crypto/ec_private_key.h

   1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef CRYPTO_EC_PRIVATE_KEY_H_
   6 #define CRYPTO_EC_PRIVATE_KEY_H_
   7 #pragma once
   8
   9 #include <string>
  10 #include <vector>
  11
  12 #include "base/basictypes.h"
  13 #include "build/build_config.h"
  14 #include "crypto/crypto_export.h"
  15
  16 #if defined(USE_OPENSSL)
  17 // Forward declaration for openssl/*.h
  18 typedef struct evp_pkey_st EVP_PKEY;
  19 #else
  20 // Forward declaration.
  21 typedef struct CERTSubjectPublicKeyInfoStr CERTSubjectPublicKeyInfo;
  22 typedef struct SECKEYPrivateKeyStr SECKEYPrivateKey;
  23 typedef struct SECKEYPublicKeyStr SECKEYPublicKey;
  24 #endif
  25
  26 namespace crypto {
  27
  28 // Encapsulates an elliptic curve (EC) private key. Can be used to generate new
  29 // keys, export keys to other formats, or to extract a public key.
  30 // TODO(mattm): make this and RSAPrivateKey implement some PrivateKey interface.
  31 // (The difference in types of key() and public_key() make this a little
  32 // tricky.)
  33 class CRYPTO_EXPORT ECPrivateKey {
  34  public:
  35   ~ECPrivateKey();
  36
  37   // Creates a new random instance. Can return NULL if initialization fails.
  38   // The created key will use the NIST P-256 curve.
  39   // TODO(mattm): Add a curve parameter.
  40   static ECPrivateKey* Create();
  41
  42   // Creates a new random instance. Can return NULL if initialization fails.
  43   // The created key is permanent and is not exportable in plaintext form.
  44   //
  45   // NOTE: Currently only available if USE_NSS is defined.
  46   static ECPrivateKey* CreateSensitive();
  47
  48   // Creates a new instance by importing an existing key pair.
  49   // The key pair is given as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo
  50   // block and an X.509 SubjectPublicKeyInfo block.
  51   // Returns NULL if initialization fails.
  52   static ECPrivateKey* CreateFromEncryptedPrivateKeyInfo(
  53       const std::string& password,
  54       const std::vector<uint8>& encrypted_private_key_info,
  55       const std::vector<uint8>& subject_public_key_info);
  56
  57   // Creates a new instance by importing an existing key pair.
  58   // The key pair is given as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo
  59   // block and an X.509 SubjectPublicKeyInfo block.
  60   // This can return NULL if initialization fails.  The created key is permanent
  61   // and is not exportable in plaintext form.
  62   //
  63   // NOTE: Currently only available if USE_NSS is defined.
  64   static ECPrivateKey* CreateSensitiveFromEncryptedPrivateKeyInfo(
  65       const std::string& password,
  66       const std::vector<uint8>& encrypted_private_key_info,
  67       const std::vector<uint8>& subject_public_key_info);
  68
  69 #if !defined(USE_OPENSSL)
  70   // Imports the key pair and returns in |public_key| and |key|.
  71   // Shortcut for code that needs to keep a reference directly to NSS types
  72   // without having to create a ECPrivateKey object and make a copy of them.
  73   // TODO(mattm): move this function to some NSS util file.
  74   static bool ImportFromEncryptedPrivateKeyInfo(
  75       const std::string& password,
  76       const uint8* encrypted_private_key_info,
  77       size_t encrypted_private_key_info_len,
  78       CERTSubjectPublicKeyInfo* decoded_spki,
  79       bool permanent,
  80       bool sensitive,
  81       SECKEYPrivateKey** key,
  82       SECKEYPublicKey** public_key);
  83 #endif
  84
  85 #if defined(USE_OPENSSL)
  86   EVP_PKEY* key() { return key_; }
  87 #else
  88   SECKEYPrivateKey* key() { return key_; }
  89   SECKEYPublicKey* public_key() { return public_key_; }
  90 #endif
  91
  92   // Exports the private key as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo
  93   // block and the public key as an X.509 SubjectPublicKeyInfo block.
  94   // The |password| and |iterations| are used as inputs to the key derivation
  95   // function for generating the encryption key.  PKCS #5 recommends a minimum
  96   // of 1000 iterations, on modern systems a larger value may be preferrable.
  97   bool ExportEncryptedPrivateKey(const std::string& password,
  98                                  int iterations,
  99                                  std::vector<uint8>* output);
 100
 101   // Exports the public key to an X.509 SubjectPublicKeyInfo block.
 102   bool ExportPublicKey(std::vector<uint8>* output);
 103
 104   // Exports private key data for testing. The format of data stored into output
 105   // doesn't matter other than that it is consistent for the same key.
 106   bool ExportValue(std::vector<uint8>* output);
 107   bool ExportECParams(std::vector<uint8>* output);
 108
 109  private:
 110   // Constructor is private. Use one of the Create*() methods above instead.
 111   ECPrivateKey();
 112
 113   // Shared helper for Create() and CreateSensitive().
 114   // TODO(cmasone): consider replacing |permanent| and |sensitive| with a
 115   //                flags arg created by ORing together some enumerated values.
 116   static ECPrivateKey* CreateWithParams(bool permanent,
 117                                         bool sensitive);
 118
 119   // Shared helper for CreateFromEncryptedPrivateKeyInfo() and
 120   // CreateSensitiveFromEncryptedPrivateKeyInfo().
 121   static ECPrivateKey* CreateFromEncryptedPrivateKeyInfoWithParams(
 122       const std::string& password,
 123       const std::vector<uint8>& encrypted_private_key_info,
 124       const std::vector<uint8>& subject_public_key_info,
 125       bool permanent,
 126       bool sensitive);
 127
 128 #if defined(USE_OPENSSL)
 129   EVP_PKEY* key_;
 130 #else
 131   SECKEYPrivateKey* key_;
 132   SECKEYPublicKey* public_key_;
 133 #endif
 134
 135   DISALLOW_COPY_AND_ASSIGN(ECPrivateKey);
 136 };
 137
 138
 139 }  // namespace crypto
 140
 141 #endif  // CRYPTO_EC_PRIVATE_KEY_H_