Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1050)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/extensions/api/platform_keys/platform_keys_api.cc

Issue 998293002: chrome.platformKeys.getKeyPair: Check requested algorithm against certificate. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@require_alg_name
Patch Set: Created 5 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | chrome/common/extensions/api/platform_keys_internal.idl » ('j') | chrome/common/extensions/api/platform_keys_internal.idl » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/extensions/api/platform_keys/platform_keys_api.cc
diff --git a/chrome/browser/extensions/api/platform_keys/platform_keys_api.cc b/chrome/browser/extensions/api/platform_keys/platform_keys_api.cc
index 15f7a9f1fd50171fb6de2664f26ed5adabbe0e0c..d6e9aa8c93ce842008ef9e1d9f90f20432d19f7f 100644
--- a/chrome/browser/extensions/api/platform_keys/platform_keys_api.cc
+++ b/chrome/browser/extensions/api/platform_keys/platform_keys_api.cc
@@ -24,9 +24,13 @@ namespace api_pki = api::platform_keys_internal;
namespace {
const char kErrorAlgorithmNotSupported[] = "Algorithm not supported.";
+const char kErrorAlgorithmNotPermittedByCertificate[] =
+ "The requested Algorithm is not permitted by Certificate.";
Andrew T Wilson (Slow) 2015/03/19 07:38:12 by Certificate or "by the Certificate"?
pneubeck (no reviews) 2015/03/23 13:43:12 Done.
const char kErrorInvalidX509Cert[] =
"Certificate is not a valid X.509 certificate.";
+const char kWebCryptoRSASSA_PKCS1_v1_5[] = "RSASSA-PKCS1-v1_5";
+
struct PublicKeyInfo {
// The X.509 Subject Public Key Info of the key in DER encoding.
std::string public_key_spki_der;
@@ -46,7 +50,7 @@ struct PublicKeyInfo {
void BuildWebCryptoRSAAlgorithmDictionary(const PublicKeyInfo& key_info,
base::DictionaryValue* algorithm) {
CHECK_EQ(net::X509Certificate::kPublicKeyTypeRSA, key_info.key_type);
- algorithm->SetStringWithoutPathExpansion("name", "RSASSA-PKCS1-v1_5");
+ algorithm->SetStringWithoutPathExpansion("name", kWebCryptoRSASSA_PKCS1_v1_5);
algorithm->SetIntegerWithoutPathExpansion("modulusLength",
key_info.key_size_bits);
@@ -122,6 +126,13 @@ PlatformKeysInternalGetPublicKeyFunction::Run() {
return RespondNow(Error(kErrorAlgorithmNotSupported));
}
+ // The currently only supported combination is:
Andrew T Wilson (Slow) 2015/03/19 07:38:12 nit: "The only currently supported" or "Currently,
pneubeck (no reviews) 2015/03/23 13:43:12 Done.
+ // A certificate declaring rsaEncryption in the SubjectPublicKeyInfo used
+ // with the RSASSA-PKCS1-v1.5 algorithm.
+ if (params->algorithm_name != kWebCryptoRSASSA_PKCS1_v1_5) {
+ return RespondNow(Error(kErrorAlgorithmNotPermittedByCertificate));
+ }
+
api_pki::GetPublicKey::Results::Algorithm algorithm;
BuildWebCryptoRSAAlgorithmDictionary(key_info,
&algorithm.additional_properties);
« no previous file with comments | « no previous file | chrome/common/extensions/api/platform_keys_internal.idl » ('j') | chrome/common/extensions/api/platform_keys_internal.idl » ('J')

Powered by Google App Engine
This is Rietveld 408576698