Chromium Code Reviews Chromium Code Reviews
Issue 1742873002:
Switch //net to the new SPKI and PKCS#8 APIs. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@spki-crypto| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/keygen_handler.h" | 5 #include "net/base/keygen_handler.h" |
| 6 | 6 |
| 7 #include <Security/SecAsn1Coder.h> | 7 #include <Security/SecAsn1Coder.h> |
| 8 #include <Security/SecAsn1Templates.h> | 8 #include <Security/SecAsn1Templates.h> |
| 9 #include <Security/Security.h> | 9 #include <Security/Security.h> |
| 10 | 10 |
| (...skipping 130 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 141 } | 141 } |
| 142 base::ScopedCFTypeRef<CFDataRef> scoped_key_data(key_data); | 142 base::ScopedCFTypeRef<CFDataRef> scoped_key_data(key_data); |
| 143 | 143 |
| 144 // Create an ASN.1 encoder. | 144 // Create an ASN.1 encoder. |
| 145 err = SecAsn1CoderCreate(&coder); | 145 err = SecAsn1CoderCreate(&coder); |
| 146 if (err) { | 146 if (err) { |
| 147 crypto::LogCSSMError("SecAsn1CoderCreate", err); | 147 crypto::LogCSSMError("SecAsn1CoderCreate", err); |
| 148 goto failure; | 148 goto failure; |
| 149 } | 149 } |
| 150 | 150 |
| 151 // The DER encoding of a NULL. | |
| 152 static const uint8_t kNullDer[] = {0x05, 0x00}; | |
| 153 | |
| 151 // Fill in and DER-encode the PublicKeyAndChallenge: | 154 // Fill in and DER-encode the PublicKeyAndChallenge: |
| 152 SignedPublicKeyAndChallenge spkac; | 155 SignedPublicKeyAndChallenge spkac; |
| 153 memset(&spkac, 0, sizeof(spkac)); | 156 memset(&spkac, 0, sizeof(spkac)); |
| 154 spkac.pkac.spki.algorithm.algorithm = CSSMOID_RSA; | 157 spkac.pkac.spki.algorithm.algorithm = CSSMOID_RSA; |
| 158 spkac.pkac.spki.algorithm.parameters.Data = const_cast<uint8_t*>(kNullDer); | |
| 159 spkac.pkac.spki.algorithm.parameters.Length = sizeof(kNullDer); | |
|
davidben
2016/03/03 16:22:31
(We could also reimplement this whole thing in CBB
| |
| 155 spkac.pkac.spki.subjectPublicKey.Length = | 160 spkac.pkac.spki.subjectPublicKey.Length = |
| 156 CFDataGetLength(key_data) * 8; // interpreted as a _bit_ count | 161 CFDataGetLength(key_data) * 8; // interpreted as a _bit_ count |
| 157 spkac.pkac.spki.subjectPublicKey.Data = | 162 spkac.pkac.spki.subjectPublicKey.Data = |
| 158 const_cast<uint8_t*>(CFDataGetBytePtr(key_data)); | 163 const_cast<uint8_t*>(CFDataGetBytePtr(key_data)); |
| 159 spkac.pkac.challenge_string.Length = challenge_.length(); | 164 spkac.pkac.challenge_string.Length = challenge_.length(); |
| 160 spkac.pkac.challenge_string.Data = | 165 spkac.pkac.challenge_string.Data = |
| 161 reinterpret_cast<uint8_t*>(const_cast<char*>(challenge_.data())); | 166 reinterpret_cast<uint8_t*>(const_cast<char*>(challenge_.data())); |
| 162 | 167 |
| 163 CSSM_DATA encoded; | 168 CSSM_DATA encoded; |
| 164 err = SecAsn1EncodeItem(coder, &spkac.pkac, | 169 err = SecAsn1EncodeItem(coder, &spkac.pkac, |
| 165 kPublicKeyAndChallengeTemplate, &encoded); | 170 kPublicKeyAndChallengeTemplate, &encoded); |
| 166 if (err) { | 171 if (err) { |
| 167 crypto::LogCSSMError("SecAsn1EncodeItem", err); | 172 crypto::LogCSSMError("SecAsn1EncodeItem", err); |
| 168 goto failure; | 173 goto failure; |
| 169 } | 174 } |
| 170 | 175 |
| 171 // Compute a signature of the result: | 176 // Compute a signature of the result: |
| 172 err = SignData(encoded, private_key, &signature); | 177 err = SignData(encoded, private_key, &signature); |
| 173 if (err) | 178 if (err) |
| 174 goto failure; | 179 goto failure; |
| 175 spkac.signature.Data = signature.Data; | 180 spkac.signature.Data = signature.Data; |
| 176 spkac.signature.Length = signature.Length * 8; // a _bit_ count | 181 spkac.signature.Length = signature.Length * 8; // a _bit_ count |
| 177 spkac.signature_algorithm.algorithm = CSSMOID_MD5WithRSA; | 182 spkac.signature_algorithm.algorithm = CSSMOID_MD5WithRSA; |
| 183 spkac.signature_algorithm.parameters.Data = const_cast<uint8_t*>(kNullDer); | |
| 184 spkac.signature_algorithm.parameters.Length = sizeof(kNullDer); | |
| 178 // TODO(snej): MD5 is weak. Can we use SHA1 instead? | 185 // TODO(snej): MD5 is weak. Can we use SHA1 instead? |
| 179 // See <https://bugzilla.mozilla.org/show_bug.cgi?id=549460> | 186 // See <https://bugzilla.mozilla.org/show_bug.cgi?id=549460> |
| 180 | 187 |
| 181 // DER-encode the entire SignedPublicKeyAndChallenge: | 188 // DER-encode the entire SignedPublicKeyAndChallenge: |
| 182 err = SecAsn1EncodeItem(coder, &spkac, | 189 err = SecAsn1EncodeItem(coder, &spkac, |
| 183 kSignedPublicKeyAndChallengeTemplate, &encoded); | 190 kSignedPublicKeyAndChallengeTemplate, &encoded); |
| 184 if (err) { | 191 if (err) { |
| 185 crypto::LogCSSMError("SecAsn1EncodeItem", err); | 192 crypto::LogCSSMError("SecAsn1EncodeItem", err); |
| 186 goto failure; | 193 goto failure; |
| 187 } | 194 } |
| (...skipping 128 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 316 return err; | 323 return err; |
| 317 } | 324 } |
| 318 err = CSSM_SignData(cc_handle, &data, 1, CSSM_ALGID_NONE, signature); | 325 err = CSSM_SignData(cc_handle, &data, 1, CSSM_ALGID_NONE, signature); |
| 319 if (err) | 326 if (err) |
| 320 crypto::LogCSSMError("CSSM_SignData", err); | 327 crypto::LogCSSMError("CSSM_SignData", err); |
| 321 CSSM_DeleteContext(cc_handle); | 328 CSSM_DeleteContext(cc_handle); |
| 322 return err; | 329 return err; |
| 323 } | 330 } |
| 324 | 331 |
| 325 } // namespace net | 332 } // namespace net |
| OLD | NEW |
