Switch //net to the new SPKI and PKCS#8 APIs.

net/base/keygen_handler_openssl.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/base/keygen_handler.h"
 
+#include <openssl/bytestring.h>
+#include <openssl/digest.h>
+#include <openssl/evp.h>
 #include <openssl/mem.h>
-#include <openssl/ssl.h>
+#include <stdint.h>
 
+#include "base/base64.h"
+#include "base/location.h"
 #include "base/logging.h"
 #include "base/memory/scoped_ptr.h"
+#include "base/strings/string_piece.h"
+#include "crypto/auto_cbb.h"
 #include "crypto/openssl_util.h"
 #include "crypto/rsa_private_key.h"
 #include "crypto/scoped_openssl_types.h"
 #include "net/base/openssl_private_key_store.h"
 
 namespace net {
 
 std::string KeygenHandler::GenKeyAndSignChallenge() {
   scoped_ptr<crypto::RSAPrivateKey> key(
       crypto::RSAPrivateKey::Create(key_size_in_bits_));
   EVP_PKEY* pkey = key->key();
 
   if (stores_key_)
     OpenSSLPrivateKeyStore::StoreKeyPair(url_, pkey);
 
-  crypto::ScopedOpenSSL<NETSCAPE_SPKI, NETSCAPE_SPKI_free> spki(
-      NETSCAPE_SPKI_new());
-  ASN1_STRING_set(spki.get()->spkac->challenge,
-                  challenge_.data(), challenge_.size());
-  NETSCAPE_SPKI_set_pubkey(spki.get(), pkey);
-  // Using MD5 as this is what is required in HTML5, even though the SPKI
-  // structure does allow the use of a SHA-1 signature.
-  NETSCAPE_SPKI_sign(spki.get(), pkey, EVP_md5());
-  char* spkistr = NETSCAPE_SPKI_b64_encode(spki.get());
+  // Serialize the following structure, from
+  // https://developer.mozilla.org/en-US/docs/Web/HTML/Element/keygen.
+  //
+  //   PublicKeyAndChallenge ::= SEQUENCE {
+  //       spki SubjectPublicKeyInfo,
+  //       challenge IA5STRING
+  //   }
+  //
+  //   SignedPublicKeyAndChallenge ::= SEQUENCE {
+  //       publicKeyAndChallenge PublicKeyAndChallenge,
+  //       signatureAlgorithm AlgorithmIdentifier,
+  //       signature BIT STRING
+  //   }
+  //
+  // The signature is over the PublicKeyAndChallenge.
 
-  std::string result(spkistr);
-  OPENSSL_free(spkistr);
+  // TODO(davidben): If we gain another consumer, factor this code out into
+  // shared logic, sharing OID definitions with the verifier, to support signing
+  // other X.509-style structures.
 
+  crypto::OpenSSLErrStackTracer tracer(FROM_HERE);
+
+  // Serialize up to the PublicKeyAndChallenge.
+  crypto::AutoCBB cbb;
+  CBB spkac, public_key_and_challenge, challenge;
+  if (!CBB_init(cbb.get(), 0) ||
+      !CBB_add_asn1(cbb.get(), &spkac, CBS_ASN1_SEQUENCE) ||
+      !CBB_add_asn1(&spkac, &public_key_and_challenge, CBS_ASN1_SEQUENCE) ||
+      !EVP_marshal_public_key(&public_key_and_challenge, pkey) ||
+      !CBB_add_asn1(&public_key_and_challenge, &challenge,
+                    CBS_ASN1_IA5STRING) ||
+      !CBB_add_bytes(&challenge,
+                     reinterpret_cast<const uint8_t*>(challenge_.data()),
+                     challenge_.size()) ||
+      !CBB_flush(&spkac)) {
+    return std::string();
+  }
+
+  // Hash what's been written so far.
+  crypto::ScopedEVP_MD_CTX ctx(EVP_MD_CTX_create());
+  if (!EVP_DigestSignInit(ctx.get(), nullptr, EVP_md5(), nullptr, pkey) ||
+      !EVP_DigestSignUpdate(ctx.get(), CBB_data(&spkac), CBB_len(&spkac))) {
+    return std::string();
+  }
+
+  // The DER encoding of 1.2.840.113549.1.1.4, MD5 with RSA encryption.
+  static const uint8_t kMd5WithRsaEncryption[] = {
+      0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x04,
+  };
+
+  // Write the signatureAlgorithm.
+  CBB algorithm, oid, null;
+  if (!CBB_add_asn1(&spkac, &algorithm, CBS_ASN1_SEQUENCE) ||
+      !CBB_add_asn1(&algorithm, &oid, CBS_ASN1_OBJECT) ||
+      !CBB_add_bytes(&oid, kMd5WithRsaEncryption,
+                     sizeof(kMd5WithRsaEncryption)) ||
+      !CBB_add_asn1(&algorithm, &null, CBS_ASN1_NULL)) {
+    return std::string();
+  }
+
+  // Compute and write the signature. Note that X.509 signatures, although
+  // always byte strings for RSA, are encoded as BIT STRINGS with a multiple of
+  // 8 bits.
+  CBB sig_bitstring;
+  uint8_t* sig;
+  size_t sig_len;
+  if (!CBB_add_asn1(&spkac, &sig_bitstring, CBS_ASN1_BITSTRING) ||
+      !CBB_add_u8(&sig_bitstring, 0 /* no unused bits */) ||
+      // Determine the maximum length of the signature.
+      !EVP_DigestSignFinal(ctx.get(), nullptr, &sig_len) ||
+      // Reserve |sig_len| bytes and write the signature to |spkac|.
+      !CBB_reserve(&sig_bitstring, &sig, sig_len) ||
+      !EVP_DigestSignFinal(ctx.get(), sig, &sig_len) ||
+      !CBB_did_write(&sig_bitstring, sig_len)) {
+    return std::string();
+  }
+
+  // Finally, the structure is base64-encoded.
+  uint8_t* der;
+  size_t der_len;
+  if (!CBB_finish(cbb.get(), &der, &der_len)) {
+    return std::string();
+  }
+  std::string result;
+  base::Base64Encode(
+      base::StringPiece(reinterpret_cast<const char*>(der), der_len), &result);
+  OPENSSL_free(der);
   return result;
 }
 
 }  // namespace net
-