1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "crypto/ec_private_key.h"
7 #include <openssl/ec.h>
8 #include <openssl/evp.h>
9 #include <openssl/pkcs12.h>
10 #include <openssl/x509.h>
12 #include "base/logging.h"
13 #include "base/memory/scoped_ptr.h"
14 #include "crypto/openssl_util.h"
15 #include "crypto/scoped_openssl_types.h"
21 // Function pointer definition, for injecting the required key export function
22 // into ExportKeyWithBio, below. |bio| is a temporary memory BIO object, and
23 // |key| is a handle to the input key object. Return 1 on success, 0 otherwise.
24 // NOTE: Used with OpenSSL functions, which do not comply with the Chromium
25 // style guide, hence the unusual parameter placement / types.
26 typedef int (*ExportBioFunction
)(BIO
* bio
, const void* key
);
28 using ScopedPKCS8_PRIV_KEY_INFO
=
29 ScopedOpenSSL
<PKCS8_PRIV_KEY_INFO
, PKCS8_PRIV_KEY_INFO_free
>;
30 using ScopedX509_SIG
= ScopedOpenSSL
<X509_SIG
, X509_SIG_free
>;
32 // Helper to export |key| into |output| via the specified ExportBioFunction.
33 bool ExportKeyWithBio(const void* key
,
34 ExportBioFunction export_fn
,
35 std::vector
<uint8
>* output
) {
39 ScopedBIO
bio(BIO_new(BIO_s_mem()));
43 if (!export_fn(bio
.get(), key
))
47 long len
= BIO_get_mem_data(bio
.get(), &data
);
51 output
->assign(data
, data
+ len
);
55 // Function pointer definition, for injecting the required key export function
56 // into ExportKey below. |key| is a pointer to the input key object,
57 // and |data| is either NULL, or the address of an 'unsigned char*' pointer
58 // that points to the start of the output buffer. The function must return
59 // the number of bytes required to export the data, or -1 in case of error.
60 typedef int (*ExportDataFunction
)(const void* key
, unsigned char** data
);
62 // Helper to export |key| into |output| via the specified export function.
63 bool ExportKey(const void* key
,
64 ExportDataFunction export_fn
,
65 std::vector
<uint8
>* output
) {
69 int data_len
= export_fn(key
, NULL
);
73 output
->resize(static_cast<size_t>(data_len
));
74 unsigned char* data
= &(*output
)[0];
75 if (export_fn(key
, &data
) < 0)
83 ECPrivateKey::~ECPrivateKey() {
88 ECPrivateKey
* ECPrivateKey::Copy() const {
89 scoped_ptr
<ECPrivateKey
> copy(new ECPrivateKey
);
91 copy
->key_
= EVP_PKEY_up_ref(key_
);
92 return copy
.release();
96 bool ECPrivateKey::IsSupported() { return true; }
99 ECPrivateKey
* ECPrivateKey::Create() {
100 OpenSSLErrStackTracer
err_tracer(FROM_HERE
);
102 ScopedEC_KEY
ec_key(EC_KEY_new_by_curve_name(NID_X9_62_prime256v1
));
103 if (!ec_key
.get() || !EC_KEY_generate_key(ec_key
.get()))
106 scoped_ptr
<ECPrivateKey
> result(new ECPrivateKey());
107 result
->key_
= EVP_PKEY_new();
108 if (!result
->key_
|| !EVP_PKEY_set1_EC_KEY(result
->key_
, ec_key
.get()))
111 CHECK_EQ(EVP_PKEY_EC
, EVP_PKEY_type(result
->key_
->type
));
112 return result
.release();
116 ECPrivateKey
* ECPrivateKey::CreateFromEncryptedPrivateKeyInfo(
117 const std::string
& password
,
118 const std::vector
<uint8
>& encrypted_private_key_info
,
119 const std::vector
<uint8
>& subject_public_key_info
) {
120 // NOTE: The |subject_public_key_info| can be ignored here, it is only
121 // useful for the NSS implementation (which uses the public key's SHA1
122 // as a lookup key when storing the private one in its store).
123 if (encrypted_private_key_info
.empty())
126 OpenSSLErrStackTracer
err_tracer(FROM_HERE
);
128 const uint8_t* data
= &encrypted_private_key_info
[0];
129 const uint8_t* ptr
= data
;
130 ScopedX509_SIG
p8_encrypted(
131 d2i_X509_SIG(NULL
, &ptr
, encrypted_private_key_info
.size()));
132 if (!p8_encrypted
|| ptr
!= data
+ encrypted_private_key_info
.size())
135 ScopedPKCS8_PRIV_KEY_INFO p8_decrypted
;
136 if (password
.empty()) {
137 // Hack for reading keys generated by an older version of the OpenSSL
138 // code. OpenSSL used to use "\0\0" rather than the empty string because it
139 // would treat the password as an ASCII string to be converted to UCS-2
140 // while NSS used a byte string.
141 p8_decrypted
.reset(PKCS8_decrypt_pbe(
142 p8_encrypted
.get(), reinterpret_cast<const uint8_t*>("\0\0"), 2));
145 p8_decrypted
.reset(PKCS8_decrypt_pbe(
147 reinterpret_cast<const uint8_t*>(password
.data()),
154 // Create a new EVP_PKEY for it.
155 scoped_ptr
<ECPrivateKey
> result(new ECPrivateKey
);
156 result
->key_
= EVP_PKCS82PKEY(p8_decrypted
.get());
157 if (!result
->key_
|| EVP_PKEY_type(result
->key_
->type
) != EVP_PKEY_EC
)
160 return result
.release();
163 bool ECPrivateKey::ExportEncryptedPrivateKey(
164 const std::string
& password
,
166 std::vector
<uint8
>* output
) {
167 OpenSSLErrStackTracer
err_tracer(FROM_HERE
);
168 // Convert into a PKCS#8 object.
169 ScopedPKCS8_PRIV_KEY_INFO
pkcs8(EVP_PKEY2PKCS8(key_
));
173 // Encrypt the object.
174 // NOTE: NSS uses SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC
175 // so use NID_pbe_WithSHA1And3_Key_TripleDES_CBC which should be the OpenSSL
177 ScopedX509_SIG
encrypted(PKCS8_encrypt_pbe(
178 NID_pbe_WithSHA1And3_Key_TripleDES_CBC
,
179 reinterpret_cast<const uint8_t*>(password
.data()),
185 if (!encrypted
.get())
188 // Write it into |*output|
189 return ExportKeyWithBio(encrypted
.get(),
190 reinterpret_cast<ExportBioFunction
>(i2d_PKCS8_bio
),
194 bool ECPrivateKey::ExportPublicKey(std::vector
<uint8
>* output
) {
195 OpenSSLErrStackTracer
err_tracer(FROM_HERE
);
196 return ExportKeyWithBio(
197 key_
, reinterpret_cast<ExportBioFunction
>(i2d_PUBKEY_bio
), output
);
200 bool ECPrivateKey::ExportRawPublicKey(std::string
* output
) {
201 // i2d_PublicKey will produce an ANSI X9.62 public key which, for a P-256
202 // key, is 0x04 (meaning uncompressed) followed by the x and y field
203 // elements as 32-byte, big-endian numbers.
204 static const int kExpectedKeyLength
= 65;
206 int len
= i2d_PublicKey(key_
, NULL
);
207 if (len
!= kExpectedKeyLength
)
210 uint8 buf
[kExpectedKeyLength
];
212 len
= i2d_PublicKey(key_
, &derp
);
213 if (len
!= kExpectedKeyLength
)
216 output
->assign(reinterpret_cast<char*>(buf
+ 1), kExpectedKeyLength
- 1);
220 bool ECPrivateKey::ExportValue(std::vector
<uint8
>* output
) {
221 OpenSSLErrStackTracer
err_tracer(FROM_HERE
);
222 ScopedEC_KEY
ec_key(EVP_PKEY_get1_EC_KEY(key_
));
223 return ExportKey(ec_key
.get(),
224 reinterpret_cast<ExportDataFunction
>(i2d_ECPrivateKey
),
228 bool ECPrivateKey::ExportECParams(std::vector
<uint8
>* output
) {
229 OpenSSLErrStackTracer
err_tracer(FROM_HERE
);
230 ScopedEC_KEY
ec_key(EVP_PKEY_get1_EC_KEY(key_
));
231 return ExportKey(ec_key
.get(),
232 reinterpret_cast<ExportDataFunction
>(i2d_ECParameters
),
236 ECPrivateKey::ECPrivateKey() : key_(NULL
) {}
238 } // namespace crypto