OLD | NEW |
---|---|
(Empty) | |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #ifndef CRYPTO_EC_PRIVATE_KEY_H_ | |
6 #define CRYPTO_EC_PRIVATE_KEY_H_ | |
7 #pragma once | |
8 | |
9 #include <string> | |
10 #include <vector> | |
11 | |
12 #include "base/basictypes.h" | |
13 #include "build/build_config.h" | |
14 #include "crypto/crypto_export.h" | |
15 | |
16 #if defined(USE_OPENSSL) | |
17 // Forward declaration for openssl/*.h | |
18 typedef struct evp_pkey_st EVP_PKEY; | |
19 #else | |
20 // Forward declaration. | |
21 typedef struct SECKEYPrivateKeyStr SECKEYPrivateKey; | |
22 typedef struct SECKEYPublicKeyStr SECKEYPublicKey; | |
23 #endif | |
24 | |
25 namespace crypto { | |
26 | |
27 // Encapsulates an elliptic curve (EC) private key. Can be used to generate new | |
28 // keys, export keys to other formats, or to extract a public key. | |
29 // TODO(mattm): make this and RSAPrivateKey implement some PrivateKey interface. | |
30 // (The difference in types of key() and public_key() make this a little | |
31 // tricky.) | |
32 class CRYPTO_EXPORT ECPrivateKey { | |
33 public: | |
34 ~ECPrivateKey(); | |
35 | |
36 // Create a new random instance. Can return NULL if initialization fails. | |
wtc
2011/11/04 22:41:26
Nit: please go through this header file to use des
mattm
2011/11/08 02:12:27
Done.
| |
37 // The created key will use the NIST P-256 curve. | |
38 // TODO(mattm): Add a curve parameter. | |
39 static ECPrivateKey* Create(); | |
40 | |
41 // Create a new random instance. Can return NULL if initialization fails. | |
42 // The created key is permanent and is not exportable in plaintext form. | |
43 // | |
44 // NOTE: Currently only available if USE_NSS is defined. | |
45 static ECPrivateKey* CreateSensitive(); | |
46 | |
47 // Create a new instance by importing an existing key pair. | |
48 // The key pair is given as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo | |
49 // block and an X509 SubjectPublicKeyInfo block. | |
wtc
2011/11/04 22:41:26
Nit: X509 => X.509
Please fix all occurrences in
mattm
2011/11/08 02:12:27
Done.
| |
50 // Returns NULL if initialization fails. | |
51 static ECPrivateKey* CreateFromEncryptedPrivateKeyInfo( | |
52 const std::string& password, | |
53 const std::vector<uint8>& encrypted_private_key_info, | |
54 const std::vector<uint8>& subject_public_key_info); | |
55 | |
56 // Create a new instance by importing an existing key pair. | |
57 // The key pair is given as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo | |
58 // block and an X509 SubjectPublicKeyInfo block. | |
59 // This can return NULL if initialization fails. The created key is permanent | |
60 // and is not exportable in plaintext form. | |
61 // | |
62 // NOTE: Currently only available if USE_NSS is defined. | |
63 static ECPrivateKey* CreateSensitiveFromEncryptedPrivateKeyInfo( | |
64 const std::string& password, | |
65 const std::vector<uint8>& encrypted_private_key_info, | |
66 const std::vector<uint8>& subject_public_key_info); | |
67 | |
68 #if defined(USE_OPENSSL) | |
69 EVP_PKEY* key() { return key_; } | |
70 #else | |
71 SECKEYPrivateKey* key() { return key_; } | |
72 SECKEYPublicKey* public_key() { return public_key_; } | |
73 #endif | |
74 | |
75 // Exports the private key as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo | |
76 // block and the public key as an X509 SubjectPublicKeyInfo block. | |
77 bool ExportEncryptedPrivateKey( | |
wtc
2011/11/04 22:41:26
Please make ExportEncryptedPrivateKey export just
mattm
2011/11/08 02:12:27
Done. Misunderstood your comment on the original
| |
78 const std::string& password, | |
79 std::vector<uint8>* encrypted_private_key_info, | |
80 std::vector<uint8>* subject_public_key_info); | |
81 | |
82 // Exports the public key to an X509 SubjectPublicKeyInfo block. | |
83 bool ExportPublicKey(std::vector<uint8>* output); | |
84 | |
85 // Export private key data for testing. The format of data stored into output | |
86 // doesn't matter other than that it is consistent for the same key. | |
87 bool ExportValue(std::vector<uint8>* output); | |
88 bool ExportECParams(std::vector<uint8>* output); | |
89 | |
90 private: | |
91 // Constructor is private. Use one of the Create*() methods above instead. | |
92 ECPrivateKey(); | |
93 | |
94 // Shared helper for Create() and CreateSensitive(). | |
95 // TODO(cmasone): consider replacing |permanent| and |sensitive| with a | |
96 // flags arg created by ORing together some enumerated values. | |
97 static ECPrivateKey* CreateWithParams(bool permanent, | |
98 bool sensitive); | |
99 | |
100 // Shared helper for CreateFromEncryptedPrivateKeyInfo() and | |
101 // CreateSensitiveFromEncryptedPrivateKeyInfo(). | |
102 static ECPrivateKey* CreateFromEncryptedPrivateKeyInfoWithParams( | |
103 const std::string& password, | |
104 const std::vector<uint8>& encrypted_private_key_info, | |
105 const std::vector<uint8>& subject_public_key_info, | |
106 bool permanent, | |
107 bool sensitive); | |
108 | |
109 #if defined(USE_OPENSSL) | |
110 EVP_PKEY* key_; | |
111 #else | |
112 SECKEYPrivateKey* key_; | |
113 SECKEYPublicKey* public_key_; | |
Ryan Sleevi
2011/11/04 03:21:25
ScopedSECKEYPrivateKey key_
ScopedSECKEYPublicKey
mattm
2011/11/08 02:12:27
Done.
wtc
2011/11/08 23:21:18
This was not done. :-)
| |
114 #endif | |
115 | |
116 DISALLOW_COPY_AND_ASSIGN(ECPrivateKey); | |
117 }; | |
118 | |
119 | |
120 } // namespace crypto | |
121 | |
122 #endif // CRYPTO_EC_PRIVATE_KEY_H_ | |
OLD | NEW |