crypto/ec_private_key_nss.cc

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "crypto/ec_private_key.h"
   6
   7 extern "C" {
   8 // Work around NSS missing SEC_BEGIN_PROTOS in secmodt.h.  This must come before
   9 // other NSS headers.
  10 #include <secmodt.h>
  11 }
  12
  13 #include <cryptohi.h>
  14 #include <keyhi.h>
  15 #include <pk11pub.h>
  16 #include <secmod.h>
  17
  18 #include "base/lazy_instance.h"
  19 #include "base/logging.h"
  20 #include "base/memory/scoped_ptr.h"
  21 #include "crypto/nss_util.h"
  22 #include "crypto/nss_util_internal.h"
  23 #include "crypto/scoped_nss_types.h"
  24 #include "crypto/third_party/nss/chromium-nss.h"
  25
  26 namespace {
  27
  28 PK11SlotInfo* GetKeySlot() {
  29   return crypto::GetPublicNSSKeySlot();
  30 }
  31
  32 class EllipticCurveSupportChecker {
  33  public:
  34   EllipticCurveSupportChecker() {
  35     // NOTE: we can do this check here only because we use the NSS internal
  36     // slot.  If we support other slots in the future, checking whether they
  37     // support ECDSA may block NSS, and the value may also change as devices are
  38     // inserted/removed, so we would need to re-check on every use.
  39     crypto::EnsureNSSInit();
  40     crypto::ScopedPK11Slot slot(GetKeySlot());
  41     supported_ = PK11_DoesMechanism(slot.get(), CKM_EC_KEY_PAIR_GEN) &&
  42         PK11_DoesMechanism(slot.get(), CKM_ECDSA);
  43   }
  44
  45   bool Supported() {
  46     return supported_;
  47   }
  48
  49  private:
  50   bool supported_;
  51 };
  52
  53 static base::LazyInstance<EllipticCurveSupportChecker>::Leaky
  54     g_elliptic_curve_supported = LAZY_INSTANCE_INITIALIZER;
  55
  56 // Copied from rsa_private_key_nss.cc.
  57 static bool ReadAttribute(SECKEYPrivateKey* key,
  58                           CK_ATTRIBUTE_TYPE type,
  59                           std::vector<uint8>* output) {
  60   SECItem item;
  61   SECStatus rv;
  62   rv = PK11_ReadRawAttribute(PK11_TypePrivKey, key, type, &item);
  63   if (rv != SECSuccess) {
  64     DLOG(ERROR) << "PK11_ReadRawAttribute: " << PORT_GetError();
  65     return false;
  66   }
  67
  68   output->assign(item.data, item.data + item.len);
  69   SECITEM_FreeItem(&item, PR_FALSE);
  70   return true;
  71 }
  72
  73 }  // namespace
  74
  75 namespace crypto {
  76
  77 ECPrivateKey::~ECPrivateKey() {
  78   if (key_)
  79     SECKEY_DestroyPrivateKey(key_);
  80   if (public_key_)
  81     SECKEY_DestroyPublicKey(public_key_);
  82 }
  83
  84 // static
  85 bool ECPrivateKey::IsSupported() {
  86   return g_elliptic_curve_supported.Get().Supported();
  87 }
  88
  89 // static
  90 ECPrivateKey* ECPrivateKey::Create() {
  91   return CreateWithParams(PR_FALSE /* not permanent */,
  92                           PR_FALSE /* not sensitive */);
  93 }
  94
  95 // static
  96 ECPrivateKey* ECPrivateKey::CreateSensitive() {
  97 #if defined(USE_NSS)
  98   return CreateWithParams(PR_TRUE /* permanent */,
  99                           PR_TRUE /* sensitive */);
 100 #else
 101   // If USE_NSS is not defined, we initialize NSS with no databases, so we can't
 102   // create permanent keys.
 103   NOTREACHED();
 104   return NULL;
 105 #endif
 106 }
 107
 108 // static
 109 ECPrivateKey* ECPrivateKey::CreateFromEncryptedPrivateKeyInfo(
 110     const std::string& password,
 111     const std::vector<uint8>& encrypted_private_key_info,
 112     const std::vector<uint8>& subject_public_key_info) {
 113   return CreateFromEncryptedPrivateKeyInfoWithParams(
 114       password,
 115       encrypted_private_key_info,
 116       subject_public_key_info,
 117       PR_FALSE /* not permanent */,
 118       PR_FALSE /* not sensitive */);
 119 }
 120
 121 // static
 122 ECPrivateKey* ECPrivateKey::CreateSensitiveFromEncryptedPrivateKeyInfo(
 123     const std::string& password,
 124     const std::vector<uint8>& encrypted_private_key_info,
 125     const std::vector<uint8>& subject_public_key_info) {
 126 #if defined(USE_NSS)
 127   return CreateFromEncryptedPrivateKeyInfoWithParams(
 128       password,
 129       encrypted_private_key_info,
 130       subject_public_key_info,
 131       PR_TRUE /* permanent */,
 132       PR_TRUE /* sensitive */);
 133 #else
 134   // If USE_NSS is not defined, we initialize NSS with no databases, so we can't
 135   // create permanent keys.
 136   NOTREACHED();
 137   return NULL;
 138 #endif
 139 }
 140
 141 // static
 142 bool ECPrivateKey::ImportFromEncryptedPrivateKeyInfo(
 143     const std::string& password,
 144     const uint8* encrypted_private_key_info,
 145     size_t encrypted_private_key_info_len,
 146     CERTSubjectPublicKeyInfo* decoded_spki,
 147     bool permanent,
 148     bool sensitive,
 149     SECKEYPrivateKey** key,
 150     SECKEYPublicKey** public_key) {
 151   ScopedPK11Slot slot(GetKeySlot());
 152   if (!slot.get())
 153     return false;
 154
 155   *public_key = SECKEY_ExtractPublicKey(decoded_spki);
 156
 157   if (!*public_key) {
 158     DLOG(ERROR) << "SECKEY_ExtractPublicKey: " << PORT_GetError();
 159     return false;
 160   }
 161
 162   SECItem encoded_epki = {
 163     siBuffer,
 164     const_cast<unsigned char*>(encrypted_private_key_info),
 165     static_cast<unsigned>(encrypted_private_key_info_len)
 166   };
 167   SECKEYEncryptedPrivateKeyInfo epki;
 168   memset(&epki, 0, sizeof(epki));
 169
 170   ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
 171
 172   SECStatus rv = SEC_QuickDERDecodeItem(
 173       arena.get(),
 174       &epki,
 175       SEC_ASN1_GET(SECKEY_EncryptedPrivateKeyInfoTemplate),
 176       &encoded_epki);
 177   if (rv != SECSuccess) {
 178     DLOG(ERROR) << "SEC_QuickDERDecodeItem: " << PORT_GetError();
 179     SECKEY_DestroyPublicKey(*public_key);
 180     *public_key = NULL;
 181     return false;
 182   }
 183
 184   SECItem password_item = {
 185     siBuffer,
 186     reinterpret_cast<unsigned char*>(const_cast<char*>(password.data())),
 187     static_cast<unsigned>(password.size())
 188   };
 189
 190   rv = ImportEncryptedECPrivateKeyInfoAndReturnKey(
 191       slot.get(),
 192       &epki,
 193       &password_item,
 194       NULL,  // nickname
 195       &(*public_key)->u.ec.publicValue,
 196       permanent,
 197       sensitive,
 198       key,
 199       NULL);  // wincx
 200   if (rv != SECSuccess) {
 201     DLOG(ERROR) << "ImportEncryptedECPrivateKeyInfoAndReturnKey: "
 202                 << PORT_GetError();
 203     SECKEY_DestroyPublicKey(*public_key);
 204     *public_key = NULL;
 205     return false;
 206   }
 207
 208   return true;
 209 }
 210
 211 bool ECPrivateKey::ExportEncryptedPrivateKey(
 212     const std::string& password,
 213     int iterations,
 214     std::vector<uint8>* output) {
 215   // We export as an EncryptedPrivateKeyInfo bundle instead of a plain PKCS #8
 216   // PrivateKeyInfo because PK11_ImportDERPrivateKeyInfoAndReturnKey doesn't
 217   // support EC keys.
 218   // https://bugzilla.mozilla.org/show_bug.cgi?id=327773
 219   SECItem password_item = {
 220     siBuffer,
 221     reinterpret_cast<unsigned char*>(const_cast<char*>(password.data())),
 222     static_cast<unsigned>(password.size())
 223   };
 224
 225   SECKEYEncryptedPrivateKeyInfo* encrypted = PK11_ExportEncryptedPrivKeyInfo(
 226       NULL, // Slot, optional.
 227       SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC,
 228       &password_item,
 229       key_,
 230       iterations,
 231       NULL); // wincx.
 232
 233   if (!encrypted) {
 234     DLOG(ERROR) << "PK11_ExportEncryptedPrivKeyInfo: " << PORT_GetError();
 235     return false;
 236   }
 237
 238   ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
 239   SECItem der_key = {siBuffer, NULL, 0};
 240   SECItem* encoded_item = SEC_ASN1EncodeItem(
 241       arena.get(),
 242       &der_key,
 243       encrypted,
 244       SEC_ASN1_GET(SECKEY_EncryptedPrivateKeyInfoTemplate));
 245   SECKEY_DestroyEncryptedPrivateKeyInfo(encrypted, PR_TRUE);
 246   if (!encoded_item) {
 247     DLOG(ERROR) << "SEC_ASN1EncodeItem: " << PORT_GetError();
 248     return false;
 249   }
 250
 251   output->assign(der_key.data, der_key.data + der_key.len);
 252
 253   return true;
 254 }
 255
 256 bool ECPrivateKey::ExportPublicKey(std::vector<uint8>* output) {
 257   ScopedSECItem der_pubkey(
 258       SECKEY_EncodeDERSubjectPublicKeyInfo(public_key_));
 259   if (!der_pubkey.get()) {
 260     return false;
 261   }
 262
 263   output->assign(der_pubkey->data, der_pubkey->data + der_pubkey->len);
 264   return true;
 265 }
 266
 267 bool ECPrivateKey::ExportValue(std::vector<uint8>* output) {
 268   return ReadAttribute(key_, CKA_VALUE, output);
 269 }
 270
 271 bool ECPrivateKey::ExportECParams(std::vector<uint8>* output) {
 272   return ReadAttribute(key_, CKA_EC_PARAMS, output);
 273 }
 274
 275 ECPrivateKey::ECPrivateKey() : key_(NULL), public_key_(NULL) {}
 276
 277 // static
 278 ECPrivateKey* ECPrivateKey::CreateWithParams(bool permanent,
 279                                              bool sensitive) {
 280   EnsureNSSInit();
 281
 282   scoped_ptr<ECPrivateKey> result(new ECPrivateKey);
 283
 284   ScopedPK11Slot slot(GetKeySlot());
 285   if (!slot.get())
 286     return NULL;
 287
 288   SECOidData* oid_data = SECOID_FindOIDByTag(SEC_OID_SECG_EC_SECP256R1);
 289   if (!oid_data) {
 290     DLOG(ERROR) << "SECOID_FindOIDByTag: " << PORT_GetError();
 291     return NULL;
 292   }
 293
 294   // SECKEYECParams is a SECItem containing the DER encoded ASN.1 ECParameters
 295   // value.  For a named curve, that is just the OBJECT IDENTIFIER of the curve.
 296   // In addition to the oid data, the encoding requires one byte for the ASN.1
 297   // tag and one byte for the length (assuming the length is <= 127).
 298   DCHECK_LE(oid_data->oid.len, 127U);
 299   std::vector<unsigned char> parameters_buf(2 + oid_data->oid.len);
 300   SECKEYECParams ec_parameters = {
 301     siDEROID, &parameters_buf[0],
 302     static_cast<unsigned>(parameters_buf.size())
 303   };
 304
 305   ec_parameters.data[0] = SEC_ASN1_OBJECT_ID;
 306   ec_parameters.data[1] = oid_data->oid.len;
 307   memcpy(ec_parameters.data + 2, oid_data->oid.data, oid_data->oid.len);
 308
 309   result->key_ = PK11_GenerateKeyPair(slot.get(),
 310                                       CKM_EC_KEY_PAIR_GEN,
 311                                       &ec_parameters,
 312                                       &result->public_key_,
 313                                       permanent,
 314                                       sensitive,
 315                                       NULL);
 316   if (!result->key_) {
 317     DLOG(ERROR) << "PK11_GenerateKeyPair: " << PORT_GetError();
 318     return NULL;
 319   }
 320
 321   return result.release();
 322 }
 323
 324 // static
 325 ECPrivateKey* ECPrivateKey::CreateFromEncryptedPrivateKeyInfoWithParams(
 326     const std::string& password,
 327     const std::vector<uint8>& encrypted_private_key_info,
 328     const std::vector<uint8>& subject_public_key_info,
 329     bool permanent,
 330     bool sensitive) {
 331   EnsureNSSInit();
 332
 333   scoped_ptr<ECPrivateKey> result(new ECPrivateKey);
 334
 335   SECItem encoded_spki = {
 336     siBuffer,
 337     const_cast<unsigned char*>(&subject_public_key_info[0]),
 338     static_cast<unsigned>(subject_public_key_info.size())
 339   };
 340   CERTSubjectPublicKeyInfo* decoded_spki = SECKEY_DecodeDERSubjectPublicKeyInfo(
 341       &encoded_spki);
 342   if (!decoded_spki) {
 343     DLOG(ERROR) << "SECKEY_DecodeDERSubjectPublicKeyInfo: " << PORT_GetError();
 344     return NULL;
 345   }
 346
 347   bool success = ECPrivateKey::ImportFromEncryptedPrivateKeyInfo(
 348       password,
 349       &encrypted_private_key_info[0],
 350       encrypted_private_key_info.size(),
 351       decoded_spki,
 352       permanent,
 353       sensitive,
 354       &result->key_,
 355       &result->public_key_);
 356
 357   SECKEY_DestroySubjectPublicKeyInfo(decoded_spki);
 358
 359   if (success)
 360     return result.release();
 361
 362   return NULL;
 363 }
 364
 365 }  // namespace crypto