159c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat// Copyright (c) 2012 The Chromium Authors. All rights reserved. 259c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat// Use of this source code is governed by a BSD-style license that can be 359c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat// found in the LICENSE file. 459c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat 559c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat#ifndef CRYPTO_EC_PRIVATE_KEY_H_ 659c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat#define CRYPTO_EC_PRIVATE_KEY_H_ 759c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat 80d205d712abd16eeed2f5d5b1052a367d23a223fAlex Vakulenko#include <stddef.h> 90d205d712abd16eeed2f5d5b1052a367d23a223fAlex Vakulenko#include <stdint.h> 100d205d712abd16eeed2f5d5b1052a367d23a223fAlex Vakulenko 110c4f26a46430b8c503c65f5cae1d2b6876d53e30Luis Hector Chavez#include <memory> 1259c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat#include <string> 1359c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat#include <vector> 1459c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat 150d205d712abd16eeed2f5d5b1052a367d23a223fAlex Vakulenko#include "base/macros.h" 1659c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat#include "build/build_config.h" 1759c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat#include "crypto/crypto_export.h" 183a83cddbf6d8fe9c9d70d01e008ff8e86a823cb6Jay Civelli#include "third_party/boringssl/src/include/openssl/base.h" 1959c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat 2059c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Eratnamespace crypto { 2159c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat 2259c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat// Encapsulates an elliptic curve (EC) private key. Can be used to generate new 2359c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat// keys, export keys to other formats, or to extract a public key. 2459c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat// TODO(mattm): make this and RSAPrivateKey implement some PrivateKey interface. 2559c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat// (The difference in types of key() and public_key() make this a little 2659c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat// tricky.) 2759c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Eratclass CRYPTO_EXPORT ECPrivateKey { 2859c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat public: 2959c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat ~ECPrivateKey(); 3059c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat 310c4f26a46430b8c503c65f5cae1d2b6876d53e30Luis Hector Chavez // Creates a new random instance. Can return nullptr if initialization fails. 3259c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat // The created key will use the NIST P-256 curve. 3359c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat // TODO(mattm): Add a curve parameter. 340c4f26a46430b8c503c65f5cae1d2b6876d53e30Luis Hector Chavez static std::unique_ptr<ECPrivateKey> Create(); 350c4f26a46430b8c503c65f5cae1d2b6876d53e30Luis Hector Chavez 360c4f26a46430b8c503c65f5cae1d2b6876d53e30Luis Hector Chavez // Create a new instance by importing an existing private key. The format is 370c4f26a46430b8c503c65f5cae1d2b6876d53e30Luis Hector Chavez // an ASN.1-encoded PrivateKeyInfo block from PKCS #8. This can return 380c4f26a46430b8c503c65f5cae1d2b6876d53e30Luis Hector Chavez // nullptr if initialization fails. 390c4f26a46430b8c503c65f5cae1d2b6876d53e30Luis Hector Chavez static std::unique_ptr<ECPrivateKey> CreateFromPrivateKeyInfo( 400c4f26a46430b8c503c65f5cae1d2b6876d53e30Luis Hector Chavez const std::vector<uint8_t>& input); 4159c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat 4259c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat // Creates a new instance by importing an existing key pair. 4359c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat // The key pair is given as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo 443a83cddbf6d8fe9c9d70d01e008ff8e86a823cb6Jay Civelli // block with empty password and an X.509 SubjectPublicKeyInfo block. 450c4f26a46430b8c503c65f5cae1d2b6876d53e30Luis Hector Chavez // Returns nullptr if initialization fails. 460c4f26a46430b8c503c65f5cae1d2b6876d53e30Luis Hector Chavez // 470c4f26a46430b8c503c65f5cae1d2b6876d53e30Luis Hector Chavez // This function is deprecated. Use CreateFromPrivateKeyInfo for new code. 480c4f26a46430b8c503c65f5cae1d2b6876d53e30Luis Hector Chavez // See https://crbug.com/603319. 490c4f26a46430b8c503c65f5cae1d2b6876d53e30Luis Hector Chavez static std::unique_ptr<ECPrivateKey> CreateFromEncryptedPrivateKeyInfo( 500d205d712abd16eeed2f5d5b1052a367d23a223fAlex Vakulenko const std::vector<uint8_t>& encrypted_private_key_info, 510d205d712abd16eeed2f5d5b1052a367d23a223fAlex Vakulenko const std::vector<uint8_t>& subject_public_key_info); 5259c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat 5359c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat // Returns a copy of the object. 540c4f26a46430b8c503c65f5cae1d2b6876d53e30Luis Hector Chavez std::unique_ptr<ECPrivateKey> Copy() const; 5559c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat 563a83cddbf6d8fe9c9d70d01e008ff8e86a823cb6Jay Civelli EVP_PKEY* key() { return key_.get(); } 5759c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat 580c4f26a46430b8c503c65f5cae1d2b6876d53e30Luis Hector Chavez // Exports the private key to a PKCS #8 PrivateKeyInfo block. 590c4f26a46430b8c503c65f5cae1d2b6876d53e30Luis Hector Chavez bool ExportPrivateKey(std::vector<uint8_t>* output) const; 600c4f26a46430b8c503c65f5cae1d2b6876d53e30Luis Hector Chavez 6159c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat // Exports the private key as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo 623a83cddbf6d8fe9c9d70d01e008ff8e86a823cb6Jay Civelli // block wth empty password. This was historically used as a workaround for 633a83cddbf6d8fe9c9d70d01e008ff8e86a823cb6Jay Civelli // NSS API deficiencies and does not provide security. 640c4f26a46430b8c503c65f5cae1d2b6876d53e30Luis Hector Chavez // 650c4f26a46430b8c503c65f5cae1d2b6876d53e30Luis Hector Chavez // This function is deprecated. Use ExportPrivateKey for new code. See 660c4f26a46430b8c503c65f5cae1d2b6876d53e30Luis Hector Chavez // https://crbug.com/603319. 673a83cddbf6d8fe9c9d70d01e008ff8e86a823cb6Jay Civelli bool ExportEncryptedPrivateKey(std::vector<uint8_t>* output) const; 6859c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat 6959c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat // Exports the public key to an X.509 SubjectPublicKeyInfo block. 700c4f26a46430b8c503c65f5cae1d2b6876d53e30Luis Hector Chavez bool ExportPublicKey(std::vector<uint8_t>* output) const; 7159c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat 7259c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat // Exports the public key as an EC point in the uncompressed point format. 730c4f26a46430b8c503c65f5cae1d2b6876d53e30Luis Hector Chavez bool ExportRawPublicKey(std::string* output) const; 7459c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat 7559c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat private: 7659c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat // Constructor is private. Use one of the Create*() methods above instead. 7759c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat ECPrivateKey(); 7859c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat 793a83cddbf6d8fe9c9d70d01e008ff8e86a823cb6Jay Civelli bssl::UniquePtr<EVP_PKEY> key_; 8059c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat 8159c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat DISALLOW_COPY_AND_ASSIGN(ECPrivateKey); 8259c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat}; 8359c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat 8459c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat 8559c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat} // namespace crypto 8659c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat 8759c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat#endif // CRYPTO_EC_PRIVATE_KEY_H_ 88