1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CRYPTO_EC_PRIVATE_KEY_H_ 6 #define CRYPTO_EC_PRIVATE_KEY_H_ 7 8 #include <string> 9 #include <vector> 10 11 #include "base/basictypes.h" 12 #include "build/build_config.h" 13 #include "crypto/crypto_export.h" 14 15 #if defined(USE_OPENSSL) 16 // Forward declaration for openssl/*.h 17 typedef struct evp_pkey_st EVP_PKEY; 18 #else 19 // Forward declaration. 20 typedef struct CERTSubjectPublicKeyInfoStr CERTSubjectPublicKeyInfo; 21 typedef struct SECKEYPrivateKeyStr SECKEYPrivateKey; 22 typedef struct SECKEYPublicKeyStr SECKEYPublicKey; 23 #endif 24 25 namespace crypto { 26 27 // Encapsulates an elliptic curve (EC) private key. Can be used to generate new 28 // keys, export keys to other formats, or to extract a public key. 29 // TODO(mattm): make this and RSAPrivateKey implement some PrivateKey interface. 30 // (The difference in types of key() and public_key() make this a little 31 // tricky.) 32 class CRYPTO_EXPORT ECPrivateKey { 33 public: 34 ~ECPrivateKey(); 35 36 // Returns whether the system supports elliptic curve cryptography. 37 static bool IsSupported(); 38 39 // Creates a new random instance. Can return NULL if initialization fails. 40 // The created key will use the NIST P-256 curve. 41 // TODO(mattm): Add a curve parameter. 42 static ECPrivateKey* Create(); 43 44 // Creates a new random instance. Can return NULL if initialization fails. 45 // The created key is permanent and is not exportable in plaintext form. 46 // 47 // NOTE: Currently only available if USE_NSS is defined. 48 static ECPrivateKey* CreateSensitive(); 49 50 // Creates a new instance by importing an existing key pair. 51 // The key pair is given as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo 52 // block and an X.509 SubjectPublicKeyInfo block. 53 // Returns NULL if initialization fails. 54 static ECPrivateKey* CreateFromEncryptedPrivateKeyInfo( 55 const std::string& password, 56 const std::vector<uint8>& encrypted_private_key_info, 57 const std::vector<uint8>& subject_public_key_info); 58 59 // Creates a new instance by importing an existing key pair. 60 // The key pair is given as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo 61 // block and an X.509 SubjectPublicKeyInfo block. 62 // This can return NULL if initialization fails. The created key is permanent 63 // and is not exportable in plaintext form. 64 // 65 // NOTE: Currently only available if USE_NSS is defined. 66 static ECPrivateKey* CreateSensitiveFromEncryptedPrivateKeyInfo( 67 const std::string& password, 68 const std::vector<uint8>& encrypted_private_key_info, 69 const std::vector<uint8>& subject_public_key_info); 70 71 #if !defined(USE_OPENSSL) 72 // Imports the key pair and returns in |public_key| and |key|. 73 // Shortcut for code that needs to keep a reference directly to NSS types 74 // without having to create a ECPrivateKey object and make a copy of them. 75 // TODO(mattm): move this function to some NSS util file. 76 static bool ImportFromEncryptedPrivateKeyInfo( 77 const std::string& password, 78 const uint8* encrypted_private_key_info, 79 size_t encrypted_private_key_info_len, 80 CERTSubjectPublicKeyInfo* decoded_spki, 81 bool permanent, 82 bool sensitive, 83 SECKEYPrivateKey** key, 84 SECKEYPublicKey** public_key); 85 #endif 86 87 #if defined(USE_OPENSSL) 88 EVP_PKEY* key() { return key_; } 89 #else 90 SECKEYPrivateKey* key() { return key_; } 91 SECKEYPublicKey* public_key() { return public_key_; } 92 #endif 93 94 // Exports the private key as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo 95 // block and the public key as an X.509 SubjectPublicKeyInfo block. 96 // The |password| and |iterations| are used as inputs to the key derivation 97 // function for generating the encryption key. PKCS #5 recommends a minimum 98 // of 1000 iterations, on modern systems a larger value may be preferrable. 99 bool ExportEncryptedPrivateKey(const std::string& password, 100 int iterations, 101 std::vector<uint8>* output); 102 103 // Exports the public key to an X.509 SubjectPublicKeyInfo block. 104 bool ExportPublicKey(std::vector<uint8>* output); 105 106 // Exports private key data for testing. The format of data stored into output 107 // doesn't matter other than that it is consistent for the same key. 108 bool ExportValue(std::vector<uint8>* output); 109 bool ExportECParams(std::vector<uint8>* output); 110 111 private: 112 // Constructor is private. Use one of the Create*() methods above instead. 113 ECPrivateKey(); 114 115 // Shared helper for Create() and CreateSensitive(). 116 // TODO(cmasone): consider replacing |permanent| and |sensitive| with a 117 // flags arg created by ORing together some enumerated values. 118 static ECPrivateKey* CreateWithParams(bool permanent, 119 bool sensitive); 120 121 // Shared helper for CreateFromEncryptedPrivateKeyInfo() and 122 // CreateSensitiveFromEncryptedPrivateKeyInfo(). 123 static ECPrivateKey* CreateFromEncryptedPrivateKeyInfoWithParams( 124 const std::string& password, 125 const std::vector<uint8>& encrypted_private_key_info, 126 const std::vector<uint8>& subject_public_key_info, 127 bool permanent, 128 bool sensitive); 129 130 #if defined(USE_OPENSSL) 131 EVP_PKEY* key_; 132 #else 133 SECKEYPrivateKey* key_; 134 SECKEYPublicKey* public_key_; 135 #endif 136 137 DISALLOW_COPY_AND_ASSIGN(ECPrivateKey); 138 }; 139 140 141 } // namespace crypto 142 143 #endif // CRYPTO_EC_PRIVATE_KEY_H_ 144