1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CRYPTO_EC_PRIVATE_KEY_H_ 6 #define CRYPTO_EC_PRIVATE_KEY_H_ 7 8 #include <stddef.h> 9 #include <stdint.h> 10 11 #include <string> 12 #include <vector> 13 14 #include "base/macros.h" 15 #include "build/build_config.h" 16 #include "crypto/crypto_export.h" 17 18 #if defined(USE_OPENSSL) 19 // Forward declaration for openssl/*.h 20 typedef struct evp_pkey_st EVP_PKEY; 21 #else 22 // Forward declaration. 23 typedef struct CERTSubjectPublicKeyInfoStr CERTSubjectPublicKeyInfo; 24 typedef struct PK11SlotInfoStr PK11SlotInfo; 25 typedef struct SECKEYPrivateKeyStr SECKEYPrivateKey; 26 typedef struct SECKEYPublicKeyStr SECKEYPublicKey; 27 #endif 28 29 namespace crypto { 30 31 // Encapsulates an elliptic curve (EC) private key. Can be used to generate new 32 // keys, export keys to other formats, or to extract a public key. 33 // TODO(mattm): make this and RSAPrivateKey implement some PrivateKey interface. 34 // (The difference in types of key() and public_key() make this a little 35 // tricky.) 36 class CRYPTO_EXPORT ECPrivateKey { 37 public: 38 ~ECPrivateKey(); 39 40 // Creates a new random instance. Can return NULL if initialization fails. 41 // The created key will use the NIST P-256 curve. 42 // TODO(mattm): Add a curve parameter. 43 static ECPrivateKey* Create(); 44 45 // Creates a new instance by importing an existing key pair. 46 // The key pair is given as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo 47 // block and an X.509 SubjectPublicKeyInfo block. 48 // Returns NULL if initialization fails. 49 static ECPrivateKey* CreateFromEncryptedPrivateKeyInfo( 50 const std::string& password, 51 const std::vector<uint8_t>& encrypted_private_key_info, 52 const std::vector<uint8_t>& subject_public_key_info); 53 54 #if !defined(USE_OPENSSL) 55 // Imports the key pair into |slot| and returns in |public_key| and |key|. 56 // Shortcut for code that needs to keep a reference directly to NSS types 57 // without having to create a ECPrivateKey object and make a copy of them. 58 // TODO(mattm): move this function to some NSS util file. 59 static bool ImportFromEncryptedPrivateKeyInfo( 60 PK11SlotInfo* slot, 61 const std::string& password, 62 const uint8_t* encrypted_private_key_info, 63 size_t encrypted_private_key_info_len, 64 CERTSubjectPublicKeyInfo* decoded_spki, 65 bool permanent, 66 bool sensitive, 67 SECKEYPrivateKey** key, 68 SECKEYPublicKey** public_key); 69 #endif 70 71 // Returns a copy of the object. 72 ECPrivateKey* Copy() const; 73 74 #if defined(USE_OPENSSL) key()75 EVP_PKEY* key() { return key_; } 76 #else key()77 SECKEYPrivateKey* key() { return key_; } public_key()78 SECKEYPublicKey* public_key() { return public_key_; } 79 #endif 80 81 // Exports the private key as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo 82 // block and the public key as an X.509 SubjectPublicKeyInfo block. 83 // The |password| and |iterations| are used as inputs to the key derivation 84 // function for generating the encryption key. PKCS #5 recommends a minimum 85 // of 1000 iterations, on modern systems a larger value may be preferrable. 86 bool ExportEncryptedPrivateKey(const std::string& password, 87 int iterations, 88 std::vector<uint8_t>* output); 89 90 // Exports the public key to an X.509 SubjectPublicKeyInfo block. 91 bool ExportPublicKey(std::vector<uint8_t>* output); 92 93 // Exports the public key as an EC point in the uncompressed point format. 94 bool ExportRawPublicKey(std::string* output); 95 96 // Exports private key data for testing. The format of data stored into output 97 // doesn't matter other than that it is consistent for the same key. 98 bool ExportValue(std::vector<uint8_t>* output); 99 bool ExportECParams(std::vector<uint8_t>* output); 100 101 private: 102 // Constructor is private. Use one of the Create*() methods above instead. 103 ECPrivateKey(); 104 105 #if defined(USE_OPENSSL) 106 EVP_PKEY* key_; 107 #else 108 SECKEYPrivateKey* key_; 109 SECKEYPublicKey* public_key_; 110 #endif 111 112 DISALLOW_COPY_AND_ASSIGN(ECPrivateKey); 113 }; 114 115 116 } // namespace crypto 117 118 #endif // CRYPTO_EC_PRIVATE_KEY_H_ 119