// Copyright (c) 2011 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "crypto/rsa_private_key.h" #include <cryptohi.h> #include <keyhi.h> #include <pk11pub.h> #include <stdint.h> #include <list> #include "base/logging.h" #include "base/memory/scoped_ptr.h" #include "base/strings/string_util.h" #include "crypto/nss_key_util.h" #include "crypto/nss_util.h" #include "crypto/scoped_nss_types.h" // TODO(rafaelw): Consider using NSS's ASN.1 encoder. namespace { static bool ReadAttribute(SECKEYPrivateKey* key, CK_ATTRIBUTE_TYPE type, std::vector<uint8_t>* output) { SECItem item; SECStatus rv; rv = PK11_ReadRawAttribute(PK11_TypePrivKey, key, type, &item); if (rv != SECSuccess) { NOTREACHED(); return false; } output->assign(item.data, item.data + item.len); SECITEM_FreeItem(&item, PR_FALSE); return true; } } // namespace namespace crypto { RSAPrivateKey::~RSAPrivateKey() { if (key_) SECKEY_DestroyPrivateKey(key_); if (public_key_) SECKEY_DestroyPublicKey(public_key_); } // static RSAPrivateKey* RSAPrivateKey::Create(uint16_t num_bits) { EnsureNSSInit(); ScopedPK11Slot slot(PK11_GetInternalSlot()); if (!slot) { NOTREACHED(); return nullptr; } ScopedSECKEYPublicKey public_key; ScopedSECKEYPrivateKey private_key; if (!GenerateRSAKeyPairNSS(slot.get(), num_bits, false /* not permanent */, &public_key, &private_key)) { return nullptr; } RSAPrivateKey* rsa_key = new RSAPrivateKey; rsa_key->public_key_ = public_key.release(); rsa_key->key_ = private_key.release(); return rsa_key; } // static RSAPrivateKey* RSAPrivateKey::CreateFromPrivateKeyInfo( const std::vector<uint8_t>& input) { EnsureNSSInit(); ScopedPK11Slot slot(PK11_GetInternalSlot()); if (!slot) { NOTREACHED(); return nullptr; } ScopedSECKEYPrivateKey key(ImportNSSKeyFromPrivateKeyInfo( slot.get(), input, false /* not permanent */)); if (!key || SECKEY_GetPrivateKeyType(key.get()) != rsaKey) return nullptr; return RSAPrivateKey::CreateFromKey(key.get()); } // static RSAPrivateKey* RSAPrivateKey::CreateFromKey(SECKEYPrivateKey* key) { DCHECK(key); if (SECKEY_GetPrivateKeyType(key) != rsaKey) return NULL; RSAPrivateKey* copy = new RSAPrivateKey(); copy->key_ = SECKEY_CopyPrivateKey(key); copy->public_key_ = SECKEY_ConvertToPublicKey(key); if (!copy->key_ || !copy->public_key_) { NOTREACHED(); delete copy; return NULL; } return copy; } RSAPrivateKey* RSAPrivateKey::Copy() const { RSAPrivateKey* copy = new RSAPrivateKey(); copy->key_ = SECKEY_CopyPrivateKey(key_); copy->public_key_ = SECKEY_CopyPublicKey(public_key_); return copy; } bool RSAPrivateKey::ExportPrivateKey(std::vector<uint8_t>* output) const { PrivateKeyInfoCodec private_key_info(true); // Manually read the component attributes of the private key and build up // the PrivateKeyInfo. if (!ReadAttribute(key_, CKA_MODULUS, private_key_info.modulus()) || !ReadAttribute(key_, CKA_PUBLIC_EXPONENT, private_key_info.public_exponent()) || !ReadAttribute(key_, CKA_PRIVATE_EXPONENT, private_key_info.private_exponent()) || !ReadAttribute(key_, CKA_PRIME_1, private_key_info.prime1()) || !ReadAttribute(key_, CKA_PRIME_2, private_key_info.prime2()) || !ReadAttribute(key_, CKA_EXPONENT_1, private_key_info.exponent1()) || !ReadAttribute(key_, CKA_EXPONENT_2, private_key_info.exponent2()) || !ReadAttribute(key_, CKA_COEFFICIENT, private_key_info.coefficient())) { NOTREACHED(); return false; } return private_key_info.Export(output); } bool RSAPrivateKey::ExportPublicKey(std::vector<uint8_t>* output) const { ScopedSECItem der_pubkey(SECKEY_EncodeDERSubjectPublicKeyInfo(public_key_)); if (!der_pubkey.get()) { NOTREACHED(); return false; } output->assign(der_pubkey->data, der_pubkey->data + der_pubkey->len); return true; } RSAPrivateKey::RSAPrivateKey() : key_(NULL), public_key_(NULL) { EnsureNSSInit(); } } // namespace crypto