summaryrefslogtreecommitdiffstats
path: root/crypto/nss_key_util.cc
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/nss_key_util.cc')
-rw-r--r--crypto/nss_key_util.cc161
1 files changed, 0 insertions, 161 deletions
diff --git a/crypto/nss_key_util.cc b/crypto/nss_key_util.cc
deleted file mode 100644
index 260d3b6..0000000
--- a/crypto/nss_key_util.cc
+++ /dev/null
@@ -1,161 +0,0 @@
-// Copyright 2015 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "crypto/nss_key_util.h"
-
-#include <cryptohi.h>
-#include <keyhi.h>
-#include <pk11pub.h>
-
-#include "base/logging.h"
-#include "base/stl_util.h"
-#include "crypto/nss_util.h"
-
-#if defined(USE_NSS_CERTS)
-#include <secmod.h>
-#include "crypto/nss_util_internal.h"
-#endif
-
-namespace crypto {
-
-namespace {
-
-#if defined(USE_NSS_CERTS)
-
-struct PublicKeyInfoDeleter {
- inline void operator()(CERTSubjectPublicKeyInfo* spki) {
- SECKEY_DestroySubjectPublicKeyInfo(spki);
- }
-};
-
-typedef scoped_ptr<CERTSubjectPublicKeyInfo, PublicKeyInfoDeleter>
- ScopedPublicKeyInfo;
-
-// Decodes |input| as a SubjectPublicKeyInfo and returns a SECItem containing
-// the CKA_ID of that public key or nullptr on error.
-ScopedSECItem MakeIDFromSPKI(const std::vector<uint8_t> input) {
- // First, decode and save the public key.
- SECItem key_der;
- key_der.type = siBuffer;
- key_der.data = const_cast<unsigned char*>(vector_as_array(&input));
- key_der.len = input.size();
-
- ScopedPublicKeyInfo spki(SECKEY_DecodeDERSubjectPublicKeyInfo(&key_der));
- if (!spki)
- return nullptr;
-
- ScopedSECKEYPublicKey result(SECKEY_ExtractPublicKey(spki.get()));
- if (!result)
- return nullptr;
-
- // See pk11_MakeIDFromPublicKey from NSS. For now, only RSA keys are
- // supported.
- if (SECKEY_GetPublicKeyType(result.get()) != rsaKey)
- return nullptr;
-
- return ScopedSECItem(PK11_MakeIDFromPubKey(&result->u.rsa.modulus));
-}
-
-#endif // defined(USE_NSS_CERTS)
-
-} // namespace
-
-bool GenerateRSAKeyPairNSS(PK11SlotInfo* slot,
- uint16_t num_bits,
- bool permanent,
- ScopedSECKEYPublicKey* public_key,
- ScopedSECKEYPrivateKey* private_key) {
- PK11RSAGenParams param;
- param.keySizeInBits = num_bits;
- param.pe = 65537L;
- SECKEYPublicKey* public_key_raw = nullptr;
- private_key->reset(PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN,
- &param, &public_key_raw, permanent,
- permanent /* sensitive */, nullptr));
- if (!*private_key)
- return false;
-
- public_key->reset(public_key_raw);
- return true;
-}
-
-ScopedSECKEYPrivateKey ImportNSSKeyFromPrivateKeyInfo(
- PK11SlotInfo* slot,
- const std::vector<uint8_t>& input,
- bool permanent) {
- DCHECK(slot);
-
- ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
- DCHECK(arena);
-
- // Excess data is illegal, but NSS silently accepts it, so first ensure that
- // |input| consists of a single ASN.1 element.
- SECItem input_item;
- input_item.data = const_cast<unsigned char*>(vector_as_array(&input));
- input_item.len = input.size();
- SECItem der_private_key_info;
- SECStatus rv =
- SEC_QuickDERDecodeItem(arena.get(), &der_private_key_info,
- SEC_ASN1_GET(SEC_AnyTemplate), &input_item);
- if (rv != SECSuccess)
- return nullptr;
-
- // Allow the private key to be used for key unwrapping, data decryption,
- // and signature generation.
- const unsigned int key_usage =
- KU_KEY_ENCIPHERMENT | KU_DATA_ENCIPHERMENT | KU_DIGITAL_SIGNATURE;
- SECKEYPrivateKey* key_raw = nullptr;
- rv = PK11_ImportDERPrivateKeyInfoAndReturnKey(
- slot, &der_private_key_info, nullptr, nullptr, permanent,
- permanent /* sensitive */, key_usage, &key_raw, nullptr);
- if (rv != SECSuccess)
- return nullptr;
- return ScopedSECKEYPrivateKey(key_raw);
-}
-
-#if defined(USE_NSS_CERTS)
-
-ScopedSECKEYPrivateKey FindNSSKeyFromPublicKeyInfo(
- const std::vector<uint8_t>& input) {
- EnsureNSSInit();
-
- ScopedSECItem cka_id(MakeIDFromSPKI(input));
- if (!cka_id)
- return nullptr;
-
- // Search all slots in all modules for the key with the given ID.
- AutoSECMODListReadLock auto_lock;
- const SECMODModuleList* head = SECMOD_GetDefaultModuleList();
- for (const SECMODModuleList* item = head; item != nullptr;
- item = item->next) {
- int slot_count = item->module->loaded ? item->module->slotCount : 0;
- for (int i = 0; i < slot_count; i++) {
- // Look for the key in slot |i|.
- ScopedSECKEYPrivateKey key(
- PK11_FindKeyByKeyID(item->module->slots[i], cka_id.get(), nullptr));
- if (key)
- return key.Pass();
- }
- }
-
- // The key wasn't found in any module.
- return nullptr;
-}
-
-ScopedSECKEYPrivateKey FindNSSKeyFromPublicKeyInfoInSlot(
- const std::vector<uint8_t>& input,
- PK11SlotInfo* slot) {
- DCHECK(slot);
-
- ScopedSECItem cka_id(MakeIDFromSPKI(input));
- if (!cka_id)
- return nullptr;
-
- return ScopedSECKEYPrivateKey(
- PK11_FindKeyByKeyID(slot, cka_id.get(), nullptr));
-}
-
-#endif // defined(USE_NSS_CERTS)
-
-} // namespace crypto