1 // Copyright 2015 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CRYPTO_NSS_KEY_UTIL_H_ 6 #define CRYPTO_NSS_KEY_UTIL_H_ 7 8 #include <stdint.h> 9 10 #include <vector> 11 12 #include "build/build_config.h" 13 #include "crypto/crypto_export.h" 14 #include "crypto/scoped_nss_types.h" 15 16 typedef struct PK11SlotInfoStr PK11SlotInfo; 17 18 namespace crypto { 19 20 // Generates a new RSA keypair of size |num_bits| in |slot|. Returns true on 21 // success and false on failure. If |permanent| is true, the resulting key is 22 // permanent and is not exportable in plaintext form. 23 CRYPTO_EXPORT bool GenerateRSAKeyPairNSS( 24 PK11SlotInfo* slot, 25 uint16_t num_bits, 26 bool permanent, 27 ScopedSECKEYPublicKey* out_public_key, 28 ScopedSECKEYPrivateKey* out_private_key); 29 30 // Imports a private key from |input| into |slot|. |input| is interpreted as a 31 // DER-encoded PrivateKeyInfo block from PKCS #8. Returns nullptr on error. If 32 // |permanent| is true, the resulting key is permanent and is not exportable in 33 // plaintext form. 34 CRYPTO_EXPORT ScopedSECKEYPrivateKey 35 ImportNSSKeyFromPrivateKeyInfo(PK11SlotInfo* slot, 36 const std::vector<uint8_t>& input, 37 bool permanent); 38 39 #if defined(USE_NSS_CERTS) 40 41 // Decodes |input| as a DER-encoded X.509 SubjectPublicKeyInfo and searches for 42 // the private key half in the key database. Returns the private key on success 43 // or nullptr on error. 44 CRYPTO_EXPORT ScopedSECKEYPrivateKey 45 FindNSSKeyFromPublicKeyInfo(const std::vector<uint8_t>& input); 46 47 // Decodes |input| as a DER-encoded X.509 SubjectPublicKeyInfo and searches for 48 // the private key half in the slot specified by |slot|. Returns the private key 49 // on success or nullptr on error. 50 CRYPTO_EXPORT ScopedSECKEYPrivateKey 51 FindNSSKeyFromPublicKeyInfoInSlot(const std::vector<uint8_t>& input, 52 PK11SlotInfo* slot); 53 54 #endif // defined(USE_NSS_CERTS) 55 56 } // namespace crypto 57 58 #endif // CRYPTO_NSS_KEY_UTIL_H_ 59