1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "crypto/ec_private_key.h"
6
7 #include <openssl/ec.h>
8 #include <openssl/evp.h>
9 #include <openssl/pkcs12.h>
10 #include <openssl/x509.h>
11
12 #include "base/logging.h"
13 #include "base/memory/scoped_ptr.h"
14 #include "crypto/openssl_util.h"
15 #include "crypto/scoped_openssl_types.h"
16
17 namespace crypto {
18
19 namespace {
20
21 // Function pointer definition, for injecting the required key export function
22 // into ExportKeyWithBio, below. |bio| is a temporary memory BIO object, and
23 // |key| is a handle to the input key object. Return 1 on success, 0 otherwise.
24 // NOTE: Used with OpenSSL functions, which do not comply with the Chromium
25 // style guide, hence the unusual parameter placement / types.
26 typedef int (*ExportBioFunction)(BIO* bio, const void* key);
27
28 typedef ScopedOpenSSL<PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_free>::Type
29 ScopedPKCS8_PRIV_KEY_INFO;
30 typedef ScopedOpenSSL<X509_SIG, X509_SIG_free>::Type ScopedX509_SIG;
31
32 // Helper to export |key| into |output| via the specified ExportBioFunction.
ExportKeyWithBio(const void * key,ExportBioFunction export_fn,std::vector<uint8> * output)33 bool ExportKeyWithBio(const void* key,
34 ExportBioFunction export_fn,
35 std::vector<uint8>* output) {
36 if (!key)
37 return false;
38
39 ScopedBIO bio(BIO_new(BIO_s_mem()));
40 if (!bio.get())
41 return false;
42
43 if (!export_fn(bio.get(), key))
44 return false;
45
46 char* data = NULL;
47 long len = BIO_get_mem_data(bio.get(), &data);
48 if (!data || len < 0)
49 return false;
50
51 output->assign(data, data + len);
52 return true;
53 }
54
55 // Function pointer definition, for injecting the required key export function
56 // into ExportKey below. |key| is a pointer to the input key object,
57 // and |data| is either NULL, or the address of an 'unsigned char*' pointer
58 // that points to the start of the output buffer. The function must return
59 // the number of bytes required to export the data, or -1 in case of error.
60 typedef int (*ExportDataFunction)(const void* key, unsigned char** data);
61
62 // Helper to export |key| into |output| via the specified export function.
ExportKey(const void * key,ExportDataFunction export_fn,std::vector<uint8> * output)63 bool ExportKey(const void* key,
64 ExportDataFunction export_fn,
65 std::vector<uint8>* output) {
66 if (!key)
67 return false;
68
69 int data_len = export_fn(key, NULL);
70 if (data_len < 0)
71 return false;
72
73 output->resize(static_cast<size_t>(data_len));
74 unsigned char* data = &(*output)[0];
75 if (export_fn(key, &data) < 0)
76 return false;
77
78 return true;
79 }
80
81 } // namespace
82
~ECPrivateKey()83 ECPrivateKey::~ECPrivateKey() {
84 if (key_)
85 EVP_PKEY_free(key_);
86 }
87
88 // static
IsSupported()89 bool ECPrivateKey::IsSupported() { return true; }
90
91 // static
Create()92 ECPrivateKey* ECPrivateKey::Create() {
93 OpenSSLErrStackTracer err_tracer(FROM_HERE);
94
95 ScopedEC_KEY ec_key(EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
96 if (!ec_key.get() || !EC_KEY_generate_key(ec_key.get()))
97 return NULL;
98
99 scoped_ptr<ECPrivateKey> result(new ECPrivateKey());
100 result->key_ = EVP_PKEY_new();
101 if (!result->key_ || !EVP_PKEY_set1_EC_KEY(result->key_, ec_key.get()))
102 return NULL;
103
104 CHECK_EQ(EVP_PKEY_EC, EVP_PKEY_type(result->key_->type));
105 return result.release();
106 }
107
108 // static
CreateFromEncryptedPrivateKeyInfo(const std::string & password,const std::vector<uint8> & encrypted_private_key_info,const std::vector<uint8> & subject_public_key_info)109 ECPrivateKey* ECPrivateKey::CreateFromEncryptedPrivateKeyInfo(
110 const std::string& password,
111 const std::vector<uint8>& encrypted_private_key_info,
112 const std::vector<uint8>& subject_public_key_info) {
113 // NOTE: The |subject_public_key_info| can be ignored here, it is only
114 // useful for the NSS implementation (which uses the public key's SHA1
115 // as a lookup key when storing the private one in its store).
116 if (encrypted_private_key_info.empty())
117 return NULL;
118
119 OpenSSLErrStackTracer err_tracer(FROM_HERE);
120
121 const uint8_t* data = &encrypted_private_key_info[0];
122 const uint8_t* ptr = data;
123 ScopedX509_SIG p8_encrypted(
124 d2i_X509_SIG(NULL, &ptr, encrypted_private_key_info.size()));
125 if (!p8_encrypted || ptr != data + encrypted_private_key_info.size())
126 return NULL;
127
128 ScopedPKCS8_PRIV_KEY_INFO p8_decrypted;
129 if (password.empty()) {
130 // Hack for reading keys generated by an older version of the OpenSSL
131 // code. OpenSSL used to use "\0\0" rather than the empty string because it
132 // would treat the password as an ASCII string to be converted to UCS-2
133 // while NSS used a byte string.
134 p8_decrypted.reset(PKCS8_decrypt_pbe(
135 p8_encrypted.get(), reinterpret_cast<const uint8_t*>("\0\0"), 2));
136 }
137 if (!p8_decrypted) {
138 p8_decrypted.reset(PKCS8_decrypt_pbe(
139 p8_encrypted.get(),
140 reinterpret_cast<const uint8_t*>(password.data()),
141 password.size()));
142 }
143
144 if (!p8_decrypted)
145 return NULL;
146
147 // Create a new EVP_PKEY for it.
148 scoped_ptr<ECPrivateKey> result(new ECPrivateKey);
149 result->key_ = EVP_PKCS82PKEY(p8_decrypted.get());
150 if (!result->key_ || EVP_PKEY_type(result->key_->type) != EVP_PKEY_EC)
151 return NULL;
152
153 return result.release();
154 }
155
ExportEncryptedPrivateKey(const std::string & password,int iterations,std::vector<uint8> * output)156 bool ECPrivateKey::ExportEncryptedPrivateKey(
157 const std::string& password,
158 int iterations,
159 std::vector<uint8>* output) {
160 OpenSSLErrStackTracer err_tracer(FROM_HERE);
161 // Convert into a PKCS#8 object.
162 ScopedPKCS8_PRIV_KEY_INFO pkcs8(EVP_PKEY2PKCS8(key_));
163 if (!pkcs8.get())
164 return false;
165
166 // Encrypt the object.
167 // NOTE: NSS uses SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC
168 // so use NID_pbe_WithSHA1And3_Key_TripleDES_CBC which should be the OpenSSL
169 // equivalent.
170 ScopedX509_SIG encrypted(PKCS8_encrypt_pbe(
171 NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
172 reinterpret_cast<const uint8_t*>(password.data()),
173 password.size(),
174 NULL,
175 0,
176 iterations,
177 pkcs8.get()));
178 if (!encrypted.get())
179 return false;
180
181 // Write it into |*output|
182 return ExportKeyWithBio(encrypted.get(),
183 reinterpret_cast<ExportBioFunction>(i2d_PKCS8_bio),
184 output);
185 }
186
ExportPublicKey(std::vector<uint8> * output)187 bool ECPrivateKey::ExportPublicKey(std::vector<uint8>* output) {
188 OpenSSLErrStackTracer err_tracer(FROM_HERE);
189 return ExportKeyWithBio(
190 key_, reinterpret_cast<ExportBioFunction>(i2d_PUBKEY_bio), output);
191 }
192
ExportRawPublicKey(std::string * output)193 bool ECPrivateKey::ExportRawPublicKey(std::string* output) {
194 // i2d_PublicKey will produce an ANSI X9.62 public key which, for a P-256
195 // key, is 0x04 (meaning uncompressed) followed by the x and y field
196 // elements as 32-byte, big-endian numbers.
197 static const int kExpectedKeyLength = 65;
198
199 int len = i2d_PublicKey(key_, NULL);
200 if (len != kExpectedKeyLength)
201 return false;
202
203 uint8 buf[kExpectedKeyLength];
204 uint8* derp = buf;
205 len = i2d_PublicKey(key_, &derp);
206 if (len != kExpectedKeyLength)
207 return false;
208
209 output->assign(reinterpret_cast<char*>(buf + 1), kExpectedKeyLength - 1);
210 return true;
211 }
212
ExportValue(std::vector<uint8> * output)213 bool ECPrivateKey::ExportValue(std::vector<uint8>* output) {
214 OpenSSLErrStackTracer err_tracer(FROM_HERE);
215 ScopedEC_KEY ec_key(EVP_PKEY_get1_EC_KEY(key_));
216 return ExportKey(ec_key.get(),
217 reinterpret_cast<ExportDataFunction>(i2d_ECPrivateKey),
218 output);
219 }
220
ExportECParams(std::vector<uint8> * output)221 bool ECPrivateKey::ExportECParams(std::vector<uint8>* output) {
222 OpenSSLErrStackTracer err_tracer(FROM_HERE);
223 ScopedEC_KEY ec_key(EVP_PKEY_get1_EC_KEY(key_));
224 return ExportKey(ec_key.get(),
225 reinterpret_cast<ExportDataFunction>(i2d_ECParameters),
226 output);
227 }
228
ECPrivateKey()229 ECPrivateKey::ECPrivateKey() : key_(NULL) {}
230
231 } // namespace crypto
232