1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "crypto/ec_private_key.h" 6 7 extern "C" { 8 // Work around NSS missing SEC_BEGIN_PROTOS in secmodt.h. This must come before 9 // other NSS headers. 10 #include <secmodt.h> 11 } 12 13 #include <cryptohi.h> 14 #include <keyhi.h> 15 #include <pk11pub.h> 16 #include <secmod.h> 17 18 #include "base/lazy_instance.h" 19 #include "base/logging.h" 20 #include "base/memory/scoped_ptr.h" 21 #include "crypto/nss_util.h" 22 #include "crypto/nss_util_internal.h" 23 #include "crypto/scoped_nss_types.h" 24 #include "crypto/third_party/nss/chromium-nss.h" 25 26 namespace { 27 28 PK11SlotInfo* GetKeySlot() { 29 return crypto::GetPublicNSSKeySlot(); 30 } 31 32 class EllipticCurveSupportChecker { 33 public: 34 EllipticCurveSupportChecker() { 35 // NOTE: we can do this check here only because we use the NSS internal 36 // slot. If we support other slots in the future, checking whether they 37 // support ECDSA may block NSS, and the value may also change as devices are 38 // inserted/removed, so we would need to re-check on every use. 39 crypto::EnsureNSSInit(); 40 crypto::ScopedPK11Slot slot(GetKeySlot()); 41 supported_ = PK11_DoesMechanism(slot.get(), CKM_EC_KEY_PAIR_GEN) && 42 PK11_DoesMechanism(slot.get(), CKM_ECDSA); 43 } 44 45 bool Supported() { 46 return supported_; 47 } 48 49 private: 50 bool supported_; 51 }; 52 53 static base::LazyInstance<EllipticCurveSupportChecker>::Leaky 54 g_elliptic_curve_supported = LAZY_INSTANCE_INITIALIZER; 55 56 // Copied from rsa_private_key_nss.cc. 57 static bool ReadAttribute(SECKEYPrivateKey* key, 58 CK_ATTRIBUTE_TYPE type, 59 std::vector<uint8>* output) { 60 SECItem item; 61 SECStatus rv; 62 rv = PK11_ReadRawAttribute(PK11_TypePrivKey, key, type, &item); 63 if (rv != SECSuccess) { 64 DLOG(ERROR) << "PK11_ReadRawAttribute: " << PORT_GetError(); 65 return false; 66 } 67 68 output->assign(item.data, item.data + item.len); 69 SECITEM_FreeItem(&item, PR_FALSE); 70 return true; 71 } 72 73 } // namespace 74 75 namespace crypto { 76 77 ECPrivateKey::~ECPrivateKey() { 78 if (key_) 79 SECKEY_DestroyPrivateKey(key_); 80 if (public_key_) 81 SECKEY_DestroyPublicKey(public_key_); 82 } 83 84 // static 85 bool ECPrivateKey::IsSupported() { 86 return g_elliptic_curve_supported.Get().Supported(); 87 } 88 89 // static 90 ECPrivateKey* ECPrivateKey::Create() { 91 return CreateWithParams(PR_FALSE /* not permanent */, 92 PR_FALSE /* not sensitive */); 93 } 94 95 // static 96 ECPrivateKey* ECPrivateKey::CreateSensitive() { 97 #if defined(USE_NSS) 98 return CreateWithParams(PR_TRUE /* permanent */, 99 PR_TRUE /* sensitive */); 100 #else 101 // If USE_NSS is not defined, we initialize NSS with no databases, so we can't 102 // create permanent keys. 103 NOTREACHED(); 104 return NULL; 105 #endif 106 } 107 108 // static 109 ECPrivateKey* ECPrivateKey::CreateFromEncryptedPrivateKeyInfo( 110 const std::string& password, 111 const std::vector<uint8>& encrypted_private_key_info, 112 const std::vector<uint8>& subject_public_key_info) { 113 return CreateFromEncryptedPrivateKeyInfoWithParams( 114 password, 115 encrypted_private_key_info, 116 subject_public_key_info, 117 PR_FALSE /* not permanent */, 118 PR_FALSE /* not sensitive */); 119 } 120 121 // static 122 ECPrivateKey* ECPrivateKey::CreateSensitiveFromEncryptedPrivateKeyInfo( 123 const std::string& password, 124 const std::vector<uint8>& encrypted_private_key_info, 125 const std::vector<uint8>& subject_public_key_info) { 126 #if defined(USE_NSS) 127 return CreateFromEncryptedPrivateKeyInfoWithParams( 128 password, 129 encrypted_private_key_info, 130 subject_public_key_info, 131 PR_TRUE /* permanent */, 132 PR_TRUE /* sensitive */); 133 #else 134 // If USE_NSS is not defined, we initialize NSS with no databases, so we can't 135 // create permanent keys. 136 NOTREACHED(); 137 return NULL; 138 #endif 139 } 140 141 // static 142 bool ECPrivateKey::ImportFromEncryptedPrivateKeyInfo( 143 const std::string& password, 144 const uint8* encrypted_private_key_info, 145 size_t encrypted_private_key_info_len, 146 CERTSubjectPublicKeyInfo* decoded_spki, 147 bool permanent, 148 bool sensitive, 149 SECKEYPrivateKey** key, 150 SECKEYPublicKey** public_key) { 151 ScopedPK11Slot slot(GetKeySlot()); 152 if (!slot.get()) 153 return false; 154 155 *public_key = SECKEY_ExtractPublicKey(decoded_spki); 156 157 if (!*public_key) { 158 DLOG(ERROR) << "SECKEY_ExtractPublicKey: " << PORT_GetError(); 159 return false; 160 } 161 162 SECItem encoded_epki = { 163 siBuffer, 164 const_cast<unsigned char*>(encrypted_private_key_info), 165 static_cast<unsigned>(encrypted_private_key_info_len) 166 }; 167 SECKEYEncryptedPrivateKeyInfo epki; 168 memset(&epki, 0, sizeof(epki)); 169 170 ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE)); 171 172 SECStatus rv = SEC_QuickDERDecodeItem( 173 arena.get(), 174 &epki, 175 SEC_ASN1_GET(SECKEY_EncryptedPrivateKeyInfoTemplate), 176 &encoded_epki); 177 if (rv != SECSuccess) { 178 DLOG(ERROR) << "SEC_QuickDERDecodeItem: " << PORT_GetError(); 179 SECKEY_DestroyPublicKey(*public_key); 180 *public_key = NULL; 181 return false; 182 } 183 184 SECItem password_item = { 185 siBuffer, 186 reinterpret_cast<unsigned char*>(const_cast<char*>(password.data())), 187 static_cast<unsigned>(password.size()) 188 }; 189 190 rv = ImportEncryptedECPrivateKeyInfoAndReturnKey( 191 slot.get(), 192 &epki, 193 &password_item, 194 NULL, // nickname 195 &(*public_key)->u.ec.publicValue, 196 permanent, 197 sensitive, 198 key, 199 NULL); // wincx 200 if (rv != SECSuccess) { 201 DLOG(ERROR) << "ImportEncryptedECPrivateKeyInfoAndReturnKey: " 202 << PORT_GetError(); 203 SECKEY_DestroyPublicKey(*public_key); 204 *public_key = NULL; 205 return false; 206 } 207 208 return true; 209 } 210 211 bool ECPrivateKey::ExportEncryptedPrivateKey( 212 const std::string& password, 213 int iterations, 214 std::vector<uint8>* output) { 215 // We export as an EncryptedPrivateKeyInfo bundle instead of a plain PKCS #8 216 // PrivateKeyInfo because PK11_ImportDERPrivateKeyInfoAndReturnKey doesn't 217 // support EC keys. 218 // https://bugzilla.mozilla.org/show_bug.cgi?id=327773 219 SECItem password_item = { 220 siBuffer, 221 reinterpret_cast<unsigned char*>(const_cast<char*>(password.data())), 222 static_cast<unsigned>(password.size()) 223 }; 224 225 SECKEYEncryptedPrivateKeyInfo* encrypted = PK11_ExportEncryptedPrivKeyInfo( 226 NULL, // Slot, optional. 227 SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC, 228 &password_item, 229 key_, 230 iterations, 231 NULL); // wincx. 232 233 if (!encrypted) { 234 DLOG(ERROR) << "PK11_ExportEncryptedPrivKeyInfo: " << PORT_GetError(); 235 return false; 236 } 237 238 ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE)); 239 SECItem der_key = {siBuffer, NULL, 0}; 240 SECItem* encoded_item = SEC_ASN1EncodeItem( 241 arena.get(), 242 &der_key, 243 encrypted, 244 SEC_ASN1_GET(SECKEY_EncryptedPrivateKeyInfoTemplate)); 245 SECKEY_DestroyEncryptedPrivateKeyInfo(encrypted, PR_TRUE); 246 if (!encoded_item) { 247 DLOG(ERROR) << "SEC_ASN1EncodeItem: " << PORT_GetError(); 248 return false; 249 } 250 251 output->assign(der_key.data, der_key.data + der_key.len); 252 253 return true; 254 } 255 256 bool ECPrivateKey::ExportPublicKey(std::vector<uint8>* output) { 257 ScopedSECItem der_pubkey( 258 SECKEY_EncodeDERSubjectPublicKeyInfo(public_key_)); 259 if (!der_pubkey.get()) { 260 return false; 261 } 262 263 output->assign(der_pubkey->data, der_pubkey->data + der_pubkey->len); 264 return true; 265 } 266 267 bool ECPrivateKey::ExportValue(std::vector<uint8>* output) { 268 return ReadAttribute(key_, CKA_VALUE, output); 269 } 270 271 bool ECPrivateKey::ExportECParams(std::vector<uint8>* output) { 272 return ReadAttribute(key_, CKA_EC_PARAMS, output); 273 } 274 275 ECPrivateKey::ECPrivateKey() : key_(NULL), public_key_(NULL) {} 276 277 // static 278 ECPrivateKey* ECPrivateKey::CreateWithParams(bool permanent, 279 bool sensitive) { 280 EnsureNSSInit(); 281 282 scoped_ptr<ECPrivateKey> result(new ECPrivateKey); 283 284 ScopedPK11Slot slot(GetKeySlot()); 285 if (!slot.get()) 286 return NULL; 287 288 SECOidData* oid_data = SECOID_FindOIDByTag(SEC_OID_SECG_EC_SECP256R1); 289 if (!oid_data) { 290 DLOG(ERROR) << "SECOID_FindOIDByTag: " << PORT_GetError(); 291 return NULL; 292 } 293 294 // SECKEYECParams is a SECItem containing the DER encoded ASN.1 ECParameters 295 // value. For a named curve, that is just the OBJECT IDENTIFIER of the curve. 296 // In addition to the oid data, the encoding requires one byte for the ASN.1 297 // tag and one byte for the length (assuming the length is <= 127). 298 DCHECK_LE(oid_data->oid.len, 127U); 299 std::vector<unsigned char> parameters_buf(2 + oid_data->oid.len); 300 SECKEYECParams ec_parameters = { 301 siDEROID, ¶meters_buf[0], 302 static_cast<unsigned>(parameters_buf.size()) 303 }; 304 305 ec_parameters.data[0] = SEC_ASN1_OBJECT_ID; 306 ec_parameters.data[1] = oid_data->oid.len; 307 memcpy(ec_parameters.data + 2, oid_data->oid.data, oid_data->oid.len); 308 309 result->key_ = PK11_GenerateKeyPair(slot.get(), 310 CKM_EC_KEY_PAIR_GEN, 311 &ec_parameters, 312 &result->public_key_, 313 permanent, 314 sensitive, 315 NULL); 316 if (!result->key_) { 317 DLOG(ERROR) << "PK11_GenerateKeyPair: " << PORT_GetError(); 318 return NULL; 319 } 320 321 return result.release(); 322 } 323 324 // static 325 ECPrivateKey* ECPrivateKey::CreateFromEncryptedPrivateKeyInfoWithParams( 326 const std::string& password, 327 const std::vector<uint8>& encrypted_private_key_info, 328 const std::vector<uint8>& subject_public_key_info, 329 bool permanent, 330 bool sensitive) { 331 EnsureNSSInit(); 332 333 scoped_ptr<ECPrivateKey> result(new ECPrivateKey); 334 335 SECItem encoded_spki = { 336 siBuffer, 337 const_cast<unsigned char*>(&subject_public_key_info[0]), 338 static_cast<unsigned>(subject_public_key_info.size()) 339 }; 340 CERTSubjectPublicKeyInfo* decoded_spki = SECKEY_DecodeDERSubjectPublicKeyInfo( 341 &encoded_spki); 342 if (!decoded_spki) { 343 DLOG(ERROR) << "SECKEY_DecodeDERSubjectPublicKeyInfo: " << PORT_GetError(); 344 return NULL; 345 } 346 347 bool success = ECPrivateKey::ImportFromEncryptedPrivateKeyInfo( 348 password, 349 &encrypted_private_key_info[0], 350 encrypted_private_key_info.size(), 351 decoded_spki, 352 permanent, 353 sensitive, 354 &result->key_, 355 &result->public_key_); 356 357 SECKEY_DestroySubjectPublicKeyInfo(decoded_spki); 358 359 if (success) 360 return result.release(); 361 362 return NULL; 363 } 364 365 } // namespace crypto 366