Home | History | Annotate | Download | only in crypto 
      1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #include "crypto/ec_private_key.h"
      6 
      7 extern "C" {
      8 // Work around NSS missing SEC_BEGIN_PROTOS in secmodt.h.  This must come before
      9 // other NSS headers.
     10 #include <secmodt.h>
     11 }
     12 
     13 #include <cryptohi.h>
     14 #include <keyhi.h>
     15 #include <pk11pub.h>
     16 #include <secmod.h>
     17 
     18 #include "base/lazy_instance.h"
     19 #include "base/logging.h"
     20 #include "base/memory/scoped_ptr.h"
     21 #include "crypto/nss_util.h"
     22 #include "crypto/nss_util_internal.h"
     23 #include "crypto/scoped_nss_types.h"
     24 #include "crypto/third_party/nss/chromium-nss.h"
     25 
     26 namespace {
     27 
     28 PK11SlotInfo* GetKeySlot() {
     29   return crypto::GetPublicNSSKeySlot();
     30 }
     31 
     32 class EllipticCurveSupportChecker {
     33  public:
     34   EllipticCurveSupportChecker() {
     35     // NOTE: we can do this check here only because we use the NSS internal
     36     // slot.  If we support other slots in the future, checking whether they
     37     // support ECDSA may block NSS, and the value may also change as devices are
     38     // inserted/removed, so we would need to re-check on every use.
     39     crypto::EnsureNSSInit();
     40     crypto::ScopedPK11Slot slot(GetKeySlot());
     41     supported_ = PK11_DoesMechanism(slot.get(), CKM_EC_KEY_PAIR_GEN) &&
     42         PK11_DoesMechanism(slot.get(), CKM_ECDSA);
     43   }
     44 
     45   bool Supported() {
     46     return supported_;
     47   }
     48 
     49  private:
     50   bool supported_;
     51 };
     52 
     53 static base::LazyInstance<EllipticCurveSupportChecker>::Leaky
     54     g_elliptic_curve_supported = LAZY_INSTANCE_INITIALIZER;
     55 
     56 // Copied from rsa_private_key_nss.cc.
     57 static bool ReadAttribute(SECKEYPrivateKey* key,
     58                           CK_ATTRIBUTE_TYPE type,
     59                           std::vector<uint8>* output) {
     60   SECItem item;
     61   SECStatus rv;
     62   rv = PK11_ReadRawAttribute(PK11_TypePrivKey, key, type, &item);
     63   if (rv != SECSuccess) {
     64     DLOG(ERROR) << "PK11_ReadRawAttribute: " << PORT_GetError();
     65     return false;
     66   }
     67 
     68   output->assign(item.data, item.data + item.len);
     69   SECITEM_FreeItem(&item, PR_FALSE);
     70   return true;
     71 }
     72 
     73 }  // namespace
     74 
     75 namespace crypto {
     76 
     77 ECPrivateKey::~ECPrivateKey() {
     78   if (key_)
     79     SECKEY_DestroyPrivateKey(key_);
     80   if (public_key_)
     81     SECKEY_DestroyPublicKey(public_key_);
     82 }
     83 
     84 // static
     85 bool ECPrivateKey::IsSupported() {
     86   return g_elliptic_curve_supported.Get().Supported();
     87 }
     88 
     89 // static
     90 ECPrivateKey* ECPrivateKey::Create() {
     91   return CreateWithParams(PR_FALSE /* not permanent */,
     92                           PR_FALSE /* not sensitive */);
     93 }
     94 
     95 // static
     96 ECPrivateKey* ECPrivateKey::CreateSensitive() {
     97 #if defined(USE_NSS)
     98   return CreateWithParams(PR_TRUE /* permanent */,
     99                           PR_TRUE /* sensitive */);
    100 #else
    101   // If USE_NSS is not defined, we initialize NSS with no databases, so we can't
    102   // create permanent keys.
    103   NOTREACHED();
    104   return NULL;
    105 #endif
    106 }
    107 
    108 // static
    109 ECPrivateKey* ECPrivateKey::CreateFromEncryptedPrivateKeyInfo(
    110     const std::string& password,
    111     const std::vector<uint8>& encrypted_private_key_info,
    112     const std::vector<uint8>& subject_public_key_info) {
    113   return CreateFromEncryptedPrivateKeyInfoWithParams(
    114       password,
    115       encrypted_private_key_info,
    116       subject_public_key_info,
    117       PR_FALSE /* not permanent */,
    118       PR_FALSE /* not sensitive */);
    119 }
    120 
    121 // static
    122 ECPrivateKey* ECPrivateKey::CreateSensitiveFromEncryptedPrivateKeyInfo(
    123     const std::string& password,
    124     const std::vector<uint8>& encrypted_private_key_info,
    125     const std::vector<uint8>& subject_public_key_info) {
    126 #if defined(USE_NSS)
    127   return CreateFromEncryptedPrivateKeyInfoWithParams(
    128       password,
    129       encrypted_private_key_info,
    130       subject_public_key_info,
    131       PR_TRUE /* permanent */,
    132       PR_TRUE /* sensitive */);
    133 #else
    134   // If USE_NSS is not defined, we initialize NSS with no databases, so we can't
    135   // create permanent keys.
    136   NOTREACHED();
    137   return NULL;
    138 #endif
    139 }
    140 
    141 // static
    142 bool ECPrivateKey::ImportFromEncryptedPrivateKeyInfo(
    143     const std::string& password,
    144     const uint8* encrypted_private_key_info,
    145     size_t encrypted_private_key_info_len,
    146     CERTSubjectPublicKeyInfo* decoded_spki,
    147     bool permanent,
    148     bool sensitive,
    149     SECKEYPrivateKey** key,
    150     SECKEYPublicKey** public_key) {
    151   ScopedPK11Slot slot(GetKeySlot());
    152   if (!slot.get())
    153     return false;
    154 
    155   *public_key = SECKEY_ExtractPublicKey(decoded_spki);
    156 
    157   if (!*public_key) {
    158     DLOG(ERROR) << "SECKEY_ExtractPublicKey: " << PORT_GetError();
    159     return false;
    160   }
    161 
    162   SECItem encoded_epki = {
    163     siBuffer,
    164     const_cast<unsigned char*>(encrypted_private_key_info),
    165     static_cast<unsigned>(encrypted_private_key_info_len)
    166   };
    167   SECKEYEncryptedPrivateKeyInfo epki;
    168   memset(&epki, 0, sizeof(epki));
    169 
    170   ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
    171 
    172   SECStatus rv = SEC_QuickDERDecodeItem(
    173       arena.get(),
    174       &epki,
    175       SEC_ASN1_GET(SECKEY_EncryptedPrivateKeyInfoTemplate),
    176       &encoded_epki);
    177   if (rv != SECSuccess) {
    178     DLOG(ERROR) << "SEC_QuickDERDecodeItem: " << PORT_GetError();
    179     SECKEY_DestroyPublicKey(*public_key);
    180     *public_key = NULL;
    181     return false;
    182   }
    183 
    184   SECItem password_item = {
    185     siBuffer,
    186     reinterpret_cast<unsigned char*>(const_cast<char*>(password.data())),
    187     static_cast<unsigned>(password.size())
    188   };
    189 
    190   rv = ImportEncryptedECPrivateKeyInfoAndReturnKey(
    191       slot.get(),
    192       &epki,
    193       &password_item,
    194       NULL,  // nickname
    195       &(*public_key)->u.ec.publicValue,
    196       permanent,
    197       sensitive,
    198       key,
    199       NULL);  // wincx
    200   if (rv != SECSuccess) {
    201     DLOG(ERROR) << "ImportEncryptedECPrivateKeyInfoAndReturnKey: "
    202                 << PORT_GetError();
    203     SECKEY_DestroyPublicKey(*public_key);
    204     *public_key = NULL;
    205     return false;
    206   }
    207 
    208   return true;
    209 }
    210 
    211 bool ECPrivateKey::ExportEncryptedPrivateKey(
    212     const std::string& password,
    213     int iterations,
    214     std::vector<uint8>* output) {
    215   // We export as an EncryptedPrivateKeyInfo bundle instead of a plain PKCS #8
    216   // PrivateKeyInfo because PK11_ImportDERPrivateKeyInfoAndReturnKey doesn't
    217   // support EC keys.
    218   // https://bugzilla.mozilla.org/show_bug.cgi?id=327773
    219   SECItem password_item = {
    220     siBuffer,
    221     reinterpret_cast<unsigned char*>(const_cast<char*>(password.data())),
    222     static_cast<unsigned>(password.size())
    223   };
    224 
    225   SECKEYEncryptedPrivateKeyInfo* encrypted = PK11_ExportEncryptedPrivKeyInfo(
    226       NULL, // Slot, optional.
    227       SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC,
    228       &password_item,
    229       key_,
    230       iterations,
    231       NULL); // wincx.
    232 
    233   if (!encrypted) {
    234     DLOG(ERROR) << "PK11_ExportEncryptedPrivKeyInfo: " << PORT_GetError();
    235     return false;
    236   }
    237 
    238   ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
    239   SECItem der_key = {siBuffer, NULL, 0};
    240   SECItem* encoded_item = SEC_ASN1EncodeItem(
    241       arena.get(),
    242       &der_key,
    243       encrypted,
    244       SEC_ASN1_GET(SECKEY_EncryptedPrivateKeyInfoTemplate));
    245   SECKEY_DestroyEncryptedPrivateKeyInfo(encrypted, PR_TRUE);
    246   if (!encoded_item) {
    247     DLOG(ERROR) << "SEC_ASN1EncodeItem: " << PORT_GetError();
    248     return false;
    249   }
    250 
    251   output->assign(der_key.data, der_key.data + der_key.len);
    252 
    253   return true;
    254 }
    255 
    256 bool ECPrivateKey::ExportPublicKey(std::vector<uint8>* output) {
    257   ScopedSECItem der_pubkey(
    258       SECKEY_EncodeDERSubjectPublicKeyInfo(public_key_));
    259   if (!der_pubkey.get()) {
    260     return false;
    261   }
    262 
    263   output->assign(der_pubkey->data, der_pubkey->data + der_pubkey->len);
    264   return true;
    265 }
    266 
    267 bool ECPrivateKey::ExportValue(std::vector<uint8>* output) {
    268   return ReadAttribute(key_, CKA_VALUE, output);
    269 }
    270 
    271 bool ECPrivateKey::ExportECParams(std::vector<uint8>* output) {
    272   return ReadAttribute(key_, CKA_EC_PARAMS, output);
    273 }
    274 
    275 ECPrivateKey::ECPrivateKey() : key_(NULL), public_key_(NULL) {}
    276 
    277 // static
    278 ECPrivateKey* ECPrivateKey::CreateWithParams(bool permanent,
    279                                              bool sensitive) {
    280   EnsureNSSInit();
    281 
    282   scoped_ptr<ECPrivateKey> result(new ECPrivateKey);
    283 
    284   ScopedPK11Slot slot(GetKeySlot());
    285   if (!slot.get())
    286     return NULL;
    287 
    288   SECOidData* oid_data = SECOID_FindOIDByTag(SEC_OID_SECG_EC_SECP256R1);
    289   if (!oid_data) {
    290     DLOG(ERROR) << "SECOID_FindOIDByTag: " << PORT_GetError();
    291     return NULL;
    292   }
    293 
    294   // SECKEYECParams is a SECItem containing the DER encoded ASN.1 ECParameters
    295   // value.  For a named curve, that is just the OBJECT IDENTIFIER of the curve.
    296   // In addition to the oid data, the encoding requires one byte for the ASN.1
    297   // tag and one byte for the length (assuming the length is <= 127).
    298   DCHECK_LE(oid_data->oid.len, 127U);
    299   std::vector<unsigned char> parameters_buf(2 + oid_data->oid.len);
    300   SECKEYECParams ec_parameters = {
    301     siDEROID, &parameters_buf[0],
    302     static_cast<unsigned>(parameters_buf.size())
    303   };
    304 
    305   ec_parameters.data[0] = SEC_ASN1_OBJECT_ID;
    306   ec_parameters.data[1] = oid_data->oid.len;
    307   memcpy(ec_parameters.data + 2, oid_data->oid.data, oid_data->oid.len);
    308 
    309   result->key_ = PK11_GenerateKeyPair(slot.get(),
    310                                       CKM_EC_KEY_PAIR_GEN,
    311                                       &ec_parameters,
    312                                       &result->public_key_,
    313                                       permanent,
    314                                       sensitive,
    315                                       NULL);
    316   if (!result->key_) {
    317     DLOG(ERROR) << "PK11_GenerateKeyPair: " << PORT_GetError();
    318     return NULL;
    319   }
    320 
    321   return result.release();
    322 }
    323 
    324 // static
    325 ECPrivateKey* ECPrivateKey::CreateFromEncryptedPrivateKeyInfoWithParams(
    326     const std::string& password,
    327     const std::vector<uint8>& encrypted_private_key_info,
    328     const std::vector<uint8>& subject_public_key_info,
    329     bool permanent,
    330     bool sensitive) {
    331   EnsureNSSInit();
    332 
    333   scoped_ptr<ECPrivateKey> result(new ECPrivateKey);
    334 
    335   SECItem encoded_spki = {
    336     siBuffer,
    337     const_cast<unsigned char*>(&subject_public_key_info[0]),
    338     static_cast<unsigned>(subject_public_key_info.size())
    339   };
    340   CERTSubjectPublicKeyInfo* decoded_spki = SECKEY_DecodeDERSubjectPublicKeyInfo(
    341       &encoded_spki);
    342   if (!decoded_spki) {
    343     DLOG(ERROR) << "SECKEY_DecodeDERSubjectPublicKeyInfo: " << PORT_GetError();
    344     return NULL;
    345   }
    346 
    347   bool success = ECPrivateKey::ImportFromEncryptedPrivateKeyInfo(
    348       password,
    349       &encrypted_private_key_info[0],
    350       encrypted_private_key_info.size(),
    351       decoded_spki,
    352       permanent,
    353       sensitive,
    354       &result->key_,
    355       &result->public_key_);
    356 
    357   SECKEY_DestroySubjectPublicKeyInfo(decoded_spki);
    358 
    359   if (success)
    360     return result.release();
    361 
    362   return NULL;
    363 }
    364 
    365 }  // namespace crypto
    366