OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "crypto/ec_private_key.h" | 5 #include "crypto/ec_private_key.h" |
6 | 6 |
7 #include <openssl/ec.h> | |
8 #include <openssl/evp.h> | |
9 #include <openssl/pkcs12.h> | |
10 #include <openssl/x509.h> | |
11 | |
7 #include "base/logging.h" | 12 #include "base/logging.h" |
13 #include "base/memory/scoped_ptr.h" | |
14 #include "crypto/openssl_util.h" | |
8 | 15 |
9 namespace crypto { | 16 namespace crypto { |
10 | 17 |
11 ECPrivateKey::~ECPrivateKey() {} | 18 namespace { |
12 | 19 |
13 // static | 20 // Function pointer definition, for injecting the required key export function |
14 bool ECPrivateKey::IsSupported() { | 21 // into ExportKeyWithBio, below. |bio| is a temporary memory BIO object, and |
15 return false; | 22 // |key| is a handle to the input key object. Return 1 on success, 0 otherwise. |
23 typedef int (*ExportFunctionWithBio)(BIO* bio, void* key); | |
wtc
2013/10/14 21:45:07
1. Nit: ExportFunctionWithBio => ExportWithBioFunc
digit1
2013/10/15 11:43:44
I've changed it to 'ExportBioFunction' and added a
| |
24 | |
25 // Helper to export |key| into |output| via the specified ExportFunctionWithBio. | |
26 bool ExportKeyWithBio(void* key, | |
wtc
2013/10/14 21:45:07
Nit: can |key| be declared as const void* ?
digit1
2013/10/15 11:43:44
Done.
| |
27 ExportFunctionWithBio export_fn, | |
28 std::vector<uint8>* output) { | |
29 if (!key) | |
30 return false; | |
31 | |
32 // OpenSSLErrStackTracer err_tracer(FROM_HERE); | |
agl
2013/10/14 21:47:31
Uncomment or delete?
digit1
2013/10/15 11:43:44
Deleted. Thanks.
| |
33 ScopedOpenSSL<BIO, BIO_free_all> bio(BIO_new(BIO_s_mem())); | |
34 if (!bio.get()) | |
35 return false; | |
36 | |
37 if (!export_fn(bio.get(), key)) | |
38 return false; | |
39 | |
40 char* data = NULL; | |
41 long len = BIO_get_mem_data(bio.get(), &data); | |
42 if (!data || len < 0) | |
43 return false; | |
44 | |
45 output->assign(data, data + len); | |
46 return true; | |
47 } | |
48 | |
49 // Function pointer definition, for injecting the required key export function | |
50 // into ExportKeyWithData below. |key| is a pointer to the input key object, | |
51 // and |data| is either NULL, or the address of an 'unsigned char*' pointer | |
52 // that points to the start of the output buffer. The function must return | |
53 // the number of bytes required to export the data. | |
wtc
2013/10/14 21:45:07
Nit: Add "return -1 on failure".
digit1
2013/10/15 11:43:44
Done.
| |
54 typedef int (*ExportFunctionWithData)(void* key, unsigned char** data); | |
55 | |
56 // Hlper to export |key| into |output| via the specified export function. | |
wtc
2013/10/14 21:45:07
Typo: Hlper => Helper
agl
2013/10/14 21:47:31
// Helper...
digit1
2013/10/15 11:43:44
Done.
| |
57 bool ExportKeyWithData(void* key, | |
58 ExportFunctionWithData export_fn, | |
59 std::vector<uint8>* output) { | |
60 if (!key) | |
61 return false; | |
62 | |
63 int data_len = export_fn(key, NULL); | |
64 if (data_len < 0) | |
65 return false; | |
66 | |
67 output->resize(static_cast<size_t>(data_len)); | |
68 unsigned char* data = reinterpret_cast<unsigned char*>(&output->front()); | |
wtc
2013/10/14 21:45:07
We can assume uint8 is the same as unsigned char a
digit1
2013/10/15 11:43:44
Done.
| |
69 if (export_fn(key, &data) < 0) | |
70 return false; | |
71 | |
72 return true; | |
73 } | |
74 | |
75 } // namespace | |
76 | |
77 ECPrivateKey::~ECPrivateKey() { | |
78 if (key_) | |
79 EVP_PKEY_free(key_); | |
16 } | 80 } |
17 | 81 |
18 // static | 82 // static |
83 bool ECPrivateKey::IsSupported() { return true; } | |
84 | |
85 // static | |
19 ECPrivateKey* ECPrivateKey::Create() { | 86 ECPrivateKey* ECPrivateKey::Create() { |
20 NOTIMPLEMENTED(); | 87 OpenSSLErrStackTracer err_tracer(FROM_HERE); |
21 return NULL; | 88 |
89 ScopedOpenSSL<EC_KEY, EC_KEY_free> ec_key( | |
90 EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); | |
91 if (!ec_key.get() || !EC_KEY_generate_key(ec_key.get())) | |
92 return NULL; | |
93 | |
94 scoped_ptr<ECPrivateKey> result(new ECPrivateKey()); | |
95 result->key_ = EVP_PKEY_new(); | |
96 if (!result->key_ || !EVP_PKEY_set1_EC_KEY(result->key_, ec_key.get())) | |
97 return NULL; | |
98 | |
99 return result.release(); | |
22 } | 100 } |
23 | 101 |
24 // static | 102 // static |
25 ECPrivateKey* ECPrivateKey::CreateSensitive() { | 103 ECPrivateKey* ECPrivateKey::CreateSensitive() { |
26 NOTIMPLEMENTED(); | 104 NOTIMPLEMENTED(); |
27 return NULL; | 105 return NULL; |
28 } | 106 } |
29 | 107 |
30 // static | 108 // static |
31 ECPrivateKey* ECPrivateKey::CreateFromEncryptedPrivateKeyInfo( | 109 ECPrivateKey* ECPrivateKey::CreateFromEncryptedPrivateKeyInfo( |
32 const std::string& password, | 110 const std::string& password, |
33 const std::vector<uint8>& encrypted_private_key_info, | 111 const std::vector<uint8>& encrypted_private_key_info, |
34 const std::vector<uint8>& subject_public_key_info) { | 112 const std::vector<uint8>& subject_public_key_info) { |
35 NOTIMPLEMENTED(); | 113 if (encrypted_private_key_info.empty() || subject_public_key_info.empty()) { |
36 return NULL; | 114 return NULL; |
115 } | |
wtc
2013/10/14 21:45:07
Nit: omit curly braces.
digit1
2013/10/15 11:43:44
Done.
| |
116 | |
117 OpenSSLErrStackTracer err_tracer(FROM_HERE); | |
118 // Write the encrypted private key into a memory BIO. | |
119 char* private_key_data = reinterpret_cast<char*>( | |
120 const_cast<uint8*>(&encrypted_private_key_info[0])); | |
121 int private_key_data_len = | |
122 static_cast<int>(encrypted_private_key_info.size()); | |
123 ScopedOpenSSL<BIO, BIO_free_all> bio( | |
124 BIO_new_mem_buf(private_key_data, private_key_data_len)); | |
125 if (!bio.get()) | |
126 return NULL; | |
127 | |
128 // Convert it, then decrypt it into a PKCS#8 object. | |
129 ScopedOpenSSL<X509_SIG, X509_SIG_free> p8_encrypted( | |
130 d2i_PKCS8_bio(bio.get(), NULL)); | |
131 if (!p8_encrypted.get()) | |
132 return NULL; | |
133 | |
134 ScopedOpenSSL<PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_free> p8_decrypted( | |
135 PKCS8_decrypt(p8_encrypted.get(), | |
136 password.c_str(), | |
137 static_cast<int>(password.size()))); | |
138 if (!p8_decrypted.get()) | |
139 return NULL; | |
140 | |
141 // Create a new EVP_PKEY for it. | |
142 scoped_ptr<ECPrivateKey> result(new ECPrivateKey); | |
143 result->key_ = EVP_PKCS82PKEY(p8_decrypted.get()); | |
144 if (!result->key_) | |
145 return NULL; | |
146 | |
147 // TODO(digit): What to do with |subject_public_key_info| exactly?? | |
148 // The NSS code uses to call the NSS_specific API named | |
149 // ImportEncryptedECPrivateKeyInfoAndReturnKey(). | |
wtc
2013/10/14 21:45:07
I took a quick look. When NSS stores a private key
agl
2013/10/14 21:47:31
I think NSS might be using it to avoid recalculati
digit1
2013/10/15 11:43:44
Thanks, I think I'd prefer to ignore it if it is n
| |
150 | |
151 return result.release(); | |
37 } | 152 } |
38 | 153 |
39 // static | 154 // static |
40 ECPrivateKey* ECPrivateKey::CreateSensitiveFromEncryptedPrivateKeyInfo( | 155 ECPrivateKey* ECPrivateKey::CreateSensitiveFromEncryptedPrivateKeyInfo( |
41 const std::string& password, | 156 const std::string& password, |
42 const std::vector<uint8>& encrypted_private_key_info, | 157 const std::vector<uint8>& encrypted_private_key_info, |
43 const std::vector<uint8>& subject_public_key_info) { | 158 const std::vector<uint8>& subject_public_key_info) { |
44 NOTIMPLEMENTED(); | 159 NOTIMPLEMENTED(); |
45 return NULL; | 160 return NULL; |
46 } | 161 } |
47 | 162 |
48 bool ECPrivateKey::ExportEncryptedPrivateKey( | 163 bool ECPrivateKey::ExportEncryptedPrivateKey( |
49 const std::string& password, | 164 const std::string& password, |
50 int iterations, | 165 int iterations, |
51 std::vector<uint8>* output) { | 166 std::vector<uint8>* output) { |
52 NOTIMPLEMENTED(); | 167 OpenSSLErrStackTracer err_tracer(FROM_HERE); |
53 return false; | 168 // Convert into a PKCS#8 object. |
169 ScopedOpenSSL<PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_free> pkcs8( | |
170 EVP_PKEY2PKCS8(key_)); | |
171 if (!pkcs8.get()) | |
172 return false; | |
173 | |
174 // Encrypt the object. | |
175 // NOTE: NSS uses SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC | |
176 // so use NID_pbe_WithSHA1And3_Key_TripleDES_CBC which should be the OpenSSL | |
177 // equivalent. | |
178 ScopedOpenSSL<X509_SIG, X509_SIG_free> encrypted( | |
179 PKCS8_encrypt(NID_pbe_WithSHA1And3_Key_TripleDES_CBC, | |
180 NULL, | |
181 password.c_str(), | |
182 static_cast<int>(password.size()), | |
183 NULL, | |
184 0, | |
185 iterations, | |
186 pkcs8.get())); | |
187 if (!encrypted.get()) | |
188 return false; | |
189 | |
190 // Write it into |*output| | |
191 return ExportKeyWithBio( | |
192 encrypted.get(), | |
193 reinterpret_cast<ExportFunctionWithBio>(i2d_PKCS8_bio), | |
194 output); | |
54 } | 195 } |
55 | 196 |
56 bool ECPrivateKey::ExportPublicKey(std::vector<uint8>* output) { | 197 bool ECPrivateKey::ExportPublicKey(std::vector<uint8>* output) { |
57 NOTIMPLEMENTED(); | 198 OpenSSLErrStackTracer err_tracer(FROM_HERE); |
58 return false; | 199 return ExportKeyWithBio( |
200 key_, reinterpret_cast<ExportFunctionWithBio>(i2d_PUBKEY_bio), output); | |
59 } | 201 } |
60 | 202 |
61 bool ECPrivateKey::ExportValue(std::vector<uint8>* output) { | 203 bool ECPrivateKey::ExportValue(std::vector<uint8>* output) { |
62 NOTIMPLEMENTED(); | 204 OpenSSLErrStackTracer err_tracer(FROM_HERE); |
63 return false; | 205 ScopedOpenSSL<EC_KEY, EC_KEY_free> ec_key(EVP_PKEY_get1_EC_KEY(key_)); |
206 return ExportKeyWithData( | |
207 ec_key.get(), | |
208 reinterpret_cast<ExportFunctionWithData>(i2d_ECPrivateKey), | |
209 output); | |
64 } | 210 } |
65 | 211 |
66 bool ECPrivateKey::ExportECParams(std::vector<uint8>* output) { | 212 bool ECPrivateKey::ExportECParams(std::vector<uint8>* output) { |
67 NOTIMPLEMENTED(); | 213 OpenSSLErrStackTracer err_tracer(FROM_HERE); |
68 return false; | 214 ScopedOpenSSL<EC_KEY, EC_KEY_free> ec_key(EVP_PKEY_get1_EC_KEY(key_)); |
215 return ExportKeyWithData( | |
216 ec_key.get(), | |
217 reinterpret_cast<ExportFunctionWithData>(i2d_ECParameters), | |
218 output); | |
69 } | 219 } |
70 | 220 |
221 ECPrivateKey::ECPrivateKey() : key_(NULL) {} | |
222 | |
71 } // namespace crypto | 223 } // namespace crypto |
OLD | NEW |