Report curve types in ECDSA SSLPrivateKeys.

net/ssl/ssl_platform_key_win.cc

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/ssl/ssl_platform_key.h"
 
 #include <windows.h>
 #include <NCrypt.h>
 
 #include <algorithm>
 #include <string>
 #include <utility>
 #include <vector>
 
 #include <openssl/bn.h>
 #include <openssl/ecdsa.h>
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 
 #include "base/logging.h"
 #include "base/macros.h"
 #include "base/sequenced_task_runner.h"
 #include "crypto/openssl_util.h"
 #include "crypto/scoped_capi_types.h"
 #include "crypto/wincrypt_shim.h"
 #include "net/base/net_errors.h"
 #include "net/cert/x509_certificate.h"
-#include "net/ssl/ssl_platform_key_task_runner.h"
+#include "net/ssl/ssl_platform_key_util.h"
 #include "net/ssl/ssl_private_key.h"
 #include "net/ssl/threaded_ssl_private_key.h"
 
 namespace net {
 
 namespace {
 
 class SSLPlatformKeyCAPI : public ThreadedSSLPrivateKey::Delegate {
  public:
   // Takes ownership of |provider|.
@@ skipping 165 matching lines @@
         const_cast<BYTE*>(reinterpret_cast<const BYTE*>(input.data())),
         input.size(), signature->data(), signature_len, &signature_len, flags);
     if (FAILED(status)) {
       LOG(ERROR) << "NCryptSignHash failed: " << status;
       return ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED;
     }
     signature->resize(signature_len);
 
     // CNG emits raw ECDSA signatures, but BoringSSL expects a DER-encoded
     // ECDSA-Sig-Value.
-    if (type_ == SSLPrivateKey::Type::ECDSA) {
+    if (SSLPrivateKey::IsECDSAType(type_)) {
       if (signature->size() % 2 != 0) {
         LOG(ERROR) << "Bad signature length";
         return ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED;
       }
       size_t order_len = signature->size() / 2;
 
       // Convert the RAW ECDSA signature to a DER-encoded ECDSA-Sig-Value.
       bssl::UniquePtr<ECDSA_SIG> sig(ECDSA_SIG_new());
       if (!sig || !BN_bin2bn(signature->data(), order_len, sig->r) ||
           !BN_bin2bn(signature->data() + order_len, order_len, sig->s)) {
@@ skipping 15 matching lines @@
   }
 
  private:
   NCRYPT_KEY_HANDLE key_;
   SSLPrivateKey::Type type_;
   size_t max_length_;
 
   DISALLOW_COPY_AND_ASSIGN(SSLPlatformKeyCNG);
 };
 
-// Determines the key type and maximum signature length of |certificate|'s
-// public key.
-bool GetKeyInfo(const X509Certificate* certificate,
-                SSLPrivateKey::Type* out_type,
-                size_t* out_max_length) {
-  crypto::OpenSSLErrStackTracer tracker(FROM_HERE);
-
-  std::string der_encoded;
-  if (!X509Certificate::GetDEREncoded(certificate->os_cert_handle(),
-                                      &der_encoded))
-    return false;
-  const uint8_t* bytes = reinterpret_cast<const uint8_t*>(der_encoded.data());
-  bssl::UniquePtr<X509> x509(d2i_X509(nullptr, &bytes, der_encoded.size()));
-  if (!x509)
-    return false;
-  bssl::UniquePtr<EVP_PKEY> key(X509_get_pubkey(x509.get()));
-  if (!key)
-    return false;
-  switch (EVP_PKEY_id(key.get())) {
-    case EVP_PKEY_RSA:
-      *out_type = SSLPrivateKey::Type::RSA;
-      break;
-    case EVP_PKEY_EC:
-      *out_type = SSLPrivateKey::Type::ECDSA;
-      break;
-    default:
-      return false;
-  }
-  *out_max_length = EVP_PKEY_size(key.get());
-  return true;
-}
-
 }  // namespace
 
 scoped_refptr<SSLPrivateKey> FetchClientCertPrivateKey(
     X509Certificate* certificate) {
   // Rather than query the private key for metadata, extract the public key from
   // the certificate without using Windows APIs. CAPI and CNG do not
   // consistently work depending on the system. See https://crbug.com/468345.
   SSLPrivateKey::Type key_type;
   size_t max_length;
-  if (!GetKeyInfo(certificate, &key_type, &max_length))
+  if (!GetClientCertInfo(certificate, &key_type, &max_length))
     return nullptr;
 
   PCCERT_CONTEXT cert_context = certificate->os_cert_handle();
 
   HCRYPTPROV_OR_NCRYPT_KEY_HANDLE prov_or_key = 0;
   DWORD key_spec = 0;
   BOOL must_free = FALSE;
   DWORD flags = CRYPT_ACQUIRE_PREFER_NCRYPT_KEY_FLAG;
 
   if (!CryptAcquireCertificatePrivateKey(cert_context, flags, nullptr,
@@ skipping 11 matching lines @@
     delegate.reset(new SSLPlatformKeyCNG(prov_or_key, key_type, max_length));
   } else {
     DCHECK(SSLPrivateKey::Type::RSA == key_type);
     delegate.reset(new SSLPlatformKeyCAPI(prov_or_key, key_spec, max_length));
   }
   return make_scoped_refptr(new ThreadedSSLPrivateKey(
       std::move(delegate), GetSSLPlatformKeyTaskRunner()));
 }
 
 }  // namespace net