1// Copyright (c) 2013 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef NET_ANDROID_KEYSTORE_H
6#define NET_ANDROID_KEYSTORE_H
7
8#include <jni.h>
9
10#include <string>
11#include <vector>
12
13#include "base/basictypes.h"
14#include "base/strings/string_piece.h"
15#include "net/base/net_export.h"
16#include "net/ssl/ssl_client_cert_type.h"
17
18// Avoid including <openssl/evp.h> here.
19typedef struct evp_pkey_st EVP_PKEY;
20
21// Misc functions to access the Android platform KeyStore.
22
23namespace net {
24namespace android {
25
26// Define a list of constants describing private key types. The
27// values are shared with Java through org.chromium.net.PrivateKeyType.
28// Example: PRIVATE_KEY_TYPE_RSA.
29enum PrivateKeyType {
30#define DEFINE_PRIVATE_KEY_TYPE(name,value)  PRIVATE_KEY_TYPE_ ## name = value,
31#include "net/android/private_key_type_list.h"
32#undef DEFINE_PRIVATE_KEY_TYPE
33};
34
35// Returns the modulus of a given RSAPrivateKey platform object,
36// as a series of bytes, in big-endian representation. This can be
37// used with BN_bin2bn() to convert to an OpenSSL BIGNUM.
38//
39// |private_key| is a JNI reference for the private key.
40// |modulus| will receive the modulus bytes on success.
41// Returns true on success, or false on failure (e.g. if the key
42// is not RSA).
43NET_EXPORT bool GetRSAKeyModulus(jobject private_key,
44                                 std::vector<uint8>* modulus);
45
46// Returns the Q parameter of a given DSAPrivateKey platform object,
47// as a series of bytes, in big-endian representation. This can be used
48// with BN_bin2bn() to convert to an OpenSSL BIGNUM.
49// |private_key| is a JNI reference for the private key.
50// |q| will receive the result bytes on success.
51// Returns true on success, or false on failure (e.g. if the key is
52// not DSA).
53NET_EXPORT bool GetDSAKeyParamQ(jobject private_key,
54                                std::vector<uint8>* q);
55
56// Returns the order parameter of a given ECPrivateKey platform object,
57// as a series of bytes, in big-endian representation. This can be used
58// with BN_bin2bn() to convert to an OpenSSL BIGNUM.
59// |private_key| is a JNI reference for the private key.
60// |order| will receive the result bytes on success.
61// Returns true on success, or false on failure (e.g. if the key is
62// not EC).
63bool GetECKeyOrder(jobject private_key,
64                   std::vector<uint8>* order);
65
66// Returns the encoded PKCS#8 representation of a private key.
67// This only works on Android 4.0.3 and older releases for platform keys
68// (i.e. all keys except those explicitely generated by the application).
69// |private_key| is a JNI reference for the private key.
70// |encoded| will receive the encoded data on success.
71// Returns true on success, or false on failure (e.g. on 4.0.4 or higher).
72bool GetPrivateKeyEncodedBytes(jobject private_key,
73                               std::vector<uint8>* encoded);
74
75// Compute the signature of a given message, which is actually a hash,
76// using a private key. For more details, please read the comments for the
77// rawSignDigestWithPrivateKey method in AndroidKeyStore.java.
78//
79// |private_key| is a JNI reference for the private key.
80// |digest| is the input digest.
81// |signature| will receive the signature on success.
82// Returns true on success, false on failure.
83//
84NET_EXPORT bool RawSignDigestWithPrivateKey(
85    jobject private_key,
86    const base::StringPiece& digest,
87    std::vector<uint8>* signature);
88
89
90// Return the PrivateKeyType of a given private key.
91// |private_key| is a JNI reference for the private key.
92// Returns a PrivateKeyType, while will be CLIENT_CERT_INVALID_TYPE
93// on error.
94NET_EXPORT PrivateKeyType GetPrivateKeyType(jobject private_key);
95
96// Returns a handle to the system EVP_PKEY object used to back a given
97// private_key object. This must *only* be used for RSA private keys
98// on Android < 4.2. Technically, this is only guaranteed to work if
99// the system image contains a vanilla implementation of the Java
100// API frameworks based on Harmony + OpenSSL.
101//
102// |private_key| is a JNI reference for the private key.
103// Returns an EVP_PKEY* handle, or NULL in case of error.
104//
105// Note: Despite its name and return type, this function doesn't know
106//       anything about OpenSSL, it just type-casts a system pointer that
107//       is passed as an int through JNI. As such, it never increments
108//       the returned key's reference count.
109EVP_PKEY* GetOpenSSLSystemHandleForPrivateKey(jobject private_key);
110
111// Register JNI methods
112NET_EXPORT bool RegisterKeyStore(JNIEnv* env);
113
114}  // namespace android
115}  // namespace net
116
117#endif  // NET_ANDROID_KEYSTORE_H
118