| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "crypto/ec_private_key.h" | 5 #include "crypto/ec_private_key.h" |
| 6 | 6 |
| 7 extern "C" { | 7 extern "C" { |
| 8 // Work around NSS missing SEC_BEGIN_PROTOS in secmodt.h. This must come before | 8 // Work around NSS missing SEC_BEGIN_PROTOS in secmodt.h. This must come before |
| 9 // other NSS headers. | 9 // other NSS headers. |
| 10 #include <secmodt.h> | 10 #include <secmodt.h> |
| 11 } | 11 } |
| 12 | 12 |
| 13 #include <cryptohi.h> | 13 #include <cryptohi.h> |
| 14 #include <keyhi.h> | 14 #include <keyhi.h> |
| 15 #include <pk11pub.h> | 15 #include <pk11pub.h> |
| 16 #include <secmod.h> | 16 #include <secmod.h> |
| 17 | 17 |
| 18 #include "base/lazy_instance.h" |
| 18 #include "base/logging.h" | 19 #include "base/logging.h" |
| 19 #include "base/memory/scoped_ptr.h" | 20 #include "base/memory/scoped_ptr.h" |
| 20 #include "crypto/nss_util.h" | 21 #include "crypto/nss_util.h" |
| 21 #include "crypto/nss_util_internal.h" | 22 #include "crypto/nss_util_internal.h" |
| 22 #include "crypto/scoped_nss_types.h" | 23 #include "crypto/scoped_nss_types.h" |
| 23 #include "crypto/third_party/nss/chromium-nss.h" | 24 #include "crypto/third_party/nss/chromium-nss.h" |
| 24 | 25 |
| 25 namespace { | 26 namespace { |
| 26 | 27 |
| 28 PK11SlotInfo* GetKeySlot() { |
| 29 return crypto::GetPublicNSSKeySlot(); |
| 30 } |
| 31 |
| 32 class EllipticCurveSupportChecker { |
| 33 public: |
| 34 EllipticCurveSupportChecker() { |
| 35 // NOTE: we can do this check here only because we use the NSS internal |
| 36 // slot. If we support other slots in the future, checking whether they |
| 37 // support ECDSA may block NSS, and the value may also change as devices are |
| 38 // inserted/removed, so we would need to re-check on every use. |
| 39 crypto::EnsureNSSInit(); |
| 40 crypto::ScopedPK11Slot slot(GetKeySlot()); |
| 41 supported_ = PK11_DoesMechanism(slot.get(), CKM_EC_KEY_PAIR_GEN) && |
| 42 PK11_DoesMechanism(slot.get(), CKM_ECDSA); |
| 43 } |
| 44 |
| 45 bool Supported() { |
| 46 return supported_; |
| 47 } |
| 48 |
| 49 private: |
| 50 bool supported_; |
| 51 }; |
| 52 |
| 53 static base::LazyInstance<EllipticCurveSupportChecker>::Leaky |
| 54 g_elliptic_curve_supported = LAZY_INSTANCE_INITIALIZER; |
| 55 |
| 27 // Copied from rsa_private_key_nss.cc. | 56 // Copied from rsa_private_key_nss.cc. |
| 28 static bool ReadAttribute(SECKEYPrivateKey* key, | 57 static bool ReadAttribute(SECKEYPrivateKey* key, |
| 29 CK_ATTRIBUTE_TYPE type, | 58 CK_ATTRIBUTE_TYPE type, |
| 30 std::vector<uint8>* output) { | 59 std::vector<uint8>* output) { |
| 31 SECItem item; | 60 SECItem item; |
| 32 SECStatus rv; | 61 SECStatus rv; |
| 33 rv = PK11_ReadRawAttribute(PK11_TypePrivKey, key, type, &item); | 62 rv = PK11_ReadRawAttribute(PK11_TypePrivKey, key, type, &item); |
| 34 if (rv != SECSuccess) { | 63 if (rv != SECSuccess) { |
| 35 DLOG(ERROR) << "PK11_ReadRawAttribute: " << PORT_GetError(); | 64 DLOG(ERROR) << "PK11_ReadRawAttribute: " << PORT_GetError(); |
| 36 return false; | 65 return false; |
| 37 } | 66 } |
| 38 | 67 |
| 39 output->assign(item.data, item.data + item.len); | 68 output->assign(item.data, item.data + item.len); |
| 40 SECITEM_FreeItem(&item, PR_FALSE); | 69 SECITEM_FreeItem(&item, PR_FALSE); |
| 41 return true; | 70 return true; |
| 42 } | 71 } |
| 43 | 72 |
| 44 } // namespace | 73 } // namespace |
| 45 | 74 |
| 46 namespace crypto { | 75 namespace crypto { |
| 47 | 76 |
| 48 ECPrivateKey::~ECPrivateKey() { | 77 ECPrivateKey::~ECPrivateKey() { |
| 49 if (key_) | 78 if (key_) |
| 50 SECKEY_DestroyPrivateKey(key_); | 79 SECKEY_DestroyPrivateKey(key_); |
| 51 if (public_key_) | 80 if (public_key_) |
| 52 SECKEY_DestroyPublicKey(public_key_); | 81 SECKEY_DestroyPublicKey(public_key_); |
| 53 } | 82 } |
| 54 | 83 |
| 55 // static | 84 // static |
| 85 bool ECPrivateKey::IsSupported() { |
| 86 return g_elliptic_curve_supported.Get().Supported(); |
| 87 } |
| 88 |
| 89 // static |
| 56 ECPrivateKey* ECPrivateKey::Create() { | 90 ECPrivateKey* ECPrivateKey::Create() { |
| 57 return CreateWithParams(PR_FALSE /* not permanent */, | 91 return CreateWithParams(PR_FALSE /* not permanent */, |
| 58 PR_FALSE /* not sensitive */); | 92 PR_FALSE /* not sensitive */); |
| 59 } | 93 } |
| 60 | 94 |
| 61 // static | 95 // static |
| 62 ECPrivateKey* ECPrivateKey::CreateSensitive() { | 96 ECPrivateKey* ECPrivateKey::CreateSensitive() { |
| 63 #if defined(USE_NSS) | 97 #if defined(USE_NSS) |
| 64 return CreateWithParams(PR_TRUE /* permanent */, | 98 return CreateWithParams(PR_TRUE /* permanent */, |
| 65 PR_TRUE /* sensitive */); | 99 PR_TRUE /* sensitive */); |
| (...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 107 // static | 141 // static |
| 108 bool ECPrivateKey::ImportFromEncryptedPrivateKeyInfo( | 142 bool ECPrivateKey::ImportFromEncryptedPrivateKeyInfo( |
| 109 const std::string& password, | 143 const std::string& password, |
| 110 const uint8* encrypted_private_key_info, | 144 const uint8* encrypted_private_key_info, |
| 111 size_t encrypted_private_key_info_len, | 145 size_t encrypted_private_key_info_len, |
| 112 CERTSubjectPublicKeyInfo* decoded_spki, | 146 CERTSubjectPublicKeyInfo* decoded_spki, |
| 113 bool permanent, | 147 bool permanent, |
| 114 bool sensitive, | 148 bool sensitive, |
| 115 SECKEYPrivateKey** key, | 149 SECKEYPrivateKey** key, |
| 116 SECKEYPublicKey** public_key) { | 150 SECKEYPublicKey** public_key) { |
| 117 ScopedPK11Slot slot(GetPublicNSSKeySlot()); | 151 ScopedPK11Slot slot(GetKeySlot()); |
| 118 if (!slot.get()) | 152 if (!slot.get()) |
| 119 return false; | 153 return false; |
| 120 | 154 |
| 121 *public_key = SECKEY_ExtractPublicKey(decoded_spki); | 155 *public_key = SECKEY_ExtractPublicKey(decoded_spki); |
| 122 | 156 |
| 123 if (!*public_key) { | 157 if (!*public_key) { |
| 124 DLOG(ERROR) << "SECKEY_ExtractPublicKey: " << PORT_GetError(); | 158 DLOG(ERROR) << "SECKEY_ExtractPublicKey: " << PORT_GetError(); |
| 125 return false; | 159 return false; |
| 126 } | 160 } |
| 127 | 161 |
| (...skipping 112 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 240 | 274 |
| 241 ECPrivateKey::ECPrivateKey() : key_(NULL), public_key_(NULL) {} | 275 ECPrivateKey::ECPrivateKey() : key_(NULL), public_key_(NULL) {} |
| 242 | 276 |
| 243 // static | 277 // static |
| 244 ECPrivateKey* ECPrivateKey::CreateWithParams(bool permanent, | 278 ECPrivateKey* ECPrivateKey::CreateWithParams(bool permanent, |
| 245 bool sensitive) { | 279 bool sensitive) { |
| 246 EnsureNSSInit(); | 280 EnsureNSSInit(); |
| 247 | 281 |
| 248 scoped_ptr<ECPrivateKey> result(new ECPrivateKey); | 282 scoped_ptr<ECPrivateKey> result(new ECPrivateKey); |
| 249 | 283 |
| 250 ScopedPK11Slot slot(GetPrivateNSSKeySlot()); | 284 ScopedPK11Slot slot(GetKeySlot()); |
| 251 if (!slot.get()) | 285 if (!slot.get()) |
| 252 return NULL; | 286 return NULL; |
| 253 | 287 |
| 254 SECOidData* oid_data = SECOID_FindOIDByTag(SEC_OID_SECG_EC_SECP256R1); | 288 SECOidData* oid_data = SECOID_FindOIDByTag(SEC_OID_SECG_EC_SECP256R1); |
| 255 if (!oid_data) { | 289 if (!oid_data) { |
| 256 DLOG(ERROR) << "SECOID_FindOIDByTag: " << PORT_GetError(); | 290 DLOG(ERROR) << "SECOID_FindOIDByTag: " << PORT_GetError(); |
| 257 return NULL; | 291 return NULL; |
| 258 } | 292 } |
| 259 | 293 |
| 260 // SECKEYECParams is a SECItem containing the DER encoded ASN.1 ECParameters | 294 // SECKEYECParams is a SECItem containing the DER encoded ASN.1 ECParameters |
| (...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 322 | 356 |
| 323 SECKEY_DestroySubjectPublicKeyInfo(decoded_spki); | 357 SECKEY_DestroySubjectPublicKeyInfo(decoded_spki); |
| 324 | 358 |
| 325 if (success) | 359 if (success) |
| 326 return result.release(); | 360 return result.release(); |
| 327 | 361 |
| 328 return NULL; | 362 return NULL; |
| 329 } | 363 } |
| 330 | 364 |
| 331 } // namespace crypto | 365 } // namespace crypto |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10700099:
NSS Channel ID: don't check ECC support on every socket creation. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src