Reject certificate chains containing small RSA and DSA keys.

"Small" means less than 1024 bits. BUG=102949 TEST=net_unittests, X509CertificateTest.* Review URL: http://codereview.chromium.org/8568040 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@114709 0039d316-1c4b-4281-b951-d872f2087c98
author: palmer@chromium.org <palmer@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2011-12-15 22:39:58 +0000
committer: palmer@chromium.org <palmer@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2011-12-15 22:39:58 +0000
commit: 39a6d21d254773c175a852fc38aadc83a58aa17c (patch)
tree: 37110e4ac7185dedb649f9dc7a61eee507bd58f7 /net/base/x509_certificate_mac.cc
parent: 8658ac6d02565f95fc440da5689fc5c72d5f69da (diff)
download: chromium_src-39a6d21d254773c175a852fc38aadc83a58aa17c.zip
chromium_src-39a6d21d254773c175a852fc38aadc83a58aa17c.tar.gz
chromium_src-39a6d21d254773c175a852fc38aadc83a58aa17c.tar.bz2
1 files changed, 46 insertions, 1 deletions
diff --git a/net/base/x509_certificate_mac.cc b/net/base/x509_certificate_mac.cc
index 0e65375..333cd82 100644
--- a/net/base/x509_certificate_mac.cc
+++ b/net/base/x509_certificate_mac.cc
@@ -812,7 +812,7 @@ X509Certificate* X509Certificate::CreateSelfSigned(
   }
 
   CSSM_BOOL confirmRequired;
-  CSSM_TP_RESULT_SET *resultSet = NULL;
+  CSSM_TP_RESULT_SET* resultSet = NULL;
   crtn = CSSM_TP_RetrieveCredResult(tp_handle, &refId, NULL, &estTime,
                                     &confirmRequired, &resultSet);
   ScopedEncodedCertResults scopedResults(resultSet);
@@ -1514,4 +1514,49 @@ bool X509Certificate::WriteOSCertHandleToPickle(OSCertHandle cert_handle,
                            cert_data.Length);
 }
 
+// static
+void X509Certificate::GetPublicKeyInfo(OSCertHandle cert_handle,
+                                       size_t* size_bits,
+                                       PublicKeyType* type) {
+  // Since we might fail, set the output parameters to default values first.
+  *type = kPublicKeyTypeUnknown;
+  *size_bits = 0;
+
+  SecKeyRef key;
+  OSStatus status = SecCertificateCopyPublicKey(cert_handle, &key);
+  if (status) {
+    NOTREACHED() << "SecCertificateCopyPublicKey failed: " << status;
+    return;
+  }
+  ScopedCFTypeRef<SecKeyRef> scoped_key;
+
+  const CSSM_KEY* cssm_key;
+  status = SecKeyGetCSSMKey(key, &cssm_key);
+  if (status) {
+    NOTREACHED() << "SecKeyGetCSSMKey failed: " << status;
+    return;
+  }
+
+  *size_bits = cssm_key->KeyHeader.LogicalKeySizeInBits;
+
+  switch (cssm_key->KeyHeader.AlgorithmId) {
+    case CSSM_ALGID_RSA:
+      *type = kPublicKeyTypeRSA;
+      break;
+    case CSSM_ALGID_DSA:
+      *type = kPublicKeyTypeDSA;
+      break;
+    case CSSM_ALGID_ECDSA:
+      *type = kPublicKeyTypeECDSA;
+      break;
+    case CSSM_ALGID_DH:
+      *type = kPublicKeyTypeDH;
+      break;
+    default:
+      *type = kPublicKeyTypeUnknown;
+      *size_bits = 0;
+      break;
+  }
+}
+
 }  // namespace net
author	palmer@chromium.org <palmer@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2011-12-15 22:39:58 +0000
committer	palmer@chromium.org <palmer@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2011-12-15 22:39:58 +0000
commit	39a6d21d254773c175a852fc38aadc83a58aa17c (patch)
tree	37110e4ac7185dedb649f9dc7a61eee507bd58f7 /net/base/x509_certificate_mac.cc
parent	8658ac6d02565f95fc440da5689fc5c72d5f69da (diff)
download	chromium_src-39a6d21d254773c175a852fc38aadc83a58aa17c.zip chromium_src-39a6d21d254773c175a852fc38aadc83a58aa17c.tar.gz chromium_src-39a6d21d254773c175a852fc38aadc83a58aa17c.tar.bz2