151 lines
4.1 KiB
C++
151 lines
4.1 KiB
C++
// Copyright (c) 2011 The Chromium Authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
#include "crypto/rsa_private_key.h"
|
|
|
|
#include <cryptohi.h>
|
|
#include <keyhi.h>
|
|
#include <pk11pub.h>
|
|
#include <stdint.h>
|
|
|
|
#include <list>
|
|
|
|
#include "base/logging.h"
|
|
#include "base/memory/scoped_ptr.h"
|
|
#include "base/strings/string_util.h"
|
|
#include "crypto/nss_key_util.h"
|
|
#include "crypto/nss_util.h"
|
|
#include "crypto/scoped_nss_types.h"
|
|
|
|
// TODO(rafaelw): Consider using NSS's ASN.1 encoder.
|
|
namespace {
|
|
|
|
static bool ReadAttribute(SECKEYPrivateKey* key,
|
|
CK_ATTRIBUTE_TYPE type,
|
|
std::vector<uint8_t>* output) {
|
|
SECItem item;
|
|
SECStatus rv;
|
|
rv = PK11_ReadRawAttribute(PK11_TypePrivKey, key, type, &item);
|
|
if (rv != SECSuccess) {
|
|
NOTREACHED();
|
|
return false;
|
|
}
|
|
|
|
output->assign(item.data, item.data + item.len);
|
|
SECITEM_FreeItem(&item, PR_FALSE);
|
|
return true;
|
|
}
|
|
|
|
} // namespace
|
|
|
|
namespace crypto {
|
|
|
|
RSAPrivateKey::~RSAPrivateKey() {
|
|
if (key_)
|
|
SECKEY_DestroyPrivateKey(key_);
|
|
if (public_key_)
|
|
SECKEY_DestroyPublicKey(public_key_);
|
|
}
|
|
|
|
// static
|
|
RSAPrivateKey* RSAPrivateKey::Create(uint16_t num_bits) {
|
|
EnsureNSSInit();
|
|
|
|
ScopedPK11Slot slot(PK11_GetInternalSlot());
|
|
if (!slot) {
|
|
NOTREACHED();
|
|
return nullptr;
|
|
}
|
|
|
|
ScopedSECKEYPublicKey public_key;
|
|
ScopedSECKEYPrivateKey private_key;
|
|
if (!GenerateRSAKeyPairNSS(slot.get(), num_bits, false /* not permanent */,
|
|
&public_key, &private_key)) {
|
|
return nullptr;
|
|
}
|
|
|
|
RSAPrivateKey* rsa_key = new RSAPrivateKey;
|
|
rsa_key->public_key_ = public_key.release();
|
|
rsa_key->key_ = private_key.release();
|
|
return rsa_key;
|
|
}
|
|
|
|
// static
|
|
RSAPrivateKey* RSAPrivateKey::CreateFromPrivateKeyInfo(
|
|
const std::vector<uint8_t>& input) {
|
|
EnsureNSSInit();
|
|
|
|
ScopedPK11Slot slot(PK11_GetInternalSlot());
|
|
if (!slot) {
|
|
NOTREACHED();
|
|
return nullptr;
|
|
}
|
|
ScopedSECKEYPrivateKey key(ImportNSSKeyFromPrivateKeyInfo(
|
|
slot.get(), input, false /* not permanent */));
|
|
if (!key || SECKEY_GetPrivateKeyType(key.get()) != rsaKey)
|
|
return nullptr;
|
|
return RSAPrivateKey::CreateFromKey(key.get());
|
|
}
|
|
|
|
// static
|
|
RSAPrivateKey* RSAPrivateKey::CreateFromKey(SECKEYPrivateKey* key) {
|
|
DCHECK(key);
|
|
if (SECKEY_GetPrivateKeyType(key) != rsaKey)
|
|
return NULL;
|
|
RSAPrivateKey* copy = new RSAPrivateKey();
|
|
copy->key_ = SECKEY_CopyPrivateKey(key);
|
|
copy->public_key_ = SECKEY_ConvertToPublicKey(key);
|
|
if (!copy->key_ || !copy->public_key_) {
|
|
NOTREACHED();
|
|
delete copy;
|
|
return NULL;
|
|
}
|
|
return copy;
|
|
}
|
|
|
|
RSAPrivateKey* RSAPrivateKey::Copy() const {
|
|
RSAPrivateKey* copy = new RSAPrivateKey();
|
|
copy->key_ = SECKEY_CopyPrivateKey(key_);
|
|
copy->public_key_ = SECKEY_CopyPublicKey(public_key_);
|
|
return copy;
|
|
}
|
|
|
|
bool RSAPrivateKey::ExportPrivateKey(std::vector<uint8_t>* output) const {
|
|
PrivateKeyInfoCodec private_key_info(true);
|
|
|
|
// Manually read the component attributes of the private key and build up
|
|
// the PrivateKeyInfo.
|
|
if (!ReadAttribute(key_, CKA_MODULUS, private_key_info.modulus()) ||
|
|
!ReadAttribute(key_, CKA_PUBLIC_EXPONENT,
|
|
private_key_info.public_exponent()) ||
|
|
!ReadAttribute(key_, CKA_PRIVATE_EXPONENT,
|
|
private_key_info.private_exponent()) ||
|
|
!ReadAttribute(key_, CKA_PRIME_1, private_key_info.prime1()) ||
|
|
!ReadAttribute(key_, CKA_PRIME_2, private_key_info.prime2()) ||
|
|
!ReadAttribute(key_, CKA_EXPONENT_1, private_key_info.exponent1()) ||
|
|
!ReadAttribute(key_, CKA_EXPONENT_2, private_key_info.exponent2()) ||
|
|
!ReadAttribute(key_, CKA_COEFFICIENT, private_key_info.coefficient())) {
|
|
NOTREACHED();
|
|
return false;
|
|
}
|
|
|
|
return private_key_info.Export(output);
|
|
}
|
|
|
|
bool RSAPrivateKey::ExportPublicKey(std::vector<uint8_t>* output) const {
|
|
ScopedSECItem der_pubkey(SECKEY_EncodeDERSubjectPublicKeyInfo(public_key_));
|
|
if (!der_pubkey.get()) {
|
|
NOTREACHED();
|
|
return false;
|
|
}
|
|
|
|
output->assign(der_pubkey->data, der_pubkey->data + der_pubkey->len);
|
|
return true;
|
|
}
|
|
|
|
RSAPrivateKey::RSAPrivateKey() : key_(NULL), public_key_(NULL) {
|
|
EnsureNSSInit();
|
|
}
|
|
|
|
} // namespace crypto
|