diff options
| author | rsleevi@chromium.org <rsleevi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-06-27 09:18:43 +0000 |
|---|---|---|
| committer | rsleevi@chromium.org <rsleevi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-06-27 09:18:43 +0000 |
| commit | 5123d9c4a4f9190436a9c15ee0733a5340aad08e (patch) | |
| tree | 409d1f94e61b550ede597dfad3ea3b29238c5647 /crypto | |
| parent | 277823276af8fb584020b981b30fbde5b4e7171d (diff) | |
| download | chromium_src-5123d9c4a4f9190436a9c15ee0733a5340aad08e.zip chromium_src-5123d9c4a4f9190436a9c15ee0733a5340aad08e.tar.gz chromium_src-5123d9c4a4f9190436a9c15ee0733a5340aad08e.tar.bz2 | |
Remove platform-specific implementations of RSAPrivateKey and SignatureCreator
Use NSS/OpenSSL on all platforms, rather than deferring to the underlying OS routines.
Because X509Certificate::CreateSelfSigned no longer relies on platform-native types for RSA keys or certificates, it has been moved to x509_util and simply returns a DER-encoded certificate as a string.
BUG=none
R=wtc
Review URL: https://chromiumcodereview.appspot.com/17265013
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@208870 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/crypto.gyp | 29 | ||||
| -rw-r--r-- | crypto/rsa_private_key.h | 74 | ||||
| -rw-r--r-- | crypto/rsa_private_key_ios.cc | 67 | ||||
| -rw-r--r-- | crypto/rsa_private_key_mac.cc | 204 | ||||
| -rw-r--r-- | crypto/rsa_private_key_nss.cc | 45 | ||||
| -rw-r--r-- | crypto/rsa_private_key_openssl.cc | 20 | ||||
| -rw-r--r-- | crypto/rsa_private_key_win.cc | 238 | ||||
| -rw-r--r-- | crypto/signature_creator.h | 24 | ||||
| -rw-r--r-- | crypto/signature_creator_mac.cc | 75 | ||||
| -rw-r--r-- | crypto/signature_creator_win.cc | 61 |
10 files changed, 60 insertions, 777 deletions
diff --git a/crypto/crypto.gyp b/crypto/crypto.gyp index 4ba571b..f6ac0f8 100644 --- a/crypto/crypto.gyp +++ b/crypto/crypto.gyp @@ -49,15 +49,6 @@ ], ], }, { # os_posix != 1 or OS == "mac" or OS == "ios" or OS == "android" - 'sources/': [ - ['exclude', '_nss\.cc$'], - ['include', 'ec_private_key_nss\.cc$'], - ['include', 'ec_signature_creator_nss\.cc$'], - ['include', 'encryptor_nss\.cc$'], - ['include', 'hmac_nss\.cc$'], - ['include', 'signature_verifier_nss\.cc$'], - ['include', 'symmetric_key_nss\.cc$'], - ], 'sources!': [ 'hmac_win.cc', 'openpgp_symmetric_encryption.cc', @@ -93,12 +84,6 @@ }, }, ], - [ 'OS == "ios"', { - 'sources!': [ - # This class is stubbed out on iOS. - 'rsa_private_key.cc', - ], - }], [ 'OS == "mac"', { 'link_settings': { 'libraries': [ @@ -228,11 +213,8 @@ 'random.cc', 'rsa_private_key.cc', 'rsa_private_key.h', - 'rsa_private_key_ios.cc', - 'rsa_private_key_mac.cc', 'rsa_private_key_nss.cc', 'rsa_private_key_openssl.cc', - 'rsa_private_key_win.cc', 'scoped_capi_types.h', 'scoped_nss_types.h', 'secure_hash.h', @@ -241,10 +223,8 @@ 'sha2.cc', 'sha2.h', 'signature_creator.h', - 'signature_creator_mac.cc', 'signature_creator_nss.cc', 'signature_creator_openssl.cc', - 'signature_creator_win.cc', 'signature_verifier.h', 'signature_verifier_nss.cc', 'signature_verifier_openssl.cc', @@ -316,15 +296,6 @@ '../third_party/nss/nss.gyp:nss', ], }], - ['OS == "ios"', { - 'sources!': [ - # These tests are excluded because they test classes that are not - # implemented on iOS. - 'rsa_private_key_unittest.cc', - 'signature_creator_unittest.cc', - 'signature_verifier_unittest.cc', - ], - }], [ 'OS == "mac"', { 'dependencies': [ '../third_party/nss/nss.gyp:nspr', diff --git a/crypto/rsa_private_key.h b/crypto/rsa_private_key.h index b8ce169..ad82148 100644 --- a/crypto/rsa_private_key.h +++ b/crypto/rsa_private_key.h @@ -7,32 +7,26 @@ #include "build/build_config.h" -#if defined(USE_OPENSSL) -// Forward declaration for openssl/*.h -typedef struct evp_pkey_st EVP_PKEY; -#elif defined(USE_NSS) -// Forward declaration. -typedef struct SECKEYPrivateKeyStr SECKEYPrivateKey; -typedef struct SECKEYPublicKeyStr SECKEYPublicKey; -#elif defined(OS_IOS) -#include <Security/Security.h> -#elif defined(OS_MACOSX) -#include <Security/cssm.h> -#endif - #include <list> #include <vector> #include "base/basictypes.h" #include "crypto/crypto_export.h" -#if defined(OS_WIN) -#include "crypto/scoped_capi_types.h" -#endif #if defined(USE_NSS) #include "base/gtest_prod_util.h" #endif +#if defined(USE_OPENSSL) +// Forward declaration for openssl/*.h +typedef struct evp_pkey_st EVP_PKEY; +#elif defined(USE_NSS) || defined(OS_WIN) || defined(OS_MACOSX) +// Forward declaration. +typedef struct SECKEYPrivateKeyStr SECKEYPrivateKey; +typedef struct SECKEYPublicKeyStr SECKEYPublicKey; +#endif + + namespace crypto { // Used internally by RSAPrivateKey for serializing and deserializing @@ -179,32 +173,27 @@ class CRYPTO_EXPORT RSAPrivateKey { // Create a new random instance. Can return NULL if initialization fails. static RSAPrivateKey* Create(uint16 num_bits); - // Create a new random instance. Can return NULL if initialization fails. - // The created key is permanent and is not exportable in plaintext form. - // - // NOTE: Currently only available if USE_NSS is defined. - static RSAPrivateKey* CreateSensitive(uint16 num_bits); - // Create a new instance by importing an existing private key. The format is // an ASN.1-encoded PrivateKeyInfo block from PKCS #8. This can return NULL if // initialization fails. static RSAPrivateKey* CreateFromPrivateKeyInfo( const std::vector<uint8>& input); +#if defined(USE_NSS) + // Create a new random instance. Can return NULL if initialization fails. + // The created key is permanent and is not exportable in plaintext form. + static RSAPrivateKey* CreateSensitive(uint16 num_bits); + // Create a new instance by importing an existing private key. The format is // an ASN.1-encoded PrivateKeyInfo block from PKCS #8. This can return NULL if // initialization fails. // The created key is permanent and is not exportable in plaintext form. - // - // NOTE: Currently only available if USE_NSS is defined. static RSAPrivateKey* CreateSensitiveFromPrivateKeyInfo( const std::vector<uint8>& input); -#if defined(USE_NSS) // Create a new instance by referencing an existing private key // structure. Does not import the key. static RSAPrivateKey* CreateFromKey(SECKEYPrivateKey* key); -#endif // Import an existing public key, and then search for the private // half in the key database. The format of the public key blob is is @@ -212,25 +201,15 @@ class CRYPTO_EXPORT RSAPrivateKey { // initialization fails or the private key cannot be found. The // caller takes ownership of the returned object, but nothing new is // created in the key database. - // - // NOTE: Currently only available if USE_NSS is defined. static RSAPrivateKey* FindFromPublicKeyInfo( const std::vector<uint8>& input); +#endif #if defined(USE_OPENSSL) EVP_PKEY* key() { return key_; } -#elif defined(USE_NSS) +#elif defined(USE_NSS) || defined(OS_WIN) || defined(OS_MACOSX) SECKEYPrivateKey* key() { return key_; } SECKEYPublicKey* public_key() { return public_key_; } -#elif defined(OS_WIN) - HCRYPTPROV provider() { return provider_; } - HCRYPTKEY key() { return key_; } -#elif defined(OS_IOS) - SecKeyRef key() { return key_; } - SecKeyRef public_key() { return public_key_; } -#elif defined(OS_MACOSX) - CSSM_KEY_PTR key() { return &key_; } - CSSM_KEY_PTR public_key() { return &public_key_; } #endif // Creates a copy of the object. @@ -255,31 +234,24 @@ class CRYPTO_EXPORT RSAPrivateKey { // Shared helper for Create() and CreateSensitive(). // TODO(cmasone): consider replacing |permanent| and |sensitive| with a // flags arg created by ORing together some enumerated values. + // Note: |permanent| is only supported when USE_NSS is defined. static RSAPrivateKey* CreateWithParams(uint16 num_bits, bool permanent, bool sensitive); // Shared helper for CreateFromPrivateKeyInfo() and // CreateSensitiveFromPrivateKeyInfo(). + // Note: |permanent| is only supported when USE_NSS is defined. static RSAPrivateKey* CreateFromPrivateKeyInfoWithParams( - const std::vector<uint8>& input, bool permanent, bool sensitive); + const std::vector<uint8>& input, + bool permanent, + bool sensitive); #if defined(USE_OPENSSL) EVP_PKEY* key_; -#elif defined(USE_NSS) +#elif defined(USE_NSS) || defined(OS_WIN) || defined(OS_MACOSX) SECKEYPrivateKey* key_; SECKEYPublicKey* public_key_; -#elif defined(OS_WIN) - bool InitProvider(); - - ScopedHCRYPTPROV provider_; - ScopedHCRYPTKEY key_; -#elif defined(OS_IOS) - SecKeyRef key_; - SecKeyRef public_key_; -#elif defined(OS_MACOSX) - CSSM_KEY key_; - CSSM_KEY public_key_; #endif DISALLOW_COPY_AND_ASSIGN(RSAPrivateKey); diff --git a/crypto/rsa_private_key_ios.cc b/crypto/rsa_private_key_ios.cc deleted file mode 100644 index d96b3e9..0000000 --- a/crypto/rsa_private_key_ios.cc +++ /dev/null @@ -1,67 +0,0 @@ -// Copyright (c) 2011 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "crypto/rsa_private_key.h" - -#include "base/logging.h" - -namespace crypto { - -// |RSAPrivateKey| is not used on iOS. This implementation was written so that -// it would compile. It may be possible to use the NSS implementation as a real -// implementation, but it hasn't yet been necessary. - -// static -RSAPrivateKey* RSAPrivateKey::Create(uint16 num_bits) { - NOTIMPLEMENTED(); - return NULL; -} - -// static -RSAPrivateKey* RSAPrivateKey::CreateSensitive(uint16 num_bits) { - NOTIMPLEMENTED(); - return NULL; -} - -// static -RSAPrivateKey* RSAPrivateKey::CreateFromPrivateKeyInfo( - const std::vector<uint8>& input) { - NOTIMPLEMENTED(); - return NULL; -} - -// static -RSAPrivateKey* RSAPrivateKey::CreateSensitiveFromPrivateKeyInfo( - const std::vector<uint8>& input) { - NOTIMPLEMENTED(); - return NULL; -} - -// static -RSAPrivateKey* RSAPrivateKey::FindFromPublicKeyInfo( - const std::vector<uint8>& input) { - NOTIMPLEMENTED(); - return NULL; -} - -RSAPrivateKey::RSAPrivateKey() : key_(NULL), public_key_(NULL) {} - -RSAPrivateKey::~RSAPrivateKey() { - if (public_key_) - CFRelease(public_key_); - if (key_) - CFRelease(key_); -} - -bool RSAPrivateKey::ExportPrivateKey(std::vector<uint8>* output) const { - NOTIMPLEMENTED(); - return false; -} - -bool RSAPrivateKey::ExportPublicKey(std::vector<uint8>* output) const { - NOTIMPLEMENTED(); - return false; -} - -} // namespace base diff --git a/crypto/rsa_private_key_mac.cc b/crypto/rsa_private_key_mac.cc deleted file mode 100644 index fbe1491e..0000000 --- a/crypto/rsa_private_key_mac.cc +++ /dev/null @@ -1,204 +0,0 @@ -// Copyright (c) 2012 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "crypto/rsa_private_key.h" - -#include <list> - -#include "base/logging.h" -#include "base/memory/scoped_ptr.h" -#include "crypto/cssm_init.h" - -namespace crypto { - -// static -RSAPrivateKey* RSAPrivateKey::Create(uint16 num_bits) { - scoped_ptr<RSAPrivateKey> result(new RSAPrivateKey); - - CSSM_CC_HANDLE cc_handle; - CSSM_RETURN crtn; - crtn = CSSM_CSP_CreateKeyGenContext(GetSharedCSPHandle(), CSSM_ALGID_RSA, - num_bits, NULL, NULL, NULL, NULL, NULL, - &cc_handle); - if (crtn) { - NOTREACHED() << "CSSM_CSP_CreateKeyGenContext failed: " << crtn; - return NULL; - } - - CSSM_DATA label = { 9, - const_cast<uint8*>(reinterpret_cast<const uint8*>("temp_key")) }; - crtn = CSSM_GenerateKeyPair(cc_handle, - CSSM_KEYUSE_VERIFY, - CSSM_KEYATTR_RETURN_DATA | CSSM_KEYATTR_EXTRACTABLE, &label, - result->public_key(), CSSM_KEYUSE_SIGN, - CSSM_KEYATTR_RETURN_DATA | CSSM_KEYATTR_EXTRACTABLE, &label, NULL, - result->key()); - CSSM_DeleteContext(cc_handle); - if (crtn) { - NOTREACHED() << "CSSM_CSP_CreateKeyGenContext failed: " << crtn; - return NULL; - } - - return result.release(); -} - -// static -RSAPrivateKey* RSAPrivateKey::CreateSensitive(uint16 num_bits) { - NOTIMPLEMENTED(); - return NULL; -} - -// static -RSAPrivateKey* RSAPrivateKey::CreateFromPrivateKeyInfo( - const std::vector<uint8>& input) { - if (input.empty()) - return NULL; - - scoped_ptr<RSAPrivateKey> result(new RSAPrivateKey); - - CSSM_KEY key; - memset(&key, 0, sizeof(key)); - key.KeyData.Data = const_cast<uint8*>(&input.front()); - key.KeyData.Length = input.size(); - key.KeyHeader.Format = CSSM_KEYBLOB_RAW_FORMAT_PKCS8; - key.KeyHeader.HeaderVersion = CSSM_KEYHEADER_VERSION; - key.KeyHeader.BlobType = CSSM_KEYBLOB_RAW; - key.KeyHeader.AlgorithmId = CSSM_ALGID_RSA; - key.KeyHeader.KeyClass = CSSM_KEYCLASS_PRIVATE_KEY; - key.KeyHeader.KeyAttr = CSSM_KEYATTR_EXTRACTABLE; - key.KeyHeader.KeyUsage = CSSM_KEYUSE_ANY; - - CSSM_KEY_SIZE key_size; - CSSM_RETURN crtn; - crtn = CSSM_QueryKeySizeInBits( - GetSharedCSPHandle(), CSSM_INVALID_HANDLE, &key, &key_size); - if (crtn) { - NOTREACHED() << "CSSM_QueryKeySizeInBits failed: " << crtn; - return NULL; - } - key.KeyHeader.LogicalKeySizeInBits = key_size.LogicalKeySizeInBits; - - // Perform a NULL unwrap operation on the key so that result's key_ - // instance variable points to a key that can be released via CSSM_FreeKey(). - CSSM_ACCESS_CREDENTIALS creds; - memset(&creds, 0, sizeof(CSSM_ACCESS_CREDENTIALS)); - CSSM_CC_HANDLE cc_handle; - crtn = CSSM_CSP_CreateSymmetricContext(GetSharedCSPHandle(), CSSM_ALGID_NONE, - CSSM_ALGMODE_NONE, &creds, NULL, NULL, CSSM_PADDING_NONE, 0, &cc_handle); - if (crtn) { - NOTREACHED() << "CSSM_CSP_CreateSymmetricContext failed: " << crtn; - return NULL; - } - CSSM_DATA label_data, desc_data = { 0, NULL }; - label_data.Data = - const_cast<uint8*>(reinterpret_cast<const uint8*>("unwrapped")); - label_data.Length = 9; - crtn = CSSM_UnwrapKey(cc_handle, NULL, &key, CSSM_KEYUSE_ANY, - CSSM_KEYATTR_RETURN_DATA | CSSM_KEYATTR_EXTRACTABLE, &label_data, - NULL, result->key(), &desc_data); - if (crtn) { - NOTREACHED() << "CSSM_UnwrapKey failed: " << crtn; - return NULL; - } - - // Extract a public key from the private key. - // Apple doesn't accept CSSM_KEYBLOB_RAW_FORMAT_X509 as a valid key - // format when attempting to generate certs, so use PKCS1 instead. - PrivateKeyInfoCodec codec(true); - std::vector<uint8> private_key_data; - private_key_data.assign(key.KeyData.Data, - key.KeyData.Data + key.KeyData.Length); - if (!codec.Import(private_key_data)) { - return NULL; - } - std::vector<uint8> public_key_data; - if (!codec.ExportPublicKey(&public_key_data)) { - return NULL; - } - - CSSM_KEY* public_key = result->public_key(); - size_t size = public_key_data.size(); - public_key->KeyData.Data = reinterpret_cast<uint8*>(CSSMMalloc(size)); - if (!public_key->KeyData.Data) { - NOTREACHED() << "CSSMMalloc failed"; - return NULL; - } - memcpy(public_key->KeyData.Data, &public_key_data.front(), size); - public_key->KeyData.Length = size; - public_key->KeyHeader.Format = CSSM_KEYBLOB_RAW_FORMAT_PKCS1; - public_key->KeyHeader.HeaderVersion = CSSM_KEYHEADER_VERSION; - public_key->KeyHeader.BlobType = CSSM_KEYBLOB_RAW; - public_key->KeyHeader.AlgorithmId = CSSM_ALGID_RSA; - public_key->KeyHeader.KeyClass = CSSM_KEYCLASS_PUBLIC_KEY; - public_key->KeyHeader.KeyAttr = CSSM_KEYATTR_EXTRACTABLE; - public_key->KeyHeader.KeyUsage = CSSM_KEYUSE_ANY; - - crtn = CSSM_QueryKeySizeInBits( - GetSharedCSPHandle(), CSSM_INVALID_HANDLE, public_key, &key_size); - if (crtn) { - DLOG(ERROR) << "CSSM_QueryKeySizeInBits failed " << crtn; - return NULL; - } - public_key->KeyHeader.LogicalKeySizeInBits = key_size.LogicalKeySizeInBits; - - return result.release(); -} - -// static -RSAPrivateKey* RSAPrivateKey::CreateSensitiveFromPrivateKeyInfo( - const std::vector<uint8>& input) { - NOTIMPLEMENTED(); - return NULL; -} - -// static -RSAPrivateKey* RSAPrivateKey::FindFromPublicKeyInfo( - const std::vector<uint8>& input) { - NOTIMPLEMENTED(); - return NULL; -} - -RSAPrivateKey::RSAPrivateKey() { - memset(&key_, 0, sizeof(key_)); - memset(&public_key_, 0, sizeof(public_key_)); - - EnsureCSSMInit(); -} - -RSAPrivateKey::~RSAPrivateKey() { - if (key_.KeyData.Data) { - CSSM_FreeKey(GetSharedCSPHandle(), NULL, &key_, CSSM_FALSE); - } - if (public_key_.KeyData.Data) { - CSSM_FreeKey(GetSharedCSPHandle(), NULL, &public_key_, CSSM_FALSE); - } -} - -RSAPrivateKey* RSAPrivateKey::Copy() const { - std::vector<uint8> key_bytes; - if (!ExportPrivateKey(&key_bytes)) - return NULL; - return CreateFromPrivateKeyInfo(key_bytes); -} - -bool RSAPrivateKey::ExportPrivateKey(std::vector<uint8>* output) const { - if (!key_.KeyData.Data || !key_.KeyData.Length) { - return false; - } - output->clear(); - output->insert(output->end(), key_.KeyData.Data, - key_.KeyData.Data + key_.KeyData.Length); - return true; -} - -bool RSAPrivateKey::ExportPublicKey(std::vector<uint8>* output) const { - PrivateKeyInfoCodec private_key_info(true); - std::vector<uint8> private_key_data; - private_key_data.assign(key_.KeyData.Data, - key_.KeyData.Data + key_.KeyData.Length); - return (private_key_info.Import(private_key_data) && - private_key_info.ExportPublicKeyInfo(output)); -} - -} // namespace crypto diff --git a/crypto/rsa_private_key_nss.cc b/crypto/rsa_private_key_nss.cc index 3574432..35697ab 100644 --- a/crypto/rsa_private_key_nss.cc +++ b/crypto/rsa_private_key_nss.cc @@ -19,8 +19,7 @@ #include "crypto/nss_util_internal.h" #include "crypto/scoped_nss_types.h" -// TODO(rafaelw): Consider refactoring common functions and definitions from -// rsa_private_key_win.cc or using NSS's ASN.1 encoder. +// TODO(rafaelw): Consider using NSS's ASN.1 encoder. namespace { static bool ReadAttribute(SECKEYPrivateKey* key, @@ -53,31 +52,32 @@ RSAPrivateKey::~RSAPrivateKey() { // static RSAPrivateKey* RSAPrivateKey::Create(uint16 num_bits) { return CreateWithParams(num_bits, - PR_FALSE /* not permanent */, - PR_FALSE /* not sensitive */); -} - -// static -RSAPrivateKey* RSAPrivateKey::CreateSensitive(uint16 num_bits) { - return CreateWithParams(num_bits, - PR_TRUE /* permanent */, - PR_TRUE /* sensitive */); + false /* not permanent */, + false /* not sensitive */); } // static RSAPrivateKey* RSAPrivateKey::CreateFromPrivateKeyInfo( const std::vector<uint8>& input) { return CreateFromPrivateKeyInfoWithParams(input, - PR_FALSE /* not permanent */, - PR_FALSE /* not sensitive */); + false /* not permanent */, + false /* not sensitive */); +} + +#if defined(USE_NSS) +// static +RSAPrivateKey* RSAPrivateKey::CreateSensitive(uint16 num_bits) { + return CreateWithParams(num_bits, + true /* permanent */, + true /* sensitive */); } // static RSAPrivateKey* RSAPrivateKey::CreateSensitiveFromPrivateKeyInfo( const std::vector<uint8>& input) { return CreateFromPrivateKeyInfoWithParams(input, - PR_TRUE /* permanent */, - PR_TRUE /* sensitive */); + true /* permanent */, + true /* sensitive */); } // static @@ -153,6 +153,7 @@ RSAPrivateKey* RSAPrivateKey::FindFromPublicKeyInfo( // We didn't find the key. return NULL; } +#endif RSAPrivateKey* RSAPrivateKey::Copy() const { RSAPrivateKey* copy = new RSAPrivateKey(); @@ -202,6 +203,13 @@ RSAPrivateKey::RSAPrivateKey() : key_(NULL), public_key_(NULL) { RSAPrivateKey* RSAPrivateKey::CreateWithParams(uint16 num_bits, bool permanent, bool sensitive) { +#if !defined(USE_NSS) + if (permanent) { + NOTIMPLEMENTED(); + return NULL; + } +#endif + EnsureNSSInit(); scoped_ptr<RSAPrivateKey> result(new RSAPrivateKey); @@ -230,6 +238,13 @@ RSAPrivateKey* RSAPrivateKey::CreateWithParams(uint16 num_bits, // static RSAPrivateKey* RSAPrivateKey::CreateFromPrivateKeyInfoWithParams( const std::vector<uint8>& input, bool permanent, bool sensitive) { +#if !defined(USE_NSS) + if (permanent) { + NOTIMPLEMENTED(); + return NULL; + } +#endif + // This method currently leaks some memory. // See http://crbug.com/34742. ANNOTATE_SCOPED_MEMORY_LEAK; diff --git a/crypto/rsa_private_key_openssl.cc b/crypto/rsa_private_key_openssl.cc index 64a627e..f191e39 100644 --- a/crypto/rsa_private_key_openssl.cc +++ b/crypto/rsa_private_key_openssl.cc @@ -67,12 +67,6 @@ RSAPrivateKey* RSAPrivateKey::Create(uint16 num_bits) { } // static -RSAPrivateKey* RSAPrivateKey::CreateSensitive(uint16 num_bits) { - NOTIMPLEMENTED(); - return NULL; -} - -// static RSAPrivateKey* RSAPrivateKey::CreateFromPrivateKeyInfo( const std::vector<uint8>& input) { if (input.empty()) @@ -101,20 +95,6 @@ RSAPrivateKey* RSAPrivateKey::CreateFromPrivateKeyInfo( return result.release(); } -// static -RSAPrivateKey* RSAPrivateKey::CreateSensitiveFromPrivateKeyInfo( - const std::vector<uint8>& input) { - NOTIMPLEMENTED(); - return NULL; -} - -// static -RSAPrivateKey* RSAPrivateKey::FindFromPublicKeyInfo( - const std::vector<uint8>& input) { - NOTIMPLEMENTED(); - return NULL; -} - RSAPrivateKey::RSAPrivateKey() : key_(NULL) { } diff --git a/crypto/rsa_private_key_win.cc b/crypto/rsa_private_key_win.cc deleted file mode 100644 index 29ee663..0000000 --- a/crypto/rsa_private_key_win.cc +++ /dev/null @@ -1,238 +0,0 @@ -// Copyright (c) 2012 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "crypto/rsa_private_key.h" - -#include <list> - -#include "base/logging.h" -#include "base/memory/scoped_ptr.h" -#include "base/strings/string_util.h" - -#pragma comment(lib, "crypt32.lib") - -namespace crypto { - -// static -RSAPrivateKey* RSAPrivateKey::Create(uint16 num_bits) { - scoped_ptr<RSAPrivateKey> result(new RSAPrivateKey); - if (!result->InitProvider()) - return NULL; - - DWORD flags = CRYPT_EXPORTABLE; - - // The size is encoded as the upper 16 bits of the flags. :: sigh ::. - flags |= (num_bits << 16); - if (!CryptGenKey(result->provider_, CALG_RSA_SIGN, flags, - result->key_.receive())) - return NULL; - - return result.release(); -} - -// static -RSAPrivateKey* RSAPrivateKey::CreateSensitive(uint16 num_bits) { - NOTIMPLEMENTED(); - return NULL; -} - -// static -RSAPrivateKey* RSAPrivateKey::CreateFromPrivateKeyInfo( - const std::vector<uint8>& input) { - scoped_ptr<RSAPrivateKey> result(new RSAPrivateKey); - if (!result->InitProvider()) - return NULL; - - PrivateKeyInfoCodec pki(false); // Little-Endian - if (!pki.Import(input)) - return NULL; - - size_t blob_size = sizeof(PUBLICKEYSTRUC) + - sizeof(RSAPUBKEY) + - pki.modulus()->size() + - pki.prime1()->size() + - pki.prime2()->size() + - pki.exponent1()->size() + - pki.exponent2()->size() + - pki.coefficient()->size() + - pki.private_exponent()->size(); - scoped_ptr<BYTE[]> blob(new BYTE[blob_size]); - - uint8* dest = blob.get(); - PUBLICKEYSTRUC* public_key_struc = reinterpret_cast<PUBLICKEYSTRUC*>(dest); - public_key_struc->bType = PRIVATEKEYBLOB; - public_key_struc->bVersion = 0x02; - public_key_struc->reserved = 0; - public_key_struc->aiKeyAlg = CALG_RSA_SIGN; - dest += sizeof(PUBLICKEYSTRUC); - - RSAPUBKEY* rsa_pub_key = reinterpret_cast<RSAPUBKEY*>(dest); - rsa_pub_key->magic = 0x32415352; - rsa_pub_key->bitlen = pki.modulus()->size() * 8; - int public_exponent_int = 0; - for (size_t i = pki.public_exponent()->size(); i > 0; --i) { - public_exponent_int <<= 8; - public_exponent_int |= (*pki.public_exponent())[i - 1]; - } - rsa_pub_key->pubexp = public_exponent_int; - dest += sizeof(RSAPUBKEY); - - memcpy(dest, &pki.modulus()->front(), pki.modulus()->size()); - dest += pki.modulus()->size(); - memcpy(dest, &pki.prime1()->front(), pki.prime1()->size()); - dest += pki.prime1()->size(); - memcpy(dest, &pki.prime2()->front(), pki.prime2()->size()); - dest += pki.prime2()->size(); - memcpy(dest, &pki.exponent1()->front(), pki.exponent1()->size()); - dest += pki.exponent1()->size(); - memcpy(dest, &pki.exponent2()->front(), pki.exponent2()->size()); - dest += pki.exponent2()->size(); - memcpy(dest, &pki.coefficient()->front(), pki.coefficient()->size()); - dest += pki.coefficient()->size(); - memcpy(dest, &pki.private_exponent()->front(), - pki.private_exponent()->size()); - dest += pki.private_exponent()->size(); - - if (dest != blob.get() + blob_size) { - NOTREACHED(); - return NULL; - } - if (!CryptImportKey(result->provider_, - reinterpret_cast<uint8*>(public_key_struc), - static_cast<DWORD>(blob_size), 0, CRYPT_EXPORTABLE, - result->key_.receive())) { - return NULL; - } - - return result.release(); -} - -// static -RSAPrivateKey* RSAPrivateKey::CreateSensitiveFromPrivateKeyInfo( - const std::vector<uint8>& input) { - NOTIMPLEMENTED(); - return NULL; -} - -// static -RSAPrivateKey* RSAPrivateKey::FindFromPublicKeyInfo( - const std::vector<uint8>& input) { - NOTIMPLEMENTED(); - return NULL; -} - -RSAPrivateKey::RSAPrivateKey() : provider_(NULL), key_(NULL) {} - -RSAPrivateKey::~RSAPrivateKey() {} - -bool RSAPrivateKey::InitProvider() { - return FALSE != CryptAcquireContext(provider_.receive(), NULL, NULL, - PROV_RSA_FULL, CRYPT_VERIFYCONTEXT); -} - -RSAPrivateKey* RSAPrivateKey::Copy() const { - scoped_ptr<RSAPrivateKey> copy(new RSAPrivateKey()); - if (!CryptContextAddRef(provider_, NULL, 0)) { - NOTREACHED(); - return NULL; - } - copy->provider_.reset(provider_.get()); - if (!CryptDuplicateKey(key_.get(), NULL, 0, copy->key_.receive())) - return NULL; - return copy.release(); -} - -bool RSAPrivateKey::ExportPrivateKey(std::vector<uint8>* output) const { - // Export the key - DWORD blob_length = 0; - if (!CryptExportKey(key_, 0, PRIVATEKEYBLOB, 0, NULL, &blob_length)) { - NOTREACHED(); - return false; - } - - scoped_ptr<uint8[]> blob(new uint8[blob_length]); - if (!CryptExportKey(key_, 0, PRIVATEKEYBLOB, 0, blob.get(), &blob_length)) { - NOTREACHED(); - return false; - } - - uint8* pos = blob.get(); - PUBLICKEYSTRUC *publickey_struct = reinterpret_cast<PUBLICKEYSTRUC*>(pos); - pos += sizeof(PUBLICKEYSTRUC); - - RSAPUBKEY *rsa_pub_key = reinterpret_cast<RSAPUBKEY*>(pos); - pos += sizeof(RSAPUBKEY); - - int mod_size = rsa_pub_key->bitlen / 8; - int primes_size = rsa_pub_key->bitlen / 16; - - PrivateKeyInfoCodec pki(false); // Little-Endian - - pki.modulus()->assign(pos, pos + mod_size); - pos += mod_size; - - pki.prime1()->assign(pos, pos + primes_size); - pos += primes_size; - pki.prime2()->assign(pos, pos + primes_size); - pos += primes_size; - - pki.exponent1()->assign(pos, pos + primes_size); - pos += primes_size; - pki.exponent2()->assign(pos, pos + primes_size); - pos += primes_size; - - pki.coefficient()->assign(pos, pos + primes_size); - pos += primes_size; - - pki.private_exponent()->assign(pos, pos + mod_size); - pos += mod_size; - - pki.public_exponent()->assign(reinterpret_cast<uint8*>(&rsa_pub_key->pubexp), - reinterpret_cast<uint8*>(&rsa_pub_key->pubexp) + 4); - - CHECK_EQ(pos - blob_length, reinterpret_cast<BYTE*>(publickey_struct)); - - return pki.Export(output); -} - -bool RSAPrivateKey::ExportPublicKey(std::vector<uint8>* output) const { - DWORD key_info_len; - if (!CryptExportPublicKeyInfo( - provider_, AT_SIGNATURE, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, - NULL, &key_info_len)) { - NOTREACHED(); - return false; - } - - scoped_ptr<uint8[]> key_info(new uint8[key_info_len]); - if (!CryptExportPublicKeyInfo( - provider_, AT_SIGNATURE, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, - reinterpret_cast<CERT_PUBLIC_KEY_INFO*>(key_info.get()), &key_info_len)) { - NOTREACHED(); - return false; - } - - DWORD encoded_length; - if (!CryptEncodeObject( - X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, X509_PUBLIC_KEY_INFO, - reinterpret_cast<CERT_PUBLIC_KEY_INFO*>(key_info.get()), NULL, - &encoded_length)) { - NOTREACHED(); - return false; - } - - scoped_ptr<BYTE[]> encoded(new BYTE[encoded_length]); - if (!CryptEncodeObject( - X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, X509_PUBLIC_KEY_INFO, - reinterpret_cast<CERT_PUBLIC_KEY_INFO*>(key_info.get()), encoded.get(), - &encoded_length)) { - NOTREACHED(); - return false; - } - - output->assign(encoded.get(), encoded.get() + encoded_length); - return true; -} - -} // namespace crypto diff --git a/crypto/signature_creator.h b/crypto/signature_creator.h index 301ab19..1a1d6e5 100644 --- a/crypto/signature_creator.h +++ b/crypto/signature_creator.h @@ -7,23 +7,17 @@ #include "build/build_config.h" -#if defined(USE_OPENSSL) -// Forward declaration for openssl/*.h -typedef struct env_md_ctx_st EVP_MD_CTX; -#elif defined(USE_NSS) -// Forward declaration. -struct SGNContextStr; -#elif defined(OS_MACOSX) && !defined(OS_IOS) -#include <Security/cssm.h> -#endif - #include <vector> #include "base/basictypes.h" #include "crypto/crypto_export.h" -#if defined(OS_WIN) -#include "crypto/scoped_capi_types.h" +#if defined(USE_OPENSSL) +// Forward declaration for openssl/*.h +typedef struct env_md_ctx_st EVP_MD_CTX; +#elif defined(USE_NSS) || defined(OS_WIN) || defined(OS_MACOSX) +// Forward declaration. +struct SGNContextStr; #endif namespace crypto { @@ -54,12 +48,8 @@ class CRYPTO_EXPORT SignatureCreator { #if defined(USE_OPENSSL) EVP_MD_CTX* sign_context_; -#elif defined(USE_NSS) +#elif defined(USE_NSS) || defined(OS_WIN) || defined(OS_MACOSX) SGNContextStr* sign_context_; -#elif defined(OS_MACOSX) && !defined(OS_IOS) - CSSM_CC_HANDLE sig_handle_; -#elif defined(OS_WIN) - ScopedHCRYPTHASH hash_object_; #endif DISALLOW_COPY_AND_ASSIGN(SignatureCreator); diff --git a/crypto/signature_creator_mac.cc b/crypto/signature_creator_mac.cc deleted file mode 100644 index cdc34f8..0000000 --- a/crypto/signature_creator_mac.cc +++ /dev/null @@ -1,75 +0,0 @@ -// Copyright (c) 2012 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "crypto/signature_creator.h" - -#include <stdlib.h> - -#include "base/logging.h" -#include "base/memory/scoped_ptr.h" -#include "crypto/cssm_init.h" -#include "crypto/rsa_private_key.h" - -namespace crypto { - -// static -SignatureCreator* SignatureCreator::Create(RSAPrivateKey* key) { - scoped_ptr<SignatureCreator> result(new SignatureCreator); - result->key_ = key; - - CSSM_RETURN crtn; - crtn = CSSM_CSP_CreateSignatureContext(GetSharedCSPHandle(), - CSSM_ALGID_SHA1WithRSA, - NULL, - key->key(), - &result->sig_handle_); - if (crtn) { - NOTREACHED(); - return NULL; - } - - crtn = CSSM_SignDataInit(result->sig_handle_); - if (crtn) { - NOTREACHED(); - return NULL; - } - - return result.release(); -} - -SignatureCreator::SignatureCreator() : key_(NULL), sig_handle_(0) { - EnsureCSSMInit(); -} - -SignatureCreator::~SignatureCreator() { - CSSM_RETURN crtn; - if (sig_handle_) { - crtn = CSSM_DeleteContext(sig_handle_); - DCHECK_EQ(CSSM_OK, crtn); - } -} - -bool SignatureCreator::Update(const uint8* data_part, int data_part_len) { - CSSM_DATA data; - data.Data = const_cast<uint8*>(data_part); - data.Length = data_part_len; - CSSM_RETURN crtn = CSSM_SignDataUpdate(sig_handle_, &data, 1); - DCHECK_EQ(CSSM_OK, crtn); - return true; -} - -bool SignatureCreator::Final(std::vector<uint8>* signature) { - ScopedCSSMData sig; - CSSM_RETURN crtn = CSSM_SignDataFinal(sig_handle_, sig); - - if (crtn) { - NOTREACHED(); - return false; - } - - signature->assign(sig->Data, sig->Data + sig->Length); - return true; -} - -} // namespace crypto diff --git a/crypto/signature_creator_win.cc b/crypto/signature_creator_win.cc deleted file mode 100644 index 69e6513..0000000 --- a/crypto/signature_creator_win.cc +++ /dev/null @@ -1,61 +0,0 @@ -// Copyright (c) 2012 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "crypto/signature_creator.h" - -#include "base/logging.h" -#include "base/memory/scoped_ptr.h" -#include "crypto/rsa_private_key.h" - -namespace crypto { - -// static -SignatureCreator* SignatureCreator::Create(RSAPrivateKey* key) { - scoped_ptr<SignatureCreator> result(new SignatureCreator); - result->key_ = key; - - if (!CryptCreateHash(key->provider(), CALG_SHA1, 0, 0, - result->hash_object_.receive())) { - NOTREACHED(); - return NULL; - } - - return result.release(); -} - -SignatureCreator::SignatureCreator() : key_(NULL), hash_object_(0) {} - -SignatureCreator::~SignatureCreator() {} - -bool SignatureCreator::Update(const uint8* data_part, int data_part_len) { - if (!CryptHashData(hash_object_, data_part, data_part_len, 0)) { - NOTREACHED(); - return false; - } - - return true; -} - -bool SignatureCreator::Final(std::vector<uint8>* signature) { - DWORD signature_length = 0; - if (!CryptSignHash(hash_object_, AT_SIGNATURE, NULL, 0, NULL, - &signature_length)) { - return false; - } - - std::vector<uint8> temp; - temp.resize(signature_length); - if (!CryptSignHash(hash_object_, AT_SIGNATURE, NULL, 0, &temp.front(), - &signature_length)) { - return false; - } - - temp.resize(signature_length); - for (size_t i = temp.size(); i > 0; --i) - signature->push_back(temp[i - 1]); - - return true; -} - -} // namespace crypto |