Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(941)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/child/webcrypto/nss/rsa_key_nss.cc

Issue 401233004: Refactor RSA key generation for WebCrypto's NSS implementation. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 6 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | content/child/webcrypto/shared_crypto_unittest.cc » ('j') | content/child/webcrypto/shared_crypto_unittest.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/child/webcrypto/nss/rsa_key_nss.h" 5 #include "content/child/webcrypto/nss/rsa_key_nss.h"
6 6
7 #include "base/logging.h" 7 #include "base/logging.h"
8 #include "content/child/webcrypto/crypto_data.h" 8 #include "content/child/webcrypto/crypto_data.h"
9 #include "content/child/webcrypto/jwk.h" 9 #include "content/child/webcrypto/jwk.h"
10 #include "content/child/webcrypto/nss/key_nss.h" 10 #include "content/child/webcrypto/nss/key_nss.h"
11 #include "content/child/webcrypto/nss/util_nss.h" 11 #include "content/child/webcrypto/nss/util_nss.h"
12 #include "content/child/webcrypto/status.h" 12 #include "content/child/webcrypto/status.h"
13 #include "content/child/webcrypto/webcrypto_util.h" 13 #include "content/child/webcrypto/webcrypto_util.h"
14 #include "crypto/scoped_nss_types.h" 14 #include "crypto/scoped_nss_types.h"
15 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" 15 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"
16 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h" 16 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h"
17 17
18 namespace content { 18 namespace content {
19 19
20 namespace webcrypto { 20 namespace webcrypto {
21 21
22 namespace { 22 namespace {
23 23
24 // Converts a (big-endian) WebCrypto BigInteger, with or without leading zeros,
25 // to unsigned long.
26 bool BigIntegerToLong(const uint8_t* data,
27 unsigned int data_size,
28 unsigned long* result) {
29 // TODO(eroman): Fix handling of empty biginteger. http://crubg.com/373552
30 if (data_size == 0)
31 return false;
32
33 *result = 0;
34 for (size_t i = 0; i < data_size; ++i) {
35 size_t reverse_i = data_size - i - 1;
36
37 if (reverse_i >= sizeof(unsigned long) && data[i])
38 return false; // Too large for a long.
39
40 *result |= data[i] << 8 * reverse_i;
41 }
42 return true;
43 }
44
45 bool CreatePublicKeyAlgorithm(const blink::WebCryptoAlgorithm& algorithm, 24 bool CreatePublicKeyAlgorithm(const blink::WebCryptoAlgorithm& algorithm,
46 SECKEYPublicKey* key, 25 SECKEYPublicKey* key,
47 blink::WebCryptoKeyAlgorithm* key_algorithm) { 26 blink::WebCryptoKeyAlgorithm* key_algorithm) {
48 // TODO(eroman): What about other key types rsaPss, rsaOaep. 27 // TODO(eroman): What about other key types rsaPss, rsaOaep.
49 if (!key || key->keyType != rsaKey) 28 if (!key || key->keyType != rsaKey)
50 return false; 29 return false;
51 30
52 unsigned int modulus_length_bits = SECKEY_PublicKeyStrength(key) * 8; 31 unsigned int modulus_length_bits = SECKEY_PublicKeyStrength(key) * 8;
53 CryptoData public_exponent(key->u.rsa.publicExponent.data, 32 CryptoData public_exponent(key->u.rsa.publicExponent.data,
54 key->u.rsa.publicExponent.len); 33 key->u.rsa.publicExponent.len);
(...skipping 516 matching lines...) Expand 10 before | Expand all | Expand 10 after
571 return Status::Success(); 550 return Status::Success();
572 } 551 }
573 552
574 Status RsaHashedAlgorithm::GenerateKeyPair( 553 Status RsaHashedAlgorithm::GenerateKeyPair(
575 const blink::WebCryptoAlgorithm& algorithm, 554 const blink::WebCryptoAlgorithm& algorithm,
576 bool extractable, 555 bool extractable,
577 blink::WebCryptoKeyUsageMask public_usage_mask, 556 blink::WebCryptoKeyUsageMask public_usage_mask,
578 blink::WebCryptoKeyUsageMask private_usage_mask, 557 blink::WebCryptoKeyUsageMask private_usage_mask,
579 blink::WebCryptoKey* public_key, 558 blink::WebCryptoKey* public_key,
580 blink::WebCryptoKey* private_key) const { 559 blink::WebCryptoKey* private_key) const {
581 const blink::WebCryptoRsaHashedKeyGenParams* params = 560 unsigned int public_exponent = 0;
582 algorithm.rsaHashedKeyGenParams(); 561 unsigned int modulus_length_bits = 0;
583 562 Status status = GetRsaKeyGenGetParameters(algorithm.rsaHashedKeyGenParams(),
584 if (!params->modulusLengthBits()) 563 &public_exponent,
585 return Status::ErrorGenerateRsaZeroModulus(); 564 &modulus_length_bits);
586 565 if (status.IsError())
587 unsigned long public_exponent = 0; 566 return status;
588 if (!BigIntegerToLong(params->publicExponent().data(),
589 params->publicExponent().size(),
590 &public_exponent) ||
591 (public_exponent != 3 && public_exponent != 65537)) {
592 return Status::ErrorGenerateKeyPublicExponent();
593 }
594 567
595 crypto::ScopedPK11Slot slot(PK11_GetInternalKeySlot()); 568 crypto::ScopedPK11Slot slot(PK11_GetInternalKeySlot());
596 if (!slot) 569 if (!slot)
597 return Status::OperationError(); 570 return Status::OperationError();
598 571
599 PK11RSAGenParams rsa_gen_params; 572 PK11RSAGenParams rsa_gen_params;
600 // keySizeInBits is a signed type, don't pass in a negative value. 573 rsa_gen_params.keySizeInBits = modulus_length_bits;
601 if (params->modulusLengthBits() > INT_MAX)
602 return Status::OperationError();
603 rsa_gen_params.keySizeInBits = params->modulusLengthBits();
604 rsa_gen_params.pe = public_exponent; 574 rsa_gen_params.pe = public_exponent;
605 575
606 const CK_FLAGS operation_flags_mask = 576 const CK_FLAGS operation_flags_mask =
607 CKF_ENCRYPT | CKF_DECRYPT | CKF_SIGN | CKF_VERIFY | CKF_WRAP | CKF_UNWRAP; 577 CKF_ENCRYPT | CKF_DECRYPT | CKF_SIGN | CKF_VERIFY | CKF_WRAP | CKF_UNWRAP;
608 578
609 // The private key must be marked as insensitive and extractable, otherwise it 579 // The private key must be marked as insensitive and extractable, otherwise it
610 // cannot later be exported in unencrypted form or structured-cloned. 580 // cannot later be exported in unencrypted form or structured-cloned.
611 const PK11AttrFlags attribute_flags = 581 const PK11AttrFlags attribute_flags =
612 PK11_ATTR_INSENSITIVE | PK11_ATTR_EXTRACTABLE; 582 PK11_ATTR_INSENSITIVE | PK11_ATTR_EXTRACTABLE;
613 583
(...skipping 274 matching lines...) Expand 10 before | Expand all | Expand 10 after
888 return Status::Success(); 858 return Status::Success();
889 } 859 }
890 default: 860 default:
891 return Status::ErrorUnexpected(); 861 return Status::ErrorUnexpected();
892 } 862 }
893 } 863 }
894 864
895 } // namespace webcrypto 865 } // namespace webcrypto
896 866
897 } // namespace content 867 } // namespace content
OLDNEW
« no previous file with comments | « no previous file | content/child/webcrypto/shared_crypto_unittest.cc » ('j') | content/child/webcrypto/shared_crypto_unittest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698