OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "crypto/ec_private_key.h" | 5 #include "crypto/ec_private_key.h" |
6 | 6 |
7 extern "C" { | 7 extern "C" { |
8 // Work around NSS missing SEC_BEGIN_PROTOS in secmodt.h. This must come before | 8 // Work around NSS missing SEC_BEGIN_PROTOS in secmodt.h. This must come before |
9 // other NSS headers. | 9 // other NSS headers. |
10 #include <secmodt.h> | 10 #include <secmodt.h> |
11 } | 11 } |
12 | 12 |
13 #include <cryptohi.h> | 13 #include <cryptohi.h> |
14 #include <keyhi.h> | 14 #include <keyhi.h> |
15 #include <pk11pub.h> | 15 #include <pk11pub.h> |
16 #include <secmod.h> | 16 #include <secmod.h> |
17 | 17 |
18 #include "base/lazy_instance.h" | |
19 #include "base/logging.h" | 18 #include "base/logging.h" |
20 #include "base/memory/scoped_ptr.h" | 19 #include "base/memory/scoped_ptr.h" |
21 #include "crypto/nss_util.h" | 20 #include "crypto/nss_util.h" |
22 #include "crypto/nss_util_internal.h" | 21 #include "crypto/nss_util_internal.h" |
23 #include "crypto/scoped_nss_types.h" | 22 #include "crypto/scoped_nss_types.h" |
24 #include "crypto/third_party/nss/chromium-nss.h" | 23 #include "crypto/third_party/nss/chromium-nss.h" |
25 | 24 |
26 namespace { | 25 namespace { |
27 | 26 |
28 PK11SlotInfo* GetTempKeySlot() { | |
29 return PK11_GetInternalSlot(); | |
30 } | |
31 | |
32 class EllipticCurveSupportChecker { | |
33 public: | |
34 EllipticCurveSupportChecker() { | |
35 // NOTE: we can do this check here only because we use the NSS internal | |
36 // slot. If we support other slots in the future, checking whether they | |
37 // support ECDSA may block NSS, and the value may also change as devices are | |
38 // inserted/removed, so we would need to re-check on every use. | |
39 crypto::EnsureNSSInit(); | |
40 crypto::ScopedPK11Slot slot(GetTempKeySlot()); | |
41 supported_ = PK11_DoesMechanism(slot.get(), CKM_EC_KEY_PAIR_GEN) && | |
42 PK11_DoesMechanism(slot.get(), CKM_ECDSA); | |
43 } | |
44 | |
45 bool Supported() { | |
46 return supported_; | |
47 } | |
48 | |
49 private: | |
50 bool supported_; | |
51 }; | |
52 | |
53 static base::LazyInstance<EllipticCurveSupportChecker>::Leaky | |
54 g_elliptic_curve_supported = LAZY_INSTANCE_INITIALIZER; | |
55 | |
56 // Copied from rsa_private_key_nss.cc. | 27 // Copied from rsa_private_key_nss.cc. |
57 static bool ReadAttribute(SECKEYPrivateKey* key, | 28 static bool ReadAttribute(SECKEYPrivateKey* key, |
58 CK_ATTRIBUTE_TYPE type, | 29 CK_ATTRIBUTE_TYPE type, |
59 std::vector<uint8>* output) { | 30 std::vector<uint8>* output) { |
60 SECItem item; | 31 SECItem item; |
61 SECStatus rv; | 32 SECStatus rv; |
62 rv = PK11_ReadRawAttribute(PK11_TypePrivKey, key, type, &item); | 33 rv = PK11_ReadRawAttribute(PK11_TypePrivKey, key, type, &item); |
63 if (rv != SECSuccess) { | 34 if (rv != SECSuccess) { |
64 DLOG(ERROR) << "PK11_ReadRawAttribute: " << PORT_GetError(); | 35 DLOG(ERROR) << "PK11_ReadRawAttribute: " << PORT_GetError(); |
65 return false; | 36 return false; |
66 } | 37 } |
67 | 38 |
68 output->assign(item.data, item.data + item.len); | 39 output->assign(item.data, item.data + item.len); |
69 SECITEM_FreeItem(&item, PR_FALSE); | 40 SECITEM_FreeItem(&item, PR_FALSE); |
70 return true; | 41 return true; |
71 } | 42 } |
72 | 43 |
73 } // namespace | 44 } // namespace |
74 | 45 |
75 namespace crypto { | 46 namespace crypto { |
76 | 47 |
77 ECPrivateKey::~ECPrivateKey() { | 48 ECPrivateKey::~ECPrivateKey() { |
78 if (key_) | 49 if (key_) |
79 SECKEY_DestroyPrivateKey(key_); | 50 SECKEY_DestroyPrivateKey(key_); |
80 if (public_key_) | 51 if (public_key_) |
81 SECKEY_DestroyPublicKey(public_key_); | 52 SECKEY_DestroyPublicKey(public_key_); |
82 } | 53 } |
83 | 54 |
84 // static | 55 // static |
85 bool ECPrivateKey::IsSupported() { | |
86 return g_elliptic_curve_supported.Get().Supported(); | |
87 } | |
88 | |
89 // static | |
90 ECPrivateKey* ECPrivateKey::Create() { | 56 ECPrivateKey* ECPrivateKey::Create() { |
91 EnsureNSSInit(); | 57 EnsureNSSInit(); |
92 | 58 |
93 ScopedPK11Slot slot(GetTempKeySlot()); | 59 ScopedPK11Slot slot(PK11_GetInternalSlot()); |
94 if (!slot) | 60 if (!slot) |
95 return nullptr; | 61 return nullptr; |
96 | 62 |
97 scoped_ptr<ECPrivateKey> result(new ECPrivateKey); | 63 scoped_ptr<ECPrivateKey> result(new ECPrivateKey); |
98 | 64 |
99 SECOidData* oid_data = SECOID_FindOIDByTag(SEC_OID_SECG_EC_SECP256R1); | 65 SECOidData* oid_data = SECOID_FindOIDByTag(SEC_OID_SECG_EC_SECP256R1); |
100 if (!oid_data) { | 66 if (!oid_data) { |
101 DLOG(ERROR) << "SECOID_FindOIDByTag: " << PORT_GetError(); | 67 DLOG(ERROR) << "SECOID_FindOIDByTag: " << PORT_GetError(); |
102 return nullptr; | 68 return nullptr; |
103 } | 69 } |
(...skipping 29 matching lines...) Expand all Loading... |
133 return result.release(); | 99 return result.release(); |
134 } | 100 } |
135 | 101 |
136 // static | 102 // static |
137 ECPrivateKey* ECPrivateKey::CreateFromEncryptedPrivateKeyInfo( | 103 ECPrivateKey* ECPrivateKey::CreateFromEncryptedPrivateKeyInfo( |
138 const std::string& password, | 104 const std::string& password, |
139 const std::vector<uint8>& encrypted_private_key_info, | 105 const std::vector<uint8>& encrypted_private_key_info, |
140 const std::vector<uint8>& subject_public_key_info) { | 106 const std::vector<uint8>& subject_public_key_info) { |
141 EnsureNSSInit(); | 107 EnsureNSSInit(); |
142 | 108 |
143 ScopedPK11Slot slot(GetTempKeySlot()); | 109 ScopedPK11Slot slot(PK11_GetInternalSlot()); |
144 if (!slot) | 110 if (!slot) |
145 return nullptr; | 111 return nullptr; |
146 | 112 |
147 scoped_ptr<ECPrivateKey> result(new ECPrivateKey); | 113 scoped_ptr<ECPrivateKey> result(new ECPrivateKey); |
148 | 114 |
149 SECItem encoded_spki = { | 115 SECItem encoded_spki = { |
150 siBuffer, | 116 siBuffer, |
151 const_cast<unsigned char*>(&subject_public_key_info[0]), | 117 const_cast<unsigned char*>(&subject_public_key_info[0]), |
152 static_cast<unsigned>(subject_public_key_info.size()) | 118 static_cast<unsigned>(subject_public_key_info.size()) |
153 }; | 119 }; |
(...skipping 194 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
348 return ReadAttribute(key_, CKA_VALUE, output); | 314 return ReadAttribute(key_, CKA_VALUE, output); |
349 } | 315 } |
350 | 316 |
351 bool ECPrivateKey::ExportECParams(std::vector<uint8>* output) { | 317 bool ECPrivateKey::ExportECParams(std::vector<uint8>* output) { |
352 return ReadAttribute(key_, CKA_EC_PARAMS, output); | 318 return ReadAttribute(key_, CKA_EC_PARAMS, output); |
353 } | 319 } |
354 | 320 |
355 ECPrivateKey::ECPrivateKey() : key_(NULL), public_key_(NULL) {} | 321 ECPrivateKey::ECPrivateKey() : key_(NULL), public_key_(NULL) {} |
356 | 322 |
357 } // namespace crypto | 323 } // namespace crypto |
OLD | NEW |