OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "crypto/ec_private_key.h" | 5 #include "crypto/ec_private_key.h" |
6 | 6 |
| 7 #include <openssl/ec.h> |
| 8 #include <openssl/evp.h> |
| 9 #include <openssl/pkcs12.h> |
| 10 #include <openssl/x509.h> |
| 11 |
7 #include "base/logging.h" | 12 #include "base/logging.h" |
| 13 #include "base/memory/scoped_ptr.h" |
| 14 #include "crypto/openssl_util.h" |
8 | 15 |
9 namespace crypto { | 16 namespace crypto { |
10 | 17 |
11 ECPrivateKey::~ECPrivateKey() {} | 18 namespace { |
12 | 19 |
13 // static | 20 // Function pointer definition, for injecting the required key export function |
14 bool ECPrivateKey::IsSupported() { | 21 // into ExportKeyWithBio, below. |bio| is a temporary memory BIO object, and |
15 return false; | 22 // |key| is a handle to the input key object. Return 1 on success, 0 otherwise. |
| 23 // NOTE: Used with OpenSSL functions, which do not comply with the Chromium |
| 24 // style guide, hence the unusual parameter placement / types. |
| 25 typedef int (*ExportBioFunction)(BIO* bio, const void* key); |
| 26 |
| 27 // Helper to export |key| into |output| via the specified ExportBioFunction. |
| 28 bool ExportKeyWithBio(const void* key, |
| 29 ExportBioFunction export_fn, |
| 30 std::vector<uint8>* output) { |
| 31 if (!key) |
| 32 return false; |
| 33 |
| 34 ScopedOpenSSL<BIO, BIO_free_all> bio(BIO_new(BIO_s_mem())); |
| 35 if (!bio.get()) |
| 36 return false; |
| 37 |
| 38 if (!export_fn(bio.get(), key)) |
| 39 return false; |
| 40 |
| 41 char* data = NULL; |
| 42 long len = BIO_get_mem_data(bio.get(), &data); |
| 43 if (!data || len < 0) |
| 44 return false; |
| 45 |
| 46 output->assign(data, data + len); |
| 47 return true; |
| 48 } |
| 49 |
| 50 // Function pointer definition, for injecting the required key export function |
| 51 // into ExportKey below. |key| is a pointer to the input key object, |
| 52 // and |data| is either NULL, or the address of an 'unsigned char*' pointer |
| 53 // that points to the start of the output buffer. The function must return |
| 54 // the number of bytes required to export the data, or -1 in case of error. |
| 55 typedef int (*ExportDataFunction)(const void* key, unsigned char** data); |
| 56 |
| 57 // Helper to export |key| into |output| via the specified export function. |
| 58 bool ExportKey(const void* key, |
| 59 ExportDataFunction export_fn, |
| 60 std::vector<uint8>* output) { |
| 61 if (!key) |
| 62 return false; |
| 63 |
| 64 int data_len = export_fn(key, NULL); |
| 65 if (data_len < 0) |
| 66 return false; |
| 67 |
| 68 output->resize(static_cast<size_t>(data_len)); |
| 69 unsigned char* data = &(*output)[0]; |
| 70 if (export_fn(key, &data) < 0) |
| 71 return false; |
| 72 |
| 73 return true; |
| 74 } |
| 75 |
| 76 } // namespace |
| 77 |
| 78 ECPrivateKey::~ECPrivateKey() { |
| 79 if (key_) |
| 80 EVP_PKEY_free(key_); |
16 } | 81 } |
17 | 82 |
18 // static | 83 // static |
| 84 bool ECPrivateKey::IsSupported() { return true; } |
| 85 |
| 86 // static |
19 ECPrivateKey* ECPrivateKey::Create() { | 87 ECPrivateKey* ECPrivateKey::Create() { |
20 NOTIMPLEMENTED(); | 88 OpenSSLErrStackTracer err_tracer(FROM_HERE); |
21 return NULL; | 89 |
| 90 ScopedOpenSSL<EC_KEY, EC_KEY_free> ec_key( |
| 91 EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); |
| 92 if (!ec_key.get() || !EC_KEY_generate_key(ec_key.get())) |
| 93 return NULL; |
| 94 |
| 95 scoped_ptr<ECPrivateKey> result(new ECPrivateKey()); |
| 96 result->key_ = EVP_PKEY_new(); |
| 97 if (!result->key_ || !EVP_PKEY_set1_EC_KEY(result->key_, ec_key.get())) |
| 98 return NULL; |
| 99 |
| 100 return result.release(); |
22 } | 101 } |
23 | 102 |
24 // static | 103 // static |
25 ECPrivateKey* ECPrivateKey::CreateSensitive() { | 104 ECPrivateKey* ECPrivateKey::CreateSensitive() { |
26 NOTIMPLEMENTED(); | 105 NOTIMPLEMENTED(); |
27 return NULL; | 106 return NULL; |
28 } | 107 } |
29 | 108 |
30 // static | 109 // static |
31 ECPrivateKey* ECPrivateKey::CreateFromEncryptedPrivateKeyInfo( | 110 ECPrivateKey* ECPrivateKey::CreateFromEncryptedPrivateKeyInfo( |
32 const std::string& password, | 111 const std::string& password, |
33 const std::vector<uint8>& encrypted_private_key_info, | 112 const std::vector<uint8>& encrypted_private_key_info, |
34 const std::vector<uint8>& subject_public_key_info) { | 113 const std::vector<uint8>& subject_public_key_info) { |
35 NOTIMPLEMENTED(); | 114 // NOTE: The |subject_public_key_info| can be ignored here, it is only |
36 return NULL; | 115 // useful for the NSS implementation (which uses the public key's SHA1 |
| 116 // as a lookup key when storing the private one in its store). |
| 117 if (encrypted_private_key_info.empty()) |
| 118 return NULL; |
| 119 |
| 120 OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| 121 // Write the encrypted private key into a memory BIO. |
| 122 char* private_key_data = reinterpret_cast<char*>( |
| 123 const_cast<uint8*>(&encrypted_private_key_info[0])); |
| 124 int private_key_data_len = |
| 125 static_cast<int>(encrypted_private_key_info.size()); |
| 126 ScopedOpenSSL<BIO, BIO_free_all> bio( |
| 127 BIO_new_mem_buf(private_key_data, private_key_data_len)); |
| 128 if (!bio.get()) |
| 129 return NULL; |
| 130 |
| 131 // Convert it, then decrypt it into a PKCS#8 object. |
| 132 ScopedOpenSSL<X509_SIG, X509_SIG_free> p8_encrypted( |
| 133 d2i_PKCS8_bio(bio.get(), NULL)); |
| 134 if (!p8_encrypted.get()) |
| 135 return NULL; |
| 136 |
| 137 ScopedOpenSSL<PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_free> p8_decrypted( |
| 138 PKCS8_decrypt(p8_encrypted.get(), |
| 139 password.c_str(), |
| 140 static_cast<int>(password.size()))); |
| 141 if (!p8_decrypted.get()) |
| 142 return NULL; |
| 143 |
| 144 // Create a new EVP_PKEY for it. |
| 145 scoped_ptr<ECPrivateKey> result(new ECPrivateKey); |
| 146 result->key_ = EVP_PKCS82PKEY(p8_decrypted.get()); |
| 147 if (!result->key_) |
| 148 return NULL; |
| 149 |
| 150 return result.release(); |
37 } | 151 } |
38 | 152 |
39 // static | 153 // static |
40 ECPrivateKey* ECPrivateKey::CreateSensitiveFromEncryptedPrivateKeyInfo( | 154 ECPrivateKey* ECPrivateKey::CreateSensitiveFromEncryptedPrivateKeyInfo( |
41 const std::string& password, | 155 const std::string& password, |
42 const std::vector<uint8>& encrypted_private_key_info, | 156 const std::vector<uint8>& encrypted_private_key_info, |
43 const std::vector<uint8>& subject_public_key_info) { | 157 const std::vector<uint8>& subject_public_key_info) { |
44 NOTIMPLEMENTED(); | 158 NOTIMPLEMENTED(); |
45 return NULL; | 159 return NULL; |
46 } | 160 } |
47 | 161 |
48 bool ECPrivateKey::ExportEncryptedPrivateKey( | 162 bool ECPrivateKey::ExportEncryptedPrivateKey( |
49 const std::string& password, | 163 const std::string& password, |
50 int iterations, | 164 int iterations, |
51 std::vector<uint8>* output) { | 165 std::vector<uint8>* output) { |
52 NOTIMPLEMENTED(); | 166 OpenSSLErrStackTracer err_tracer(FROM_HERE); |
53 return false; | 167 // Convert into a PKCS#8 object. |
| 168 ScopedOpenSSL<PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_free> pkcs8( |
| 169 EVP_PKEY2PKCS8(key_)); |
| 170 if (!pkcs8.get()) |
| 171 return false; |
| 172 |
| 173 // Encrypt the object. |
| 174 // NOTE: NSS uses SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC |
| 175 // so use NID_pbe_WithSHA1And3_Key_TripleDES_CBC which should be the OpenSSL |
| 176 // equivalent. |
| 177 ScopedOpenSSL<X509_SIG, X509_SIG_free> encrypted( |
| 178 PKCS8_encrypt(NID_pbe_WithSHA1And3_Key_TripleDES_CBC, |
| 179 NULL, |
| 180 password.c_str(), |
| 181 static_cast<int>(password.size()), |
| 182 NULL, |
| 183 0, |
| 184 iterations, |
| 185 pkcs8.get())); |
| 186 if (!encrypted.get()) |
| 187 return false; |
| 188 |
| 189 // Write it into |*output| |
| 190 return ExportKeyWithBio(encrypted.get(), |
| 191 reinterpret_cast<ExportBioFunction>(i2d_PKCS8_bio), |
| 192 output); |
54 } | 193 } |
55 | 194 |
56 bool ECPrivateKey::ExportPublicKey(std::vector<uint8>* output) { | 195 bool ECPrivateKey::ExportPublicKey(std::vector<uint8>* output) { |
57 NOTIMPLEMENTED(); | 196 OpenSSLErrStackTracer err_tracer(FROM_HERE); |
58 return false; | 197 return ExportKeyWithBio( |
| 198 key_, reinterpret_cast<ExportBioFunction>(i2d_PUBKEY_bio), output); |
59 } | 199 } |
60 | 200 |
61 bool ECPrivateKey::ExportValue(std::vector<uint8>* output) { | 201 bool ECPrivateKey::ExportValue(std::vector<uint8>* output) { |
62 NOTIMPLEMENTED(); | 202 OpenSSLErrStackTracer err_tracer(FROM_HERE); |
63 return false; | 203 ScopedOpenSSL<EC_KEY, EC_KEY_free> ec_key(EVP_PKEY_get1_EC_KEY(key_)); |
| 204 return ExportKey(ec_key.get(), |
| 205 reinterpret_cast<ExportDataFunction>(i2d_ECPrivateKey), |
| 206 output); |
64 } | 207 } |
65 | 208 |
66 bool ECPrivateKey::ExportECParams(std::vector<uint8>* output) { | 209 bool ECPrivateKey::ExportECParams(std::vector<uint8>* output) { |
67 NOTIMPLEMENTED(); | 210 OpenSSLErrStackTracer err_tracer(FROM_HERE); |
68 return false; | 211 ScopedOpenSSL<EC_KEY, EC_KEY_free> ec_key(EVP_PKEY_get1_EC_KEY(key_)); |
| 212 return ExportKey(ec_key.get(), |
| 213 reinterpret_cast<ExportDataFunction>(i2d_ECParameters), |
| 214 output); |
69 } | 215 } |
70 | 216 |
| 217 ECPrivateKey::ECPrivateKey() : key_(NULL) {} |
| 218 |
71 } // namespace crypto | 219 } // namespace crypto |
OLD | NEW |