Add ECPrivateKey for Elliptic Curve keypair generation.

crypto/ec_private_key.h

Index: crypto/ec_private_key.h
diff --git a/crypto/ec_private_key.h b/crypto/ec_private_key.h
new file mode 100644
index 0000000000000000000000000000000000000000..0d287de9cc05949236f4c6bff5cf037b6a6f40d9
--- /dev/null
+++ b/crypto/ec_private_key.h
@@ -0,0 +1,124 @@
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CRYPTO_EC_PRIVATE_KEY_H_
+#define CRYPTO_EC_PRIVATE_KEY_H_
+#pragma once
+
+#include <string>
+#include <vector>
+
+#include "base/basictypes.h"
+#include "build/build_config.h"
+#include "crypto/crypto_export.h"
+
+#if defined(USE_OPENSSL)
+// Forward declaration for openssl/*.h
+typedef struct evp_pkey_st EVP_PKEY;
+#else
+// Forward declaration.
+typedef struct SECKEYPrivateKeyStr SECKEYPrivateKey;
+typedef struct SECKEYPublicKeyStr SECKEYPublicKey;
+#endif
+
+namespace crypto {
+
+// Encapsulates an elliptic curve (EC) private key. Can be used to generate new
+// keys, export keys to other formats, or to extract a public key.
+// TODO(mattm): make this and RSAPrivateKey implement some PrivateKey interface.
+// (The difference in types of key() and public_key() make this a little
+// tricky.)
+class CRYPTO_EXPORT ECPrivateKey {
+ public:
+  ~ECPrivateKey();
+
+  // Creates a new random instance. Can return NULL if initialization fails.
+  // The created key will use the NIST P-256 curve.
+  // TODO(mattm): Add a curve parameter.
+  static ECPrivateKey* Create();
+
+  // Creates a new random instance. Can return NULL if initialization fails.
+  // The created key is permanent and is not exportable in plaintext form.
+  //
+  // NOTE: Currently only available if USE_NSS is defined.
+  static ECPrivateKey* CreateSensitive();
+
+  // Creates a new instance by importing an existing key pair.
+  // The key pair is given as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo
+  // block and an X.509 SubjectPublicKeyInfo block.
+  // Returns NULL if initialization fails.
+  static ECPrivateKey* CreateFromEncryptedPrivateKeyInfo(
+      const std::string& password,
+      const std::vector<uint8>& encrypted_private_key_info,
+      const std::vector<uint8>& subject_public_key_info);
+
+  // Creates a new instance by importing an existing key pair.
+  // The key pair is given as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo
+  // block and an X.509 SubjectPublicKeyInfo block.
+  // This can return NULL if initialization fails.  The created key is permanent
+  // and is not exportable in plaintext form.
+  //
+  // NOTE: Currently only available if USE_NSS is defined.
+  static ECPrivateKey* CreateSensitiveFromEncryptedPrivateKeyInfo(
+      const std::string& password,
+      const std::vector<uint8>& encrypted_private_key_info,
+      const std::vector<uint8>& subject_public_key_info);
+
+#if defined(USE_OPENSSL)
+  EVP_PKEY* key() { return key_; }
+#else
+  SECKEYPrivateKey* key() { return key_; }
+  SECKEYPublicKey* public_key() { return public_key_; }
+#endif
+
+  // Exports the private key as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo
+  // block and the public key as an X.509 SubjectPublicKeyInfo block.
+  // The |password| and |iterations| are used as inputs to the key derivation
+  // function for generating the encryption key.  PKCS #5 recommends a minimum
+  // of 1000 iterations, on modern systems a larger value may be preferrable.
+  bool ExportEncryptedPrivateKey(const std::string& password,
+                                 int iterations,
+                                 std::vector<uint8>* output);
+
+  // Exports the public key to an X.509 SubjectPublicKeyInfo block.
+  bool ExportPublicKey(std::vector<uint8>* output);
+
+  // Exports private key data for testing. The format of data stored into output
+  // doesn't matter other than that it is consistent for the same key.
+  bool ExportValue(std::vector<uint8>* output);
+  bool ExportECParams(std::vector<uint8>* output);
+
+ private:
+  // Constructor is private. Use one of the Create*() methods above instead.
+  ECPrivateKey();
+
+  // Shared helper for Create() and CreateSensitive().
+  // TODO(cmasone): consider replacing |permanent| and |sensitive| with a
+  //                flags arg created by ORing together some enumerated values.
+  static ECPrivateKey* CreateWithParams(bool permanent,
+                                        bool sensitive);
+
+  // Shared helper for CreateFromEncryptedPrivateKeyInfo() and
+  // CreateSensitiveFromEncryptedPrivateKeyInfo().
+  static ECPrivateKey* CreateFromEncryptedPrivateKeyInfoWithParams(
+      const std::string& password,
+      const std::vector<uint8>& encrypted_private_key_info,
+      const std::vector<uint8>& subject_public_key_info,
+      bool permanent,
+      bool sensitive);
+
+#if defined(USE_OPENSSL)
+  EVP_PKEY* key_;
+#else
+  SECKEYPrivateKey* key_;
+  SECKEYPublicKey* public_key_;
+#endif
+
+  DISALLOW_COPY_AND_ASSIGN(ECPrivateKey);
+};
+
+
+}  // namespace crypto
+
+#endif  // CRYPTO_EC_PRIVATE_KEY_H_