crypto/rsa_private_key_nss.cc - Issue 956613002: Reland "Cut down /crypto and switch what is left of it to boringssl".

Unified Diff: crypto/rsa_private_key_nss.cc

Issue 956613002: Reland "Cut down /crypto and switch what is left of it to boringssl". (Closed) Base URL: git@github.com:domokit/mojo.git@master

Patch Set: Rebase. Created 5 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: crypto/rsa_private_key_nss.cc

diff --git a/crypto/rsa_private_key_nss.cc b/crypto/rsa_private_key_nss.cc

deleted file mode 100644

index c51e308419d5b0b831bdf40fa1f9612980b7b820..0000000000000000000000000000000000000000

--- a/crypto/rsa_private_key_nss.cc

+++ /dev/null

@@ -1,332 +0,0 @@

-// Use of this source code is governed by a BSD-style license that can be

-// found in the LICENSE file.

-#include "crypto/rsa_private_key.h"

-#include <cryptohi.h>

-#include <keyhi.h>

-#include <pk11pub.h>

-#include <secmod.h>

-#include <list>

-#include "base/debug/leak_annotations.h"

-#include "base/logging.h"

-#include "base/memory/scoped_ptr.h"

-#include "base/strings/string_util.h"

-#include "crypto/nss_util.h"

-#include "crypto/nss_util_internal.h"

-#include "crypto/scoped_nss_types.h"

-// TODO(rafaelw): Consider using NSS's ASN.1 encoder.

-namespace {

-static bool ReadAttribute(SECKEYPrivateKey* key,

- CK_ATTRIBUTE_TYPE type,

- std::vector<uint8>* output) {

- SECItem item;

- SECStatus rv;

- rv = PK11_ReadRawAttribute(PK11_TypePrivKey, key, type, &item);

- if (rv != SECSuccess) {

- NOTREACHED();

- return false;

- }

- output->assign(item.data, item.data + item.len);

- SECITEM_FreeItem(&item, PR_FALSE);

- return true;

-#if defined(USE_NSS)

-struct PublicKeyInfoDeleter {

- inline void operator()(CERTSubjectPublicKeyInfo* spki) {

- SECKEY_DestroySubjectPublicKeyInfo(spki);

- }

-};

-typedef scoped_ptr<CERTSubjectPublicKeyInfo, PublicKeyInfoDeleter>

- ScopedPublicKeyInfo;

-// The function decodes RSA public key from the |input|.

-crypto::ScopedSECKEYPublicKey GetRSAPublicKey(const std::vector<uint8>& input) {

- // First, decode and save the public key.

- SECItem key_der;

- key_der.type = siBuffer;

- key_der.data = const_cast<unsigned char*>(&input[0]);

- key_der.len = input.size();

- ScopedPublicKeyInfo spki(SECKEY_DecodeDERSubjectPublicKeyInfo(&key_der));

- if (!spki)

- return crypto::ScopedSECKEYPublicKey();

- crypto::ScopedSECKEYPublicKey result(SECKEY_ExtractPublicKey(spki.get()));

- // Make sure the key is an RSA key.. If not, that's an error.

- if (!result || result->keyType != rsaKey)

- return crypto::ScopedSECKEYPublicKey();

- return result.Pass();

-#endif // defined(USE_NSS)

-} // namespace

-namespace crypto {

-RSAPrivateKey::~RSAPrivateKey() {

- if (key_)

- SECKEY_DestroyPrivateKey(key_);

- if (public_key_)

- SECKEY_DestroyPublicKey(public_key_);

-// static

-RSAPrivateKey* RSAPrivateKey::Create(uint16 num_bits) {

- EnsureNSSInit();

- ScopedPK11Slot slot(PK11_GetInternalSlot());

- return CreateWithParams(slot.get(),

- num_bits,

- false /* not permanent */,

- false /* not sensitive */);

-// static

-RSAPrivateKey* RSAPrivateKey::CreateFromPrivateKeyInfo(

- const std::vector<uint8>& input) {

- EnsureNSSInit();

- ScopedPK11Slot slot(PK11_GetInternalSlot());

- return CreateFromPrivateKeyInfoWithParams(

- slot.get(),

- input,

- false /* not permanent */,

- false /* not sensitive */);

-#if defined(USE_NSS)

-// static

-RSAPrivateKey* RSAPrivateKey::CreateSensitive(PK11SlotInfo* slot,

- uint16 num_bits) {

- return CreateWithParams(slot,

- num_bits,

- true /* permanent */,

- true /* sensitive */);

-// static

-RSAPrivateKey* RSAPrivateKey::CreateSensitiveFromPrivateKeyInfo(

- PK11SlotInfo* slot,

- const std::vector<uint8>& input) {

- return CreateFromPrivateKeyInfoWithParams(slot,

- input,

- true /* permanent */,

- true /* sensitive */);

-// static

-RSAPrivateKey* RSAPrivateKey::CreateFromKey(SECKEYPrivateKey* key) {

- DCHECK(key);

- if (SECKEY_GetPrivateKeyType(key) != rsaKey)

- return NULL;

- RSAPrivateKey* copy = new RSAPrivateKey();

- copy->key_ = SECKEY_CopyPrivateKey(key);

- copy->public_key_ = SECKEY_ConvertToPublicKey(key);

- if (!copy->key_ || !copy->public_key_) {

- NOTREACHED();

- delete copy;

- return NULL;

- }

- return copy;

-// static

-RSAPrivateKey* RSAPrivateKey::FindFromPublicKeyInfo(

- const std::vector<uint8>& input) {

- scoped_ptr<RSAPrivateKey> result(InitPublicPart(input));

- if (!result)

- return NULL;

- ScopedSECItem ck_id(

- PK11_MakeIDFromPubKey(&(result->public_key_->u.rsa.modulus)));

- if (!ck_id.get()) {

- NOTREACHED();

- return NULL;

- }

- // Search all slots in all modules for the key with the given ID.

- AutoSECMODListReadLock auto_lock;

- SECMODModuleList* head = SECMOD_GetDefaultModuleList();

- for (SECMODModuleList* item = head; item != NULL; item = item->next) {

- int slot_count = item->module->loaded ? item->module->slotCount : 0;

- for (int i = 0; i < slot_count; i++) {

- // Finally...Look for the key!

- result->key_ = PK11_FindKeyByKeyID(item->module->slots[i],

- ck_id.get(), NULL);

- if (result->key_)

- return result.release();

- }

- // We didn't find the key.

- return NULL;

-// static

-RSAPrivateKey* RSAPrivateKey::FindFromPublicKeyInfoInSlot(

- const std::vector<uint8>& input,

- PK11SlotInfo* slot) {

- if (!slot)

- return NULL;

- scoped_ptr<RSAPrivateKey> result(InitPublicPart(input));

- if (!result)

- return NULL;

- ScopedSECItem ck_id(

- PK11_MakeIDFromPubKey(&(result->public_key_->u.rsa.modulus)));

- if (!ck_id.get()) {

- NOTREACHED();

- return NULL;

- }

- result->key_ = PK11_FindKeyByKeyID(slot, ck_id.get(), NULL);

- if (!result->key_)

- return NULL;

- return result.release();

-#endif

-RSAPrivateKey* RSAPrivateKey::Copy() const {

- RSAPrivateKey* copy = new RSAPrivateKey();

- copy->key_ = SECKEY_CopyPrivateKey(key_);

- copy->public_key_ = SECKEY_CopyPublicKey(public_key_);

- return copy;

-bool RSAPrivateKey::ExportPrivateKey(std::vector<uint8>* output) const {

- PrivateKeyInfoCodec private_key_info(true);

- // Manually read the component attributes of the private key and build up

- // the PrivateKeyInfo.

- if (!ReadAttribute(key_, CKA_MODULUS, private_key_info.modulus()) ||

- !ReadAttribute(key_, CKA_PUBLIC_EXPONENT,

- private_key_info.public_exponent()) ||

- !ReadAttribute(key_, CKA_PRIVATE_EXPONENT,

- private_key_info.private_exponent()) ||

- !ReadAttribute(key_, CKA_PRIME_1, private_key_info.prime1()) ||

- !ReadAttribute(key_, CKA_PRIME_2, private_key_info.prime2()) ||

- !ReadAttribute(key_, CKA_EXPONENT_1, private_key_info.exponent1()) ||

- !ReadAttribute(key_, CKA_EXPONENT_2, private_key_info.exponent2()) ||

- !ReadAttribute(key_, CKA_COEFFICIENT, private_key_info.coefficient())) {

- NOTREACHED();

- return false;

- }

- return private_key_info.Export(output);

-bool RSAPrivateKey::ExportPublicKey(std::vector<uint8>* output) const {

- ScopedSECItem der_pubkey(SECKEY_EncodeDERSubjectPublicKeyInfo(public_key_));

- if (!der_pubkey.get()) {

- NOTREACHED();

- return false;

- }

- output->assign(der_pubkey->data, der_pubkey->data + der_pubkey->len);

- return true;

-RSAPrivateKey::RSAPrivateKey() : key_(NULL), public_key_(NULL) {

- EnsureNSSInit();

-// static

-RSAPrivateKey* RSAPrivateKey::CreateWithParams(PK11SlotInfo* slot,

- uint16 num_bits,

- bool permanent,

- bool sensitive) {

- if (!slot)

- return NULL;

- scoped_ptr<RSAPrivateKey> result(new RSAPrivateKey);

- PK11RSAGenParams param;

- param.keySizeInBits = num_bits;

- param.pe = 65537L;

- result->key_ = PK11_GenerateKeyPair(slot,

- CKM_RSA_PKCS_KEY_PAIR_GEN,

- &param,

- &result->public_key_,

- permanent,

- sensitive,

- NULL);

- if (!result->key_)

- return NULL;

- return result.release();

-// static

-RSAPrivateKey* RSAPrivateKey::CreateFromPrivateKeyInfoWithParams(

- PK11SlotInfo* slot,

- const std::vector<uint8>& input,

- bool permanent,

- bool sensitive) {

- if (!slot)

- return NULL;

- scoped_ptr<RSAPrivateKey> result(new RSAPrivateKey);

- ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));

- if (!arena) {

- NOTREACHED();

- return NULL;

- }

- // Excess data is illegal, but NSS silently accepts it, so first ensure that

- // |input| consists of a single ASN.1 element.

- SECItem input_item;

- input_item.data = const_cast<unsigned char*>(&input.front());

- input_item.len = input.size();

- SECItem der_private_key_info;

- SECStatus rv = SEC_QuickDERDecodeItem(arena.get(), &der_private_key_info,

- SEC_ASN1_GET(SEC_AnyTemplate),

- &input_item);

- if (rv != SECSuccess)

- return NULL;

- // Allow the private key to be used for key unwrapping, data decryption,

- // and signature generation.

- const unsigned int key_usage = KU_KEY_ENCIPHERMENT | KU_DATA_ENCIPHERMENT |

- KU_DIGITAL_SIGNATURE;

- rv = PK11_ImportDERPrivateKeyInfoAndReturnKey(

- slot, &der_private_key_info, NULL, NULL, permanent, sensitive,

- key_usage, &result->key_, NULL);

- if (rv != SECSuccess)

- return NULL;

- result->public_key_ = SECKEY_ConvertToPublicKey(result->key_);

- if (!result->public_key_)

- return NULL;

- return result.release();

-#if defined(USE_NSS)

-// static

-RSAPrivateKey* RSAPrivateKey::InitPublicPart(const std::vector<uint8>& input) {

- EnsureNSSInit();

- scoped_ptr<RSAPrivateKey> result(new RSAPrivateKey());

- result->public_key_ = GetRSAPublicKey(input).release();

- if (!result->public_key_) {

- NOTREACHED();

- return NULL;

- }

- return result.release();

-#endif // defined(USE_NSS)

-} // namespace crypto

« no previous file with comments | « crypto/rsa_private_key.cc ('k') | crypto/rsa_private_key_nss_unittest.cc » ('j') | no next file with comments »