openssl: Implement crypto::ECPrivateKey.

crypto/ec_private_key_openssl.cc

Index: crypto/ec_private_key_openssl.cc
diff --git a/crypto/ec_private_key_openssl.cc b/crypto/ec_private_key_openssl.cc
index 20214e6c83dee4175d5deb3e9dce7776abdbbb8c..69f3937672b06e5334468428f4850930e3cf3ca6 100644
--- a/crypto/ec_private_key_openssl.cc
+++ b/crypto/ec_private_key_openssl.cc
@@ -4,21 +4,99 @@
 
 #include "crypto/ec_private_key.h"
 
+#include <openssl/ec.h>
+#include <openssl/evp.h>
+#include <openssl/pkcs12.h>
+#include <openssl/x509.h>
+
 #include "base/logging.h"
+#include "base/memory/scoped_ptr.h"
+#include "crypto/openssl_util.h"
 
 namespace crypto {
 
-ECPrivateKey::~ECPrivateKey() {}
+namespace {
 
-// static
-bool ECPrivateKey::IsSupported() {
-  return false;
+// Function pointer definition, for injecting the required key export function
+// into ExportKeyWithBio, below. |bio| is a temporary memory BIO object, and
+// |key| is a handle to the input key object. Return 1 on success, 0 otherwise.
+typedef int (*ExportFunctionWithBio)(BIO* bio, void* key);

[wtc, 2013/10/14 21:45:07]

1. Nit: ExportFunctionWithBio => ExportWithBioFunction or KeyExportFunction

so that the type name ends in "Function"?

Update: I see this needs to be distinct from ExportFunctionWithData. I don't
have a good suggestion right now.

2. It seems that |bio| is an output argument. The Style Guide says:
    When defining a function, parameter order is: inputs, then outputs.

[digit1, 2013/10/15 11:43:44]

I've changed it to 'ExportBioFunction' and added a note that explains that,
since this is used with OpenSSL API functions, this doesn't follows the Chromium
style guide. On the other hand, 'const void* key' works.

+
+// Helper to export |key| into |output| via the specified ExportFunctionWithBio.
+bool ExportKeyWithBio(void* key,

[wtc, 2013/10/14 21:45:07]

Nit: can |key| be declared as const void* ?

[digit1, 2013/10/15 11:43:44]

Done.

+                      ExportFunctionWithBio export_fn,
+                      std::vector<uint8>* output) {
+  if (!key)
+    return false;
+
+  // OpenSSLErrStackTracer err_tracer(FROM_HERE);

[agl, 2013/10/14 21:47:31]

Uncomment or delete?

[digit1, 2013/10/15 11:43:44]

Deleted. Thanks.

+  ScopedOpenSSL<BIO, BIO_free_all> bio(BIO_new(BIO_s_mem()));
+  if (!bio.get())
+    return false;
+
+  if (!export_fn(bio.get(), key))
+    return false;
+
+  char* data = NULL;
+  long len = BIO_get_mem_data(bio.get(), &data);
+  if (!data || len < 0)
+    return false;
+
+  output->assign(data, data + len);
+  return true;
 }
 
+// Function pointer definition, for injecting the required key export function
+// into ExportKeyWithData below. |key| is a pointer to the input key object,
+// and |data| is either NULL, or the address of an 'unsigned char*' pointer
+// that points to the start of the output buffer. The function must return
+// the number of bytes required to export the data.

[wtc, 2013/10/14 21:45:07]

Nit: Add "return -1 on failure".

[digit1, 2013/10/15 11:43:44]

Done.

+typedef int (*ExportFunctionWithData)(void* key, unsigned char** data);
+
+// Hlper to export |key| into |output| via the specified export function.

[wtc, 2013/10/14 21:45:07]

Typo: Hlper => Helper

[agl, 2013/10/14 21:47:31]

// Helper...

[digit1, 2013/10/15 11:43:44]

Done.

+bool ExportKeyWithData(void* key,
+                       ExportFunctionWithData export_fn,
+                       std::vector<uint8>* output) {
+  if (!key)
+    return false;
+
+  int data_len = export_fn(key, NULL);
+  if (data_len < 0)
+    return false;
+
+  output->resize(static_cast<size_t>(data_len));
+  unsigned char* data = reinterpret_cast<unsigned char*>(&output->front());

[wtc, 2013/10/14 21:45:07]

We can assume uint8 is the same as unsigned char and omit the
reinterpret_cast<unsigned char*> cast.

[digit1, 2013/10/15 11:43:44]

Done.

+  if (export_fn(key, &data) < 0)
+    return false;
+
+  return true;
+}
+
+}  // namespace
+
+ECPrivateKey::~ECPrivateKey() {
+  if (key_)
+    EVP_PKEY_free(key_);
+}
+
+// static
+bool ECPrivateKey::IsSupported() { return true; }
+
 // static
 ECPrivateKey* ECPrivateKey::Create() {
-  NOTIMPLEMENTED();
-  return NULL;
+  OpenSSLErrStackTracer err_tracer(FROM_HERE);
+
+  ScopedOpenSSL<EC_KEY, EC_KEY_free> ec_key(
+      EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
+  if (!ec_key.get() || !EC_KEY_generate_key(ec_key.get()))
+    return NULL;
+
+  scoped_ptr<ECPrivateKey> result(new ECPrivateKey());
+  result->key_ = EVP_PKEY_new();
+  if (!result->key_ || !EVP_PKEY_set1_EC_KEY(result->key_, ec_key.get()))
+    return NULL;
+
+  return result.release();
 }
 
 // static
@@ -32,8 +110,45 @@ ECPrivateKey* ECPrivateKey::CreateFromEncryptedPrivateKeyInfo(
     const std::string& password,
     const std::vector<uint8>& encrypted_private_key_info,
     const std::vector<uint8>& subject_public_key_info) {
-  NOTIMPLEMENTED();
-  return NULL;
+  if (encrypted_private_key_info.empty() || subject_public_key_info.empty()) {
+    return NULL;
+  }

[wtc, 2013/10/14 21:45:07]

Nit: omit curly braces.

[digit1, 2013/10/15 11:43:44]

Done.

+
+  OpenSSLErrStackTracer err_tracer(FROM_HERE);
+  // Write the encrypted private key into a memory BIO.
+  char* private_key_data = reinterpret_cast<char*>(
+      const_cast<uint8*>(&encrypted_private_key_info[0]));
+  int private_key_data_len =
+      static_cast<int>(encrypted_private_key_info.size());
+  ScopedOpenSSL<BIO, BIO_free_all> bio(
+      BIO_new_mem_buf(private_key_data, private_key_data_len));
+  if (!bio.get())
+    return NULL;
+
+  // Convert it, then decrypt it into a PKCS#8 object.
+  ScopedOpenSSL<X509_SIG, X509_SIG_free> p8_encrypted(
+      d2i_PKCS8_bio(bio.get(), NULL));
+  if (!p8_encrypted.get())
+    return NULL;
+
+  ScopedOpenSSL<PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_free> p8_decrypted(
+      PKCS8_decrypt(p8_encrypted.get(),
+                    password.c_str(),
+                    static_cast<int>(password.size())));
+  if (!p8_decrypted.get())
+    return NULL;
+
+  // Create a new EVP_PKEY for it.
+  scoped_ptr<ECPrivateKey> result(new ECPrivateKey);
+  result->key_ = EVP_PKCS82PKEY(p8_decrypted.get());
+  if (!result->key_)
+    return NULL;
+
+  // TODO(digit): What to do with |subject_public_key_info| exactly??
+  // The NSS code uses to call the NSS_specific API named
+  // ImportEncryptedECPrivateKeyInfoAndReturnKey().

[wtc, 2013/10/14 21:45:07]

I took a quick look. When NSS stores a private key, it uses the corresponding
public key as the lookup "key". Specifically, the SHA-1 hash of the public key
becomes the CKA_ID attribute of the private key, and then the public key itself
is also stored as an attribute of the private key. I think this is why the NSS
code requires |subject_public_key_info|.

So, it is OK for this file to ignore |subject_public_key_info|. You can save it
in a member so that ECPrivateKey::ExportPublicKey can simply return it.

[agl, 2013/10/14 21:47:31]

I think NSS might be using it to avoid recalculating the public key. But that's
no big deal.

[digit1, 2013/10/15 11:43:44]

Thanks, I think I'd prefer to ignore it if it is not used at all, otherwise at
would have to check that it matches the private key information, just to catch
clients that pass invalid arguments, and I don't think it's worth it here.

+
+  return result.release();
 }
 
 // static
@@ -49,23 +164,60 @@ bool ECPrivateKey::ExportEncryptedPrivateKey(
     const std::string& password,
     int iterations,
     std::vector<uint8>* output) {
-  NOTIMPLEMENTED();
-  return false;
+  OpenSSLErrStackTracer err_tracer(FROM_HERE);
+  // Convert into a PKCS#8 object.
+  ScopedOpenSSL<PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_free> pkcs8(
+      EVP_PKEY2PKCS8(key_));
+  if (!pkcs8.get())
+    return false;
+
+  // Encrypt the object.
+  // NOTE: NSS uses SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC
+  // so use NID_pbe_WithSHA1And3_Key_TripleDES_CBC which should be the OpenSSL
+  // equivalent.
+  ScopedOpenSSL<X509_SIG, X509_SIG_free> encrypted(
+      PKCS8_encrypt(NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
+                    NULL,
+                    password.c_str(),
+                    static_cast<int>(password.size()),
+                    NULL,
+                    0,
+                    iterations,
+                    pkcs8.get()));
+  if (!encrypted.get())
+    return false;
+
+  // Write it into |*output|
+  return ExportKeyWithBio(
+      encrypted.get(),
+      reinterpret_cast<ExportFunctionWithBio>(i2d_PKCS8_bio),
+      output);
 }
 
 bool ECPrivateKey::ExportPublicKey(std::vector<uint8>* output) {
-  NOTIMPLEMENTED();
-  return false;
+  OpenSSLErrStackTracer err_tracer(FROM_HERE);
+  return ExportKeyWithBio(
+      key_, reinterpret_cast<ExportFunctionWithBio>(i2d_PUBKEY_bio), output);
 }
 
 bool ECPrivateKey::ExportValue(std::vector<uint8>* output) {
-  NOTIMPLEMENTED();
-  return false;
+  OpenSSLErrStackTracer err_tracer(FROM_HERE);
+  ScopedOpenSSL<EC_KEY, EC_KEY_free> ec_key(EVP_PKEY_get1_EC_KEY(key_));
+  return ExportKeyWithData(
+      ec_key.get(),
+      reinterpret_cast<ExportFunctionWithData>(i2d_ECPrivateKey),
+      output);
 }
 
 bool ECPrivateKey::ExportECParams(std::vector<uint8>* output) {
-  NOTIMPLEMENTED();
-  return false;
+  OpenSSLErrStackTracer err_tracer(FROM_HERE);
+  ScopedOpenSSL<EC_KEY, EC_KEY_free> ec_key(EVP_PKEY_get1_EC_KEY(key_));
+  return ExportKeyWithData(
+      ec_key.get(),
+      reinterpret_cast<ExportFunctionWithData>(i2d_ECParameters),
+      output);
 }
 
+ECPrivateKey::ECPrivateKey() : key_(NULL) {}
+
 }  // namespace crypto