cros: Update SAML flow.
[chromium-blink-merge.git] / crypto / ec_private_key.h
blob28701635d50b21ea8143a7af233639a2c8fc68ef
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CRYPTO_EC_PRIVATE_KEY_H_
6 #define CRYPTO_EC_PRIVATE_KEY_H_
8 #include <string>
9 #include <vector>
11 #include "base/basictypes.h"
12 #include "build/build_config.h"
13 #include "crypto/crypto_export.h"
15 #if defined(USE_OPENSSL)
16 // Forward declaration for openssl/*.h
17 typedef struct evp_pkey_st EVP_PKEY;
18 #else
19 // Forward declaration.
20 typedef struct CERTSubjectPublicKeyInfoStr CERTSubjectPublicKeyInfo;
21 typedef struct PK11SlotInfoStr PK11SlotInfo;
22 typedef struct SECKEYPrivateKeyStr SECKEYPrivateKey;
23 typedef struct SECKEYPublicKeyStr SECKEYPublicKey;
24 #endif
26 namespace crypto {
28 // Encapsulates an elliptic curve (EC) private key. Can be used to generate new
29 // keys, export keys to other formats, or to extract a public key.
30 // TODO(mattm): make this and RSAPrivateKey implement some PrivateKey interface.
31 // (The difference in types of key() and public_key() make this a little
32 // tricky.)
33 class CRYPTO_EXPORT ECPrivateKey {
34 public:
35 ~ECPrivateKey();
37 // Returns whether the system supports elliptic curve cryptography.
38 static bool IsSupported();
40 // Creates a new random instance. Can return NULL if initialization fails.
41 // The created key will use the NIST P-256 curve.
42 // TODO(mattm): Add a curve parameter.
43 static ECPrivateKey* Create();
45 #if defined(USE_NSS)
46 // Creates a new random instance in |slot|. Can return NULL if initialization
47 // fails. The created key is permanent and is not exportable in plaintext
48 // form.
49 static ECPrivateKey* CreateSensitive(PK11SlotInfo* slot);
50 #endif
52 // Creates a new instance by importing an existing key pair.
53 // The key pair is given as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo
54 // block and an X.509 SubjectPublicKeyInfo block.
55 // Returns NULL if initialization fails.
56 static ECPrivateKey* CreateFromEncryptedPrivateKeyInfo(
57 const std::string& password,
58 const std::vector<uint8>& encrypted_private_key_info,
59 const std::vector<uint8>& subject_public_key_info);
61 #if defined(USE_NSS)
62 // Creates a new instance in |slot| by importing an existing key pair.
63 // The key pair is given as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo
64 // block and an X.509 SubjectPublicKeyInfo block.
65 // This can return NULL if initialization fails. The created key is permanent
66 // and is not exportable in plaintext form.
67 static ECPrivateKey* CreateSensitiveFromEncryptedPrivateKeyInfo(
68 PK11SlotInfo* slot,
69 const std::string& password,
70 const std::vector<uint8>& encrypted_private_key_info,
71 const std::vector<uint8>& subject_public_key_info);
72 #endif
74 #if !defined(USE_OPENSSL)
75 // Imports the key pair into |slot| and returns in |public_key| and |key|.
76 // Shortcut for code that needs to keep a reference directly to NSS types
77 // without having to create a ECPrivateKey object and make a copy of them.
78 // TODO(mattm): move this function to some NSS util file.
79 static bool ImportFromEncryptedPrivateKeyInfo(
80 PK11SlotInfo* slot,
81 const std::string& password,
82 const uint8* encrypted_private_key_info,
83 size_t encrypted_private_key_info_len,
84 CERTSubjectPublicKeyInfo* decoded_spki,
85 bool permanent,
86 bool sensitive,
87 SECKEYPrivateKey** key,
88 SECKEYPublicKey** public_key);
89 #endif
91 #if defined(USE_OPENSSL)
92 EVP_PKEY* key() { return key_; }
93 #else
94 SECKEYPrivateKey* key() { return key_; }
95 SECKEYPublicKey* public_key() { return public_key_; }
96 #endif
98 // Exports the private key as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo
99 // block and the public key as an X.509 SubjectPublicKeyInfo block.
100 // The |password| and |iterations| are used as inputs to the key derivation
101 // function for generating the encryption key. PKCS #5 recommends a minimum
102 // of 1000 iterations, on modern systems a larger value may be preferrable.
103 bool ExportEncryptedPrivateKey(const std::string& password,
104 int iterations,
105 std::vector<uint8>* output);
107 // Exports the public key to an X.509 SubjectPublicKeyInfo block.
108 bool ExportPublicKey(std::vector<uint8>* output);
110 // Exports private key data for testing. The format of data stored into output
111 // doesn't matter other than that it is consistent for the same key.
112 bool ExportValue(std::vector<uint8>* output);
113 bool ExportECParams(std::vector<uint8>* output);
115 private:
116 // Constructor is private. Use one of the Create*() methods above instead.
117 ECPrivateKey();
119 #if !defined(USE_OPENSSL)
120 // Shared helper for Create() and CreateSensitive().
121 // TODO(cmasone): consider replacing |permanent| and |sensitive| with a
122 // flags arg created by ORing together some enumerated values.
123 static ECPrivateKey* CreateWithParams(PK11SlotInfo* slot,
124 bool permanent,
125 bool sensitive);
127 // Shared helper for CreateFromEncryptedPrivateKeyInfo() and
128 // CreateSensitiveFromEncryptedPrivateKeyInfo().
129 static ECPrivateKey* CreateFromEncryptedPrivateKeyInfoWithParams(
130 PK11SlotInfo* slot,
131 const std::string& password,
132 const std::vector<uint8>& encrypted_private_key_info,
133 const std::vector<uint8>& subject_public_key_info,
134 bool permanent,
135 bool sensitive);
136 #endif
138 #if defined(USE_OPENSSL)
139 EVP_PKEY* key_;
140 #else
141 SECKEYPrivateKey* key_;
142 SECKEYPublicKey* public_key_;
143 #endif
145 DISALLOW_COPY_AND_ASSIGN(ECPrivateKey);
149 } // namespace crypto
151 #endif // CRYPTO_EC_PRIVATE_KEY_H_