OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/base/dnssec_keyset.h" | 5 #include "net/base/dnssec_keyset.h" |
6 | 6 |
7 #include <cryptohi.h> | 7 #include <cryptohi.h> |
8 #include <cryptoht.h> | 8 #include <cryptoht.h> |
9 #include <keyhi.h> | 9 #include <keyhi.h> |
10 | 10 |
11 #include "base/logging.h" | 11 #include "base/logging.h" |
12 #include "base/memory/scoped_ptr.h" | 12 #include "base/memory/scoped_ptr.h" |
13 #include "base/nss_util.h" | |
14 #include "base/time.h" | 13 #include "base/time.h" |
| 14 #include "crypto/nss_util.h" |
15 #include "net/base/dns_util.h" | 15 #include "net/base/dns_util.h" |
16 | 16 |
17 namespace { | 17 namespace { |
18 | 18 |
19 // These are encoded AlgorithmIdentifiers for the given signature algorithm. | 19 // These are encoded AlgorithmIdentifiers for the given signature algorithm. |
20 const unsigned char kRSAWithSHA1[] = { | 20 const unsigned char kRSAWithSHA1[] = { |
21 0x30, 0xd, 0x6, 0x9, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0xd, 0x1, 0x1, 0x5, 5, 0 | 21 0x30, 0xd, 0x6, 0x9, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0xd, 0x1, 0x1, 0x5, 5, 0 |
22 }; | 22 }; |
23 | 23 |
24 const unsigned char kRSAWithSHA256[] = { | 24 const unsigned char kRSAWithSHA256[] = { |
(...skipping 167 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
192 base::StringPiece signature, | 192 base::StringPiece signature, |
193 base::StringPiece public_key, | 193 base::StringPiece public_key, |
194 base::StringPiece signed_data) { | 194 base::StringPiece signed_data) { |
195 // This code is largely a copy-and-paste from | 195 // This code is largely a copy-and-paste from |
196 // base/crypto/signature_verifier_nss.cc. We can't change | 196 // base/crypto/signature_verifier_nss.cc. We can't change |
197 // base::SignatureVerifier to always use NSS because we want the ability to | 197 // base::SignatureVerifier to always use NSS because we want the ability to |
198 // be FIPS 140-2 compliant. However, we can't use base::SignatureVerifier | 198 // be FIPS 140-2 compliant. However, we can't use base::SignatureVerifier |
199 // here because some platforms don't support SHA256 signatures. Therefore, we | 199 // here because some platforms don't support SHA256 signatures. Therefore, we |
200 // use NSS directly. | 200 // use NSS directly. |
201 | 201 |
202 base::EnsureNSSInit(); | 202 crypto::EnsureNSSInit(); |
203 | 203 |
204 CERTSubjectPublicKeyInfo* spki = NULL; | 204 CERTSubjectPublicKeyInfo* spki = NULL; |
205 SECItem spki_der; | 205 SECItem spki_der; |
206 spki_der.type = siBuffer; | 206 spki_der.type = siBuffer; |
207 spki_der.data = (uint8*) public_key.data(); | 207 spki_der.data = (uint8*) public_key.data(); |
208 spki_der.len = public_key.size(); | 208 spki_der.len = public_key.size(); |
209 spki = SECKEY_DecodeDERSubjectPublicKeyInfo(&spki_der); | 209 spki = SECKEY_DecodeDERSubjectPublicKeyInfo(&spki_der); |
210 if (!spki) | 210 if (!spki) |
211 return false; | 211 return false; |
212 SECKEYPublicKey* pub_key = SECKEY_ExtractPublicKey(spki); | 212 SECKEYPublicKey* pub_key = SECKEY_ExtractPublicKey(spki); |
(...skipping 238 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
451 out[j++] = exp >> (8 * i); | 451 out[j++] = exp >> (8 * i); |
452 length--; | 452 length--; |
453 } | 453 } |
454 | 454 |
455 DCHECK_EQ(0u, length); | 455 DCHECK_EQ(0u, length); |
456 | 456 |
457 return std::string(reinterpret_cast<char*>(out.get()), j); | 457 return std::string(reinterpret_cast<char*>(out.get()), j); |
458 } | 458 } |
459 | 459 |
460 } // namespace net | 460 } // namespace net |
OLD | NEW |