diff options
Diffstat (limited to 'crypto/ec_private_key.h')
-rw-r--r-- | crypto/ec_private_key.h | 124 |
1 files changed, 124 insertions, 0 deletions
diff --git a/crypto/ec_private_key.h b/crypto/ec_private_key.h new file mode 100644 index 0000000..0d287de --- /dev/null +++ b/crypto/ec_private_key.h @@ -0,0 +1,124 @@ +// Copyright (c) 2011 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef CRYPTO_EC_PRIVATE_KEY_H_ +#define CRYPTO_EC_PRIVATE_KEY_H_ +#pragma once + +#include <string> +#include <vector> + +#include "base/basictypes.h" +#include "build/build_config.h" +#include "crypto/crypto_export.h" + +#if defined(USE_OPENSSL) +// Forward declaration for openssl/*.h +typedef struct evp_pkey_st EVP_PKEY; +#else +// Forward declaration. +typedef struct SECKEYPrivateKeyStr SECKEYPrivateKey; +typedef struct SECKEYPublicKeyStr SECKEYPublicKey; +#endif + +namespace crypto { + +// Encapsulates an elliptic curve (EC) private key. Can be used to generate new +// keys, export keys to other formats, or to extract a public key. +// TODO(mattm): make this and RSAPrivateKey implement some PrivateKey interface. +// (The difference in types of key() and public_key() make this a little +// tricky.) +class CRYPTO_EXPORT ECPrivateKey { + public: + ~ECPrivateKey(); + + // Creates a new random instance. Can return NULL if initialization fails. + // The created key will use the NIST P-256 curve. + // TODO(mattm): Add a curve parameter. + static ECPrivateKey* Create(); + + // Creates a new random instance. Can return NULL if initialization fails. + // The created key is permanent and is not exportable in plaintext form. + // + // NOTE: Currently only available if USE_NSS is defined. + static ECPrivateKey* CreateSensitive(); + + // Creates a new instance by importing an existing key pair. + // The key pair is given as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo + // block and an X.509 SubjectPublicKeyInfo block. + // Returns NULL if initialization fails. + static ECPrivateKey* CreateFromEncryptedPrivateKeyInfo( + const std::string& password, + const std::vector<uint8>& encrypted_private_key_info, + const std::vector<uint8>& subject_public_key_info); + + // Creates a new instance by importing an existing key pair. + // The key pair is given as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo + // block and an X.509 SubjectPublicKeyInfo block. + // This can return NULL if initialization fails. The created key is permanent + // and is not exportable in plaintext form. + // + // NOTE: Currently only available if USE_NSS is defined. + static ECPrivateKey* CreateSensitiveFromEncryptedPrivateKeyInfo( + const std::string& password, + const std::vector<uint8>& encrypted_private_key_info, + const std::vector<uint8>& subject_public_key_info); + +#if defined(USE_OPENSSL) + EVP_PKEY* key() { return key_; } +#else + SECKEYPrivateKey* key() { return key_; } + SECKEYPublicKey* public_key() { return public_key_; } +#endif + + // Exports the private key as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo + // block and the public key as an X.509 SubjectPublicKeyInfo block. + // The |password| and |iterations| are used as inputs to the key derivation + // function for generating the encryption key. PKCS #5 recommends a minimum + // of 1000 iterations, on modern systems a larger value may be preferrable. + bool ExportEncryptedPrivateKey(const std::string& password, + int iterations, + std::vector<uint8>* output); + + // Exports the public key to an X.509 SubjectPublicKeyInfo block. + bool ExportPublicKey(std::vector<uint8>* output); + + // Exports private key data for testing. The format of data stored into output + // doesn't matter other than that it is consistent for the same key. + bool ExportValue(std::vector<uint8>* output); + bool ExportECParams(std::vector<uint8>* output); + + private: + // Constructor is private. Use one of the Create*() methods above instead. + ECPrivateKey(); + + // Shared helper for Create() and CreateSensitive(). + // TODO(cmasone): consider replacing |permanent| and |sensitive| with a + // flags arg created by ORing together some enumerated values. + static ECPrivateKey* CreateWithParams(bool permanent, + bool sensitive); + + // Shared helper for CreateFromEncryptedPrivateKeyInfo() and + // CreateSensitiveFromEncryptedPrivateKeyInfo(). + static ECPrivateKey* CreateFromEncryptedPrivateKeyInfoWithParams( + const std::string& password, + const std::vector<uint8>& encrypted_private_key_info, + const std::vector<uint8>& subject_public_key_info, + bool permanent, + bool sensitive); + +#if defined(USE_OPENSSL) + EVP_PKEY* key_; +#else + SECKEYPrivateKey* key_; + SECKEYPublicKey* public_key_; +#endif + + DISALLOW_COPY_AND_ASSIGN(ECPrivateKey); +}; + + +} // namespace crypto + +#endif // CRYPTO_EC_PRIVATE_KEY_H_ |