diff options
Diffstat (limited to 'crypto/rsa_private_key_win.cc')
-rw-r--r-- | crypto/rsa_private_key_win.cc | 229 |
1 files changed, 229 insertions, 0 deletions
diff --git a/crypto/rsa_private_key_win.cc b/crypto/rsa_private_key_win.cc new file mode 100644 index 0000000..293e4d66 --- /dev/null +++ b/crypto/rsa_private_key_win.cc @@ -0,0 +1,229 @@ +// Copyright (c) 2011 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "crypto/rsa_private_key.h" + +#include <list> + +#include "base/logging.h" +#include "base/memory/scoped_ptr.h" +#include "base/string_util.h" + +namespace { + // Helper for error handling during key import. +#define READ_ASSERT(truth) \ + if (!(truth)) { \ + NOTREACHED(); \ + return false; \ + } +} // namespace + +namespace crypto { + +// static +RSAPrivateKey* RSAPrivateKey::Create(uint16 num_bits) { + scoped_ptr<RSAPrivateKey> result(new RSAPrivateKey); + if (!result->InitProvider()) + return NULL; + + DWORD flags = CRYPT_EXPORTABLE; + + // The size is encoded as the upper 16 bits of the flags. :: sigh ::. + flags |= (num_bits << 16); + if (!CryptGenKey(result->provider_, CALG_RSA_SIGN, flags, + result->key_.receive())) + return NULL; + + return result.release(); +} + +// static +RSAPrivateKey* RSAPrivateKey::CreateSensitive(uint16 num_bits) { + NOTIMPLEMENTED(); + return NULL; +} + +// static +RSAPrivateKey* RSAPrivateKey::CreateFromPrivateKeyInfo( + const std::vector<uint8>& input) { + scoped_ptr<RSAPrivateKey> result(new RSAPrivateKey); + if (!result->InitProvider()) + return NULL; + + PrivateKeyInfoCodec pki(false); // Little-Endian + pki.Import(input); + + int blob_size = sizeof(PUBLICKEYSTRUC) + + sizeof(RSAPUBKEY) + + pki.modulus()->size() + + pki.prime1()->size() + + pki.prime2()->size() + + pki.exponent1()->size() + + pki.exponent2()->size() + + pki.coefficient()->size() + + pki.private_exponent()->size(); + scoped_array<BYTE> blob(new BYTE[blob_size]); + + uint8* dest = blob.get(); + PUBLICKEYSTRUC* public_key_struc = reinterpret_cast<PUBLICKEYSTRUC*>(dest); + public_key_struc->bType = PRIVATEKEYBLOB; + public_key_struc->bVersion = 0x02; + public_key_struc->reserved = 0; + public_key_struc->aiKeyAlg = CALG_RSA_SIGN; + dest += sizeof(PUBLICKEYSTRUC); + + RSAPUBKEY* rsa_pub_key = reinterpret_cast<RSAPUBKEY*>(dest); + rsa_pub_key->magic = 0x32415352; + rsa_pub_key->bitlen = pki.modulus()->size() * 8; + int public_exponent_int = 0; + for (size_t i = pki.public_exponent()->size(); i > 0; --i) { + public_exponent_int <<= 8; + public_exponent_int |= (*pki.public_exponent())[i - 1]; + } + rsa_pub_key->pubexp = public_exponent_int; + dest += sizeof(RSAPUBKEY); + + memcpy(dest, &pki.modulus()->front(), pki.modulus()->size()); + dest += pki.modulus()->size(); + memcpy(dest, &pki.prime1()->front(), pki.prime1()->size()); + dest += pki.prime1()->size(); + memcpy(dest, &pki.prime2()->front(), pki.prime2()->size()); + dest += pki.prime2()->size(); + memcpy(dest, &pki.exponent1()->front(), pki.exponent1()->size()); + dest += pki.exponent1()->size(); + memcpy(dest, &pki.exponent2()->front(), pki.exponent2()->size()); + dest += pki.exponent2()->size(); + memcpy(dest, &pki.coefficient()->front(), pki.coefficient()->size()); + dest += pki.coefficient()->size(); + memcpy(dest, &pki.private_exponent()->front(), + pki.private_exponent()->size()); + dest += pki.private_exponent()->size(); + + READ_ASSERT(dest == blob.get() + blob_size); + if (!CryptImportKey(result->provider_, + reinterpret_cast<uint8*>(public_key_struc), blob_size, 0, + CRYPT_EXPORTABLE, result->key_.receive())) + return NULL; + + return result.release(); +} + +// static +RSAPrivateKey* RSAPrivateKey::CreateSensitiveFromPrivateKeyInfo( + const std::vector<uint8>& input) { + NOTIMPLEMENTED(); + return NULL; +} + +// static +RSAPrivateKey* RSAPrivateKey::FindFromPublicKeyInfo( + const std::vector<uint8>& input) { + NOTIMPLEMENTED(); + return NULL; +} + +RSAPrivateKey::RSAPrivateKey() : provider_(NULL), key_(NULL) {} + +RSAPrivateKey::~RSAPrivateKey() {} + +bool RSAPrivateKey::InitProvider() { + return FALSE != CryptAcquireContext(provider_.receive(), NULL, NULL, + PROV_RSA_FULL, CRYPT_VERIFYCONTEXT); +} + +bool RSAPrivateKey::ExportPrivateKey(std::vector<uint8>* output) { + // Export the key + DWORD blob_length = 0; + if (!CryptExportKey(key_, 0, PRIVATEKEYBLOB, 0, NULL, &blob_length)) { + NOTREACHED(); + return false; + } + + scoped_array<uint8> blob(new uint8[blob_length]); + if (!CryptExportKey(key_, 0, PRIVATEKEYBLOB, 0, blob.get(), &blob_length)) { + NOTREACHED(); + return false; + } + + uint8* pos = blob.get(); + PUBLICKEYSTRUC *publickey_struct = reinterpret_cast<PUBLICKEYSTRUC*>(pos); + pos += sizeof(PUBLICKEYSTRUC); + + RSAPUBKEY *rsa_pub_key = reinterpret_cast<RSAPUBKEY*>(pos); + pos += sizeof(RSAPUBKEY); + + int mod_size = rsa_pub_key->bitlen / 8; + int primes_size = rsa_pub_key->bitlen / 16; + + PrivateKeyInfoCodec pki(false); // Little-Endian + + pki.modulus()->assign(pos, pos + mod_size); + pos += mod_size; + + pki.prime1()->assign(pos, pos + primes_size); + pos += primes_size; + pki.prime2()->assign(pos, pos + primes_size); + pos += primes_size; + + pki.exponent1()->assign(pos, pos + primes_size); + pos += primes_size; + pki.exponent2()->assign(pos, pos + primes_size); + pos += primes_size; + + pki.coefficient()->assign(pos, pos + primes_size); + pos += primes_size; + + pki.private_exponent()->assign(pos, pos + mod_size); + pos += mod_size; + + pki.public_exponent()->assign(reinterpret_cast<uint8*>(&rsa_pub_key->pubexp), + reinterpret_cast<uint8*>(&rsa_pub_key->pubexp) + 4); + + CHECK_EQ(pos - blob_length, reinterpret_cast<BYTE*>(publickey_struct)); + + return pki.Export(output); +} + +bool RSAPrivateKey::ExportPublicKey(std::vector<uint8>* output) { + DWORD key_info_len; + if (!CryptExportPublicKeyInfo( + provider_, AT_SIGNATURE, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, + NULL, &key_info_len)) { + NOTREACHED(); + return false; + } + + scoped_array<uint8> key_info(new uint8[key_info_len]); + if (!CryptExportPublicKeyInfo( + provider_, AT_SIGNATURE, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, + reinterpret_cast<CERT_PUBLIC_KEY_INFO*>(key_info.get()), &key_info_len)) { + NOTREACHED(); + return false; + } + + DWORD encoded_length; + if (!CryptEncodeObject( + X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, X509_PUBLIC_KEY_INFO, + reinterpret_cast<CERT_PUBLIC_KEY_INFO*>(key_info.get()), NULL, + &encoded_length)) { + NOTREACHED(); + return false; + } + + scoped_array<BYTE> encoded(new BYTE[encoded_length]); + if (!CryptEncodeObject( + X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, X509_PUBLIC_KEY_INFO, + reinterpret_cast<CERT_PUBLIC_KEY_INFO*>(key_info.get()), encoded.get(), + &encoded_length)) { + NOTREACHED(); + return false; + } + + for (size_t i = 0; i < encoded_length; ++i) + output->push_back(encoded[i]); + + return true; +} + +} // namespace crypto |