• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef CRYPTO_RSA_PRIVATE_KEY_H_
6 #define CRYPTO_RSA_PRIVATE_KEY_H_
7 
8 #include "build/build_config.h"
9 
10 #include <list>
11 #include <vector>
12 
13 #include "base/basictypes.h"
14 #include "crypto/crypto_export.h"
15 
16 #if defined(USE_NSS)
17 #include "base/gtest_prod_util.h"
18 #endif
19 
20 #if defined(USE_OPENSSL)
21 // Forward declaration for openssl/*.h
22 typedef struct evp_pkey_st EVP_PKEY;
23 #else
24 // Forward declaration.
25 typedef struct PK11SlotInfoStr PK11SlotInfo;
26 typedef struct SECKEYPrivateKeyStr SECKEYPrivateKey;
27 typedef struct SECKEYPublicKeyStr SECKEYPublicKey;
28 #endif
29 
30 
31 namespace crypto {
32 
33 // Used internally by RSAPrivateKey for serializing and deserializing
34 // PKCS #8 PrivateKeyInfo and PublicKeyInfo.
35 class PrivateKeyInfoCodec {
36  public:
37 
38   // ASN.1 encoding of the AlgorithmIdentifier from PKCS #8.
39   static const uint8 kRsaAlgorithmIdentifier[];
40 
41   // ASN.1 tags for some types we use.
42   static const uint8 kBitStringTag = 0x03;
43   static const uint8 kIntegerTag = 0x02;
44   static const uint8 kNullTag = 0x05;
45   static const uint8 kOctetStringTag = 0x04;
46   static const uint8 kSequenceTag = 0x30;
47 
48   // |big_endian| here specifies the byte-significance of the integer components
49   // that will be parsed & serialized (modulus(), etc...) during Import(),
50   // Export() and ExportPublicKeyInfo() -- not the ASN.1 DER encoding of the
51   // PrivateKeyInfo/PublicKeyInfo (which is always big-endian).
52   explicit PrivateKeyInfoCodec(bool big_endian);
53 
54   ~PrivateKeyInfoCodec();
55 
56   // Exports the contents of the integer components to the ASN.1 DER encoding
57   // of the PrivateKeyInfo structure to |output|.
58   bool Export(std::vector<uint8>* output);
59 
60   // Exports the contents of the integer components to the ASN.1 DER encoding
61   // of the PublicKeyInfo structure to |output|.
62   bool ExportPublicKeyInfo(std::vector<uint8>* output);
63 
64   // Exports the contents of the integer components to the ASN.1 DER encoding
65   // of the RSAPublicKey structure to |output|.
66   bool ExportPublicKey(std::vector<uint8>* output);
67 
68   // Parses the ASN.1 DER encoding of the PrivateKeyInfo structure in |input|
69   // and populates the integer components with |big_endian_| byte-significance.
70   // IMPORTANT NOTE: This is currently *not* security-approved for importing
71   // keys from unstrusted sources.
72   bool Import(const std::vector<uint8>& input);
73 
74   // Accessors to the contents of the integer components of the PrivateKeyInfo
75   // structure.
modulus()76   std::vector<uint8>* modulus() { return &modulus_; };
public_exponent()77   std::vector<uint8>* public_exponent() { return &public_exponent_; };
private_exponent()78   std::vector<uint8>* private_exponent() { return &private_exponent_; };
prime1()79   std::vector<uint8>* prime1() { return &prime1_; };
prime2()80   std::vector<uint8>* prime2() { return &prime2_; };
exponent1()81   std::vector<uint8>* exponent1() { return &exponent1_; };
exponent2()82   std::vector<uint8>* exponent2() { return &exponent2_; };
coefficient()83   std::vector<uint8>* coefficient() { return &coefficient_; };
84 
85  private:
86   // Utility wrappers for PrependIntegerImpl that use the class's |big_endian_|
87   // value.
88   void PrependInteger(const std::vector<uint8>& in, std::list<uint8>* out);
89   void PrependInteger(uint8* val, int num_bytes, std::list<uint8>* data);
90 
91   // Prepends the integer stored in |val| - |val + num_bytes| with |big_endian|
92   // byte-significance into |data| as an ASN.1 integer.
93   void PrependIntegerImpl(uint8* val,
94                           int num_bytes,
95                           std::list<uint8>* data,
96                           bool big_endian);
97 
98   // Utility wrappers for ReadIntegerImpl that use the class's |big_endian_|
99   // value.
100   bool ReadInteger(uint8** pos, uint8* end, std::vector<uint8>* out);
101   bool ReadIntegerWithExpectedSize(uint8** pos,
102                                    uint8* end,
103                                    size_t expected_size,
104                                    std::vector<uint8>* out);
105 
106   // Reads an ASN.1 integer from |pos|, and stores the result into |out| with
107   // |big_endian| byte-significance.
108   bool ReadIntegerImpl(uint8** pos,
109                        uint8* end,
110                        std::vector<uint8>* out,
111                        bool big_endian);
112 
113   // Prepends the integer stored in |val|, starting a index |start|, for
114   // |num_bytes| bytes onto |data|.
115   void PrependBytes(uint8* val,
116                     int start,
117                     int num_bytes,
118                     std::list<uint8>* data);
119 
120   // Helper to prepend an ASN.1 length field.
121   void PrependLength(size_t size, std::list<uint8>* data);
122 
123   // Helper to prepend an ASN.1 type header.
124   void PrependTypeHeaderAndLength(uint8 type,
125                                   uint32 length,
126                                   std::list<uint8>* output);
127 
128   // Helper to prepend an ASN.1 bit string
129   void PrependBitString(uint8* val, int num_bytes, std::list<uint8>* output);
130 
131   // Read an ASN.1 length field. This also checks that the length does not
132   // extend beyond |end|.
133   bool ReadLength(uint8** pos, uint8* end, uint32* result);
134 
135   // Read an ASN.1 type header and its length.
136   bool ReadTypeHeaderAndLength(uint8** pos,
137                                uint8* end,
138                                uint8 expected_tag,
139                                uint32* length);
140 
141   // Read an ASN.1 sequence declaration. This consumes the type header and
142   // length field, but not the contents of the sequence.
143   bool ReadSequence(uint8** pos, uint8* end);
144 
145   // Read the RSA AlgorithmIdentifier.
146   bool ReadAlgorithmIdentifier(uint8** pos, uint8* end);
147 
148   // Read one of the two version fields in PrivateKeyInfo.
149   bool ReadVersion(uint8** pos, uint8* end);
150 
151   // The byte-significance of the stored components (modulus, etc..).
152   bool big_endian_;
153 
154   // Component integers of the PrivateKeyInfo
155   std::vector<uint8> modulus_;
156   std::vector<uint8> public_exponent_;
157   std::vector<uint8> private_exponent_;
158   std::vector<uint8> prime1_;
159   std::vector<uint8> prime2_;
160   std::vector<uint8> exponent1_;
161   std::vector<uint8> exponent2_;
162   std::vector<uint8> coefficient_;
163 
164   DISALLOW_COPY_AND_ASSIGN(PrivateKeyInfoCodec);
165 };
166 
167 // Encapsulates an RSA private key. Can be used to generate new keys, export
168 // keys to other formats, or to extract a public key.
169 // TODO(hclam): This class should be ref-counted so it can be reused easily.
170 class CRYPTO_EXPORT RSAPrivateKey {
171  public:
172   ~RSAPrivateKey();
173 
174   // Create a new random instance. Can return NULL if initialization fails.
175   static RSAPrivateKey* Create(uint16 num_bits);
176 
177   // Create a new instance by importing an existing private key. The format is
178   // an ASN.1-encoded PrivateKeyInfo block from PKCS #8. This can return NULL if
179   // initialization fails.
180   static RSAPrivateKey* CreateFromPrivateKeyInfo(
181       const std::vector<uint8>& input);
182 
183 #if defined(USE_NSS)
184   // Create a new random instance in |slot|. Can return NULL if initialization
185   // fails.  The created key is permanent and is not exportable in plaintext
186   // form.
187   static RSAPrivateKey* CreateSensitive(PK11SlotInfo* slot, uint16 num_bits);
188 
189   // Create a new instance in |slot| by importing an existing private key. The
190   // format is an ASN.1-encoded PrivateKeyInfo block from PKCS #8. This can
191   // return NULL if initialization fails.
192   // The created key is permanent and is not exportable in plaintext form.
193   static RSAPrivateKey* CreateSensitiveFromPrivateKeyInfo(
194       PK11SlotInfo* slot,
195       const std::vector<uint8>& input);
196 
197   // Create a new instance by referencing an existing private key
198   // structure.  Does not import the key.
199   static RSAPrivateKey* CreateFromKey(SECKEYPrivateKey* key);
200 
201   // Import an existing public key, and then search for the private
202   // half in the key database. The format of the public key blob is is
203   // an X509 SubjectPublicKeyInfo block. This can return NULL if
204   // initialization fails or the private key cannot be found.  The
205   // caller takes ownership of the returned object, but nothing new is
206   // created in the key database.
207   static RSAPrivateKey* FindFromPublicKeyInfo(
208       const std::vector<uint8>& input);
209 
210   // Import an existing public key, and then search for the private
211   // half in the slot specified by |slot|. The format of the public
212   // key blob is is an X509 SubjectPublicKeyInfo block. This can return
213   // NULL if initialization fails or the private key cannot be found.
214   // The caller takes ownership of the returned object, but nothing new
215   // is created in the slot.
216   static RSAPrivateKey* FindFromPublicKeyInfoInSlot(
217       const std::vector<uint8>& input,
218       PK11SlotInfo* slot);
219 #elif defined(USE_OPENSSL)
220   // Create a new instance from an existing EVP_PKEY, taking a
221   // reference to it. |key| must be an RSA key. Returns NULL on
222   // failure.
223   static RSAPrivateKey* CreateFromKey(EVP_PKEY* key);
224 
225 #endif
226 
227 #if defined(USE_OPENSSL)
key()228   EVP_PKEY* key() { return key_; }
229 #else
key()230   SECKEYPrivateKey* key() { return key_; }
public_key()231   SECKEYPublicKey* public_key() { return public_key_; }
232 #endif
233 
234   // Creates a copy of the object.
235   RSAPrivateKey* Copy() const;
236 
237   // Exports the private key to a PKCS #1 PrivateKey block.
238   bool ExportPrivateKey(std::vector<uint8>* output) const;
239 
240   // Exports the public key to an X509 SubjectPublicKeyInfo block.
241   bool ExportPublicKey(std::vector<uint8>* output) const;
242 
243  private:
244 #if defined(USE_NSS)
245   FRIEND_TEST_ALL_PREFIXES(RSAPrivateKeyNSSTest, FindFromPublicKey);
246   FRIEND_TEST_ALL_PREFIXES(RSAPrivateKeyNSSTest, FailedFindFromPublicKey);
247 #endif
248 
249   // Constructor is private. Use one of the Create*() or Find*()
250   // methods above instead.
251   RSAPrivateKey();
252 
253 #if !defined(USE_OPENSSL)
254   // Shared helper for Create() and CreateSensitive().
255   // TODO(cmasone): consider replacing |permanent| and |sensitive| with a
256   //                flags arg created by ORing together some enumerated values.
257   // Note: |permanent| is only supported when USE_NSS is defined.
258   static RSAPrivateKey* CreateWithParams(PK11SlotInfo* slot,
259                                          uint16 num_bits,
260                                          bool permanent,
261                                          bool sensitive);
262 
263   // Shared helper for CreateFromPrivateKeyInfo() and
264   // CreateSensitiveFromPrivateKeyInfo().
265   // Note: |permanent| is only supported when USE_NSS is defined.
266   static RSAPrivateKey* CreateFromPrivateKeyInfoWithParams(
267       PK11SlotInfo* slot,
268       const std::vector<uint8>& input,
269       bool permanent,
270       bool sensitive);
271 #endif
272 
273 #if defined(USE_NSS)
274   // Import an existing public key. The format of the public key blob
275   // is an X509 SubjectPublicKeyInfo block. This can return NULL if
276   // initialization fails.  The caller takes ownership of the returned
277   // object. Note that this method doesn't initialize the |key_| member.
278   static RSAPrivateKey* InitPublicPart(const std::vector<uint8>& input);
279 #endif
280 
281 #if defined(USE_OPENSSL)
282   EVP_PKEY* key_;
283 #else
284   SECKEYPrivateKey* key_;
285   SECKEYPublicKey* public_key_;
286 #endif
287 
288   DISALLOW_COPY_AND_ASSIGN(RSAPrivateKey);
289 };
290 
291 }  // namespace crypto
292 
293 #endif  // CRYPTO_RSA_PRIVATE_KEY_H_
294