Chromium Code Reviews Chromium Code Reviews
Issue 331173002:
enterprise.platformKeys: Respect the 'hash' argument of generateKey. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/platform_keys/platform_keys.h" | 5 #include "chrome/browser/chromeos/platform_keys/platform_keys.h" |
| 6 | 6 |
| 7 #include <cryptohi.h> | 7 #include <cryptohi.h> |
| 8 | 8 |
| 9 #include "base/bind.h" | 9 #include "base/bind.h" |
| 10 #include "base/bind_helpers.h" | 10 #include "base/bind_helpers.h" |
| (...skipping 133 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 144 const unsigned int modulus_length_; | 144 const unsigned int modulus_length_; |
| 145 | 145 |
| 146 private: | 146 private: |
| 147 // Must be called on origin thread, use CallBack() therefore. | 147 // Must be called on origin thread, use CallBack() therefore. |
| 148 GenerateKeyCallback callback_; | 148 GenerateKeyCallback callback_; |
| 149 }; | 149 }; |
| 150 | 150 |
| 151 class SignState : public NSSOperationState { | 151 class SignState : public NSSOperationState { |
| 152 public: | 152 public: |
| 153 SignState(const std::string& public_key, | 153 SignState(const std::string& public_key, |
| 154 const std::string& hash_algorithm_name, | |
| 154 const std::string& data, | 155 const std::string& data, |
| 155 const SignCallback& callback); | 156 const SignCallback& callback); |
| 156 virtual ~SignState() {} | 157 virtual ~SignState() {} |
| 157 | 158 |
| 158 virtual void OnError(const tracked_objects::Location& from, | 159 virtual void OnError(const tracked_objects::Location& from, |
| 159 const std::string& error_message) OVERRIDE { | 160 const std::string& error_message) OVERRIDE { |
| 160 CallBack(from, std::string() /* no signature */, error_message); | 161 CallBack(from, std::string() /* no signature */, error_message); |
| 161 } | 162 } |
| 162 | 163 |
| 163 void CallBack(const tracked_objects::Location& from, | 164 void CallBack(const tracked_objects::Location& from, |
| 164 const std::string& signature, | 165 const std::string& signature, |
| 165 const std::string& error_message) { | 166 const std::string& error_message) { |
| 166 origin_task_runner_->PostTask( | 167 origin_task_runner_->PostTask( |
| 167 from, base::Bind(callback_, signature, error_message)); | 168 from, base::Bind(callback_, signature, error_message)); |
| 168 } | 169 } |
| 169 | 170 |
| 170 const std::string public_key_; | 171 const std::string public_key_; |
| 172 const std::string hash_algorithm_name_; | |
| 171 const std::string data_; | 173 const std::string data_; |
| 172 | 174 |
| 173 private: | 175 private: |
| 174 // Must be called on origin thread, use CallBack() therefore. | 176 // Must be called on origin thread, use CallBack() therefore. |
| 175 SignCallback callback_; | 177 SignCallback callback_; |
| 176 }; | 178 }; |
| 177 | 179 |
| 178 class GetCertificatesState : public NSSOperationState { | 180 class GetCertificatesState : public NSSOperationState { |
| 179 public: | 181 public: |
| 180 explicit GetCertificatesState(const GetCertificatesCallback& callback); | 182 explicit GetCertificatesState(const GetCertificatesCallback& callback); |
| (...skipping 70 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 251 : origin_task_runner_(base::ThreadTaskRunnerHandle::Get()) { | 253 : origin_task_runner_(base::ThreadTaskRunnerHandle::Get()) { |
| 252 } | 254 } |
| 253 | 255 |
| 254 GenerateRSAKeyState::GenerateRSAKeyState(unsigned int modulus_length, | 256 GenerateRSAKeyState::GenerateRSAKeyState(unsigned int modulus_length, |
| 255 const GenerateKeyCallback& callback) | 257 const GenerateKeyCallback& callback) |
| 256 : modulus_length_(modulus_length), | 258 : modulus_length_(modulus_length), |
| 257 callback_(callback) { | 259 callback_(callback) { |
| 258 } | 260 } |
| 259 | 261 |
| 260 SignState::SignState(const std::string& public_key, | 262 SignState::SignState(const std::string& public_key, |
| 263 const std::string& hash_algorithm_name, | |
| 261 const std::string& data, | 264 const std::string& data, |
| 262 const SignCallback& callback) | 265 const SignCallback& callback) |
| 263 : public_key_(public_key), data_(data), callback_(callback) { | 266 : public_key_(public_key), |
| 267 hash_algorithm_name_(hash_algorithm_name), | |
| 268 data_(data), | |
| 269 callback_(callback) { | |
| 264 } | 270 } |
| 265 | 271 |
| 266 GetCertificatesState::GetCertificatesState( | 272 GetCertificatesState::GetCertificatesState( |
| 267 const GetCertificatesCallback& callback) | 273 const GetCertificatesCallback& callback) |
| 268 : callback_(callback) { | 274 : callback_(callback) { |
| 269 } | 275 } |
| 270 | 276 |
| 271 ImportCertificateState::ImportCertificateState( | 277 ImportCertificateState::ImportCertificateState( |
| 272 scoped_refptr<net::X509Certificate> certificate, | 278 scoped_refptr<net::X509Certificate> certificate, |
| 273 const ImportCertificateCallback& callback) | 279 const ImportCertificateCallback& callback) |
| (...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 325 public_key_uint8, public_key_uint8 + state->public_key_.size()); | 331 public_key_uint8, public_key_uint8 + state->public_key_.size()); |
| 326 | 332 |
| 327 // TODO(pneubeck): This searches all slots. Change to look only at |slot_|. | 333 // TODO(pneubeck): This searches all slots. Change to look only at |slot_|. |
| 328 scoped_ptr<crypto::RSAPrivateKey> rsa_key( | 334 scoped_ptr<crypto::RSAPrivateKey> rsa_key( |
| 329 crypto::RSAPrivateKey::FindFromPublicKeyInfo(public_key_vector)); | 335 crypto::RSAPrivateKey::FindFromPublicKeyInfo(public_key_vector)); |
| 330 if (!rsa_key || rsa_key->key()->pkcs11Slot != state->slot_) { | 336 if (!rsa_key || rsa_key->key()->pkcs11Slot != state->slot_) { |
| 331 state->OnError(FROM_HERE, kErrorKeyNotFound); | 337 state->OnError(FROM_HERE, kErrorKeyNotFound); |
| 332 return; | 338 return; |
| 333 } | 339 } |
| 334 | 340 |
| 341 SECOidTag sign_alg_tag; | |
| 342 if (state->hash_algorithm_name_ == "SHA-1") { | |
| 343 sign_alg_tag = SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION; | |
|
not at google - send to devlin
2014/06/16 17:05:31
can you just pass in this enum rather than parsing
pneubeck (no reviews)
2014/06/17 09:12:17
SECOidTag is NSS specific and can't be moved to th
not at google - send to devlin
2014/06/17 18:18:48
I see. If the schema compiler issue were fixed to
| |
| 344 } else if (state->hash_algorithm_name_ == "SHA-256") { | |
| 345 sign_alg_tag = SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION; | |
| 346 } else if (state->hash_algorithm_name_ == "SHA-384") { | |
| 347 sign_alg_tag = SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION; | |
| 348 } else if (state->hash_algorithm_name_ == "SHA-512") { | |
| 349 sign_alg_tag = SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION; | |
| 350 } else { | |
| 351 state->OnError(FROM_HERE, kErrorAlgorithmNotSupported); | |
| 352 return; | |
| 353 } | |
| 354 | |
| 335 SECItem sign_result = {siBuffer, NULL, 0}; | 355 SECItem sign_result = {siBuffer, NULL, 0}; |
| 336 if (SEC_SignData(&sign_result, | 356 if (SEC_SignData(&sign_result, |
| 337 reinterpret_cast<const unsigned char*>(state->data_.data()), | 357 reinterpret_cast<const unsigned char*>(state->data_.data()), |
| 338 state->data_.size(), | 358 state->data_.size(), |
| 339 rsa_key->key(), | 359 rsa_key->key(), |
| 340 SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION) != SECSuccess) { | 360 sign_alg_tag) != SECSuccess) { |
| 341 LOG(ERROR) << "Couldn't sign."; | 361 LOG(ERROR) << "Couldn't sign."; |
| 342 state->OnError(FROM_HERE, kErrorInternal); | 362 state->OnError(FROM_HERE, kErrorInternal); |
| 343 return; | 363 return; |
| 344 } | 364 } |
| 345 | 365 |
| 346 std::string signature(reinterpret_cast<const char*>(sign_result.data), | 366 std::string signature(reinterpret_cast<const char*>(sign_result.data), |
| 347 sign_result.len); | 367 sign_result.len); |
| 348 state->CallBack(FROM_HERE, signature, std::string() /* no error */); | 368 state->CallBack(FROM_HERE, signature, std::string() /* no error */); |
| 349 } | 369 } |
| 350 | 370 |
| (...skipping 134 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 485 // Get the pointer to |state| before base::Passed releases |state|. | 505 // Get the pointer to |state| before base::Passed releases |state|. |
| 486 NSSOperationState* state_ptr = state.get(); | 506 NSSOperationState* state_ptr = state.get(); |
| 487 GetCertDatabase(token_id, | 507 GetCertDatabase(token_id, |
| 488 base::Bind(&GenerateRSAKeyWithDB, base::Passed(&state)), | 508 base::Bind(&GenerateRSAKeyWithDB, base::Passed(&state)), |
| 489 profile, | 509 profile, |
| 490 state_ptr); | 510 state_ptr); |
| 491 } | 511 } |
| 492 | 512 |
| 493 void Sign(const std::string& token_id, | 513 void Sign(const std::string& token_id, |
| 494 const std::string& public_key, | 514 const std::string& public_key, |
| 515 const std::string& hash_algorithm_name, | |
| 495 const std::string& data, | 516 const std::string& data, |
| 496 const SignCallback& callback, | 517 const SignCallback& callback, |
| 497 Profile* profile) { | 518 Profile* profile) { |
| 498 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 519 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
| 499 scoped_ptr<SignState> state(new SignState(public_key, data, callback)); | 520 scoped_ptr<SignState> state( |
| 521 new SignState(public_key, hash_algorithm_name, data, callback)); | |
| 500 // Get the pointer to |state| before base::Passed releases |state|. | 522 // Get the pointer to |state| before base::Passed releases |state|. |
| 501 NSSOperationState* state_ptr = state.get(); | 523 NSSOperationState* state_ptr = state.get(); |
| 502 | 524 |
| 503 // The NSSCertDatabase object is not required. But in case it's not available | 525 // The NSSCertDatabase object is not required. But in case it's not available |
| 504 // we would get more informative error messages and we can double check that | 526 // we would get more informative error messages and we can double check that |
| 505 // we use a key of the correct token. | 527 // we use a key of the correct token. |
| 506 GetCertDatabase(token_id, | 528 GetCertDatabase(token_id, |
| 507 base::Bind(&RSASignWithDB, base::Passed(&state)), | 529 base::Bind(&RSASignWithDB, base::Passed(&state)), |
| 508 profile, | 530 profile, |
| 509 state_ptr); | 531 state_ptr); |
| (...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 555 // we would get more informative error messages. | 577 // we would get more informative error messages. |
| 556 GetCertDatabase(token_id, | 578 GetCertDatabase(token_id, |
| 557 base::Bind(&RemoveCertificateWithDB, base::Passed(&state)), | 579 base::Bind(&RemoveCertificateWithDB, base::Passed(&state)), |
| 558 profile, | 580 profile, |
| 559 state_ptr); | 581 state_ptr); |
| 560 } | 582 } |
| 561 | 583 |
| 562 } // namespace platform_keys | 584 } // namespace platform_keys |
| 563 | 585 |
| 564 } // namespace chromeos | 586 } // namespace chromeos |
| OLD | NEW |
