OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CRYPTO_RSA_PRIVATE_KEY_H_ | 5 #ifndef CRYPTO_RSA_PRIVATE_KEY_H_ |
6 #define CRYPTO_RSA_PRIVATE_KEY_H_ | 6 #define CRYPTO_RSA_PRIVATE_KEY_H_ |
7 | 7 |
8 #include "build/build_config.h" | 8 #include "build/build_config.h" |
9 | 9 |
10 #include <list> | 10 #include <list> |
(...skipping 173 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
184 // Create a new instance from an existing EVP_PKEY, taking a | 184 // Create a new instance from an existing EVP_PKEY, taking a |
185 // reference to it. |key| must be an RSA key. Returns NULL on | 185 // reference to it. |key| must be an RSA key. Returns NULL on |
186 // failure. | 186 // failure. |
187 static RSAPrivateKey* CreateFromKey(EVP_PKEY* key); | 187 static RSAPrivateKey* CreateFromKey(EVP_PKEY* key); |
188 #else | 188 #else |
189 // Create a new instance by referencing an existing private key | 189 // Create a new instance by referencing an existing private key |
190 // structure. Does not import the key. | 190 // structure. Does not import the key. |
191 static RSAPrivateKey* CreateFromKey(SECKEYPrivateKey* key); | 191 static RSAPrivateKey* CreateFromKey(SECKEYPrivateKey* key); |
192 #endif | 192 #endif |
193 | 193 |
194 // TODO(davidben): These functions are used when NSS is the platform key | |
195 // store, but they also assume that the internal crypto library is NSS. Split | |
196 // out the convenience NSS platform key methods from the logic which expects | |
197 // an RSAPrivateKey. See https://crbug.com/478777. | |
198 #if defined(USE_NSS_CERTS) && !defined(USE_OPENSSL) | |
199 // Create a new random instance in |slot|. Can return NULL if initialization | |
200 // fails. The created key is permanent and is not exportable in plaintext | |
201 // form. | |
202 static RSAPrivateKey* CreateSensitive(PK11SlotInfo* slot, uint16 num_bits); | |
203 | |
204 // Create a new instance in |slot| by importing an existing private key. The | |
205 // format is an ASN.1-encoded PrivateKeyInfo block from PKCS #8. This can | |
206 // return NULL if initialization fails. | |
207 // The created key is permanent and is not exportable in plaintext form. | |
208 static RSAPrivateKey* CreateSensitiveFromPrivateKeyInfo( | |
209 PK11SlotInfo* slot, | |
210 const std::vector<uint8>& input); | |
211 | |
212 // Import an existing public key, and then search for the private | |
213 // half in the key database. The format of the public key blob is is | |
214 // an X509 SubjectPublicKeyInfo block. This can return NULL if | |
215 // initialization fails or the private key cannot be found. The | |
216 // caller takes ownership of the returned object, but nothing new is | |
217 // created in the key database. | |
218 static RSAPrivateKey* FindFromPublicKeyInfo( | |
219 const std::vector<uint8>& input); | |
220 | |
221 // Import an existing public key, and then search for the private | |
222 // half in the slot specified by |slot|. The format of the public | |
223 // key blob is is an X509 SubjectPublicKeyInfo block. This can return | |
224 // NULL if initialization fails or the private key cannot be found. | |
225 // The caller takes ownership of the returned object, but nothing new | |
226 // is created in the slot. | |
227 static RSAPrivateKey* FindFromPublicKeyInfoInSlot( | |
228 const std::vector<uint8>& input, | |
229 PK11SlotInfo* slot); | |
230 #endif // USE_NSS_CERTS && !USE_OPENSSL | |
231 | |
232 #if defined(USE_OPENSSL) | 194 #if defined(USE_OPENSSL) |
233 EVP_PKEY* key() { return key_; } | 195 EVP_PKEY* key() { return key_; } |
234 #else | 196 #else |
235 SECKEYPrivateKey* key() { return key_; } | 197 SECKEYPrivateKey* key() { return key_; } |
236 SECKEYPublicKey* public_key() { return public_key_; } | 198 SECKEYPublicKey* public_key() { return public_key_; } |
237 #endif | 199 #endif |
238 | 200 |
239 // Creates a copy of the object. | 201 // Creates a copy of the object. |
240 RSAPrivateKey* Copy() const; | 202 RSAPrivateKey* Copy() const; |
241 | 203 |
242 // Exports the private key to a PKCS #1 PrivateKey block. | 204 // Exports the private key to a PKCS #1 PrivateKey block. |
243 bool ExportPrivateKey(std::vector<uint8>* output) const; | 205 bool ExportPrivateKey(std::vector<uint8>* output) const; |
244 | 206 |
245 // Exports the public key to an X509 SubjectPublicKeyInfo block. | 207 // Exports the public key to an X509 SubjectPublicKeyInfo block. |
246 bool ExportPublicKey(std::vector<uint8>* output) const; | 208 bool ExportPublicKey(std::vector<uint8>* output) const; |
247 | 209 |
248 private: | 210 private: |
249 #if defined(USE_NSS_CERTS) | 211 #if defined(USE_NSS_CERTS) |
250 FRIEND_TEST_ALL_PREFIXES(RSAPrivateKeyNSSTest, FindFromPublicKey); | 212 FRIEND_TEST_ALL_PREFIXES(RSAPrivateKeyNSSTest, FindFromPublicKey); |
251 FRIEND_TEST_ALL_PREFIXES(RSAPrivateKeyNSSTest, FailedFindFromPublicKey); | 213 FRIEND_TEST_ALL_PREFIXES(RSAPrivateKeyNSSTest, FailedFindFromPublicKey); |
252 #endif | 214 #endif |
253 | 215 |
254 // Constructor is private. Use one of the Create*() or Find*() | 216 // Constructor is private. Use one of the Create*() methods above instead. |
255 // methods above instead. | |
256 RSAPrivateKey(); | 217 RSAPrivateKey(); |
257 | 218 |
258 #if !defined(USE_OPENSSL) | |
259 // Shared helper for Create() and CreateSensitive(). | |
260 // TODO(cmasone): consider replacing |permanent| and |sensitive| with a | |
261 // flags arg created by ORing together some enumerated values. | |
262 // Note: |permanent| is only supported when USE_NSS_CERTS is defined. | |
263 static RSAPrivateKey* CreateWithParams(PK11SlotInfo* slot, | |
264 uint16 num_bits, | |
265 bool permanent, | |
266 bool sensitive); | |
267 | |
268 // Shared helper for CreateFromPrivateKeyInfo() and | |
269 // CreateSensitiveFromPrivateKeyInfo(). | |
270 // Note: |permanent| is only supported when USE_NSS_CERTS is defined. | |
271 static RSAPrivateKey* CreateFromPrivateKeyInfoWithParams( | |
272 PK11SlotInfo* slot, | |
273 const std::vector<uint8>& input, | |
274 bool permanent, | |
275 bool sensitive); | |
276 #endif | |
277 | |
278 #if defined(USE_NSS_CERTS) | |
279 // Import an existing public key. The format of the public key blob | |
280 // is an X509 SubjectPublicKeyInfo block. This can return NULL if | |
281 // initialization fails. The caller takes ownership of the returned | |
282 // object. Note that this method doesn't initialize the |key_| member. | |
283 static RSAPrivateKey* InitPublicPart(const std::vector<uint8>& input); | |
284 #endif | |
285 | |
286 #if defined(USE_OPENSSL) | 219 #if defined(USE_OPENSSL) |
287 EVP_PKEY* key_; | 220 EVP_PKEY* key_; |
288 #else | 221 #else |
289 SECKEYPrivateKey* key_; | 222 SECKEYPrivateKey* key_; |
290 SECKEYPublicKey* public_key_; | 223 SECKEYPublicKey* public_key_; |
291 #endif | 224 #endif |
292 | 225 |
293 DISALLOW_COPY_AND_ASSIGN(RSAPrivateKey); | 226 DISALLOW_COPY_AND_ASSIGN(RSAPrivateKey); |
294 }; | 227 }; |
295 | 228 |
296 } // namespace crypto | 229 } // namespace crypto |
297 | 230 |
298 #endif // CRYPTO_RSA_PRIVATE_KEY_H_ | 231 #endif // CRYPTO_RSA_PRIVATE_KEY_H_ |
OLD | NEW |