| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/extensions/api/platform_keys/platform_keys_api.h" | 5 #include "chrome/browser/extensions/api/platform_keys/platform_keys_api.h" |
| 6 | 6 |
| 7 #include <vector> | 7 #include <vector> |
| 8 | 8 |
| 9 #include "base/bind.h" | 9 #include "base/bind.h" |
| 10 #include "base/logging.h" | 10 #include "base/logging.h" |
| 11 #include "base/values.h" | 11 #include "base/values.h" |
| 12 #include "chrome/browser/chromeos/platform_keys/platform_keys.h" | 12 #include "chrome/browser/chromeos/platform_keys/platform_keys.h" |
| 13 #include "chrome/browser/chromeos/platform_keys/platform_keys_service.h" | 13 #include "chrome/browser/chromeos/platform_keys/platform_keys_service.h" |
| 14 #include "chrome/browser/chromeos/platform_keys/platform_keys_service_factory.h" | 14 #include "chrome/browser/chromeos/platform_keys/platform_keys_service_factory.h" |
| 15 #include "chrome/common/extensions/api/platform_keys_internal.h" | 15 #include "chrome/common/extensions/api/platform_keys_internal.h" |
| 16 #include "content/public/browser/browser_thread.h" | 16 #include "content/public/browser/browser_thread.h" |
| 17 #include "net/cert/x509_certificate.h" | 17 #include "net/cert/x509_certificate.h" |
| 18 | 18 |
| 19 namespace extensions { | 19 namespace extensions { |
| 20 | 20 |
| 21 namespace api_pk = api::platform_keys; | 21 namespace api_pk = api::platform_keys; |
| 22 namespace api_pki = api::platform_keys_internal; | 22 namespace api_pki = api::platform_keys_internal; |
| 23 | 23 |
| 24 namespace { | 24 namespace { |
| 25 | 25 |
| 26 const char kErrorAlgorithmNotSupported[] = "Algorithm not supported."; | 26 const char kErrorAlgorithmNotSupported[] = "Algorithm not supported."; |
| 27 const char kErrorAlgorithmNotPermittedByCertificate[] = |
| 28 "The requested Algorithm is not permitted by the certificate."; |
| 27 const char kErrorInvalidX509Cert[] = | 29 const char kErrorInvalidX509Cert[] = |
| 28 "Certificate is not a valid X.509 certificate."; | 30 "Certificate is not a valid X.509 certificate."; |
| 29 | 31 |
| 32 const char kWebCryptoRSASSA_PKCS1_v1_5[] = "RSASSA-PKCS1-v1_5"; |
| 33 |
| 30 struct PublicKeyInfo { | 34 struct PublicKeyInfo { |
| 31 // The X.509 Subject Public Key Info of the key in DER encoding. | 35 // The X.509 Subject Public Key Info of the key in DER encoding. |
| 32 std::string public_key_spki_der; | 36 std::string public_key_spki_der; |
| 33 | 37 |
| 34 // The type of the key. | 38 // The type of the key. |
| 35 net::X509Certificate::PublicKeyType key_type = | 39 net::X509Certificate::PublicKeyType key_type = |
| 36 net::X509Certificate::kPublicKeyTypeUnknown; | 40 net::X509Certificate::kPublicKeyTypeUnknown; |
| 37 | 41 |
| 38 // The size of the key in bits. | 42 // The size of the key in bits. |
| 39 size_t key_size_bits = 0; | 43 size_t key_size_bits = 0; |
| 40 }; | 44 }; |
| 41 | 45 |
| 42 // Builds a partial WebCrypto Algorithm object from the parameters available in | 46 // Builds a partial WebCrypto Algorithm object from the parameters available in |
| 43 // |key_info|, which must the info of an RSA key. This doesn't include sign/hash | 47 // |key_info|, which must the info of an RSA key. This doesn't include sign/hash |
| 44 // parameters and thus isn't complete. | 48 // parameters and thus isn't complete. |
| 45 // platform_keys::GetPublicKey() enforced the public exponent 65537. | 49 // platform_keys::GetPublicKey() enforced the public exponent 65537. |
| 46 void BuildWebCryptoRSAAlgorithmDictionary(const PublicKeyInfo& key_info, | 50 void BuildWebCryptoRSAAlgorithmDictionary(const PublicKeyInfo& key_info, |
| 47 base::DictionaryValue* algorithm) { | 51 base::DictionaryValue* algorithm) { |
| 48 CHECK_EQ(net::X509Certificate::kPublicKeyTypeRSA, key_info.key_type); | 52 CHECK_EQ(net::X509Certificate::kPublicKeyTypeRSA, key_info.key_type); |
| 49 algorithm->SetStringWithoutPathExpansion("name", "RSASSA-PKCS1-v1_5"); | 53 algorithm->SetStringWithoutPathExpansion("name", kWebCryptoRSASSA_PKCS1_v1_5); |
| 50 algorithm->SetIntegerWithoutPathExpansion("modulusLength", | 54 algorithm->SetIntegerWithoutPathExpansion("modulusLength", |
| 51 key_info.key_size_bits); | 55 key_info.key_size_bits); |
| 52 | 56 |
| 53 // Equals 65537. | 57 // Equals 65537. |
| 54 const unsigned char defaultPublicExponent[] = {0x01, 0x00, 0x01}; | 58 const unsigned char defaultPublicExponent[] = {0x01, 0x00, 0x01}; |
| 55 algorithm->SetWithoutPathExpansion( | 59 algorithm->SetWithoutPathExpansion( |
| 56 "publicExponent", | 60 "publicExponent", |
| 57 base::BinaryValue::CreateWithCopiedBuffer( | 61 base::BinaryValue::CreateWithCopiedBuffer( |
| 58 reinterpret_cast<const char*>(defaultPublicExponent), | 62 reinterpret_cast<const char*>(defaultPublicExponent), |
| 59 arraysize(defaultPublicExponent))); | 63 arraysize(defaultPublicExponent))); |
| (...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 115 | 119 |
| 116 PublicKeyInfo key_info; | 120 PublicKeyInfo key_info; |
| 117 key_info.public_key_spki_der = | 121 key_info.public_key_spki_der = |
| 118 chromeos::platform_keys::GetSubjectPublicKeyInfo(cert_x509); | 122 chromeos::platform_keys::GetSubjectPublicKeyInfo(cert_x509); |
| 119 if (!chromeos::platform_keys::GetPublicKey(cert_x509, &key_info.key_type, | 123 if (!chromeos::platform_keys::GetPublicKey(cert_x509, &key_info.key_type, |
| 120 &key_info.key_size_bits) || | 124 &key_info.key_size_bits) || |
| 121 key_info.key_type != net::X509Certificate::kPublicKeyTypeRSA) { | 125 key_info.key_type != net::X509Certificate::kPublicKeyTypeRSA) { |
| 122 return RespondNow(Error(kErrorAlgorithmNotSupported)); | 126 return RespondNow(Error(kErrorAlgorithmNotSupported)); |
| 123 } | 127 } |
| 124 | 128 |
| 129 // Currently, the only supported combination is: |
| 130 // A certificate declaring rsaEncryption in the SubjectPublicKeyInfo used |
| 131 // with the RSASSA-PKCS1-v1.5 algorithm. |
| 132 if (params->algorithm_name != kWebCryptoRSASSA_PKCS1_v1_5) { |
| 133 return RespondNow(Error(kErrorAlgorithmNotPermittedByCertificate)); |
| 134 } |
| 135 |
| 125 api_pki::GetPublicKey::Results::Algorithm algorithm; | 136 api_pki::GetPublicKey::Results::Algorithm algorithm; |
| 126 BuildWebCryptoRSAAlgorithmDictionary(key_info, | 137 BuildWebCryptoRSAAlgorithmDictionary(key_info, |
| 127 &algorithm.additional_properties); | 138 &algorithm.additional_properties); |
| 128 | 139 |
| 129 return RespondNow(ArgumentList(api_pki::GetPublicKey::Results::Create( | 140 return RespondNow(ArgumentList(api_pki::GetPublicKey::Results::Create( |
| 130 std::vector<char>(key_info.public_key_spki_der.begin(), | 141 std::vector<char>(key_info.public_key_spki_der.begin(), |
| 131 key_info.public_key_spki_der.end()), | 142 key_info.public_key_spki_der.end()), |
| 132 algorithm))); | 143 algorithm))); |
| 133 } | 144 } |
| 134 | 145 |
| (...skipping 122 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 257 const std::string& error_message) { | 268 const std::string& error_message) { |
| 258 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI)); | 269 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI)); |
| 259 if (error_message.empty()) | 270 if (error_message.empty()) |
| 260 Respond(ArgumentList(api_pki::Sign::Results::Create( | 271 Respond(ArgumentList(api_pki::Sign::Results::Create( |
| 261 std::vector<char>(signature.begin(), signature.end())))); | 272 std::vector<char>(signature.begin(), signature.end())))); |
| 262 else | 273 else |
| 263 Respond(Error(error_message)); | 274 Respond(Error(error_message)); |
| 264 } | 275 } |
| 265 | 276 |
| 266 } // namespace extensions | 277 } // namespace extensions |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 998293002:
chrome.platformKeys.getKeyPair: Check requested algorithm against certificate. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@require_alg_name