| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "content/child/webcrypto/openssl/rsa_key_openssl.h" |
| 6 |
| 7 #include <openssl/evp.h> |
| 8 #include <openssl/pkcs12.h> |
| 9 |
| 10 #include "base/logging.h" |
| 11 #include "content/child/webcrypto/crypto_data.h" |
| 12 #include "content/child/webcrypto/openssl/key_openssl.h" |
| 13 #include "content/child/webcrypto/status.h" |
| 14 #include "content/child/webcrypto/webcrypto_util.h" |
| 15 #include "crypto/openssl_util.h" |
| 16 #include "crypto/scoped_openssl_types.h" |
| 17 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" |
| 18 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h" |
| 19 |
| 20 namespace content { |
| 21 |
| 22 namespace webcrypto { |
| 23 |
| 24 namespace { |
| 25 |
| 26 Status ExportPKeySpki(EVP_PKEY* key, std::vector<uint8>* buffer) { |
| 27 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| 28 crypto::ScopedBIO bio(BIO_new(BIO_s_mem())); |
| 29 |
| 30 // TODO(eroman): Use the OID specified by webcrypto spec. |
| 31 // http://crbug.com/373545 |
| 32 if (!i2d_PUBKEY_bio(bio.get(), key)) |
| 33 return Status::ErrorUnexpected(); |
| 34 |
| 35 char* data = NULL; |
| 36 long len = BIO_get_mem_data(bio.get(), &data); |
| 37 if (!data || len < 0) |
| 38 return Status::ErrorUnexpected(); |
| 39 |
| 40 buffer->assign(data, data + len); |
| 41 return Status::Success(); |
| 42 } |
| 43 |
| 44 Status ExportPKeyPkcs8(EVP_PKEY* key, std::vector<uint8>* buffer) { |
| 45 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| 46 crypto::ScopedBIO bio(BIO_new(BIO_s_mem())); |
| 47 |
| 48 // TODO(eroman): Use the OID specified by webcrypto spec. |
| 49 // http://crbug.com/373545 |
| 50 if (!i2d_PKCS8PrivateKeyInfo_bio(bio.get(), key)) |
| 51 return Status::ErrorUnexpected(); |
| 52 |
| 53 char* data = NULL; |
| 54 long len = BIO_get_mem_data(bio.get(), &data); |
| 55 if (!data || len < 0) |
| 56 return Status::ErrorUnexpected(); |
| 57 |
| 58 buffer->assign(data, data + len); |
| 59 return Status::Success(); |
| 60 } |
| 61 |
| 62 // Creates a blink::WebCryptoAlgorithm having the modulus length and public |
| 63 // exponent of |key|. |
| 64 Status CreateRsaHashedKeyAlgorithm( |
| 65 blink::WebCryptoAlgorithmId rsa_algorithm, |
| 66 blink::WebCryptoAlgorithmId hash_algorithm, |
| 67 EVP_PKEY* key, |
| 68 blink::WebCryptoKeyAlgorithm* key_algorithm) { |
| 69 DCHECK(IsAlgorithmRsa(rsa_algorithm)); |
| 70 DCHECK_EQ(EVP_PKEY_RSA, EVP_PKEY_id(key)); |
| 71 |
| 72 crypto::ScopedRSA rsa(EVP_PKEY_get1_RSA(key)); |
| 73 if (!rsa.get()) |
| 74 return Status::ErrorUnexpected(); |
| 75 |
| 76 unsigned int modulus_length_bits = BN_num_bits(rsa.get()->n); |
| 77 |
| 78 // Convert the public exponent to big-endian representation. |
| 79 std::vector<uint8> e(BN_num_bytes(rsa.get()->e)); |
| 80 if (e.size() == 0) |
| 81 return Status::ErrorUnexpected(); |
| 82 if (static_cast<int>(e.size()) != BN_bn2bin(rsa.get()->e, &e[0])) |
| 83 return Status::ErrorUnexpected(); |
| 84 |
| 85 *key_algorithm = blink::WebCryptoKeyAlgorithm::createRsaHashed( |
| 86 rsa_algorithm, modulus_length_bits, &e[0], e.size(), hash_algorithm); |
| 87 |
| 88 return Status::Success(); |
| 89 } |
| 90 |
| 91 // Verifies that |key| is consistent with the input algorithm id, and creates a |
| 92 // blink::WebCryptoKeyAlgorithm describing the key. |
| 93 // Returns Status::Success() on success and sets |*key_algorithm|. |
| 94 Status ValidateKeyTypeAndCreateKeyAlgorithm( |
| 95 const blink::WebCryptoAlgorithm& algorithm, |
| 96 EVP_PKEY* key, |
| 97 blink::WebCryptoKeyAlgorithm* key_algorithm) { |
| 98 // TODO(eroman): Validate the algorithm OID against the webcrypto provided |
| 99 // hash. http://crbug.com/389400 |
| 100 if (EVP_PKEY_id(key) != EVP_PKEY_RSA) |
| 101 return Status::DataError(); // Data did not define an RSA key. |
| 102 return CreateRsaHashedKeyAlgorithm(algorithm.id(), |
| 103 GetInnerHashAlgorithm(algorithm).id(), |
| 104 key, |
| 105 key_algorithm); |
| 106 } |
| 107 |
| 108 } // namespace |
| 109 |
| 110 Status RsaHashedAlgorithm::VerifyKeyUsagesBeforeImportKey( |
| 111 blink::WebCryptoKeyFormat format, |
| 112 blink::WebCryptoKeyUsageMask usage_mask) const { |
| 113 switch (format) { |
| 114 case blink::WebCryptoKeyFormatSpki: |
| 115 return CheckKeyCreationUsages(all_public_key_usages_, usage_mask); |
| 116 case blink::WebCryptoKeyFormatPkcs8: |
| 117 return CheckKeyCreationUsages(all_private_key_usages_, usage_mask); |
| 118 default: |
| 119 return Status::ErrorUnsupportedImportKeyFormat(); |
| 120 } |
| 121 } |
| 122 |
| 123 Status RsaHashedAlgorithm::ImportKeyPkcs8( |
| 124 const CryptoData& key_data, |
| 125 const blink::WebCryptoAlgorithm& algorithm, |
| 126 bool extractable, |
| 127 blink::WebCryptoKeyUsageMask usage_mask, |
| 128 blink::WebCryptoKey* key) const { |
| 129 if (!key_data.byte_length()) |
| 130 return Status::ErrorImportEmptyKeyData(); |
| 131 |
| 132 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| 133 |
| 134 crypto::ScopedBIO bio(BIO_new_mem_buf(const_cast<uint8*>(key_data.bytes()), |
| 135 key_data.byte_length())); |
| 136 if (!bio.get()) |
| 137 return Status::ErrorUnexpected(); |
| 138 |
| 139 crypto::ScopedOpenSSL<PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_free>::Type |
| 140 p8inf(d2i_PKCS8_PRIV_KEY_INFO_bio(bio.get(), NULL)); |
| 141 if (!p8inf.get()) |
| 142 return Status::DataError(); |
| 143 |
| 144 crypto::ScopedEVP_PKEY private_key(EVP_PKCS82PKEY(p8inf.get())); |
| 145 if (!private_key.get()) |
| 146 return Status::DataError(); |
| 147 |
| 148 blink::WebCryptoKeyAlgorithm key_algorithm; |
| 149 Status status = ValidateKeyTypeAndCreateKeyAlgorithm( |
| 150 algorithm, private_key.get(), &key_algorithm); |
| 151 if (status.IsError()) |
| 152 return status; |
| 153 |
| 154 // TODO(eroman): This is probably going to be the same as the input. |
| 155 std::vector<uint8> pkcs8_data; |
| 156 status = ExportPKeyPkcs8(private_key.get(), &pkcs8_data); |
| 157 if (status.IsError()) |
| 158 return status; |
| 159 |
| 160 scoped_ptr<AsymKeyOpenSsl> key_handle( |
| 161 new AsymKeyOpenSsl(private_key.Pass(), CryptoData(pkcs8_data))); |
| 162 |
| 163 *key = blink::WebCryptoKey::create(key_handle.release(), |
| 164 blink::WebCryptoKeyTypePrivate, |
| 165 extractable, |
| 166 key_algorithm, |
| 167 usage_mask); |
| 168 return Status::Success(); |
| 169 } |
| 170 |
| 171 Status RsaHashedAlgorithm::ImportKeySpki( |
| 172 const CryptoData& key_data, |
| 173 const blink::WebCryptoAlgorithm& algorithm, |
| 174 bool extractable, |
| 175 blink::WebCryptoKeyUsageMask usage_mask, |
| 176 blink::WebCryptoKey* key) const { |
| 177 if (!key_data.byte_length()) |
| 178 return Status::ErrorImportEmptyKeyData(); |
| 179 |
| 180 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| 181 |
| 182 crypto::ScopedBIO bio(BIO_new_mem_buf(const_cast<uint8*>(key_data.bytes()), |
| 183 key_data.byte_length())); |
| 184 if (!bio.get()) |
| 185 return Status::ErrorUnexpected(); |
| 186 |
| 187 crypto::ScopedEVP_PKEY public_key(d2i_PUBKEY_bio(bio.get(), NULL)); |
| 188 if (!public_key.get()) |
| 189 return Status::DataError(); |
| 190 |
| 191 blink::WebCryptoKeyAlgorithm key_algorithm; |
| 192 Status status = ValidateKeyTypeAndCreateKeyAlgorithm( |
| 193 algorithm, public_key.get(), &key_algorithm); |
| 194 if (status.IsError()) |
| 195 return status; |
| 196 |
| 197 // TODO(eroman): This is probably going to be the same as the input. |
| 198 std::vector<uint8> spki_data; |
| 199 status = ExportPKeySpki(public_key.get(), &spki_data); |
| 200 if (status.IsError()) |
| 201 return status; |
| 202 |
| 203 scoped_ptr<AsymKeyOpenSsl> key_handle( |
| 204 new AsymKeyOpenSsl(public_key.Pass(), CryptoData(spki_data))); |
| 205 |
| 206 *key = blink::WebCryptoKey::create(key_handle.release(), |
| 207 blink::WebCryptoKeyTypePublic, |
| 208 extractable, |
| 209 key_algorithm, |
| 210 usage_mask); |
| 211 return Status::Success(); |
| 212 } |
| 213 |
| 214 Status RsaHashedAlgorithm::ExportKeyPkcs8(const blink::WebCryptoKey& key, |
| 215 std::vector<uint8>* buffer) const { |
| 216 if (key.type() != blink::WebCryptoKeyTypePrivate) |
| 217 return Status::ErrorUnexpectedKeyType(); |
| 218 *buffer = AsymKeyOpenSsl::Cast(key)->serialized_key_data(); |
| 219 return Status::Success(); |
| 220 } |
| 221 |
| 222 Status RsaHashedAlgorithm::ExportKeySpki(const blink::WebCryptoKey& key, |
| 223 std::vector<uint8>* buffer) const { |
| 224 if (key.type() != blink::WebCryptoKeyTypePublic) |
| 225 return Status::ErrorUnexpectedKeyType(); |
| 226 *buffer = AsymKeyOpenSsl::Cast(key)->serialized_key_data(); |
| 227 return Status::Success(); |
| 228 } |
| 229 |
| 230 } // namespace webcrypto |
| 231 |
| 232 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 353043005:
[webcrypto] Wire up {spki, pkcs8} import/export for OpenSSL. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src