chrome/browser/extensions/api/platform_keys/platform_keys_api.cc - Issue 998293002: chrome.platformKeys.getKeyPair: Check requested algorithm against certificate.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: chrome/browser/extensions/api/platform_keys/platform_keys_api.cc

Issue 998293002: chrome.platformKeys.getKeyPair: Check requested algorithm against certificate. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@require_alg_name

Patch Set: Fix string in test. Created 5 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: chrome/browser/extensions/api/platform_keys/platform_keys_api.cc

diff --git a/chrome/browser/extensions/api/platform_keys/platform_keys_api.cc b/chrome/browser/extensions/api/platform_keys/platform_keys_api.cc

index 15f7a9f1fd50171fb6de2664f26ed5adabbe0e0c..117618736aed3136333e9d78c8fb52b858e206da 100644

--- a/chrome/browser/extensions/api/platform_keys/platform_keys_api.cc

+++ b/chrome/browser/extensions/api/platform_keys/platform_keys_api.cc

@@ -24,9 +24,13 @@ namespace api_pki = api::platform_keys_internal;

namespace {

const char kErrorAlgorithmNotSupported[] = "Algorithm not supported.";

+const char kErrorAlgorithmNotPermittedByCertificate[] =

+ "The requested Algorithm is not permitted by the certificate.";

const char kErrorInvalidX509Cert[] =

"Certificate is not a valid X.509 certificate.";

+const char kWebCryptoRSASSA_PKCS1_v1_5[] = "RSASSA-PKCS1-v1_5";

struct PublicKeyInfo {

// The X.509 Subject Public Key Info of the key in DER encoding.

std::string public_key_spki_der;

@@ -46,7 +50,7 @@ struct PublicKeyInfo {

void BuildWebCryptoRSAAlgorithmDictionary(const PublicKeyInfo& key_info,

base::DictionaryValue* algorithm) {

CHECK_EQ(net::X509Certificate::kPublicKeyTypeRSA, key_info.key_type);

- algorithm->SetStringWithoutPathExpansion("name", "RSASSA-PKCS1-v1_5");

+ algorithm->SetStringWithoutPathExpansion("name", kWebCryptoRSASSA_PKCS1_v1_5);

algorithm->SetIntegerWithoutPathExpansion("modulusLength",

key_info.key_size_bits);

@@ -122,6 +126,13 @@ PlatformKeysInternalGetPublicKeyFunction::Run() {

return RespondNow(Error(kErrorAlgorithmNotSupported));

}

+ // Currently, the only supported combination is:

+ // A certificate declaring rsaEncryption in the SubjectPublicKeyInfo used

+ // with the RSASSA-PKCS1-v1.5 algorithm.

+ if (params->algorithm_name != kWebCryptoRSASSA_PKCS1_v1_5) {

+ return RespondNow(Error(kErrorAlgorithmNotPermittedByCertificate));

+ }

api_pki::GetPublicKey::Results::Algorithm algorithm;

BuildWebCryptoRSAAlgorithmDictionary(key_info,

&algorithm.additional_properties);

« no previous file with comments | « no previous file | chrome/common/extensions/api/platform_keys_internal.idl » ('j') | no next file with comments »