// Copyright (c) 2012 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "crypto/ec_private_key.h" #include #include #include #include #include #include #include #include #include "base/logging.h" #include "base/memory/scoped_ptr.h" #include "crypto/auto_cbb.h" #include "crypto/openssl_util.h" #include "crypto/scoped_openssl_types.h" namespace crypto { namespace { // Function pointer definition, for injecting the required key export function // into ExportKeyWithBio, below. |bio| is a temporary memory BIO object, and // |key| is a handle to the input key object. Return 1 on success, 0 otherwise. // NOTE: Used with OpenSSL functions, which do not comply with the Chromium // style guide, hence the unusual parameter placement / types. typedef int (*ExportBioFunction)(BIO* bio, const void* key); using ScopedPKCS8_PRIV_KEY_INFO = ScopedOpenSSL; using ScopedX509_SIG = ScopedOpenSSL; // Helper to export |key| into |output| via the specified ExportBioFunction. bool ExportKeyWithBio(const void* key, ExportBioFunction export_fn, std::vector* output) { if (!key) return false; ScopedBIO bio(BIO_new(BIO_s_mem())); if (!bio.get()) return false; if (!export_fn(bio.get(), key)) return false; char* data = NULL; long len = BIO_get_mem_data(bio.get(), &data); if (!data || len < 0) return false; output->assign(data, data + len); return true; } } // namespace ECPrivateKey::~ECPrivateKey() { if (key_) EVP_PKEY_free(key_); } ECPrivateKey* ECPrivateKey::Copy() const { scoped_ptr copy(new ECPrivateKey); if (key_) copy->key_ = EVP_PKEY_up_ref(key_); return copy.release(); } // static ECPrivateKey* ECPrivateKey::Create() { OpenSSLErrStackTracer err_tracer(FROM_HERE); ScopedEC_KEY ec_key(EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); if (!ec_key.get() || !EC_KEY_generate_key(ec_key.get())) return NULL; scoped_ptr result(new ECPrivateKey()); result->key_ = EVP_PKEY_new(); if (!result->key_ || !EVP_PKEY_set1_EC_KEY(result->key_, ec_key.get())) return NULL; CHECK_EQ(EVP_PKEY_EC, EVP_PKEY_type(result->key_->type)); return result.release(); } // static ECPrivateKey* ECPrivateKey::CreateFromEncryptedPrivateKeyInfo( const std::string& password, const std::vector& encrypted_private_key_info, const std::vector& subject_public_key_info) { // NOTE: The |subject_public_key_info| can be ignored here, it is only // useful for the NSS implementation (which uses the public key's SHA1 // as a lookup key when storing the private one in its store). if (encrypted_private_key_info.empty()) return NULL; OpenSSLErrStackTracer err_tracer(FROM_HERE); const uint8_t* data = &encrypted_private_key_info[0]; const uint8_t* ptr = data; ScopedX509_SIG p8_encrypted( d2i_X509_SIG(NULL, &ptr, encrypted_private_key_info.size())); if (!p8_encrypted || ptr != data + encrypted_private_key_info.size()) return NULL; ScopedPKCS8_PRIV_KEY_INFO p8_decrypted; if (password.empty()) { // Hack for reading keys generated by an older version of the OpenSSL // code. OpenSSL used to use "\0\0" rather than the empty string because it // would treat the password as an ASCII string to be converted to UCS-2 // while NSS used a byte string. p8_decrypted.reset(PKCS8_decrypt_pbe( p8_encrypted.get(), reinterpret_cast("\0\0"), 2)); } if (!p8_decrypted) { p8_decrypted.reset(PKCS8_decrypt_pbe( p8_encrypted.get(), reinterpret_cast(password.data()), password.size())); } if (!p8_decrypted) return NULL; // Create a new EVP_PKEY for it. scoped_ptr result(new ECPrivateKey); result->key_ = EVP_PKCS82PKEY(p8_decrypted.get()); if (!result->key_ || EVP_PKEY_type(result->key_->type) != EVP_PKEY_EC) return NULL; return result.release(); } bool ECPrivateKey::ExportEncryptedPrivateKey(const std::string& password, int iterations, std::vector* output) { OpenSSLErrStackTracer err_tracer(FROM_HERE); // Convert into a PKCS#8 object. ScopedPKCS8_PRIV_KEY_INFO pkcs8(EVP_PKEY2PKCS8(key_)); if (!pkcs8.get()) return false; // Encrypt the object. // NOTE: NSS uses SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC // so use NID_pbe_WithSHA1And3_Key_TripleDES_CBC which should be the OpenSSL // equivalent. ScopedX509_SIG encrypted(PKCS8_encrypt_pbe( NID_pbe_WithSHA1And3_Key_TripleDES_CBC, nullptr, reinterpret_cast(password.data()), password.size(), nullptr, 0, iterations, pkcs8.get())); if (!encrypted.get()) return false; // Write it into |*output| return ExportKeyWithBio(encrypted.get(), reinterpret_cast(i2d_PKCS8_bio), output); } bool ECPrivateKey::ExportPublicKey(std::vector* output) { OpenSSLErrStackTracer err_tracer(FROM_HERE); uint8_t *der; size_t der_len; AutoCBB cbb; if (!CBB_init(cbb.get(), 0) || !EVP_marshal_public_key(cbb.get(), key_) || !CBB_finish(cbb.get(), &der, &der_len)) { return false; } output->assign(der, der + der_len); OPENSSL_free(der); return true; } bool ECPrivateKey::ExportRawPublicKey(std::string* output) { OpenSSLErrStackTracer err_tracer(FROM_HERE); // Export the x and y field elements as 32-byte, big-endian numbers. (This is // the same as X9.62 uncompressed form without the leading 0x04 byte.) EC_KEY* ec_key = EVP_PKEY_get0_EC_KEY(key_); ScopedBIGNUM x(BN_new()); ScopedBIGNUM y(BN_new()); uint8_t buf[64]; if (!x || !y || !EC_POINT_get_affine_coordinates_GFp(EC_KEY_get0_group(ec_key), EC_KEY_get0_public_key(ec_key), x.get(), y.get(), nullptr) || !BN_bn2bin_padded(buf, 32, x.get()) || !BN_bn2bin_padded(buf + 32, 32, y.get())) { return false; } output->assign(reinterpret_cast(buf), sizeof(buf)); return true; } bool ECPrivateKey::ExportValueForTesting(std::vector* output) { OpenSSLErrStackTracer err_tracer(FROM_HERE); EC_KEY* ec_key = EVP_PKEY_get0_EC_KEY(key_); uint8_t *der; size_t der_len; AutoCBB cbb; if (!CBB_init(cbb.get(), 0) || !EC_KEY_marshal_private_key(cbb.get(), ec_key, 0 /* enc_flags */) || !CBB_finish(cbb.get(), &der, &der_len)) { return false; } output->assign(der, der + der_len); OPENSSL_free(der); return true; } ECPrivateKey::ECPrivateKey() : key_(NULL) {} } // namespace crypto