1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "crypto/ec_private_key.h"
6
7 extern "C" {
8 // Work around NSS missing SEC_BEGIN_PROTOS in secmodt.h. This must come before
9 // other NSS headers.
10 #include <secmodt.h>
11 }
12
13 #include <cryptohi.h>
14 #include <keyhi.h>
15 #include <pk11pub.h>
16 #include <secmod.h>
17
18 #include "base/lazy_instance.h"
19 #include "base/logging.h"
20 #include "base/memory/scoped_ptr.h"
21 #include "crypto/nss_util.h"
22 #include "crypto/nss_util_internal.h"
23 #include "crypto/scoped_nss_types.h"
24 #include "crypto/third_party/nss/chromium-nss.h"
25
26 namespace {
27
GetTempKeySlot()28 PK11SlotInfo* GetTempKeySlot() {
29 return PK11_GetInternalSlot();
30 }
31
32 class EllipticCurveSupportChecker {
33 public:
EllipticCurveSupportChecker()34 EllipticCurveSupportChecker() {
35 // NOTE: we can do this check here only because we use the NSS internal
36 // slot. If we support other slots in the future, checking whether they
37 // support ECDSA may block NSS, and the value may also change as devices are
38 // inserted/removed, so we would need to re-check on every use.
39 crypto::EnsureNSSInit();
40 crypto::ScopedPK11Slot slot(GetTempKeySlot());
41 supported_ = PK11_DoesMechanism(slot.get(), CKM_EC_KEY_PAIR_GEN) &&
42 PK11_DoesMechanism(slot.get(), CKM_ECDSA);
43 }
44
Supported()45 bool Supported() {
46 return supported_;
47 }
48
49 private:
50 bool supported_;
51 };
52
53 static base::LazyInstance<EllipticCurveSupportChecker>::Leaky
54 g_elliptic_curve_supported = LAZY_INSTANCE_INITIALIZER;
55
56 // Copied from rsa_private_key_nss.cc.
ReadAttribute(SECKEYPrivateKey * key,CK_ATTRIBUTE_TYPE type,std::vector<uint8> * output)57 static bool ReadAttribute(SECKEYPrivateKey* key,
58 CK_ATTRIBUTE_TYPE type,
59 std::vector<uint8>* output) {
60 SECItem item;
61 SECStatus rv;
62 rv = PK11_ReadRawAttribute(PK11_TypePrivKey, key, type, &item);
63 if (rv != SECSuccess) {
64 DLOG(ERROR) << "PK11_ReadRawAttribute: " << PORT_GetError();
65 return false;
66 }
67
68 output->assign(item.data, item.data + item.len);
69 SECITEM_FreeItem(&item, PR_FALSE);
70 return true;
71 }
72
73 } // namespace
74
75 namespace crypto {
76
~ECPrivateKey()77 ECPrivateKey::~ECPrivateKey() {
78 if (key_)
79 SECKEY_DestroyPrivateKey(key_);
80 if (public_key_)
81 SECKEY_DestroyPublicKey(public_key_);
82 }
83
84 // static
IsSupported()85 bool ECPrivateKey::IsSupported() {
86 return g_elliptic_curve_supported.Get().Supported();
87 }
88
89 // static
Create()90 ECPrivateKey* ECPrivateKey::Create() {
91 EnsureNSSInit();
92
93 ScopedPK11Slot slot(GetTempKeySlot());
94 return CreateWithParams(slot.get(),
95 false /* not permanent */,
96 false /* not sensitive */);
97 }
98
99 #if defined(USE_NSS)
100 // static
CreateSensitive(PK11SlotInfo * slot)101 ECPrivateKey* ECPrivateKey::CreateSensitive(PK11SlotInfo* slot) {
102 return CreateWithParams(
103 slot, true /* permanent */, true /* sensitive */);
104 }
105 #endif
106
107 // static
CreateFromEncryptedPrivateKeyInfo(const std::string & password,const std::vector<uint8> & encrypted_private_key_info,const std::vector<uint8> & subject_public_key_info)108 ECPrivateKey* ECPrivateKey::CreateFromEncryptedPrivateKeyInfo(
109 const std::string& password,
110 const std::vector<uint8>& encrypted_private_key_info,
111 const std::vector<uint8>& subject_public_key_info) {
112 EnsureNSSInit();
113
114 ScopedPK11Slot slot(GetTempKeySlot());
115 return CreateFromEncryptedPrivateKeyInfoWithParams(
116 slot.get(),
117 password,
118 encrypted_private_key_info,
119 subject_public_key_info,
120 false /* not permanent */,
121 false /* not sensitive */);
122 }
123
124 #if defined(USE_NSS)
125 // static
CreateSensitiveFromEncryptedPrivateKeyInfo(PK11SlotInfo * slot,const std::string & password,const std::vector<uint8> & encrypted_private_key_info,const std::vector<uint8> & subject_public_key_info)126 ECPrivateKey* ECPrivateKey::CreateSensitiveFromEncryptedPrivateKeyInfo(
127 PK11SlotInfo* slot,
128 const std::string& password,
129 const std::vector<uint8>& encrypted_private_key_info,
130 const std::vector<uint8>& subject_public_key_info) {
131 return CreateFromEncryptedPrivateKeyInfoWithParams(
132 slot,
133 password,
134 encrypted_private_key_info,
135 subject_public_key_info,
136 true /* permanent */,
137 true /* sensitive */);
138 }
139 #endif
140
141 // static
ImportFromEncryptedPrivateKeyInfo(PK11SlotInfo * slot,const std::string & password,const uint8 * encrypted_private_key_info,size_t encrypted_private_key_info_len,CERTSubjectPublicKeyInfo * decoded_spki,bool permanent,bool sensitive,SECKEYPrivateKey ** key,SECKEYPublicKey ** public_key)142 bool ECPrivateKey::ImportFromEncryptedPrivateKeyInfo(
143 PK11SlotInfo* slot,
144 const std::string& password,
145 const uint8* encrypted_private_key_info,
146 size_t encrypted_private_key_info_len,
147 CERTSubjectPublicKeyInfo* decoded_spki,
148 bool permanent,
149 bool sensitive,
150 SECKEYPrivateKey** key,
151 SECKEYPublicKey** public_key) {
152 if (!slot)
153 return false;
154
155 *public_key = SECKEY_ExtractPublicKey(decoded_spki);
156
157 if (!*public_key) {
158 DLOG(ERROR) << "SECKEY_ExtractPublicKey: " << PORT_GetError();
159 return false;
160 }
161
162 if (SECKEY_GetPublicKeyType(*public_key) != ecKey) {
163 DLOG(ERROR) << "The public key is not an EC key";
164 SECKEY_DestroyPublicKey(*public_key);
165 *public_key = NULL;
166 return false;
167 }
168
169 SECItem encoded_epki = {
170 siBuffer,
171 const_cast<unsigned char*>(encrypted_private_key_info),
172 static_cast<unsigned>(encrypted_private_key_info_len)
173 };
174 SECKEYEncryptedPrivateKeyInfo epki;
175 memset(&epki, 0, sizeof(epki));
176
177 ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
178
179 SECStatus rv = SEC_QuickDERDecodeItem(
180 arena.get(),
181 &epki,
182 SEC_ASN1_GET(SECKEY_EncryptedPrivateKeyInfoTemplate),
183 &encoded_epki);
184 if (rv != SECSuccess) {
185 DLOG(ERROR) << "SEC_QuickDERDecodeItem: " << PORT_GetError();
186 SECKEY_DestroyPublicKey(*public_key);
187 *public_key = NULL;
188 return false;
189 }
190
191 SECItem password_item = {
192 siBuffer,
193 reinterpret_cast<unsigned char*>(const_cast<char*>(password.data())),
194 static_cast<unsigned>(password.size())
195 };
196
197 rv = ImportEncryptedECPrivateKeyInfoAndReturnKey(
198 slot,
199 &epki,
200 &password_item,
201 NULL, // nickname
202 &(*public_key)->u.ec.publicValue,
203 permanent,
204 sensitive,
205 key,
206 NULL); // wincx
207 if (rv != SECSuccess) {
208 DLOG(ERROR) << "ImportEncryptedECPrivateKeyInfoAndReturnKey: "
209 << PORT_GetError();
210 SECKEY_DestroyPublicKey(*public_key);
211 *public_key = NULL;
212 return false;
213 }
214
215 return true;
216 }
217
Copy() const218 ECPrivateKey* ECPrivateKey::Copy() const {
219 scoped_ptr<ECPrivateKey> copy(new ECPrivateKey);
220 if (key_) {
221 copy->key_ = SECKEY_CopyPrivateKey(key_);
222 if (!copy->key_)
223 return NULL;
224 }
225 if (public_key_) {
226 copy->public_key_ = SECKEY_CopyPublicKey(public_key_);
227 if (!copy->public_key_)
228 return NULL;
229 }
230 return copy.release();
231 }
232
ExportEncryptedPrivateKey(const std::string & password,int iterations,std::vector<uint8> * output)233 bool ECPrivateKey::ExportEncryptedPrivateKey(
234 const std::string& password,
235 int iterations,
236 std::vector<uint8>* output) {
237 // We export as an EncryptedPrivateKeyInfo bundle instead of a plain PKCS #8
238 // PrivateKeyInfo because PK11_ImportDERPrivateKeyInfoAndReturnKey doesn't
239 // support EC keys.
240 // https://bugzilla.mozilla.org/show_bug.cgi?id=327773
241 SECItem password_item = {
242 siBuffer,
243 reinterpret_cast<unsigned char*>(const_cast<char*>(password.data())),
244 static_cast<unsigned>(password.size())
245 };
246
247 SECKEYEncryptedPrivateKeyInfo* encrypted = PK11_ExportEncryptedPrivKeyInfo(
248 NULL, // Slot, optional.
249 SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC,
250 &password_item,
251 key_,
252 iterations,
253 NULL); // wincx.
254
255 if (!encrypted) {
256 DLOG(ERROR) << "PK11_ExportEncryptedPrivKeyInfo: " << PORT_GetError();
257 return false;
258 }
259
260 ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
261 SECItem der_key = {siBuffer, NULL, 0};
262 SECItem* encoded_item = SEC_ASN1EncodeItem(
263 arena.get(),
264 &der_key,
265 encrypted,
266 SEC_ASN1_GET(SECKEY_EncryptedPrivateKeyInfoTemplate));
267 SECKEY_DestroyEncryptedPrivateKeyInfo(encrypted, PR_TRUE);
268 if (!encoded_item) {
269 DLOG(ERROR) << "SEC_ASN1EncodeItem: " << PORT_GetError();
270 return false;
271 }
272
273 output->assign(der_key.data, der_key.data + der_key.len);
274
275 return true;
276 }
277
ExportPublicKey(std::vector<uint8> * output)278 bool ECPrivateKey::ExportPublicKey(std::vector<uint8>* output) {
279 ScopedSECItem der_pubkey(
280 SECKEY_EncodeDERSubjectPublicKeyInfo(public_key_));
281 if (!der_pubkey.get()) {
282 return false;
283 }
284
285 output->assign(der_pubkey->data, der_pubkey->data + der_pubkey->len);
286 return true;
287 }
288
ExportRawPublicKey(std::string * output)289 bool ECPrivateKey::ExportRawPublicKey(std::string* output) {
290 // public_key_->u.ec.publicValue is an ANSI X9.62 public key which, for
291 // a P-256 key, is 0x04 (meaning uncompressed) followed by the x and y field
292 // elements as 32-byte, big-endian numbers.
293 static const unsigned int kExpectedKeyLength = 65;
294
295 CHECK_EQ(ecKey, SECKEY_GetPublicKeyType(public_key_));
296 const unsigned char* const data = public_key_->u.ec.publicValue.data;
297 const unsigned int len = public_key_->u.ec.publicValue.len;
298 if (len != kExpectedKeyLength || data[0] != 0x04)
299 return false;
300
301 output->assign(reinterpret_cast<const char*>(data + 1),
302 kExpectedKeyLength - 1);
303 return true;
304 }
305
ExportValue(std::vector<uint8> * output)306 bool ECPrivateKey::ExportValue(std::vector<uint8>* output) {
307 return ReadAttribute(key_, CKA_VALUE, output);
308 }
309
ExportECParams(std::vector<uint8> * output)310 bool ECPrivateKey::ExportECParams(std::vector<uint8>* output) {
311 return ReadAttribute(key_, CKA_EC_PARAMS, output);
312 }
313
ECPrivateKey()314 ECPrivateKey::ECPrivateKey() : key_(NULL), public_key_(NULL) {}
315
316 // static
CreateWithParams(PK11SlotInfo * slot,bool permanent,bool sensitive)317 ECPrivateKey* ECPrivateKey::CreateWithParams(PK11SlotInfo* slot,
318 bool permanent,
319 bool sensitive) {
320 if (!slot)
321 return NULL;
322
323 scoped_ptr<ECPrivateKey> result(new ECPrivateKey);
324
325 SECOidData* oid_data = SECOID_FindOIDByTag(SEC_OID_SECG_EC_SECP256R1);
326 if (!oid_data) {
327 DLOG(ERROR) << "SECOID_FindOIDByTag: " << PORT_GetError();
328 return NULL;
329 }
330
331 // SECKEYECParams is a SECItem containing the DER encoded ASN.1 ECParameters
332 // value. For a named curve, that is just the OBJECT IDENTIFIER of the curve.
333 // In addition to the oid data, the encoding requires one byte for the ASN.1
334 // tag and one byte for the length (assuming the length is <= 127).
335 DCHECK_LE(oid_data->oid.len, 127U);
336 std::vector<unsigned char> parameters_buf(2 + oid_data->oid.len);
337 SECKEYECParams ec_parameters = {
338 siDEROID, ¶meters_buf[0],
339 static_cast<unsigned>(parameters_buf.size())
340 };
341
342 ec_parameters.data[0] = SEC_ASN1_OBJECT_ID;
343 ec_parameters.data[1] = oid_data->oid.len;
344 memcpy(ec_parameters.data + 2, oid_data->oid.data, oid_data->oid.len);
345
346 result->key_ = PK11_GenerateKeyPair(slot,
347 CKM_EC_KEY_PAIR_GEN,
348 &ec_parameters,
349 &result->public_key_,
350 permanent,
351 sensitive,
352 NULL);
353 if (!result->key_) {
354 DLOG(ERROR) << "PK11_GenerateKeyPair: " << PORT_GetError();
355 return NULL;
356 }
357 CHECK_EQ(ecKey, SECKEY_GetPublicKeyType(result->public_key_));
358
359 return result.release();
360 }
361
362 // static
CreateFromEncryptedPrivateKeyInfoWithParams(PK11SlotInfo * slot,const std::string & password,const std::vector<uint8> & encrypted_private_key_info,const std::vector<uint8> & subject_public_key_info,bool permanent,bool sensitive)363 ECPrivateKey* ECPrivateKey::CreateFromEncryptedPrivateKeyInfoWithParams(
364 PK11SlotInfo* slot,
365 const std::string& password,
366 const std::vector<uint8>& encrypted_private_key_info,
367 const std::vector<uint8>& subject_public_key_info,
368 bool permanent,
369 bool sensitive) {
370 scoped_ptr<ECPrivateKey> result(new ECPrivateKey);
371
372 SECItem encoded_spki = {
373 siBuffer,
374 const_cast<unsigned char*>(&subject_public_key_info[0]),
375 static_cast<unsigned>(subject_public_key_info.size())
376 };
377 CERTSubjectPublicKeyInfo* decoded_spki = SECKEY_DecodeDERSubjectPublicKeyInfo(
378 &encoded_spki);
379 if (!decoded_spki) {
380 DLOG(ERROR) << "SECKEY_DecodeDERSubjectPublicKeyInfo: " << PORT_GetError();
381 return NULL;
382 }
383
384 bool success = ImportFromEncryptedPrivateKeyInfo(
385 slot,
386 password,
387 &encrypted_private_key_info[0],
388 encrypted_private_key_info.size(),
389 decoded_spki,
390 permanent,
391 sensitive,
392 &result->key_,
393 &result->public_key_);
394
395 SECKEY_DestroySubjectPublicKeyInfo(decoded_spki);
396
397 if (success) {
398 CHECK_EQ(ecKey, SECKEY_GetPublicKeyType(result->public_key_));
399 return result.release();
400 }
401
402 return NULL;
403 }
404
405 } // namespace crypto
406