OLD | NEW |
---|---|
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "crypto/ec_private_key.h" | 5 #include "crypto/ec_private_key.h" |
6 | 6 |
7 extern "C" { | 7 extern "C" { |
8 // Work around NSS missing SEC_BEGIN_PROTOS in secmodt.h. This must come before | 8 // Work around NSS missing SEC_BEGIN_PROTOS in secmodt.h. This must come before |
9 // other NSS headers. | 9 // other NSS headers. |
10 #include <secmodt.h> | 10 #include <secmodt.h> |
(...skipping 110 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
121 *public_key = SECKEY_ExtractPublicKey(decoded_spki); | 121 *public_key = SECKEY_ExtractPublicKey(decoded_spki); |
122 | 122 |
123 if (!*public_key) { | 123 if (!*public_key) { |
124 DLOG(ERROR) << "SECKEY_ExtractPublicKey: " << PORT_GetError(); | 124 DLOG(ERROR) << "SECKEY_ExtractPublicKey: " << PORT_GetError(); |
125 return false; | 125 return false; |
126 } | 126 } |
127 | 127 |
128 SECItem encoded_epki = { | 128 SECItem encoded_epki = { |
129 siBuffer, | 129 siBuffer, |
130 const_cast<unsigned char*>(encrypted_private_key_info), | 130 const_cast<unsigned char*>(encrypted_private_key_info), |
131 encrypted_private_key_info_len | 131 static_cast<unsigned int>(encrypted_private_key_info_len) |
brettw
2012/05/29 19:30:46
unsigned int -> unsigned (same elsewhere)
Han
2012/05/29 20:57:04
Done.
| |
132 }; | 132 }; |
133 SECKEYEncryptedPrivateKeyInfo epki; | 133 SECKEYEncryptedPrivateKeyInfo epki; |
134 memset(&epki, 0, sizeof(epki)); | 134 memset(&epki, 0, sizeof(epki)); |
135 | 135 |
136 ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE)); | 136 ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE)); |
137 | 137 |
138 SECStatus rv = SEC_QuickDERDecodeItem( | 138 SECStatus rv = SEC_QuickDERDecodeItem( |
139 arena.get(), | 139 arena.get(), |
140 &epki, | 140 &epki, |
141 SEC_ASN1_GET(SECKEY_EncryptedPrivateKeyInfoTemplate), | 141 SEC_ASN1_GET(SECKEY_EncryptedPrivateKeyInfoTemplate), |
142 &encoded_epki); | 142 &encoded_epki); |
143 if (rv != SECSuccess) { | 143 if (rv != SECSuccess) { |
144 DLOG(ERROR) << "SEC_QuickDERDecodeItem: " << PORT_GetError(); | 144 DLOG(ERROR) << "SEC_QuickDERDecodeItem: " << PORT_GetError(); |
145 SECKEY_DestroyPublicKey(*public_key); | 145 SECKEY_DestroyPublicKey(*public_key); |
146 *public_key = NULL; | 146 *public_key = NULL; |
147 return false; | 147 return false; |
148 } | 148 } |
149 | 149 |
150 SECItem password_item = { | 150 SECItem password_item = { |
151 siBuffer, | 151 siBuffer, |
152 reinterpret_cast<unsigned char*>(const_cast<char*>(password.data())), | 152 reinterpret_cast<unsigned char*>(const_cast<char*>(password.data())), |
153 password.size() | 153 static_cast<unsigned int>(password.size()) |
154 }; | 154 }; |
155 | 155 |
156 rv = ImportEncryptedECPrivateKeyInfoAndReturnKey( | 156 rv = ImportEncryptedECPrivateKeyInfoAndReturnKey( |
157 slot.get(), | 157 slot.get(), |
158 &epki, | 158 &epki, |
159 &password_item, | 159 &password_item, |
160 NULL, // nickname | 160 NULL, // nickname |
161 &(*public_key)->u.ec.publicValue, | 161 &(*public_key)->u.ec.publicValue, |
162 permanent, | 162 permanent, |
163 sensitive, | 163 sensitive, |
(...skipping 14 matching lines...) Expand all Loading... | |
178 const std::string& password, | 178 const std::string& password, |
179 int iterations, | 179 int iterations, |
180 std::vector<uint8>* output) { | 180 std::vector<uint8>* output) { |
181 // We export as an EncryptedPrivateKeyInfo bundle instead of a plain PKCS #8 | 181 // We export as an EncryptedPrivateKeyInfo bundle instead of a plain PKCS #8 |
182 // PrivateKeyInfo because PK11_ImportDERPrivateKeyInfoAndReturnKey doesn't | 182 // PrivateKeyInfo because PK11_ImportDERPrivateKeyInfoAndReturnKey doesn't |
183 // support EC keys. | 183 // support EC keys. |
184 // https://bugzilla.mozilla.org/show_bug.cgi?id=327773 | 184 // https://bugzilla.mozilla.org/show_bug.cgi?id=327773 |
185 SECItem password_item = { | 185 SECItem password_item = { |
186 siBuffer, | 186 siBuffer, |
187 reinterpret_cast<unsigned char*>(const_cast<char*>(password.data())), | 187 reinterpret_cast<unsigned char*>(const_cast<char*>(password.data())), |
188 password.size() | 188 static_cast<unsigned int>(password.size()) |
189 }; | 189 }; |
190 | 190 |
191 SECKEYEncryptedPrivateKeyInfo* encrypted = PK11_ExportEncryptedPrivKeyInfo( | 191 SECKEYEncryptedPrivateKeyInfo* encrypted = PK11_ExportEncryptedPrivKeyInfo( |
192 NULL, // Slot, optional. | 192 NULL, // Slot, optional. |
193 SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC, | 193 SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC, |
194 &password_item, | 194 &password_item, |
195 key_, | 195 key_, |
196 iterations, | 196 iterations, |
197 NULL); // wincx. | 197 NULL); // wincx. |
198 | 198 |
(...skipping 58 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
257 return NULL; | 257 return NULL; |
258 } | 258 } |
259 | 259 |
260 // SECKEYECParams is a SECItem containing the DER encoded ASN.1 ECParameters | 260 // SECKEYECParams is a SECItem containing the DER encoded ASN.1 ECParameters |
261 // value. For a named curve, that is just the OBJECT IDENTIFIER of the curve. | 261 // value. For a named curve, that is just the OBJECT IDENTIFIER of the curve. |
262 // In addition to the oid data, the encoding requires one byte for the ASN.1 | 262 // In addition to the oid data, the encoding requires one byte for the ASN.1 |
263 // tag and one byte for the length (assuming the length is <= 127). | 263 // tag and one byte for the length (assuming the length is <= 127). |
264 DCHECK_LE(oid_data->oid.len, 127U); | 264 DCHECK_LE(oid_data->oid.len, 127U); |
265 std::vector<unsigned char> parameters_buf(2 + oid_data->oid.len); | 265 std::vector<unsigned char> parameters_buf(2 + oid_data->oid.len); |
266 SECKEYECParams ec_parameters = { | 266 SECKEYECParams ec_parameters = { |
267 siDEROID, ¶meters_buf[0], parameters_buf.size() | 267 siDEROID, ¶meters_buf[0], |
268 static_cast<unsigned int>(parameters_buf.size()) | |
268 }; | 269 }; |
269 | 270 |
270 ec_parameters.data[0] = SEC_ASN1_OBJECT_ID; | 271 ec_parameters.data[0] = SEC_ASN1_OBJECT_ID; |
271 ec_parameters.data[1] = oid_data->oid.len; | 272 ec_parameters.data[1] = oid_data->oid.len; |
272 memcpy(ec_parameters.data + 2, oid_data->oid.data, oid_data->oid.len); | 273 memcpy(ec_parameters.data + 2, oid_data->oid.data, oid_data->oid.len); |
273 | 274 |
274 result->key_ = PK11_GenerateKeyPair(slot.get(), | 275 result->key_ = PK11_GenerateKeyPair(slot.get(), |
275 CKM_EC_KEY_PAIR_GEN, | 276 CKM_EC_KEY_PAIR_GEN, |
276 &ec_parameters, | 277 &ec_parameters, |
277 &result->public_key_, | 278 &result->public_key_, |
(...skipping 15 matching lines...) Expand all Loading... | |
293 const std::vector<uint8>& subject_public_key_info, | 294 const std::vector<uint8>& subject_public_key_info, |
294 bool permanent, | 295 bool permanent, |
295 bool sensitive) { | 296 bool sensitive) { |
296 EnsureNSSInit(); | 297 EnsureNSSInit(); |
297 | 298 |
298 scoped_ptr<ECPrivateKey> result(new ECPrivateKey); | 299 scoped_ptr<ECPrivateKey> result(new ECPrivateKey); |
299 | 300 |
300 SECItem encoded_spki = { | 301 SECItem encoded_spki = { |
301 siBuffer, | 302 siBuffer, |
302 const_cast<unsigned char*>(&subject_public_key_info[0]), | 303 const_cast<unsigned char*>(&subject_public_key_info[0]), |
303 subject_public_key_info.size() | 304 static_cast<unsigned int>(subject_public_key_info.size()) |
304 }; | 305 }; |
305 CERTSubjectPublicKeyInfo* decoded_spki = SECKEY_DecodeDERSubjectPublicKeyInfo( | 306 CERTSubjectPublicKeyInfo* decoded_spki = SECKEY_DecodeDERSubjectPublicKeyInfo( |
306 &encoded_spki); | 307 &encoded_spki); |
307 if (!decoded_spki) { | 308 if (!decoded_spki) { |
308 DLOG(ERROR) << "SECKEY_DecodeDERSubjectPublicKeyInfo: " << PORT_GetError(); | 309 DLOG(ERROR) << "SECKEY_DecodeDERSubjectPublicKeyInfo: " << PORT_GetError(); |
309 return NULL; | 310 return NULL; |
310 } | 311 } |
311 | 312 |
312 bool success = ECPrivateKey::ImportFromEncryptedPrivateKeyInfo( | 313 bool success = ECPrivateKey::ImportFromEncryptedPrivateKeyInfo( |
313 password, | 314 password, |
314 &encrypted_private_key_info[0], | 315 &encrypted_private_key_info[0], |
315 encrypted_private_key_info.size(), | 316 encrypted_private_key_info.size(), |
316 decoded_spki, | 317 decoded_spki, |
317 permanent, | 318 permanent, |
318 sensitive, | 319 sensitive, |
319 &result->key_, | 320 &result->key_, |
320 &result->public_key_); | 321 &result->public_key_); |
321 | 322 |
322 SECKEY_DestroySubjectPublicKeyInfo(decoded_spki); | 323 SECKEY_DestroySubjectPublicKeyInfo(decoded_spki); |
323 | 324 |
324 if (success) | 325 if (success) |
325 return result.release(); | 326 return result.release(); |
326 | 327 |
327 return NULL; | 328 return NULL; |
328 } | 329 } |
329 | 330 |
330 } // namespace crypto | 331 } // namespace crypto |
OLD | NEW |