Add a utility method to convert SPKI from DER to JWK, so far implemented only for EC P256v1 (which …

net/cert/x509_util_nss.cc

Index: net/cert/x509_util_nss.cc
diff --git a/net/cert/x509_util_nss.cc b/net/cert/x509_util_nss.cc
index f8fbd6feda93707dbc551c3e2c939072f7ec3969..28b2d01f7fc40893b65f1aae67336a784f707387 100644
--- a/net/cert/x509_util_nss.cc
+++ b/net/cert/x509_util_nss.cc
@@ -15,12 +15,14 @@
 #include <secmod.h>
 #include <secport.h>
 
+#include "base/base64.h"
 #include "base/debug/leak_annotations.h"
 #include "base/logging.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/memory/singleton.h"
 #include "base/pickle.h"
 #include "base/strings/stringprintf.h"
+#include "base/values.h"
 #include "crypto/ec_private_key.h"
 #include "crypto/nss_util.h"
 #include "crypto/nss_util_internal.h"
@@ -354,6 +356,91 @@ bool CreateDomainBoundCertEC(crypto::ECPrivateKey* key,
   return true;
 }
 
+static bool ConvertEcPrime256v1PublicKeyInfoToJwk(

[Ryan Sleevi, 2013/08/02 23:08:43]

Chromium prefers the unnamed namespace, especially when that's the dominant form
in the file.

Shift the static functions to line 240, and drop the statics.

+    CERTSubjectPublicKeyInfo* spki,
+    base::DictionaryValue* public_key_jwk) {
+  static const int kPrime256v1EncodingType = 4;
+  static const int kPrime256v1PublicKeyLength = 64;
+  // The public key value is encoded as 0x04 + 64 bytes of public key.
+  // For some reason NSS gives us a bogus, overly long length for the public
+  // key, but as long as there are at least enough bytes and the first byte has

[Ryan Sleevi, 2013/08/02 23:08:43]

It's only bogus until you realize that for BIT_STRING types, NSS stores the
length not as byte length but *bit* length.

See lines 1255, 1285, and 1313 of
http://mxr.mozilla.org/nss/source/lib/cryptohi/seckey.c

(Yes, subtle...)
You can see this with the macro DER_ConvertBitString in
http://mxr.mozilla.org/nss/source/lib/util/secdert.h#124 (although this mutates
the item in place)

eg: see also http://mxr.mozilla.org/nss/source/lib/cryptohi/seckey.c#268

+  // the correct value, treat the remaining 64 bytes as the public key.
+  //
+  if (spki->subjectPublicKey.len < kPrime256v1PublicKeyLength + 1 ||
+      spki->subjectPublicKey.data[0] != kPrime256v1EncodingType)
+    return false;
+
+  public_key_jwk->SetString(std::string("alg"), std::string("EC"));
+  public_key_jwk->SetString(std::string("crv"), std::string("P-256"));

[Ryan Sleevi, 2013/08/02 23:08:43]

Remove the explicit std::string constructors - let implicit conversion handle
this.

public_key_jwk->SetString("alg", "EC");
public_key_jwk->SetString("crv", "P-256");

+
+  base::StringPiece x(
+      reinterpret_cast<char*>(spki->subjectPublicKey.data + 1),
+      kPrime256v1PublicKeyLength / 2);
+  std::string x_b64;
+  base::Base64Encode(x, &x_b64);
+  public_key_jwk->SetString(std::string("x"), x_b64);
+
+  base::StringPiece y(
+      reinterpret_cast<char*>(spki->subjectPublicKey.data + 1 +
+                              kPrime256v1PublicKeyLength / 2),
+      kPrime256v1PublicKeyLength / 2);
+  std::string y_b64;
+  base::Base64Encode(y, &y_b64);
+  public_key_jwk->SetString(std::string("y"), y_b64);
+  return true;
+}
+
+static bool ConvertEcPublicKeyInfoToJwk(
+    CERTSubjectPublicKeyInfo* spki,
+    base::DictionaryValue* public_key_jwk) {
+  // 1.2.840.10045.3.1.7
+  // (iso.member-body.us.ansi-x9-62.ellipticCurve.primeCurve.prime256v1)
+  // (This includes the DER-encoded type (OID) and length: parameters can be
+  // anything, so the DER type isn't implied, and NSS includes it.)
+  static const uint8_t kPrime256v1[] = {
+    0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
+  };
+  if (spki->algorithm.parameters.len == sizeof(kPrime256v1) &&
+      !memcmp(spki->algorithm.parameters.data, kPrime256v1,
+              sizeof(kPrime256v1))) {
+    return ConvertEcPrime256v1PublicKeyInfoToJwk(spki, public_key_jwk);
+  }
+  // TODO(juanlang): other curves
+  return false;
+}
+
+bool ConvertSPKIFromDERToJWK(
+    base::StringPiece spki_der,
+    base::DictionaryValue* public_key_jwk) {
+  public_key_jwk->Clear();
+
+  SECItem sec_item;
+  sec_item.data = const_cast<unsigned char*>(
+      reinterpret_cast<const unsigned char*>(spki_der.data()));
+  sec_item.len = spki_der.size();
+  CERTSubjectPublicKeyInfo* spki =
+      SECKEY_DecodeDERSubjectPublicKeyInfo(&sec_item);
+  if (!spki)
+    return false;
+
+  // 1.2.840.10045.2
+  // (iso.member-body.us.ansi-x9-62.id-ecPublicKey)
+  // (This omits the ASN.1 encoding of the type (OID) and length: the fact that
+  // this is an OID is already clear, and NSS omits it here.)
+  static const uint8 kIdEcPublicKey[] = {
+    0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01
+  };
+  bool rv = false;
+  if (spki->algorithm.algorithm.len == sizeof(kIdEcPublicKey) &&
+      !memcmp(spki->algorithm.algorithm.data, kIdEcPublicKey,
+              sizeof(kIdEcPublicKey))) {
+    rv = ConvertEcPublicKeyInfoToJwk(spki, public_key_jwk);
+  }
+  // TODO(juanlang): other algorithms
+  SECKEY_DestroySubjectPublicKeyInfo(spki);
+  return rv;
+}
+
 #if defined(USE_NSS) || defined(OS_IOS)
 void ParsePrincipal(CERTName* name, CertPrincipal* principal) {
 // Starting in NSS 3.15, CERTGetNameFunc takes a const CERTName* argument.