OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "crypto/rsa_private_key.h" | 5 #include "crypto/rsa_private_key.h" |
6 | 6 |
7 #include <cryptohi.h> | 7 #include <cryptohi.h> |
8 #include <keyhi.h> | 8 #include <keyhi.h> |
9 #include <pk11pub.h> | 9 #include <pk11pub.h> |
10 #include <secmod.h> | 10 #include <secmod.h> |
(...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
44 | 44 |
45 RSAPrivateKey::~RSAPrivateKey() { | 45 RSAPrivateKey::~RSAPrivateKey() { |
46 if (key_) | 46 if (key_) |
47 SECKEY_DestroyPrivateKey(key_); | 47 SECKEY_DestroyPrivateKey(key_); |
48 if (public_key_) | 48 if (public_key_) |
49 SECKEY_DestroyPublicKey(public_key_); | 49 SECKEY_DestroyPublicKey(public_key_); |
50 } | 50 } |
51 | 51 |
52 // static | 52 // static |
53 RSAPrivateKey* RSAPrivateKey::Create(uint16 num_bits) { | 53 RSAPrivateKey* RSAPrivateKey::Create(uint16 num_bits) { |
54 return CreateWithParams(num_bits, | 54 EnsureNSSInit(); |
| 55 |
| 56 ScopedPK11Slot slot(PK11_GetInternalSlot()); |
| 57 return CreateWithParams(slot.get(), |
| 58 num_bits, |
55 false /* not permanent */, | 59 false /* not permanent */, |
56 false /* not sensitive */); | 60 false /* not sensitive */); |
57 } | 61 } |
58 | 62 |
59 // static | 63 // static |
60 RSAPrivateKey* RSAPrivateKey::CreateFromPrivateKeyInfo( | 64 RSAPrivateKey* RSAPrivateKey::CreateFromPrivateKeyInfo( |
61 const std::vector<uint8>& input) { | 65 const std::vector<uint8>& input) { |
62 return CreateFromPrivateKeyInfoWithParams(input, | 66 EnsureNSSInit(); |
63 false /* not permanent */, | 67 |
64 false /* not sensitive */); | 68 ScopedPK11Slot slot(PK11_GetInternalSlot()); |
| 69 return CreateFromPrivateKeyInfoWithParams( |
| 70 slot.get(), |
| 71 input, |
| 72 false /* not permanent */, |
| 73 false /* not sensitive */); |
65 } | 74 } |
66 | 75 |
67 #if defined(USE_NSS) | 76 #if defined(USE_NSS) |
68 // static | 77 // static |
69 RSAPrivateKey* RSAPrivateKey::CreateSensitive(uint16 num_bits) { | 78 RSAPrivateKey* RSAPrivateKey::CreateSensitive(PK11SlotInfo* slot, |
70 return CreateWithParams(num_bits, | 79 uint16 num_bits) { |
| 80 return CreateWithParams(slot, |
| 81 num_bits, |
71 true /* permanent */, | 82 true /* permanent */, |
72 true /* sensitive */); | 83 true /* sensitive */); |
73 } | 84 } |
74 | 85 |
75 // static | 86 // static |
76 RSAPrivateKey* RSAPrivateKey::CreateSensitiveFromPrivateKeyInfo( | 87 RSAPrivateKey* RSAPrivateKey::CreateSensitiveFromPrivateKeyInfo( |
| 88 PK11SlotInfo* slot, |
77 const std::vector<uint8>& input) { | 89 const std::vector<uint8>& input) { |
78 return CreateFromPrivateKeyInfoWithParams(input, | 90 return CreateFromPrivateKeyInfoWithParams(slot, |
| 91 input, |
79 true /* permanent */, | 92 true /* permanent */, |
80 true /* sensitive */); | 93 true /* sensitive */); |
81 } | 94 } |
82 | 95 |
83 // static | 96 // static |
84 RSAPrivateKey* RSAPrivateKey::CreateFromKey(SECKEYPrivateKey* key) { | 97 RSAPrivateKey* RSAPrivateKey::CreateFromKey(SECKEYPrivateKey* key) { |
85 DCHECK(key); | 98 DCHECK(key); |
86 if (SECKEY_GetPrivateKeyType(key) != rsaKey) | 99 if (SECKEY_GetPrivateKeyType(key) != rsaKey) |
87 return NULL; | 100 return NULL; |
88 RSAPrivateKey* copy = new RSAPrivateKey(); | 101 RSAPrivateKey* copy = new RSAPrivateKey(); |
(...skipping 104 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
193 | 206 |
194 output->assign(der_pubkey->data, der_pubkey->data + der_pubkey->len); | 207 output->assign(der_pubkey->data, der_pubkey->data + der_pubkey->len); |
195 return true; | 208 return true; |
196 } | 209 } |
197 | 210 |
198 RSAPrivateKey::RSAPrivateKey() : key_(NULL), public_key_(NULL) { | 211 RSAPrivateKey::RSAPrivateKey() : key_(NULL), public_key_(NULL) { |
199 EnsureNSSInit(); | 212 EnsureNSSInit(); |
200 } | 213 } |
201 | 214 |
202 // static | 215 // static |
203 RSAPrivateKey* RSAPrivateKey::CreateWithParams(uint16 num_bits, | 216 RSAPrivateKey* RSAPrivateKey::CreateWithParams(PK11SlotInfo* slot, |
| 217 uint16 num_bits, |
204 bool permanent, | 218 bool permanent, |
205 bool sensitive) { | 219 bool sensitive) { |
206 #if !defined(USE_NSS) | 220 if (!slot) |
207 if (permanent) { | |
208 NOTIMPLEMENTED(); | |
209 return NULL; | 221 return NULL; |
210 } | |
211 #endif | |
212 | |
213 EnsureNSSInit(); | |
214 | 222 |
215 scoped_ptr<RSAPrivateKey> result(new RSAPrivateKey); | 223 scoped_ptr<RSAPrivateKey> result(new RSAPrivateKey); |
216 | 224 |
217 ScopedPK11Slot slot(permanent ? GetPrivateNSSKeySlot() : | |
218 PK11_GetInternalSlot()); | |
219 if (!slot.get()) | |
220 return NULL; | |
221 | |
222 PK11RSAGenParams param; | 225 PK11RSAGenParams param; |
223 param.keySizeInBits = num_bits; | 226 param.keySizeInBits = num_bits; |
224 param.pe = 65537L; | 227 param.pe = 65537L; |
225 result->key_ = PK11_GenerateKeyPair(slot.get(), | 228 result->key_ = PK11_GenerateKeyPair(slot, |
226 CKM_RSA_PKCS_KEY_PAIR_GEN, | 229 CKM_RSA_PKCS_KEY_PAIR_GEN, |
227 ¶m, | 230 ¶m, |
228 &result->public_key_, | 231 &result->public_key_, |
229 permanent, | 232 permanent, |
230 sensitive, | 233 sensitive, |
231 NULL); | 234 NULL); |
232 if (!result->key_) | 235 if (!result->key_) |
233 return NULL; | 236 return NULL; |
234 | 237 |
235 return result.release(); | 238 return result.release(); |
236 } | 239 } |
237 | 240 |
238 // static | 241 // static |
239 RSAPrivateKey* RSAPrivateKey::CreateFromPrivateKeyInfoWithParams( | 242 RSAPrivateKey* RSAPrivateKey::CreateFromPrivateKeyInfoWithParams( |
240 const std::vector<uint8>& input, bool permanent, bool sensitive) { | 243 PK11SlotInfo* slot, |
241 #if !defined(USE_NSS) | 244 const std::vector<uint8>& input, |
242 if (permanent) { | 245 bool permanent, |
243 NOTIMPLEMENTED(); | 246 bool sensitive) { |
| 247 if (!slot) |
244 return NULL; | 248 return NULL; |
245 } | |
246 #endif | |
247 | |
248 // This method currently leaks some memory. | |
249 // See http://crbug.com/34742. | |
250 ANNOTATE_SCOPED_MEMORY_LEAK; | |
251 EnsureNSSInit(); | |
252 | 249 |
253 scoped_ptr<RSAPrivateKey> result(new RSAPrivateKey); | 250 scoped_ptr<RSAPrivateKey> result(new RSAPrivateKey); |
254 | 251 |
255 ScopedPK11Slot slot(permanent ? GetPrivateNSSKeySlot() : | |
256 PK11_GetInternalSlot()); | |
257 if (!slot.get()) | |
258 return NULL; | |
259 | |
260 SECItem der_private_key_info; | 252 SECItem der_private_key_info; |
261 der_private_key_info.data = const_cast<unsigned char*>(&input.front()); | 253 der_private_key_info.data = const_cast<unsigned char*>(&input.front()); |
262 der_private_key_info.len = input.size(); | 254 der_private_key_info.len = input.size(); |
263 // Allow the private key to be used for key unwrapping, data decryption, | 255 // Allow the private key to be used for key unwrapping, data decryption, |
264 // and signature generation. | 256 // and signature generation. |
265 const unsigned int key_usage = KU_KEY_ENCIPHERMENT | KU_DATA_ENCIPHERMENT | | 257 const unsigned int key_usage = KU_KEY_ENCIPHERMENT | KU_DATA_ENCIPHERMENT | |
266 KU_DIGITAL_SIGNATURE; | 258 KU_DIGITAL_SIGNATURE; |
267 SECStatus rv = PK11_ImportDERPrivateKeyInfoAndReturnKey( | 259 SECStatus rv = PK11_ImportDERPrivateKeyInfoAndReturnKey( |
268 slot.get(), &der_private_key_info, NULL, NULL, permanent, sensitive, | 260 slot, &der_private_key_info, NULL, NULL, permanent, sensitive, |
269 key_usage, &result->key_, NULL); | 261 key_usage, &result->key_, NULL); |
270 if (rv != SECSuccess) { | 262 if (rv != SECSuccess) { |
271 NOTREACHED(); | 263 NOTREACHED(); |
272 return NULL; | 264 return NULL; |
273 } | 265 } |
274 | 266 |
275 result->public_key_ = SECKEY_ConvertToPublicKey(result->key_); | 267 result->public_key_ = SECKEY_ConvertToPublicKey(result->key_); |
276 if (!result->public_key_) { | 268 if (!result->public_key_) { |
277 NOTREACHED(); | 269 NOTREACHED(); |
278 return NULL; | 270 return NULL; |
279 } | 271 } |
280 | 272 |
281 return result.release(); | 273 return result.release(); |
282 } | 274 } |
283 | 275 |
284 } // namespace crypto | 276 } // namespace crypto |
OLD | NEW |