Chromium Code Reviews Chromium Code Reviews
Issue 76363006:
[webcrypto] Add JWK import of RSA public key for NSS. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/renderer/webcrypto/webcrypto_impl.h" | 5 #include "content/renderer/webcrypto/webcrypto_impl.h" |
| 6 | 6 |
| 7 #include <cryptohi.h> | 7 #include <cryptohi.h> |
| 8 #include <pk11pub.h> | 8 #include <pk11pub.h> |
| 9 #include <sechash.h> | 9 #include <sechash.h> |
| 10 | 10 |
| (...skipping 631 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 642 | 642 |
| 643 break; | 643 break; |
| 644 } | 644 } |
| 645 default: | 645 default: |
| 646 return false; | 646 return false; |
| 647 } | 647 } |
| 648 | 648 |
| 649 return true; | 649 return true; |
| 650 } | 650 } |
| 651 | 651 |
| 652 bool WebCryptoImpl::ImportRsaPublicKeyInternal( | |
| 653 const unsigned char* modulus_data, | |
| 654 unsigned modulus_size, | |
| 655 const unsigned char* exponent_data, | |
| 656 unsigned exponent_size, | |
| 657 const blink::WebCryptoAlgorithm& algorithm, | |
| 658 bool extractable, | |
| 659 blink::WebCryptoKeyUsageMask usage_mask, | |
| 660 blink::WebCryptoKey* key) { | |
| 661 | |
| 662 if (!modulus_size || !exponent_size) | |
| 663 return false; | |
| 664 DCHECK(modulus_data); | |
| 665 DCHECK(exponent_data); | |
| 666 | |
| 667 // NSS does not provide a way to create an RSA public key directly from the | |
| 668 // modulus and exponent values, but it can import an DER-encoded ASN.1 blob | |
| 669 // with these values and create the public key from that. The code below | |
| 670 // follows the recommendation described in | |
| 671 // https://developer.mozilla.org/en-US/docs/NSS/NSS_Tech_Notes/nss_tech_note7 | |
| 672 | |
| 673 // Pack the input values into a struct compatible with NSS ASN.1 encoding, and | |
| 674 // set up an ASN.1 encoder template for it. | |
| 675 struct RsaPublicKeyData { | |
| 676 SECItem modulus; | |
| 677 SECItem exponent; | |
| 678 }; | |
| 679 const RsaPublicKeyData pubkey_in = { | |
| 680 {siUnsignedInteger, const_cast<unsigned char*>(modulus_data), | |
| 681 modulus_size}, | |
| 682 {siUnsignedInteger, const_cast<unsigned char*>(exponent_data), | |
| 683 exponent_size}}; | |
| 684 const SEC_ASN1Template RsaPublicKeyTemplate[] = { | |
|
eroman
2013/11/26 06:11:29
style: RsaPublicKeyTemplate -> rsa_public_key_temp
padolph
2013/11/27 04:02:13
Done.
| |
| 685 {SEC_ASN1_SEQUENCE, 0, NULL, sizeof(RsaPublicKeyData)}, | |
| 686 {SEC_ASN1_INTEGER, offsetof(RsaPublicKeyData, modulus), }, | |
|
eroman
2013/11/26 06:11:29
@rsleevi: Do you know if leading zeros is an issue
| |
| 687 {SEC_ASN1_INTEGER, offsetof(RsaPublicKeyData, exponent), }, | |
| 688 {0, }}; | |
| 689 | |
| 690 // DER-encode the public key. | |
| 691 crypto::ScopedSECItem pubkey_der(SEC_ASN1EncodeItem( | |
| 692 NULL, NULL, &pubkey_in, RsaPublicKeyTemplate)); | |
| 693 if (!pubkey_der) | |
| 694 return false; | |
| 695 | |
| 696 // Import the DER-encoded public key to create an RSA SECKEYPublicKey. | |
| 697 crypto::ScopedSECKEYPublicKey pubkey( | |
| 698 SECKEY_ImportDERPublicKey(pubkey_der.get(), CKK_RSA)); | |
| 699 if (!pubkey) | |
| 700 return false; | |
| 701 | |
| 702 *key = blink::WebCryptoKey::create(new PublicKeyHandle(pubkey.Pass()), | |
| 703 blink::WebCryptoKeyTypePublic, | |
| 704 extractable, | |
| 705 algorithm, | |
| 706 usage_mask); | |
| 707 return true; | |
| 708 } | |
| 709 | |
| 652 } // namespace content | 710 } // namespace content |
| OLD | NEW |
