Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(16)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: crypto/ec_private_key_nss.cc

Issue 8662036: Support EC certs in OriginBoundCertService and OriginBoundCertStore. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: review changes Created 9 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« crypto/ec_private_key.h ('K') | « crypto/ec_private_key.h ('k') | net/base/default_origin_bound_cert_store.h » ('j') | net/base/origin_bound_cert_service.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: crypto/ec_private_key_nss.cc
diff --git a/crypto/ec_private_key_nss.cc b/crypto/ec_private_key_nss.cc
index cc46101124cc10e1e74c18b79da2b9206f580c6b..f78243d3c15ddde2d1921a2ff5fe360eb31abe50 100644
--- a/crypto/ec_private_key_nss.cc
+++ b/crypto/ec_private_key_nss.cc
@@ -104,6 +104,75 @@ ECPrivateKey* ECPrivateKey::CreateSensitiveFromEncryptedPrivateKeyInfo(
#endif
}
+// static
+bool ECPrivateKey::ImportFromEncryptedPrivateKeyInfo(
+ const std::string& password,
+ const std::vector<uint8>& encrypted_private_key_info,
+ CERTSubjectPublicKeyInfo* decoded_spki,
+ bool permanent,
+ bool sensitive,
+ SECKEYPrivateKey** key,
+ SECKEYPublicKey** public_key) {
+ ScopedPK11Slot slot(GetPrivateNSSKeySlot());
+ if (!slot.get())
+ return false;
+
+ *public_key = SECKEY_ExtractPublicKey(decoded_spki);
+
+ if (!*public_key) {
+ DLOG(ERROR) << "SECKEY_ExtractPublicKey: " << PORT_GetError();
+ return false;
+ }
+
+ SECItem encoded_epki = {
+ siBuffer,
+ const_cast<unsigned char*>(&encrypted_private_key_info[0]),
+ encrypted_private_key_info.size()
+ };
+ SECKEYEncryptedPrivateKeyInfo epki;
+ memset(&epki, 0, sizeof(epki));
+
+ ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
+
+ SECStatus rv = SEC_QuickDERDecodeItem(
+ arena.get(),
+ &epki,
+ SEC_ASN1_GET(SECKEY_EncryptedPrivateKeyInfoTemplate),
+ &encoded_epki);
+ if (rv != SECSuccess) {
+ DLOG(ERROR) << "SEC_QuickDERDecodeItem: " << PORT_GetError();
+ SECKEY_DestroyPublicKey(*public_key);
+ *public_key = NULL;
+ return false;
+ }
+
+ SECItem password_item = {
+ siBuffer,
+ reinterpret_cast<unsigned char*>(const_cast<char*>(password.data())),
+ password.size()
+ };
+
+ rv = ImportEncryptedECPrivateKeyInfoAndReturnKey(
+ slot.get(),
+ &epki,
+ &password_item,
+ NULL, // nickname
+ &(*public_key)->u.ec.publicValue,
+ permanent,
+ sensitive,
+ key,
+ NULL); // wincx
+ if (rv != SECSuccess) {
+ DLOG(ERROR) << "ImportEncryptedECPrivateKeyInfoAndReturnKey: "
+ << PORT_GetError();
+ SECKEY_DestroyPublicKey(*public_key);
+ *public_key = NULL;
+ return false;
+ }
+
+ return true;
+}
+
bool ECPrivateKey::ExportEncryptedPrivateKey(
const std::string& password,
int iterations,
@@ -227,10 +296,6 @@ ECPrivateKey* ECPrivateKey::CreateFromEncryptedPrivateKeyInfoWithParams(
scoped_ptr<ECPrivateKey> result(new ECPrivateKey);
- ScopedPK11Slot slot(GetPrivateNSSKeySlot());
- if (!slot.get())
- return NULL;
-
SECItem encoded_spki = {
siBuffer,
const_cast<unsigned char*>(&subject_public_key_info[0]),
@@ -243,58 +308,16 @@ ECPrivateKey* ECPrivateKey::CreateFromEncryptedPrivateKeyInfoWithParams(
return NULL;
}
- result->public_key_ = SECKEY_ExtractPublicKey(decoded_spki);
+ bool success = ECPrivateKey::ImportFromEncryptedPrivateKeyInfo(
+ password, encrypted_private_key_info, decoded_spki, permanent, sensitive,
+ &result->key_, &result->public_key_);
SECKEY_DestroySubjectPublicKeyInfo(decoded_spki);
- if (!result->public_key_) {
- DLOG(ERROR) << "SECKEY_ExtractPublicKey: " << PORT_GetError();
- return NULL;
- }
-
- SECItem encoded_epki = {
- siBuffer,
- const_cast<unsigned char*>(&encrypted_private_key_info[0]),
- encrypted_private_key_info.size()
- };
- SECKEYEncryptedPrivateKeyInfo epki;
- memset(&epki, 0, sizeof(epki));
-
- ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
+ if (success)
+ return result.release();
- SECStatus rv = SEC_QuickDERDecodeItem(
- arena.get(),
- &epki,
- SEC_ASN1_GET(SECKEY_EncryptedPrivateKeyInfoTemplate),
- &encoded_epki);
- if (rv != SECSuccess) {
- DLOG(ERROR) << "SEC_ASN1DecodeItem: " << PORT_GetError();
- return NULL;
- }
-
- SECItem password_item = {
- siBuffer,
- reinterpret_cast<unsigned char*>(const_cast<char*>(password.data())),
- password.size()
- };
-
- rv = ImportEncryptedECPrivateKeyInfoAndReturnKey(
- slot.get(),
- &epki,
- &password_item,
- NULL, // nickname
- &result->public_key_->u.ec.publicValue,
- permanent,
- sensitive,
- &result->key_,
- NULL); // wincx
- if (rv != SECSuccess) {
- DLOG(ERROR) << "ImportEncryptedECPrivateKeyInfoAndReturnKey: "
- << PORT_GetError();
- return NULL;
- }
-
- return result.release();
+ return NULL;
}
} // namespace crypto
« crypto/ec_private_key.h ('K') | « crypto/ec_private_key.h ('k') | net/base/default_origin_bound_cert_store.h » ('j') | net/base/origin_bound_cert_service.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698