net/quic/crypto/p256_key_exchange.h

   1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef NET_QUIC_CRYPTO_P256_KEY_EXCHANGE_H_
   6 #define NET_QUIC_CRYPTO_P256_KEY_EXCHANGE_H_
   7
   8 #include <string>
   9
  10 #include "base/memory/scoped_ptr.h"
  11 #include "base/strings/string_piece.h"
  12 #include "net/base/net_export.h"
  13 #include "net/quic/crypto/key_exchange.h"
  14
  15 #if defined(USE_OPENSSL)
  16 #include "crypto/openssl_util.h"
  17 // Forward declaration for openssl/*.h
  18 typedef struct ec_key_st EC_KEY;
  19 extern "C" void EC_KEY_free(EC_KEY* key);
  20 #else
  21 #include "crypto/ec_private_key.h"
  22 #include "crypto/scoped_nss_types.h"
  23 #endif
  24
  25 namespace net {
  26
  27 // P256KeyExchange implements a KeyExchange using elliptic-curve
  28 // Diffie-Hellman on NIST P-256.
  29 class NET_EXPORT_PRIVATE P256KeyExchange : public KeyExchange {
  30  public:
  31   virtual ~P256KeyExchange();
  32
  33   // New creates a new key exchange object from a private key. If
  34   // |private_key| is invalid, NULL is returned.
  35   static P256KeyExchange* New(base::StringPiece private_key);
  36
  37   // |NewPrivateKey| returns a private key, suitable for passing to |New|.
  38   // If |NewPrivateKey| can't generate a private key, it returns an empty
  39   // string.
  40   static std::string NewPrivateKey();
  41
  42   // KeyExchange interface.
  43   virtual KeyExchange* NewKeyPair(QuicRandom* rand) const OVERRIDE;
  44   virtual bool CalculateSharedKey(const base::StringPiece& peer_public_value,
  45                                   std::string* shared_key) const OVERRIDE;
  46   virtual base::StringPiece public_value() const OVERRIDE;
  47   virtual QuicTag tag() const OVERRIDE;
  48
  49  private:
  50   enum {
  51     // A P-256 field element consists of 32 bytes.
  52     kP256FieldBytes = 32,
  53     // A P-256 point in uncompressed form consists of 0x04 (to denote
  54     // that the point is uncompressed) followed by two, 32-byte field
  55     // elements.
  56     kUncompressedP256PointBytes = 1 + 2 * kP256FieldBytes,
  57     // The first byte in an uncompressed P-256 point.
  58     kUncompressedECPointForm = 0x04,
  59   };
  60
  61 #if defined(USE_OPENSSL)
  62   // P256KeyExchange takes ownership of |private_key|, and expects
  63   // |public_key| consists of |kUncompressedP256PointBytes| bytes.
  64   P256KeyExchange(EC_KEY* private_key, const uint8* public_key);
  65
  66   crypto::ScopedOpenSSL<EC_KEY, EC_KEY_free> private_key_;
  67 #else
  68   // P256KeyExchange takes ownership of |key_pair|, and expects
  69   // |public_key| consists of |kUncompressedP256PointBytes| bytes.
  70   P256KeyExchange(crypto::ECPrivateKey* key_pair, const uint8* public_key);
  71
  72   scoped_ptr<crypto::ECPrivateKey> key_pair_;
  73 #endif
  74   // The public key stored as an uncompressed P-256 point.
  75   uint8 public_key_[kUncompressedP256PointBytes];
  76 };
  77
  78 }  // namespace net
  79 #endif  // NET_QUIC_CRYPTO_P256_KEY_EXCHANGE_H_
  80