1 // Copyright 2015 The Chromium Authors 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef NET_SSL_SSL_PLATFORM_KEY_UTIL_H_ 6 #define NET_SSL_SSL_PLATFORM_KEY_UTIL_H_ 7 8 #include <stddef.h> 9 #include <stdint.h> 10 11 #include <vector> 12 13 #include "base/containers/span.h" 14 #include "base/memory/scoped_refptr.h" 15 #include "base/task/single_thread_task_runner.h" 16 #include "net/base/net_export.h" 17 #include "third_party/abseil-cpp/absl/types/optional.h" 18 #include "third_party/boringssl/src/include/openssl/base.h" 19 20 namespace net { 21 22 class X509Certificate; 23 24 // Returns a task runner to serialize all private key operations on a single 25 // background thread to avoid problems with buggy smartcards. Its underlying 26 // Thread is non-joinable and as such provides 27 // TaskShutdownBehavior::CONTINUE_ON_SHUTDOWN semantics. 28 NET_EXPORT_PRIVATE scoped_refptr<base::SingleThreadTaskRunner> 29 GetSSLPlatformKeyTaskRunner(); 30 31 // Returns the public key of |certificate| as an |EVP_PKEY| or nullptr on error. 32 bssl::UniquePtr<EVP_PKEY> GetClientCertPublicKey( 33 const X509Certificate* certificate); 34 35 // Determines the key type and maximum signature length of |certificate|'s 36 // public key. |*out_type| will be set to one of the |EVP_PKEY_*| values from 37 // BoringSSL. 38 NET_EXPORT_PRIVATE bool GetClientCertInfo(const X509Certificate* certificate, 39 int* out_type, 40 size_t* out_max_length); 41 42 // Returns the encoded form of |digest| for use with RSA-PSS with |pubkey|, 43 // using |md| as the hash function and MGF-1 function, and the digest size of 44 // |md| as the salt length. 45 absl::optional<std::vector<uint8_t>> AddPSSPadding( 46 EVP_PKEY* pubkey, 47 const EVP_MD* md, 48 base::span<const uint8_t> digest); 49 50 } // namespace net 51 52 #endif // NET_SSL_SSL_PLATFORM_KEY_UTIL_H_ 53