Roll src/third_party/WebKit e0eac24:489c548 (svn 193311:193320)
[chromium-blink-merge.git] / crypto / ec_private_key.h
bloba3d3d1ea02ac33ad9243e62cf9965cdc0a90c1c8
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CRYPTO_EC_PRIVATE_KEY_H_
6 #define CRYPTO_EC_PRIVATE_KEY_H_
8 #include <string>
9 #include <vector>
11 #include "base/basictypes.h"
12 #include "build/build_config.h"
13 #include "crypto/crypto_export.h"
15 #if defined(USE_OPENSSL)
16 // Forward declaration for openssl/*.h
17 typedef struct evp_pkey_st EVP_PKEY;
18 #else
19 // Forward declaration.
20 typedef struct CERTSubjectPublicKeyInfoStr CERTSubjectPublicKeyInfo;
21 typedef struct PK11SlotInfoStr PK11SlotInfo;
22 typedef struct SECKEYPrivateKeyStr SECKEYPrivateKey;
23 typedef struct SECKEYPublicKeyStr SECKEYPublicKey;
24 #endif
26 namespace crypto {
28 // Encapsulates an elliptic curve (EC) private key. Can be used to generate new
29 // keys, export keys to other formats, or to extract a public key.
30 // TODO(mattm): make this and RSAPrivateKey implement some PrivateKey interface.
31 // (The difference in types of key() and public_key() make this a little
32 // tricky.)
33 class CRYPTO_EXPORT ECPrivateKey {
34 public:
35 ~ECPrivateKey();
37 // Returns whether the system supports elliptic curve cryptography.
38 static bool IsSupported();
40 // Creates a new random instance. Can return NULL if initialization fails.
41 // The created key will use the NIST P-256 curve.
42 // TODO(mattm): Add a curve parameter.
43 static ECPrivateKey* Create();
45 // Creates a new instance by importing an existing key pair.
46 // The key pair is given as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo
47 // block and an X.509 SubjectPublicKeyInfo block.
48 // Returns NULL if initialization fails.
49 static ECPrivateKey* CreateFromEncryptedPrivateKeyInfo(
50 const std::string& password,
51 const std::vector<uint8>& encrypted_private_key_info,
52 const std::vector<uint8>& subject_public_key_info);
54 #if !defined(USE_OPENSSL)
55 // Imports the key pair into |slot| and returns in |public_key| and |key|.
56 // Shortcut for code that needs to keep a reference directly to NSS types
57 // without having to create a ECPrivateKey object and make a copy of them.
58 // TODO(mattm): move this function to some NSS util file.
59 static bool ImportFromEncryptedPrivateKeyInfo(
60 PK11SlotInfo* slot,
61 const std::string& password,
62 const uint8* encrypted_private_key_info,
63 size_t encrypted_private_key_info_len,
64 CERTSubjectPublicKeyInfo* decoded_spki,
65 bool permanent,
66 bool sensitive,
67 SECKEYPrivateKey** key,
68 SECKEYPublicKey** public_key);
70 // Returns a copy of the object.
71 ECPrivateKey* Copy() const;
72 #endif
74 #if defined(USE_OPENSSL)
75 EVP_PKEY* key() { return key_; }
76 #else
77 SECKEYPrivateKey* key() { return key_; }
78 SECKEYPublicKey* public_key() { return public_key_; }
79 #endif
81 // Exports the private key as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo
82 // block and the public key as an X.509 SubjectPublicKeyInfo block.
83 // The |password| and |iterations| are used as inputs to the key derivation
84 // function for generating the encryption key. PKCS #5 recommends a minimum
85 // of 1000 iterations, on modern systems a larger value may be preferrable.
86 bool ExportEncryptedPrivateKey(const std::string& password,
87 int iterations,
88 std::vector<uint8>* output);
90 // Exports the public key to an X.509 SubjectPublicKeyInfo block.
91 bool ExportPublicKey(std::vector<uint8>* output);
93 // Exports the public key as an EC point in the uncompressed point format.
94 bool ExportRawPublicKey(std::string* output);
96 // Exports private key data for testing. The format of data stored into output
97 // doesn't matter other than that it is consistent for the same key.
98 bool ExportValue(std::vector<uint8>* output);
99 bool ExportECParams(std::vector<uint8>* output);
101 private:
102 // Constructor is private. Use one of the Create*() methods above instead.
103 ECPrivateKey();
105 #if defined(USE_OPENSSL)
106 EVP_PKEY* key_;
107 #else
108 SECKEYPrivateKey* key_;
109 SECKEYPublicKey* public_key_;
110 #endif
112 DISALLOW_COPY_AND_ASSIGN(ECPrivateKey);
116 } // namespace crypto
118 #endif // CRYPTO_EC_PRIVATE_KEY_H_