// Copyright (c) 2012 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "crypto/ec_private_key.h" #include #include #include #include "base/logging.h" #include "crypto/openssl_util.h" #include "third_party/boringssl/src/include/openssl/bn.h" #include "third_party/boringssl/src/include/openssl/bytestring.h" #include "third_party/boringssl/src/include/openssl/ec.h" #include "third_party/boringssl/src/include/openssl/ec_key.h" #include "third_party/boringssl/src/include/openssl/evp.h" #include "third_party/boringssl/src/include/openssl/mem.h" #include "third_party/boringssl/src/include/openssl/pkcs8.h" namespace crypto { ECPrivateKey::~ECPrivateKey() = default; // static std::unique_ptr ECPrivateKey::Create() { OpenSSLErrStackTracer err_tracer(FROM_HERE); bssl::UniquePtr ec_key( EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); if (!ec_key || !EC_KEY_generate_key(ec_key.get())) return nullptr; std::unique_ptr result(new ECPrivateKey()); result->key_.reset(EVP_PKEY_new()); if (!result->key_ || !EVP_PKEY_set1_EC_KEY(result->key_.get(), ec_key.get())) return nullptr; CHECK_EQ(EVP_PKEY_EC, EVP_PKEY_id(result->key_.get())); return result; } // static std::unique_ptr ECPrivateKey::CreateFromPrivateKeyInfo( const std::vector& input) { OpenSSLErrStackTracer err_tracer(FROM_HERE); CBS cbs; CBS_init(&cbs, input.data(), input.size()); bssl::UniquePtr pkey(EVP_parse_private_key(&cbs)); if (!pkey || CBS_len(&cbs) != 0 || EVP_PKEY_id(pkey.get()) != EVP_PKEY_EC) return nullptr; std::unique_ptr result(new ECPrivateKey()); result->key_ = std::move(pkey); return result; } // static std::unique_ptr ECPrivateKey::CreateFromEncryptedPrivateKeyInfo( const std::vector& encrypted_private_key_info) { OpenSSLErrStackTracer err_tracer(FROM_HERE); CBS cbs; CBS_init(&cbs, encrypted_private_key_info.data(), encrypted_private_key_info.size()); bssl::UniquePtr pkey( PKCS8_parse_encrypted_private_key(&cbs, "", 0)); // Hack for reading keys generated by an older version of the OpenSSL code. // Some implementations encode the empty password as "\0\0" (passwords are // normally encoded in big-endian UCS-2 with a NUL terminator) and some // encode as the empty string. PKCS8_parse_encrypted_private_key // distinguishes the two by whether the password is nullptr. if (!pkey) { CBS_init(&cbs, encrypted_private_key_info.data(), encrypted_private_key_info.size()); pkey.reset(PKCS8_parse_encrypted_private_key(&cbs, nullptr, 0)); } if (!pkey || CBS_len(&cbs) != 0 || EVP_PKEY_id(pkey.get()) != EVP_PKEY_EC) return nullptr; std::unique_ptr result(new ECPrivateKey()); result->key_ = std::move(pkey); return result; } std::unique_ptr ECPrivateKey::Copy() const { std::unique_ptr copy(new ECPrivateKey()); if (key_) { EVP_PKEY_up_ref(key_.get()); copy->key_.reset(key_.get()); } return copy; } bool ECPrivateKey::ExportPrivateKey(std::vector* output) const { OpenSSLErrStackTracer err_tracer(FROM_HERE); uint8_t* der; size_t der_len; bssl::ScopedCBB cbb; if (!CBB_init(cbb.get(), 0) || !EVP_marshal_private_key(cbb.get(), key_.get()) || !CBB_finish(cbb.get(), &der, &der_len)) { return false; } output->assign(der, der + der_len); OPENSSL_free(der); return true; } bool ECPrivateKey::ExportEncryptedPrivateKey( std::vector* output) const { OpenSSLErrStackTracer err_tracer(FROM_HERE); // Encrypt the object. // NOTE: NSS uses SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC // so use NID_pbe_WithSHA1And3_Key_TripleDES_CBC which should be the OpenSSL // equivalent. uint8_t* der; size_t der_len; bssl::ScopedCBB cbb; if (!CBB_init(cbb.get(), 0) || !PKCS8_marshal_encrypted_private_key( cbb.get(), NID_pbe_WithSHA1And3_Key_TripleDES_CBC, nullptr /* cipher */, nullptr /* no password */, 0 /* pass_len */, nullptr /* salt */, 0 /* salt_len */, 1 /* iterations */, key_.get()) || !CBB_finish(cbb.get(), &der, &der_len)) { return false; } output->assign(der, der + der_len); OPENSSL_free(der); return true; } bool ECPrivateKey::ExportPublicKey(std::vector* output) const { OpenSSLErrStackTracer err_tracer(FROM_HERE); uint8_t *der; size_t der_len; bssl::ScopedCBB cbb; if (!CBB_init(cbb.get(), 0) || !EVP_marshal_public_key(cbb.get(), key_.get()) || !CBB_finish(cbb.get(), &der, &der_len)) { return false; } output->assign(der, der + der_len); OPENSSL_free(der); return true; } bool ECPrivateKey::ExportRawPublicKey(std::string* output) const { OpenSSLErrStackTracer err_tracer(FROM_HERE); // Export the x and y field elements as 32-byte, big-endian numbers. (This is // the same as X9.62 uncompressed form without the leading 0x04 byte.) EC_KEY* ec_key = EVP_PKEY_get0_EC_KEY(key_.get()); bssl::UniquePtr x(BN_new()); bssl::UniquePtr y(BN_new()); uint8_t buf[64]; if (!x || !y || !EC_POINT_get_affine_coordinates_GFp(EC_KEY_get0_group(ec_key), EC_KEY_get0_public_key(ec_key), x.get(), y.get(), nullptr) || !BN_bn2bin_padded(buf, 32, x.get()) || !BN_bn2bin_padded(buf + 32, 32, y.get())) { return false; } output->assign(reinterpret_cast(buf), sizeof(buf)); return true; } ECPrivateKey::ECPrivateKey() = default; } // namespace crypto