1// Copyright 2015 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef CRYPTO_NSS_KEY_UTIL_H_
6#define CRYPTO_NSS_KEY_UTIL_H_
7
8#include <stdint.h>
9
10#include <vector>
11
12#include "build/build_config.h"
13#include "crypto/crypto_export.h"
14#include "crypto/scoped_nss_types.h"
15
16typedef struct PK11SlotInfoStr PK11SlotInfo;
17
18namespace crypto {
19
20// Generates a new RSA keypair of size |num_bits| in |slot|. Returns true on
21// success and false on failure. If |permanent| is true, the resulting key is
22// permanent and is not exportable in plaintext form.
23CRYPTO_EXPORT bool GenerateRSAKeyPairNSS(
24    PK11SlotInfo* slot,
25    uint16_t num_bits,
26    bool permanent,
27    ScopedSECKEYPublicKey* out_public_key,
28    ScopedSECKEYPrivateKey* out_private_key);
29
30// Imports a private key from |input| into |slot|. |input| is interpreted as a
31// DER-encoded PrivateKeyInfo block from PKCS #8. Returns nullptr on error. If
32// |permanent| is true, the resulting key is permanent and is not exportable in
33// plaintext form.
34CRYPTO_EXPORT ScopedSECKEYPrivateKey
35ImportNSSKeyFromPrivateKeyInfo(PK11SlotInfo* slot,
36                               const std::vector<uint8_t>& input,
37                               bool permanent);
38
39#if defined(USE_NSS_CERTS)
40
41// Decodes |input| as a DER-encoded X.509 SubjectPublicKeyInfo and searches for
42// the private key half in the key database. Returns the private key on success
43// or nullptr on error.
44CRYPTO_EXPORT ScopedSECKEYPrivateKey
45FindNSSKeyFromPublicKeyInfo(const std::vector<uint8_t>& input);
46
47// Decodes |input| as a DER-encoded X.509 SubjectPublicKeyInfo and searches for
48// the private key half in the slot specified by |slot|. Returns the private key
49// on success or nullptr on error.
50CRYPTO_EXPORT ScopedSECKEYPrivateKey
51FindNSSKeyFromPublicKeyInfoInSlot(const std::vector<uint8_t>& input,
52                                  PK11SlotInfo* slot);
53
54#endif  // defined(USE_NSS_CERTS)
55
56}  // namespace crypto
57
58#endif  // CRYPTO_NSS_KEY_UTIL_H_
59