net/ssl/ssl_private_key.h

   1 // Copyright 2015 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef NET_SSL_SSL_PRIVATE_KEY_H_
   6 #define NET_SSL_SSL_PRIVATE_KEY_H_
   7
   8 #include <stdint.h>
   9
  10 #include <vector>
  11
  12 #include "base/callback_forward.h"
  13 #include "base/macros.h"
  14 #include "base/memory/scoped_ptr.h"
  15 #include "base/strings/string_piece.h"
  16 #include "net/base/net_errors.h"
  17
  18 namespace net {
  19
  20 // An interface for a private key for use with SSL client authentication.
  21 class SSLPrivateKey {
  22  public:
  23   using SignCallback = base::Callback<void(Error, const std::vector<uint8_t>&)>;
  24
  25   enum class Type {
  26     RSA,
  27     ECDSA,
  28   };
  29
  30   enum class Hash {
  31     MD5_SHA1,
  32     SHA1,
  33     SHA256,
  34     SHA384,
  35     SHA512,
  36   };
  37
  38   SSLPrivateKey() {}
  39   virtual ~SSLPrivateKey() {}
  40
  41   // Returns whether the key is an RSA key or an ECDSA key. Although the signing
  42   // interface is type-agnositic and type tags in interfaces are discouraged,
  43   // TLS has key-specific logic in selecting which hashes to sign. Exposing the
  44   // key type avoids replicating BoringSSL's TLS-specific logic in SSLPrivateKey
  45   // implementations and complicating the interface between Chromium and
  46   // BoringSSL.
  47   virtual Type GetType() = 0;
  48
  49   // Returns true if the key supports signing hashes of type |hash|.
  50   virtual bool SupportsHash(Hash hash) = 0;
  51
  52   // Returns the maximum size of a signature, in bytes. For an RSA key, this
  53   // must be the size of the modulus.
  54   virtual size_t GetMaxSignatureLengthInBytes() = 0;
  55
  56   // Asynchronously signs an |input| which was computed with the hash |hash|. On
  57   // completion, it calls |callback| with the signature or an error code if the
  58   // operation failed. For an RSA key, the signature is a PKCS#1 signature. The
  59   // SSLPrivateKey implementation is responsible for prepending the DigestInfo
  60   // prefix and adding PKCS#1 padding.
  61   virtual void SignDigest(Hash hash,
  62                           const base::StringPiece& input,
  63                           const SignCallback& callback) = 0;
  64
  65  private:
  66   DISALLOW_COPY_AND_ASSIGN(SSLPrivateKey);
  67 };
  68
  69 }  // namespace net
  70
  71 #endif  // NET_SSL_SSL_PRIVATE_KEY_H_