crypto/ec_private_key.h

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef CRYPTO_EC_PRIVATE_KEY_H_
   6 #define CRYPTO_EC_PRIVATE_KEY_H_
   7
   8 #include <string>
   9 #include <vector>
  10
  11 #include "base/basictypes.h"
  12 #include "build/build_config.h"
  13 #include "crypto/crypto_export.h"
  14
  15 #if defined(USE_OPENSSL)
  16 // Forward declaration for openssl/*.h
  17 typedef struct evp_pkey_st EVP_PKEY;
  18 #else
  19 // Forward declaration.
  20 typedef struct CERTSubjectPublicKeyInfoStr CERTSubjectPublicKeyInfo;
  21 typedef struct PK11SlotInfoStr PK11SlotInfo;
  22 typedef struct SECKEYPrivateKeyStr SECKEYPrivateKey;
  23 typedef struct SECKEYPublicKeyStr SECKEYPublicKey;
  24 #endif
  25
  26 namespace crypto {
  27
  28 // Encapsulates an elliptic curve (EC) private key. Can be used to generate new
  29 // keys, export keys to other formats, or to extract a public key.
  30 // TODO(mattm): make this and RSAPrivateKey implement some PrivateKey interface.
  31 // (The difference in types of key() and public_key() make this a little
  32 // tricky.)
  33 class CRYPTO_EXPORT ECPrivateKey {
  34  public:
  35   ~ECPrivateKey();
  36
  37   // Returns whether the system supports elliptic curve cryptography.
  38   static bool IsSupported();
  39
  40   // Creates a new random instance. Can return NULL if initialization fails.
  41   // The created key will use the NIST P-256 curve.
  42   // TODO(mattm): Add a curve parameter.
  43   static ECPrivateKey* Create();
  44
  45   // Creates a new instance by importing an existing key pair.
  46   // The key pair is given as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo
  47   // block and an X.509 SubjectPublicKeyInfo block.
  48   // Returns NULL if initialization fails.
  49   static ECPrivateKey* CreateFromEncryptedPrivateKeyInfo(
  50       const std::string& password,
  51       const std::vector<uint8>& encrypted_private_key_info,
  52       const std::vector<uint8>& subject_public_key_info);
  53
  54 #if !defined(USE_OPENSSL)
  55   // Imports the key pair into |slot| and returns in |public_key| and |key|.
  56   // Shortcut for code that needs to keep a reference directly to NSS types
  57   // without having to create a ECPrivateKey object and make a copy of them.
  58   // TODO(mattm): move this function to some NSS util file.
  59   static bool ImportFromEncryptedPrivateKeyInfo(
  60       PK11SlotInfo* slot,
  61       const std::string& password,
  62       const uint8* encrypted_private_key_info,
  63       size_t encrypted_private_key_info_len,
  64       CERTSubjectPublicKeyInfo* decoded_spki,
  65       bool permanent,
  66       bool sensitive,
  67       SECKEYPrivateKey** key,
  68       SECKEYPublicKey** public_key);
  69 #endif
  70
  71   // Returns a copy of the object.
  72   ECPrivateKey* Copy() const;
  73
  74 #if defined(USE_OPENSSL)
  75   EVP_PKEY* key() { return key_; }
  76 #else
  77   SECKEYPrivateKey* key() { return key_; }
  78   SECKEYPublicKey* public_key() { return public_key_; }
  79 #endif
  80
  81   // Exports the private key as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo
  82   // block and the public key as an X.509 SubjectPublicKeyInfo block.
  83   // The |password| and |iterations| are used as inputs to the key derivation
  84   // function for generating the encryption key.  PKCS #5 recommends a minimum
  85   // of 1000 iterations, on modern systems a larger value may be preferrable.
  86   bool ExportEncryptedPrivateKey(const std::string& password,
  87                                  int iterations,
  88                                  std::vector<uint8>* output);
  89
  90   // Exports the public key to an X.509 SubjectPublicKeyInfo block.
  91   bool ExportPublicKey(std::vector<uint8>* output);
  92
  93   // Exports the public key as an EC point in the uncompressed point format.
  94   bool ExportRawPublicKey(std::string* output);
  95
  96   // Exports private key data for testing. The format of data stored into output
  97   // doesn't matter other than that it is consistent for the same key.
  98   bool ExportValue(std::vector<uint8>* output);
  99   bool ExportECParams(std::vector<uint8>* output);
 100
 101  private:
 102   // Constructor is private. Use one of the Create*() methods above instead.
 103   ECPrivateKey();
 104
 105 #if defined(USE_OPENSSL)
 106   EVP_PKEY* key_;
 107 #else
 108   SECKEYPrivateKey* key_;
 109   SECKEYPublicKey* public_key_;
 110 #endif
 111
 112   DISALLOW_COPY_AND_ASSIGN(ECPrivateKey);
 113 };
 114
 115
 116 }  // namespace crypto
 117
 118 #endif  // CRYPTO_EC_PRIVATE_KEY_H_