Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(10)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: webrtc/base/nssidentity.cc

Issue 1329493005: Provide RSA2048 as per RFC (Closed) Base URL: https://chromium.googlesource.com/external/webrtc.git@master
Patch Set: Created 5 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | webrtc/base/nssstreamadapter.cc » ('j') | webrtc/base/nssstreamadapter.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright 2012 The WebRTC Project Authors. All rights reserved. 2 * Copyright 2012 The WebRTC Project Authors. All rights reserved.
3 * 3 *
4 * Use of this source code is governed by a BSD-style license 4 * Use of this source code is governed by a BSD-style license
5 * that can be found in the LICENSE file in the root of the source 5 * that can be found in the LICENSE file in the root of the source
6 * tree. An additional intellectual property rights grant can be found 6 * tree. An additional intellectual property rights grant can be found
7 * in the file PATENTS. All contributing project authors may 7 * in the file PATENTS. All contributing project authors may
8 * be found in the AUTHORS file in the root of the source tree. 8 * be found in the AUTHORS file in the root of the source tree.
9 */ 9 */
10 10
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after
45 if (privkey_) 45 if (privkey_)
46 SECKEY_DestroyPrivateKey(privkey_); 46 SECKEY_DestroyPrivateKey(privkey_);
47 if (pubkey_) 47 if (pubkey_)
48 SECKEY_DestroyPublicKey(pubkey_); 48 SECKEY_DestroyPublicKey(pubkey_);
49 } 49 }
50 50
51 NSSKeyPair* NSSKeyPair::Generate(KeyType key_type) { 51 NSSKeyPair* NSSKeyPair::Generate(KeyType key_type) {
52 SECKEYPrivateKey* privkey = nullptr; 52 SECKEYPrivateKey* privkey = nullptr;
53 SECKEYPublicKey* pubkey = nullptr; 53 SECKEYPublicKey* pubkey = nullptr;
54 SSLKEAType ssl_kea_type; 54 SSLKEAType ssl_kea_type;
55 if (key_type == KT_RSA) { 55 if (key_type == KT_RSA1024 || key_type == KT_RSA2048) {
56 PK11RSAGenParams rsa_params; 56 PK11RSAGenParams rsa_params;
57 rsa_params.keySizeInBits = 1024; 57 rsa_params.keySizeInBits = key_type == KT_RSA1024 ? 1024 : 2048;
58 rsa_params.pe = 0x010001; // 65537 -- a common RSA public exponent. 58 rsa_params.pe = 0x010001; // 65537 -- a common RSA public exponent.
59 59
60 privkey = PK11_GenerateKeyPair( 60 privkey = PK11_GenerateKeyPair(
61 NSSContext::GetSlot(), CKM_RSA_PKCS_KEY_PAIR_GEN, &rsa_params, &pubkey, 61 NSSContext::GetSlot(), CKM_RSA_PKCS_KEY_PAIR_GEN, &rsa_params, &pubkey,
62 PR_FALSE /*permanent*/, PR_FALSE /*sensitive*/, nullptr); 62 PR_FALSE /*permanent*/, PR_FALSE /*sensitive*/, nullptr);
63 63
64 ssl_kea_type = ssl_kea_rsa; 64 ssl_kea_type = ssl_kea_rsa;
65 } else if (key_type == KT_ECDSA) { 65 } else if (key_type == KT_ECDSA) {
66 unsigned char param_buf[12]; // OIDs are small 66 unsigned char param_buf[12]; // OIDs are small
67 SECItem ecdsa_params = {siBuffer, param_buf, sizeof(param_buf)}; 67 SECItem ecdsa_params = {siBuffer, param_buf, sizeof(param_buf)};
(...skipping 357 matching lines...) Expand 10 before | Expand all | Expand 10 after
425 425
426 certificate = CERT_CreateCertificate(serial, subject_name, validity, certreq); 426 certificate = CERT_CreateCertificate(serial, subject_name, validity, certreq);
427 if (!certificate) { 427 if (!certificate) {
428 LOG(LS_ERROR) << "Couldn't create certificate"; 428 LOG(LS_ERROR) << "Couldn't create certificate";
429 goto fail; 429 goto fail;
430 } 430 }
431 431
432 arena = certificate->arena; 432 arena = certificate->arena;
433 433
434 SECOidTag sec_oid; 434 SECOidTag sec_oid;
435 if (params.key_type == KT_RSA) { 435 if (params.key_type == KT_RSA1024 || params.key_type == KT_RSA2048) {
436 sec_oid = SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION; 436 sec_oid = SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION;
437 } else if (params.key_type == KT_ECDSA) { 437 } else if (params.key_type == KT_ECDSA) {
438 sec_oid = SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE; 438 sec_oid = SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE;
439 } else { 439 } else {
440 // We should not arrive here since NSSKeyPair::Generate would have failed. 440 // We should not arrive here since NSSKeyPair::Generate would have failed.
441 // Play it safe in order to accomodate code changes. 441 // Play it safe in order to accomodate code changes.
442 LOG(LS_ERROR) << "Key type requested not understood"; 442 LOG(LS_ERROR) << "Key type requested not understood";
443 goto fail; 443 goto fail;
444 } 444 }
445 445
(...skipping 126 matching lines...) Expand 10 before | Expand all | Expand 10 after
572 572
573 573
574 NSSCertificate &NSSIdentity::certificate() const { 574 NSSCertificate &NSSIdentity::certificate() const {
575 return *certificate_; 575 return *certificate_;
576 } 576 }
577 577
578 578
579 } // rtc namespace 579 } // rtc namespace
580 580
581 #endif // HAVE_NSS_SSL_H 581 #endif // HAVE_NSS_SSL_H
OLDNEW
« no previous file with comments | « no previous file | webrtc/base/nssstreamadapter.cc » ('j') | webrtc/base/nssstreamadapter.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698