| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #ifndef CRYPTO_EC_PRIVATE_KEY_H_ | |
| 6 #define CRYPTO_EC_PRIVATE_KEY_H_ | |
| 7 | |
| 8 #include <string> | |
| 9 #include <vector> | |
| 10 | |
| 11 #include "base/basictypes.h" | |
| 12 #include "build/build_config.h" | |
| 13 #include "crypto/crypto_export.h" | |
| 14 | |
| 15 #if defined(USE_OPENSSL) | |
| 16 // Forward declaration for openssl/*.h | |
| 17 typedef struct evp_pkey_st EVP_PKEY; | |
| 18 #else | |
| 19 // Forward declaration. | |
| 20 typedef struct CERTSubjectPublicKeyInfoStr CERTSubjectPublicKeyInfo; | |
| 21 typedef struct PK11SlotInfoStr PK11SlotInfo; | |
| 22 typedef struct SECKEYPrivateKeyStr SECKEYPrivateKey; | |
| 23 typedef struct SECKEYPublicKeyStr SECKEYPublicKey; | |
| 24 #endif | |
| 25 | |
| 26 namespace crypto { | |
| 27 | |
| 28 // Encapsulates an elliptic curve (EC) private key. Can be used to generate new | |
| 29 // keys, export keys to other formats, or to extract a public key. | |
| 30 // TODO(mattm): make this and RSAPrivateKey implement some PrivateKey interface. | |
| 31 // (The difference in types of key() and public_key() make this a little | |
| 32 // tricky.) | |
| 33 class CRYPTO_EXPORT ECPrivateKey { | |
| 34 public: | |
| 35 ~ECPrivateKey(); | |
| 36 | |
| 37 // Returns whether the system supports elliptic curve cryptography. | |
| 38 static bool IsSupported(); | |
| 39 | |
| 40 // Creates a new random instance. Can return NULL if initialization fails. | |
| 41 // The created key will use the NIST P-256 curve. | |
| 42 // TODO(mattm): Add a curve parameter. | |
| 43 static ECPrivateKey* Create(); | |
| 44 | |
| 45 #if defined(USE_NSS) | |
| 46 // Creates a new random instance in |slot|. Can return NULL if initialization | |
| 47 // fails. The created key is permanent and is not exportable in plaintext | |
| 48 // form. | |
| 49 static ECPrivateKey* CreateSensitive(PK11SlotInfo* slot); | |
| 50 #endif | |
| 51 | |
| 52 // Creates a new instance by importing an existing key pair. | |
| 53 // The key pair is given as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo | |
| 54 // block and an X.509 SubjectPublicKeyInfo block. | |
| 55 // Returns NULL if initialization fails. | |
| 56 static ECPrivateKey* CreateFromEncryptedPrivateKeyInfo( | |
| 57 const std::string& password, | |
| 58 const std::vector<uint8>& encrypted_private_key_info, | |
| 59 const std::vector<uint8>& subject_public_key_info); | |
| 60 | |
| 61 #if defined(USE_NSS) | |
| 62 // Creates a new instance in |slot| by importing an existing key pair. | |
| 63 // The key pair is given as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo | |
| 64 // block and an X.509 SubjectPublicKeyInfo block. | |
| 65 // This can return NULL if initialization fails. The created key is permanent | |
| 66 // and is not exportable in plaintext form. | |
| 67 static ECPrivateKey* CreateSensitiveFromEncryptedPrivateKeyInfo( | |
| 68 PK11SlotInfo* slot, | |
| 69 const std::string& password, | |
| 70 const std::vector<uint8>& encrypted_private_key_info, | |
| 71 const std::vector<uint8>& subject_public_key_info); | |
| 72 #endif | |
| 73 | |
| 74 #if !defined(USE_OPENSSL) | |
| 75 // Imports the key pair into |slot| and returns in |public_key| and |key|. | |
| 76 // Shortcut for code that needs to keep a reference directly to NSS types | |
| 77 // without having to create a ECPrivateKey object and make a copy of them. | |
| 78 // TODO(mattm): move this function to some NSS util file. | |
| 79 static bool ImportFromEncryptedPrivateKeyInfo( | |
| 80 PK11SlotInfo* slot, | |
| 81 const std::string& password, | |
| 82 const uint8* encrypted_private_key_info, | |
| 83 size_t encrypted_private_key_info_len, | |
| 84 CERTSubjectPublicKeyInfo* decoded_spki, | |
| 85 bool permanent, | |
| 86 bool sensitive, | |
| 87 SECKEYPrivateKey** key, | |
| 88 SECKEYPublicKey** public_key); | |
| 89 | |
| 90 // Returns a copy of the object. | |
| 91 ECPrivateKey* Copy() const; | |
| 92 #endif | |
| 93 | |
| 94 #if defined(USE_OPENSSL) | |
| 95 EVP_PKEY* key() { return key_; } | |
| 96 #else | |
| 97 SECKEYPrivateKey* key() { return key_; } | |
| 98 SECKEYPublicKey* public_key() { return public_key_; } | |
| 99 #endif | |
| 100 | |
| 101 // Exports the private key as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo | |
| 102 // block and the public key as an X.509 SubjectPublicKeyInfo block. | |
| 103 // The |password| and |iterations| are used as inputs to the key derivation | |
| 104 // function for generating the encryption key. PKCS #5 recommends a minimum | |
| 105 // of 1000 iterations, on modern systems a larger value may be preferrable. | |
| 106 bool ExportEncryptedPrivateKey(const std::string& password, | |
| 107 int iterations, | |
| 108 std::vector<uint8>* output); | |
| 109 | |
| 110 // Exports the public key to an X.509 SubjectPublicKeyInfo block. | |
| 111 bool ExportPublicKey(std::vector<uint8>* output); | |
| 112 | |
| 113 // Exports the public key as an EC point in the uncompressed point format. | |
| 114 bool ExportRawPublicKey(std::string* output); | |
| 115 | |
| 116 // Exports private key data for testing. The format of data stored into output | |
| 117 // doesn't matter other than that it is consistent for the same key. | |
| 118 bool ExportValue(std::vector<uint8>* output); | |
| 119 bool ExportECParams(std::vector<uint8>* output); | |
| 120 | |
| 121 private: | |
| 122 // Constructor is private. Use one of the Create*() methods above instead. | |
| 123 ECPrivateKey(); | |
| 124 | |
| 125 #if !defined(USE_OPENSSL) | |
| 126 // Shared helper for Create() and CreateSensitive(). | |
| 127 // TODO(cmasone): consider replacing |permanent| and |sensitive| with a | |
| 128 // flags arg created by ORing together some enumerated values. | |
| 129 static ECPrivateKey* CreateWithParams(PK11SlotInfo* slot, | |
| 130 bool permanent, | |
| 131 bool sensitive); | |
| 132 | |
| 133 // Shared helper for CreateFromEncryptedPrivateKeyInfo() and | |
| 134 // CreateSensitiveFromEncryptedPrivateKeyInfo(). | |
| 135 static ECPrivateKey* CreateFromEncryptedPrivateKeyInfoWithParams( | |
| 136 PK11SlotInfo* slot, | |
| 137 const std::string& password, | |
| 138 const std::vector<uint8>& encrypted_private_key_info, | |
| 139 const std::vector<uint8>& subject_public_key_info, | |
| 140 bool permanent, | |
| 141 bool sensitive); | |
| 142 #endif | |
| 143 | |
| 144 #if defined(USE_OPENSSL) | |
| 145 EVP_PKEY* key_; | |
| 146 #else | |
| 147 SECKEYPrivateKey* key_; | |
| 148 SECKEYPublicKey* public_key_; | |
| 149 #endif | |
| 150 | |
| 151 DISALLOW_COPY_AND_ASSIGN(ECPrivateKey); | |
| 152 }; | |
| 153 | |
| 154 | |
| 155 } // namespace crypto | |
| 156 | |
| 157 #endif // CRYPTO_EC_PRIVATE_KEY_H_ | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 956613002:
Reland "Cut down /crypto and switch what is left of it to boringssl". (Closed)
Base URL: git@github.com:domokit/mojo.git@master