OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/child/webcrypto/platform_crypto.h" | 5 #include "content/child/webcrypto/platform_crypto.h" |
6 | 6 |
7 #include <cryptohi.h> | 7 #include <cryptohi.h> |
8 #include <pk11pub.h> | 8 #include <pk11pub.h> |
9 #include <secerr.h> | 9 #include <secerr.h> |
10 #include <sechash.h> | 10 #include <sechash.h> |
(...skipping 1135 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1146 break; | 1146 break; |
1147 case blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5: | 1147 case blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5: |
1148 operation_flags = CKF_SIGN | CKF_VERIFY; | 1148 operation_flags = CKF_SIGN | CKF_VERIFY; |
1149 break; | 1149 break; |
1150 default: | 1150 default: |
1151 NOTREACHED(); | 1151 NOTREACHED(); |
1152 return Status::ErrorUnexpected(); | 1152 return Status::ErrorUnexpected(); |
1153 } | 1153 } |
1154 const CK_FLAGS operation_flags_mask = | 1154 const CK_FLAGS operation_flags_mask = |
1155 CKF_ENCRYPT | CKF_DECRYPT | CKF_SIGN | CKF_VERIFY | CKF_WRAP | CKF_UNWRAP; | 1155 CKF_ENCRYPT | CKF_DECRYPT | CKF_SIGN | CKF_VERIFY | CKF_WRAP | CKF_UNWRAP; |
1156 const PK11AttrFlags attribute_flags = 0; // Default all PK11_ATTR_ flags. | 1156 |
| 1157 // The private key must be marked as insensitive and extractable, otherwise it |
| 1158 // cannot later be exported in unencrypted form or structured-cloned. |
| 1159 const PK11AttrFlags attribute_flags = |
| 1160 PK11_ATTR_INSENSITIVE | PK11_ATTR_EXTRACTABLE; |
1157 | 1161 |
1158 // Note: NSS does not generate an sec_public_key if the call below fails, | 1162 // Note: NSS does not generate an sec_public_key if the call below fails, |
1159 // so there is no danger of a leaked sec_public_key. | 1163 // so there is no danger of a leaked sec_public_key. |
1160 SECKEYPublicKey* sec_public_key; | 1164 SECKEYPublicKey* sec_public_key; |
1161 crypto::ScopedSECKEYPrivateKey scoped_sec_private_key( | 1165 crypto::ScopedSECKEYPrivateKey scoped_sec_private_key( |
1162 PK11_GenerateKeyPairWithOpFlags(slot.get(), | 1166 PK11_GenerateKeyPairWithOpFlags(slot.get(), |
1163 CKM_RSA_PKCS_KEY_PAIR_GEN, | 1167 CKM_RSA_PKCS_KEY_PAIR_GEN, |
1164 &rsa_gen_params, | 1168 &rsa_gen_params, |
1165 &sec_public_key, | 1169 &sec_public_key, |
1166 attribute_flags, | 1170 attribute_flags, |
(...skipping 325 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1492 key_algorithm, | 1496 key_algorithm, |
1493 usage_mask); | 1497 usage_mask); |
1494 return Status::Success(); | 1498 return Status::Success(); |
1495 } | 1499 } |
1496 | 1500 |
1497 } // namespace platform | 1501 } // namespace platform |
1498 | 1502 |
1499 } // namespace webcrypto | 1503 } // namespace webcrypto |
1500 | 1504 |
1501 } // namespace content | 1505 } // namespace content |
OLD | NEW |