Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(217)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/keygen_handler_win.cc

Issue 6805019: Move crypto files out of base, to a top level directory. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Fixes comments by eroman Created 9 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/base/keygen_handler_unittest.cc ('k') | net/base/openssl_memory_private_key_store.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/base/keygen_handler.h" 5 #include "net/base/keygen_handler.h"
6 6
7 #include <windows.h> 7 #include <windows.h>
8 #include <wincrypt.h> 8 #include <wincrypt.h>
9 #pragma comment(lib, "crypt32.lib") 9 #pragma comment(lib, "crypt32.lib")
10 #include <rpc.h> 10 #include <rpc.h>
11 #pragma comment(lib, "rpcrt4.lib") 11 #pragma comment(lib, "rpcrt4.lib")
12 12
13 #include <list> 13 #include <list>
14 #include <string> 14 #include <string>
15 #include <vector> 15 #include <vector>
16 16
17 #include "base/base64.h" 17 #include "base/base64.h"
18 #include "base/basictypes.h" 18 #include "base/basictypes.h"
19 #include "base/crypto/capi_util.h"
20 #include "base/crypto/scoped_capi_types.h"
21 #include "base/logging.h" 19 #include "base/logging.h"
22 #include "base/string_piece.h" 20 #include "base/string_piece.h"
23 #include "base/string_util.h" 21 #include "base/string_util.h"
24 #include "base/utf_string_conversions.h" 22 #include "base/utf_string_conversions.h"
23 #include "crypto/capi_util.h"
24 #include "crypto/scoped_capi_types.h"
25
25 26
26 namespace net { 27 namespace net {
27 28
28 // Assigns the contents of a CERT_PUBLIC_KEY_INFO structure for the signing 29 // Assigns the contents of a CERT_PUBLIC_KEY_INFO structure for the signing
29 // key in |prov| to |output|. Returns true if encoding was successful. 30 // key in |prov| to |output|. Returns true if encoding was successful.
30 bool GetSubjectPublicKeyInfo(HCRYPTPROV prov, std::vector<BYTE>* output) { 31 bool GetSubjectPublicKeyInfo(HCRYPTPROV prov, std::vector<BYTE>* output) {
31 BOOL ok; 32 BOOL ok;
32 DWORD size = 0; 33 DWORD size = 0;
33 34
34 // From the private key stored in HCRYPTPROV, obtain the public key, stored 35 // From the private key stored in HCRYPTPROV, obtain the public key, stored
(...skipping 101 matching lines...) Expand 10 before | Expand all | Expand 10 after
136 struct KeyContainer { 137 struct KeyContainer {
137 public: 138 public:
138 explicit KeyContainer(bool delete_keyset) 139 explicit KeyContainer(bool delete_keyset)
139 : delete_keyset_(delete_keyset) {} 140 : delete_keyset_(delete_keyset) {}
140 141
141 ~KeyContainer() { 142 ~KeyContainer() {
142 if (provider_) { 143 if (provider_) {
143 provider_.reset(); 144 provider_.reset();
144 if (delete_keyset_ && !key_id_.empty()) { 145 if (delete_keyset_ && !key_id_.empty()) {
145 HCRYPTPROV provider; 146 HCRYPTPROV provider;
146 base::CryptAcquireContextLocked(&provider, key_id_.c_str(), NULL, 147 crypto::CryptAcquireContextLocked(&provider, key_id_.c_str(), NULL,
147 PROV_RSA_FULL, CRYPT_SILENT | CRYPT_DELETEKEYSET); 148 PROV_RSA_FULL, CRYPT_SILENT | CRYPT_DELETEKEYSET);
148 } 149 }
149 } 150 }
150 } 151 }
151 152
152 base::ScopedHCRYPTPROV provider_; 153 crypto::ScopedHCRYPTPROV provider_;
153 std::wstring key_id_; 154 std::wstring key_id_;
154 155
155 private: 156 private:
156 bool delete_keyset_; 157 bool delete_keyset_;
157 }; 158 };
158 159
159 std::string KeygenHandler::GenKeyAndSignChallenge() { 160 std::string KeygenHandler::GenKeyAndSignChallenge() {
160 KeyContainer key_container(!stores_key_); 161 KeyContainer key_container(!stores_key_);
161 162
162 // TODO(rsleevi): Have the user choose which provider they should use, which 163 // TODO(rsleevi): Have the user choose which provider they should use, which
163 // needs to be filtered by those providers which can provide the key type 164 // needs to be filtered by those providers which can provide the key type
164 // requested or the key size requested. This is especially important for 165 // requested or the key size requested. This is especially important for
165 // generating certificates that will be stored on smart cards. 166 // generating certificates that will be stored on smart cards.
166 const int kMaxAttempts = 5; 167 const int kMaxAttempts = 5;
167 int attempt; 168 int attempt;
168 for (attempt = 0; attempt < kMaxAttempts; ++attempt) { 169 for (attempt = 0; attempt < kMaxAttempts; ++attempt) {
169 // Per MSDN documentation for CryptAcquireContext, if applications will be 170 // Per MSDN documentation for CryptAcquireContext, if applications will be
170 // creating their own keys, they should ensure unique naming schemes to 171 // creating their own keys, they should ensure unique naming schemes to
171 // prevent overlap with any other applications or consumers of CSPs, and 172 // prevent overlap with any other applications or consumers of CSPs, and
172 // *should not* store new keys within the default, NULL key container. 173 // *should not* store new keys within the default, NULL key container.
173 key_container.key_id_ = GetNewKeyContainerId(); 174 key_container.key_id_ = GetNewKeyContainerId();
174 if (key_container.key_id_.empty()) 175 if (key_container.key_id_.empty())
175 return std::string(); 176 return std::string();
176 177
177 // Only create new key containers, so that existing key containers are not 178 // Only create new key containers, so that existing key containers are not
178 // overwritten. 179 // overwritten.
179 if (base::CryptAcquireContextLocked(key_container.provider_.receive(), 180 if (crypto::CryptAcquireContextLocked(key_container.provider_.receive(),
180 key_container.key_id_.c_str(), NULL, PROV_RSA_FULL, 181 key_container.key_id_.c_str(), NULL, PROV_RSA_FULL,
181 CRYPT_SILENT | CRYPT_NEWKEYSET)) 182 CRYPT_SILENT | CRYPT_NEWKEYSET))
182 break; 183 break;
183 184
184 if (GetLastError() != NTE_BAD_KEYSET) { 185 if (GetLastError() != NTE_BAD_KEYSET) {
185 LOG(ERROR) << "Keygen failed: Couldn't acquire a CryptoAPI provider " 186 LOG(ERROR) << "Keygen failed: Couldn't acquire a CryptoAPI provider "
186 "context: " << GetLastError(); 187 "context: " << GetLastError();
187 return std::string(); 188 return std::string();
188 } 189 }
189 } 190 }
190 if (attempt == kMaxAttempts) { 191 if (attempt == kMaxAttempts) {
191 LOG(ERROR) << "Keygen failed: Couldn't acquire a CryptoAPI provider " 192 LOG(ERROR) << "Keygen failed: Couldn't acquire a CryptoAPI provider "
192 "context: Max retries exceeded"; 193 "context: Max retries exceeded";
193 return std::string(); 194 return std::string();
194 } 195 }
195 196
196 { 197 {
197 base::ScopedHCRYPTKEY key; 198 crypto::ScopedHCRYPTKEY key;
198 if (!CryptGenKey(key_container.provider_, CALG_RSA_KEYX, 199 if (!CryptGenKey(key_container.provider_, CALG_RSA_KEYX,
199 (key_size_in_bits_ << 16) | CRYPT_EXPORTABLE, key.receive())) { 200 (key_size_in_bits_ << 16) | CRYPT_EXPORTABLE, key.receive())) {
200 LOG(ERROR) << "Keygen failed: Couldn't generate an RSA key"; 201 LOG(ERROR) << "Keygen failed: Couldn't generate an RSA key";
201 return std::string(); 202 return std::string();
202 } 203 }
203 204
204 std::string spkac; 205 std::string spkac;
205 if (!GetSignedPublicKeyAndChallenge(key_container.provider_, challenge_, 206 if (!GetSignedPublicKeyAndChallenge(key_container.provider_, challenge_,
206 &spkac)) { 207 &spkac)) {
207 LOG(ERROR) << "Keygen failed: Couldn't generate the signed public key " 208 LOG(ERROR) << "Keygen failed: Couldn't generate the signed public key "
208 "and challenge"; 209 "and challenge";
209 return std::string(); 210 return std::string();
210 } 211 }
211 212
212 std::string result; 213 std::string result;
213 if (!base::Base64Encode(spkac, &result)) { 214 if (!base::Base64Encode(spkac, &result)) {
214 LOG(ERROR) << "Keygen failed: Couldn't convert signed key into base64"; 215 LOG(ERROR) << "Keygen failed: Couldn't convert signed key into base64";
215 return std::string(); 216 return std::string();
216 } 217 }
217 218
218 VLOG(1) << "Keygen succeeded"; 219 VLOG(1) << "Keygen succeeded";
219 return result; 220 return result;
220 } 221 }
221 } 222 }
222 223
223 } // namespace net 224 } // namespace net
OLDNEW
« no previous file with comments | « net/base/keygen_handler_unittest.cc ('k') | net/base/openssl_memory_private_key_store.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698