OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CRYPTO_EC_PRIVATE_KEY_H_ | 5 #ifndef CRYPTO_EC_PRIVATE_KEY_H_ |
6 #define CRYPTO_EC_PRIVATE_KEY_H_ | 6 #define CRYPTO_EC_PRIVATE_KEY_H_ |
7 | 7 |
8 #include <stddef.h> | 8 #include <stddef.h> |
9 #include <stdint.h> | 9 #include <stdint.h> |
10 | 10 |
11 #include <string> | 11 #include <string> |
12 #include <vector> | 12 #include <vector> |
13 | 13 |
14 #include "base/macros.h" | 14 #include "base/macros.h" |
15 #include "build/build_config.h" | 15 #include "build/build_config.h" |
16 #include "crypto/crypto_export.h" | 16 #include "crypto/crypto_export.h" |
17 | 17 |
18 #if defined(USE_OPENSSL) | |
19 // Forward declaration for openssl/*.h | 18 // Forward declaration for openssl/*.h |
20 typedef struct evp_pkey_st EVP_PKEY; | 19 typedef struct evp_pkey_st EVP_PKEY; |
21 #else | |
22 // Forward declaration. | |
23 typedef struct CERTSubjectPublicKeyInfoStr CERTSubjectPublicKeyInfo; | |
24 typedef struct PK11SlotInfoStr PK11SlotInfo; | |
25 typedef struct SECKEYPrivateKeyStr SECKEYPrivateKey; | |
26 typedef struct SECKEYPublicKeyStr SECKEYPublicKey; | |
27 #endif | |
28 | 20 |
29 namespace crypto { | 21 namespace crypto { |
30 | 22 |
31 // Encapsulates an elliptic curve (EC) private key. Can be used to generate new | 23 // Encapsulates an elliptic curve (EC) private key. Can be used to generate new |
32 // keys, export keys to other formats, or to extract a public key. | 24 // keys, export keys to other formats, or to extract a public key. |
33 // TODO(mattm): make this and RSAPrivateKey implement some PrivateKey interface. | 25 // TODO(mattm): make this and RSAPrivateKey implement some PrivateKey interface. |
34 // (The difference in types of key() and public_key() make this a little | 26 // (The difference in types of key() and public_key() make this a little |
35 // tricky.) | 27 // tricky.) |
36 class CRYPTO_EXPORT ECPrivateKey { | 28 class CRYPTO_EXPORT ECPrivateKey { |
37 public: | 29 public: |
38 ~ECPrivateKey(); | 30 ~ECPrivateKey(); |
39 | 31 |
40 // Creates a new random instance. Can return NULL if initialization fails. | 32 // Creates a new random instance. Can return NULL if initialization fails. |
41 // The created key will use the NIST P-256 curve. | 33 // The created key will use the NIST P-256 curve. |
42 // TODO(mattm): Add a curve parameter. | 34 // TODO(mattm): Add a curve parameter. |
43 static ECPrivateKey* Create(); | 35 static ECPrivateKey* Create(); |
44 | 36 |
45 // Creates a new instance by importing an existing key pair. | 37 // Creates a new instance by importing an existing key pair. |
46 // The key pair is given as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo | 38 // The key pair is given as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo |
47 // block and an X.509 SubjectPublicKeyInfo block. | 39 // block and an X.509 SubjectPublicKeyInfo block. |
48 // Returns NULL if initialization fails. | 40 // Returns NULL if initialization fails. |
49 static ECPrivateKey* CreateFromEncryptedPrivateKeyInfo( | 41 static ECPrivateKey* CreateFromEncryptedPrivateKeyInfo( |
50 const std::string& password, | 42 const std::string& password, |
51 const std::vector<uint8_t>& encrypted_private_key_info, | 43 const std::vector<uint8_t>& encrypted_private_key_info, |
52 const std::vector<uint8_t>& subject_public_key_info); | 44 const std::vector<uint8_t>& subject_public_key_info); |
53 | 45 |
54 #if !defined(USE_OPENSSL) | |
55 // Imports the key pair into |slot| and returns in |public_key| and |key|. | |
56 // Shortcut for code that needs to keep a reference directly to NSS types | |
57 // without having to create a ECPrivateKey object and make a copy of them. | |
58 // TODO(mattm): move this function to some NSS util file. | |
59 static bool ImportFromEncryptedPrivateKeyInfo( | |
60 PK11SlotInfo* slot, | |
61 const std::string& password, | |
62 const uint8_t* encrypted_private_key_info, | |
63 size_t encrypted_private_key_info_len, | |
64 CERTSubjectPublicKeyInfo* decoded_spki, | |
65 bool permanent, | |
66 bool sensitive, | |
67 SECKEYPrivateKey** key, | |
68 SECKEYPublicKey** public_key); | |
69 #endif | |
70 | |
71 // Returns a copy of the object. | 46 // Returns a copy of the object. |
72 ECPrivateKey* Copy() const; | 47 ECPrivateKey* Copy() const; |
73 | 48 |
74 #if defined(USE_OPENSSL) | |
75 EVP_PKEY* key() { return key_; } | 49 EVP_PKEY* key() { return key_; } |
76 #else | |
77 SECKEYPrivateKey* key() { return key_; } | |
78 SECKEYPublicKey* public_key() { return public_key_; } | |
79 #endif | |
80 | 50 |
81 // Exports the private key as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo | 51 // Exports the private key as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo |
82 // block and the public key as an X.509 SubjectPublicKeyInfo block. | 52 // block and the public key as an X.509 SubjectPublicKeyInfo block. |
83 // The |password| and |iterations| are used as inputs to the key derivation | 53 // The |password| and |iterations| are used as inputs to the key derivation |
84 // function for generating the encryption key. PKCS #5 recommends a minimum | 54 // function for generating the encryption key. PKCS #5 recommends a minimum |
85 // of 1000 iterations, on modern systems a larger value may be preferrable. | 55 // of 1000 iterations, on modern systems a larger value may be preferrable. |
86 bool ExportEncryptedPrivateKey(const std::string& password, | 56 bool ExportEncryptedPrivateKey(const std::string& password, |
87 int iterations, | 57 int iterations, |
88 std::vector<uint8_t>* output); | 58 std::vector<uint8_t>* output); |
89 | 59 |
90 // Exports the public key to an X.509 SubjectPublicKeyInfo block. | 60 // Exports the public key to an X.509 SubjectPublicKeyInfo block. |
91 bool ExportPublicKey(std::vector<uint8_t>* output); | 61 bool ExportPublicKey(std::vector<uint8_t>* output); |
92 | 62 |
93 // Exports the public key as an EC point in the uncompressed point format. | 63 // Exports the public key as an EC point in the uncompressed point format. |
94 bool ExportRawPublicKey(std::string* output); | 64 bool ExportRawPublicKey(std::string* output); |
95 | 65 |
96 // Exports private key data for testing. The format of data stored into output | 66 // Exports private key data for testing. The format of data stored into output |
97 // doesn't matter other than that it is consistent for the same key. | 67 // doesn't matter other than that it is consistent for the same key. |
98 bool ExportValueForTesting(std::vector<uint8_t>* output); | 68 bool ExportValueForTesting(std::vector<uint8_t>* output); |
99 | 69 |
100 private: | 70 private: |
101 // Constructor is private. Use one of the Create*() methods above instead. | 71 // Constructor is private. Use one of the Create*() methods above instead. |
102 ECPrivateKey(); | 72 ECPrivateKey(); |
103 | 73 |
104 #if defined(USE_OPENSSL) | |
105 EVP_PKEY* key_; | 74 EVP_PKEY* key_; |
106 #else | |
107 SECKEYPrivateKey* key_; | |
108 SECKEYPublicKey* public_key_; | |
109 #endif | |
110 | 75 |
111 DISALLOW_COPY_AND_ASSIGN(ECPrivateKey); | 76 DISALLOW_COPY_AND_ASSIGN(ECPrivateKey); |
112 }; | 77 }; |
113 | 78 |
114 | 79 |
115 } // namespace crypto | 80 } // namespace crypto |
116 | 81 |
117 #endif // CRYPTO_EC_PRIVATE_KEY_H_ | 82 #endif // CRYPTO_EC_PRIVATE_KEY_H_ |
OLD | NEW |