crypto/rsa_private_key_nss.cc

   1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "crypto/rsa_private_key.h"
   6
   7 #include <cryptohi.h>
   8 #include <keyhi.h>
   9 #include <pk11pub.h>
  10
  11 #include <list>
  12
  13 #include "base/debug/leak_annotations.h"
  14 #include "base/logging.h"
  15 #include "base/memory/scoped_ptr.h"
  16 #include "base/strings/string_util.h"
  17 #include "crypto/nss_key_util.h"
  18 #include "crypto/nss_util.h"
  19 #include "crypto/scoped_nss_types.h"
  20
  21 // TODO(rafaelw): Consider using NSS's ASN.1 encoder.
  22 namespace {
  23
  24 static bool ReadAttribute(SECKEYPrivateKey* key,
  25                           CK_ATTRIBUTE_TYPE type,
  26                           std::vector<uint8>* output) {
  27   SECItem item;
  28   SECStatus rv;
  29   rv = PK11_ReadRawAttribute(PK11_TypePrivKey, key, type, &item);
  30   if (rv != SECSuccess) {
  31     NOTREACHED();
  32     return false;
  33   }
  34
  35   output->assign(item.data, item.data + item.len);
  36   SECITEM_FreeItem(&item, PR_FALSE);
  37   return true;
  38 }
  39
  40 }  // namespace
  41
  42 namespace crypto {
  43
  44 RSAPrivateKey::~RSAPrivateKey() {
  45   if (key_)
  46     SECKEY_DestroyPrivateKey(key_);
  47   if (public_key_)
  48     SECKEY_DestroyPublicKey(public_key_);
  49 }
  50
  51 // static
  52 RSAPrivateKey* RSAPrivateKey::Create(uint16 num_bits) {
  53   EnsureNSSInit();
  54
  55   ScopedPK11Slot slot(PK11_GetInternalSlot());
  56   if (!slot) {
  57     NOTREACHED();
  58     return nullptr;
  59   }
  60
  61   ScopedSECKEYPublicKey public_key;
  62   ScopedSECKEYPrivateKey private_key;
  63   if (!GenerateRSAKeyPairNSS(slot.get(), num_bits, false /* not permanent */,
  64                              &public_key, &private_key)) {
  65     return nullptr;
  66   }
  67
  68   RSAPrivateKey* rsa_key = new RSAPrivateKey;
  69   rsa_key->public_key_ = public_key.release();
  70   rsa_key->key_ = private_key.release();
  71   return rsa_key;
  72 }
  73
  74 // static
  75 RSAPrivateKey* RSAPrivateKey::CreateFromPrivateKeyInfo(
  76     const std::vector<uint8>& input) {
  77   EnsureNSSInit();
  78
  79   ScopedPK11Slot slot(PK11_GetInternalSlot());
  80   if (!slot) {
  81     NOTREACHED();
  82     return nullptr;
  83   }
  84   ScopedSECKEYPrivateKey key(ImportNSSKeyFromPrivateKeyInfo(
  85       slot.get(), input, false /* not permanent */));
  86   if (!key || SECKEY_GetPrivateKeyType(key.get()) != rsaKey)
  87     return nullptr;
  88   return RSAPrivateKey::CreateFromKey(key.get());
  89 }
  90
  91 // static
  92 RSAPrivateKey* RSAPrivateKey::CreateFromKey(SECKEYPrivateKey* key) {
  93   DCHECK(key);
  94   if (SECKEY_GetPrivateKeyType(key) != rsaKey)
  95     return NULL;
  96   RSAPrivateKey* copy = new RSAPrivateKey();
  97   copy->key_ = SECKEY_CopyPrivateKey(key);
  98   copy->public_key_ = SECKEY_ConvertToPublicKey(key);
  99   if (!copy->key_ || !copy->public_key_) {
 100     NOTREACHED();
 101     delete copy;
 102     return NULL;
 103   }
 104   return copy;
 105 }
 106
 107 RSAPrivateKey* RSAPrivateKey::Copy() const {
 108   RSAPrivateKey* copy = new RSAPrivateKey();
 109   copy->key_ = SECKEY_CopyPrivateKey(key_);
 110   copy->public_key_ = SECKEY_CopyPublicKey(public_key_);
 111   return copy;
 112 }
 113
 114 bool RSAPrivateKey::ExportPrivateKey(std::vector<uint8>* output) const {
 115   PrivateKeyInfoCodec private_key_info(true);
 116
 117   // Manually read the component attributes of the private key and build up
 118   // the PrivateKeyInfo.
 119   if (!ReadAttribute(key_, CKA_MODULUS, private_key_info.modulus()) ||
 120       !ReadAttribute(key_, CKA_PUBLIC_EXPONENT,
 121           private_key_info.public_exponent()) ||
 122       !ReadAttribute(key_, CKA_PRIVATE_EXPONENT,
 123           private_key_info.private_exponent()) ||
 124       !ReadAttribute(key_, CKA_PRIME_1, private_key_info.prime1()) ||
 125       !ReadAttribute(key_, CKA_PRIME_2, private_key_info.prime2()) ||
 126       !ReadAttribute(key_, CKA_EXPONENT_1, private_key_info.exponent1()) ||
 127       !ReadAttribute(key_, CKA_EXPONENT_2, private_key_info.exponent2()) ||
 128       !ReadAttribute(key_, CKA_COEFFICIENT, private_key_info.coefficient())) {
 129     NOTREACHED();
 130     return false;
 131   }
 132
 133   return private_key_info.Export(output);
 134 }
 135
 136 bool RSAPrivateKey::ExportPublicKey(std::vector<uint8>* output) const {
 137   ScopedSECItem der_pubkey(SECKEY_EncodeDERSubjectPublicKeyInfo(public_key_));
 138   if (!der_pubkey.get()) {
 139     NOTREACHED();
 140     return false;
 141   }
 142
 143   output->assign(der_pubkey->data, der_pubkey->data + der_pubkey->len);
 144   return true;
 145 }
 146
 147 RSAPrivateKey::RSAPrivateKey() : key_(NULL), public_key_(NULL) {
 148   EnsureNSSInit();
 149 }
 150
 151 }  // namespace crypto