1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "crypto/ec_private_key.h" 6 7 extern "C" { 8 // Work around NSS missing SEC_BEGIN_PROTOS in secmodt.h. This must come before 9 // other NSS headers. 10 #include <secmodt.h> 11 } 12 13 #include <cryptohi.h> 14 #include <keyhi.h> 15 #include <pk11pub.h> 16 #include <secmod.h> 17 18 #include "base/lazy_instance.h" 19 #include "base/logging.h" 20 #include "base/memory/scoped_ptr.h" 21 #include "crypto/nss_util.h" 22 #include "crypto/nss_util_internal.h" 23 #include "crypto/scoped_nss_types.h" 24 #include "crypto/third_party/nss/chromium-nss.h" 25 26 namespace { 27 28 PK11SlotInfo* GetTempKeySlot() { 29 return PK11_GetInternalSlot(); 30 } 31 32 class EllipticCurveSupportChecker { 33 public: 34 EllipticCurveSupportChecker() { 35 // NOTE: we can do this check here only because we use the NSS internal 36 // slot. If we support other slots in the future, checking whether they 37 // support ECDSA may block NSS, and the value may also change as devices are 38 // inserted/removed, so we would need to re-check on every use. 39 crypto::EnsureNSSInit(); 40 crypto::ScopedPK11Slot slot(GetTempKeySlot()); 41 supported_ = PK11_DoesMechanism(slot.get(), CKM_EC_KEY_PAIR_GEN) && 42 PK11_DoesMechanism(slot.get(), CKM_ECDSA); 43 } 44 45 bool Supported() { 46 return supported_; 47 } 48 49 private: 50 bool supported_; 51 }; 52 53 static base::LazyInstance<EllipticCurveSupportChecker>::Leaky 54 g_elliptic_curve_supported = LAZY_INSTANCE_INITIALIZER; 55 56 // Copied from rsa_private_key_nss.cc. 57 static bool ReadAttribute(SECKEYPrivateKey* key, 58 CK_ATTRIBUTE_TYPE type, 59 std::vector<uint8>* output) { 60 SECItem item; 61 SECStatus rv; 62 rv = PK11_ReadRawAttribute(PK11_TypePrivKey, key, type, &item); 63 if (rv != SECSuccess) { 64 DLOG(ERROR) << "PK11_ReadRawAttribute: " << PORT_GetError(); 65 return false; 66 } 67 68 output->assign(item.data, item.data + item.len); 69 SECITEM_FreeItem(&item, PR_FALSE); 70 return true; 71 } 72 73 } // namespace 74 75 namespace crypto { 76 77 ECPrivateKey::~ECPrivateKey() { 78 if (key_) 79 SECKEY_DestroyPrivateKey(key_); 80 if (public_key_) 81 SECKEY_DestroyPublicKey(public_key_); 82 } 83 84 // static 85 bool ECPrivateKey::IsSupported() { 86 return g_elliptic_curve_supported.Get().Supported(); 87 } 88 89 // static 90 ECPrivateKey* ECPrivateKey::Create() { 91 EnsureNSSInit(); 92 93 ScopedPK11Slot slot(GetTempKeySlot()); 94 return CreateWithParams(slot.get(), 95 false /* not permanent */, 96 false /* not sensitive */); 97 } 98 99 #if defined(USE_NSS) 100 // static 101 ECPrivateKey* ECPrivateKey::CreateSensitive(PK11SlotInfo* slot) { 102 return CreateWithParams( 103 slot, true /* permanent */, true /* sensitive */); 104 } 105 #endif 106 107 // static 108 ECPrivateKey* ECPrivateKey::CreateFromEncryptedPrivateKeyInfo( 109 const std::string& password, 110 const std::vector<uint8>& encrypted_private_key_info, 111 const std::vector<uint8>& subject_public_key_info) { 112 EnsureNSSInit(); 113 114 ScopedPK11Slot slot(GetTempKeySlot()); 115 return CreateFromEncryptedPrivateKeyInfoWithParams( 116 slot.get(), 117 password, 118 encrypted_private_key_info, 119 subject_public_key_info, 120 false /* not permanent */, 121 false /* not sensitive */); 122 } 123 124 #if defined(USE_NSS) 125 // static 126 ECPrivateKey* ECPrivateKey::CreateSensitiveFromEncryptedPrivateKeyInfo( 127 PK11SlotInfo* slot, 128 const std::string& password, 129 const std::vector<uint8>& encrypted_private_key_info, 130 const std::vector<uint8>& subject_public_key_info) { 131 return CreateFromEncryptedPrivateKeyInfoWithParams( 132 slot, 133 password, 134 encrypted_private_key_info, 135 subject_public_key_info, 136 true /* permanent */, 137 true /* sensitive */); 138 } 139 #endif 140 141 // static 142 bool ECPrivateKey::ImportFromEncryptedPrivateKeyInfo( 143 PK11SlotInfo* slot, 144 const std::string& password, 145 const uint8* encrypted_private_key_info, 146 size_t encrypted_private_key_info_len, 147 CERTSubjectPublicKeyInfo* decoded_spki, 148 bool permanent, 149 bool sensitive, 150 SECKEYPrivateKey** key, 151 SECKEYPublicKey** public_key) { 152 if (!slot) 153 return false; 154 155 *public_key = SECKEY_ExtractPublicKey(decoded_spki); 156 157 if (!*public_key) { 158 DLOG(ERROR) << "SECKEY_ExtractPublicKey: " << PORT_GetError(); 159 return false; 160 } 161 162 if (SECKEY_GetPublicKeyType(*public_key) != ecKey) { 163 DLOG(ERROR) << "The public key is not an EC key"; 164 SECKEY_DestroyPublicKey(*public_key); 165 *public_key = NULL; 166 return false; 167 } 168 169 SECItem encoded_epki = { 170 siBuffer, 171 const_cast<unsigned char*>(encrypted_private_key_info), 172 static_cast<unsigned>(encrypted_private_key_info_len) 173 }; 174 SECKEYEncryptedPrivateKeyInfo epki; 175 memset(&epki, 0, sizeof(epki)); 176 177 ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE)); 178 179 SECStatus rv = SEC_QuickDERDecodeItem( 180 arena.get(), 181 &epki, 182 SEC_ASN1_GET(SECKEY_EncryptedPrivateKeyInfoTemplate), 183 &encoded_epki); 184 if (rv != SECSuccess) { 185 DLOG(ERROR) << "SEC_QuickDERDecodeItem: " << PORT_GetError(); 186 SECKEY_DestroyPublicKey(*public_key); 187 *public_key = NULL; 188 return false; 189 } 190 191 SECItem password_item = { 192 siBuffer, 193 reinterpret_cast<unsigned char*>(const_cast<char*>(password.data())), 194 static_cast<unsigned>(password.size()) 195 }; 196 197 rv = ImportEncryptedECPrivateKeyInfoAndReturnKey( 198 slot, 199 &epki, 200 &password_item, 201 NULL, // nickname 202 &(*public_key)->u.ec.publicValue, 203 permanent, 204 sensitive, 205 key, 206 NULL); // wincx 207 if (rv != SECSuccess) { 208 DLOG(ERROR) << "ImportEncryptedECPrivateKeyInfoAndReturnKey: " 209 << PORT_GetError(); 210 SECKEY_DestroyPublicKey(*public_key); 211 *public_key = NULL; 212 return false; 213 } 214 215 return true; 216 } 217 218 ECPrivateKey* ECPrivateKey::Copy() const { 219 scoped_ptr<ECPrivateKey> copy(new ECPrivateKey); 220 if (key_) { 221 copy->key_ = SECKEY_CopyPrivateKey(key_); 222 if (!copy->key_) 223 return NULL; 224 } 225 if (public_key_) { 226 copy->public_key_ = SECKEY_CopyPublicKey(public_key_); 227 if (!copy->public_key_) 228 return NULL; 229 } 230 return copy.release(); 231 } 232 233 bool ECPrivateKey::ExportEncryptedPrivateKey( 234 const std::string& password, 235 int iterations, 236 std::vector<uint8>* output) { 237 // We export as an EncryptedPrivateKeyInfo bundle instead of a plain PKCS #8 238 // PrivateKeyInfo because PK11_ImportDERPrivateKeyInfoAndReturnKey doesn't 239 // support EC keys. 240 // https://bugzilla.mozilla.org/show_bug.cgi?id=327773 241 SECItem password_item = { 242 siBuffer, 243 reinterpret_cast<unsigned char*>(const_cast<char*>(password.data())), 244 static_cast<unsigned>(password.size()) 245 }; 246 247 SECKEYEncryptedPrivateKeyInfo* encrypted = PK11_ExportEncryptedPrivKeyInfo( 248 NULL, // Slot, optional. 249 SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC, 250 &password_item, 251 key_, 252 iterations, 253 NULL); // wincx. 254 255 if (!encrypted) { 256 DLOG(ERROR) << "PK11_ExportEncryptedPrivKeyInfo: " << PORT_GetError(); 257 return false; 258 } 259 260 ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE)); 261 SECItem der_key = {siBuffer, NULL, 0}; 262 SECItem* encoded_item = SEC_ASN1EncodeItem( 263 arena.get(), 264 &der_key, 265 encrypted, 266 SEC_ASN1_GET(SECKEY_EncryptedPrivateKeyInfoTemplate)); 267 SECKEY_DestroyEncryptedPrivateKeyInfo(encrypted, PR_TRUE); 268 if (!encoded_item) { 269 DLOG(ERROR) << "SEC_ASN1EncodeItem: " << PORT_GetError(); 270 return false; 271 } 272 273 output->assign(der_key.data, der_key.data + der_key.len); 274 275 return true; 276 } 277 278 bool ECPrivateKey::ExportPublicKey(std::vector<uint8>* output) { 279 ScopedSECItem der_pubkey( 280 SECKEY_EncodeDERSubjectPublicKeyInfo(public_key_)); 281 if (!der_pubkey.get()) { 282 return false; 283 } 284 285 output->assign(der_pubkey->data, der_pubkey->data + der_pubkey->len); 286 return true; 287 } 288 289 bool ECPrivateKey::ExportRawPublicKey(std::string* output) { 290 // public_key_->u.ec.publicValue is an ANSI X9.62 public key which, for 291 // a P-256 key, is 0x04 (meaning uncompressed) followed by the x and y field 292 // elements as 32-byte, big-endian numbers. 293 static const unsigned int kExpectedKeyLength = 65; 294 295 CHECK_EQ(ecKey, SECKEY_GetPublicKeyType(public_key_)); 296 const unsigned char* const data = public_key_->u.ec.publicValue.data; 297 const unsigned int len = public_key_->u.ec.publicValue.len; 298 if (len != kExpectedKeyLength || data[0] != 0x04) 299 return false; 300 301 output->assign(reinterpret_cast<const char*>(data + 1), 302 kExpectedKeyLength - 1); 303 return true; 304 } 305 306 bool ECPrivateKey::ExportValue(std::vector<uint8>* output) { 307 return ReadAttribute(key_, CKA_VALUE, output); 308 } 309 310 bool ECPrivateKey::ExportECParams(std::vector<uint8>* output) { 311 return ReadAttribute(key_, CKA_EC_PARAMS, output); 312 } 313 314 ECPrivateKey::ECPrivateKey() : key_(NULL), public_key_(NULL) {} 315 316 // static 317 ECPrivateKey* ECPrivateKey::CreateWithParams(PK11SlotInfo* slot, 318 bool permanent, 319 bool sensitive) { 320 if (!slot) 321 return NULL; 322 323 scoped_ptr<ECPrivateKey> result(new ECPrivateKey); 324 325 SECOidData* oid_data = SECOID_FindOIDByTag(SEC_OID_SECG_EC_SECP256R1); 326 if (!oid_data) { 327 DLOG(ERROR) << "SECOID_FindOIDByTag: " << PORT_GetError(); 328 return NULL; 329 } 330 331 // SECKEYECParams is a SECItem containing the DER encoded ASN.1 ECParameters 332 // value. For a named curve, that is just the OBJECT IDENTIFIER of the curve. 333 // In addition to the oid data, the encoding requires one byte for the ASN.1 334 // tag and one byte for the length (assuming the length is <= 127). 335 DCHECK_LE(oid_data->oid.len, 127U); 336 std::vector<unsigned char> parameters_buf(2 + oid_data->oid.len); 337 SECKEYECParams ec_parameters = { 338 siDEROID, ¶meters_buf[0], 339 static_cast<unsigned>(parameters_buf.size()) 340 }; 341 342 ec_parameters.data[0] = SEC_ASN1_OBJECT_ID; 343 ec_parameters.data[1] = oid_data->oid.len; 344 memcpy(ec_parameters.data + 2, oid_data->oid.data, oid_data->oid.len); 345 346 result->key_ = PK11_GenerateKeyPair(slot, 347 CKM_EC_KEY_PAIR_GEN, 348 &ec_parameters, 349 &result->public_key_, 350 permanent, 351 sensitive, 352 NULL); 353 if (!result->key_) { 354 DLOG(ERROR) << "PK11_GenerateKeyPair: " << PORT_GetError(); 355 return NULL; 356 } 357 CHECK_EQ(ecKey, SECKEY_GetPublicKeyType(result->public_key_)); 358 359 return result.release(); 360 } 361 362 // static 363 ECPrivateKey* ECPrivateKey::CreateFromEncryptedPrivateKeyInfoWithParams( 364 PK11SlotInfo* slot, 365 const std::string& password, 366 const std::vector<uint8>& encrypted_private_key_info, 367 const std::vector<uint8>& subject_public_key_info, 368 bool permanent, 369 bool sensitive) { 370 scoped_ptr<ECPrivateKey> result(new ECPrivateKey); 371 372 SECItem encoded_spki = { 373 siBuffer, 374 const_cast<unsigned char*>(&subject_public_key_info[0]), 375 static_cast<unsigned>(subject_public_key_info.size()) 376 }; 377 CERTSubjectPublicKeyInfo* decoded_spki = SECKEY_DecodeDERSubjectPublicKeyInfo( 378 &encoded_spki); 379 if (!decoded_spki) { 380 DLOG(ERROR) << "SECKEY_DecodeDERSubjectPublicKeyInfo: " << PORT_GetError(); 381 return NULL; 382 } 383 384 bool success = ImportFromEncryptedPrivateKeyInfo( 385 slot, 386 password, 387 &encrypted_private_key_info[0], 388 encrypted_private_key_info.size(), 389 decoded_spki, 390 permanent, 391 sensitive, 392 &result->key_, 393 &result->public_key_); 394 395 SECKEY_DestroySubjectPublicKeyInfo(decoded_spki); 396 397 if (success) { 398 CHECK_EQ(ecKey, SECKEY_GetPublicKeyType(result->public_key_)); 399 return result.release(); 400 } 401 402 return NULL; 403 } 404 405 } // namespace crypto 406