OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/base/keygen_handler.h" | 5 #include "net/base/keygen_handler.h" |
6 | 6 |
7 #include <Security/SecAsn1Coder.h> | 7 #include <Security/SecAsn1Coder.h> |
8 #include <Security/SecAsn1Templates.h> | 8 #include <Security/SecAsn1Templates.h> |
9 #include <Security/Security.h> | 9 #include <Security/Security.h> |
10 | 10 |
(...skipping 95 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
106 SecAccessRef initial_access = NULL; | 106 SecAccessRef initial_access = NULL; |
107 SecKeyRef public_key = NULL; | 107 SecKeyRef public_key = NULL; |
108 SecKeyRef private_key = NULL; | 108 SecKeyRef private_key = NULL; |
109 SecAsn1CoderRef coder = NULL; | 109 SecAsn1CoderRef coder = NULL; |
110 CSSM_DATA signature = {0, NULL}; | 110 CSSM_DATA signature = {0, NULL}; |
111 | 111 |
112 { | 112 { |
113 if (url_.has_host()) { | 113 if (url_.has_host()) { |
114 // TODO(davidben): Use something like "Key generated for | 114 // TODO(davidben): Use something like "Key generated for |
115 // example.com", but localize it. | 115 // example.com", but localize it. |
116 base::mac::ScopedCFTypeRef<CFStringRef> label( | 116 base::ScopedCFTypeRef<CFStringRef> label( |
117 base::SysUTF8ToCFStringRef(url_.host())); | 117 base::SysUTF8ToCFStringRef(url_.host())); |
118 // Create an initial access object to set the SecAccessRef. This | 118 // Create an initial access object to set the SecAccessRef. This |
119 // sets a label on the Keychain dialogs. Pass NULL as the second | 119 // sets a label on the Keychain dialogs. Pass NULL as the second |
120 // argument to use the default trusted list; only allow the | 120 // argument to use the default trusted list; only allow the |
121 // current application to access without user confirmation. | 121 // current application to access without user confirmation. |
122 err = SecAccessCreate(label, NULL, &initial_access); | 122 err = SecAccessCreate(label, NULL, &initial_access); |
123 // If we fail, just continue without a label. | 123 // If we fail, just continue without a label. |
124 if (err) | 124 if (err) |
125 crypto::LogCSSMError("SecAccessCreate", err); | 125 crypto::LogCSSMError("SecAccessCreate", err); |
126 } | 126 } |
127 | 127 |
128 // Create the key-pair. | 128 // Create the key-pair. |
129 err = CreateRSAKeyPair(key_size_in_bits_, initial_access, | 129 err = CreateRSAKeyPair(key_size_in_bits_, initial_access, |
130 &public_key, &private_key); | 130 &public_key, &private_key); |
131 if (err) | 131 if (err) |
132 goto failure; | 132 goto failure; |
133 | 133 |
134 // Get the public key data (DER sequence of modulus, exponent). | 134 // Get the public key data (DER sequence of modulus, exponent). |
135 CFDataRef key_data = NULL; | 135 CFDataRef key_data = NULL; |
136 err = SecKeychainItemExport(public_key, kSecFormatBSAFE, 0, NULL, | 136 err = SecKeychainItemExport(public_key, kSecFormatBSAFE, 0, NULL, |
137 &key_data); | 137 &key_data); |
138 if (err) { | 138 if (err) { |
139 crypto::LogCSSMError("SecKeychainItemExpor", err); | 139 crypto::LogCSSMError("SecKeychainItemExpor", err); |
140 goto failure; | 140 goto failure; |
141 } | 141 } |
142 base::mac::ScopedCFTypeRef<CFDataRef> scoped_key_data(key_data); | 142 base::ScopedCFTypeRef<CFDataRef> scoped_key_data(key_data); |
143 | 143 |
144 // Create an ASN.1 encoder. | 144 // Create an ASN.1 encoder. |
145 err = SecAsn1CoderCreate(&coder); | 145 err = SecAsn1CoderCreate(&coder); |
146 if (err) { | 146 if (err) { |
147 crypto::LogCSSMError("SecAsn1CoderCreate", err); | 147 crypto::LogCSSMError("SecAsn1CoderCreate", err); |
148 goto failure; | 148 goto failure; |
149 } | 149 } |
150 | 150 |
151 // Fill in and DER-encode the PublicKeyAndChallenge: | 151 // Fill in and DER-encode the PublicKeyAndChallenge: |
152 SignedPublicKeyAndChallenge spkac; | 152 SignedPublicKeyAndChallenge spkac; |
(...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
227 SecAccessRef initial_access, | 227 SecAccessRef initial_access, |
228 SecKeyRef* out_pub_key, | 228 SecKeyRef* out_pub_key, |
229 SecKeyRef* out_priv_key) { | 229 SecKeyRef* out_priv_key) { |
230 OSStatus err; | 230 OSStatus err; |
231 SecKeychainRef keychain; | 231 SecKeychainRef keychain; |
232 err = SecKeychainCopyDefault(&keychain); | 232 err = SecKeychainCopyDefault(&keychain); |
233 if (err) { | 233 if (err) { |
234 crypto::LogCSSMError("SecKeychainCopyDefault", err); | 234 crypto::LogCSSMError("SecKeychainCopyDefault", err); |
235 return err; | 235 return err; |
236 } | 236 } |
237 base::mac::ScopedCFTypeRef<SecKeychainRef> scoped_keychain(keychain); | 237 base::ScopedCFTypeRef<SecKeychainRef> scoped_keychain(keychain); |
238 { | 238 { |
239 base::AutoLock locked(crypto::GetMacSecurityServicesLock()); | 239 base::AutoLock locked(crypto::GetMacSecurityServicesLock()); |
240 err = SecKeyCreatePair( | 240 err = SecKeyCreatePair( |
241 keychain, | 241 keychain, |
242 CSSM_ALGID_RSA, | 242 CSSM_ALGID_RSA, |
243 size_in_bits, | 243 size_in_bits, |
244 0LL, | 244 0LL, |
245 // public key usage and attributes: | 245 // public key usage and attributes: |
246 CSSM_KEYUSE_ENCRYPT | CSSM_KEYUSE_VERIFY | CSSM_KEYUSE_WRAP, | 246 CSSM_KEYUSE_ENCRYPT | CSSM_KEYUSE_VERIFY | CSSM_KEYUSE_WRAP, |
247 CSSM_KEYATTR_EXTRACTABLE | CSSM_KEYATTR_PERMANENT, | 247 CSSM_KEYATTR_EXTRACTABLE | CSSM_KEYATTR_PERMANENT, |
(...skipping 68 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
316 return err; | 316 return err; |
317 } | 317 } |
318 err = CSSM_SignData(cc_handle, &data, 1, CSSM_ALGID_NONE, signature); | 318 err = CSSM_SignData(cc_handle, &data, 1, CSSM_ALGID_NONE, signature); |
319 if (err) | 319 if (err) |
320 crypto::LogCSSMError("CSSM_SignData", err); | 320 crypto::LogCSSMError("CSSM_SignData", err); |
321 CSSM_DeleteContext(cc_handle); | 321 CSSM_DeleteContext(cc_handle); |
322 return err; | 322 return err; |
323 } | 323 } |
324 | 324 |
325 } // namespace net | 325 } // namespace net |
OLD | NEW |