Index: base/crypto/rsa_private_key_win.cc |
diff --git a/base/crypto/rsa_private_key_win.cc b/base/crypto/rsa_private_key_win.cc |
new file mode 100644 |
index 0000000000000000000000000000000000000000..e963f7f3cc54ef94a0e4fad2c90a875a8bbda13a |
--- /dev/null |
+++ b/base/crypto/rsa_private_key_win.cc |
@@ -0,0 +1,445 @@ |
+// Copyright (c) 2009 The Chromium Authors. All rights reserved. |
+// Use of this source code is governed by a BSD-style license that can be |
+// found in the LICENSE file. |
+ |
+#include "base/crypto/rsa_private_key.h" |
+ |
+#include <list> |
+ |
+#include "base/logging.h" |
+#include "base/scoped_ptr.h" |
+ |
+ |
+// This file manually encodes and decodes RSA private keys using PrivateKeyInfo |
+// from PKCS #8 and RSAPrivateKey from PKCS #1. These structures are: |
+// |
+// PrivateKeyInfo ::= SEQUENCE { |
+// version Version, |
+// privateKeyAlgorithm PrivateKeyAlgorithmIdentifier, |
+// privateKey PrivateKey, |
+// attributes [0] IMPLICIT Attributes OPTIONAL |
+// } |
+// |
+// RSAPrivateKey ::= SEQUENCE { |
+// version Version, |
+// modulus INTEGER, |
+// publicExponent INTEGER, |
+// privateExponent INTEGER, |
+// prime1 INTEGER, |
+// prime2 INTEGER, |
+// exponent1 INTEGER, |
+// exponent2 INTEGER, |
+// coefficient INTEGER |
+// } |
+ |
+ |
+namespace { |
+ |
+// ASN.1 encoding of the AlgorithmIdentifier from PKCS #8. |
+const uint8 kRsaAlgorithmIdentifier[] = { |
+ 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, |
+ 0x05, 0x00 |
+}; |
+ |
+// ASN.1 tags for some types we use. |
+const uint8 kSequenceTag = 0x30; |
+const uint8 kIntegerTag = 0x02; |
+const uint8 kNullTag = 0x05; |
+const uint8 kOctetStringTag = 0x04; |
+ |
+// Helper function to prepend an array of bytes into a list, reversing their |
+// order. This is needed because ASN.1 integers are big-endian, while CryptoAPI |
+// uses little-endian. |
+static void PrependBytesInReverseOrder(uint8* val, int num_bytes, |
+ std::list<uint8>* data) { |
+ for (int i = 0; i < num_bytes; ++i) |
+ data->push_front(val[i]); |
+} |
+ |
+// Helper to prepend an ASN.1 length field. |
+static void PrependLength(size_t size, std::list<uint8>* data) { |
+ // The high bit is used to indicate whether additional octets are needed to |
+ // represent the length. |
+ if (size < 0x80) { |
+ data->push_front(static_cast<uint8>(size)); |
+ } else { |
+ uint8 num_bytes = 0; |
+ while (size > 0) { |
+ data->push_front(static_cast<uint8>(size & 0xFF)); |
+ size >>= 8; |
+ num_bytes++; |
+ } |
+ CHECK(num_bytes <= 4); |
+ data->push_front(0x80 | num_bytes); |
+ } |
+} |
+ |
+// Helper to prepend an ASN.1 type header. |
+static void PrependTypeHeaderAndLength(uint8 type, uint32 length, |
+ std::list<uint8>* output) { |
+ PrependLength(length, output); |
+ output->push_front(type); |
+} |
+ |
+// Helper to prepend an ASN.1 integer. |
+static void PrependInteger(uint8* val, int num_bytes, std::list<uint8>* data) { |
+ // If the MSB is set, we need an extra null byte at the front. |
+ bool needs_null_byte = !(val[num_bytes - 1] & 0x80); |
+ int length = needs_null_byte ? num_bytes + 1 : num_bytes; |
+ |
+ PrependBytesInReverseOrder(val, num_bytes, data); |
+ |
+ // Add a null byte to force the integer to be positive if necessary. |
+ if (needs_null_byte) |
+ data->push_front(0x00); |
+ |
+ PrependTypeHeaderAndLength(kIntegerTag, length, data); |
+} |
+ |
+// Helper for error handling during key import. |
+#define READ_ASSERT(truth) \ |
+ if (!(truth)) { \ |
+ NOTREACHED(); \ |
+ return false; \ |
+ } |
+ |
+// Read an ASN.1 length field. This also checks that the length does not extend |
+// beyond |end|. |
+static bool ReadLength(uint8** pos, uint8* end, uint32* result) { |
+ READ_ASSERT(*pos < end); |
+ int length = 0; |
+ |
+ // If the MSB is not set, the length is just the byte itself. |
+ if (!(**pos & 0x80)) { |
+ length = **pos; |
+ (*pos)++; |
+ } else { |
+ // Otherwise, the lower 7 indicate the length of the length. |
+ int length_of_length = **pos & 0x7F; |
+ READ_ASSERT(length_of_length <= 4); |
+ (*pos)++; |
+ READ_ASSERT(*pos + length_of_length < end); |
+ |
+ length = 0; |
+ for (int i = 0; i < length_of_length; ++i) { |
+ length <<= 8; |
+ length |= **pos; |
+ (*pos)++; |
+ } |
+ } |
+ |
+ READ_ASSERT(*pos + length <= end); |
+ if (result) *result = length; |
+ return true; |
+} |
+ |
+// Read an ASN.1 type header and its length. |
+static bool ReadTypeHeaderAndLength(uint8** pos, uint8* end, |
+ uint8 expected_tag, uint32* length) { |
+ READ_ASSERT(*pos < end); |
+ READ_ASSERT(**pos == expected_tag); |
+ (*pos)++; |
+ |
+ return ReadLength(pos, end, length); |
+} |
+ |
+// Read an ASN.1 sequence declaration. This consumes the type header and length |
+// field, but not the contents of the sequence. |
+static bool ReadSequence(uint8** pos, uint8* end) { |
+ return ReadTypeHeaderAndLength(pos, end, kSequenceTag, NULL); |
+} |
+ |
+// Read the RSA AlgorithmIdentifier. |
+static bool ReadAlgorithmIdentifier(uint8** pos, uint8* end) { |
+ READ_ASSERT(*pos + sizeof(kRsaAlgorithmIdentifier) < end); |
+ READ_ASSERT(memcmp(*pos, kRsaAlgorithmIdentifier, |
+ sizeof(kRsaAlgorithmIdentifier)) == 0); |
+ (*pos) += sizeof(kRsaAlgorithmIdentifier); |
+ return true; |
+} |
+ |
+// Read one of the two version fields in PrivateKeyInfo. |
+static bool ReadVersion(uint8** pos, uint8* end) { |
+ uint32 length = 0; |
+ if (!ReadTypeHeaderAndLength(pos, end, kIntegerTag, &length)) |
+ return false; |
+ |
+ // The version should be zero. |
+ for (uint32 i = 0; i < length; ++i) { |
+ READ_ASSERT(**pos == 0x00); |
+ (*pos)++; |
+ } |
+ |
+ return true; |
+} |
+ |
+// Read an ASN.1 integer. |
+static bool ReadInteger(uint8** pos, uint8* end, std::vector<uint8>* out) { |
+ uint32 length = 0; |
+ if (!ReadTypeHeaderAndLength(pos, end, kIntegerTag, &length)) |
+ return false; |
+ |
+ // Read the bytes out in reverse order because of endianness. |
+ for (uint32 i = length - 1; i > 0; --i) |
+ out->push_back(*(*pos + i)); |
+ |
+ // The last byte can be zero to force positiveness. We can ignore this. |
+ if (**pos != 0x00) |
+ out->push_back(**pos); |
+ |
+ (*pos) += length; |
+ return true; |
+} |
+ |
+} // namespace |
+ |
+ |
+namespace base { |
+ |
+// static |
+RSAPrivateKey* RSAPrivateKey::Create(uint16 num_bits) { |
+ scoped_ptr<RSAPrivateKey> result(new RSAPrivateKey); |
+ if (!result->InitProvider()) |
+ return NULL; |
+ |
+ DWORD flags = CRYPT_EXPORTABLE; |
+ |
+ // The size is encoded as the upper 16 bits of the flags. :: sigh ::. |
+ flags |= (num_bits << 16); |
+ if (!CryptGenKey(result->provider_, CALG_RSA_SIGN, flags, &result->key_)) |
+ return NULL; |
+ |
+ return result.release(); |
+} |
+ |
+// static |
+RSAPrivateKey* RSAPrivateKey::CreateFromPrivateKeyInfo( |
+ const std::vector<uint8>& input) { |
+ scoped_ptr<RSAPrivateKey> result(new RSAPrivateKey); |
+ if (!result->InitProvider()) |
+ return NULL; |
+ |
+ uint8* src = const_cast<uint8*>(&input.front()); |
+ uint8* end = src + input.size(); |
+ int version = -1; |
+ std::vector<uint8> modulus; |
+ std::vector<uint8> public_exponent; |
+ std::vector<uint8> private_exponent; |
+ std::vector<uint8> prime1; |
+ std::vector<uint8> prime2; |
+ std::vector<uint8> exponent1; |
+ std::vector<uint8> exponent2; |
+ std::vector<uint8> coefficient; |
+ |
+ if (!ReadSequence(&src, end) || |
+ !ReadVersion(&src, end) || |
+ !ReadAlgorithmIdentifier(&src, end) || |
+ !ReadTypeHeaderAndLength(&src, end, kOctetStringTag, NULL) || |
+ !ReadSequence(&src, end) || |
+ !ReadVersion(&src, end) || |
+ !ReadInteger(&src, end, &modulus) || |
+ !ReadInteger(&src, end, &public_exponent) || |
+ !ReadInteger(&src, end, &private_exponent) || |
+ !ReadInteger(&src, end, &prime1) || |
+ !ReadInteger(&src, end, &prime2) || |
+ !ReadInteger(&src, end, &exponent1) || |
+ !ReadInteger(&src, end, &exponent2) || |
+ !ReadInteger(&src, end, &coefficient)) |
+ return false; |
+ |
+ READ_ASSERT(src == end); |
+ |
+ int blob_size = sizeof(PUBLICKEYSTRUC) + sizeof(RSAPUBKEY) + modulus.size() + |
+ prime1.size() + prime2.size() + |
+ exponent1.size() + exponent2.size() + |
+ coefficient.size() + private_exponent.size(); |
+ scoped_array<BYTE> blob(new BYTE[blob_size]); |
+ |
+ uint8* dest = blob.get(); |
+ PUBLICKEYSTRUC* public_key_struc = reinterpret_cast<PUBLICKEYSTRUC*>(dest); |
+ public_key_struc->bType = PRIVATEKEYBLOB; |
+ public_key_struc->bVersion = 0x02; |
+ public_key_struc->reserved = 0; |
+ public_key_struc->aiKeyAlg = CALG_RSA_SIGN; |
+ dest += sizeof(PUBLICKEYSTRUC); |
+ |
+ RSAPUBKEY* rsa_pub_key = reinterpret_cast<RSAPUBKEY*>(dest); |
+ rsa_pub_key->magic = 0x32415352; |
+ rsa_pub_key->bitlen = modulus.size() * 8; |
+ int public_exponent_int = 0; |
+ for (size_t i = public_exponent.size(); i > 0; --i) { |
+ public_exponent_int <<= 8; |
+ public_exponent_int |= public_exponent[i - 1]; |
+ } |
+ rsa_pub_key->pubexp = public_exponent_int; |
+ dest += sizeof(RSAPUBKEY); |
+ |
+ memcpy(dest, &modulus.front(), modulus.size()); |
+ dest += modulus.size(); |
+ memcpy(dest, &prime1.front(), prime1.size()); |
+ dest += prime1.size(); |
+ memcpy(dest, &prime2.front(), prime2.size()); |
+ dest += prime2.size(); |
+ memcpy(dest, &exponent1.front(), exponent1.size()); |
+ dest += exponent1.size(); |
+ memcpy(dest, &exponent2.front(), exponent2.size()); |
+ dest += exponent2.size(); |
+ memcpy(dest, &coefficient.front(), coefficient.size()); |
+ dest += coefficient.size(); |
+ memcpy(dest, &private_exponent.front(), private_exponent.size()); |
+ dest += private_exponent.size(); |
+ |
+ READ_ASSERT(dest == blob.get() + blob_size); |
+ if (!CryptImportKey( |
+ result->provider_, reinterpret_cast<uint8*>(public_key_struc), blob_size, |
+ NULL, CRYPT_EXPORTABLE, &result->key_)) { |
+ return NULL; |
+ } |
+ |
+ return result.release(); |
+} |
+ |
+RSAPrivateKey::RSAPrivateKey() : provider_(NULL), key_(NULL) {} |
+ |
+RSAPrivateKey::~RSAPrivateKey() { |
+ if (key_) { |
+ if (!CryptDestroyKey(key_)) |
+ NOTREACHED(); |
+ } |
+ |
+ if (provider_) { |
+ if (!CryptReleaseContext(provider_, 0)) |
+ NOTREACHED(); |
+ } |
+} |
+ |
+bool RSAPrivateKey::InitProvider() { |
+ return FALSE != CryptAcquireContext(&provider_, NULL, NULL, |
+ PROV_RSA_FULL, CRYPT_VERIFYCONTEXT); |
+} |
+ |
+bool RSAPrivateKey::ExportPrivateKey(std::vector<uint8>* output) { |
+ // Export the key |
+ DWORD blob_length = 0; |
+ if (!CryptExportKey(key_, NULL, PRIVATEKEYBLOB, 0, NULL, &blob_length)) { |
+ NOTREACHED(); |
+ return false; |
+ } |
+ |
+ scoped_array<uint8> blob(new uint8[blob_length]); |
+ if (!CryptExportKey(key_, NULL, PRIVATEKEYBLOB, 0, blob.get(), |
+ &blob_length)) { |
+ NOTREACHED(); |
+ return false; |
+ } |
+ |
+ uint8* pos = blob.get(); |
+ PUBLICKEYSTRUC *publickey_struct = reinterpret_cast<PUBLICKEYSTRUC*>(pos); |
+ pos += sizeof(PUBLICKEYSTRUC); |
+ |
+ RSAPUBKEY *rsa_pub_key = reinterpret_cast<RSAPUBKEY*>(pos); |
+ pos += sizeof(RSAPUBKEY); |
+ |
+ int mod_size = rsa_pub_key->bitlen / 8; |
+ int primes_size = rsa_pub_key->bitlen / 16; |
+ int exponents_size = primes_size; |
+ int coefficient_size = primes_size; |
+ int private_exponent_size = mod_size; |
+ |
+ uint8* modulus = pos; |
+ pos += mod_size; |
+ |
+ uint8* prime1 = pos; |
+ pos += primes_size; |
+ uint8* prime2 = pos; |
+ pos += primes_size; |
+ |
+ uint8* exponent1 = pos; |
+ pos += exponents_size; |
+ uint8* exponent2 = pos; |
+ pos += exponents_size; |
+ |
+ uint8* coefficient = pos; |
+ pos += coefficient_size; |
+ |
+ uint8* private_exponent = pos; |
+ pos += private_exponent_size; |
+ |
+ CHECK((pos - blob_length) == reinterpret_cast<BYTE*>(publickey_struct)); |
+ |
+ std::list<uint8> content; |
+ |
+ // Version (always zero) |
+ uint8 version = 0; |
+ |
+ // We build up the output in reverse order to prevent having to do copies to |
+ // figure out the length. |
+ PrependInteger(coefficient, coefficient_size, &content); |
+ PrependInteger(exponent2, exponents_size, &content); |
+ PrependInteger(exponent1, exponents_size, &content); |
+ PrependInteger(prime2, primes_size, &content); |
+ PrependInteger(prime1, primes_size, &content); |
+ PrependInteger(private_exponent, private_exponent_size, &content); |
+ PrependInteger(reinterpret_cast<uint8*>(&rsa_pub_key->pubexp), 4, &content); |
+ PrependInteger(modulus, mod_size, &content); |
+ PrependInteger(&version, 1, &content); |
+ PrependTypeHeaderAndLength(kSequenceTag, content.size(), &content); |
+ PrependTypeHeaderAndLength(kOctetStringTag, content.size(), &content); |
+ |
+ // RSA algorithm OID |
+ for (size_t i = sizeof(kRsaAlgorithmIdentifier); i > 0; --i) |
+ content.push_front(kRsaAlgorithmIdentifier[i - 1]); |
+ |
+ PrependInteger(&version, 1, &content); |
+ PrependTypeHeaderAndLength(kSequenceTag, content.size(), &content); |
+ |
+ // Copy everying into the output. |
+ output->reserve(content.size()); |
+ for (std::list<uint8>::iterator i = content.begin(); i != content.end(); ++i) |
+ output->push_back(*i); |
+ |
+ return true; |
+} |
+ |
+bool RSAPrivateKey::ExportPublicKey(std::vector<uint8>* output) { |
+ DWORD key_info_len; |
+ if (!CryptExportPublicKeyInfo( |
+ provider_, AT_SIGNATURE, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, |
+ NULL, &key_info_len)) { |
+ NOTREACHED(); |
+ return false; |
+ } |
+ |
+ scoped_array<uint8> key_info(new uint8[key_info_len]); |
+ if (!CryptExportPublicKeyInfo( |
+ provider_, AT_SIGNATURE, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, |
+ reinterpret_cast<CERT_PUBLIC_KEY_INFO*>(key_info.get()), &key_info_len)) { |
+ NOTREACHED(); |
+ return false; |
+ } |
+ |
+ DWORD encoded_length; |
+ if (!CryptEncodeObject( |
+ X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, X509_PUBLIC_KEY_INFO, |
+ reinterpret_cast<CERT_PUBLIC_KEY_INFO*>(key_info.get()), NULL, |
+ &encoded_length)) { |
+ NOTREACHED(); |
+ return false; |
+ } |
+ |
+ scoped_array<BYTE> encoded(new BYTE[encoded_length]); |
+ if (!CryptEncodeObject( |
+ X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, X509_PUBLIC_KEY_INFO, |
+ reinterpret_cast<CERT_PUBLIC_KEY_INFO*>(key_info.get()), encoded.get(), |
+ &encoded_length)) { |
+ NOTREACHED(); |
+ return false; |
+ } |
+ |
+ for (size_t i = 0; i < encoded_length; ++i) |
+ output->push_back(encoded[i]); |
+ |
+ return true; |
+} |
+ |
+} // namespace base |