| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "crypto/ec_private_key.h" | 5 #include "crypto/ec_private_key.h" |
| 6 | 6 |
| 7 #include <openssl/bio.h> |
| 8 #include <openssl/bn.h> |
| 7 #include <openssl/bytestring.h> | 9 #include <openssl/bytestring.h> |
| 8 #include <openssl/ec.h> | 10 #include <openssl/ec.h> |
| 11 #include <openssl/ec_key.h> |
| 9 #include <openssl/evp.h> | 12 #include <openssl/evp.h> |
| 10 #include <openssl/mem.h> | 13 #include <openssl/mem.h> |
| 11 #include <openssl/pkcs12.h> | 14 #include <openssl/pkcs12.h> |
| 12 #include <openssl/x509.h> | 15 #include <openssl/x509.h> |
| 13 #include <stddef.h> | 16 #include <stddef.h> |
| 14 #include <stdint.h> | 17 #include <stdint.h> |
| 15 | 18 |
| 19 #include <utility> |
| 20 |
| 16 #include "base/logging.h" | 21 #include "base/logging.h" |
| 17 #include "crypto/auto_cbb.h" | |
| 18 #include "crypto/openssl_util.h" | 22 #include "crypto/openssl_util.h" |
| 19 #include "crypto/scoped_openssl_types.h" | |
| 20 | 23 |
| 21 namespace crypto { | 24 namespace crypto { |
| 22 | 25 |
| 23 namespace { | 26 namespace { |
| 24 | 27 |
| 25 // Function pointer definition, for injecting the required key export function | 28 // Function pointer definition, for injecting the required key export function |
| 26 // into ExportKeyWithBio, below. |bio| is a temporary memory BIO object, and | 29 // into ExportKeyWithBio, below. |bio| is a temporary memory BIO object, and |
| 27 // |key| is a handle to the input key object. Return 1 on success, 0 otherwise. | 30 // |key| is a handle to the input key object. Return 1 on success, 0 otherwise. |
| 28 // NOTE: Used with OpenSSL functions, which do not comply with the Chromium | 31 // NOTE: Used with OpenSSL functions, which do not comply with the Chromium |
| 29 // style guide, hence the unusual parameter placement / types. | 32 // style guide, hence the unusual parameter placement / types. |
| 30 typedef int (*ExportBioFunction)(BIO* bio, const void* key); | 33 typedef int (*ExportBioFunction)(BIO* bio, const void* key); |
| 31 | 34 |
| 32 using ScopedPKCS8_PRIV_KEY_INFO = | |
| 33 ScopedOpenSSL<PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_free>; | |
| 34 using ScopedX509_SIG = ScopedOpenSSL<X509_SIG, X509_SIG_free>; | |
| 35 | |
| 36 // Helper to export |key| into |output| via the specified ExportBioFunction. | 35 // Helper to export |key| into |output| via the specified ExportBioFunction. |
| 37 bool ExportKeyWithBio(const void* key, | 36 bool ExportKeyWithBio(const void* key, |
| 38 ExportBioFunction export_fn, | 37 ExportBioFunction export_fn, |
| 39 std::vector<uint8_t>* output) { | 38 std::vector<uint8_t>* output) { |
| 40 if (!key) | 39 if (!key) |
| 41 return false; | 40 return false; |
| 42 | 41 |
| 43 ScopedBIO bio(BIO_new(BIO_s_mem())); | 42 bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_mem())); |
| 44 if (!bio) | 43 if (!bio) |
| 45 return false; | 44 return false; |
| 46 | 45 |
| 47 if (!export_fn(bio.get(), key)) | 46 if (!export_fn(bio.get(), key)) |
| 48 return false; | 47 return false; |
| 49 | 48 |
| 50 char* data = nullptr; | 49 char* data = nullptr; |
| 51 long len = BIO_get_mem_data(bio.get(), &data); | 50 long len = BIO_get_mem_data(bio.get(), &data); |
| 52 if (!data || len < 0) | 51 if (!data || len < 0) |
| 53 return false; | 52 return false; |
| 54 | 53 |
| 55 output->assign(data, data + len); | 54 output->assign(data, data + len); |
| 56 return true; | 55 return true; |
| 57 } | 56 } |
| 58 | 57 |
| 59 } // namespace | 58 } // namespace |
| 60 | 59 |
| 61 ECPrivateKey::~ECPrivateKey() { | 60 ECPrivateKey::~ECPrivateKey() {} |
| 62 if (key_) | |
| 63 EVP_PKEY_free(key_); | |
| 64 } | |
| 65 | 61 |
| 66 // static | 62 // static |
| 67 std::unique_ptr<ECPrivateKey> ECPrivateKey::Create() { | 63 std::unique_ptr<ECPrivateKey> ECPrivateKey::Create() { |
| 68 OpenSSLErrStackTracer err_tracer(FROM_HERE); | 64 OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| 69 | 65 |
| 70 ScopedEC_KEY ec_key(EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); | 66 bssl::UniquePtr<EC_KEY> ec_key( |
| 67 EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); |
| 71 if (!ec_key || !EC_KEY_generate_key(ec_key.get())) | 68 if (!ec_key || !EC_KEY_generate_key(ec_key.get())) |
| 72 return nullptr; | 69 return nullptr; |
| 73 | 70 |
| 74 std::unique_ptr<ECPrivateKey> result(new ECPrivateKey()); | 71 std::unique_ptr<ECPrivateKey> result(new ECPrivateKey()); |
| 75 result->key_ = EVP_PKEY_new(); | 72 result->key_.reset(EVP_PKEY_new()); |
| 76 if (!result->key_ || !EVP_PKEY_set1_EC_KEY(result->key_, ec_key.get())) | 73 if (!result->key_ || !EVP_PKEY_set1_EC_KEY(result->key_.get(), ec_key.get())) |
| 77 return nullptr; | 74 return nullptr; |
| 78 | 75 |
| 79 CHECK_EQ(EVP_PKEY_EC, EVP_PKEY_id(result->key_)); | 76 CHECK_EQ(EVP_PKEY_EC, EVP_PKEY_id(result->key_.get())); |
| 80 return result; | 77 return result; |
| 81 } | 78 } |
| 82 | 79 |
| 83 // static | 80 // static |
| 84 std::unique_ptr<ECPrivateKey> ECPrivateKey::CreateFromPrivateKeyInfo( | 81 std::unique_ptr<ECPrivateKey> ECPrivateKey::CreateFromPrivateKeyInfo( |
| 85 const std::vector<uint8_t>& input) { | 82 const std::vector<uint8_t>& input) { |
| 86 OpenSSLErrStackTracer err_tracer(FROM_HERE); | 83 OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| 87 | 84 |
| 88 CBS cbs; | 85 CBS cbs; |
| 89 CBS_init(&cbs, input.data(), input.size()); | 86 CBS_init(&cbs, input.data(), input.size()); |
| 90 ScopedEVP_PKEY pkey(EVP_parse_private_key(&cbs)); | 87 bssl::UniquePtr<EVP_PKEY> pkey(EVP_parse_private_key(&cbs)); |
| 91 if (!pkey || CBS_len(&cbs) != 0 || EVP_PKEY_id(pkey.get()) != EVP_PKEY_EC) | 88 if (!pkey || CBS_len(&cbs) != 0 || EVP_PKEY_id(pkey.get()) != EVP_PKEY_EC) |
| 92 return nullptr; | 89 return nullptr; |
| 93 | 90 |
| 94 std::unique_ptr<ECPrivateKey> result(new ECPrivateKey()); | 91 std::unique_ptr<ECPrivateKey> result(new ECPrivateKey()); |
| 95 result->key_ = pkey.release(); | 92 result->key_ = std::move(pkey); |
| 96 return result; | 93 return result; |
| 97 } | 94 } |
| 98 | 95 |
| 99 // static | 96 // static |
| 100 std::unique_ptr<ECPrivateKey> ECPrivateKey::CreateFromEncryptedPrivateKeyInfo( | 97 std::unique_ptr<ECPrivateKey> ECPrivateKey::CreateFromEncryptedPrivateKeyInfo( |
| 101 const std::string& password, | 98 const std::string& password, |
| 102 const std::vector<uint8_t>& encrypted_private_key_info, | 99 const std::vector<uint8_t>& encrypted_private_key_info, |
| 103 const std::vector<uint8_t>& subject_public_key_info) { | 100 const std::vector<uint8_t>& subject_public_key_info) { |
| 104 // NOTE: The |subject_public_key_info| can be ignored here, it is only | 101 // NOTE: The |subject_public_key_info| can be ignored here, it is only |
| 105 // useful for the NSS implementation (which uses the public key's SHA1 | 102 // useful for the NSS implementation (which uses the public key's SHA1 |
| 106 // as a lookup key when storing the private one in its store). | 103 // as a lookup key when storing the private one in its store). |
| 107 if (encrypted_private_key_info.empty()) | 104 if (encrypted_private_key_info.empty()) |
| 108 return nullptr; | 105 return nullptr; |
| 109 | 106 |
| 110 OpenSSLErrStackTracer err_tracer(FROM_HERE); | 107 OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| 111 | 108 |
| 112 const uint8_t* data = &encrypted_private_key_info[0]; | 109 const uint8_t* data = &encrypted_private_key_info[0]; |
| 113 const uint8_t* ptr = data; | 110 const uint8_t* ptr = data; |
| 114 ScopedX509_SIG p8_encrypted( | 111 bssl::UniquePtr<X509_SIG> p8_encrypted( |
| 115 d2i_X509_SIG(nullptr, &ptr, encrypted_private_key_info.size())); | 112 d2i_X509_SIG(nullptr, &ptr, encrypted_private_key_info.size())); |
| 116 if (!p8_encrypted || ptr != data + encrypted_private_key_info.size()) | 113 if (!p8_encrypted || ptr != data + encrypted_private_key_info.size()) |
| 117 return nullptr; | 114 return nullptr; |
| 118 | 115 |
| 119 ScopedPKCS8_PRIV_KEY_INFO p8_decrypted; | 116 bssl::UniquePtr<PKCS8_PRIV_KEY_INFO> p8_decrypted; |
| 120 if (password.empty()) { | 117 if (password.empty()) { |
| 121 // Hack for reading keys generated by an older version of the OpenSSL | 118 // Hack for reading keys generated by an older version of the OpenSSL |
| 122 // code. OpenSSL used to use "\0\0" rather than the empty string because it | 119 // code. OpenSSL used to use "\0\0" rather than the empty string because it |
| 123 // would treat the password as an ASCII string to be converted to UCS-2 | 120 // would treat the password as an ASCII string to be converted to UCS-2 |
| 124 // while NSS used a byte string. | 121 // while NSS used a byte string. |
| 125 p8_decrypted.reset(PKCS8_decrypt_pbe( | 122 p8_decrypted.reset(PKCS8_decrypt_pbe( |
| 126 p8_encrypted.get(), reinterpret_cast<const uint8_t*>("\0\0"), 2)); | 123 p8_encrypted.get(), reinterpret_cast<const uint8_t*>("\0\0"), 2)); |
| 127 } | 124 } |
| 128 if (!p8_decrypted) { | 125 if (!p8_decrypted) { |
| 129 p8_decrypted.reset(PKCS8_decrypt_pbe( | 126 p8_decrypted.reset(PKCS8_decrypt_pbe( |
| 130 p8_encrypted.get(), | 127 p8_encrypted.get(), |
| 131 reinterpret_cast<const uint8_t*>(password.data()), | 128 reinterpret_cast<const uint8_t*>(password.data()), |
| 132 password.size())); | 129 password.size())); |
| 133 } | 130 } |
| 134 | 131 |
| 135 if (!p8_decrypted) | 132 if (!p8_decrypted) |
| 136 return nullptr; | 133 return nullptr; |
| 137 | 134 |
| 138 // Create a new EVP_PKEY for it. | 135 // Create a new EVP_PKEY for it. |
| 139 std::unique_ptr<ECPrivateKey> result(new ECPrivateKey()); | 136 std::unique_ptr<ECPrivateKey> result(new ECPrivateKey()); |
| 140 result->key_ = EVP_PKCS82PKEY(p8_decrypted.get()); | 137 result->key_.reset(EVP_PKCS82PKEY(p8_decrypted.get())); |
| 141 if (!result->key_ || EVP_PKEY_id(result->key_) != EVP_PKEY_EC) | 138 if (!result->key_ || EVP_PKEY_id(result->key_.get()) != EVP_PKEY_EC) |
| 142 return nullptr; | 139 return nullptr; |
| 143 | 140 |
| 144 return result; | 141 return result; |
| 145 } | 142 } |
| 146 | 143 |
| 147 std::unique_ptr<ECPrivateKey> ECPrivateKey::Copy() const { | 144 std::unique_ptr<ECPrivateKey> ECPrivateKey::Copy() const { |
| 148 std::unique_ptr<ECPrivateKey> copy(new ECPrivateKey()); | 145 std::unique_ptr<ECPrivateKey> copy(new ECPrivateKey()); |
| 149 if (key_) { | 146 if (key_) { |
| 150 EVP_PKEY_up_ref(key_); | 147 EVP_PKEY_up_ref(key_.get()); |
| 151 copy->key_ = key_; | 148 copy->key_.reset(key_.get()); |
| 152 } | 149 } |
| 153 return copy; | 150 return copy; |
| 154 } | 151 } |
| 155 | 152 |
| 156 bool ECPrivateKey::ExportPrivateKey(std::vector<uint8_t>* output) const { | 153 bool ECPrivateKey::ExportPrivateKey(std::vector<uint8_t>* output) const { |
| 157 OpenSSLErrStackTracer err_tracer(FROM_HERE); | 154 OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| 158 uint8_t* der; | 155 uint8_t* der; |
| 159 size_t der_len; | 156 size_t der_len; |
| 160 AutoCBB cbb; | 157 bssl::ScopedCBB cbb; |
| 161 if (!CBB_init(cbb.get(), 0) || !EVP_marshal_private_key(cbb.get(), key_) || | 158 if (!CBB_init(cbb.get(), 0) || |
| 159 !EVP_marshal_private_key(cbb.get(), key_.get()) || |
| 162 !CBB_finish(cbb.get(), &der, &der_len)) { | 160 !CBB_finish(cbb.get(), &der, &der_len)) { |
| 163 return false; | 161 return false; |
| 164 } | 162 } |
| 165 output->assign(der, der + der_len); | 163 output->assign(der, der + der_len); |
| 166 OPENSSL_free(der); | 164 OPENSSL_free(der); |
| 167 return true; | 165 return true; |
| 168 } | 166 } |
| 169 | 167 |
| 170 bool ECPrivateKey::ExportEncryptedPrivateKey( | 168 bool ECPrivateKey::ExportEncryptedPrivateKey( |
| 171 const std::string& password, | 169 const std::string& password, |
| 172 int iterations, | 170 int iterations, |
| 173 std::vector<uint8_t>* output) const { | 171 std::vector<uint8_t>* output) const { |
| 174 OpenSSLErrStackTracer err_tracer(FROM_HERE); | 172 OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| 175 // Convert into a PKCS#8 object. | 173 // Convert into a PKCS#8 object. |
| 176 ScopedPKCS8_PRIV_KEY_INFO pkcs8(EVP_PKEY2PKCS8(key_)); | 174 bssl::UniquePtr<PKCS8_PRIV_KEY_INFO> pkcs8(EVP_PKEY2PKCS8(key_.get())); |
| 177 if (!pkcs8) | 175 if (!pkcs8) |
| 178 return false; | 176 return false; |
| 179 | 177 |
| 180 // Encrypt the object. | 178 // Encrypt the object. |
| 181 // NOTE: NSS uses SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC | 179 // NOTE: NSS uses SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC |
| 182 // so use NID_pbe_WithSHA1And3_Key_TripleDES_CBC which should be the OpenSSL | 180 // so use NID_pbe_WithSHA1And3_Key_TripleDES_CBC which should be the OpenSSL |
| 183 // equivalent. | 181 // equivalent. |
| 184 ScopedX509_SIG encrypted(PKCS8_encrypt_pbe( | 182 bssl::UniquePtr<X509_SIG> encrypted( |
| 185 NID_pbe_WithSHA1And3_Key_TripleDES_CBC, | 183 PKCS8_encrypt_pbe(NID_pbe_WithSHA1And3_Key_TripleDES_CBC, nullptr, |
| 186 nullptr, | 184 reinterpret_cast<const uint8_t*>(password.data()), |
| 187 reinterpret_cast<const uint8_t*>(password.data()), | 185 password.size(), nullptr, 0, iterations, pkcs8.get())); |
| 188 password.size(), | |
| 189 nullptr, | |
| 190 0, | |
| 191 iterations, | |
| 192 pkcs8.get())); | |
| 193 if (!encrypted) | 186 if (!encrypted) |
| 194 return false; | 187 return false; |
| 195 | 188 |
| 196 // Write it into |*output| | 189 // Write it into |*output| |
| 197 return ExportKeyWithBio(encrypted.get(), | 190 return ExportKeyWithBio(encrypted.get(), |
| 198 reinterpret_cast<ExportBioFunction>(i2d_PKCS8_bio), | 191 reinterpret_cast<ExportBioFunction>(i2d_PKCS8_bio), |
| 199 output); | 192 output); |
| 200 } | 193 } |
| 201 | 194 |
| 202 bool ECPrivateKey::ExportPublicKey(std::vector<uint8_t>* output) const { | 195 bool ECPrivateKey::ExportPublicKey(std::vector<uint8_t>* output) const { |
| 203 OpenSSLErrStackTracer err_tracer(FROM_HERE); | 196 OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| 204 uint8_t *der; | 197 uint8_t *der; |
| 205 size_t der_len; | 198 size_t der_len; |
| 206 AutoCBB cbb; | 199 bssl::ScopedCBB cbb; |
| 207 if (!CBB_init(cbb.get(), 0) || | 200 if (!CBB_init(cbb.get(), 0) || |
| 208 !EVP_marshal_public_key(cbb.get(), key_) || | 201 !EVP_marshal_public_key(cbb.get(), key_.get()) || |
| 209 !CBB_finish(cbb.get(), &der, &der_len)) { | 202 !CBB_finish(cbb.get(), &der, &der_len)) { |
| 210 return false; | 203 return false; |
| 211 } | 204 } |
| 212 output->assign(der, der + der_len); | 205 output->assign(der, der + der_len); |
| 213 OPENSSL_free(der); | 206 OPENSSL_free(der); |
| 214 return true; | 207 return true; |
| 215 } | 208 } |
| 216 | 209 |
| 217 bool ECPrivateKey::ExportRawPublicKey(std::string* output) const { | 210 bool ECPrivateKey::ExportRawPublicKey(std::string* output) const { |
| 218 OpenSSLErrStackTracer err_tracer(FROM_HERE); | 211 OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| 219 | 212 |
| 220 // Export the x and y field elements as 32-byte, big-endian numbers. (This is | 213 // Export the x and y field elements as 32-byte, big-endian numbers. (This is |
| 221 // the same as X9.62 uncompressed form without the leading 0x04 byte.) | 214 // the same as X9.62 uncompressed form without the leading 0x04 byte.) |
| 222 EC_KEY* ec_key = EVP_PKEY_get0_EC_KEY(key_); | 215 EC_KEY* ec_key = EVP_PKEY_get0_EC_KEY(key_.get()); |
| 223 ScopedBIGNUM x(BN_new()); | 216 bssl::UniquePtr<BIGNUM> x(BN_new()); |
| 224 ScopedBIGNUM y(BN_new()); | 217 bssl::UniquePtr<BIGNUM> y(BN_new()); |
| 225 uint8_t buf[64]; | 218 uint8_t buf[64]; |
| 226 if (!x || !y || | 219 if (!x || !y || |
| 227 !EC_POINT_get_affine_coordinates_GFp(EC_KEY_get0_group(ec_key), | 220 !EC_POINT_get_affine_coordinates_GFp(EC_KEY_get0_group(ec_key), |
| 228 EC_KEY_get0_public_key(ec_key), | 221 EC_KEY_get0_public_key(ec_key), |
| 229 x.get(), y.get(), nullptr) || | 222 x.get(), y.get(), nullptr) || |
| 230 !BN_bn2bin_padded(buf, 32, x.get()) || | 223 !BN_bn2bin_padded(buf, 32, x.get()) || |
| 231 !BN_bn2bin_padded(buf + 32, 32, y.get())) { | 224 !BN_bn2bin_padded(buf + 32, 32, y.get())) { |
| 232 return false; | 225 return false; |
| 233 } | 226 } |
| 234 | 227 |
| 235 output->assign(reinterpret_cast<const char*>(buf), sizeof(buf)); | 228 output->assign(reinterpret_cast<const char*>(buf), sizeof(buf)); |
| 236 return true; | 229 return true; |
| 237 } | 230 } |
| 238 | 231 |
| 239 ECPrivateKey::ECPrivateKey() : key_(nullptr) {} | 232 ECPrivateKey::ECPrivateKey() {} |
| 240 | 233 |
| 241 } // namespace crypto | 234 } // namespace crypto |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2332473002:
Use new BoringSSL scopers in //crypto (Closed)
