| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CRYPTO_RSA_PRIVATE_KEY_H_ | 5 #ifndef CRYPTO_RSA_PRIVATE_KEY_H_ |
| 6 #define CRYPTO_RSA_PRIVATE_KEY_H_ | 6 #define CRYPTO_RSA_PRIVATE_KEY_H_ |
| 7 | 7 |
| 8 #include "build/build_config.h" | 8 #include "build/build_config.h" |
| 9 | 9 |
| 10 #if defined(USE_OPENSSL) | |
| 11 // Forward declaration for openssl/*.h | |
| 12 typedef struct evp_pkey_st EVP_PKEY; | |
| 13 #elif defined(USE_NSS) | |
| 14 // Forward declaration. | |
| 15 typedef struct SECKEYPrivateKeyStr SECKEYPrivateKey; | |
| 16 typedef struct SECKEYPublicKeyStr SECKEYPublicKey; | |
| 17 #elif defined(OS_IOS) | |
| 18 #include <Security/Security.h> | |
| 19 #elif defined(OS_MACOSX) | |
| 20 #include <Security/cssm.h> | |
| 21 #endif | |
| 22 | |
| 23 #include <list> | 10 #include <list> |
| 24 #include <vector> | 11 #include <vector> |
| 25 | 12 |
| 26 #include "base/basictypes.h" | 13 #include "base/basictypes.h" |
| 27 #include "crypto/crypto_export.h" | 14 #include "crypto/crypto_export.h" |
| 28 | 15 |
| 29 #if defined(OS_WIN) | |
| 30 #include "crypto/scoped_capi_types.h" | |
| 31 #endif | |
| 32 #if defined(USE_NSS) | 16 #if defined(USE_NSS) |
| 33 #include "base/gtest_prod_util.h" | 17 #include "base/gtest_prod_util.h" |
| 34 #endif | 18 #endif |
| 35 | 19 |
| 20 #if defined(USE_OPENSSL) |
| 21 // Forward declaration for openssl/*.h |
| 22 typedef struct evp_pkey_st EVP_PKEY; |
| 23 #elif defined(USE_NSS) || defined(OS_WIN) || defined(OS_MACOSX) |
| 24 // Forward declaration. |
| 25 typedef struct SECKEYPrivateKeyStr SECKEYPrivateKey; |
| 26 typedef struct SECKEYPublicKeyStr SECKEYPublicKey; |
| 27 #endif |
| 28 |
| 29 |
| 36 namespace crypto { | 30 namespace crypto { |
| 37 | 31 |
| 38 // Used internally by RSAPrivateKey for serializing and deserializing | 32 // Used internally by RSAPrivateKey for serializing and deserializing |
| 39 // PKCS #8 PrivateKeyInfo and PublicKeyInfo. | 33 // PKCS #8 PrivateKeyInfo and PublicKeyInfo. |
| 40 class PrivateKeyInfoCodec { | 34 class PrivateKeyInfoCodec { |
| 41 public: | 35 public: |
| 42 | 36 |
| 43 // ASN.1 encoding of the AlgorithmIdentifier from PKCS #8. | 37 // ASN.1 encoding of the AlgorithmIdentifier from PKCS #8. |
| 44 static const uint8 kRsaAlgorithmIdentifier[]; | 38 static const uint8 kRsaAlgorithmIdentifier[]; |
| 45 | 39 |
| (...skipping 126 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 172 // Encapsulates an RSA private key. Can be used to generate new keys, export | 166 // Encapsulates an RSA private key. Can be used to generate new keys, export |
| 173 // keys to other formats, or to extract a public key. | 167 // keys to other formats, or to extract a public key. |
| 174 // TODO(hclam): This class should be ref-counted so it can be reused easily. | 168 // TODO(hclam): This class should be ref-counted so it can be reused easily. |
| 175 class CRYPTO_EXPORT RSAPrivateKey { | 169 class CRYPTO_EXPORT RSAPrivateKey { |
| 176 public: | 170 public: |
| 177 ~RSAPrivateKey(); | 171 ~RSAPrivateKey(); |
| 178 | 172 |
| 179 // Create a new random instance. Can return NULL if initialization fails. | 173 // Create a new random instance. Can return NULL if initialization fails. |
| 180 static RSAPrivateKey* Create(uint16 num_bits); | 174 static RSAPrivateKey* Create(uint16 num_bits); |
| 181 | 175 |
| 182 // Create a new random instance. Can return NULL if initialization fails. | |
| 183 // The created key is permanent and is not exportable in plaintext form. | |
| 184 // | |
| 185 // NOTE: Currently only available if USE_NSS is defined. | |
| 186 static RSAPrivateKey* CreateSensitive(uint16 num_bits); | |
| 187 | |
| 188 // Create a new instance by importing an existing private key. The format is | 176 // Create a new instance by importing an existing private key. The format is |
| 189 // an ASN.1-encoded PrivateKeyInfo block from PKCS #8. This can return NULL if | 177 // an ASN.1-encoded PrivateKeyInfo block from PKCS #8. This can return NULL if |
| 190 // initialization fails. | 178 // initialization fails. |
| 191 static RSAPrivateKey* CreateFromPrivateKeyInfo( | 179 static RSAPrivateKey* CreateFromPrivateKeyInfo( |
| 192 const std::vector<uint8>& input); | 180 const std::vector<uint8>& input); |
| 193 | 181 |
| 182 #if defined(USE_NSS) |
| 183 // Create a new random instance. Can return NULL if initialization fails. |
| 184 // The created key is permanent and is not exportable in plaintext form. |
| 185 static RSAPrivateKey* CreateSensitive(uint16 num_bits); |
| 186 |
| 194 // Create a new instance by importing an existing private key. The format is | 187 // Create a new instance by importing an existing private key. The format is |
| 195 // an ASN.1-encoded PrivateKeyInfo block from PKCS #8. This can return NULL if | 188 // an ASN.1-encoded PrivateKeyInfo block from PKCS #8. This can return NULL if |
| 196 // initialization fails. | 189 // initialization fails. |
| 197 // The created key is permanent and is not exportable in plaintext form. | 190 // The created key is permanent and is not exportable in plaintext form. |
| 198 // | |
| 199 // NOTE: Currently only available if USE_NSS is defined. | |
| 200 static RSAPrivateKey* CreateSensitiveFromPrivateKeyInfo( | 191 static RSAPrivateKey* CreateSensitiveFromPrivateKeyInfo( |
| 201 const std::vector<uint8>& input); | 192 const std::vector<uint8>& input); |
| 202 | 193 |
| 203 #if defined(USE_NSS) | |
| 204 // Create a new instance by referencing an existing private key | 194 // Create a new instance by referencing an existing private key |
| 205 // structure. Does not import the key. | 195 // structure. Does not import the key. |
| 206 static RSAPrivateKey* CreateFromKey(SECKEYPrivateKey* key); | 196 static RSAPrivateKey* CreateFromKey(SECKEYPrivateKey* key); |
| 207 #endif | |
| 208 | 197 |
| 209 // Import an existing public key, and then search for the private | 198 // Import an existing public key, and then search for the private |
| 210 // half in the key database. The format of the public key blob is is | 199 // half in the key database. The format of the public key blob is is |
| 211 // an X509 SubjectPublicKeyInfo block. This can return NULL if | 200 // an X509 SubjectPublicKeyInfo block. This can return NULL if |
| 212 // initialization fails or the private key cannot be found. The | 201 // initialization fails or the private key cannot be found. The |
| 213 // caller takes ownership of the returned object, but nothing new is | 202 // caller takes ownership of the returned object, but nothing new is |
| 214 // created in the key database. | 203 // created in the key database. |
| 215 // | |
| 216 // NOTE: Currently only available if USE_NSS is defined. | |
| 217 static RSAPrivateKey* FindFromPublicKeyInfo( | 204 static RSAPrivateKey* FindFromPublicKeyInfo( |
| 218 const std::vector<uint8>& input); | 205 const std::vector<uint8>& input); |
| 206 #endif |
| 219 | 207 |
| 220 #if defined(USE_OPENSSL) | 208 #if defined(USE_OPENSSL) |
| 221 EVP_PKEY* key() { return key_; } | 209 EVP_PKEY* key() { return key_; } |
| 222 #elif defined(USE_NSS) | 210 #elif defined(USE_NSS) || defined(OS_WIN) || defined(OS_MACOSX) |
| 223 SECKEYPrivateKey* key() { return key_; } | 211 SECKEYPrivateKey* key() { return key_; } |
| 224 SECKEYPublicKey* public_key() { return public_key_; } | 212 SECKEYPublicKey* public_key() { return public_key_; } |
| 225 #elif defined(OS_WIN) | |
| 226 HCRYPTPROV provider() { return provider_; } | |
| 227 HCRYPTKEY key() { return key_; } | |
| 228 #elif defined(OS_IOS) | |
| 229 SecKeyRef key() { return key_; } | |
| 230 SecKeyRef public_key() { return public_key_; } | |
| 231 #elif defined(OS_MACOSX) | |
| 232 CSSM_KEY_PTR key() { return &key_; } | |
| 233 CSSM_KEY_PTR public_key() { return &public_key_; } | |
| 234 #endif | 213 #endif |
| 235 | 214 |
| 236 // Creates a copy of the object. | 215 // Creates a copy of the object. |
| 237 RSAPrivateKey* Copy() const; | 216 RSAPrivateKey* Copy() const; |
| 238 | 217 |
| 239 // Exports the private key to a PKCS #1 PrivateKey block. | 218 // Exports the private key to a PKCS #1 PrivateKey block. |
| 240 bool ExportPrivateKey(std::vector<uint8>* output) const; | 219 bool ExportPrivateKey(std::vector<uint8>* output) const; |
| 241 | 220 |
| 242 // Exports the public key to an X509 SubjectPublicKeyInfo block. | 221 // Exports the public key to an X509 SubjectPublicKeyInfo block. |
| 243 bool ExportPublicKey(std::vector<uint8>* output) const; | 222 bool ExportPublicKey(std::vector<uint8>* output) const; |
| 244 | 223 |
| 245 private: | 224 private: |
| 246 #if defined(USE_NSS) | 225 #if defined(USE_NSS) |
| 247 FRIEND_TEST_ALL_PREFIXES(RSAPrivateKeyNSSTest, FindFromPublicKey); | 226 FRIEND_TEST_ALL_PREFIXES(RSAPrivateKeyNSSTest, FindFromPublicKey); |
| 248 FRIEND_TEST_ALL_PREFIXES(RSAPrivateKeyNSSTest, FailedFindFromPublicKey); | 227 FRIEND_TEST_ALL_PREFIXES(RSAPrivateKeyNSSTest, FailedFindFromPublicKey); |
| 249 #endif | 228 #endif |
| 250 | 229 |
| 251 // Constructor is private. Use one of the Create*() or Find*() | 230 // Constructor is private. Use one of the Create*() or Find*() |
| 252 // methods above instead. | 231 // methods above instead. |
| 253 RSAPrivateKey(); | 232 RSAPrivateKey(); |
| 254 | 233 |
| 255 // Shared helper for Create() and CreateSensitive(). | 234 // Shared helper for Create() and CreateSensitive(). |
| 256 // TODO(cmasone): consider replacing |permanent| and |sensitive| with a | 235 // TODO(cmasone): consider replacing |permanent| and |sensitive| with a |
| 257 // flags arg created by ORing together some enumerated values. | 236 // flags arg created by ORing together some enumerated values. |
| 237 // Note: |permanent| is only supported when USE_NSS is defined. |
| 258 static RSAPrivateKey* CreateWithParams(uint16 num_bits, | 238 static RSAPrivateKey* CreateWithParams(uint16 num_bits, |
| 259 bool permanent, | 239 bool permanent, |
| 260 bool sensitive); | 240 bool sensitive); |
| 261 | 241 |
| 262 // Shared helper for CreateFromPrivateKeyInfo() and | 242 // Shared helper for CreateFromPrivateKeyInfo() and |
| 263 // CreateSensitiveFromPrivateKeyInfo(). | 243 // CreateSensitiveFromPrivateKeyInfo(). |
| 244 // Note: |permanent| is only supported when USE_NSS is defined. |
| 264 static RSAPrivateKey* CreateFromPrivateKeyInfoWithParams( | 245 static RSAPrivateKey* CreateFromPrivateKeyInfoWithParams( |
| 265 const std::vector<uint8>& input, bool permanent, bool sensitive); | 246 const std::vector<uint8>& input, |
| 247 bool permanent, |
| 248 bool sensitive); |
| 266 | 249 |
| 267 #if defined(USE_OPENSSL) | 250 #if defined(USE_OPENSSL) |
| 268 EVP_PKEY* key_; | 251 EVP_PKEY* key_; |
| 269 #elif defined(USE_NSS) | 252 #elif defined(USE_NSS) || defined(OS_WIN) || defined(OS_MACOSX) |
| 270 SECKEYPrivateKey* key_; | 253 SECKEYPrivateKey* key_; |
| 271 SECKEYPublicKey* public_key_; | 254 SECKEYPublicKey* public_key_; |
| 272 #elif defined(OS_WIN) | |
| 273 bool InitProvider(); | |
| 274 | |
| 275 ScopedHCRYPTPROV provider_; | |
| 276 ScopedHCRYPTKEY key_; | |
| 277 #elif defined(OS_IOS) | |
| 278 SecKeyRef key_; | |
| 279 SecKeyRef public_key_; | |
| 280 #elif defined(OS_MACOSX) | |
| 281 CSSM_KEY key_; | |
| 282 CSSM_KEY public_key_; | |
| 283 #endif | 255 #endif |
| 284 | 256 |
| 285 DISALLOW_COPY_AND_ASSIGN(RSAPrivateKey); | 257 DISALLOW_COPY_AND_ASSIGN(RSAPrivateKey); |
| 286 }; | 258 }; |
| 287 | 259 |
| 288 } // namespace crypto | 260 } // namespace crypto |
| 289 | 261 |
| 290 #endif // CRYPTO_RSA_PRIVATE_KEY_H_ | 262 #endif // CRYPTO_RSA_PRIVATE_KEY_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 17265013:
Remove platform-specific implementations of RSAPrivateKey and SignatureCreator (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src