| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "crypto/ec_private_key.h" | 5 #include "crypto/ec_private_key.h" |
| 6 | 6 |
| 7 extern "C" { | 7 extern "C" { |
| 8 // Work around NSS missing SEC_BEGIN_PROTOS in secmodt.h. This must come before | 8 // Work around NSS missing SEC_BEGIN_PROTOS in secmodt.h. This must come before |
| 9 // other NSS headers. | 9 // other NSS headers. |
| 10 #include <secmodt.h> | 10 #include <secmodt.h> |
| 11 } | 11 } |
| 12 | 12 |
| 13 #include <cryptohi.h> | 13 #include <cryptohi.h> |
| 14 #include <keyhi.h> | 14 #include <keyhi.h> |
| 15 #include <pk11pub.h> | 15 #include <pk11pub.h> |
| 16 #include <secmod.h> | 16 #include <secmod.h> |
| 17 | 17 |
| 18 #include "base/lazy_instance.h" | |
| 19 #include "base/logging.h" | 18 #include "base/logging.h" |
| 20 #include "base/memory/scoped_ptr.h" | 19 #include "base/memory/scoped_ptr.h" |
| 21 #include "crypto/nss_util.h" | 20 #include "crypto/nss_util.h" |
| 22 #include "crypto/nss_util_internal.h" | 21 #include "crypto/nss_util_internal.h" |
| 23 #include "crypto/scoped_nss_types.h" | 22 #include "crypto/scoped_nss_types.h" |
| 24 #include "crypto/third_party/nss/chromium-nss.h" | 23 #include "crypto/third_party/nss/chromium-nss.h" |
| 25 | 24 |
| 26 namespace { | 25 namespace { |
| 27 | 26 |
| 28 PK11SlotInfo* GetTempKeySlot() { | |
| 29 return PK11_GetInternalSlot(); | |
| 30 } | |
| 31 | |
| 32 class EllipticCurveSupportChecker { | |
| 33 public: | |
| 34 EllipticCurveSupportChecker() { | |
| 35 // NOTE: we can do this check here only because we use the NSS internal | |
| 36 // slot. If we support other slots in the future, checking whether they | |
| 37 // support ECDSA may block NSS, and the value may also change as devices are | |
| 38 // inserted/removed, so we would need to re-check on every use. | |
| 39 crypto::EnsureNSSInit(); | |
| 40 crypto::ScopedPK11Slot slot(GetTempKeySlot()); | |
| 41 supported_ = PK11_DoesMechanism(slot.get(), CKM_EC_KEY_PAIR_GEN) && | |
| 42 PK11_DoesMechanism(slot.get(), CKM_ECDSA); | |
| 43 } | |
| 44 | |
| 45 bool Supported() { | |
| 46 return supported_; | |
| 47 } | |
| 48 | |
| 49 private: | |
| 50 bool supported_; | |
| 51 }; | |
| 52 | |
| 53 static base::LazyInstance<EllipticCurveSupportChecker>::Leaky | |
| 54 g_elliptic_curve_supported = LAZY_INSTANCE_INITIALIZER; | |
| 55 | |
| 56 // Copied from rsa_private_key_nss.cc. | 27 // Copied from rsa_private_key_nss.cc. |
| 57 static bool ReadAttribute(SECKEYPrivateKey* key, | 28 static bool ReadAttribute(SECKEYPrivateKey* key, |
| 58 CK_ATTRIBUTE_TYPE type, | 29 CK_ATTRIBUTE_TYPE type, |
| 59 std::vector<uint8>* output) { | 30 std::vector<uint8>* output) { |
| 60 SECItem item; | 31 SECItem item; |
| 61 SECStatus rv; | 32 SECStatus rv; |
| 62 rv = PK11_ReadRawAttribute(PK11_TypePrivKey, key, type, &item); | 33 rv = PK11_ReadRawAttribute(PK11_TypePrivKey, key, type, &item); |
| 63 if (rv != SECSuccess) { | 34 if (rv != SECSuccess) { |
| 64 DLOG(ERROR) << "PK11_ReadRawAttribute: " << PORT_GetError(); | 35 DLOG(ERROR) << "PK11_ReadRawAttribute: " << PORT_GetError(); |
| 65 return false; | 36 return false; |
| 66 } | 37 } |
| 67 | 38 |
| 68 output->assign(item.data, item.data + item.len); | 39 output->assign(item.data, item.data + item.len); |
| 69 SECITEM_FreeItem(&item, PR_FALSE); | 40 SECITEM_FreeItem(&item, PR_FALSE); |
| 70 return true; | 41 return true; |
| 71 } | 42 } |
| 72 | 43 |
| 73 } // namespace | 44 } // namespace |
| 74 | 45 |
| 75 namespace crypto { | 46 namespace crypto { |
| 76 | 47 |
| 77 ECPrivateKey::~ECPrivateKey() { | 48 ECPrivateKey::~ECPrivateKey() { |
| 78 if (key_) | 49 if (key_) |
| 79 SECKEY_DestroyPrivateKey(key_); | 50 SECKEY_DestroyPrivateKey(key_); |
| 80 if (public_key_) | 51 if (public_key_) |
| 81 SECKEY_DestroyPublicKey(public_key_); | 52 SECKEY_DestroyPublicKey(public_key_); |
| 82 } | 53 } |
| 83 | 54 |
| 84 // static | 55 // static |
| 85 bool ECPrivateKey::IsSupported() { | |
| 86 return g_elliptic_curve_supported.Get().Supported(); | |
| 87 } | |
| 88 | |
| 89 // static | |
| 90 ECPrivateKey* ECPrivateKey::Create() { | 56 ECPrivateKey* ECPrivateKey::Create() { |
| 91 EnsureNSSInit(); | 57 EnsureNSSInit(); |
| 92 | 58 |
| 93 ScopedPK11Slot slot(GetTempKeySlot()); | 59 ScopedPK11Slot slot(PK11_GetInternalSlot()); |
| 94 if (!slot) | 60 if (!slot) |
| 95 return nullptr; | 61 return nullptr; |
| 96 | 62 |
| 97 scoped_ptr<ECPrivateKey> result(new ECPrivateKey); | 63 scoped_ptr<ECPrivateKey> result(new ECPrivateKey); |
| 98 | 64 |
| 99 SECOidData* oid_data = SECOID_FindOIDByTag(SEC_OID_SECG_EC_SECP256R1); | 65 SECOidData* oid_data = SECOID_FindOIDByTag(SEC_OID_SECG_EC_SECP256R1); |
| 100 if (!oid_data) { | 66 if (!oid_data) { |
| 101 DLOG(ERROR) << "SECOID_FindOIDByTag: " << PORT_GetError(); | 67 DLOG(ERROR) << "SECOID_FindOIDByTag: " << PORT_GetError(); |
| 102 return nullptr; | 68 return nullptr; |
| 103 } | 69 } |
| (...skipping 29 matching lines...) Expand all Loading... |
| 133 return result.release(); | 99 return result.release(); |
| 134 } | 100 } |
| 135 | 101 |
| 136 // static | 102 // static |
| 137 ECPrivateKey* ECPrivateKey::CreateFromEncryptedPrivateKeyInfo( | 103 ECPrivateKey* ECPrivateKey::CreateFromEncryptedPrivateKeyInfo( |
| 138 const std::string& password, | 104 const std::string& password, |
| 139 const std::vector<uint8>& encrypted_private_key_info, | 105 const std::vector<uint8>& encrypted_private_key_info, |
| 140 const std::vector<uint8>& subject_public_key_info) { | 106 const std::vector<uint8>& subject_public_key_info) { |
| 141 EnsureNSSInit(); | 107 EnsureNSSInit(); |
| 142 | 108 |
| 143 ScopedPK11Slot slot(GetTempKeySlot()); | 109 ScopedPK11Slot slot(PK11_GetInternalSlot()); |
| 144 if (!slot) | 110 if (!slot) |
| 145 return nullptr; | 111 return nullptr; |
| 146 | 112 |
| 147 scoped_ptr<ECPrivateKey> result(new ECPrivateKey); | 113 scoped_ptr<ECPrivateKey> result(new ECPrivateKey); |
| 148 | 114 |
| 149 SECItem encoded_spki = { | 115 SECItem encoded_spki = { |
| 150 siBuffer, | 116 siBuffer, |
| 151 const_cast<unsigned char*>(&subject_public_key_info[0]), | 117 const_cast<unsigned char*>(&subject_public_key_info[0]), |
| 152 static_cast<unsigned>(subject_public_key_info.size()) | 118 static_cast<unsigned>(subject_public_key_info.size()) |
| 153 }; | 119 }; |
| (...skipping 194 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 348 return ReadAttribute(key_, CKA_VALUE, output); | 314 return ReadAttribute(key_, CKA_VALUE, output); |
| 349 } | 315 } |
| 350 | 316 |
| 351 bool ECPrivateKey::ExportECParams(std::vector<uint8>* output) { | 317 bool ECPrivateKey::ExportECParams(std::vector<uint8>* output) { |
| 352 return ReadAttribute(key_, CKA_EC_PARAMS, output); | 318 return ReadAttribute(key_, CKA_EC_PARAMS, output); |
| 353 } | 319 } |
| 354 | 320 |
| 355 ECPrivateKey::ECPrivateKey() : key_(NULL), public_key_(NULL) {} | 321 ECPrivateKey::ECPrivateKey() : key_(NULL), public_key_(NULL) {} |
| 356 | 322 |
| 357 } // namespace crypto | 323 } // namespace crypto |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1408813002:
Remove crypto::ECPrivateKey::IsSupported. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master