err); |
233 return err; | 233 return err; |
234 } | 234 } |
235 base::mac::ScopedCFTypeRef<SecKeychainRef> scoped_keychain(keychain); | 235 base::mac::ScopedCFTypeRef<SecKeychainRef> scoped_keychain(keychain); |
236 { | 236 { |
237 AutoLock locked(base::GetMacSecurityServicesLock()); | 237 base::AutoLock locked(base::GetMacSecurityServicesLock()); |
238 err = SecKeyCreatePair( | 238 err = SecKeyCreatePair( |
239 keychain, | 239 keychain, |
240 CSSM_ALGID_RSA, | 240 CSSM_ALGID_RSA, |
241 size_in_bits, | 241 size_in_bits, |
242 0LL, | 242 0LL, |
243 // public key usage and attributes: | 243 // public key usage and attributes: |
244 CSSM_KEYUSE_ENCRYPT | CSSM_KEYUSE_VERIFY | CSSM_KEYUSE_WRAP, | 244 CSSM_KEYUSE_ENCRYPT | CSSM_KEYUSE_VERIFY | CSSM_KEYUSE_WRAP, |
245 CSSM_KEYATTR_EXTRACTABLE | CSSM_KEYATTR_PERMANENT, | 245 CSSM_KEYATTR_EXTRACTABLE | CSSM_KEYATTR_PERMANENT, |
246 // private key usage and attributes: | 246 // private key usage and attributes: |
247 CSSM_KEYUSE_DECRYPT | CSSM_KEYUSE_SIGN | CSSM_KEYUSE_UNWRAP, | 247 CSSM_KEYUSE_DECRYPT | CSSM_KEYUSE_SIGN | CSSM_KEYUSE_UNWRAP, |
248 CSSM_KEYATTR_EXTRACTABLE | CSSM_KEYATTR_PERMANENT | | 248 CSSM_KEYATTR_EXTRACTABLE | CSSM_KEYATTR_PERMANENT | |
249 CSSM_KEYATTR_SENSITIVE, | 249 CSSM_KEYATTR_SENSITIVE, |
250 initial_access, | 250 initial_access, |
251 out_pub_key, out_priv_key); | 251 out_pub_key, out_priv_key); |
252 } | 252 } |
253 if (err) | 253 if (err) |
254 base::LogCSSMError("SecKeyCreatePair", err); | 254 base::LogCSSMError("SecKeyCreatePair", err); |
255 return err; | 255 return err; |
256 } | 256 } |
257 | 257 |
258 static OSStatus CreateSignatureContext(SecKeyRef key, | 258 static OSStatus CreateSignatureContext(SecKeyRef key, |
259 CSSM_ALGORITHMS algorithm, | 259 CSSM_ALGORITHMS algorithm, |
260 CSSM_CC_HANDLE* out_cc_handle) { | 260 CSSM_CC_HANDLE* out_cc_handle) { |
261 OSStatus err; | 261 OSStatus err; |
262 const CSSM_ACCESS_CREDENTIALS* credentials = NULL; | 262 const CSSM_ACCESS_CREDENTIALS* credentials = NULL; |
263 { | 263 { |
264 AutoLock locked(base::GetMacSecurityServicesLock()); | 264 base::AutoLock locked(base::GetMacSecurityServicesLock()); |
265 err = SecKeyGetCredentials(key, | 265 err = SecKeyGetCredentials(key, |
266 CSSM_ACL_AUTHORIZATION_SIGN, | 266 CSSM_ACL_AUTHORIZATION_SIGN, |
267 kSecCredentialTypeDefault, | 267 kSecCredentialTypeDefault, |
268 &credentials); | 268 &credentials); |
269 } | 269 } |
270 if (err) { | 270 if (err) { |
271 base::LogCSSMError("SecKeyGetCredentials", err); | 271 base::LogCSSMError("SecKeyGetCredentials", err); |
272 return err; | 272 return err; |
273 } | 273 } |
274 | 274 |
275 CSSM_CSP_HANDLE csp_handle = 0; | 275 CSSM_CSP_HANDLE csp_handle = 0; |
276 { | 276 { |
277 AutoLock locked(base::GetMacSecurityServicesLock()); | 277 base::AutoLock locked(base::GetMacSecurityServicesLock()); |
278 err = SecKeyGetCSPHandle(key, &csp_handle); | 278 err = SecKeyGetCSPHandle(key, &csp_handle); |
279 } | 279 } |
280 if (err) { | 280 if (err) { |
281 base::LogCSSMError("SecKeyGetCSPHandle", err); | 281 base::LogCSSMError("SecKeyGetCSPHandle", err); |
282 return err; | 282 return err; |
283 } | 283 } |
284 | 284 |
285 const CSSM_KEY* cssm_key = NULL; | 285 const CSSM_KEY* cssm_key = NULL; |
286 { | 286 { |
287 AutoLock locked(base::GetMacSecurityServicesLock()); | 287 base::AutoLock locked(base::GetMacSecurityServicesLock()); |
288 err = SecKeyGetCSSMKey(key, &cssm_key); | 288 err = SecKeyGetCSSMKey(key, &cssm_key); |
289 } | 289 } |
290 if (err) { | 290 if (err) { |
291 base::LogCSSMError("SecKeyGetCSSMKey", err); | 291 base::LogCSSMError("SecKeyGetCSSMKey", err); |
292 return err; | 292 return err; |
293 } | 293 } |
294 | 294 |
295 err = CSSM_CSP_CreateSignatureContext(csp_handle, | 295 err = CSSM_CSP_CreateSignatureContext(csp_handle, |
296 algorithm, | 296 algorithm, |
297 credentials, | 297 credentials, |
(...skipping 16 matching lines...) Expand all Loading... |
314 return err; | 314 return err; |
315 } | 315 } |
316 err = CSSM_SignData(cc_handle, &data, 1, CSSM_ALGID_NONE, signature); | 316 err = CSSM_SignData(cc_handle, &data, 1, CSSM_ALGID_NONE, signature); |
317 if (err) | 317 if (err) |
318 base::LogCSSMError("CSSM_SignData", err); | 318 base::LogCSSMError("CSSM_SignData", err); |
319 CSSM_DeleteContext(cc_handle); | 319 CSSM_DeleteContext(cc_handle); |
320 return err; | 320 return err; |
321 } | 321 } |
322 | 322 |
323 } // namespace net | 323 } // namespace net |
OLD | NEW |