| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CRYPTO_EC_PRIVATE_KEY_H_ | 5 #ifndef CRYPTO_EC_PRIVATE_KEY_H_ |
| 6 #define CRYPTO_EC_PRIVATE_KEY_H_ | 6 #define CRYPTO_EC_PRIVATE_KEY_H_ |
| 7 | 7 |
| 8 #include <stddef.h> | 8 #include <stddef.h> |
| 9 #include <stdint.h> | 9 #include <stdint.h> |
| 10 | 10 |
| 11 #include <string> | 11 #include <string> |
| 12 #include <vector> | 12 #include <vector> |
| 13 | 13 |
| 14 #include "base/macros.h" | 14 #include "base/macros.h" |
| 15 #include "build/build_config.h" | 15 #include "build/build_config.h" |
| 16 #include "crypto/crypto_export.h" | 16 #include "crypto/crypto_export.h" |
| 17 | 17 |
| 18 #if defined(USE_OPENSSL) | |
| 19 // Forward declaration for openssl/*.h | 18 // Forward declaration for openssl/*.h |
| 20 typedef struct evp_pkey_st EVP_PKEY; | 19 typedef struct evp_pkey_st EVP_PKEY; |
| 21 #else | |
| 22 // Forward declaration. | |
| 23 typedef struct CERTSubjectPublicKeyInfoStr CERTSubjectPublicKeyInfo; | |
| 24 typedef struct PK11SlotInfoStr PK11SlotInfo; | |
| 25 typedef struct SECKEYPrivateKeyStr SECKEYPrivateKey; | |
| 26 typedef struct SECKEYPublicKeyStr SECKEYPublicKey; | |
| 27 #endif | |
| 28 | 20 |
| 29 namespace crypto { | 21 namespace crypto { |
| 30 | 22 |
| 31 // Encapsulates an elliptic curve (EC) private key. Can be used to generate new | 23 // Encapsulates an elliptic curve (EC) private key. Can be used to generate new |
| 32 // keys, export keys to other formats, or to extract a public key. | 24 // keys, export keys to other formats, or to extract a public key. |
| 33 // TODO(mattm): make this and RSAPrivateKey implement some PrivateKey interface. | 25 // TODO(mattm): make this and RSAPrivateKey implement some PrivateKey interface. |
| 34 // (The difference in types of key() and public_key() make this a little | 26 // (The difference in types of key() and public_key() make this a little |
| 35 // tricky.) | 27 // tricky.) |
| 36 class CRYPTO_EXPORT ECPrivateKey { | 28 class CRYPTO_EXPORT ECPrivateKey { |
| 37 public: | 29 public: |
| 38 ~ECPrivateKey(); | 30 ~ECPrivateKey(); |
| 39 | 31 |
| 40 // Creates a new random instance. Can return NULL if initialization fails. | 32 // Creates a new random instance. Can return NULL if initialization fails. |
| 41 // The created key will use the NIST P-256 curve. | 33 // The created key will use the NIST P-256 curve. |
| 42 // TODO(mattm): Add a curve parameter. | 34 // TODO(mattm): Add a curve parameter. |
| 43 static ECPrivateKey* Create(); | 35 static ECPrivateKey* Create(); |
| 44 | 36 |
| 45 // Creates a new instance by importing an existing key pair. | 37 // Creates a new instance by importing an existing key pair. |
| 46 // The key pair is given as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo | 38 // The key pair is given as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo |
| 47 // block and an X.509 SubjectPublicKeyInfo block. | 39 // block and an X.509 SubjectPublicKeyInfo block. |
| 48 // Returns NULL if initialization fails. | 40 // Returns NULL if initialization fails. |
| 49 static ECPrivateKey* CreateFromEncryptedPrivateKeyInfo( | 41 static ECPrivateKey* CreateFromEncryptedPrivateKeyInfo( |
| 50 const std::string& password, | 42 const std::string& password, |
| 51 const std::vector<uint8_t>& encrypted_private_key_info, | 43 const std::vector<uint8_t>& encrypted_private_key_info, |
| 52 const std::vector<uint8_t>& subject_public_key_info); | 44 const std::vector<uint8_t>& subject_public_key_info); |
| 53 | 45 |
| 54 #if !defined(USE_OPENSSL) | |
| 55 // Imports the key pair into |slot| and returns in |public_key| and |key|. | |
| 56 // Shortcut for code that needs to keep a reference directly to NSS types | |
| 57 // without having to create a ECPrivateKey object and make a copy of them. | |
| 58 // TODO(mattm): move this function to some NSS util file. | |
| 59 static bool ImportFromEncryptedPrivateKeyInfo( | |
| 60 PK11SlotInfo* slot, | |
| 61 const std::string& password, | |
| 62 const uint8_t* encrypted_private_key_info, | |
| 63 size_t encrypted_private_key_info_len, | |
| 64 CERTSubjectPublicKeyInfo* decoded_spki, | |
| 65 bool permanent, | |
| 66 bool sensitive, | |
| 67 SECKEYPrivateKey** key, | |
| 68 SECKEYPublicKey** public_key); | |
| 69 #endif | |
| 70 | |
| 71 // Returns a copy of the object. | 46 // Returns a copy of the object. |
| 72 ECPrivateKey* Copy() const; | 47 ECPrivateKey* Copy() const; |
| 73 | 48 |
| 74 #if defined(USE_OPENSSL) | |
| 75 EVP_PKEY* key() { return key_; } | 49 EVP_PKEY* key() { return key_; } |
| 76 #else | |
| 77 SECKEYPrivateKey* key() { return key_; } | |
| 78 SECKEYPublicKey* public_key() { return public_key_; } | |
| 79 #endif | |
| 80 | 50 |
| 81 // Exports the private key as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo | 51 // Exports the private key as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo |
| 82 // block and the public key as an X.509 SubjectPublicKeyInfo block. | 52 // block and the public key as an X.509 SubjectPublicKeyInfo block. |
| 83 // The |password| and |iterations| are used as inputs to the key derivation | 53 // The |password| and |iterations| are used as inputs to the key derivation |
| 84 // function for generating the encryption key. PKCS #5 recommends a minimum | 54 // function for generating the encryption key. PKCS #5 recommends a minimum |
| 85 // of 1000 iterations, on modern systems a larger value may be preferrable. | 55 // of 1000 iterations, on modern systems a larger value may be preferrable. |
| 86 bool ExportEncryptedPrivateKey(const std::string& password, | 56 bool ExportEncryptedPrivateKey(const std::string& password, |
| 87 int iterations, | 57 int iterations, |
| 88 std::vector<uint8_t>* output); | 58 std::vector<uint8_t>* output); |
| 89 | 59 |
| 90 // Exports the public key to an X.509 SubjectPublicKeyInfo block. | 60 // Exports the public key to an X.509 SubjectPublicKeyInfo block. |
| 91 bool ExportPublicKey(std::vector<uint8_t>* output); | 61 bool ExportPublicKey(std::vector<uint8_t>* output); |
| 92 | 62 |
| 93 // Exports the public key as an EC point in the uncompressed point format. | 63 // Exports the public key as an EC point in the uncompressed point format. |
| 94 bool ExportRawPublicKey(std::string* output); | 64 bool ExportRawPublicKey(std::string* output); |
| 95 | 65 |
| 96 // Exports private key data for testing. The format of data stored into output | 66 // Exports private key data for testing. The format of data stored into output |
| 97 // doesn't matter other than that it is consistent for the same key. | 67 // doesn't matter other than that it is consistent for the same key. |
| 98 bool ExportValueForTesting(std::vector<uint8_t>* output); | 68 bool ExportValueForTesting(std::vector<uint8_t>* output); |
| 99 | 69 |
| 100 private: | 70 private: |
| 101 // Constructor is private. Use one of the Create*() methods above instead. | 71 // Constructor is private. Use one of the Create*() methods above instead. |
| 102 ECPrivateKey(); | 72 ECPrivateKey(); |
| 103 | 73 |
| 104 #if defined(USE_OPENSSL) | |
| 105 EVP_PKEY* key_; | 74 EVP_PKEY* key_; |
| 106 #else | |
| 107 SECKEYPrivateKey* key_; | |
| 108 SECKEYPublicKey* public_key_; | |
| 109 #endif | |
| 110 | 75 |
| 111 DISALLOW_COPY_AND_ASSIGN(ECPrivateKey); | 76 DISALLOW_COPY_AND_ASSIGN(ECPrivateKey); |
| 112 }; | 77 }; |
| 113 | 78 |
| 114 | 79 |
| 115 } // namespace crypto | 80 } // namespace crypto |
| 116 | 81 |
| 117 #endif // CRYPTO_EC_PRIVATE_KEY_H_ | 82 #endif // CRYPTO_EC_PRIVATE_KEY_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1882433002:
Removing NSS files and USE_OPENSSL flag (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master