device/fido/rsa_public_key.cc - chromium/src - Git at Google

 // Copyright 2020 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "device/fido/rsa_public_key.h"

 #include <utility>

 #include "components/cbor/writer.h"
 #include "device/fido/cbor_extract.h"
 #include "device/fido/fido_constants.h"
 #include "third_party/boringssl/src/include/openssl/bn.h"
 #include "third_party/boringssl/src/include/openssl/bytestring.h"
 #include "third_party/boringssl/src/include/openssl/evp.h"
 #include "third_party/boringssl/src/include/openssl/mem.h"
 #include "third_party/boringssl/src/include/openssl/obj.h"
 #include "third_party/boringssl/src/include/openssl/rsa.h"

 using device::cbor_extract::IntKey;
 using device::cbor_extract::Is;
 using device::cbor_extract::StepOrByte;
 using device::cbor_extract::Stop;

 namespace device {

 // static
 std::unique_ptr<PublicKey> RSAPublicKey::ExtractFromCOSEKey(
     int32_t algorithm,
     base::span<const uint8_t> cbor_bytes,
     const cbor::Value::MapValue& map) {
   // See https://tools.ietf.org/html/rfc8230#section-4
   struct COSEKey {
     const int64_t* kty;
     const std::vector<uint8_t>* n;
     const std::vector<uint8_t>* e;
   } cose_key;

   static constexpr cbor_extract::StepOrByte<COSEKey> kSteps[] = {
       // clang-format off
       ELEMENT(Is::kRequired, COSEKey, kty),
       IntKey<COSEKey>(static_cast<int>(CoseKeyKey::kKty)),

       ELEMENT(Is::kRequired, COSEKey, n),
       IntKey<COSEKey>(static_cast<int>(CoseKeyKey::kRSAModulus)),

       ELEMENT(Is::kRequired, COSEKey, e),
       IntKey<COSEKey>(static_cast<int>(CoseKeyKey::kRSAPublicExponent)),

       Stop<COSEKey>(),
       // clang-format on
   };

   if (!cbor_extract::Extract<COSEKey>(&cose_key, kSteps, map) ||
       *cose_key.kty != static_cast<int64_t>(CoseKeyTypes::kRSA)) {
     return nullptr;
   }

   bssl::UniquePtr<BIGNUM> n_bn(BN_new());
   bssl::UniquePtr<BIGNUM> e_bn(BN_new());
   if (!BN_bin2bn(cose_key.n->data(), cose_key.n->size(), n_bn.get()) ||
       !BN_bin2bn(cose_key.e->data(), cose_key.e->size(), e_bn.get())) {
     return nullptr;
   }

   bssl::UniquePtr<RSA> rsa(RSA_new());
   if (!RSA_set0_key(rsa.get(), n_bn.release(), e_bn.release(), /*d=*/nullptr)) {
     return nullptr;
   }

   bssl::UniquePtr<EVP_PKEY> pkey(EVP_PKEY_new());
   CHECK(EVP_PKEY_assign_RSA(pkey.get(), rsa.release()));

   bssl::ScopedCBB cbb;
   uint8_t* der_bytes = nullptr;
   size_t der_bytes_len = 0;
   CHECK(CBB_init(cbb.get(), /* initial size */ 128) &&
         EVP_marshal_public_key(cbb.get(), pkey.get()) &&
         CBB_finish(cbb.get(), &der_bytes, &der_bytes_len));

   std::vector<uint8_t> der_bytes_vec(der_bytes, der_bytes + der_bytes_len);
   OPENSSL_free(der_bytes);

   return std::make_unique<PublicKey>(algorithm, cbor_bytes,
                                      std::move(der_bytes_vec));
 }

 }  // namespace device
	// Copyright 2020 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "device/fido/rsa_public_key.h"

	#include <utility>

	#include "components/cbor/writer.h"
	#include "device/fido/cbor_extract.h"
	#include "device/fido/fido_constants.h"
	#include "third_party/boringssl/src/include/openssl/bn.h"
	#include "third_party/boringssl/src/include/openssl/bytestring.h"
	#include "third_party/boringssl/src/include/openssl/evp.h"
	#include "third_party/boringssl/src/include/openssl/mem.h"
	#include "third_party/boringssl/src/include/openssl/obj.h"
	#include "third_party/boringssl/src/include/openssl/rsa.h"

	using device::cbor_extract::IntKey;
	using device::cbor_extract::Is;
	using device::cbor_extract::StepOrByte;
	using device::cbor_extract::Stop;

	namespace device {

	// static
	std::unique_ptr<PublicKey> RSAPublicKey::ExtractFromCOSEKey(
	int32_t algorithm,
	base::span<const uint8_t> cbor_bytes,
	const cbor::Value::MapValue& map) {
	// See https://tools.ietf.org/html/rfc8230#section-4
	struct COSEKey {
	const int64_t* kty;
	const std::vector<uint8_t>* n;
	const std::vector<uint8_t>* e;
	} cose_key;

	static constexpr cbor_extract::StepOrByte<COSEKey> kSteps[] = {
	// clang-format off
	ELEMENT(Is::kRequired, COSEKey, kty),
	IntKey<COSEKey>(static_cast<int>(CoseKeyKey::kKty)),

	ELEMENT(Is::kRequired, COSEKey, n),
	IntKey<COSEKey>(static_cast<int>(CoseKeyKey::kRSAModulus)),

	ELEMENT(Is::kRequired, COSEKey, e),
	IntKey<COSEKey>(static_cast<int>(CoseKeyKey::kRSAPublicExponent)),

	Stop<COSEKey>(),
	// clang-format on
	};

	if (!cbor_extract::Extract<COSEKey>(&cose_key, kSteps, map) \|\|
	*cose_key.kty != static_cast<int64_t>(CoseKeyTypes::kRSA)) {
	return nullptr;
	}

	bssl::UniquePtr<BIGNUM> n_bn(BN_new());
	bssl::UniquePtr<BIGNUM> e_bn(BN_new());
	if (!BN_bin2bn(cose_key.n->data(), cose_key.n->size(), n_bn.get()) \|\|
	!BN_bin2bn(cose_key.e->data(), cose_key.e->size(), e_bn.get())) {
	return nullptr;
	}

	bssl::UniquePtr<RSA> rsa(RSA_new());
	if (!RSA_set0_key(rsa.get(), n_bn.release(), e_bn.release(), /d=/nullptr)) {
	return nullptr;
	}

	bssl::UniquePtr<EVP_PKEY> pkey(EVP_PKEY_new());
	CHECK(EVP_PKEY_assign_RSA(pkey.get(), rsa.release()));

	bssl::ScopedCBB cbb;
	uint8_t* der_bytes = nullptr;
	size_t der_bytes_len = 0;
	CHECK(CBB_init(cbb.get(), /* initial size */ 128) &&
	EVP_marshal_public_key(cbb.get(), pkey.get()) &&
	CBB_finish(cbb.get(), &der_bytes, &der_bytes_len));

	std::vector<uint8_t> der_bytes_vec(der_bytes, der_bytes + der_bytes_len);
	OPENSSL_free(der_bytes);

	return std::make_unique<PublicKey>(algorithm, cbor_bytes,
	std::move(der_bytes_vec));
	}

	} // namespace device