components/webcrypto/openssl/util_openssl.h

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef COMPONENTS_WEBCRYPTO_OPENSSL_UTIL_OPENSSL_H_
   6 #define COMPONENTS_WEBCRYPTO_OPENSSL_UTIL_OPENSSL_H_
   7
   8 #include <string>
   9 #include <vector>
  10
  11 #include <openssl/ossl_typ.h>
  12
  13 #include "crypto/scoped_openssl_types.h"
  14 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h"
  15 #include "third_party/WebKit/public/platform/WebCryptoKey.h"
  16
  17 namespace webcrypto {
  18
  19 class CryptoData;
  20 class GenerateKeyResult;
  21 class Status;
  22
  23 // The values of these constants correspond with the "enc" parameter of
  24 // EVP_CipherInit_ex(), do not change.
  25 enum EncryptOrDecrypt { DECRYPT = 0, ENCRYPT = 1 };
  26
  27 const EVP_MD* GetDigest(blink::WebCryptoAlgorithmId id);
  28
  29 // Does either encryption or decryption for an AEAD algorithm.
  30 //   * |mode| controls whether encryption or decryption is done
  31 //   * |aead_alg| the algorithm (for instance AES-GCM)
  32 //   * |buffer| where the ciphertext or plaintext is written to.
  33 Status AeadEncryptDecrypt(EncryptOrDecrypt mode,
  34                           const std::vector<uint8_t>& raw_key,
  35                           const CryptoData& data,
  36                           unsigned int tag_length_bytes,
  37                           const CryptoData& iv,
  38                           const CryptoData& additional_data,
  39                           const EVP_AEAD* aead_alg,
  40                           std::vector<uint8_t>* buffer);
  41
  42 // Generates a random secret key of the given bit length. If the bit length is
  43 // not a multiple of 8, then the resulting key will have ceil(keylen_bits / 8)
  44 // bytes, and the "unused" bits will be set to zero. This function does not do
  45 // any validation checks on the provided parameters.
  46 Status GenerateWebCryptoSecretKey(const blink::WebCryptoKeyAlgorithm& algorithm,
  47                                   bool extractable,
  48                                   blink::WebCryptoKeyUsageMask usages,
  49                                   unsigned int keylen_bits,
  50                                   GenerateKeyResult* result);
  51
  52 // Creates a WebCrypto secret key given a the raw data. The provided |key_data|
  53 // will be copied into the new key. This function does not do any validation
  54 // checks for the provided parameters.
  55 Status CreateWebCryptoSecretKey(const CryptoData& key_data,
  56                                 const blink::WebCryptoKeyAlgorithm& algorithm,
  57                                 bool extractable,
  58                                 blink::WebCryptoKeyUsageMask usages,
  59                                 blink::WebCryptoKey* key);
  60
  61 // Creates a WebCrypto public key given an EVP_PKEY. This step includes
  62 // exporting the key to SPKI format, for use by serialization later.
  63 Status CreateWebCryptoPublicKey(crypto::ScopedEVP_PKEY public_key,
  64                                 const blink::WebCryptoKeyAlgorithm& algorithm,
  65                                 bool extractable,
  66                                 blink::WebCryptoKeyUsageMask usages,
  67                                 blink::WebCryptoKey* key);
  68
  69 // Creates a WebCrypto private key given an EVP_PKEY. This step includes
  70 // exporting the key to PKCS8 format, for use by serialization later.
  71 Status CreateWebCryptoPrivateKey(crypto::ScopedEVP_PKEY private_key,
  72                                  const blink::WebCryptoKeyAlgorithm& algorithm,
  73                                  bool extractable,
  74                                  blink::WebCryptoKeyUsageMask usages,
  75                                  blink::WebCryptoKey* key);
  76
  77 // Imports SPKI bytes to an EVP_PKEY for a public key. The resulting asymmetric
  78 // key may be invalid, and should be verified using something like
  79 // RSA_check_key(). The only validation performed by this function is to ensure
  80 // the key type matched |expected_pkey_id|.
  81 Status ImportUnverifiedPkeyFromSpki(const CryptoData& key_data,
  82                                     int expected_pkey_id,
  83                                     crypto::ScopedEVP_PKEY* pkey);
  84
  85 // Imports PKCS8 bytes to an EVP_PKEY for a private key. The resulting
  86 // asymmetric key may be invalid, and should be verified using something like
  87 // RSA_check_key(). The only validation performed by this function is to ensure
  88 // the key type matched |expected_pkey_id|.
  89 Status ImportUnverifiedPkeyFromPkcs8(const CryptoData& key_data,
  90                                      int expected_pkey_id,
  91                                      crypto::ScopedEVP_PKEY* pkey);
  92
  93 // Allocates a new BIGNUM given a std::string big-endian representation.
  94 BIGNUM* CreateBIGNUM(const std::string& n);
  95
  96 // Converts a BIGNUM to a big endian byte array.
  97 std::vector<uint8_t> BIGNUMToVector(const BIGNUM* n);
  98
  99 }  // namespace webcrypto
 100
 101 #endif  // COMPONENTS_WEBCRYPTO_OPENSSL_UTIL_OPENSSL_H_