Refactor RSA key generation for WebCrypto's NSS implementation.

content/child/webcrypto/nss/rsa_key_nss.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/child/webcrypto/nss/rsa_key_nss.h"
 
 #include "base/logging.h"
-#include "base/numerics/safe_math.h"
 #include "content/child/webcrypto/crypto_data.h"
 #include "content/child/webcrypto/jwk.h"
 #include "content/child/webcrypto/nss/key_nss.h"
 #include "content/child/webcrypto/nss/util_nss.h"
 #include "content/child/webcrypto/status.h"
 #include "content/child/webcrypto/webcrypto_util.h"
 #include "crypto/scoped_nss_types.h"
 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"
 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h"
 
 namespace content {
 
 namespace webcrypto {
 
 namespace {
 
-// Converts a (big-endian) WebCrypto BigInteger, with or without leading zeros,
-// to unsigned long.
-bool BigIntegerToLong(const uint8_t* data,
-                      unsigned int data_size,
-                      unsigned long* result) {
-  // TODO(eroman): Fix handling of empty biginteger. http://crubg.com/373552
-  if (data_size == 0)
-    return false;
-
-  *result = 0;
-  for (size_t i = 0; i < data_size; ++i) {
-    size_t reverse_i = data_size - i - 1;
-
-    if (reverse_i >= sizeof(unsigned long) && data[i])
-      return false;  // Too large for a long.
-
-    *result |= data[i] << 8 * reverse_i;
-  }
-  return true;
-}
-
 bool CreatePublicKeyAlgorithm(const blink::WebCryptoAlgorithm& algorithm,
                               SECKEYPublicKey* key,
                               blink::WebCryptoKeyAlgorithm* key_algorithm) {
   // TODO(eroman): What about other key types rsaPss, rsaOaep.
   if (!key || key->keyType != rsaKey)
     return false;
 
   unsigned int modulus_length_bits = SECKEY_PublicKeyStrength(key) * 8;
   CryptoData public_exponent(key->u.rsa.publicExponent.data,
                              key->u.rsa.publicExponent.len);
@@ skipping 516 matching lines @@
   return Status::Success();
 }
 
 Status RsaHashedAlgorithm::GenerateKeyPair(
     const blink::WebCryptoAlgorithm& algorithm,
     bool extractable,
     blink::WebCryptoKeyUsageMask public_usage_mask,
     blink::WebCryptoKeyUsageMask private_usage_mask,
     blink::WebCryptoKey* public_key,
     blink::WebCryptoKey* private_key) const {
-  const blink::WebCryptoRsaHashedKeyGenParams* params =
-      algorithm.rsaHashedKeyGenParams();
-
-  if (!params->modulusLengthBits())
-    return Status::ErrorGenerateRsaZeroModulus();
-
-  unsigned long public_exponent = 0;
-  if (!BigIntegerToLong(params->publicExponent().data(),
-                        params->publicExponent().size(),
-                        &public_exponent) ||
-      (public_exponent != 3 && public_exponent != 65537)) {
-    return Status::ErrorGenerateKeyPublicExponent();
-  }
+  unsigned int public_exponent = 0;
+  unsigned int modulus_length_bits = 0;
+  Status status = GetRsaKeyGenParameters(algorithm.rsaHashedKeyGenParams(),
+                                         &public_exponent,
+                                         &modulus_length_bits);
+  if (status.IsError())
+    return status;
 
   crypto::ScopedPK11Slot slot(PK11_GetInternalKeySlot());
   if (!slot)
     return Status::OperationError();
 
   PK11RSAGenParams rsa_gen_params;
-  // keySizeInBits is a signed type, don't pass in a negative value.
-  base::CheckedNumeric<int> signed_modulus(params->modulusLengthBits());
-  if (!signed_modulus.IsValid())
-    return Status::OperationError();
-  rsa_gen_params.keySizeInBits = signed_modulus.ValueOrDie();
+  rsa_gen_params.keySizeInBits = modulus_length_bits;
   rsa_gen_params.pe = public_exponent;
 
   const CK_FLAGS operation_flags_mask =
       CKF_ENCRYPT | CKF_DECRYPT | CKF_SIGN | CKF_VERIFY | CKF_WRAP | CKF_UNWRAP;
 
   // The private key must be marked as insensitive and extractable, otherwise it
   // cannot later be exported in unencrypted form or structured-cloned.
   const PK11AttrFlags attribute_flags =
       PK11_ATTR_INSENSITIVE | PK11_ATTR_EXTRACTABLE;
 
@@ skipping 10 matching lines @@
                                       operation_flags_mask,
                                       NULL));
   if (!scoped_sec_private_key)
     return Status::OperationError();
 
   blink::WebCryptoKeyAlgorithm key_algorithm;
   if (!CreatePublicKeyAlgorithm(algorithm, sec_public_key, &key_algorithm))
     return Status::ErrorUnexpected();
 
   std::vector<uint8_t> spki_data;
-  Status status = ExportKeySpkiNss(sec_public_key, &spki_data);
+  status = ExportKeySpkiNss(sec_public_key, &spki_data);
   if (status.IsError())
     return status;
 
   scoped_ptr<PublicKeyNss> public_key_handle(new PublicKeyNss(
       crypto::ScopedSECKEYPublicKey(sec_public_key), CryptoData(spki_data)));
 
   std::vector<uint8_t> pkcs8_data;
   status = ExportKeyPkcs8Nss(scoped_sec_private_key.get(), &pkcs8_data);
   if (status.IsError())
     return status;
@@ skipping 243 matching lines @@
       return Status::Success();
     }
     default:
       return Status::ErrorUnexpected();
   }
 }
 
 }  // namespace webcrypto
 
 }  // namespace content