Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(60)

Unified Diff: net/base/keygen_handler_openssl.cc

Issue 2536993002: Remove support for the keygen tag (Closed)
Patch Set: Rebased Created 4 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/base/keygen_handler_nss.cc ('k') | net/base/keygen_handler_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/base/keygen_handler_openssl.cc
diff --git a/net/base/keygen_handler_openssl.cc b/net/base/keygen_handler_openssl.cc
deleted file mode 100644
index 161a5b743d8601a8d84c613afbeb4e485159180c..0000000000000000000000000000000000000000
--- a/net/base/keygen_handler_openssl.cc
+++ /dev/null
@@ -1,122 +0,0 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include <stdint.h>
-
-#include <memory>
-
-#include "base/base64.h"
-#include "base/location.h"
-#include "base/logging.h"
-#include "base/strings/string_piece.h"
-#include "crypto/openssl_util.h"
-#include "crypto/rsa_private_key.h"
-#include "net/base/keygen_handler.h"
-#include "net/base/openssl_private_key_store.h"
-#include "third_party/boringssl/src/include/openssl/bytestring.h"
-#include "third_party/boringssl/src/include/openssl/digest.h"
-#include "third_party/boringssl/src/include/openssl/evp.h"
-#include "third_party/boringssl/src/include/openssl/mem.h"
-
-namespace net {
-
-std::string KeygenHandler::GenKeyAndSignChallenge() {
- std::unique_ptr<crypto::RSAPrivateKey> key(
- crypto::RSAPrivateKey::Create(key_size_in_bits_));
- EVP_PKEY* pkey = key->key();
-
- if (stores_key_)
- OpenSSLPrivateKeyStore::StoreKeyPair(url_, pkey);
-
- // Serialize the following structure, from
- // https://developer.mozilla.org/en-US/docs/Web/HTML/Element/keygen.
- //
- // PublicKeyAndChallenge ::= SEQUENCE {
- // spki SubjectPublicKeyInfo,
- // challenge IA5STRING
- // }
- //
- // SignedPublicKeyAndChallenge ::= SEQUENCE {
- // publicKeyAndChallenge PublicKeyAndChallenge,
- // signatureAlgorithm AlgorithmIdentifier,
- // signature BIT STRING
- // }
- //
- // The signature is over the PublicKeyAndChallenge.
-
- // TODO(davidben): If we gain another consumer, factor this code out into
- // shared logic, sharing OID definitions with the verifier, to support signing
- // other X.509-style structures.
-
- crypto::OpenSSLErrStackTracer tracer(FROM_HERE);
-
- // Serialize up to the PublicKeyAndChallenge.
- bssl::ScopedCBB cbb;
- CBB spkac, public_key_and_challenge, challenge;
- if (!CBB_init(cbb.get(), 0) ||
- !CBB_add_asn1(cbb.get(), &spkac, CBS_ASN1_SEQUENCE) ||
- !CBB_add_asn1(&spkac, &public_key_and_challenge, CBS_ASN1_SEQUENCE) ||
- !EVP_marshal_public_key(&public_key_and_challenge, pkey) ||
- !CBB_add_asn1(&public_key_and_challenge, &challenge,
- CBS_ASN1_IA5STRING) ||
- !CBB_add_bytes(&challenge,
- reinterpret_cast<const uint8_t*>(challenge_.data()),
- challenge_.size()) ||
- !CBB_flush(&spkac)) {
- return std::string();
- }
-
- // Hash what's been written so far.
- bssl::ScopedEVP_MD_CTX ctx;
- if (!EVP_DigestSignInit(ctx.get(), nullptr, EVP_md5(), nullptr, pkey) ||
- !EVP_DigestSignUpdate(ctx.get(), CBB_data(&spkac), CBB_len(&spkac))) {
- return std::string();
- }
-
- // The DER encoding of 1.2.840.113549.1.1.4, MD5 with RSA encryption.
- static const uint8_t kMd5WithRsaEncryption[] = {
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x04,
- };
-
- // Write the signatureAlgorithm.
- CBB algorithm, oid, null;
- if (!CBB_add_asn1(&spkac, &algorithm, CBS_ASN1_SEQUENCE) ||
- !CBB_add_asn1(&algorithm, &oid, CBS_ASN1_OBJECT) ||
- !CBB_add_bytes(&oid, kMd5WithRsaEncryption,
- sizeof(kMd5WithRsaEncryption)) ||
- !CBB_add_asn1(&algorithm, &null, CBS_ASN1_NULL)) {
- return std::string();
- }
-
- // Compute and write the signature. Note that X.509 signatures, although
- // always byte strings for RSA, are encoded as BIT STRINGS with a multiple of
- // 8 bits.
- CBB sig_bitstring;
- uint8_t* sig;
- size_t sig_len;
- if (!CBB_add_asn1(&spkac, &sig_bitstring, CBS_ASN1_BITSTRING) ||
- !CBB_add_u8(&sig_bitstring, 0 /* no unused bits */) ||
- // Determine the maximum length of the signature.
- !EVP_DigestSignFinal(ctx.get(), nullptr, &sig_len) ||
- // Reserve |sig_len| bytes and write the signature to |spkac|.
- !CBB_reserve(&sig_bitstring, &sig, sig_len) ||
- !EVP_DigestSignFinal(ctx.get(), sig, &sig_len) ||
- !CBB_did_write(&sig_bitstring, sig_len)) {
- return std::string();
- }
-
- // Finally, the structure is base64-encoded.
- uint8_t* der;
- size_t der_len;
- if (!CBB_finish(cbb.get(), &der, &der_len)) {
- return std::string();
- }
- std::string result;
- base::Base64Encode(
- base::StringPiece(reinterpret_cast<const char*>(der), der_len), &result);
- OPENSSL_free(der);
- return result;
-}
-
-} // namespace net
« no previous file with comments | « net/base/keygen_handler_nss.cc ('k') | net/base/keygen_handler_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698