OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "components/gcm_driver/crypto/p256_key_util.h" | 5 #include "components/gcm_driver/crypto/p256_key_util.h" |
6 | 6 |
7 #include <stddef.h> | 7 #include <stddef.h> |
8 #include <stdint.h> | 8 #include <stdint.h> |
9 | 9 |
10 #include <memory> | 10 #include <memory> |
(...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
44 if (!key_pair.get()) { | 44 if (!key_pair.get()) { |
45 DLOG(ERROR) << "Unable to generate a new P-256 key pair."; | 45 DLOG(ERROR) << "Unable to generate a new P-256 key pair."; |
46 return false; | 46 return false; |
47 } | 47 } |
48 | 48 |
49 std::vector<uint8_t> private_key; | 49 std::vector<uint8_t> private_key; |
50 | 50 |
51 // Export the encrypted private key with an empty password. This is not done | 51 // Export the encrypted private key with an empty password. This is not done |
52 // to provide any security, but rather to achieve a consistent private key | 52 // to provide any security, but rather to achieve a consistent private key |
53 // storage between the BoringSSL and NSS implementations. | 53 // storage between the BoringSSL and NSS implementations. |
54 if (!key_pair->ExportEncryptedPrivateKey( | 54 if (!key_pair->ExportEncryptedPrivateKey(&private_key)) { |
55 "" /* password */, 1 /* iteration */, &private_key)) { | |
56 DLOG(ERROR) << "Unable to export the private key."; | 55 DLOG(ERROR) << "Unable to export the private key."; |
57 return false; | 56 return false; |
58 } | 57 } |
59 | 58 |
60 std::string candidate_public_key; | 59 std::string candidate_public_key; |
61 | 60 |
62 // ECPrivateKey::ExportRawPublicKey() returns the EC point in the uncompressed | 61 // ECPrivateKey::ExportRawPublicKey() returns the EC point in the uncompressed |
63 // point format, but does not include the leading byte of value 0x04 that | 62 // point format, but does not include the leading byte of value 0x04 that |
64 // indicates usage of uncompressed points, per SEC1 2.3.3. | 63 // indicates usage of uncompressed points, per SEC1 2.3.3. |
65 if (!key_pair->ExportRawPublicKey(&candidate_public_key) || | 64 if (!key_pair->ExportRawPublicKey(&candidate_public_key) || |
(...skipping 27 matching lines...) Expand all Loading... |
93 } | 92 } |
94 | 93 |
95 bool ComputeSharedP256Secret(const base::StringPiece& private_key, | 94 bool ComputeSharedP256Secret(const base::StringPiece& private_key, |
96 const base::StringPiece& public_key_x509, | 95 const base::StringPiece& public_key_x509, |
97 const base::StringPiece& peer_public_key, | 96 const base::StringPiece& peer_public_key, |
98 std::string* out_shared_secret) { | 97 std::string* out_shared_secret) { |
99 DCHECK(out_shared_secret); | 98 DCHECK(out_shared_secret); |
100 | 99 |
101 std::unique_ptr<crypto::ECPrivateKey> local_key_pair( | 100 std::unique_ptr<crypto::ECPrivateKey> local_key_pair( |
102 crypto::ECPrivateKey::CreateFromEncryptedPrivateKeyInfo( | 101 crypto::ECPrivateKey::CreateFromEncryptedPrivateKeyInfo( |
103 "" /* no password */, | |
104 std::vector<uint8_t>(private_key.data(), | 102 std::vector<uint8_t>(private_key.data(), |
105 private_key.data() + private_key.size()), | 103 private_key.data() + private_key.size()), |
106 std::vector<uint8_t>( | 104 std::vector<uint8_t>( |
107 public_key_x509.data(), | 105 public_key_x509.data(), |
108 public_key_x509.data() + public_key_x509.size()))); | 106 public_key_x509.data() + public_key_x509.size()))); |
109 | 107 |
110 if (!local_key_pair) { | 108 if (!local_key_pair) { |
111 DLOG(ERROR) << "Unable to create the local key pair."; | 109 DLOG(ERROR) << "Unable to create the local key pair."; |
112 return false; | 110 return false; |
113 } | 111 } |
(...skipping 21 matching lines...) Expand all Loading... |
135 nullptr) != sizeof(result)) { | 133 nullptr) != sizeof(result)) { |
136 DLOG(ERROR) << "Unable to compute the ECDH shared secret."; | 134 DLOG(ERROR) << "Unable to compute the ECDH shared secret."; |
137 return false; | 135 return false; |
138 } | 136 } |
139 | 137 |
140 out_shared_secret->assign(reinterpret_cast<char*>(result), sizeof(result)); | 138 out_shared_secret->assign(reinterpret_cast<char*>(result), sizeof(result)); |
141 return true; | 139 return true; |
142 } | 140 } |
143 | 141 |
144 } // namespace gcm | 142 } // namespace gcm |
OLD | NEW |