| OLD | NEW |
|---|
| 1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- | 1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- |
| 2 * | 2 * |
| 3 * ***** BEGIN LICENSE BLOCK ***** | 3 * ***** BEGIN LICENSE BLOCK ***** |
| 4 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 4 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
| 5 * | 5 * |
| 6 * The contents of this file are subject to the Mozilla Public License Version | 6 * The contents of this file are subject to the Mozilla Public License Version |
| 7 * 1.1 (the "License"); you may not use this file except in compliance with | 7 * 1.1 (the "License"); you may not use this file except in compliance with |
| 8 * the License. You may obtain a copy of the License at | 8 * the License. You may obtain a copy of the License at |
| 9 * http://www.mozilla.org/MPL/ | 9 * http://www.mozilla.org/MPL/ |
| 10 * | 10 * |
| (...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 42 | 42 |
| 43 #include <pk11pub.h> | 43 #include <pk11pub.h> |
| 44 #include <prerror.h> // PR_GetError() | 44 #include <prerror.h> // PR_GetError() |
| 45 #include <secmod.h> | 45 #include <secmod.h> |
| 46 #include <secder.h> // DER_Encode() | 46 #include <secder.h> // DER_Encode() |
| 47 #include <cryptohi.h> // SEC_DerSignData() | 47 #include <cryptohi.h> // SEC_DerSignData() |
| 48 #include <keyhi.h> // SECKEY_CreateSubjectPublicKeyInfo() | 48 #include <keyhi.h> // SECKEY_CreateSubjectPublicKeyInfo() |
| 49 | 49 |
| 50 #include "base/base64.h" | 50 #include "base/base64.h" |
| 51 #include "base/logging.h" | 51 #include "base/logging.h" |
| 52 #include "base/nss_util_internal.h" | |
| 53 #include "base/nss_util.h" | 52 #include "base/nss_util.h" |
| 54 #include "base/string_util.h" | |
| 55 #include "googleurl/src/gurl.h" | 53 #include "googleurl/src/gurl.h" |
| 56 | 54 |
| 57 namespace { | 55 namespace { |
| 58 | 56 |
| 59 // Template for creating the signed public key structure to be sent to the CA. | 57 // Template for creating the signed public key structure to be sent to the CA. |
| 60 DERTemplate SECAlgorithmIDTemplate[] = { | 58 DERTemplate SECAlgorithmIDTemplate[] = { |
| 61 { DER_SEQUENCE, | 59 { DER_SEQUENCE, |
| 62 0, NULL, sizeof(SECAlgorithmID) }, | 60 0, NULL, sizeof(SECAlgorithmID) }, |
| 63 { DER_OBJECT_ID, | 61 { DER_OBJECT_ID, |
| 64 offsetof(SECAlgorithmID, algorithm), }, | 62 offsetof(SECAlgorithmID, algorithm), }, |
| (...skipping 25 matching lines...) Expand all Loading... |
| 90 | 88 |
| 91 } // namespace | 89 } // namespace |
| 92 | 90 |
| 93 namespace mozilla_security_manager { | 91 namespace mozilla_security_manager { |
| 94 | 92 |
| 95 // This function is based on the nsKeygenFormProcessor::GetPublicKey function | 93 // This function is based on the nsKeygenFormProcessor::GetPublicKey function |
| 96 // in mozilla/security/manager/ssl/src/nsKeygenHandler.cpp. | 94 // in mozilla/security/manager/ssl/src/nsKeygenHandler.cpp. |
| 97 std::string GenKeyAndSignChallenge(int key_size_in_bits, | 95 std::string GenKeyAndSignChallenge(int key_size_in_bits, |
| 98 const std::string& challenge, | 96 const std::string& challenge, |
| 99 const GURL& url, | 97 const GURL& url, |
| 98 PK11SlotInfo* slot, |
| 100 bool stores_key) { | 99 bool stores_key) { |
| 101 // Key pair generation mechanism - only RSA is supported at present. | 100 // Key pair generation mechanism - only RSA is supported at present. |
| 102 PRUint32 keyGenMechanism = CKM_RSA_PKCS_KEY_PAIR_GEN; // from nss/pkcs11t.h | 101 PRUint32 keyGenMechanism = CKM_RSA_PKCS_KEY_PAIR_GEN; // from nss/pkcs11t.h |
| 103 | 102 |
| 104 // Temporary structures used for generating the result | 103 // Temporary structures used for generating the result |
| 105 // in the right format. | 104 // in the right format. |
| 106 PK11SlotInfo *slot = NULL; | |
| 107 PK11RSAGenParams rsaKeyGenParams; // Keygen parameters. | 105 PK11RSAGenParams rsaKeyGenParams; // Keygen parameters. |
| 108 SECOidTag algTag; // used by SEC_DerSignData(). | 106 SECOidTag algTag; // used by SEC_DerSignData(). |
| 109 SECKEYPrivateKey *privateKey = NULL; | 107 SECKEYPrivateKey *privateKey = NULL; |
| 110 SECKEYPublicKey *publicKey = NULL; | 108 SECKEYPublicKey *publicKey = NULL; |
| 111 CERTSubjectPublicKeyInfo *spkInfo = NULL; | 109 CERTSubjectPublicKeyInfo *spkInfo = NULL; |
| 112 PRArenaPool *arena = NULL; | 110 PRArenaPool *arena = NULL; |
| 113 SECStatus sec_rv =SECFailure; | 111 SECStatus sec_rv =SECFailure; |
| 114 SECItem spkiItem; | 112 SECItem spkiItem; |
| 115 SECItem pkacItem; | 113 SECItem pkacItem; |
| 116 SECItem signedItem; | 114 SECItem signedItem; |
| 117 CERTPublicKeyAndChallenge pkac; | 115 CERTPublicKeyAndChallenge pkac; |
| 118 void *keyGenParams; | 116 void *keyGenParams; |
| 119 bool isSuccess = true; // Set to false as soon as a step fails. | 117 bool isSuccess = true; // Set to false as soon as a step fails. |
| 120 | 118 |
| 121 std::string result_blob; // the result. | 119 std::string result_blob; // the result. |
| 122 | 120 |
| 123 // Ensure NSS is initialized. | |
| 124 base::EnsureNSSInit(); | |
| 125 | |
| 126 slot = base::GetDefaultNSSKeySlot(); | |
| 127 if (!slot) { | |
| 128 LOG(ERROR) << "Couldn't get Internal key slot!"; | |
| 129 isSuccess = false; | |
| 130 goto failure; | |
| 131 } | |
| 132 | |
| 133 switch (keyGenMechanism) { | 121 switch (keyGenMechanism) { |
| 134 case CKM_RSA_PKCS_KEY_PAIR_GEN: | 122 case CKM_RSA_PKCS_KEY_PAIR_GEN: |
| 135 rsaKeyGenParams.keySizeInBits = key_size_in_bits; | 123 rsaKeyGenParams.keySizeInBits = key_size_in_bits; |
| 136 rsaKeyGenParams.pe = DEFAULT_RSA_KEYGEN_PE; | 124 rsaKeyGenParams.pe = DEFAULT_RSA_KEYGEN_PE; |
| 137 keyGenParams = &rsaKeyGenParams; | 125 keyGenParams = &rsaKeyGenParams; |
| 138 | 126 |
| 139 algTag = DEFAULT_RSA_KEYGEN_ALG; | 127 algTag = DEFAULT_RSA_KEYGEN_ALG; |
| 140 break; | 128 break; |
| 141 default: | 129 default: |
| 142 // TODO(gauravsh): If we ever support other mechanisms, | 130 // TODO(gauravsh): If we ever support other mechanisms, |
| 143 // this can be changed. | 131 // this can be changed. |
| 144 LOG(ERROR) << "Only RSA keygen mechanism is supported"; | 132 LOG(ERROR) << "Only RSA keygen mechanism is supported"; |
| 145 isSuccess = false; | 133 isSuccess = false; |
| 146 goto failure; | 134 goto failure; |
| 147 } | 135 } |
| 148 | 136 |
| 149 // Need to make sure that the token was initialized. | |
| 150 // Assume a null password. | |
| 151 sec_rv = PK11_Authenticate(slot, PR_TRUE, NULL); | |
| 152 if (SECSuccess != sec_rv) { | |
| 153 LOG(ERROR) << "Couldn't initialze PK11 token!"; | |
| 154 isSuccess = false; | |
| 155 goto failure; | |
| 156 } | |
| 157 | |
| 158 LOG(INFO) << "Creating key pair..."; | 137 LOG(INFO) << "Creating key pair..."; |
| 159 { | 138 { |
| 160 base::AutoNSSWriteLock lock; | 139 base::AutoNSSWriteLock lock; |
| 161 privateKey = PK11_GenerateKeyPair(slot, | 140 privateKey = PK11_GenerateKeyPair(slot, |
| 162 keyGenMechanism, | 141 keyGenMechanism, |
| 163 keyGenParams, | 142 keyGenParams, |
| 164 &publicKey, | 143 &publicKey, |
| 165 PR_TRUE, // isPermanent? | 144 PR_TRUE, // isPermanent? |
| 166 PR_TRUE, // isSensitive? | 145 PR_TRUE, // isSensitive? |
| 167 NULL); | 146 NULL); |
| (...skipping 100 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 268 PK11_DestroyTokenObject(publicKey->pkcs11Slot, publicKey->pkcs11ID); | 247 PK11_DestroyTokenObject(publicKey->pkcs11Slot, publicKey->pkcs11ID); |
| 269 } | 248 } |
| 270 SECKEY_DestroyPublicKey(publicKey); | 249 SECKEY_DestroyPublicKey(publicKey); |
| 271 } | 250 } |
| 272 if (spkInfo) { | 251 if (spkInfo) { |
| 273 SECKEY_DestroySubjectPublicKeyInfo(spkInfo); | 252 SECKEY_DestroySubjectPublicKeyInfo(spkInfo); |
| 274 } | 253 } |
| 275 if (arena) { | 254 if (arena) { |
| 276 PORT_FreeArena(arena, PR_TRUE); | 255 PORT_FreeArena(arena, PR_TRUE); |
| 277 } | 256 } |
| 278 if (slot != NULL) { | |
| 279 PK11_FreeSlot(slot); | |
| 280 } | |
| 281 | 257 |
| 282 return (isSuccess ? result_blob : std::string()); | 258 return (isSuccess ? result_blob : std::string()); |
| 283 } | 259 } |
| 284 | 260 |
| 285 } // namespace mozilla_security_manager | 261 } // namespace mozilla_security_manager |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 3186021:
DONOTLAND: Start of PK11 password dialog for Linux/NSS (Closed)
Base URL: http://src.chromium.org/git/chromium.git