Landing Recent QUIC changes until 8/19/2015 17:00 UTC.
[chromium-blink-merge.git] / net / ssl / ssl_private_key.h
bloba2e5c35c5e3a8b528bd839d58357bf3d3af1297b
1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef NET_SSL_SSL_PRIVATE_KEY_H_
6 #define NET_SSL_SSL_PRIVATE_KEY_H_
8 #include <stdint.h>
10 #include <vector>
12 #include "base/callback_forward.h"
13 #include "base/macros.h"
14 #include "base/memory/scoped_ptr.h"
15 #include "base/strings/string_piece.h"
16 #include "net/base/net_errors.h"
18 namespace net {
20 // An interface for a private key for use with SSL client authentication.
21 class SSLPrivateKey {
22 public:
23 using SignCallback = base::Callback<void(Error, const std::vector<uint8_t>&)>;
25 enum class Type {
26 RSA,
27 ECDSA,
30 enum class Hash {
31 MD5_SHA1,
32 SHA1,
33 SHA256,
34 SHA384,
35 SHA512,
38 SSLPrivateKey() {}
39 virtual ~SSLPrivateKey() {}
41 // Returns whether the key is an RSA key or an ECDSA key. Although the signing
42 // interface is type-agnositic and type tags in interfaces are discouraged,
43 // TLS has key-specific logic in selecting which hashes to sign. Exposing the
44 // key type avoids replicating BoringSSL's TLS-specific logic in SSLPrivateKey
45 // implementations and complicating the interface between Chromium and
46 // BoringSSL.
47 virtual Type GetType() = 0;
49 // Returns true if the key supports signing hashes of type |hash|.
50 virtual bool SupportsHash(Hash hash) = 0;
52 // Returns the maximum size of a signature, in bytes. For an RSA key, this
53 // must be the size of the modulus.
54 virtual size_t GetMaxSignatureLengthInBytes() = 0;
56 // Asynchronously signs an |input| which was computed with the hash |hash|. On
57 // completion, it calls |callback| with the signature or an error code if the
58 // operation failed. For an RSA key, the signature is a PKCS#1 signature. The
59 // SSLPrivateKey implementation is responsible for prepending the DigestInfo
60 // prefix and adding PKCS#1 padding.
61 virtual void SignDigest(Hash hash,
62 const base::StringPiece& input,
63 const SignCallback& callback) = 0;
65 private:
66 DISALLOW_COPY_AND_ASSIGN(SSLPrivateKey);
69 } // namespace net
71 #endif // NET_SSL_SSL_PRIVATE_KEY_H_