NaCl: Remove reliance on "init_done" SRPC call in the non-PNaCl case (2nd try)
[chromium-blink-merge.git] / crypto / ec_private_key.h
blob9fd8ffdfb62230ac2dac10afb56818baba96bd8e
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CRYPTO_EC_PRIVATE_KEY_H_
6 #define CRYPTO_EC_PRIVATE_KEY_H_
8 #include <string>
9 #include <vector>
11 #include "base/basictypes.h"
12 #include "build/build_config.h"
13 #include "crypto/crypto_export.h"
15 #if defined(USE_OPENSSL)
16 // Forward declaration for openssl/*.h
17 typedef struct evp_pkey_st EVP_PKEY;
18 #else
19 // Forward declaration.
20 typedef struct CERTSubjectPublicKeyInfoStr CERTSubjectPublicKeyInfo;
21 typedef struct PK11SlotInfoStr PK11SlotInfo;
22 typedef struct SECKEYPrivateKeyStr SECKEYPrivateKey;
23 typedef struct SECKEYPublicKeyStr SECKEYPublicKey;
24 #endif
26 namespace crypto {
28 // Encapsulates an elliptic curve (EC) private key. Can be used to generate new
29 // keys, export keys to other formats, or to extract a public key.
30 // TODO(mattm): make this and RSAPrivateKey implement some PrivateKey interface.
31 // (The difference in types of key() and public_key() make this a little
32 // tricky.)
33 class CRYPTO_EXPORT ECPrivateKey {
34 public:
35 ~ECPrivateKey();
37 // Returns whether the system supports elliptic curve cryptography.
38 static bool IsSupported();
40 // Creates a new random instance. Can return NULL if initialization fails.
41 // The created key will use the NIST P-256 curve.
42 // TODO(mattm): Add a curve parameter.
43 static ECPrivateKey* Create();
45 #if defined(USE_NSS)
46 // Creates a new random instance in |slot|. Can return NULL if initialization
47 // fails. The created key is permanent and is not exportable in plaintext
48 // form.
49 static ECPrivateKey* CreateSensitive(PK11SlotInfo* slot);
50 #endif
52 // Creates a new instance by importing an existing key pair.
53 // The key pair is given as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo
54 // block and an X.509 SubjectPublicKeyInfo block.
55 // Returns NULL if initialization fails.
56 static ECPrivateKey* CreateFromEncryptedPrivateKeyInfo(
57 const std::string& password,
58 const std::vector<uint8>& encrypted_private_key_info,
59 const std::vector<uint8>& subject_public_key_info);
61 #if defined(USE_NSS)
62 // Creates a new instance in |slot| by importing an existing key pair.
63 // The key pair is given as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo
64 // block and an X.509 SubjectPublicKeyInfo block.
65 // This can return NULL if initialization fails. The created key is permanent
66 // and is not exportable in plaintext form.
67 static ECPrivateKey* CreateSensitiveFromEncryptedPrivateKeyInfo(
68 PK11SlotInfo* slot,
69 const std::string& password,
70 const std::vector<uint8>& encrypted_private_key_info,
71 const std::vector<uint8>& subject_public_key_info);
72 #endif
74 #if !defined(USE_OPENSSL)
75 // Imports the key pair into |slot| and returns in |public_key| and |key|.
76 // Shortcut for code that needs to keep a reference directly to NSS types
77 // without having to create a ECPrivateKey object and make a copy of them.
78 // TODO(mattm): move this function to some NSS util file.
79 static bool ImportFromEncryptedPrivateKeyInfo(
80 PK11SlotInfo* slot,
81 const std::string& password,
82 const uint8* encrypted_private_key_info,
83 size_t encrypted_private_key_info_len,
84 CERTSubjectPublicKeyInfo* decoded_spki,
85 bool permanent,
86 bool sensitive,
87 SECKEYPrivateKey** key,
88 SECKEYPublicKey** public_key);
90 // Returns a copy of the object.
91 ECPrivateKey* Copy() const;
92 #endif
94 #if defined(USE_OPENSSL)
95 EVP_PKEY* key() { return key_; }
96 #else
97 SECKEYPrivateKey* key() { return key_; }
98 SECKEYPublicKey* public_key() { return public_key_; }
99 #endif
101 // Exports the private key as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo
102 // block and the public key as an X.509 SubjectPublicKeyInfo block.
103 // The |password| and |iterations| are used as inputs to the key derivation
104 // function for generating the encryption key. PKCS #5 recommends a minimum
105 // of 1000 iterations, on modern systems a larger value may be preferrable.
106 bool ExportEncryptedPrivateKey(const std::string& password,
107 int iterations,
108 std::vector<uint8>* output);
110 // Exports the public key to an X.509 SubjectPublicKeyInfo block.
111 bool ExportPublicKey(std::vector<uint8>* output);
113 // Exports the public key as an EC point in the uncompressed point format.
114 bool ExportRawPublicKey(std::string* output);
116 // Exports private key data for testing. The format of data stored into output
117 // doesn't matter other than that it is consistent for the same key.
118 bool ExportValue(std::vector<uint8>* output);
119 bool ExportECParams(std::vector<uint8>* output);
121 private:
122 // Constructor is private. Use one of the Create*() methods above instead.
123 ECPrivateKey();
125 #if !defined(USE_OPENSSL)
126 // Shared helper for Create() and CreateSensitive().
127 // TODO(cmasone): consider replacing |permanent| and |sensitive| with a
128 // flags arg created by ORing together some enumerated values.
129 static ECPrivateKey* CreateWithParams(PK11SlotInfo* slot,
130 bool permanent,
131 bool sensitive);
133 // Shared helper for CreateFromEncryptedPrivateKeyInfo() and
134 // CreateSensitiveFromEncryptedPrivateKeyInfo().
135 static ECPrivateKey* CreateFromEncryptedPrivateKeyInfoWithParams(
136 PK11SlotInfo* slot,
137 const std::string& password,
138 const std::vector<uint8>& encrypted_private_key_info,
139 const std::vector<uint8>& subject_public_key_info,
140 bool permanent,
141 bool sensitive);
142 #endif
144 #if defined(USE_OPENSSL)
145 EVP_PKEY* key_;
146 #else
147 SECKEYPrivateKey* key_;
148 SECKEYPublicKey* public_key_;
149 #endif
151 DISALLOW_COPY_AND_ASSIGN(ECPrivateKey);
155 } // namespace crypto
157 #endif // CRYPTO_EC_PRIVATE_KEY_H_