Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(292)

Side by Side Diff: crypto/ec_private_key.cc

Issue 2332473002: Use new BoringSSL scopers in //crypto (Closed)
Patch Set: typo Created 4 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "crypto/ec_private_key.h" 5 #include "crypto/ec_private_key.h"
6 6
7 #include <openssl/bio.h>
8 #include <openssl/bn.h>
7 #include <openssl/bytestring.h> 9 #include <openssl/bytestring.h>
8 #include <openssl/ec.h> 10 #include <openssl/ec.h>
11 #include <openssl/ec_key.h>
9 #include <openssl/evp.h> 12 #include <openssl/evp.h>
10 #include <openssl/mem.h> 13 #include <openssl/mem.h>
11 #include <openssl/pkcs12.h> 14 #include <openssl/pkcs12.h>
12 #include <openssl/x509.h> 15 #include <openssl/x509.h>
13 #include <stddef.h> 16 #include <stddef.h>
14 #include <stdint.h> 17 #include <stdint.h>
15 18
19 #include <utility>
20
16 #include "base/logging.h" 21 #include "base/logging.h"
17 #include "crypto/auto_cbb.h"
18 #include "crypto/openssl_util.h" 22 #include "crypto/openssl_util.h"
19 #include "crypto/scoped_openssl_types.h"
20 23
21 namespace crypto { 24 namespace crypto {
22 25
23 namespace { 26 namespace {
24 27
25 // Function pointer definition, for injecting the required key export function 28 // Function pointer definition, for injecting the required key export function
26 // into ExportKeyWithBio, below. |bio| is a temporary memory BIO object, and 29 // into ExportKeyWithBio, below. |bio| is a temporary memory BIO object, and
27 // |key| is a handle to the input key object. Return 1 on success, 0 otherwise. 30 // |key| is a handle to the input key object. Return 1 on success, 0 otherwise.
28 // NOTE: Used with OpenSSL functions, which do not comply with the Chromium 31 // NOTE: Used with OpenSSL functions, which do not comply with the Chromium
29 // style guide, hence the unusual parameter placement / types. 32 // style guide, hence the unusual parameter placement / types.
30 typedef int (*ExportBioFunction)(BIO* bio, const void* key); 33 typedef int (*ExportBioFunction)(BIO* bio, const void* key);
31 34
32 using ScopedPKCS8_PRIV_KEY_INFO =
33 ScopedOpenSSL<PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_free>;
34 using ScopedX509_SIG = ScopedOpenSSL<X509_SIG, X509_SIG_free>;
35
36 // Helper to export |key| into |output| via the specified ExportBioFunction. 35 // Helper to export |key| into |output| via the specified ExportBioFunction.
37 bool ExportKeyWithBio(const void* key, 36 bool ExportKeyWithBio(const void* key,
38 ExportBioFunction export_fn, 37 ExportBioFunction export_fn,
39 std::vector<uint8_t>* output) { 38 std::vector<uint8_t>* output) {
40 if (!key) 39 if (!key)
41 return false; 40 return false;
42 41
43 ScopedBIO bio(BIO_new(BIO_s_mem())); 42 bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_mem()));
44 if (!bio) 43 if (!bio)
45 return false; 44 return false;
46 45
47 if (!export_fn(bio.get(), key)) 46 if (!export_fn(bio.get(), key))
48 return false; 47 return false;
49 48
50 char* data = nullptr; 49 char* data = nullptr;
51 long len = BIO_get_mem_data(bio.get(), &data); 50 long len = BIO_get_mem_data(bio.get(), &data);
52 if (!data || len < 0) 51 if (!data || len < 0)
53 return false; 52 return false;
54 53
55 output->assign(data, data + len); 54 output->assign(data, data + len);
56 return true; 55 return true;
57 } 56 }
58 57
59 } // namespace 58 } // namespace
60 59
61 ECPrivateKey::~ECPrivateKey() { 60 ECPrivateKey::~ECPrivateKey() {}
62 if (key_)
63 EVP_PKEY_free(key_);
64 }
65 61
66 // static 62 // static
67 std::unique_ptr<ECPrivateKey> ECPrivateKey::Create() { 63 std::unique_ptr<ECPrivateKey> ECPrivateKey::Create() {
68 OpenSSLErrStackTracer err_tracer(FROM_HERE); 64 OpenSSLErrStackTracer err_tracer(FROM_HERE);
69 65
70 ScopedEC_KEY ec_key(EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); 66 bssl::UniquePtr<EC_KEY> ec_key(
67 EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
71 if (!ec_key || !EC_KEY_generate_key(ec_key.get())) 68 if (!ec_key || !EC_KEY_generate_key(ec_key.get()))
72 return nullptr; 69 return nullptr;
73 70
74 std::unique_ptr<ECPrivateKey> result(new ECPrivateKey()); 71 std::unique_ptr<ECPrivateKey> result(new ECPrivateKey());
75 result->key_ = EVP_PKEY_new(); 72 result->key_.reset(EVP_PKEY_new());
76 if (!result->key_ || !EVP_PKEY_set1_EC_KEY(result->key_, ec_key.get())) 73 if (!result->key_ || !EVP_PKEY_set1_EC_KEY(result->key_.get(), ec_key.get()))
77 return nullptr; 74 return nullptr;
78 75
79 CHECK_EQ(EVP_PKEY_EC, EVP_PKEY_id(result->key_)); 76 CHECK_EQ(EVP_PKEY_EC, EVP_PKEY_id(result->key_.get()));
80 return result; 77 return result;
81 } 78 }
82 79
83 // static 80 // static
84 std::unique_ptr<ECPrivateKey> ECPrivateKey::CreateFromPrivateKeyInfo( 81 std::unique_ptr<ECPrivateKey> ECPrivateKey::CreateFromPrivateKeyInfo(
85 const std::vector<uint8_t>& input) { 82 const std::vector<uint8_t>& input) {
86 OpenSSLErrStackTracer err_tracer(FROM_HERE); 83 OpenSSLErrStackTracer err_tracer(FROM_HERE);
87 84
88 CBS cbs; 85 CBS cbs;
89 CBS_init(&cbs, input.data(), input.size()); 86 CBS_init(&cbs, input.data(), input.size());
90 ScopedEVP_PKEY pkey(EVP_parse_private_key(&cbs)); 87 bssl::UniquePtr<EVP_PKEY> pkey(EVP_parse_private_key(&cbs));
91 if (!pkey || CBS_len(&cbs) != 0 || EVP_PKEY_id(pkey.get()) != EVP_PKEY_EC) 88 if (!pkey || CBS_len(&cbs) != 0 || EVP_PKEY_id(pkey.get()) != EVP_PKEY_EC)
92 return nullptr; 89 return nullptr;
93 90
94 std::unique_ptr<ECPrivateKey> result(new ECPrivateKey()); 91 std::unique_ptr<ECPrivateKey> result(new ECPrivateKey());
95 result->key_ = pkey.release(); 92 result->key_ = std::move(pkey);
96 return result; 93 return result;
97 } 94 }
98 95
99 // static 96 // static
100 std::unique_ptr<ECPrivateKey> ECPrivateKey::CreateFromEncryptedPrivateKeyInfo( 97 std::unique_ptr<ECPrivateKey> ECPrivateKey::CreateFromEncryptedPrivateKeyInfo(
101 const std::string& password, 98 const std::string& password,
102 const std::vector<uint8_t>& encrypted_private_key_info, 99 const std::vector<uint8_t>& encrypted_private_key_info,
103 const std::vector<uint8_t>& subject_public_key_info) { 100 const std::vector<uint8_t>& subject_public_key_info) {
104 // NOTE: The |subject_public_key_info| can be ignored here, it is only 101 // NOTE: The |subject_public_key_info| can be ignored here, it is only
105 // useful for the NSS implementation (which uses the public key's SHA1 102 // useful for the NSS implementation (which uses the public key's SHA1
106 // as a lookup key when storing the private one in its store). 103 // as a lookup key when storing the private one in its store).
107 if (encrypted_private_key_info.empty()) 104 if (encrypted_private_key_info.empty())
108 return nullptr; 105 return nullptr;
109 106
110 OpenSSLErrStackTracer err_tracer(FROM_HERE); 107 OpenSSLErrStackTracer err_tracer(FROM_HERE);
111 108
112 const uint8_t* data = &encrypted_private_key_info[0]; 109 const uint8_t* data = &encrypted_private_key_info[0];
113 const uint8_t* ptr = data; 110 const uint8_t* ptr = data;
114 ScopedX509_SIG p8_encrypted( 111 bssl::UniquePtr<X509_SIG> p8_encrypted(
115 d2i_X509_SIG(nullptr, &ptr, encrypted_private_key_info.size())); 112 d2i_X509_SIG(nullptr, &ptr, encrypted_private_key_info.size()));
116 if (!p8_encrypted || ptr != data + encrypted_private_key_info.size()) 113 if (!p8_encrypted || ptr != data + encrypted_private_key_info.size())
117 return nullptr; 114 return nullptr;
118 115
119 ScopedPKCS8_PRIV_KEY_INFO p8_decrypted; 116 bssl::UniquePtr<PKCS8_PRIV_KEY_INFO> p8_decrypted;
120 if (password.empty()) { 117 if (password.empty()) {
121 // Hack for reading keys generated by an older version of the OpenSSL 118 // Hack for reading keys generated by an older version of the OpenSSL
122 // code. OpenSSL used to use "\0\0" rather than the empty string because it 119 // code. OpenSSL used to use "\0\0" rather than the empty string because it
123 // would treat the password as an ASCII string to be converted to UCS-2 120 // would treat the password as an ASCII string to be converted to UCS-2
124 // while NSS used a byte string. 121 // while NSS used a byte string.
125 p8_decrypted.reset(PKCS8_decrypt_pbe( 122 p8_decrypted.reset(PKCS8_decrypt_pbe(
126 p8_encrypted.get(), reinterpret_cast<const uint8_t*>("\0\0"), 2)); 123 p8_encrypted.get(), reinterpret_cast<const uint8_t*>("\0\0"), 2));
127 } 124 }
128 if (!p8_decrypted) { 125 if (!p8_decrypted) {
129 p8_decrypted.reset(PKCS8_decrypt_pbe( 126 p8_decrypted.reset(PKCS8_decrypt_pbe(
130 p8_encrypted.get(), 127 p8_encrypted.get(),
131 reinterpret_cast<const uint8_t*>(password.data()), 128 reinterpret_cast<const uint8_t*>(password.data()),
132 password.size())); 129 password.size()));
133 } 130 }
134 131
135 if (!p8_decrypted) 132 if (!p8_decrypted)
136 return nullptr; 133 return nullptr;
137 134
138 // Create a new EVP_PKEY for it. 135 // Create a new EVP_PKEY for it.
139 std::unique_ptr<ECPrivateKey> result(new ECPrivateKey()); 136 std::unique_ptr<ECPrivateKey> result(new ECPrivateKey());
140 result->key_ = EVP_PKCS82PKEY(p8_decrypted.get()); 137 result->key_.reset(EVP_PKCS82PKEY(p8_decrypted.get()));
141 if (!result->key_ || EVP_PKEY_id(result->key_) != EVP_PKEY_EC) 138 if (!result->key_ || EVP_PKEY_id(result->key_.get()) != EVP_PKEY_EC)
142 return nullptr; 139 return nullptr;
143 140
144 return result; 141 return result;
145 } 142 }
146 143
147 std::unique_ptr<ECPrivateKey> ECPrivateKey::Copy() const { 144 std::unique_ptr<ECPrivateKey> ECPrivateKey::Copy() const {
148 std::unique_ptr<ECPrivateKey> copy(new ECPrivateKey()); 145 std::unique_ptr<ECPrivateKey> copy(new ECPrivateKey());
149 if (key_) { 146 if (key_) {
150 EVP_PKEY_up_ref(key_); 147 EVP_PKEY_up_ref(key_.get());
151 copy->key_ = key_; 148 copy->key_.reset(key_.get());
152 } 149 }
153 return copy; 150 return copy;
154 } 151 }
155 152
156 bool ECPrivateKey::ExportPrivateKey(std::vector<uint8_t>* output) const { 153 bool ECPrivateKey::ExportPrivateKey(std::vector<uint8_t>* output) const {
157 OpenSSLErrStackTracer err_tracer(FROM_HERE); 154 OpenSSLErrStackTracer err_tracer(FROM_HERE);
158 uint8_t* der; 155 uint8_t* der;
159 size_t der_len; 156 size_t der_len;
160 AutoCBB cbb; 157 bssl::ScopedCBB cbb;
161 if (!CBB_init(cbb.get(), 0) || !EVP_marshal_private_key(cbb.get(), key_) || 158 if (!CBB_init(cbb.get(), 0) ||
159 !EVP_marshal_private_key(cbb.get(), key_.get()) ||
162 !CBB_finish(cbb.get(), &der, &der_len)) { 160 !CBB_finish(cbb.get(), &der, &der_len)) {
163 return false; 161 return false;
164 } 162 }
165 output->assign(der, der + der_len); 163 output->assign(der, der + der_len);
166 OPENSSL_free(der); 164 OPENSSL_free(der);
167 return true; 165 return true;
168 } 166 }
169 167
170 bool ECPrivateKey::ExportEncryptedPrivateKey( 168 bool ECPrivateKey::ExportEncryptedPrivateKey(
171 const std::string& password, 169 const std::string& password,
172 int iterations, 170 int iterations,
173 std::vector<uint8_t>* output) const { 171 std::vector<uint8_t>* output) const {
174 OpenSSLErrStackTracer err_tracer(FROM_HERE); 172 OpenSSLErrStackTracer err_tracer(FROM_HERE);
175 // Convert into a PKCS#8 object. 173 // Convert into a PKCS#8 object.
176 ScopedPKCS8_PRIV_KEY_INFO pkcs8(EVP_PKEY2PKCS8(key_)); 174 bssl::UniquePtr<PKCS8_PRIV_KEY_INFO> pkcs8(EVP_PKEY2PKCS8(key_.get()));
177 if (!pkcs8) 175 if (!pkcs8)
178 return false; 176 return false;
179 177
180 // Encrypt the object. 178 // Encrypt the object.
181 // NOTE: NSS uses SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC 179 // NOTE: NSS uses SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC
182 // so use NID_pbe_WithSHA1And3_Key_TripleDES_CBC which should be the OpenSSL 180 // so use NID_pbe_WithSHA1And3_Key_TripleDES_CBC which should be the OpenSSL
183 // equivalent. 181 // equivalent.
184 ScopedX509_SIG encrypted(PKCS8_encrypt_pbe( 182 bssl::UniquePtr<X509_SIG> encrypted(
185 NID_pbe_WithSHA1And3_Key_TripleDES_CBC, 183 PKCS8_encrypt_pbe(NID_pbe_WithSHA1And3_Key_TripleDES_CBC, nullptr,
186 nullptr, 184 reinterpret_cast<const uint8_t*>(password.data()),
187 reinterpret_cast<const uint8_t*>(password.data()), 185 password.size(), nullptr, 0, iterations, pkcs8.get()));
188 password.size(),
189 nullptr,
190 0,
191 iterations,
192 pkcs8.get()));
193 if (!encrypted) 186 if (!encrypted)
194 return false; 187 return false;
195 188
196 // Write it into |*output| 189 // Write it into |*output|
197 return ExportKeyWithBio(encrypted.get(), 190 return ExportKeyWithBio(encrypted.get(),
198 reinterpret_cast<ExportBioFunction>(i2d_PKCS8_bio), 191 reinterpret_cast<ExportBioFunction>(i2d_PKCS8_bio),
199 output); 192 output);
200 } 193 }
201 194
202 bool ECPrivateKey::ExportPublicKey(std::vector<uint8_t>* output) const { 195 bool ECPrivateKey::ExportPublicKey(std::vector<uint8_t>* output) const {
203 OpenSSLErrStackTracer err_tracer(FROM_HERE); 196 OpenSSLErrStackTracer err_tracer(FROM_HERE);
204 uint8_t *der; 197 uint8_t *der;
205 size_t der_len; 198 size_t der_len;
206 AutoCBB cbb; 199 bssl::ScopedCBB cbb;
207 if (!CBB_init(cbb.get(), 0) || 200 if (!CBB_init(cbb.get(), 0) ||
208 !EVP_marshal_public_key(cbb.get(), key_) || 201 !EVP_marshal_public_key(cbb.get(), key_.get()) ||
209 !CBB_finish(cbb.get(), &der, &der_len)) { 202 !CBB_finish(cbb.get(), &der, &der_len)) {
210 return false; 203 return false;
211 } 204 }
212 output->assign(der, der + der_len); 205 output->assign(der, der + der_len);
213 OPENSSL_free(der); 206 OPENSSL_free(der);
214 return true; 207 return true;
215 } 208 }
216 209
217 bool ECPrivateKey::ExportRawPublicKey(std::string* output) const { 210 bool ECPrivateKey::ExportRawPublicKey(std::string* output) const {
218 OpenSSLErrStackTracer err_tracer(FROM_HERE); 211 OpenSSLErrStackTracer err_tracer(FROM_HERE);
219 212
220 // Export the x and y field elements as 32-byte, big-endian numbers. (This is 213 // Export the x and y field elements as 32-byte, big-endian numbers. (This is
221 // the same as X9.62 uncompressed form without the leading 0x04 byte.) 214 // the same as X9.62 uncompressed form without the leading 0x04 byte.)
222 EC_KEY* ec_key = EVP_PKEY_get0_EC_KEY(key_); 215 EC_KEY* ec_key = EVP_PKEY_get0_EC_KEY(key_.get());
223 ScopedBIGNUM x(BN_new()); 216 bssl::UniquePtr<BIGNUM> x(BN_new());
224 ScopedBIGNUM y(BN_new()); 217 bssl::UniquePtr<BIGNUM> y(BN_new());
225 uint8_t buf[64]; 218 uint8_t buf[64];
226 if (!x || !y || 219 if (!x || !y ||
227 !EC_POINT_get_affine_coordinates_GFp(EC_KEY_get0_group(ec_key), 220 !EC_POINT_get_affine_coordinates_GFp(EC_KEY_get0_group(ec_key),
228 EC_KEY_get0_public_key(ec_key), 221 EC_KEY_get0_public_key(ec_key),
229 x.get(), y.get(), nullptr) || 222 x.get(), y.get(), nullptr) ||
230 !BN_bn2bin_padded(buf, 32, x.get()) || 223 !BN_bn2bin_padded(buf, 32, x.get()) ||
231 !BN_bn2bin_padded(buf + 32, 32, y.get())) { 224 !BN_bn2bin_padded(buf + 32, 32, y.get())) {
232 return false; 225 return false;
233 } 226 }
234 227
235 output->assign(reinterpret_cast<const char*>(buf), sizeof(buf)); 228 output->assign(reinterpret_cast<const char*>(buf), sizeof(buf));
236 return true; 229 return true;
237 } 230 }
238 231
239 ECPrivateKey::ECPrivateKey() : key_(nullptr) {} 232 ECPrivateKey::ECPrivateKey() {}
240 233
241 } // namespace crypto 234 } // namespace crypto
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698