| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/jwk_serializer.h" | 5 #include "net/cert/jwk_serializer.h" |
| 6 | 6 |
| 7 #include <openssl/bn.h> | 7 #include <openssl/bn.h> |
| 8 #include <openssl/bytestring.h> | 8 #include <openssl/bytestring.h> |
| 9 #include <openssl/ec.h> | 9 #include <openssl/ec.h> |
| 10 #include <openssl/ec_key.h> | 10 #include <openssl/ec_key.h> |
| 11 #include <openssl/evp.h> | 11 #include <openssl/evp.h> |
| 12 | 12 |
| 13 #include "base/base64url.h" | 13 #include "base/base64url.h" |
| 14 #include "base/logging.h" | 14 #include "base/logging.h" |
| 15 #include "base/strings/string_util.h" | 15 #include "base/strings/string_util.h" |
| 16 #include "base/values.h" | 16 #include "base/values.h" |
| 17 #include "crypto/openssl_util.h" | 17 #include "crypto/openssl_util.h" |
| 18 #include "crypto/scoped_openssl_types.h" | |
| 19 | 18 |
| 20 namespace net { | 19 namespace net { |
| 21 | 20 |
| 22 namespace JwkSerializer { | 21 namespace JwkSerializer { |
| 23 | 22 |
| 24 namespace { | 23 namespace { |
| 25 | 24 |
| 26 bool ConvertEcKeyToJwk(EVP_PKEY* pkey, | 25 bool ConvertEcKeyToJwk(EVP_PKEY* pkey, |
| 27 base::DictionaryValue* public_key_jwk, | 26 base::DictionaryValue* public_key_jwk, |
| 28 const crypto::OpenSSLErrStackTracer& err_tracer) { | 27 const crypto::OpenSSLErrStackTracer& err_tracer) { |
| 29 crypto::ScopedEC_KEY ec_key(EVP_PKEY_get1_EC_KEY(pkey)); | 28 EC_KEY* ec_key = EVP_PKEY_get0_EC_KEY(pkey); |
| 30 if (!ec_key) | 29 if (!ec_key) |
| 31 return false; | 30 return false; |
| 32 const EC_GROUP* ec_group = EC_KEY_get0_group(ec_key.get()); | 31 const EC_GROUP* ec_group = EC_KEY_get0_group(ec_key); |
| 33 if (!ec_group) | 32 if (!ec_group) |
| 34 return false; | 33 return false; |
| 35 | 34 |
| 36 std::string curve_name; | 35 std::string curve_name; |
| 37 int nid = EC_GROUP_get_curve_name(ec_group); | 36 int nid = EC_GROUP_get_curve_name(ec_group); |
| 38 if (nid == NID_X9_62_prime256v1) { | 37 if (nid == NID_X9_62_prime256v1) { |
| 39 curve_name = "P-256"; | 38 curve_name = "P-256"; |
| 40 } else if (nid == NID_secp384r1) { | 39 } else if (nid == NID_secp384r1) { |
| 41 curve_name = "P-384"; | 40 curve_name = "P-384"; |
| 42 } else if (nid == NID_secp521r1) { | 41 } else if (nid == NID_secp521r1) { |
| 43 curve_name = "P-521"; | 42 curve_name = "P-521"; |
| 44 } else { | 43 } else { |
| 45 return false; | 44 return false; |
| 46 } | 45 } |
| 47 | 46 |
| 48 int degree_bytes = (EC_GROUP_get_degree(ec_group) + 7) / 8; | 47 int degree_bytes = (EC_GROUP_get_degree(ec_group) + 7) / 8; |
| 49 | 48 |
| 50 const EC_POINT* ec_point = EC_KEY_get0_public_key(ec_key.get()); | 49 const EC_POINT* ec_point = EC_KEY_get0_public_key(ec_key); |
| 51 if (!ec_point) | 50 if (!ec_point) |
| 52 return false; | 51 return false; |
| 53 | 52 |
| 54 crypto::ScopedBIGNUM x(BN_new()); | 53 bssl::UniquePtr<BIGNUM> x(BN_new()); |
| 55 crypto::ScopedBIGNUM y(BN_new()); | 54 bssl::UniquePtr<BIGNUM> y(BN_new()); |
| 56 if (!EC_POINT_get_affine_coordinates_GFp(ec_group, ec_point, x.get(), y.get(), | 55 if (!EC_POINT_get_affine_coordinates_GFp(ec_group, ec_point, x.get(), y.get(), |
| 57 NULL)) { | 56 NULL)) { |
| 58 return false; | 57 return false; |
| 59 } | 58 } |
| 60 | 59 |
| 61 // The coordinates are encoded with leading zeros included. | 60 // The coordinates are encoded with leading zeros included. |
| 62 std::string x_bytes; | 61 std::string x_bytes; |
| 63 std::string y_bytes; | 62 std::string y_bytes; |
| 64 if (!BN_bn2bin_padded(reinterpret_cast<uint8_t*>( | 63 if (!BN_bn2bin_padded(reinterpret_cast<uint8_t*>( |
| 65 base::WriteInto(&x_bytes, degree_bytes + 1)), | 64 base::WriteInto(&x_bytes, degree_bytes + 1)), |
| (...skipping 25 matching lines...) Expand all Loading... |
| 91 bool ConvertSpkiFromDerToJwk(const base::StringPiece& spki_der, | 90 bool ConvertSpkiFromDerToJwk(const base::StringPiece& spki_der, |
| 92 base::DictionaryValue* public_key_jwk) { | 91 base::DictionaryValue* public_key_jwk) { |
| 93 public_key_jwk->Clear(); | 92 public_key_jwk->Clear(); |
| 94 | 93 |
| 95 crypto::EnsureOpenSSLInit(); | 94 crypto::EnsureOpenSSLInit(); |
| 96 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); | 95 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| 97 | 96 |
| 98 CBS cbs; | 97 CBS cbs; |
| 99 CBS_init(&cbs, reinterpret_cast<const uint8_t*>(spki_der.data()), | 98 CBS_init(&cbs, reinterpret_cast<const uint8_t*>(spki_der.data()), |
| 100 spki_der.size()); | 99 spki_der.size()); |
| 101 crypto::ScopedEVP_PKEY pubkey(EVP_parse_public_key(&cbs)); | 100 bssl::UniquePtr<EVP_PKEY> pubkey(EVP_parse_public_key(&cbs)); |
| 102 if (!pubkey || CBS_len(&cbs) != 0) | 101 if (!pubkey || CBS_len(&cbs) != 0) |
| 103 return false; | 102 return false; |
| 104 | 103 |
| 105 if (pubkey->type == EVP_PKEY_EC) { | 104 if (pubkey->type == EVP_PKEY_EC) { |
| 106 return ConvertEcKeyToJwk(pubkey.get(), public_key_jwk, err_tracer); | 105 return ConvertEcKeyToJwk(pubkey.get(), public_key_jwk, err_tracer); |
| 107 } else { | 106 } else { |
| 108 // TODO(juanlang): other algorithms | 107 // TODO(juanlang): other algorithms |
| 109 return false; | 108 return false; |
| 110 } | 109 } |
| 111 } | 110 } |
| 112 | 111 |
| 113 } // namespace JwkSerializer | 112 } // namespace JwkSerializer |
| 114 | 113 |
| 115 } // namespace net | 114 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2400033005:
Use BoringSSL scopers in //net. (Closed)
