Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(421)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/child/webcrypto/openssl/ec_algorithm_openssl.cc

Issue 835633002: Change the WebCrypto behavior when importing EC private keys without a public key. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@add_private_tests
Patch Set: properly rebase Created 5 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | content/child/webcrypto/test/ecdsa_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/child/webcrypto/openssl/ec_algorithm_openssl.h" 5 #include "content/child/webcrypto/openssl/ec_algorithm_openssl.h"
6 6
7 #include <openssl/ec.h> 7 #include <openssl/ec.h>
8 #include <openssl/ec_key.h> 8 #include <openssl/ec_key.h>
9 #include <openssl/evp.h> 9 #include <openssl/evp.h>
10 #include <openssl/pkcs12.h> 10 #include <openssl/pkcs12.h>
(...skipping 87 matching lines...) Expand 10 before | Expand all | Expand 10 after
98 if (kJwkCrvMappings[i].named_curve == named_curve) { 98 if (kJwkCrvMappings[i].named_curve == named_curve) {
99 *jwk_crv = kJwkCrvMappings[i].jwk_curve; 99 *jwk_crv = kJwkCrvMappings[i].jwk_curve;
100 return Status::Success(); 100 return Status::Success();
101 } 101 }
102 } 102 }
103 return Status::ErrorUnexpected(); 103 return Status::ErrorUnexpected();
104 } 104 }
105 105
106 // Verifies that an EC key imported from PKCS8 or SPKI format is correct. 106 // Verifies that an EC key imported from PKCS8 or SPKI format is correct.
107 // This involves verifying the key validity, and the NID for the named curve. 107 // This involves verifying the key validity, and the NID for the named curve.
108 // Also removes the EC_PKEY_NO_PUBKEY flag if present.
108 Status VerifyEcKeyAfterSpkiOrPkcs8Import( 109 Status VerifyEcKeyAfterSpkiOrPkcs8Import(
109 EVP_PKEY* pkey, 110 EVP_PKEY* pkey,
110 blink::WebCryptoNamedCurve expected_named_curve) { 111 blink::WebCryptoNamedCurve expected_named_curve) {
111 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); 112 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
112 113
113 crypto::ScopedEC_KEY ec(EVP_PKEY_get1_EC_KEY(pkey)); 114 crypto::ScopedEC_KEY ec(EVP_PKEY_get1_EC_KEY(pkey));
114 if (!ec.get()) 115 if (!ec.get())
115 return Status::ErrorUnexpected(); 116 return Status::ErrorUnexpected();
116 117
118 // When importing an ECPrivateKey, the public key is optional. If it was
119 // omitted then the public key will be calculated by BoringSSL and added into
120 // the EC_KEY. However an encoding flag is set such that when exporting to
121 // PKCS8 format the public key is once again omitted. Remove this flag.
122 unsigned int enc_flags = EC_KEY_get_enc_flags(ec.get());
123 enc_flags &= ~EC_PKEY_NO_PUBKEY;
124 EC_KEY_set_enc_flags(ec.get(), enc_flags);
125
117 // TODO(eroman): Is this necessary? From my tests it seems that BoringSSL 126 // TODO(eroman): Is this necessary? From my tests it seems that BoringSSL
118 // already does these checks when setting the public key's affine coordinates. 127 // already does these checks when setting the public key's affine coordinates.
119 if (!EC_KEY_check_key(ec.get())) 128 if (!EC_KEY_check_key(ec.get()))
120 return Status::ErrorEcKeyInvalid(); 129 return Status::ErrorEcKeyInvalid();
121 130
122 // Make sure the curve matches the expected curve name. 131 // Make sure the curve matches the expected curve name.
123 int curve_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec.get())); 132 int curve_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec.get()));
124 blink::WebCryptoNamedCurve named_curve = blink::WebCryptoNamedCurveP256; 133 blink::WebCryptoNamedCurve named_curve = blink::WebCryptoNamedCurveP256;
125 Status status = NidToWebCryptoCurve(curve_nid, &named_curve); 134 Status status = NidToWebCryptoCurve(curve_nid, &named_curve);
126 if (status.IsError()) 135 if (status.IsError())
(...skipping 424 matching lines...) Expand 10 before | Expand all | Expand 10 after
551 key->algorithm().ecParams()->namedCurve()) { 560 key->algorithm().ecParams()->namedCurve()) {
552 return Status::ErrorUnexpected(); 561 return Status::ErrorUnexpected();
553 } 562 }
554 563
555 return Status::Success(); 564 return Status::Success();
556 } 565 }
557 566
558 } // namespace webcrypto 567 } // namespace webcrypto
559 568
560 } // namespace content 569 } // namespace content
OLDNEW
« no previous file with comments | « no previous file | content/child/webcrypto/test/ecdsa_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698