• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef CRYPTO_EC_PRIVATE_KEY_H_
6 #define CRYPTO_EC_PRIVATE_KEY_H_
7 
8 #include <stddef.h>
9 #include <stdint.h>
10 
11 #include <string>
12 #include <vector>
13 
14 #include "base/macros.h"
15 #include "build/build_config.h"
16 #include "crypto/crypto_export.h"
17 
18 #if defined(USE_OPENSSL)
19 // Forward declaration for openssl/*.h
20 typedef struct evp_pkey_st EVP_PKEY;
21 #else
22 // Forward declaration.
23 typedef struct CERTSubjectPublicKeyInfoStr CERTSubjectPublicKeyInfo;
24 typedef struct PK11SlotInfoStr PK11SlotInfo;
25 typedef struct SECKEYPrivateKeyStr SECKEYPrivateKey;
26 typedef struct SECKEYPublicKeyStr SECKEYPublicKey;
27 #endif
28 
29 namespace crypto {
30 
31 // Encapsulates an elliptic curve (EC) private key. Can be used to generate new
32 // keys, export keys to other formats, or to extract a public key.
33 // TODO(mattm): make this and RSAPrivateKey implement some PrivateKey interface.
34 // (The difference in types of key() and public_key() make this a little
35 // tricky.)
36 class CRYPTO_EXPORT ECPrivateKey {
37  public:
38   ~ECPrivateKey();
39 
40   // Creates a new random instance. Can return NULL if initialization fails.
41   // The created key will use the NIST P-256 curve.
42   // TODO(mattm): Add a curve parameter.
43   static ECPrivateKey* Create();
44 
45   // Creates a new instance by importing an existing key pair.
46   // The key pair is given as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo
47   // block and an X.509 SubjectPublicKeyInfo block.
48   // Returns NULL if initialization fails.
49   static ECPrivateKey* CreateFromEncryptedPrivateKeyInfo(
50       const std::string& password,
51       const std::vector<uint8_t>& encrypted_private_key_info,
52       const std::vector<uint8_t>& subject_public_key_info);
53 
54 #if !defined(USE_OPENSSL)
55   // Imports the key pair into |slot| and returns in |public_key| and |key|.
56   // Shortcut for code that needs to keep a reference directly to NSS types
57   // without having to create a ECPrivateKey object and make a copy of them.
58   // TODO(mattm): move this function to some NSS util file.
59   static bool ImportFromEncryptedPrivateKeyInfo(
60       PK11SlotInfo* slot,
61       const std::string& password,
62       const uint8_t* encrypted_private_key_info,
63       size_t encrypted_private_key_info_len,
64       CERTSubjectPublicKeyInfo* decoded_spki,
65       bool permanent,
66       bool sensitive,
67       SECKEYPrivateKey** key,
68       SECKEYPublicKey** public_key);
69 #endif
70 
71   // Returns a copy of the object.
72   ECPrivateKey* Copy() const;
73 
74 #if defined(USE_OPENSSL)
key()75   EVP_PKEY* key() { return key_; }
76 #else
key()77   SECKEYPrivateKey* key() { return key_; }
public_key()78   SECKEYPublicKey* public_key() { return public_key_; }
79 #endif
80 
81   // Exports the private key as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo
82   // block and the public key as an X.509 SubjectPublicKeyInfo block.
83   // The |password| and |iterations| are used as inputs to the key derivation
84   // function for generating the encryption key.  PKCS #5 recommends a minimum
85   // of 1000 iterations, on modern systems a larger value may be preferrable.
86   bool ExportEncryptedPrivateKey(const std::string& password,
87                                  int iterations,
88                                  std::vector<uint8_t>* output);
89 
90   // Exports the public key to an X.509 SubjectPublicKeyInfo block.
91   bool ExportPublicKey(std::vector<uint8_t>* output);
92 
93   // Exports the public key as an EC point in the uncompressed point format.
94   bool ExportRawPublicKey(std::string* output);
95 
96   // Exports private key data for testing. The format of data stored into output
97   // doesn't matter other than that it is consistent for the same key.
98   bool ExportValue(std::vector<uint8_t>* output);
99   bool ExportECParams(std::vector<uint8_t>* output);
100 
101  private:
102   // Constructor is private. Use one of the Create*() methods above instead.
103   ECPrivateKey();
104 
105 #if defined(USE_OPENSSL)
106   EVP_PKEY* key_;
107 #else
108   SECKEYPrivateKey* key_;
109   SECKEYPublicKey* public_key_;
110 #endif
111 
112   DISALLOW_COPY_AND_ASSIGN(ECPrivateKey);
113 };
114 
115 
116 }  // namespace crypto
117 
118 #endif  // CRYPTO_EC_PRIVATE_KEY_H_
119