nsresult
CryptoKey::PublicKeyToSpki(SECKEYPublicKey* aPubKey,
CryptoBuffer& aRetVal,
const nsNSSShutDownPreventionLock& /*proofOfLock*/)
{
ScopedCERTSubjectPublicKeyInfo spki(SECKEY_CreateSubjectPublicKeyInfo(aPubKey));
if (!spki) {
return NS_ERROR_DOM_OPERATION_ERR;
}
// Per WebCrypto spec we must export ECDH SPKIs with the algorithm OID
// id-ecDH (1.3.132.112). NSS doesn't know about that OID and there is
// no way to specify the algorithm to use when exporting a public key.
if (aPubKey->keyType == ecKey) {
SECStatus rv = SECITEM_CopyItem(spki->arena, &spki->algorithm.algorithm,
&SEC_OID_DATA_EC_DH);
if (rv != SECSuccess) {
return NS_ERROR_DOM_OPERATION_ERR;
}
}
const SEC_ASN1Template* tpl = SEC_ASN1_GET(CERT_SubjectPublicKeyInfoTemplate);
ScopedSECItem spkiItem(SEC_ASN1EncodeItem(nullptr, nullptr, spki, tpl));
aRetVal.Assign(spkiItem.get());
return NS_OK;
}
SECKEYPublicKey*
CryptoKey::PublicKeyFromSpki(CryptoBuffer& aKeyData,
const nsNSSShutDownPreventionLock& /*proofOfLock*/)
{
ScopedSECItem spkiItem(aKeyData.ToSECItem());
if (!spkiItem) {
return nullptr;
}
ScopedCERTSubjectPublicKeyInfo spki(SECKEY_DecodeDERSubjectPublicKeyInfo(spkiItem.get()));
if (!spki) {
return nullptr;
}
// Check for id-ecDH. Per the WebCrypto spec we must support it but NSS
// does unfortunately not know about it. Let's change the algorithm to
// id-ecPublicKey to make NSS happy.
if (SECITEM_ItemsAreEqual(&SEC_OID_DATA_EC_DH, &spki->algorithm.algorithm)) {
// Retrieve OID data for id-ecPublicKey (1.2.840.10045.2.1).
SECOidData* oidData = SECOID_FindOIDByTag(SEC_OID_ANSIX962_EC_PUBLIC_KEY);
if (!oidData) {
return nullptr;
}
SECStatus rv = SECITEM_CopyItem(spki->arena, &spki->algorithm.algorithm,
&oidData->oid);
if (rv != SECSuccess) {
return nullptr;
}
}
return SECKEY_ExtractPublicKey(spki.get());
}
UniqueSECKEYPublicKey
CryptoKey::PublicKeyFromSpki(CryptoBuffer& aKeyData,
const nsNSSShutDownPreventionLock& /*proofOfLock*/)
{
UniquePLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
if (!arena) {
return nullptr;
}
SECItem spkiItem = { siBuffer, nullptr, 0 };
if (!aKeyData.ToSECItem(arena.get(), &spkiItem)) {
return nullptr;
}
UniqueCERTSubjectPublicKeyInfo spki(
SECKEY_DecodeDERSubjectPublicKeyInfo(&spkiItem));
if (!spki) {
return nullptr;
}
bool isECDHAlgorithm = SECITEM_ItemsAreEqual(&SEC_OID_DATA_EC_DH,
&spki->algorithm.algorithm);
bool isDHAlgorithm = SECITEM_ItemsAreEqual(&SEC_OID_DATA_DH_KEY_AGREEMENT,
&spki->algorithm.algorithm);
// Check for |id-ecDH| and |dhKeyAgreement|. Per the WebCrypto spec we must
// support these OIDs but NSS does unfortunately not know about them. Let's
// change the algorithm to |id-ecPublicKey| or |dhPublicKey| to make NSS happy.
if (isECDHAlgorithm || isDHAlgorithm) {
SECOidTag oid = SEC_OID_UNKNOWN;
if (isECDHAlgorithm) {
oid = SEC_OID_ANSIX962_EC_PUBLIC_KEY;
} else if (isDHAlgorithm) {
oid = SEC_OID_X942_DIFFIE_HELMAN_KEY;
} else {
MOZ_ASSERT(false);
}
SECOidData* oidData = SECOID_FindOIDByTag(oid);
if (!oidData) {
return nullptr;
}
SECStatus rv = SECITEM_CopyItem(spki->arena, &spki->algorithm.algorithm,
&oidData->oid);
if (rv != SECSuccess) {
return nullptr;
}
}
UniqueSECKEYPublicKey tmp(SECKEY_ExtractPublicKey(spki.get()));
if (!tmp.get() || !PublicKeyValid(tmp.get())) {
return nullptr;
}
return UniqueSECKEYPublicKey(SECKEY_CopyPublicKey(tmp.get()));
}
SECKEYPublicKey*
CryptoKey::PublicKeyFromSpki(CryptoBuffer& aKeyData,
const nsNSSShutDownPreventionLock& /*proofOfLock*/)
{
ScopedSECItem spkiItem(aKeyData.ToSECItem());
if (!spkiItem) {
return nullptr;
}
ScopedCERTSubjectPublicKeyInfo spki(SECKEY_DecodeDERSubjectPublicKeyInfo(spkiItem.get()));
if (!spki) {
return nullptr;
}
return SECKEY_ExtractPublicKey(spki.get());
}
SECStatus
CheckPublicKeySize(const SECItem& subjectPublicKeyInfo,
/*out*/ ScopedSECKeyPublicKey& publicKey)
{
ScopedPtr<CERTSubjectPublicKeyInfo, SECKEY_DestroySubjectPublicKeyInfo>
spki(SECKEY_DecodeDERSubjectPublicKeyInfo(&subjectPublicKeyInfo));
if (!spki) {
return SECFailure;
}
publicKey = SECKEY_ExtractPublicKey(spki.get());
if (!publicKey) {
return SECFailure;
}
static const unsigned int MINIMUM_NON_ECC_BITS = 1024;
switch (publicKey.get()->keyType) {
case ecKey:
// TODO(bug 622859): We should check which curve.
return SECSuccess;
case dsaKey: // fall through
case rsaKey:
// TODO(bug 622859): Enforce a minimum of 2048 bits for EV certs.
if (SECKEY_PublicKeyStrengthInBits(publicKey.get()) < MINIMUM_NON_ECC_BITS) {
// TODO(bug 1031946): Create a new error code.
PR_SetError(SEC_ERROR_INVALID_KEY, 0);
return SECFailure;
}
break;
case nullKey:
case fortezzaKey:
case dhKey:
case keaKey:
case rsaPssKey:
case rsaOaepKey:
default:
PR_SetError(SEC_ERROR_UNSUPPORTED_KEYALG, 0);
return SECFailure;
}
return SECSuccess;
}
static nsresult
GetAttestationCertificate(const UniquePK11SlotInfo& aSlot,
/*out*/ UniqueSECKEYPrivateKey& aAttestPrivKey,
/*out*/ UniqueCERTCertificate& aAttestCert,
const nsNSSShutDownPreventionLock& locker)
{
MOZ_ASSERT(aSlot);
if (NS_WARN_IF(!aSlot)) {
return NS_ERROR_INVALID_ARG;
}
UniqueSECKEYPublicKey pubKey;
// Construct an ephemeral keypair for this Attestation Certificate
nsresult rv = GenEcKeypair(aSlot, aAttestPrivKey, pubKey, locker);
if (NS_WARN_IF(NS_FAILED(rv) || !aAttestPrivKey || !pubKey)) {
MOZ_LOG(gNSSTokenLog, LogLevel::Warning,
("Failed to gen keypair, NSS error #%d", PORT_GetError()));
return NS_ERROR_FAILURE;
}
// Construct the Attestation Certificate itself
UniqueCERTName subjectName(CERT_AsciiToName(kAttestCertSubjectName.get()));
if (NS_WARN_IF(!subjectName)) {
MOZ_LOG(gNSSTokenLog, LogLevel::Warning,
("Failed to set subject name, NSS error #%d", PORT_GetError()));
return NS_ERROR_FAILURE;
}
UniqueCERTSubjectPublicKeyInfo spki(
SECKEY_CreateSubjectPublicKeyInfo(pubKey.get()));
if (NS_WARN_IF(!spki)) {
MOZ_LOG(gNSSTokenLog, LogLevel::Warning,
("Failed to set SPKI, NSS error #%d", PORT_GetError()));
return NS_ERROR_FAILURE;
}
UniqueCERTCertificateRequest certreq(
CERT_CreateCertificateRequest(subjectName.get(), spki.get(), nullptr));
if (NS_WARN_IF(!certreq)) {
MOZ_LOG(gNSSTokenLog, LogLevel::Warning,
("Failed to gen CSR, NSS error #%d", PORT_GetError()));
return NS_ERROR_FAILURE;
}
PRTime now = PR_Now();
PRTime notBefore = now - kExpirationSlack;
PRTime notAfter = now + kExpirationLife;
UniqueCERTValidity validity(CERT_CreateValidity(notBefore, notAfter));
if (NS_WARN_IF(!validity)) {
MOZ_LOG(gNSSTokenLog, LogLevel::Warning,
("Failed to gen validity, NSS error #%d", PORT_GetError()));
return NS_ERROR_FAILURE;
}
unsigned long serial;
unsigned char* serialBytes =
mozilla::BitwiseCast<unsigned char*, unsigned long*>(&serial);
SECStatus srv = PK11_GenerateRandomOnSlot(aSlot.get(), serialBytes,
sizeof(serial));
if (NS_WARN_IF(srv != SECSuccess)) {
MOZ_LOG(gNSSTokenLog, LogLevel::Warning,
("Failed to gen serial, NSS error #%d", PORT_GetError()));
return NS_ERROR_FAILURE;
}
// Ensure that the most significant bit isn't set (which would
// indicate a negative number, which isn't valid for serial
// numbers).
serialBytes[0] &= 0x7f;
// Also ensure that the least significant bit on the most
// significant byte is set (to prevent a leading zero byte,
// which also wouldn't be valid).
serialBytes[0] |= 0x01;
aAttestCert = UniqueCERTCertificate(
CERT_CreateCertificate(serial, subjectName.get(), validity.get(),
certreq.get()));
if (NS_WARN_IF(!aAttestCert)) {
MOZ_LOG(gNSSTokenLog, LogLevel::Warning,
("Failed to gen certificate, NSS error #%d", PORT_GetError()));
return NS_ERROR_FAILURE;
}
PLArenaPool* arena = aAttestCert->arena;
srv = SECOID_SetAlgorithmID(arena, &aAttestCert->signature,
SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE,
/* wincx */ nullptr);
if (NS_WARN_IF(srv != SECSuccess)) {
return NS_ERROR_FAILURE;
}
// Set version to X509v3.
*(aAttestCert->version.data) = SEC_CERTIFICATE_VERSION_3;
aAttestCert->version.len = 1;
SECItem innerDER = { siBuffer, nullptr, 0 };
if (NS_WARN_IF(!SEC_ASN1EncodeItem(arena, &innerDER, aAttestCert.get(),
SEC_ASN1_GET(CERT_CertificateTemplate)))) {
return NS_ERROR_FAILURE;
}
SECItem* signedCert = PORT_ArenaZNew(arena, SECItem);
if (NS_WARN_IF(!signedCert)) {
return NS_ERROR_FAILURE;
}
srv = SEC_DerSignData(arena, signedCert, innerDER.data, innerDER.len,
aAttestPrivKey.get(),
SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE);
if (NS_WARN_IF(srv != SECSuccess)) {
return NS_ERROR_FAILURE;
}
aAttestCert->derCert = *signedCert;
MOZ_LOG(gNSSTokenLog, LogLevel::Debug,
("U2F Soft Token attestation certificate generated."));
return NS_OK;
}
nsresult Generate()
{
nsresult rv;
// Get the key slot for generation later
UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
if (!slot) {
return mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
}
// Remove existing certs with this name (if any)
rv = RemoveExisting();
if (NS_FAILED(rv)) {
return rv;
}
// Generate a new cert
NS_NAMED_LITERAL_CSTRING(commonNamePrefix, "CN=");
nsAutoCString subjectNameStr(commonNamePrefix + mNickname);
UniqueCERTName subjectName(CERT_AsciiToName(subjectNameStr.get()));
if (!subjectName) {
return mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
}
// Use the well-known NIST P-256 curve
SECOidData* curveOidData = SECOID_FindOIDByTag(SEC_OID_SECG_EC_SECP256R1);
if (!curveOidData) {
return mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
}
// Get key params from the curve
ScopedAutoSECItem keyParams(2 + curveOidData->oid.len);
keyParams.data[0] = SEC_ASN1_OBJECT_ID;
keyParams.data[1] = curveOidData->oid.len;
memcpy(keyParams.data + 2, curveOidData->oid.data, curveOidData->oid.len);
// Generate cert key pair
SECKEYPublicKey* tempPublicKey;
UniqueSECKEYPrivateKey privateKey(
PK11_GenerateKeyPair(slot.get(), CKM_EC_KEY_PAIR_GEN, &keyParams,
&tempPublicKey, true /* token */,
true /* sensitive */, nullptr));
UniqueSECKEYPublicKey publicKey(tempPublicKey);
tempPublicKey = nullptr;
if (!privateKey || !publicKey) {
return mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
}
// Create subject public key info and cert request
UniqueCERTSubjectPublicKeyInfo spki(
SECKEY_CreateSubjectPublicKeyInfo(publicKey.get()));
if (!spki) {
return mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
}
UniqueCERTCertificateRequest certRequest(
CERT_CreateCertificateRequest(subjectName.get(), spki.get(), nullptr));
if (!certRequest) {
return mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
}
// Valid from one day before to 1 year after
static const PRTime oneDay = PRTime(PR_USEC_PER_SEC)
* PRTime(60) // sec
* PRTime(60) // min
* PRTime(24); // hours
PRTime now = PR_Now();
PRTime notBefore = now - oneDay;
PRTime notAfter = now + (PRTime(365) * oneDay);
UniqueCERTValidity validity(CERT_CreateValidity(notBefore, notAfter));
if (!validity) {
return mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
}
// Generate random serial
unsigned long serial;
// This serial in principle could collide, but it's unlikely
rv = MapSECStatus(PK11_GenerateRandomOnSlot(
slot.get(), BitwiseCast<unsigned char*, unsigned long*>(&serial),
sizeof(serial)));
if (NS_FAILED(rv)) {
return rv;
}
// Create the cert from these pieces
UniqueCERTCertificate cert(
CERT_CreateCertificate(serial, subjectName.get(), validity.get(),
certRequest.get()));
if (!cert) {
return mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
}
// Update the cert version to X509v3
if (!cert->version.data) {
return NS_ERROR_INVALID_POINTER;
}
*(cert->version.data) = SEC_CERTIFICATE_VERSION_3;
cert->version.len = 1;
// Set cert signature algorithm
PLArenaPool* arena = cert->arena;
if (!arena) {
return NS_ERROR_INVALID_POINTER;
}
rv = MapSECStatus(
SECOID_SetAlgorithmID(arena, &cert->signature,
SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE, 0));
if (NS_FAILED(rv)) {
return rv;
}
// Encode and self-sign the cert
UniqueSECItem certDER(
SEC_ASN1EncodeItem(nullptr, nullptr, cert.get(),
SEC_ASN1_GET(CERT_CertificateTemplate)));
if (!certDER) {
return mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
}
rv = MapSECStatus(
SEC_DerSignData(arena, &cert->derCert, certDER->data, certDER->len,
privateKey.get(),
SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE));
if (NS_FAILED(rv)) {
return rv;
}
// Create a CERTCertificate from the signed data
UniqueCERTCertificate certFromDER(
CERT_NewTempCertificate(CERT_GetDefaultCertDB(), &cert->derCert, nullptr,
true /* perm */, true /* copyDER */));
if (!certFromDER) {
return mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
}
// Save the cert in the DB
rv = MapSECStatus(PK11_ImportCert(slot.get(), certFromDER.get(),
CK_INVALID_HANDLE, mNickname.get(),
false /* unused */));
if (NS_FAILED(rv)) {
return rv;
}
// We should now have cert in the DB, read it back in nsIX509Cert form
return GetFromDB();
}
Result
CheckIssuerIndependentProperties(TrustDomain& trustDomain,
const BackCert& cert,
Time time,
KeyUsage requiredKeyUsageIfPresent,
KeyPurposeId requiredEKUIfPresent,
const CertPolicyId& requiredPolicy,
unsigned int subCACount,
/*out*/ TrustLevel& trustLevel)
{
Result rv;
const EndEntityOrCA endEntityOrCA = cert.endEntityOrCA;
// Check the cert's trust first, because we want to minimize the amount of
// processing we do on a distrusted cert, in case it is trying to exploit
// some bug in our processing.
rv = trustDomain.GetCertTrust(endEntityOrCA, requiredPolicy, cert.GetDER(),
trustLevel);
if (rv != Success) {
return rv;
}
if (trustLevel == TrustLevel::TrustAnchor &&
endEntityOrCA == EndEntityOrCA::MustBeEndEntity &&
requiredEKUIfPresent == KeyPurposeId::id_kp_OCSPSigning) {
// OCSP signer certificates can never be trust anchors, especially
// since we don't support designated OCSP responders. All of the checks
// below that are dependent on trustLevel rely on this overriding of the
// trust level for OCSP signers.
trustLevel = TrustLevel::InheritsTrust;
}
switch (trustLevel) {
case TrustLevel::InheritsTrust:
rv = CheckSignatureAlgorithm(trustDomain, endEntityOrCA,
cert.GetSignedData(), cert.GetSignature());
if (rv != Success) {
return rv;
}
break;
case TrustLevel::TrustAnchor:
// We don't even bother checking signatureAlgorithm or signature for
// syntactic validity for trust anchors, because we don't use those
// fields for anything, and because the trust anchor might be signed
// with a signature algorithm we don't actually support.
break;
case TrustLevel::ActivelyDistrusted:
return Result::ERROR_UNTRUSTED_CERT;
}
// Check the SPKI early, because it is one of the most selective properties
// of the certificate due to SHA-1 deprecation and the deprecation of
// certificates with keys weaker than RSA 2048.
Reader spki(cert.GetSubjectPublicKeyInfo());
rv = der::Nested(spki, der::SEQUENCE, [&](Reader& r) {
return CheckSubjectPublicKeyInfo(r, trustDomain, endEntityOrCA);
});
if (rv != Success) {
return rv;
}
rv = der::End(spki);
if (rv != Success) {
return rv;
}
// 4.2.1.1. Authority Key Identifier is ignored (see bug 965136).
// 4.2.1.2. Subject Key Identifier is ignored (see bug 965136).
// 4.2.1.3. Key Usage
rv = CheckKeyUsage(endEntityOrCA, cert.GetKeyUsage(),
requiredKeyUsageIfPresent);
if (rv != Success) {
return rv;
}
// 4.2.1.4. Certificate Policies
rv = CheckCertificatePolicies(endEntityOrCA, cert.GetCertificatePolicies(),
cert.GetInhibitAnyPolicy(), trustLevel,
requiredPolicy);
if (rv != Success) {
return rv;
}
// 4.2.1.5. Policy Mappings are not supported; see the documentation about
// policy enforcement in pkix.h.
// 4.2.1.6. Subject Alternative Name dealt with during name constraint
// checking and during name verification (CERT_VerifyCertName).
// 4.2.1.7. Issuer Alternative Name is not something that needs checking.
// 4.2.1.8. Subject Directory Attributes is not something that needs
// checking.
// 4.2.1.9. Basic Constraints.
rv = CheckBasicConstraints(endEntityOrCA, cert.GetBasicConstraints(),
cert.GetVersion(), trustLevel, subCACount);
if (rv != Success) {
return rv;
}
// 4.2.1.10. Name Constraints is dealt with in during path building.
// 4.2.1.11. Policy Constraints are implicitly supported; see the
// documentation about policy enforcement in pkix.h.
// 4.2.1.12. Extended Key Usage
rv = CheckExtendedKeyUsage(endEntityOrCA, cert.GetExtKeyUsage(),
requiredEKUIfPresent);
if (rv != Success) {
return rv;
}
// 4.2.1.13. CRL Distribution Points is not supported, though the
// TrustDomain's CheckRevocation method may parse it and process it
// on its own.
// 4.2.1.14. Inhibit anyPolicy is implicitly supported; see the documentation
// about policy enforcement in pkix.h.
// IMPORTANT: This check must come after the other checks in order for error
// ranking to work correctly.
Time notBefore(Time::uninitialized);
Time notAfter(Time::uninitialized);
rv = CheckValidity(cert.GetValidity(), time, ¬Before, ¬After);
if (rv != Success) {
return rv;
}
rv = trustDomain.CheckValidityIsAcceptable(notBefore, notAfter, endEntityOrCA,
requiredEKUIfPresent);
if (rv != Success) {
return rv;
}
return Success;
}
RefPtr<DtlsIdentity> DtlsIdentity::Generate() {
UniquePK11SlotInfo slot(PK11_GetInternalSlot());
if (!slot) {
return nullptr;
}
uint8_t random_name[16];
SECStatus rv = PK11_GenerateRandomOnSlot(slot.get(), random_name,
sizeof(random_name));
if (rv != SECSuccess)
return nullptr;
std::string name;
char chunk[3];
for (size_t i = 0; i < sizeof(random_name); ++i) {
SprintfLiteral(chunk, "%.2x", random_name[i]);
name += chunk;
}
std::string subject_name_string = "CN=" + name;
UniqueCERTName subject_name(CERT_AsciiToName(subject_name_string.c_str()));
if (!subject_name) {
return nullptr;
}
unsigned char paramBuf[12]; // OIDs are small
SECItem ecdsaParams = { siBuffer, paramBuf, sizeof(paramBuf) };
SECOidData* oidData = SECOID_FindOIDByTag(SEC_OID_SECG_EC_SECP256R1);
if (!oidData || (oidData->oid.len > (sizeof(paramBuf) - 2))) {
return nullptr;
}
ecdsaParams.data[0] = SEC_ASN1_OBJECT_ID;
ecdsaParams.data[1] = oidData->oid.len;
memcpy(ecdsaParams.data + 2, oidData->oid.data, oidData->oid.len);
ecdsaParams.len = oidData->oid.len + 2;
SECKEYPublicKey *pubkey;
UniqueSECKEYPrivateKey private_key(
PK11_GenerateKeyPair(slot.get(),
CKM_EC_KEY_PAIR_GEN, &ecdsaParams, &pubkey,
PR_FALSE, PR_TRUE, nullptr));
if (private_key == nullptr)
return nullptr;
UniqueSECKEYPublicKey public_key(pubkey);
pubkey = nullptr;
UniqueCERTSubjectPublicKeyInfo spki(
SECKEY_CreateSubjectPublicKeyInfo(public_key.get()));
if (!spki) {
return nullptr;
}
UniqueCERTCertificateRequest certreq(
CERT_CreateCertificateRequest(subject_name.get(), spki.get(), nullptr));
if (!certreq) {
return nullptr;
}
// From 1 day before todayto 30 days after.
// This is a sort of arbitrary range designed to be valid
// now with some slack in case the other side expects
// some before expiry.
//
// Note: explicit casts necessary to avoid
// warning C4307: '*' : integral constant overflow
static const PRTime oneDay = PRTime(PR_USEC_PER_SEC)
* PRTime(60) // sec
* PRTime(60) // min
* PRTime(24); // hours
PRTime now = PR_Now();
PRTime notBefore = now - oneDay;
PRTime notAfter = now + (PRTime(30) * oneDay);
UniqueCERTValidity validity(CERT_CreateValidity(notBefore, notAfter));
if (!validity) {
return nullptr;
}
unsigned long serial;
// Note: This serial in principle could collide, but it's unlikely
rv = PK11_GenerateRandomOnSlot(slot.get(),
reinterpret_cast<unsigned char *>(&serial),
sizeof(serial));
if (rv != SECSuccess) {
return nullptr;
}
UniqueCERTCertificate certificate(
CERT_CreateCertificate(serial, subject_name.get(), validity.get(),
certreq.get()));
if (!certificate) {
return nullptr;
}
PLArenaPool *arena = certificate->arena;
rv = SECOID_SetAlgorithmID(arena, &certificate->signature,
SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE, 0);
if (rv != SECSuccess)
return nullptr;
// Set version to X509v3.
*(certificate->version.data) = SEC_CERTIFICATE_VERSION_3;
certificate->version.len = 1;
SECItem innerDER;
innerDER.len = 0;
innerDER.data = nullptr;
if (!SEC_ASN1EncodeItem(arena, &innerDER, certificate.get(),
SEC_ASN1_GET(CERT_CertificateTemplate))) {
return nullptr;
}
SECItem *signedCert = PORT_ArenaZNew(arena, SECItem);
if (!signedCert) {
return nullptr;
}
rv = SEC_DerSignData(arena, signedCert, innerDER.data, innerDER.len,
private_key.get(),
SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE);
if (rv != SECSuccess) {
return nullptr;
}
certificate->derCert = *signedCert;
RefPtr<DtlsIdentity> identity = new DtlsIdentity(Move(private_key),
Move(certificate),
ssl_kea_ecdh);
return identity.forget();
}
