OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "crypto/rsa_private_key.h" | 5 #include "crypto/rsa_private_key.h" |
6 | 6 |
7 #include <openssl/bio.h> | 7 #include <openssl/bytestring.h> |
8 #include <openssl/bn.h> | 8 #include <openssl/bn.h> |
9 #include <openssl/evp.h> | 9 #include <openssl/evp.h> |
10 #include <openssl/pkcs12.h> | 10 #include <openssl/mem.h> |
11 #include <openssl/rsa.h> | 11 #include <openssl/rsa.h> |
12 #include <stdint.h> | 12 #include <stdint.h> |
13 | 13 |
14 #include "base/logging.h" | 14 #include "base/logging.h" |
15 #include "base/memory/scoped_ptr.h" | 15 #include "base/memory/scoped_ptr.h" |
| 16 #include "crypto/auto_cbb.h" |
16 #include "crypto/openssl_util.h" | 17 #include "crypto/openssl_util.h" |
17 #include "crypto/scoped_openssl_types.h" | 18 #include "crypto/scoped_openssl_types.h" |
18 | 19 |
19 namespace crypto { | 20 namespace crypto { |
20 | 21 |
21 namespace { | |
22 | |
23 using ScopedPKCS8_PRIV_KEY_INFO = | |
24 ScopedOpenSSL<PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_free>; | |
25 | |
26 // Function pointer definition, for injecting the required key export function | |
27 // into ExportKey, below. The supplied function should export EVP_PKEY into | |
28 // the supplied BIO, returning 1 on success or 0 on failure. | |
29 using ExportFunction = int (*)(BIO*, EVP_PKEY*); | |
30 | |
31 // Helper to export |key| into |output| via the specified ExportFunction. | |
32 bool ExportKey(EVP_PKEY* key, | |
33 ExportFunction export_fn, | |
34 std::vector<uint8_t>* output) { | |
35 if (!key) | |
36 return false; | |
37 | |
38 OpenSSLErrStackTracer err_tracer(FROM_HERE); | |
39 ScopedBIO bio(BIO_new(BIO_s_mem())); | |
40 | |
41 int res = export_fn(bio.get(), key); | |
42 if (!res) | |
43 return false; | |
44 | |
45 char* data = NULL; | |
46 long len = BIO_get_mem_data(bio.get(), &data); | |
47 if (!data || len < 0) | |
48 return false; | |
49 | |
50 output->assign(data, data + len); | |
51 return true; | |
52 } | |
53 | |
54 } // namespace | |
55 | |
56 // static | 22 // static |
57 RSAPrivateKey* RSAPrivateKey::Create(uint16_t num_bits) { | 23 RSAPrivateKey* RSAPrivateKey::Create(uint16_t num_bits) { |
58 OpenSSLErrStackTracer err_tracer(FROM_HERE); | 24 OpenSSLErrStackTracer err_tracer(FROM_HERE); |
59 | 25 |
60 ScopedRSA rsa_key(RSA_new()); | 26 ScopedRSA rsa_key(RSA_new()); |
61 ScopedBIGNUM bn(BN_new()); | 27 ScopedBIGNUM bn(BN_new()); |
62 if (!rsa_key.get() || !bn.get() || !BN_set_word(bn.get(), 65537L)) | 28 if (!rsa_key.get() || !bn.get() || !BN_set_word(bn.get(), 65537L)) |
63 return NULL; | 29 return NULL; |
64 | 30 |
65 if (!RSA_generate_key_ex(rsa_key.get(), num_bits, bn.get(), NULL)) | 31 if (!RSA_generate_key_ex(rsa_key.get(), num_bits, bn.get(), NULL)) |
66 return NULL; | 32 return NULL; |
67 | 33 |
68 scoped_ptr<RSAPrivateKey> result(new RSAPrivateKey); | 34 scoped_ptr<RSAPrivateKey> result(new RSAPrivateKey); |
69 result->key_ = EVP_PKEY_new(); | 35 result->key_ = EVP_PKEY_new(); |
70 if (!result->key_ || !EVP_PKEY_set1_RSA(result->key_, rsa_key.get())) | 36 if (!result->key_ || !EVP_PKEY_set1_RSA(result->key_, rsa_key.get())) |
71 return NULL; | 37 return NULL; |
72 | 38 |
73 return result.release(); | 39 return result.release(); |
74 } | 40 } |
75 | 41 |
76 // static | 42 // static |
77 RSAPrivateKey* RSAPrivateKey::CreateFromPrivateKeyInfo( | 43 RSAPrivateKey* RSAPrivateKey::CreateFromPrivateKeyInfo( |
78 const std::vector<uint8_t>& input) { | 44 const std::vector<uint8_t>& input) { |
79 if (input.empty()) | |
80 return NULL; | |
81 | |
82 OpenSSLErrStackTracer err_tracer(FROM_HERE); | 45 OpenSSLErrStackTracer err_tracer(FROM_HERE); |
83 | 46 |
84 // Importing is a little more involved than exporting, as we must first | 47 CBS cbs; |
85 // PKCS#8 decode the input, and then import the EVP_PKEY from Private Key | 48 CBS_init(&cbs, input.data(), input.size()); |
86 // Info structure returned. | 49 ScopedEVP_PKEY pkey(EVP_parse_private_key(&cbs)); |
87 const uint8_t* ptr = &input[0]; | 50 if (!pkey || CBS_len(&cbs) != 0 || EVP_PKEY_id(pkey.get()) != EVP_PKEY_RSA) |
88 ScopedPKCS8_PRIV_KEY_INFO p8inf( | 51 return nullptr; |
89 d2i_PKCS8_PRIV_KEY_INFO(nullptr, &ptr, input.size())); | |
90 if (!p8inf.get() || ptr != &input[0] + input.size()) | |
91 return NULL; | |
92 | 52 |
93 scoped_ptr<RSAPrivateKey> result(new RSAPrivateKey); | 53 scoped_ptr<RSAPrivateKey> result(new RSAPrivateKey); |
94 result->key_ = EVP_PKCS82PKEY(p8inf.get()); | 54 result->key_ = pkey.release(); |
95 if (!result->key_ || EVP_PKEY_id(result->key_) != EVP_PKEY_RSA) | |
96 return NULL; | |
97 | |
98 return result.release(); | 55 return result.release(); |
99 } | 56 } |
100 | 57 |
101 // static | 58 // static |
102 RSAPrivateKey* RSAPrivateKey::CreateFromKey(EVP_PKEY* key) { | 59 RSAPrivateKey* RSAPrivateKey::CreateFromKey(EVP_PKEY* key) { |
103 DCHECK(key); | 60 DCHECK(key); |
104 if (EVP_PKEY_type(key->type) != EVP_PKEY_RSA) | 61 if (EVP_PKEY_type(key->type) != EVP_PKEY_RSA) |
105 return NULL; | 62 return NULL; |
106 RSAPrivateKey* copy = new RSAPrivateKey(); | 63 RSAPrivateKey* copy = new RSAPrivateKey(); |
107 copy->key_ = EVP_PKEY_up_ref(key); | 64 copy->key_ = EVP_PKEY_up_ref(key); |
(...skipping 14 matching lines...) Expand all Loading... |
122 ScopedRSA rsa(EVP_PKEY_get1_RSA(key_)); | 79 ScopedRSA rsa(EVP_PKEY_get1_RSA(key_)); |
123 if (!rsa) | 80 if (!rsa) |
124 return NULL; | 81 return NULL; |
125 copy->key_ = EVP_PKEY_new(); | 82 copy->key_ = EVP_PKEY_new(); |
126 if (!EVP_PKEY_set1_RSA(copy->key_, rsa.get())) | 83 if (!EVP_PKEY_set1_RSA(copy->key_, rsa.get())) |
127 return NULL; | 84 return NULL; |
128 return copy.release(); | 85 return copy.release(); |
129 } | 86 } |
130 | 87 |
131 bool RSAPrivateKey::ExportPrivateKey(std::vector<uint8_t>* output) const { | 88 bool RSAPrivateKey::ExportPrivateKey(std::vector<uint8_t>* output) const { |
132 return ExportKey(key_, i2d_PKCS8PrivateKeyInfo_bio, output); | 89 uint8_t *der; |
| 90 size_t der_len; |
| 91 AutoCBB cbb; |
| 92 if (!CBB_init(cbb.get(), 0) || |
| 93 !EVP_marshal_private_key(cbb.get(), key_) || |
| 94 !CBB_finish(cbb.get(), &der, &der_len)) { |
| 95 return false; |
| 96 } |
| 97 output->assign(der, der + der_len); |
| 98 OPENSSL_free(der); |
| 99 return true; |
133 } | 100 } |
134 | 101 |
135 bool RSAPrivateKey::ExportPublicKey(std::vector<uint8_t>* output) const { | 102 bool RSAPrivateKey::ExportPublicKey(std::vector<uint8_t>* output) const { |
136 return ExportKey(key_, i2d_PUBKEY_bio, output); | 103 uint8_t *der; |
| 104 size_t der_len; |
| 105 AutoCBB cbb; |
| 106 if (!CBB_init(cbb.get(), 0) || |
| 107 !EVP_marshal_public_key(cbb.get(), key_) || |
| 108 !CBB_finish(cbb.get(), &der, &der_len)) { |
| 109 return false; |
| 110 } |
| 111 output->assign(der, der + der_len); |
| 112 OPENSSL_free(der); |
| 113 return true; |
137 } | 114 } |
138 | 115 |
139 } // namespace crypto | 116 } // namespace crypto |
OLD | NEW |