Add ECPrivateKey for Elliptic Curve keypair generation.

crypto/ec_private_key.h

+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CRYPTO_EC_PRIVATE_KEY_H_
+#define CRYPTO_EC_PRIVATE_KEY_H_
+#pragma once
+
+#include <string>
+#include <vector>
+
+#include "base/basictypes.h"
+#include "build/build_config.h"
+#include "crypto/crypto_export.h"
+
+#if defined(USE_OPENSSL)
+// Forward declaration for openssl/*.h
+typedef struct evp_pkey_st EVP_PKEY;
+#else
+// Forward declaration.
+typedef struct SECKEYPrivateKeyStr SECKEYPrivateKey;
+typedef struct SECKEYPublicKeyStr SECKEYPublicKey;
+#endif
+
+namespace crypto {
+
+// Encapsulates an elliptic curve (EC) private key. Can be used to generate new
+// keys, export keys to other formats, or to extract a public key.
+// TODO(mattm): make this and RSAPrivateKey implement some PrivateKey interface.
+// (The difference in types of key() and public_key() make this a little
+// tricky.)
+class CRYPTO_EXPORT ECPrivateKey {
+ public:
+  ~ECPrivateKey();
+
+  // Create a new random instance. Can return NULL if initialization fails.

[wtc, 2011/11/04 22:41:26]

Nit: please go through this header file to use descriptive
rather than imperative verbs in the function comments, as
recommended by the Style Guide:
http://google-styleguide.googlecode.com/svn/trunk/cppguide.xml#Function_Comments

[mattm, 2011/11/08 02:12:27]

Done.

+  // The created key will use the NIST P-256 curve.
+  // TODO(mattm): Add a curve parameter.
+  static ECPrivateKey* Create();
+
+  // Create a new random instance. Can return NULL if initialization fails.
+  // The created key is permanent and is not exportable in plaintext form.
+  //
+  // NOTE: Currently only available if USE_NSS is defined.
+  static ECPrivateKey* CreateSensitive();
+
+  // Create a new instance by importing an existing key pair.
+  // The key pair is given as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo
+  // block and an X509 SubjectPublicKeyInfo block.

[wtc, 2011/11/04 22:41:26]

Nit: X509 => X.509

Please fix all occurrences in this file.

[mattm, 2011/11/08 02:12:27]

Done.

+  // Returns NULL if initialization fails.
+  static ECPrivateKey* CreateFromEncryptedPrivateKeyInfo(
+      const std::string& password,
+      const std::vector<uint8>& encrypted_private_key_info,
+      const std::vector<uint8>& subject_public_key_info);
+
+  // Create a new instance by importing an existing key pair.
+  // The key pair is given as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo
+  // block and an X509 SubjectPublicKeyInfo block.
+  // This can return NULL if initialization fails.  The created key is permanent
+  // and is not exportable in plaintext form.
+  //
+  // NOTE: Currently only available if USE_NSS is defined.
+  static ECPrivateKey* CreateSensitiveFromEncryptedPrivateKeyInfo(
+      const std::string& password,
+      const std::vector<uint8>& encrypted_private_key_info,
+      const std::vector<uint8>& subject_public_key_info);
+
+#if defined(USE_OPENSSL)
+  EVP_PKEY* key() { return key_; }
+#else
+  SECKEYPrivateKey* key() { return key_; }
+  SECKEYPublicKey* public_key() { return public_key_; }
+#endif
+
+  // Exports the private key as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo
+  // block and the public key as an X509 SubjectPublicKeyInfo block.
+  bool ExportEncryptedPrivateKey(

[wtc, 2011/11/04 22:41:26]

Please make ExportEncryptedPrivateKey export just the private
key.  Use a separate ExportPublicKey call to export the public
key.

[mattm, 2011/11/08 02:12:27]

Done.  Misunderstood your comment on the original review.

+      const std::string& password,
+      std::vector<uint8>* encrypted_private_key_info,
+      std::vector<uint8>* subject_public_key_info);
+
+  // Exports the public key to an X509 SubjectPublicKeyInfo block.
+  bool ExportPublicKey(std::vector<uint8>* output);
+
+  // Export private key data for testing. The format of data stored into output
+  // doesn't matter other than that it is consistent for the same key.
+  bool ExportValue(std::vector<uint8>* output);
+  bool ExportECParams(std::vector<uint8>* output);
+
+ private:
+  // Constructor is private. Use one of the Create*() methods above instead.
+  ECPrivateKey();
+
+  // Shared helper for Create() and CreateSensitive().
+  // TODO(cmasone): consider replacing |permanent| and |sensitive| with a
+  //                flags arg created by ORing together some enumerated values.
+  static ECPrivateKey* CreateWithParams(bool permanent,
+                                        bool sensitive);
+
+  // Shared helper for CreateFromEncryptedPrivateKeyInfo() and
+  // CreateSensitiveFromEncryptedPrivateKeyInfo().
+  static ECPrivateKey* CreateFromEncryptedPrivateKeyInfoWithParams(
+      const std::string& password,
+      const std::vector<uint8>& encrypted_private_key_info,
+      const std::vector<uint8>& subject_public_key_info,
+      bool permanent,
+      bool sensitive);
+
+#if defined(USE_OPENSSL)
+  EVP_PKEY* key_;
+#else
+  SECKEYPrivateKey* key_;
+  SECKEYPublicKey* public_key_;

[Ryan Sleevi, 2011/11/04 03:21:25]

ScopedSECKEYPrivateKey key_
ScopedSECKEYPublicKey public_key_

From crypto/scoped_nss_types.h

[mattm, 2011/11/08 02:12:27]

Done.

[wtc, 2011/11/08 23:21:18]

This was not done. :-)

+#endif
+
+  DISALLOW_COPY_AND_ASSIGN(ECPrivateKey);
+};
+
+
+}  // namespace crypto
+
+#endif  // CRYPTO_EC_PRIVATE_KEY_H_