Add ECPrivateKey for Elliptic Curve keypair generation.

crypto/third_party/nss/ec.cc

Index: crypto/third_party/nss/ec.cc
diff --git a/crypto/third_party/nss/ec.cc b/crypto/third_party/nss/ec.cc
new file mode 100644
index 0000000000000000000000000000000000000000..c5afc44a0e464a1bd9504d26aeb8c29fa497eb8d
--- /dev/null
+++ b/crypto/third_party/nss/ec.cc
@@ -0,0 +1,96 @@
+ /* ***** BEGIN LICENSE BLOCK *****
+  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+  *
+  * The contents of this file are subject to the Mozilla Public License Version
+  * 1.1 (the "License"); you may not use this file except in compliance with
+  * the License. You may obtain a copy of the License at
+  * http://www.mozilla.org/MPL/
+  *
+  * Software distributed under the License is distributed on an "AS IS" basis,
+  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+  * for the specific language governing rights and limitations under the
+  * License.
+  *
+  * The Original Code is the Netscape security libraries.
+  *
+  * The Initial Developer of the Original Code is
+  * Netscape Communications Corporation.
+  * Portions created by the Initial Developer are Copyright (C) 1994-2000
+  * the Initial Developer. All Rights Reserved.
+  *
+  * Contributor(s):
+  *   Dr Stephen Henson <stephen.henson@gemplus.com>
+  *   Dr Vipul Gupta <vipul.gupta@sun.com>, and
+  *   Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories

[Ryan Sleevi, 2011/11/04 03:21:25]

Does any of this license truly apply?

[mattm, 2011/11/08 02:12:27]

This is the license block from pk11akey.c

+  *
+  * Alternatively, the contents of this file may be used under the terms of
+  * either the GNU General Public License Version 2 or later (the "GPL"), or
+  * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+  * in which case the provisions of the GPL or the LGPL are applicable instead
+  * of those above. If you wish to allow use of your version of this file only
+  * under the terms of either the GPL or the LGPL, and not to allow others to
+  * use your version of this file under the terms of the MPL, indicate your
+  * decision by deleting the provisions above and replace them with the notice
+  * and other provisions required by the GPL or the LGPL. If you do not delete
+  * the provisions above, a recipient may use your version of this file under
+  * the terms of any one of the MPL, the GPL or the LGPL.
+  *
+  * ***** END LICENSE BLOCK ***** */
+
+#include "crypto/third_party/nss/ec.h"
+
+#include <pk11pub.h>
+
+#include "base/logging.h"
+
+SECStatus ImportEncryptedECPrivateKeyInfoAndReturnKey(

[wtc, 2011/11/04 22:41:26]

Please add a comment to note this is based on the
PK11_ImportEncryptedPrivateKeyInfo function in
mozilla/security/nss/lib/pk11wrap/pk11akey.c.

[mattm, 2011/11/08 02:12:27]

Done.

+    PK11SlotInfo* slot,
+    SECKEYEncryptedPrivateKeyInfo* epki,
+    SECItem* password,
+    SECItem* nickname,
+    SECItem* public_value,
+    PRBool permanent,
+    PRBool sensitive,
+    SECKEYPrivateKey** private_key,
+    void* wincx) {
+  SECItem* crypto_param = NULL;
+
+  CK_ATTRIBUTE_TYPE usage = CKA_SIGN;
+
+  PK11SymKey* key = PK11_PBEKeyGen(slot,
+                                   &epki->algorithm,
+                                   password,
+                                   PR_FALSE,  // faulty3DES
+                                   wincx);
+  if (key == NULL) {
+    NOTREACHED() << "PK11_PBEKeyGen error: " << PORT_GetError();
+    return SECFailure;
+  }
+
+  CK_MECHANISM_TYPE crypto_mech_type = PK11_GetPBECryptoMechanism(
+      &epki->algorithm, &crypto_param, password);
+  if (crypto_mech_type == CKM_INVALID_MECHANISM) {
+    NOTREACHED() << "PK11_GetPBECryptoMechanism error: " << PORT_GetError();
+    PK11_FreeSymKey(key);
+    return SECFailure;
+  }
+
+  crypto_mech_type = PK11_GetPadMechanism(crypto_mech_type);
+
+  *private_key = PK11_UnwrapPrivKey(slot, key, crypto_mech_type, crypto_param,
+                                    &epki->encryptedData, nickname,
+                                    public_value, permanent, sensitive, CKK_EC,
+                                    &usage, 1, wincx);
+
+  if (crypto_param != NULL)
+    SECITEM_ZfreeItem(crypto_param, PR_TRUE);
+
+  PK11_FreeSymKey(key);
+
+  if (!*private_key) {
+    DLOG(ERROR) << "PK11_UnwrapPrivKey error: " << PORT_GetError();
+    return SECFailure;
+  }
+
+  return SECSuccess;
+}