Add ECPrivateKey for Elliptic Curve keypair generation.

crypto/ec_private_key.h

+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CRYPTO_EC_PRIVATE_KEY_H_
+#define CRYPTO_EC_PRIVATE_KEY_H_
+#pragma once
+
+#include "build/build_config.h"

[wtc, 2011/11/03 02:17:50]

Include "build/build_config.h" with the Chromium headers
below.

In the new style, the platform-specific ifdefs are after
the Chromium headers, so it is not necessary to include
"build/build_config.h" first.

[mattm, 2011/11/04 02:39:14]

Done.

+
+#include <vector>
+
+#include "base/basictypes.h"
+#include "crypto/crypto_export.h"
+
+#if defined(USE_OPENSSL)
+// Forward declaration for openssl/*.h
+typedef struct evp_pkey_st EVP_PKEY;
+#else
+// Forward declaration.
+struct SECKEYPrivateKeyStr;
+struct SECKEYPublicKeyStr;

[wtc, 2011/11/03 02:17:50]

Please do

  typedef struct SECKEYPrivateKeyStr SECKEYPrivateKey;
  typedef struct SECKEYPublicKeyStr SECKEYPublicKey;

and use SECKEYPrivateKey and SECKEYPublicKey below.

[mattm, 2011/11/04 02:39:14]

Done.

+#endif
+
+namespace crypto {
+
+// Encapsulates an EC private key. Can be used to generate new keys, export

[wtc, 2011/11/03 02:17:50]

EC => elliptic curve (EC)

otherwise "EC" is never defined in this file.

[mattm, 2011/11/04 02:39:14]

Done.

+// keys to other formats, or to extract a public key.
+// TODO(mattm): make this and RSAPrivateKey implement some PrivateKey interface.
+// (The difference in types of key() and public_key() make this a little
+// tricky.)
+class CRYPTO_EXPORT ECPrivateKey {
+ public:
+  ~ECPrivateKey();
+
+  // Create a new random instance. Can return NULL if initialization fails.
+  // The created key will use the NIST P-256 curve.
+  static ECPrivateKey* Create();

[wtc, 2011/11/03 02:17:50]

Please add a TODO comment about adding a 'curve' parameter.

[mattm, 2011/11/04 02:39:14]

Done.

+
+  // Create a new random instance. Can return NULL if initialization fails.
+  // The created key is permanent and is not exportable in plaintext form.
+  //
+  // NOTE: Currently only available if USE_NSS is defined.
+  static ECPrivateKey* CreateSensitive();
+
+  // Create a new instance by importing an existing private key. See
+  // ExportPrivateKey for the format description.

[wtc, 2011/11/03 02:17:50]

API DESIGN: I recommend that this class exports and imports
public key and private key using separate std::vector<uint8>
parameters.

Then the origin-bound certificate store will store them in
our special format.

[mattm, 2011/11/04 02:39:14]

Done.

+  // Returns NULL if initialization fails.
+  static ECPrivateKey* CreateFromPrivateKeyInfo(
+      const std::vector<uint8>& input);
+
+  // Create a new instance by importing an existing private key. See
+  // ExportPrivateKey for the format description.
+  // This can return NULL if initialization fails.  The created key is permanent
+  // and is not exportable in plaintext form.
+  //
+  // NOTE: Currently only available if USE_NSS is defined.
+  static ECPrivateKey* CreateSensitiveFromPrivateKeyInfo(
+      const std::vector<uint8>& input);
+
+#if defined(USE_OPENSSL)
+  EVP_PKEY* key() { return key_; }
+#else
+  SECKEYPrivateKeyStr* key() { return key_; }
+  SECKEYPublicKeyStr* public_key() { return public_key_; }
+#endif
+
+  // Exports the private key.  The format of output is:
+  //   byte 0: length of NSS publicValue data.
+  //   byte 1-n: NSS publicValue data.
+  //   remaining: ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo block.
+  bool ExportPrivateKey(std::vector<uint8>* output);

[wtc, 2011/11/03 02:17:50]

We should name this function ExportEncryptedPrivateKey,
and it should take a 'password' parameter.

I also suggest that the public key be a separate output
parameter.

[mattm, 2011/11/04 02:39:14]

Done.

+
+  // Exports the public key to an X509 SubjectPublicKeyInfo block.
+  bool ExportPublicKey(std::vector<uint8>* output);
+
+  // Export private key data for testing. The format of data stored into output
+  // doesn't matter other than that it is consistent for the same key.
+  bool ExportValue(std::vector<uint8>* output);
+  bool ExportECParams(std::vector<uint8>* output);
+
+ private:
+  // Constructor is private. Use one of the Create*() or Find*()
+  // methods above instead.

[wtc, 2011/11/03 02:17:50]

Nit: this class doesn't have any Find*() methods.

[mattm, 2011/11/04 02:39:14]

Done.

+  ECPrivateKey();
+
+  // Shared helper for Create() and CreateSensitive().
+  // TODO(cmasone): consider replacing |permanent| and |sensitive| with a
+  //                flags arg created by ORing together some enumerated values.
+  static ECPrivateKey* CreateWithParams(bool permanent,
+                                        bool sensitive);
+
+  // Shared helper for CreateFromPrivateKeyInfo() and
+  // CreateSensitiveFromPrivateKeyInfo().
+  static ECPrivateKey* CreateFromPrivateKeyInfoWithParams(
+      const std::vector<uint8>& input, bool permanent, bool sensitive);
+
+#if defined(USE_OPENSSL)
+  EVP_PKEY* key_;
+#else
+  SECKEYPrivateKeyStr* key_;
+  SECKEYPublicKeyStr* public_key_;
+#endif
+
+  DISALLOW_COPY_AND_ASSIGN(ECPrivateKey);
+};
+
+
+}  // namespace crypto
+
+#endif  // CRYPTO_EC_PRIVATE_KEY_H_