ec_private_key.h revision 59c5f4b0fb104e8e4806e4934a3d5d112ad695ab
159c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat// Copyright (c) 2012 The Chromium Authors. All rights reserved. 259c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat// Use of this source code is governed by a BSD-style license that can be 359c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat// found in the LICENSE file. 459c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat 559c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat#ifndef CRYPTO_EC_PRIVATE_KEY_H_ 659c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat#define CRYPTO_EC_PRIVATE_KEY_H_ 759c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat 859c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat#include <string> 959c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat#include <vector> 1059c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat 1159c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat#include "base/basictypes.h" 1259c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat#include "build/build_config.h" 1359c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat#include "crypto/crypto_export.h" 1459c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat 1559c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat#if defined(USE_OPENSSL) 1659c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat// Forward declaration for openssl/*.h 1759c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erattypedef struct evp_pkey_st EVP_PKEY; 1859c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat#else 1959c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat// Forward declaration. 2059c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erattypedef struct CERTSubjectPublicKeyInfoStr CERTSubjectPublicKeyInfo; 2159c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erattypedef struct PK11SlotInfoStr PK11SlotInfo; 2259c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erattypedef struct SECKEYPrivateKeyStr SECKEYPrivateKey; 2359c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erattypedef struct SECKEYPublicKeyStr SECKEYPublicKey; 2459c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat#endif 2559c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat 2659c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Eratnamespace crypto { 2759c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat 2859c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat// Encapsulates an elliptic curve (EC) private key. Can be used to generate new 2959c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat// keys, export keys to other formats, or to extract a public key. 3059c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat// TODO(mattm): make this and RSAPrivateKey implement some PrivateKey interface. 3159c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat// (The difference in types of key() and public_key() make this a little 3259c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat// tricky.) 3359c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Eratclass CRYPTO_EXPORT ECPrivateKey { 3459c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat public: 3559c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat ~ECPrivateKey(); 3659c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat 3759c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat // Returns whether the system supports elliptic curve cryptography. 3859c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat static bool IsSupported(); 3959c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat 4059c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat // Creates a new random instance. Can return NULL if initialization fails. 4159c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat // The created key will use the NIST P-256 curve. 4259c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat // TODO(mattm): Add a curve parameter. 4359c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat static ECPrivateKey* Create(); 4459c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat 4559c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat // Creates a new instance by importing an existing key pair. 4659c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat // The key pair is given as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo 4759c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat // block and an X.509 SubjectPublicKeyInfo block. 4859c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat // Returns NULL if initialization fails. 4959c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat static ECPrivateKey* CreateFromEncryptedPrivateKeyInfo( 5059c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat const std::string& password, 5159c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat const std::vector<uint8>& encrypted_private_key_info, 5259c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat const std::vector<uint8>& subject_public_key_info); 5359c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat 5459c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat#if !defined(USE_OPENSSL) 5559c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat // Imports the key pair into |slot| and returns in |public_key| and |key|. 5659c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat // Shortcut for code that needs to keep a reference directly to NSS types 5759c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat // without having to create a ECPrivateKey object and make a copy of them. 5859c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat // TODO(mattm): move this function to some NSS util file. 5959c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat static bool ImportFromEncryptedPrivateKeyInfo( 6059c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat PK11SlotInfo* slot, 6159c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat const std::string& password, 6259c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat const uint8* encrypted_private_key_info, 6359c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat size_t encrypted_private_key_info_len, 6459c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat CERTSubjectPublicKeyInfo* decoded_spki, 6559c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat bool permanent, 6659c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat bool sensitive, 6759c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat SECKEYPrivateKey** key, 6859c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat SECKEYPublicKey** public_key); 6959c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat#endif 7059c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat 7159c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat // Returns a copy of the object. 7259c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat ECPrivateKey* Copy() const; 7359c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat 7459c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat#if defined(USE_OPENSSL) 7559c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat EVP_PKEY* key() { return key_; } 7659c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat#else 7759c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat SECKEYPrivateKey* key() { return key_; } 7859c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat SECKEYPublicKey* public_key() { return public_key_; } 7959c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat#endif 8059c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat 8159c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat // Exports the private key as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo 8259c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat // block and the public key as an X.509 SubjectPublicKeyInfo block. 8359c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat // The |password| and |iterations| are used as inputs to the key derivation 8459c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat // function for generating the encryption key. PKCS #5 recommends a minimum 8559c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat // of 1000 iterations, on modern systems a larger value may be preferrable. 8659c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat bool ExportEncryptedPrivateKey(const std::string& password, 8759c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat int iterations, 8859c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat std::vector<uint8>* output); 8959c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat 9059c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat // Exports the public key to an X.509 SubjectPublicKeyInfo block. 9159c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat bool ExportPublicKey(std::vector<uint8>* output); 9259c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat 9359c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat // Exports the public key as an EC point in the uncompressed point format. 9459c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat bool ExportRawPublicKey(std::string* output); 9559c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat 9659c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat // Exports private key data for testing. The format of data stored into output 9759c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat // doesn't matter other than that it is consistent for the same key. 9859c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat bool ExportValue(std::vector<uint8>* output); 9959c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat bool ExportECParams(std::vector<uint8>* output); 10059c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat 10159c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat private: 10259c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat // Constructor is private. Use one of the Create*() methods above instead. 10359c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat ECPrivateKey(); 10459c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat 10559c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat#if defined(USE_OPENSSL) 10659c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat EVP_PKEY* key_; 10759c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat#else 10859c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat SECKEYPrivateKey* key_; 10959c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat SECKEYPublicKey* public_key_; 11059c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat#endif 11159c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat 11259c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat DISALLOW_COPY_AND_ASSIGN(ECPrivateKey); 11359c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat}; 11459c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat 11559c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat 11659c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat} // namespace crypto 11759c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat 11859c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat#endif // CRYPTO_EC_PRIVATE_KEY_H_ 119