Home | History | Annotate | Download | only in crypto 
      1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #include "crypto/ec_private_key.h"
      6 
      7 extern "C" {
      8 // Work around NSS missing SEC_BEGIN_PROTOS in secmodt.h.  This must come before
      9 // other NSS headers.
     10 #include <secmodt.h>
     11 }
     12 
     13 #include <cryptohi.h>
     14 #include <keyhi.h>
     15 #include <pk11pub.h>
     16 #include <secmod.h>
     17 
     18 #include "base/lazy_instance.h"
     19 #include "base/logging.h"
     20 #include "base/memory/scoped_ptr.h"
     21 #include "crypto/nss_util.h"
     22 #include "crypto/nss_util_internal.h"
     23 #include "crypto/scoped_nss_types.h"
     24 #include "crypto/third_party/nss/chromium-nss.h"
     25 
     26 namespace {
     27 
     28 PK11SlotInfo* GetTempKeySlot() {
     29   return PK11_GetInternalSlot();
     30 }
     31 
     32 class EllipticCurveSupportChecker {
     33  public:
     34   EllipticCurveSupportChecker() {
     35     // NOTE: we can do this check here only because we use the NSS internal
     36     // slot.  If we support other slots in the future, checking whether they
     37     // support ECDSA may block NSS, and the value may also change as devices are
     38     // inserted/removed, so we would need to re-check on every use.
     39     crypto::EnsureNSSInit();
     40     crypto::ScopedPK11Slot slot(GetTempKeySlot());
     41     supported_ = PK11_DoesMechanism(slot.get(), CKM_EC_KEY_PAIR_GEN) &&
     42         PK11_DoesMechanism(slot.get(), CKM_ECDSA);
     43   }
     44 
     45   bool Supported() {
     46     return supported_;
     47   }
     48 
     49  private:
     50   bool supported_;
     51 };
     52 
     53 static base::LazyInstance<EllipticCurveSupportChecker>::Leaky
     54     g_elliptic_curve_supported = LAZY_INSTANCE_INITIALIZER;
     55 
     56 // Copied from rsa_private_key_nss.cc.
     57 static bool ReadAttribute(SECKEYPrivateKey* key,
     58                           CK_ATTRIBUTE_TYPE type,
     59                           std::vector<uint8>* output) {
     60   SECItem item;
     61   SECStatus rv;
     62   rv = PK11_ReadRawAttribute(PK11_TypePrivKey, key, type, &item);
     63   if (rv != SECSuccess) {
     64     DLOG(ERROR) << "PK11_ReadRawAttribute: " << PORT_GetError();
     65     return false;
     66   }
     67 
     68   output->assign(item.data, item.data + item.len);
     69   SECITEM_FreeItem(&item, PR_FALSE);
     70   return true;
     71 }
     72 
     73 }  // namespace
     74 
     75 namespace crypto {
     76 
     77 ECPrivateKey::~ECPrivateKey() {
     78   if (key_)
     79     SECKEY_DestroyPrivateKey(key_);
     80   if (public_key_)
     81     SECKEY_DestroyPublicKey(public_key_);
     82 }
     83 
     84 // static
     85 bool ECPrivateKey::IsSupported() {
     86   return g_elliptic_curve_supported.Get().Supported();
     87 }
     88 
     89 // static
     90 ECPrivateKey* ECPrivateKey::Create() {
     91   EnsureNSSInit();
     92 
     93   ScopedPK11Slot slot(GetTempKeySlot());
     94   return CreateWithParams(slot.get(),
     95                           false /* not permanent */,
     96                           false /* not sensitive */);
     97 }
     98 
     99 #if defined(USE_NSS)
    100 // static
    101 ECPrivateKey* ECPrivateKey::CreateSensitive(PK11SlotInfo* slot) {
    102   return CreateWithParams(
    103       slot, true /* permanent */, true /* sensitive */);
    104 }
    105 #endif
    106 
    107 // static
    108 ECPrivateKey* ECPrivateKey::CreateFromEncryptedPrivateKeyInfo(
    109     const std::string& password,
    110     const std::vector<uint8>& encrypted_private_key_info,
    111     const std::vector<uint8>& subject_public_key_info) {
    112   EnsureNSSInit();
    113 
    114   ScopedPK11Slot slot(GetTempKeySlot());
    115   return CreateFromEncryptedPrivateKeyInfoWithParams(
    116       slot.get(),
    117       password,
    118       encrypted_private_key_info,
    119       subject_public_key_info,
    120       false /* not permanent */,
    121       false /* not sensitive */);
    122 }
    123 
    124 #if defined(USE_NSS)
    125 // static
    126 ECPrivateKey* ECPrivateKey::CreateSensitiveFromEncryptedPrivateKeyInfo(
    127     PK11SlotInfo* slot,
    128     const std::string& password,
    129     const std::vector<uint8>& encrypted_private_key_info,
    130     const std::vector<uint8>& subject_public_key_info) {
    131   return CreateFromEncryptedPrivateKeyInfoWithParams(
    132       slot,
    133       password,
    134       encrypted_private_key_info,
    135       subject_public_key_info,
    136       true /* permanent */,
    137       true /* sensitive */);
    138 }
    139 #endif
    140 
    141 // static
    142 bool ECPrivateKey::ImportFromEncryptedPrivateKeyInfo(
    143     PK11SlotInfo* slot,
    144     const std::string& password,
    145     const uint8* encrypted_private_key_info,
    146     size_t encrypted_private_key_info_len,
    147     CERTSubjectPublicKeyInfo* decoded_spki,
    148     bool permanent,
    149     bool sensitive,
    150     SECKEYPrivateKey** key,
    151     SECKEYPublicKey** public_key) {
    152   if (!slot)
    153     return false;
    154 
    155   *public_key = SECKEY_ExtractPublicKey(decoded_spki);
    156 
    157   if (!*public_key) {
    158     DLOG(ERROR) << "SECKEY_ExtractPublicKey: " << PORT_GetError();
    159     return false;
    160   }
    161 
    162   SECItem encoded_epki = {
    163     siBuffer,
    164     const_cast<unsigned char*>(encrypted_private_key_info),
    165     static_cast<unsigned>(encrypted_private_key_info_len)
    166   };
    167   SECKEYEncryptedPrivateKeyInfo epki;
    168   memset(&epki, 0, sizeof(epki));
    169 
    170   ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
    171 
    172   SECStatus rv = SEC_QuickDERDecodeItem(
    173       arena.get(),
    174       &epki,
    175       SEC_ASN1_GET(SECKEY_EncryptedPrivateKeyInfoTemplate),
    176       &encoded_epki);
    177   if (rv != SECSuccess) {
    178     DLOG(ERROR) << "SEC_QuickDERDecodeItem: " << PORT_GetError();
    179     SECKEY_DestroyPublicKey(*public_key);
    180     *public_key = NULL;
    181     return false;
    182   }
    183 
    184   SECItem password_item = {
    185     siBuffer,
    186     reinterpret_cast<unsigned char*>(const_cast<char*>(password.data())),
    187     static_cast<unsigned>(password.size())
    188   };
    189 
    190   rv = ImportEncryptedECPrivateKeyInfoAndReturnKey(
    191       slot,
    192       &epki,
    193       &password_item,
    194       NULL,  // nickname
    195       &(*public_key)->u.ec.publicValue,
    196       permanent,
    197       sensitive,
    198       key,
    199       NULL);  // wincx
    200   if (rv != SECSuccess) {
    201     DLOG(ERROR) << "ImportEncryptedECPrivateKeyInfoAndReturnKey: "
    202                 << PORT_GetError();
    203     SECKEY_DestroyPublicKey(*public_key);
    204     *public_key = NULL;
    205     return false;
    206   }
    207 
    208   return true;
    209 }
    210 
    211 bool ECPrivateKey::ExportEncryptedPrivateKey(
    212     const std::string& password,
    213     int iterations,
    214     std::vector<uint8>* output) {
    215   // We export as an EncryptedPrivateKeyInfo bundle instead of a plain PKCS #8
    216   // PrivateKeyInfo because PK11_ImportDERPrivateKeyInfoAndReturnKey doesn't
    217   // support EC keys.
    218   // https://bugzilla.mozilla.org/show_bug.cgi?id=327773
    219   SECItem password_item = {
    220     siBuffer,
    221     reinterpret_cast<unsigned char*>(const_cast<char*>(password.data())),
    222     static_cast<unsigned>(password.size())
    223   };
    224 
    225   SECKEYEncryptedPrivateKeyInfo* encrypted = PK11_ExportEncryptedPrivKeyInfo(
    226       NULL, // Slot, optional.
    227       SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC,
    228       &password_item,
    229       key_,
    230       iterations,
    231       NULL); // wincx.
    232 
    233   if (!encrypted) {
    234     DLOG(ERROR) << "PK11_ExportEncryptedPrivKeyInfo: " << PORT_GetError();
    235     return false;
    236   }
    237 
    238   ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
    239   SECItem der_key = {siBuffer, NULL, 0};
    240   SECItem* encoded_item = SEC_ASN1EncodeItem(
    241       arena.get(),
    242       &der_key,
    243       encrypted,
    244       SEC_ASN1_GET(SECKEY_EncryptedPrivateKeyInfoTemplate));
    245   SECKEY_DestroyEncryptedPrivateKeyInfo(encrypted, PR_TRUE);
    246   if (!encoded_item) {
    247     DLOG(ERROR) << "SEC_ASN1EncodeItem: " << PORT_GetError();
    248     return false;
    249   }
    250 
    251   output->assign(der_key.data, der_key.data + der_key.len);
    252 
    253   return true;
    254 }
    255 
    256 bool ECPrivateKey::ExportPublicKey(std::vector<uint8>* output) {
    257   ScopedSECItem der_pubkey(
    258       SECKEY_EncodeDERSubjectPublicKeyInfo(public_key_));
    259   if (!der_pubkey.get()) {
    260     return false;
    261   }
    262 
    263   output->assign(der_pubkey->data, der_pubkey->data + der_pubkey->len);
    264   return true;
    265 }
    266 
    267 bool ECPrivateKey::ExportValue(std::vector<uint8>* output) {
    268   return ReadAttribute(key_, CKA_VALUE, output);
    269 }
    270 
    271 bool ECPrivateKey::ExportECParams(std::vector<uint8>* output) {
    272   return ReadAttribute(key_, CKA_EC_PARAMS, output);
    273 }
    274 
    275 ECPrivateKey::ECPrivateKey() : key_(NULL), public_key_(NULL) {}
    276 
    277 // static
    278 ECPrivateKey* ECPrivateKey::CreateWithParams(PK11SlotInfo* slot,
    279                                              bool permanent,
    280                                              bool sensitive) {
    281   if (!slot)
    282     return NULL;
    283 
    284   scoped_ptr<ECPrivateKey> result(new ECPrivateKey);
    285 
    286   SECOidData* oid_data = SECOID_FindOIDByTag(SEC_OID_SECG_EC_SECP256R1);
    287   if (!oid_data) {
    288     DLOG(ERROR) << "SECOID_FindOIDByTag: " << PORT_GetError();
    289     return NULL;
    290   }
    291 
    292   // SECKEYECParams is a SECItem containing the DER encoded ASN.1 ECParameters
    293   // value.  For a named curve, that is just the OBJECT IDENTIFIER of the curve.
    294   // In addition to the oid data, the encoding requires one byte for the ASN.1
    295   // tag and one byte for the length (assuming the length is <= 127).
    296   DCHECK_LE(oid_data->oid.len, 127U);
    297   std::vector<unsigned char> parameters_buf(2 + oid_data->oid.len);
    298   SECKEYECParams ec_parameters = {
    299     siDEROID, &parameters_buf[0],
    300     static_cast<unsigned>(parameters_buf.size())
    301   };
    302 
    303   ec_parameters.data[0] = SEC_ASN1_OBJECT_ID;
    304   ec_parameters.data[1] = oid_data->oid.len;
    305   memcpy(ec_parameters.data + 2, oid_data->oid.data, oid_data->oid.len);
    306 
    307   result->key_ = PK11_GenerateKeyPair(slot,
    308                                       CKM_EC_KEY_PAIR_GEN,
    309                                       &ec_parameters,
    310                                       &result->public_key_,
    311                                       permanent,
    312                                       sensitive,
    313                                       NULL);
    314   if (!result->key_) {
    315     DLOG(ERROR) << "PK11_GenerateKeyPair: " << PORT_GetError();
    316     return NULL;
    317   }
    318 
    319   return result.release();
    320 }
    321 
    322 // static
    323 ECPrivateKey* ECPrivateKey::CreateFromEncryptedPrivateKeyInfoWithParams(
    324     PK11SlotInfo* slot,
    325     const std::string& password,
    326     const std::vector<uint8>& encrypted_private_key_info,
    327     const std::vector<uint8>& subject_public_key_info,
    328     bool permanent,
    329     bool sensitive) {
    330   scoped_ptr<ECPrivateKey> result(new ECPrivateKey);
    331 
    332   SECItem encoded_spki = {
    333     siBuffer,
    334     const_cast<unsigned char*>(&subject_public_key_info[0]),
    335     static_cast<unsigned>(subject_public_key_info.size())
    336   };
    337   CERTSubjectPublicKeyInfo* decoded_spki = SECKEY_DecodeDERSubjectPublicKeyInfo(
    338       &encoded_spki);
    339   if (!decoded_spki) {
    340     DLOG(ERROR) << "SECKEY_DecodeDERSubjectPublicKeyInfo: " << PORT_GetError();
    341     return NULL;
    342   }
    343 
    344   bool success = ImportFromEncryptedPrivateKeyInfo(
    345       slot,
    346       password,
    347       &encrypted_private_key_info[0],
    348       encrypted_private_key_info.size(),
    349       decoded_spki,
    350       permanent,
    351       sensitive,
    352       &result->key_,
    353       &result->public_key_);
    354 
    355   SECKEY_DestroySubjectPublicKeyInfo(decoded_spki);
    356 
    357   if (success)
    358     return result.release();
    359 
    360   return NULL;
    361 }
    362 
    363 }  // namespace crypto
    364