cc: Added inline to Tile::IsReadyToDraw
[chromium-blink-merge.git] / crypto / ec_private_key.h
blobd3f5b73af605ca0a064736271acf249df84f7f39
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CRYPTO_EC_PRIVATE_KEY_H_
6 #define CRYPTO_EC_PRIVATE_KEY_H_
8 #include <string>
9 #include <vector>
11 #include "base/basictypes.h"
12 #include "build/build_config.h"
13 #include "crypto/crypto_export.h"
15 #if defined(USE_OPENSSL)
16 // Forward declaration for openssl/*.h
17 typedef struct evp_pkey_st EVP_PKEY;
18 #else
19 // Forward declaration.
20 typedef struct CERTSubjectPublicKeyInfoStr CERTSubjectPublicKeyInfo;
21 typedef struct SECKEYPrivateKeyStr SECKEYPrivateKey;
22 typedef struct SECKEYPublicKeyStr SECKEYPublicKey;
23 #endif
25 namespace crypto {
27 // Encapsulates an elliptic curve (EC) private key. Can be used to generate new
28 // keys, export keys to other formats, or to extract a public key.
29 // TODO(mattm): make this and RSAPrivateKey implement some PrivateKey interface.
30 // (The difference in types of key() and public_key() make this a little
31 // tricky.)
32 class CRYPTO_EXPORT ECPrivateKey {
33 public:
34 ~ECPrivateKey();
36 // Returns whether the system supports elliptic curve cryptography.
37 static bool IsSupported();
39 // Creates a new random instance. Can return NULL if initialization fails.
40 // The created key will use the NIST P-256 curve.
41 // TODO(mattm): Add a curve parameter.
42 static ECPrivateKey* Create();
44 // Creates a new random instance. Can return NULL if initialization fails.
45 // The created key is permanent and is not exportable in plaintext form.
47 // NOTE: Currently only available if USE_NSS is defined.
48 static ECPrivateKey* CreateSensitive();
50 // Creates a new instance by importing an existing key pair.
51 // The key pair is given as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo
52 // block and an X.509 SubjectPublicKeyInfo block.
53 // Returns NULL if initialization fails.
54 static ECPrivateKey* CreateFromEncryptedPrivateKeyInfo(
55 const std::string& password,
56 const std::vector<uint8>& encrypted_private_key_info,
57 const std::vector<uint8>& subject_public_key_info);
59 // Creates a new instance by importing an existing key pair.
60 // The key pair is given as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo
61 // block and an X.509 SubjectPublicKeyInfo block.
62 // This can return NULL if initialization fails. The created key is permanent
63 // and is not exportable in plaintext form.
65 // NOTE: Currently only available if USE_NSS is defined.
66 static ECPrivateKey* CreateSensitiveFromEncryptedPrivateKeyInfo(
67 const std::string& password,
68 const std::vector<uint8>& encrypted_private_key_info,
69 const std::vector<uint8>& subject_public_key_info);
71 #if !defined(USE_OPENSSL)
72 // Imports the key pair and returns in |public_key| and |key|.
73 // Shortcut for code that needs to keep a reference directly to NSS types
74 // without having to create a ECPrivateKey object and make a copy of them.
75 // TODO(mattm): move this function to some NSS util file.
76 static bool ImportFromEncryptedPrivateKeyInfo(
77 const std::string& password,
78 const uint8* encrypted_private_key_info,
79 size_t encrypted_private_key_info_len,
80 CERTSubjectPublicKeyInfo* decoded_spki,
81 bool permanent,
82 bool sensitive,
83 SECKEYPrivateKey** key,
84 SECKEYPublicKey** public_key);
85 #endif
87 #if defined(USE_OPENSSL)
88 EVP_PKEY* key() { return key_; }
89 #else
90 SECKEYPrivateKey* key() { return key_; }
91 SECKEYPublicKey* public_key() { return public_key_; }
92 #endif
94 // Exports the private key as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo
95 // block and the public key as an X.509 SubjectPublicKeyInfo block.
96 // The |password| and |iterations| are used as inputs to the key derivation
97 // function for generating the encryption key. PKCS #5 recommends a minimum
98 // of 1000 iterations, on modern systems a larger value may be preferrable.
99 bool ExportEncryptedPrivateKey(const std::string& password,
100 int iterations,
101 std::vector<uint8>* output);
103 // Exports the public key to an X.509 SubjectPublicKeyInfo block.
104 bool ExportPublicKey(std::vector<uint8>* output);
106 // Exports private key data for testing. The format of data stored into output
107 // doesn't matter other than that it is consistent for the same key.
108 bool ExportValue(std::vector<uint8>* output);
109 bool ExportECParams(std::vector<uint8>* output);
111 private:
112 // Constructor is private. Use one of the Create*() methods above instead.
113 ECPrivateKey();
115 // Shared helper for Create() and CreateSensitive().
116 // TODO(cmasone): consider replacing |permanent| and |sensitive| with a
117 // flags arg created by ORing together some enumerated values.
118 static ECPrivateKey* CreateWithParams(bool permanent,
119 bool sensitive);
121 // Shared helper for CreateFromEncryptedPrivateKeyInfo() and
122 // CreateSensitiveFromEncryptedPrivateKeyInfo().
123 static ECPrivateKey* CreateFromEncryptedPrivateKeyInfoWithParams(
124 const std::string& password,
125 const std::vector<uint8>& encrypted_private_key_info,
126 const std::vector<uint8>& subject_public_key_info,
127 bool permanent,
128 bool sensitive);
130 #if defined(USE_OPENSSL)
131 EVP_PKEY* key_;
132 #else
133 SECKEYPrivateKey* key_;
134 SECKEYPublicKey* public_key_;
135 #endif
137 DISALLOW_COPY_AND_ASSIGN(ECPrivateKey);
141 } // namespace crypto
143 #endif // CRYPTO_EC_PRIVATE_KEY_H_