content/child/webcrypto/openssl/util_openssl.h

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef CONTENT_CHILD_WEBCRYPTO_OPENSSL_UTIL_OPENSSL_H_
   6 #define CONTENT_CHILD_WEBCRYPTO_OPENSSL_UTIL_OPENSSL_H_
   7
   8 #include <string>
   9 #include <vector>
  10
  11 #include <openssl/ossl_typ.h>
  12
  13 #include "crypto/scoped_openssl_types.h"
  14 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h"
  15 #include "third_party/WebKit/public/platform/WebCryptoKey.h"
  16
  17 namespace content {
  18
  19 namespace webcrypto {
  20
  21 class CryptoData;
  22 class GenerateKeyResult;
  23 class Status;
  24
  25 // The values of these constants correspond with the "enc" parameter of
  26 // EVP_CipherInit_ex(), do not change.
  27 enum EncryptOrDecrypt { DECRYPT = 0, ENCRYPT = 1 };
  28
  29 const EVP_MD* GetDigest(blink::WebCryptoAlgorithmId id);
  30
  31 // Does either encryption or decryption for an AEAD algorithm.
  32 //   * |mode| controls whether encryption or decryption is done
  33 //   * |aead_alg| the algorithm (for instance AES-GCM)
  34 //   * |buffer| where the ciphertext or plaintext is written to.
  35 Status AeadEncryptDecrypt(EncryptOrDecrypt mode,
  36                           const std::vector<uint8_t>& raw_key,
  37                           const CryptoData& data,
  38                           unsigned int tag_length_bytes,
  39                           const CryptoData& iv,
  40                           const CryptoData& additional_data,
  41                           const EVP_AEAD* aead_alg,
  42                           std::vector<uint8_t>* buffer);
  43
  44 // Generates a random secret key of the given bit length. If the bit length is
  45 // not a multiple of 8, then the resulting key will have ceil(keylen_bits / 8)
  46 // bytes, and the "unused" bits will be set to zero. This function does not do
  47 // any validation checks on the provided parameters.
  48 Status GenerateWebCryptoSecretKey(const blink::WebCryptoKeyAlgorithm& algorithm,
  49                                   bool extractable,
  50                                   blink::WebCryptoKeyUsageMask usages,
  51                                   unsigned int keylen_bits,
  52                                   GenerateKeyResult* result);
  53
  54 // Creates a WebCrypto secret key given a the raw data. The provided |key_data|
  55 // will be copied into the new key. This function does not do any validation
  56 // checks for the provided parameters.
  57 Status CreateWebCryptoSecretKey(const CryptoData& key_data,
  58                                 const blink::WebCryptoKeyAlgorithm& algorithm,
  59                                 bool extractable,
  60                                 blink::WebCryptoKeyUsageMask usages,
  61                                 blink::WebCryptoKey* key);
  62
  63 // Creates a WebCrypto public key given an EVP_PKEY. This step includes
  64 // exporting the key to SPKI format, for use by serialization later.
  65 Status CreateWebCryptoPublicKey(crypto::ScopedEVP_PKEY public_key,
  66                                 const blink::WebCryptoKeyAlgorithm& algorithm,
  67                                 bool extractable,
  68                                 blink::WebCryptoKeyUsageMask usages,
  69                                 blink::WebCryptoKey* key);
  70
  71 // Creates a WebCrypto private key given an EVP_PKEY. This step includes
  72 // exporting the key to PKCS8 format, for use by serialization later.
  73 Status CreateWebCryptoPrivateKey(crypto::ScopedEVP_PKEY private_key,
  74                                  const blink::WebCryptoKeyAlgorithm& algorithm,
  75                                  bool extractable,
  76                                  blink::WebCryptoKeyUsageMask usages,
  77                                  blink::WebCryptoKey* key);
  78
  79 // Imports SPKI bytes to an EVP_PKEY for a public key. The resulting asymmetric
  80 // key may be invalid, and should be verified using something like
  81 // RSA_check_key(). The only validation performed by this function is to ensure
  82 // the key type matched |expected_pkey_id|.
  83 Status ImportUnverifiedPkeyFromSpki(const CryptoData& key_data,
  84                                     int expected_pkey_id,
  85                                     crypto::ScopedEVP_PKEY* pkey);
  86
  87 // Imports PKCS8 bytes to an EVP_PKEY for a private key. The resulting
  88 // asymmetric key may be invalid, and should be verified using something like
  89 // RSA_check_key(). The only validation performed by this function is to ensure
  90 // the key type matched |expected_pkey_id|.
  91 Status ImportUnverifiedPkeyFromPkcs8(const CryptoData& key_data,
  92                                      int expected_pkey_id,
  93                                      crypto::ScopedEVP_PKEY* pkey);
  94
  95 // Allocates a new BIGNUM given a std::string big-endian representation.
  96 BIGNUM* CreateBIGNUM(const std::string& n);
  97
  98 // Converts a BIGNUM to a big endian byte array.
  99 std::vector<uint8_t> BIGNUMToVector(const BIGNUM* n);
 100
 101 }  // namespace webcrypto
 102
 103 }  // namespace content
 104
 105 #endif  // CONTENT_CHILD_WEBCRYPTO_OPENSSL_UTIL_OPENSSL_H_