ec_private_key.h revision 59c5f4b0fb104e8e4806e4934a3d5d112ad695ab 
159c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat// Copyright (c) 2012 The Chromium Authors. All rights reserved.
259c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat// Use of this source code is governed by a BSD-style license that can be
359c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat// found in the LICENSE file.
459c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat
559c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat#ifndef CRYPTO_EC_PRIVATE_KEY_H_
659c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat#define CRYPTO_EC_PRIVATE_KEY_H_
759c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat
859c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat#include <string>
959c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat#include <vector>
1059c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat
1159c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat#include "base/basictypes.h"
1259c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat#include "build/build_config.h"
1359c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat#include "crypto/crypto_export.h"
1459c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat
1559c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat#if defined(USE_OPENSSL)
1659c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat// Forward declaration for openssl/*.h
1759c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erattypedef struct evp_pkey_st EVP_PKEY;
1859c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat#else
1959c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat// Forward declaration.
2059c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erattypedef struct CERTSubjectPublicKeyInfoStr CERTSubjectPublicKeyInfo;
2159c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erattypedef struct PK11SlotInfoStr PK11SlotInfo;
2259c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erattypedef struct SECKEYPrivateKeyStr SECKEYPrivateKey;
2359c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erattypedef struct SECKEYPublicKeyStr SECKEYPublicKey;
2459c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat#endif
2559c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat
2659c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Eratnamespace crypto {
2759c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat
2859c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat// Encapsulates an elliptic curve (EC) private key. Can be used to generate new
2959c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat// keys, export keys to other formats, or to extract a public key.
3059c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat// TODO(mattm): make this and RSAPrivateKey implement some PrivateKey interface.
3159c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat// (The difference in types of key() and public_key() make this a little
3259c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat// tricky.)
3359c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Eratclass CRYPTO_EXPORT ECPrivateKey {
3459c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat public:
3559c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat  ~ECPrivateKey();
3659c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat
3759c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat  // Returns whether the system supports elliptic curve cryptography.
3859c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat  static bool IsSupported();
3959c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat
4059c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat  // Creates a new random instance. Can return NULL if initialization fails.
4159c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat  // The created key will use the NIST P-256 curve.
4259c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat  // TODO(mattm): Add a curve parameter.
4359c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat  static ECPrivateKey* Create();
4459c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat
4559c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat  // Creates a new instance by importing an existing key pair.
4659c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat  // The key pair is given as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo
4759c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat  // block and an X.509 SubjectPublicKeyInfo block.
4859c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat  // Returns NULL if initialization fails.
4959c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat  static ECPrivateKey* CreateFromEncryptedPrivateKeyInfo(
5059c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat      const std::string& password,
5159c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat      const std::vector<uint8>& encrypted_private_key_info,
5259c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat      const std::vector<uint8>& subject_public_key_info);
5359c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat
5459c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat#if !defined(USE_OPENSSL)
5559c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat  // Imports the key pair into |slot| and returns in |public_key| and |key|.
5659c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat  // Shortcut for code that needs to keep a reference directly to NSS types
5759c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat  // without having to create a ECPrivateKey object and make a copy of them.
5859c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat  // TODO(mattm): move this function to some NSS util file.
5959c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat  static bool ImportFromEncryptedPrivateKeyInfo(
6059c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat      PK11SlotInfo* slot,
6159c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat      const std::string& password,
6259c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat      const uint8* encrypted_private_key_info,
6359c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat      size_t encrypted_private_key_info_len,
6459c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat      CERTSubjectPublicKeyInfo* decoded_spki,
6559c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat      bool permanent,
6659c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat      bool sensitive,
6759c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat      SECKEYPrivateKey** key,
6859c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat      SECKEYPublicKey** public_key);
6959c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat#endif
7059c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat
7159c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat  // Returns a copy of the object.
7259c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat  ECPrivateKey* Copy() const;
7359c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat
7459c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat#if defined(USE_OPENSSL)
7559c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat  EVP_PKEY* key() { return key_; }
7659c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat#else
7759c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat  SECKEYPrivateKey* key() { return key_; }
7859c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat  SECKEYPublicKey* public_key() { return public_key_; }
7959c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat#endif
8059c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat
8159c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat  // Exports the private key as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo
8259c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat  // block and the public key as an X.509 SubjectPublicKeyInfo block.
8359c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat  // The |password| and |iterations| are used as inputs to the key derivation
8459c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat  // function for generating the encryption key.  PKCS #5 recommends a minimum
8559c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat  // of 1000 iterations, on modern systems a larger value may be preferrable.
8659c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat  bool ExportEncryptedPrivateKey(const std::string& password,
8759c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat                                 int iterations,
8859c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat                                 std::vector<uint8>* output);
8959c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat
9059c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat  // Exports the public key to an X.509 SubjectPublicKeyInfo block.
9159c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat  bool ExportPublicKey(std::vector<uint8>* output);
9259c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat
9359c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat  // Exports the public key as an EC point in the uncompressed point format.
9459c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat  bool ExportRawPublicKey(std::string* output);
9559c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat
9659c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat  // Exports private key data for testing. The format of data stored into output
9759c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat  // doesn't matter other than that it is consistent for the same key.
9859c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat  bool ExportValue(std::vector<uint8>* output);
9959c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat  bool ExportECParams(std::vector<uint8>* output);
10059c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat
10159c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat private:
10259c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat  // Constructor is private. Use one of the Create*() methods above instead.
10359c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat  ECPrivateKey();
10459c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat
10559c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat#if defined(USE_OPENSSL)
10659c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat  EVP_PKEY* key_;
10759c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat#else
10859c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat  SECKEYPrivateKey* key_;
10959c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat  SECKEYPublicKey* public_key_;
11059c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat#endif
11159c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat
11259c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat  DISALLOW_COPY_AND_ASSIGN(ECPrivateKey);
11359c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat};
11459c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat
11559c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat
11659c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat}  // namespace crypto
11759c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat
11859c5f4b0fb104e8e4806e4934a3d5d112ad695abDaniel Erat#endif  // CRYPTO_EC_PRIVATE_KEY_H_
119