| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "crypto/ec_private_key.h" | 5 #include "crypto/ec_private_key.h" |
| 6 | 6 |
| 7 extern "C" { | 7 extern "C" { |
| 8 // Work around NSS missing SEC_BEGIN_PROTOS in secmodt.h. This must come before | 8 // Work around NSS missing SEC_BEGIN_PROTOS in secmodt.h. This must come before |
| 9 // other NSS headers. | 9 // other NSS headers. |
| 10 #include <secmodt.h> | 10 #include <secmodt.h> |
| (...skipping 73 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 84 // static | 84 // static |
| 85 bool ECPrivateKey::IsSupported() { | 85 bool ECPrivateKey::IsSupported() { |
| 86 return g_elliptic_curve_supported.Get().Supported(); | 86 return g_elliptic_curve_supported.Get().Supported(); |
| 87 } | 87 } |
| 88 | 88 |
| 89 // static | 89 // static |
| 90 ECPrivateKey* ECPrivateKey::Create() { | 90 ECPrivateKey* ECPrivateKey::Create() { |
| 91 EnsureNSSInit(); | 91 EnsureNSSInit(); |
| 92 | 92 |
| 93 ScopedPK11Slot slot(GetTempKeySlot()); | 93 ScopedPK11Slot slot(GetTempKeySlot()); |
| 94 return CreateWithParams(slot.get(), | 94 if (!slot) |
| 95 false /* not permanent */, | 95 return nullptr; |
| 96 false /* not sensitive */); | 96 |
| 97 scoped_ptr<ECPrivateKey> result(new ECPrivateKey); |
| 98 |
| 99 SECOidData* oid_data = SECOID_FindOIDByTag(SEC_OID_SECG_EC_SECP256R1); |
| 100 if (!oid_data) { |
| 101 DLOG(ERROR) << "SECOID_FindOIDByTag: " << PORT_GetError(); |
| 102 return nullptr; |
| 103 } |
| 104 |
| 105 // SECKEYECParams is a SECItem containing the DER encoded ASN.1 ECParameters |
| 106 // value. For a named curve, that is just the OBJECT IDENTIFIER of the curve. |
| 107 // In addition to the oid data, the encoding requires one byte for the ASN.1 |
| 108 // tag and one byte for the length (assuming the length is <= 127). |
| 109 CHECK_LE(oid_data->oid.len, 127U); |
| 110 std::vector<unsigned char> parameters_buf(2 + oid_data->oid.len); |
| 111 SECKEYECParams ec_parameters = { |
| 112 siDEROID, ¶meters_buf[0], |
| 113 static_cast<unsigned>(parameters_buf.size()) |
| 114 }; |
| 115 |
| 116 ec_parameters.data[0] = SEC_ASN1_OBJECT_ID; |
| 117 ec_parameters.data[1] = static_cast<unsigned char>(oid_data->oid.len); |
| 118 memcpy(ec_parameters.data + 2, oid_data->oid.data, oid_data->oid.len); |
| 119 |
| 120 result->key_ = PK11_GenerateKeyPair(slot.get(), |
| 121 CKM_EC_KEY_PAIR_GEN, |
| 122 &ec_parameters, |
| 123 &result->public_key_, |
| 124 PR_FALSE /* not permanent */, |
| 125 PR_FALSE /* not sensitive */, |
| 126 NULL); |
| 127 if (!result->key_) { |
| 128 DLOG(ERROR) << "PK11_GenerateKeyPair: " << PORT_GetError(); |
| 129 return nullptr; |
| 130 } |
| 131 CHECK_EQ(ecKey, SECKEY_GetPublicKeyType(result->public_key_)); |
| 132 |
| 133 return result.release(); |
| 97 } | 134 } |
| 98 | 135 |
| 99 #if defined(USE_NSS) | |
| 100 // static | |
| 101 ECPrivateKey* ECPrivateKey::CreateSensitive(PK11SlotInfo* slot) { | |
| 102 return CreateWithParams( | |
| 103 slot, true /* permanent */, true /* sensitive */); | |
| 104 } | |
| 105 #endif | |
| 106 | |
| 107 // static | 136 // static |
| 108 ECPrivateKey* ECPrivateKey::CreateFromEncryptedPrivateKeyInfo( | 137 ECPrivateKey* ECPrivateKey::CreateFromEncryptedPrivateKeyInfo( |
| 109 const std::string& password, | 138 const std::string& password, |
| 110 const std::vector<uint8>& encrypted_private_key_info, | 139 const std::vector<uint8>& encrypted_private_key_info, |
| 111 const std::vector<uint8>& subject_public_key_info) { | 140 const std::vector<uint8>& subject_public_key_info) { |
| 112 EnsureNSSInit(); | 141 EnsureNSSInit(); |
| 113 | 142 |
| 114 ScopedPK11Slot slot(GetTempKeySlot()); | 143 ScopedPK11Slot slot(GetTempKeySlot()); |
| 115 return CreateFromEncryptedPrivateKeyInfoWithParams( | 144 if (!slot) |
| 145 return nullptr; |
| 146 |
| 147 scoped_ptr<ECPrivateKey> result(new ECPrivateKey); |
| 148 |
| 149 SECItem encoded_spki = { |
| 150 siBuffer, |
| 151 const_cast<unsigned char*>(&subject_public_key_info[0]), |
| 152 static_cast<unsigned>(subject_public_key_info.size()) |
| 153 }; |
| 154 CERTSubjectPublicKeyInfo* decoded_spki = SECKEY_DecodeDERSubjectPublicKeyInfo( |
| 155 &encoded_spki); |
| 156 if (!decoded_spki) { |
| 157 DLOG(ERROR) << "SECKEY_DecodeDERSubjectPublicKeyInfo: " << PORT_GetError(); |
| 158 return nullptr; |
| 159 } |
| 160 |
| 161 bool success = ImportFromEncryptedPrivateKeyInfo( |
| 116 slot.get(), | 162 slot.get(), |
| 117 password, | 163 password, |
| 118 encrypted_private_key_info, | 164 &encrypted_private_key_info[0], |
| 119 subject_public_key_info, | 165 encrypted_private_key_info.size(), |
| 166 decoded_spki, |
| 120 false /* not permanent */, | 167 false /* not permanent */, |
| 121 false /* not sensitive */); | 168 false /* not sensitive */, |
| 169 &result->key_, |
| 170 &result->public_key_); |
| 171 |
| 172 SECKEY_DestroySubjectPublicKeyInfo(decoded_spki); |
| 173 |
| 174 if (success) { |
| 175 CHECK_EQ(ecKey, SECKEY_GetPublicKeyType(result->public_key_)); |
| 176 return result.release(); |
| 177 } |
| 178 |
| 179 return nullptr; |
| 122 } | 180 } |
| 123 | 181 |
| 124 #if defined(USE_NSS) | |
| 125 // static | |
| 126 ECPrivateKey* ECPrivateKey::CreateSensitiveFromEncryptedPrivateKeyInfo( | |
| 127 PK11SlotInfo* slot, | |
| 128 const std::string& password, | |
| 129 const std::vector<uint8>& encrypted_private_key_info, | |
| 130 const std::vector<uint8>& subject_public_key_info) { | |
| 131 return CreateFromEncryptedPrivateKeyInfoWithParams( | |
| 132 slot, | |
| 133 password, | |
| 134 encrypted_private_key_info, | |
| 135 subject_public_key_info, | |
| 136 true /* permanent */, | |
| 137 true /* sensitive */); | |
| 138 } | |
| 139 #endif | |
| 140 | |
| 141 // static | 182 // static |
| 142 bool ECPrivateKey::ImportFromEncryptedPrivateKeyInfo( | 183 bool ECPrivateKey::ImportFromEncryptedPrivateKeyInfo( |
| 143 PK11SlotInfo* slot, | 184 PK11SlotInfo* slot, |
| 144 const std::string& password, | 185 const std::string& password, |
| 145 const uint8* encrypted_private_key_info, | 186 const uint8* encrypted_private_key_info, |
| 146 size_t encrypted_private_key_info_len, | 187 size_t encrypted_private_key_info_len, |
| 147 CERTSubjectPublicKeyInfo* decoded_spki, | 188 CERTSubjectPublicKeyInfo* decoded_spki, |
| 148 bool permanent, | 189 bool permanent, |
| 149 bool sensitive, | 190 bool sensitive, |
| 150 SECKEYPrivateKey** key, | 191 SECKEYPrivateKey** key, |
| (...skipping 155 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 306 bool ECPrivateKey::ExportValue(std::vector<uint8>* output) { | 347 bool ECPrivateKey::ExportValue(std::vector<uint8>* output) { |
| 307 return ReadAttribute(key_, CKA_VALUE, output); | 348 return ReadAttribute(key_, CKA_VALUE, output); |
| 308 } | 349 } |
| 309 | 350 |
| 310 bool ECPrivateKey::ExportECParams(std::vector<uint8>* output) { | 351 bool ECPrivateKey::ExportECParams(std::vector<uint8>* output) { |
| 311 return ReadAttribute(key_, CKA_EC_PARAMS, output); | 352 return ReadAttribute(key_, CKA_EC_PARAMS, output); |
| 312 } | 353 } |
| 313 | 354 |
| 314 ECPrivateKey::ECPrivateKey() : key_(NULL), public_key_(NULL) {} | 355 ECPrivateKey::ECPrivateKey() : key_(NULL), public_key_(NULL) {} |
| 315 | 356 |
| 316 // static | |
| 317 ECPrivateKey* ECPrivateKey::CreateWithParams(PK11SlotInfo* slot, | |
| 318 bool permanent, | |
| 319 bool sensitive) { | |
| 320 if (!slot) | |
| 321 return NULL; | |
| 322 | |
| 323 scoped_ptr<ECPrivateKey> result(new ECPrivateKey); | |
| 324 | |
| 325 SECOidData* oid_data = SECOID_FindOIDByTag(SEC_OID_SECG_EC_SECP256R1); | |
| 326 if (!oid_data) { | |
| 327 DLOG(ERROR) << "SECOID_FindOIDByTag: " << PORT_GetError(); | |
| 328 return NULL; | |
| 329 } | |
| 330 | |
| 331 // SECKEYECParams is a SECItem containing the DER encoded ASN.1 ECParameters | |
| 332 // value. For a named curve, that is just the OBJECT IDENTIFIER of the curve. | |
| 333 // In addition to the oid data, the encoding requires one byte for the ASN.1 | |
| 334 // tag and one byte for the length (assuming the length is <= 127). | |
| 335 DCHECK_LE(oid_data->oid.len, 127U); | |
| 336 std::vector<unsigned char> parameters_buf(2 + oid_data->oid.len); | |
| 337 SECKEYECParams ec_parameters = { | |
| 338 siDEROID, ¶meters_buf[0], | |
| 339 static_cast<unsigned>(parameters_buf.size()) | |
| 340 }; | |
| 341 | |
| 342 ec_parameters.data[0] = SEC_ASN1_OBJECT_ID; | |
| 343 ec_parameters.data[1] = static_cast<unsigned char>(oid_data->oid.len); | |
| 344 memcpy(ec_parameters.data + 2, oid_data->oid.data, oid_data->oid.len); | |
| 345 | |
| 346 result->key_ = PK11_GenerateKeyPair(slot, | |
| 347 CKM_EC_KEY_PAIR_GEN, | |
| 348 &ec_parameters, | |
| 349 &result->public_key_, | |
| 350 permanent, | |
| 351 sensitive, | |
| 352 NULL); | |
| 353 if (!result->key_) { | |
| 354 DLOG(ERROR) << "PK11_GenerateKeyPair: " << PORT_GetError(); | |
| 355 return NULL; | |
| 356 } | |
| 357 CHECK_EQ(ecKey, SECKEY_GetPublicKeyType(result->public_key_)); | |
| 358 | |
| 359 return result.release(); | |
| 360 } | |
| 361 | |
| 362 // static | |
| 363 ECPrivateKey* ECPrivateKey::CreateFromEncryptedPrivateKeyInfoWithParams( | |
| 364 PK11SlotInfo* slot, | |
| 365 const std::string& password, | |
| 366 const std::vector<uint8>& encrypted_private_key_info, | |
| 367 const std::vector<uint8>& subject_public_key_info, | |
| 368 bool permanent, | |
| 369 bool sensitive) { | |
| 370 scoped_ptr<ECPrivateKey> result(new ECPrivateKey); | |
| 371 | |
| 372 SECItem encoded_spki = { | |
| 373 siBuffer, | |
| 374 const_cast<unsigned char*>(&subject_public_key_info[0]), | |
| 375 static_cast<unsigned>(subject_public_key_info.size()) | |
| 376 }; | |
| 377 CERTSubjectPublicKeyInfo* decoded_spki = SECKEY_DecodeDERSubjectPublicKeyInfo( | |
| 378 &encoded_spki); | |
| 379 if (!decoded_spki) { | |
| 380 DLOG(ERROR) << "SECKEY_DecodeDERSubjectPublicKeyInfo: " << PORT_GetError(); | |
| 381 return NULL; | |
| 382 } | |
| 383 | |
| 384 bool success = ImportFromEncryptedPrivateKeyInfo( | |
| 385 slot, | |
| 386 password, | |
| 387 &encrypted_private_key_info[0], | |
| 388 encrypted_private_key_info.size(), | |
| 389 decoded_spki, | |
| 390 permanent, | |
| 391 sensitive, | |
| 392 &result->key_, | |
| 393 &result->public_key_); | |
| 394 | |
| 395 SECKEY_DestroySubjectPublicKeyInfo(decoded_spki); | |
| 396 | |
| 397 if (success) { | |
| 398 CHECK_EQ(ecKey, SECKEY_GetPublicKeyType(result->public_key_)); | |
| 399 return result.release(); | |
| 400 } | |
| 401 | |
| 402 return NULL; | |
| 403 } | |
| 404 | |
| 405 } // namespace crypto | 357 } // namespace crypto |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 951753002:
Remove dead code in ECPrivateKey. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master