普通文本  |  99行  |  3.64 KB

 /* ***** BEGIN LICENSE BLOCK *****
  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  *
  * The contents of this file are subject to the Mozilla Public License Version
  * 1.1 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * http://www.mozilla.org/MPL/
  *
  * Software distributed under the License is distributed on an "AS IS" basis,
  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
  * for the specific language governing rights and limitations under the
  * License.
  *
  * The Original Code is the Netscape security libraries.
  *
  * The Initial Developer of the Original Code is
  * Netscape Communications Corporation.
  * Portions created by the Initial Developer are Copyright (C) 1994-2000
  * the Initial Developer. All Rights Reserved.
  *
  * Contributor(s):
  *   Dr Stephen Henson <stephen.henson@gemplus.com>
  *   Dr Vipul Gupta <vipul.gupta@sun.com>, and
  *   Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
  *
  * Alternatively, the contents of this file may be used under the terms of
  * either the GNU General Public License Version 2 or later (the "GPL"), or
  * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
  * in which case the provisions of the GPL or the LGPL are applicable instead
  * of those above. If you wish to allow use of your version of this file only
  * under the terms of either the GPL or the LGPL, and not to allow others to
  * use your version of this file under the terms of the MPL, indicate your
  * decision by deleting the provisions above and replace them with the notice
  * and other provisions required by the GPL or the LGPL. If you do not delete
  * the provisions above, a recipient may use your version of this file under
  * the terms of any one of the MPL, the GPL or the LGPL.
  *
  * ***** END LICENSE BLOCK ***** */

#include "crypto/third_party/nss/chromium-nss.h"

#include <pk11pub.h>

#include "base/logging.h"

// Based on PK11_ImportEncryptedPrivateKeyInfo function in
// mozilla/security/nss/lib/pk11wrap/pk11akey.c.
SECStatus ImportEncryptedECPrivateKeyInfoAndReturnKey(
    PK11SlotInfo* slot,
    SECKEYEncryptedPrivateKeyInfo* epki,
    SECItem* password,
    SECItem* nickname,
    SECItem* public_value,
    PRBool permanent,
    PRBool sensitive,
    SECKEYPrivateKey** private_key,
    void* wincx) {
  SECItem* crypto_param = NULL;

  CK_ATTRIBUTE_TYPE usage = CKA_SIGN;

  PK11SymKey* key = PK11_PBEKeyGen(slot,
                                   &epki->algorithm,
                                   password,
                                   PR_FALSE,  // faulty3DES
                                   wincx);
  if (key == NULL) {
    DLOG(ERROR) << "PK11_PBEKeyGen: " << PORT_GetError();
    return SECFailure;
  }

  CK_MECHANISM_TYPE crypto_mech_type = PK11_GetPBECryptoMechanism(
      &epki->algorithm, &crypto_param, password);
  if (crypto_mech_type == CKM_INVALID_MECHANISM) {
    DLOG(ERROR) << "PK11_GetPBECryptoMechanism: " << PORT_GetError();
    PK11_FreeSymKey(key);
    return SECFailure;
  }

  crypto_mech_type = PK11_GetPadMechanism(crypto_mech_type);

  *private_key = PK11_UnwrapPrivKey(slot, key, crypto_mech_type, crypto_param,
                                    &epki->encryptedData, nickname,
                                    public_value, permanent, sensitive, CKK_EC,
                                    &usage, 1, wincx);

  if (crypto_param != NULL)
    SECITEM_ZfreeItem(crypto_param, PR_TRUE);

  PK11_FreeSymKey(key);

  if (!*private_key) {
    DLOG(ERROR) << "PK11_UnwrapPrivKey: " << PORT_GetError();
    return SECFailure;
  }

  return SECSuccess;
}