OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "crypto/ec_private_key.h" | 5 #include "crypto/ec_private_key.h" |
6 | 6 |
7 extern "C" { | 7 extern "C" { |
8 // Work around NSS missing SEC_BEGIN_PROTOS in secmodt.h. This must come before | 8 // Work around NSS missing SEC_BEGIN_PROTOS in secmodt.h. This must come before |
9 // other NSS headers. | 9 // other NSS headers. |
10 #include <secmodt.h> | 10 #include <secmodt.h> |
11 } | 11 } |
12 | 12 |
13 #include <cryptohi.h> | 13 #include <cryptohi.h> |
14 #include <keyhi.h> | 14 #include <keyhi.h> |
15 #include <pk11pub.h> | 15 #include <pk11pub.h> |
16 #include <secmod.h> | 16 #include <secmod.h> |
17 | 17 |
| 18 #include "base/lazy_instance.h" |
18 #include "base/logging.h" | 19 #include "base/logging.h" |
19 #include "base/memory/scoped_ptr.h" | 20 #include "base/memory/scoped_ptr.h" |
20 #include "crypto/nss_util.h" | 21 #include "crypto/nss_util.h" |
21 #include "crypto/nss_util_internal.h" | 22 #include "crypto/nss_util_internal.h" |
22 #include "crypto/scoped_nss_types.h" | 23 #include "crypto/scoped_nss_types.h" |
23 #include "crypto/third_party/nss/chromium-nss.h" | 24 #include "crypto/third_party/nss/chromium-nss.h" |
24 | 25 |
25 namespace { | 26 namespace { |
26 | 27 |
| 28 PK11SlotInfo* GetKeySlot() { |
| 29 return crypto::GetPublicNSSKeySlot(); |
| 30 } |
| 31 |
| 32 class EllipticCurveSupportChecker { |
| 33 public: |
| 34 EllipticCurveSupportChecker() { |
| 35 // NOTE: we can do this check here only because we use the NSS internal |
| 36 // slot. If we support other slots in the future, checking whether they |
| 37 // support ECDSA may block NSS, and the value may also change as devices are |
| 38 // inserted/removed, so we would need to re-check on every use. |
| 39 crypto::EnsureNSSInit(); |
| 40 crypto::ScopedPK11Slot slot(GetKeySlot()); |
| 41 supported_ = PK11_DoesMechanism(slot.get(), CKM_EC_KEY_PAIR_GEN) && |
| 42 PK11_DoesMechanism(slot.get(), CKM_ECDSA); |
| 43 } |
| 44 |
| 45 bool Supported() { |
| 46 return supported_; |
| 47 } |
| 48 |
| 49 private: |
| 50 bool supported_; |
| 51 }; |
| 52 |
| 53 static base::LazyInstance<EllipticCurveSupportChecker>::Leaky |
| 54 g_elliptic_curve_supported = LAZY_INSTANCE_INITIALIZER; |
| 55 |
27 // Copied from rsa_private_key_nss.cc. | 56 // Copied from rsa_private_key_nss.cc. |
28 static bool ReadAttribute(SECKEYPrivateKey* key, | 57 static bool ReadAttribute(SECKEYPrivateKey* key, |
29 CK_ATTRIBUTE_TYPE type, | 58 CK_ATTRIBUTE_TYPE type, |
30 std::vector<uint8>* output) { | 59 std::vector<uint8>* output) { |
31 SECItem item; | 60 SECItem item; |
32 SECStatus rv; | 61 SECStatus rv; |
33 rv = PK11_ReadRawAttribute(PK11_TypePrivKey, key, type, &item); | 62 rv = PK11_ReadRawAttribute(PK11_TypePrivKey, key, type, &item); |
34 if (rv != SECSuccess) { | 63 if (rv != SECSuccess) { |
35 DLOG(ERROR) << "PK11_ReadRawAttribute: " << PORT_GetError(); | 64 DLOG(ERROR) << "PK11_ReadRawAttribute: " << PORT_GetError(); |
36 return false; | 65 return false; |
37 } | 66 } |
38 | 67 |
39 output->assign(item.data, item.data + item.len); | 68 output->assign(item.data, item.data + item.len); |
40 SECITEM_FreeItem(&item, PR_FALSE); | 69 SECITEM_FreeItem(&item, PR_FALSE); |
41 return true; | 70 return true; |
42 } | 71 } |
43 | 72 |
44 } // namespace | 73 } // namespace |
45 | 74 |
46 namespace crypto { | 75 namespace crypto { |
47 | 76 |
48 ECPrivateKey::~ECPrivateKey() { | 77 ECPrivateKey::~ECPrivateKey() { |
49 if (key_) | 78 if (key_) |
50 SECKEY_DestroyPrivateKey(key_); | 79 SECKEY_DestroyPrivateKey(key_); |
51 if (public_key_) | 80 if (public_key_) |
52 SECKEY_DestroyPublicKey(public_key_); | 81 SECKEY_DestroyPublicKey(public_key_); |
53 } | 82 } |
54 | 83 |
55 // static | 84 // static |
| 85 bool ECPrivateKey::IsSupported() { |
| 86 return g_elliptic_curve_supported.Get().Supported(); |
| 87 } |
| 88 |
| 89 // static |
56 ECPrivateKey* ECPrivateKey::Create() { | 90 ECPrivateKey* ECPrivateKey::Create() { |
57 return CreateWithParams(PR_FALSE /* not permanent */, | 91 return CreateWithParams(PR_FALSE /* not permanent */, |
58 PR_FALSE /* not sensitive */); | 92 PR_FALSE /* not sensitive */); |
59 } | 93 } |
60 | 94 |
61 // static | 95 // static |
62 ECPrivateKey* ECPrivateKey::CreateSensitive() { | 96 ECPrivateKey* ECPrivateKey::CreateSensitive() { |
63 #if defined(USE_NSS) | 97 #if defined(USE_NSS) |
64 return CreateWithParams(PR_TRUE /* permanent */, | 98 return CreateWithParams(PR_TRUE /* permanent */, |
65 PR_TRUE /* sensitive */); | 99 PR_TRUE /* sensitive */); |
(...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
107 // static | 141 // static |
108 bool ECPrivateKey::ImportFromEncryptedPrivateKeyInfo( | 142 bool ECPrivateKey::ImportFromEncryptedPrivateKeyInfo( |
109 const std::string& password, | 143 const std::string& password, |
110 const uint8* encrypted_private_key_info, | 144 const uint8* encrypted_private_key_info, |
111 size_t encrypted_private_key_info_len, | 145 size_t encrypted_private_key_info_len, |
112 CERTSubjectPublicKeyInfo* decoded_spki, | 146 CERTSubjectPublicKeyInfo* decoded_spki, |
113 bool permanent, | 147 bool permanent, |
114 bool sensitive, | 148 bool sensitive, |
115 SECKEYPrivateKey** key, | 149 SECKEYPrivateKey** key, |
116 SECKEYPublicKey** public_key) { | 150 SECKEYPublicKey** public_key) { |
117 ScopedPK11Slot slot(GetPublicNSSKeySlot()); | 151 ScopedPK11Slot slot(GetKeySlot()); |
118 if (!slot.get()) | 152 if (!slot.get()) |
119 return false; | 153 return false; |
120 | 154 |
121 *public_key = SECKEY_ExtractPublicKey(decoded_spki); | 155 *public_key = SECKEY_ExtractPublicKey(decoded_spki); |
122 | 156 |
123 if (!*public_key) { | 157 if (!*public_key) { |
124 DLOG(ERROR) << "SECKEY_ExtractPublicKey: " << PORT_GetError(); | 158 DLOG(ERROR) << "SECKEY_ExtractPublicKey: " << PORT_GetError(); |
125 return false; | 159 return false; |
126 } | 160 } |
127 | 161 |
(...skipping 112 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
240 | 274 |
241 ECPrivateKey::ECPrivateKey() : key_(NULL), public_key_(NULL) {} | 275 ECPrivateKey::ECPrivateKey() : key_(NULL), public_key_(NULL) {} |
242 | 276 |
243 // static | 277 // static |
244 ECPrivateKey* ECPrivateKey::CreateWithParams(bool permanent, | 278 ECPrivateKey* ECPrivateKey::CreateWithParams(bool permanent, |
245 bool sensitive) { | 279 bool sensitive) { |
246 EnsureNSSInit(); | 280 EnsureNSSInit(); |
247 | 281 |
248 scoped_ptr<ECPrivateKey> result(new ECPrivateKey); | 282 scoped_ptr<ECPrivateKey> result(new ECPrivateKey); |
249 | 283 |
250 ScopedPK11Slot slot(GetPrivateNSSKeySlot()); | 284 ScopedPK11Slot slot(GetKeySlot()); |
251 if (!slot.get()) | 285 if (!slot.get()) |
252 return NULL; | 286 return NULL; |
253 | 287 |
254 SECOidData* oid_data = SECOID_FindOIDByTag(SEC_OID_SECG_EC_SECP256R1); | 288 SECOidData* oid_data = SECOID_FindOIDByTag(SEC_OID_SECG_EC_SECP256R1); |
255 if (!oid_data) { | 289 if (!oid_data) { |
256 DLOG(ERROR) << "SECOID_FindOIDByTag: " << PORT_GetError(); | 290 DLOG(ERROR) << "SECOID_FindOIDByTag: " << PORT_GetError(); |
257 return NULL; | 291 return NULL; |
258 } | 292 } |
259 | 293 |
260 // SECKEYECParams is a SECItem containing the DER encoded ASN.1 ECParameters | 294 // SECKEYECParams is a SECItem containing the DER encoded ASN.1 ECParameters |
(...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
322 | 356 |
323 SECKEY_DestroySubjectPublicKeyInfo(decoded_spki); | 357 SECKEY_DestroySubjectPublicKeyInfo(decoded_spki); |
324 | 358 |
325 if (success) | 359 if (success) |
326 return result.release(); | 360 return result.release(); |
327 | 361 |
328 return NULL; | 362 return NULL; |
329 } | 363 } |
330 | 364 |
331 } // namespace crypto | 365 } // namespace crypto |
OLD | NEW |