OLD | NEW |
1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- | 1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- |
2 * | 2 * |
3 * ***** BEGIN LICENSE BLOCK ***** | 3 * ***** BEGIN LICENSE BLOCK ***** |
4 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 4 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
5 * | 5 * |
6 * The contents of this file are subject to the Mozilla Public License Version | 6 * The contents of this file are subject to the Mozilla Public License Version |
7 * 1.1 (the "License"); you may not use this file except in compliance with | 7 * 1.1 (the "License"); you may not use this file except in compliance with |
8 * the License. You may obtain a copy of the License at | 8 * the License. You may obtain a copy of the License at |
9 * http://www.mozilla.org/MPL/ | 9 * http://www.mozilla.org/MPL/ |
10 * | 10 * |
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
42 | 42 |
43 #include <pk11pub.h> | 43 #include <pk11pub.h> |
44 #include <prerror.h> // PR_GetError() | 44 #include <prerror.h> // PR_GetError() |
45 #include <secmod.h> | 45 #include <secmod.h> |
46 #include <secder.h> // DER_Encode() | 46 #include <secder.h> // DER_Encode() |
47 #include <cryptohi.h> // SEC_DerSignData() | 47 #include <cryptohi.h> // SEC_DerSignData() |
48 #include <keyhi.h> // SECKEY_CreateSubjectPublicKeyInfo() | 48 #include <keyhi.h> // SECKEY_CreateSubjectPublicKeyInfo() |
49 | 49 |
50 #include "base/base64.h" | 50 #include "base/base64.h" |
51 #include "base/logging.h" | 51 #include "base/logging.h" |
52 #include "base/nss_util_internal.h" | |
53 #include "base/nss_util.h" | 52 #include "base/nss_util.h" |
54 #include "base/string_util.h" | |
55 #include "googleurl/src/gurl.h" | 53 #include "googleurl/src/gurl.h" |
56 | 54 |
57 namespace { | 55 namespace { |
58 | 56 |
59 // Template for creating the signed public key structure to be sent to the CA. | 57 // Template for creating the signed public key structure to be sent to the CA. |
60 DERTemplate SECAlgorithmIDTemplate[] = { | 58 DERTemplate SECAlgorithmIDTemplate[] = { |
61 { DER_SEQUENCE, | 59 { DER_SEQUENCE, |
62 0, NULL, sizeof(SECAlgorithmID) }, | 60 0, NULL, sizeof(SECAlgorithmID) }, |
63 { DER_OBJECT_ID, | 61 { DER_OBJECT_ID, |
64 offsetof(SECAlgorithmID, algorithm), }, | 62 offsetof(SECAlgorithmID, algorithm), }, |
(...skipping 25 matching lines...) Expand all Loading... |
90 | 88 |
91 } // namespace | 89 } // namespace |
92 | 90 |
93 namespace mozilla_security_manager { | 91 namespace mozilla_security_manager { |
94 | 92 |
95 // This function is based on the nsKeygenFormProcessor::GetPublicKey function | 93 // This function is based on the nsKeygenFormProcessor::GetPublicKey function |
96 // in mozilla/security/manager/ssl/src/nsKeygenHandler.cpp. | 94 // in mozilla/security/manager/ssl/src/nsKeygenHandler.cpp. |
97 std::string GenKeyAndSignChallenge(int key_size_in_bits, | 95 std::string GenKeyAndSignChallenge(int key_size_in_bits, |
98 const std::string& challenge, | 96 const std::string& challenge, |
99 const GURL& url, | 97 const GURL& url, |
| 98 PK11SlotInfo* slot, |
100 bool stores_key) { | 99 bool stores_key) { |
101 // Key pair generation mechanism - only RSA is supported at present. | 100 // Key pair generation mechanism - only RSA is supported at present. |
102 PRUint32 keyGenMechanism = CKM_RSA_PKCS_KEY_PAIR_GEN; // from nss/pkcs11t.h | 101 PRUint32 keyGenMechanism = CKM_RSA_PKCS_KEY_PAIR_GEN; // from nss/pkcs11t.h |
103 | 102 |
104 // Temporary structures used for generating the result | 103 // Temporary structures used for generating the result |
105 // in the right format. | 104 // in the right format. |
106 PK11SlotInfo *slot = NULL; | |
107 PK11RSAGenParams rsaKeyGenParams; // Keygen parameters. | 105 PK11RSAGenParams rsaKeyGenParams; // Keygen parameters. |
108 SECOidTag algTag; // used by SEC_DerSignData(). | 106 SECOidTag algTag; // used by SEC_DerSignData(). |
109 SECKEYPrivateKey *privateKey = NULL; | 107 SECKEYPrivateKey *privateKey = NULL; |
110 SECKEYPublicKey *publicKey = NULL; | 108 SECKEYPublicKey *publicKey = NULL; |
111 CERTSubjectPublicKeyInfo *spkInfo = NULL; | 109 CERTSubjectPublicKeyInfo *spkInfo = NULL; |
112 PRArenaPool *arena = NULL; | 110 PRArenaPool *arena = NULL; |
113 SECStatus sec_rv =SECFailure; | 111 SECStatus sec_rv =SECFailure; |
114 SECItem spkiItem; | 112 SECItem spkiItem; |
115 SECItem pkacItem; | 113 SECItem pkacItem; |
116 SECItem signedItem; | 114 SECItem signedItem; |
117 CERTPublicKeyAndChallenge pkac; | 115 CERTPublicKeyAndChallenge pkac; |
118 void *keyGenParams; | 116 void *keyGenParams; |
119 bool isSuccess = true; // Set to false as soon as a step fails. | 117 bool isSuccess = true; // Set to false as soon as a step fails. |
120 | 118 |
121 std::string result_blob; // the result. | 119 std::string result_blob; // the result. |
122 | 120 |
123 // Ensure NSS is initialized. | |
124 base::EnsureNSSInit(); | |
125 | |
126 slot = base::GetDefaultNSSKeySlot(); | |
127 if (!slot) { | |
128 LOG(ERROR) << "Couldn't get Internal key slot!"; | |
129 isSuccess = false; | |
130 goto failure; | |
131 } | |
132 | |
133 switch (keyGenMechanism) { | 121 switch (keyGenMechanism) { |
134 case CKM_RSA_PKCS_KEY_PAIR_GEN: | 122 case CKM_RSA_PKCS_KEY_PAIR_GEN: |
135 rsaKeyGenParams.keySizeInBits = key_size_in_bits; | 123 rsaKeyGenParams.keySizeInBits = key_size_in_bits; |
136 rsaKeyGenParams.pe = DEFAULT_RSA_KEYGEN_PE; | 124 rsaKeyGenParams.pe = DEFAULT_RSA_KEYGEN_PE; |
137 keyGenParams = &rsaKeyGenParams; | 125 keyGenParams = &rsaKeyGenParams; |
138 | 126 |
139 algTag = DEFAULT_RSA_KEYGEN_ALG; | 127 algTag = DEFAULT_RSA_KEYGEN_ALG; |
140 break; | 128 break; |
141 default: | 129 default: |
142 // TODO(gauravsh): If we ever support other mechanisms, | 130 // TODO(gauravsh): If we ever support other mechanisms, |
143 // this can be changed. | 131 // this can be changed. |
144 LOG(ERROR) << "Only RSA keygen mechanism is supported"; | 132 LOG(ERROR) << "Only RSA keygen mechanism is supported"; |
145 isSuccess = false; | 133 isSuccess = false; |
146 goto failure; | 134 goto failure; |
147 } | 135 } |
148 | 136 |
149 // Need to make sure that the token was initialized. | |
150 // Assume a null password. | |
151 sec_rv = PK11_Authenticate(slot, PR_TRUE, NULL); | |
152 if (SECSuccess != sec_rv) { | |
153 LOG(ERROR) << "Couldn't initialze PK11 token!"; | |
154 isSuccess = false; | |
155 goto failure; | |
156 } | |
157 | |
158 VLOG(1) << "Creating key pair..."; | 137 VLOG(1) << "Creating key pair..."; |
159 { | 138 { |
160 base::AutoNSSWriteLock lock; | 139 base::AutoNSSWriteLock lock; |
161 privateKey = PK11_GenerateKeyPair(slot, | 140 privateKey = PK11_GenerateKeyPair(slot, |
162 keyGenMechanism, | 141 keyGenMechanism, |
163 keyGenParams, | 142 keyGenParams, |
164 &publicKey, | 143 &publicKey, |
165 PR_TRUE, // isPermanent? | 144 PR_TRUE, // isPermanent? |
166 PR_TRUE, // isSensitive? | 145 PR_TRUE, // isSensitive? |
167 NULL); | 146 NULL); |
(...skipping 100 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
268 PK11_DestroyTokenObject(publicKey->pkcs11Slot, publicKey->pkcs11ID); | 247 PK11_DestroyTokenObject(publicKey->pkcs11Slot, publicKey->pkcs11ID); |
269 } | 248 } |
270 SECKEY_DestroyPublicKey(publicKey); | 249 SECKEY_DestroyPublicKey(publicKey); |
271 } | 250 } |
272 if (spkInfo) { | 251 if (spkInfo) { |
273 SECKEY_DestroySubjectPublicKeyInfo(spkInfo); | 252 SECKEY_DestroySubjectPublicKeyInfo(spkInfo); |
274 } | 253 } |
275 if (arena) { | 254 if (arena) { |
276 PORT_FreeArena(arena, PR_TRUE); | 255 PORT_FreeArena(arena, PR_TRUE); |
277 } | 256 } |
278 if (slot != NULL) { | |
279 PK11_FreeSlot(slot); | |
280 } | |
281 | 257 |
282 return (isSuccess ? result_blob : std::string()); | 258 return (isSuccess ? result_blob : std::string()); |
283 } | 259 } |
284 | 260 |
285 } // namespace mozilla_security_manager | 261 } // namespace mozilla_security_manager |
OLD | NEW |