Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(71)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/renderer/webcrypto/webcrypto_impl_nss.cc

Issue 76363006: [webcrypto] Add JWK import of RSA public key for NSS. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: fixes for rsleevi Created 7 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « content/renderer/webcrypto/webcrypto_impl.cc ('k') | content/renderer/webcrypto/webcrypto_impl_openssl.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/renderer/webcrypto/webcrypto_impl_nss.cc
diff --git a/content/renderer/webcrypto/webcrypto_impl_nss.cc b/content/renderer/webcrypto/webcrypto_impl_nss.cc
index 23e446bdff7052d5174de891a46e552da145f541..291c55d23e7a236c80cce64c8a0a03c7d9b58c9c 100644
--- a/content/renderer/webcrypto/webcrypto_impl_nss.cc
+++ b/content/renderer/webcrypto/webcrypto_impl_nss.cc
@@ -649,4 +649,62 @@ bool WebCryptoImpl::VerifySignatureInternal(
return true;
}
+bool WebCryptoImpl::ImportRsaPublicKeyInternal(
+ const unsigned char* modulus_data,
+ unsigned modulus_size,
+ const unsigned char* exponent_data,
+ unsigned exponent_size,
+ const blink::WebCryptoAlgorithm& algorithm,
+ bool extractable,
+ blink::WebCryptoKeyUsageMask usage_mask,
+ blink::WebCryptoKey* key) {
+
+ if (!modulus_size || !exponent_size)
+ return false;
+ DCHECK(modulus_data);
+ DCHECK(exponent_data);
+
+ // NSS does not provide a way to create an RSA public key directly from the
+ // modulus and exponent values, but it can import an DER-encoded ASN.1 blob
+ // with these values and create the public key from that. The code below
+ // follows the recommendation described in
+ // https://developer.mozilla.org/en-US/docs/NSS/NSS_Tech_Notes/nss_tech_note7
+
+ // Pack the input values into a struct compatible with NSS ASN.1 encoding, and
+ // set up an ASN.1 encoder template for it.
+ struct RsaPublicKeyData {
+ SECItem modulus;
+ SECItem exponent;
+ };
+ const RsaPublicKeyData pubkey_in = {
+ {siUnsignedInteger, const_cast<unsigned char*>(modulus_data),
+ modulus_size},
+ {siUnsignedInteger, const_cast<unsigned char*>(exponent_data),
+ exponent_size}};
+ const SEC_ASN1Template RsaPublicKeyTemplate[] = {
eroman 2013/11/26 06:11:29 style: RsaPublicKeyTemplate -> rsa_public_key_temp
padolph 2013/11/27 04:02:13 Done.
+ {SEC_ASN1_SEQUENCE, 0, NULL, sizeof(RsaPublicKeyData)},
+ {SEC_ASN1_INTEGER, offsetof(RsaPublicKeyData, modulus), },
eroman 2013/11/26 06:11:29 @rsleevi: Do you know if leading zeros is an issue
+ {SEC_ASN1_INTEGER, offsetof(RsaPublicKeyData, exponent), },
+ {0, }};
+
+ // DER-encode the public key.
+ crypto::ScopedSECItem pubkey_der(SEC_ASN1EncodeItem(
+ NULL, NULL, &pubkey_in, RsaPublicKeyTemplate));
+ if (!pubkey_der)
+ return false;
+
+ // Import the DER-encoded public key to create an RSA SECKEYPublicKey.
+ crypto::ScopedSECKEYPublicKey pubkey(
+ SECKEY_ImportDERPublicKey(pubkey_der.get(), CKK_RSA));
+ if (!pubkey)
+ return false;
+
+ *key = blink::WebCryptoKey::create(new PublicKeyHandle(pubkey.Pass()),
+ blink::WebCryptoKeyTypePublic,
+ extractable,
+ algorithm,
+ usage_mask);
+ return true;
+}
+
} // namespace content
« no previous file with comments | « content/renderer/webcrypto/webcrypto_impl.cc ('k') | content/renderer/webcrypto/webcrypto_impl_openssl.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698