OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CRYPTO_EC_PRIVATE_KEY_H_ | 5 #ifndef CRYPTO_EC_PRIVATE_KEY_H_ |
6 #define CRYPTO_EC_PRIVATE_KEY_H_ | 6 #define CRYPTO_EC_PRIVATE_KEY_H_ |
7 | 7 |
8 #include <string> | 8 #include <string> |
9 #include <vector> | 9 #include <vector> |
10 | 10 |
11 #include "base/basictypes.h" | 11 #include "base/basictypes.h" |
12 #include "build/build_config.h" | 12 #include "build/build_config.h" |
13 #include "crypto/crypto_export.h" | 13 #include "crypto/crypto_export.h" |
14 | 14 |
15 #if !defined(USE_OPENSSL) | |
16 #include "crypto/scoped_nss_types.h" | |
17 #endif | |
wtc
2013/11/11 20:56:25
Move this to the #else block on lines 22-27.
mattm
2013/11/12 02:42:44
Done.
| |
18 | |
15 #if defined(USE_OPENSSL) | 19 #if defined(USE_OPENSSL) |
16 // Forward declaration for openssl/*.h | 20 // Forward declaration for openssl/*.h |
17 typedef struct evp_pkey_st EVP_PKEY; | 21 typedef struct evp_pkey_st EVP_PKEY; |
18 #else | 22 #else |
19 // Forward declaration. | 23 // Forward declaration. |
20 typedef struct CERTSubjectPublicKeyInfoStr CERTSubjectPublicKeyInfo; | 24 typedef struct CERTSubjectPublicKeyInfoStr CERTSubjectPublicKeyInfo; |
21 typedef struct SECKEYPrivateKeyStr SECKEYPrivateKey; | 25 typedef struct SECKEYPrivateKeyStr SECKEYPrivateKey; |
22 typedef struct SECKEYPublicKeyStr SECKEYPublicKey; | 26 typedef struct SECKEYPublicKeyStr SECKEYPublicKey; |
23 #endif | 27 #endif |
24 | 28 |
25 namespace crypto { | 29 namespace crypto { |
26 | 30 |
27 // Encapsulates an elliptic curve (EC) private key. Can be used to generate new | 31 // Encapsulates an elliptic curve (EC) private key. Can be used to generate new |
28 // keys, export keys to other formats, or to extract a public key. | 32 // keys, export keys to other formats, or to extract a public key. |
29 // TODO(mattm): make this and RSAPrivateKey implement some PrivateKey interface. | 33 // TODO(mattm): make this and RSAPrivateKey implement some PrivateKey interface. |
30 // (The difference in types of key() and public_key() make this a little | 34 // (The difference in types of key() and public_key() make this a little |
31 // tricky.) | 35 // tricky.) |
32 class CRYPTO_EXPORT ECPrivateKey { | 36 class CRYPTO_EXPORT ECPrivateKey { |
33 public: | 37 public: |
34 ~ECPrivateKey(); | 38 ~ECPrivateKey(); |
35 | 39 |
36 // Returns whether the system supports elliptic curve cryptography. | 40 // Returns whether the system supports elliptic curve cryptography. |
37 static bool IsSupported(); | 41 static bool IsSupported(); |
38 | 42 |
39 // Creates a new random instance. Can return NULL if initialization fails. | 43 // Creates a new random instance. Can return NULL if initialization fails. |
40 // The created key will use the NIST P-256 curve. | 44 // The created key will use the NIST P-256 curve. |
41 // TODO(mattm): Add a curve parameter. | 45 // TODO(mattm): Add a curve parameter. |
42 static ECPrivateKey* Create(); | 46 static ECPrivateKey* Create(); |
43 | 47 |
48 #if defined(USE_NSS) | |
44 // Creates a new random instance. Can return NULL if initialization fails. | 49 // Creates a new random instance. Can return NULL if initialization fails. |
45 // The created key is permanent and is not exportable in plaintext form. | 50 // The created key is permanent and is not exportable in plaintext form. |
wtc
2013/11/11 20:56:25
Nit: mention the new |slot| argument.
mattm
2013/11/12 02:42:44
Done.
| |
46 // | 51 // |
47 // NOTE: Currently only available if USE_NSS is defined. | 52 // NOTE: Currently only available if USE_NSS is defined. |
wtc
2013/11/11 20:56:25
Nit: perhaps we can delete this comment now that t
mattm
2013/11/12 02:42:44
Done.
| |
48 static ECPrivateKey* CreateSensitive(); | 53 static ECPrivateKey* CreateSensitive(ScopedPK11Slot slot); |
54 #endif | |
49 | 55 |
50 // Creates a new instance by importing an existing key pair. | 56 // Creates a new instance by importing an existing key pair. |
51 // The key pair is given as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo | 57 // The key pair is given as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo |
52 // block and an X.509 SubjectPublicKeyInfo block. | 58 // block and an X.509 SubjectPublicKeyInfo block. |
53 // Returns NULL if initialization fails. | 59 // Returns NULL if initialization fails. |
54 static ECPrivateKey* CreateFromEncryptedPrivateKeyInfo( | 60 static ECPrivateKey* CreateFromEncryptedPrivateKeyInfo( |
55 const std::string& password, | 61 const std::string& password, |
56 const std::vector<uint8>& encrypted_private_key_info, | 62 const std::vector<uint8>& encrypted_private_key_info, |
57 const std::vector<uint8>& subject_public_key_info); | 63 const std::vector<uint8>& subject_public_key_info); |
58 | 64 |
65 #if defined(USE_NSS) | |
59 // Creates a new instance by importing an existing key pair. | 66 // Creates a new instance by importing an existing key pair. |
60 // The key pair is given as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo | 67 // The key pair is given as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo |
61 // block and an X.509 SubjectPublicKeyInfo block. | 68 // block and an X.509 SubjectPublicKeyInfo block. |
62 // This can return NULL if initialization fails. The created key is permanent | 69 // This can return NULL if initialization fails. The created key is permanent |
63 // and is not exportable in plaintext form. | 70 // and is not exportable in plaintext form. |
64 // | 71 // |
65 // NOTE: Currently only available if USE_NSS is defined. | 72 // NOTE: Currently only available if USE_NSS is defined. |
wtc
2013/11/11 20:56:25
Nit: perhaps we can delete this comment now that t
mattm
2013/11/12 02:42:44
Done.
| |
66 static ECPrivateKey* CreateSensitiveFromEncryptedPrivateKeyInfo( | 73 static ECPrivateKey* CreateSensitiveFromEncryptedPrivateKeyInfo( |
74 ScopedPK11Slot slot, | |
67 const std::string& password, | 75 const std::string& password, |
68 const std::vector<uint8>& encrypted_private_key_info, | 76 const std::vector<uint8>& encrypted_private_key_info, |
69 const std::vector<uint8>& subject_public_key_info); | 77 const std::vector<uint8>& subject_public_key_info); |
78 #endif | |
70 | 79 |
71 #if !defined(USE_OPENSSL) | 80 #if !defined(USE_OPENSSL) |
72 // Imports the key pair and returns in |public_key| and |key|. | 81 // Imports the key pair and returns in |public_key| and |key|. |
73 // Shortcut for code that needs to keep a reference directly to NSS types | 82 // Shortcut for code that needs to keep a reference directly to NSS types |
74 // without having to create a ECPrivateKey object and make a copy of them. | 83 // without having to create a ECPrivateKey object and make a copy of them. |
75 // TODO(mattm): move this function to some NSS util file. | 84 // TODO(mattm): move this function to some NSS util file. |
76 static bool ImportFromEncryptedPrivateKeyInfo( | 85 static bool ImportFromEncryptedPrivateKeyInfo( |
86 ScopedPK11Slot slot, | |
77 const std::string& password, | 87 const std::string& password, |
78 const uint8* encrypted_private_key_info, | 88 const uint8* encrypted_private_key_info, |
79 size_t encrypted_private_key_info_len, | 89 size_t encrypted_private_key_info_len, |
80 CERTSubjectPublicKeyInfo* decoded_spki, | 90 CERTSubjectPublicKeyInfo* decoded_spki, |
81 bool permanent, | 91 bool permanent, |
82 bool sensitive, | 92 bool sensitive, |
83 SECKEYPrivateKey** key, | 93 SECKEYPrivateKey** key, |
84 SECKEYPublicKey** public_key); | 94 SECKEYPublicKey** public_key); |
85 #endif | 95 #endif |
86 | 96 |
(...skipping 18 matching lines...) Expand all Loading... | |
105 | 115 |
106 // Exports private key data for testing. The format of data stored into output | 116 // Exports private key data for testing. The format of data stored into output |
107 // doesn't matter other than that it is consistent for the same key. | 117 // doesn't matter other than that it is consistent for the same key. |
108 bool ExportValue(std::vector<uint8>* output); | 118 bool ExportValue(std::vector<uint8>* output); |
109 bool ExportECParams(std::vector<uint8>* output); | 119 bool ExportECParams(std::vector<uint8>* output); |
110 | 120 |
111 private: | 121 private: |
112 // Constructor is private. Use one of the Create*() methods above instead. | 122 // Constructor is private. Use one of the Create*() methods above instead. |
113 ECPrivateKey(); | 123 ECPrivateKey(); |
114 | 124 |
125 #if !defined(USE_OPENSSL) | |
115 // Shared helper for Create() and CreateSensitive(). | 126 // Shared helper for Create() and CreateSensitive(). |
116 // TODO(cmasone): consider replacing |permanent| and |sensitive| with a | 127 // TODO(cmasone): consider replacing |permanent| and |sensitive| with a |
117 // flags arg created by ORing together some enumerated values. | 128 // flags arg created by ORing together some enumerated values. |
118 static ECPrivateKey* CreateWithParams(bool permanent, | 129 static ECPrivateKey* CreateWithParams(ScopedPK11Slot slot, |
130 bool permanent, | |
119 bool sensitive); | 131 bool sensitive); |
120 | 132 |
121 // Shared helper for CreateFromEncryptedPrivateKeyInfo() and | 133 // Shared helper for CreateFromEncryptedPrivateKeyInfo() and |
122 // CreateSensitiveFromEncryptedPrivateKeyInfo(). | 134 // CreateSensitiveFromEncryptedPrivateKeyInfo(). |
123 static ECPrivateKey* CreateFromEncryptedPrivateKeyInfoWithParams( | 135 static ECPrivateKey* CreateFromEncryptedPrivateKeyInfoWithParams( |
136 ScopedPK11Slot slot, | |
124 const std::string& password, | 137 const std::string& password, |
125 const std::vector<uint8>& encrypted_private_key_info, | 138 const std::vector<uint8>& encrypted_private_key_info, |
126 const std::vector<uint8>& subject_public_key_info, | 139 const std::vector<uint8>& subject_public_key_info, |
127 bool permanent, | 140 bool permanent, |
128 bool sensitive); | 141 bool sensitive); |
142 #endif | |
129 | 143 |
130 #if defined(USE_OPENSSL) | 144 #if defined(USE_OPENSSL) |
131 EVP_PKEY* key_; | 145 EVP_PKEY* key_; |
132 #else | 146 #else |
133 SECKEYPrivateKey* key_; | 147 SECKEYPrivateKey* key_; |
134 SECKEYPublicKey* public_key_; | 148 SECKEYPublicKey* public_key_; |
135 #endif | 149 #endif |
136 | 150 |
137 DISALLOW_COPY_AND_ASSIGN(ECPrivateKey); | 151 DISALLOW_COPY_AND_ASSIGN(ECPrivateKey); |
138 }; | 152 }; |
139 | 153 |
140 | 154 |
141 } // namespace crypto | 155 } // namespace crypto |
142 | 156 |
143 #endif // CRYPTO_EC_PRIVATE_KEY_H_ | 157 #endif // CRYPTO_EC_PRIVATE_KEY_H_ |
OLD | NEW |