Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(188)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: base/crypto/rsa_private_key_nss.cc

Issue 219013: Revert "Linux (nss) implementations of RSAPrivateKey and SignatureCreator" (Closed)
Patch Set: Created 11 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « base/crypto/rsa_private_key.h ('k') | base/crypto/signature_creator.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright (c) 2009 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "base/crypto/rsa_private_key.h"
6
7 #include <cryptohi.h>
8 #include <keyhi.h>
9 #include <pk11pub.h>
10
11 #include <iostream>
12 #include <list>
13
14 #include "base/logging.h"
15 #include "base/nss_init.h"
16 #include "base/scoped_ptr.h"
17 #include "base/string_util.h"
18
19 // TODO(rafaelw): Consider refactoring common functions and definitions from
20 // rsa_private_key_win.cc or using NSS's ASN.1 encoder.
21 namespace {
22
23 // ASN.1 encoding of the AlgorithmIdentifier from PKCS #8.
24 const uint8 kRsaAlgorithmIdentifier[] = {
25 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01,
26 0x05, 0x00
27 };
28
29 // ASN.1 tags for some types we use.
30 const uint8 kSequenceTag = 0x30;
31 const uint8 kIntegerTag = 0x02;
32 const uint8 kNullTag = 0x05;
33 const uint8 kOctetStringTag = 0x04;
34
35 static void PrependBytesInOrder(uint8* val, int start, int num_bytes,
36 std::list<uint8>* data) {
37 while(num_bytes > start) {
38 --num_bytes;
39 data->push_front(val[num_bytes]);
40 }
41 }
42
43 // Helper to prepend an ASN.1 length field.
44 static void PrependLength(size_t size, std::list<uint8>* data) {
45 // The high bit is used to indicate whether additional octets are needed to
46 // represent the length.
47 if (size < 0x80) {
48 data->push_front(static_cast<uint8>(size));
49 } else {
50 uint8 num_bytes = 0;
51 while (size > 0) {
52 data->push_front(static_cast<uint8>(size & 0xFF));
53 size >>= 8;
54 num_bytes++;
55 }
56 CHECK(num_bytes <= 4);
57 data->push_front(0x80 | num_bytes);
58 }
59 }
60
61 // Helper to prepend an ASN.1 type header.
62 static void PrependTypeHeaderAndLength(uint8 type, uint32 length,
63 std::list<uint8>* output) {
64 PrependLength(length, output);
65 output->push_front(type);
66 }
67
68 // Helper to prepend an ASN.1 integer.
69 static void PrependInteger(uint8* val, int num_bytes, std::list<uint8>* data) {
70 // ASN.1 integers are unpadded byte arrays, so skip any null padding bytes
71 // from the most-significant end of the integer.
72 int start = 0;
73 while (start < (num_bytes - 1) && val[start] == 0x00)
74 start++;
75
76 PrependBytesInOrder(val, start, num_bytes, data);
77
78 // ASN.1 integers are signed. To encode a positive integer whose sign bit
79 // (the most significant bit) would otherwise be set and make the number
80 // negative, ASN.1 requires a leading null byte to force the integer to be
81 // positive.
82 if ((val[start] & 0x80) != 0) {
83 data->push_front(0x00);
84 num_bytes++;
85 }
86
87 PrependTypeHeaderAndLength(kIntegerTag, num_bytes, data);
88 }
89
90 static bool ReadAttributeAndPrependInteger(SECKEYPrivateKey* key,
91 CK_ATTRIBUTE_TYPE type,
92 std::list<uint8>* output) {
93 SECItem item;
94 SECStatus rv;
95 rv = PK11_ReadRawAttribute(PK11_TypePrivKey, key, type, &item);
96 if (rv != SECSuccess) {
97 NOTREACHED();
98 return false;
99 }
100
101 PrependInteger(item.data, item.len, output);
102 SECITEM_FreeItem(&item, PR_FALSE);
103 return true;
104 }
105
106 } // namespace
107
108
109 namespace base {
110
111 // static
112 RSAPrivateKey* RSAPrivateKey::Create(uint16 num_bits) {
113 scoped_ptr<RSAPrivateKey> result(new RSAPrivateKey);
114
115 PK11SlotInfo *slot = PK11_GetInternalSlot();
116 if (!slot)
117 return NULL;
118
119 PK11RSAGenParams param;
120 param.keySizeInBits = num_bits;
121 param.pe = 65537L;
122 result->key_ = PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN, &param,
123 &result->public_key_, PR_FALSE, PR_FALSE, NULL);
124 PK11_FreeSlot(slot);
125 if (!result->key_)
126 return NULL;
127
128 return result.release();
129 }
130
131 // static
132 RSAPrivateKey* RSAPrivateKey::CreateFromPrivateKeyInfo(
133 const std::vector<uint8>& input) {
134 scoped_ptr<RSAPrivateKey> result(new RSAPrivateKey);
135
136 PK11SlotInfo *slot = PK11_GetInternalSlot();
137 if (!slot)
138 return NULL;
139
140 SECItem der_private_key_info;
141 der_private_key_info.data = const_cast<unsigned char*>(&input.front());
142 der_private_key_info.len = input.size();
143 SECStatus rv = PK11_ImportDERPrivateKeyInfoAndReturnKey(slot,
144 &der_private_key_info, NULL, NULL, PR_FALSE, PR_FALSE,
145 KU_DIGITAL_SIGNATURE, &result->key_, NULL);
146 PK11_FreeSlot(slot);
147 if (rv != SECSuccess) {
148 NOTREACHED();
149 return NULL;
150 }
151
152 result->public_key_ = SECKEY_ConvertToPublicKey(result->key_);
153 if (!result->public_key_) {
154 NOTREACHED();
155 return NULL;
156 }
157
158 return result.release();
159 }
160
161 RSAPrivateKey::RSAPrivateKey() : key_(NULL), public_key_(NULL) {
162 EnsureNSSInit();
163 }
164
165 RSAPrivateKey::~RSAPrivateKey() {
166 if (key_)
167 SECKEY_DestroyPrivateKey(key_);
168 if (public_key_)
169 SECKEY_DestroyPublicKey(public_key_);
170 }
171
172 bool RSAPrivateKey::ExportPrivateKey(std::vector<uint8>* output) {
173 std::list<uint8> content;
174
175 // Version (always zero)
176 uint8 version = 0;
177
178 // Manually read the component attributes of the private key and build up the
179 // output in reverse order to prevent having to do copies to figure out the
180 // length.
181 if (!ReadAttributeAndPrependInteger(key_, CKA_COEFFICIENT, &content) ||
182 !ReadAttributeAndPrependInteger(key_, CKA_EXPONENT_2, &content) ||
183 !ReadAttributeAndPrependInteger(key_, CKA_EXPONENT_1, &content) ||
184 !ReadAttributeAndPrependInteger(key_, CKA_PRIME_2, &content) ||
185 !ReadAttributeAndPrependInteger(key_, CKA_PRIME_1, &content) ||
186 !ReadAttributeAndPrependInteger(key_, CKA_PRIVATE_EXPONENT, &content) ||
187 !ReadAttributeAndPrependInteger(key_, CKA_PUBLIC_EXPONENT, &content) ||
188 !ReadAttributeAndPrependInteger(key_, CKA_MODULUS, &content)) {
189 NOTREACHED();
190 return false;
191 }
192 PrependInteger(&version, 1, &content);
193 PrependTypeHeaderAndLength(kSequenceTag, content.size(), &content);
194 PrependTypeHeaderAndLength(kOctetStringTag, content.size(), &content);
195
196 // RSA algorithm OID
197 for (size_t i = sizeof(kRsaAlgorithmIdentifier); i > 0; --i)
198 content.push_front(kRsaAlgorithmIdentifier[i - 1]);
199
200 PrependInteger(&version, 1, &content);
201 PrependTypeHeaderAndLength(kSequenceTag, content.size(), &content);
202
203 // Copy everying into the output.
204 output->reserve(content.size());
205 for (std::list<uint8>::iterator i = content.begin(); i != content.end(); ++i)
206 output->push_back(*i);
207
208 return true;
209 }
210
211 bool RSAPrivateKey::ExportPublicKey(std::vector<uint8>* output) {
212 SECItem* der_pubkey = PK11_DEREncodePublicKey(public_key_);
213 if (!der_pubkey) {
214 NOTREACHED();
215 return false;
216 }
217
218 for (size_t i = 0; i < der_pubkey->len; ++i)
219 output->push_back(der_pubkey->data[i]);
220
221 SECITEM_FreeItem(der_pubkey, PR_TRUE);
222 return true;
223 }
224
225 } // namespace base
OLDNEW
« no previous file with comments | « base/crypto/rsa_private_key.h ('k') | base/crypto/signature_creator.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698