| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <openssl/bytestring.h> | 5 #include <openssl/bytestring.h> |
| 6 #include <openssl/digest.h> | 6 #include <openssl/digest.h> |
| 7 #include <openssl/evp.h> | 7 #include <openssl/evp.h> |
| 8 #include <openssl/mem.h> | 8 #include <openssl/mem.h> |
| 9 #include <stdint.h> | 9 #include <stdint.h> |
| 10 | 10 |
| 11 #include <memory> | 11 #include <memory> |
| 12 | 12 |
| 13 #include "base/base64.h" | 13 #include "base/base64.h" |
| 14 #include "base/location.h" | 14 #include "base/location.h" |
| 15 #include "base/logging.h" | 15 #include "base/logging.h" |
| 16 #include "base/strings/string_piece.h" | 16 #include "base/strings/string_piece.h" |
| 17 #include "crypto/auto_cbb.h" | |
| 18 #include "crypto/openssl_util.h" | 17 #include "crypto/openssl_util.h" |
| 19 #include "crypto/rsa_private_key.h" | 18 #include "crypto/rsa_private_key.h" |
| 20 #include "crypto/scoped_openssl_types.h" | |
| 21 #include "net/base/keygen_handler.h" | 19 #include "net/base/keygen_handler.h" |
| 22 #include "net/base/openssl_private_key_store.h" | 20 #include "net/base/openssl_private_key_store.h" |
| 23 | 21 |
| 24 namespace net { | 22 namespace net { |
| 25 | 23 |
| 26 std::string KeygenHandler::GenKeyAndSignChallenge() { | 24 std::string KeygenHandler::GenKeyAndSignChallenge() { |
| 27 std::unique_ptr<crypto::RSAPrivateKey> key( | 25 std::unique_ptr<crypto::RSAPrivateKey> key( |
| 28 crypto::RSAPrivateKey::Create(key_size_in_bits_)); | 26 crypto::RSAPrivateKey::Create(key_size_in_bits_)); |
| 29 EVP_PKEY* pkey = key->key(); | 27 EVP_PKEY* pkey = key->key(); |
| 30 | 28 |
| (...skipping 16 matching lines...) Expand all Loading... |
| 47 // | 45 // |
| 48 // The signature is over the PublicKeyAndChallenge. | 46 // The signature is over the PublicKeyAndChallenge. |
| 49 | 47 |
| 50 // TODO(davidben): If we gain another consumer, factor this code out into | 48 // TODO(davidben): If we gain another consumer, factor this code out into |
| 51 // shared logic, sharing OID definitions with the verifier, to support signing | 49 // shared logic, sharing OID definitions with the verifier, to support signing |
| 52 // other X.509-style structures. | 50 // other X.509-style structures. |
| 53 | 51 |
| 54 crypto::OpenSSLErrStackTracer tracer(FROM_HERE); | 52 crypto::OpenSSLErrStackTracer tracer(FROM_HERE); |
| 55 | 53 |
| 56 // Serialize up to the PublicKeyAndChallenge. | 54 // Serialize up to the PublicKeyAndChallenge. |
| 57 crypto::AutoCBB cbb; | 55 bssl::ScopedCBB cbb; |
| 58 CBB spkac, public_key_and_challenge, challenge; | 56 CBB spkac, public_key_and_challenge, challenge; |
| 59 if (!CBB_init(cbb.get(), 0) || | 57 if (!CBB_init(cbb.get(), 0) || |
| 60 !CBB_add_asn1(cbb.get(), &spkac, CBS_ASN1_SEQUENCE) || | 58 !CBB_add_asn1(cbb.get(), &spkac, CBS_ASN1_SEQUENCE) || |
| 61 !CBB_add_asn1(&spkac, &public_key_and_challenge, CBS_ASN1_SEQUENCE) || | 59 !CBB_add_asn1(&spkac, &public_key_and_challenge, CBS_ASN1_SEQUENCE) || |
| 62 !EVP_marshal_public_key(&public_key_and_challenge, pkey) || | 60 !EVP_marshal_public_key(&public_key_and_challenge, pkey) || |
| 63 !CBB_add_asn1(&public_key_and_challenge, &challenge, | 61 !CBB_add_asn1(&public_key_and_challenge, &challenge, |
| 64 CBS_ASN1_IA5STRING) || | 62 CBS_ASN1_IA5STRING) || |
| 65 !CBB_add_bytes(&challenge, | 63 !CBB_add_bytes(&challenge, |
| 66 reinterpret_cast<const uint8_t*>(challenge_.data()), | 64 reinterpret_cast<const uint8_t*>(challenge_.data()), |
| 67 challenge_.size()) || | 65 challenge_.size()) || |
| 68 !CBB_flush(&spkac)) { | 66 !CBB_flush(&spkac)) { |
| 69 return std::string(); | 67 return std::string(); |
| 70 } | 68 } |
| 71 | 69 |
| 72 // Hash what's been written so far. | 70 // Hash what's been written so far. |
| 73 crypto::ScopedEVP_MD_CTX ctx(EVP_MD_CTX_create()); | 71 bssl::ScopedEVP_MD_CTX ctx; |
| 74 if (!EVP_DigestSignInit(ctx.get(), nullptr, EVP_md5(), nullptr, pkey) || | 72 if (!EVP_DigestSignInit(ctx.get(), nullptr, EVP_md5(), nullptr, pkey) || |
| 75 !EVP_DigestSignUpdate(ctx.get(), CBB_data(&spkac), CBB_len(&spkac))) { | 73 !EVP_DigestSignUpdate(ctx.get(), CBB_data(&spkac), CBB_len(&spkac))) { |
| 76 return std::string(); | 74 return std::string(); |
| 77 } | 75 } |
| 78 | 76 |
| 79 // The DER encoding of 1.2.840.113549.1.1.4, MD5 with RSA encryption. | 77 // The DER encoding of 1.2.840.113549.1.1.4, MD5 with RSA encryption. |
| 80 static const uint8_t kMd5WithRsaEncryption[] = { | 78 static const uint8_t kMd5WithRsaEncryption[] = { |
| 81 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x04, | 79 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x04, |
| 82 }; | 80 }; |
| 83 | 81 |
| (...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 115 return std::string(); | 113 return std::string(); |
| 116 } | 114 } |
| 117 std::string result; | 115 std::string result; |
| 118 base::Base64Encode( | 116 base::Base64Encode( |
| 119 base::StringPiece(reinterpret_cast<const char*>(der), der_len), &result); | 117 base::StringPiece(reinterpret_cast<const char*>(der), der_len), &result); |
| 120 OPENSSL_free(der); | 118 OPENSSL_free(der); |
| 121 return result; | 119 return result; |
| 122 } | 120 } |
| 123 | 121 |
| 124 } // namespace net | 122 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2400033005:
Use BoringSSL scopers in //net. (Closed)
