ec_private_key.h revision 0d205d712abd16eeed2f5d5b1052a367d23a223f 
1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef CRYPTO_EC_PRIVATE_KEY_H_
6#define CRYPTO_EC_PRIVATE_KEY_H_
7
8#include <stddef.h>
9#include <stdint.h>
10
11#include <string>
12#include <vector>
13
14#include "base/macros.h"
15#include "build/build_config.h"
16#include "crypto/crypto_export.h"
17
18#if defined(USE_OPENSSL)
19// Forward declaration for openssl/*.h
20typedef struct evp_pkey_st EVP_PKEY;
21#else
22// Forward declaration.
23typedef struct CERTSubjectPublicKeyInfoStr CERTSubjectPublicKeyInfo;
24typedef struct PK11SlotInfoStr PK11SlotInfo;
25typedef struct SECKEYPrivateKeyStr SECKEYPrivateKey;
26typedef struct SECKEYPublicKeyStr SECKEYPublicKey;
27#endif
28
29namespace crypto {
30
31// Encapsulates an elliptic curve (EC) private key. Can be used to generate new
32// keys, export keys to other formats, or to extract a public key.
33// TODO(mattm): make this and RSAPrivateKey implement some PrivateKey interface.
34// (The difference in types of key() and public_key() make this a little
35// tricky.)
36class CRYPTO_EXPORT ECPrivateKey {
37 public:
38  ~ECPrivateKey();
39
40  // Creates a new random instance. Can return NULL if initialization fails.
41  // The created key will use the NIST P-256 curve.
42  // TODO(mattm): Add a curve parameter.
43  static ECPrivateKey* Create();
44
45  // Creates a new instance by importing an existing key pair.
46  // The key pair is given as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo
47  // block and an X.509 SubjectPublicKeyInfo block.
48  // Returns NULL if initialization fails.
49  static ECPrivateKey* CreateFromEncryptedPrivateKeyInfo(
50      const std::string& password,
51      const std::vector<uint8_t>& encrypted_private_key_info,
52      const std::vector<uint8_t>& subject_public_key_info);
53
54#if !defined(USE_OPENSSL)
55  // Imports the key pair into |slot| and returns in |public_key| and |key|.
56  // Shortcut for code that needs to keep a reference directly to NSS types
57  // without having to create a ECPrivateKey object and make a copy of them.
58  // TODO(mattm): move this function to some NSS util file.
59  static bool ImportFromEncryptedPrivateKeyInfo(
60      PK11SlotInfo* slot,
61      const std::string& password,
62      const uint8_t* encrypted_private_key_info,
63      size_t encrypted_private_key_info_len,
64      CERTSubjectPublicKeyInfo* decoded_spki,
65      bool permanent,
66      bool sensitive,
67      SECKEYPrivateKey** key,
68      SECKEYPublicKey** public_key);
69#endif
70
71  // Returns a copy of the object.
72  ECPrivateKey* Copy() const;
73
74#if defined(USE_OPENSSL)
75  EVP_PKEY* key() { return key_; }
76#else
77  SECKEYPrivateKey* key() { return key_; }
78  SECKEYPublicKey* public_key() { return public_key_; }
79#endif
80
81  // Exports the private key as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo
82  // block and the public key as an X.509 SubjectPublicKeyInfo block.
83  // The |password| and |iterations| are used as inputs to the key derivation
84  // function for generating the encryption key.  PKCS #5 recommends a minimum
85  // of 1000 iterations, on modern systems a larger value may be preferrable.
86  bool ExportEncryptedPrivateKey(const std::string& password,
87                                 int iterations,
88                                 std::vector<uint8_t>* output);
89
90  // Exports the public key to an X.509 SubjectPublicKeyInfo block.
91  bool ExportPublicKey(std::vector<uint8_t>* output);
92
93  // Exports the public key as an EC point in the uncompressed point format.
94  bool ExportRawPublicKey(std::string* output);
95
96  // Exports private key data for testing. The format of data stored into output
97  // doesn't matter other than that it is consistent for the same key.
98  bool ExportValue(std::vector<uint8_t>* output);
99  bool ExportECParams(std::vector<uint8_t>* output);
100
101 private:
102  // Constructor is private. Use one of the Create*() methods above instead.
103  ECPrivateKey();
104
105#if defined(USE_OPENSSL)
106  EVP_PKEY* key_;
107#else
108  SECKEYPrivateKey* key_;
109  SECKEYPublicKey* public_key_;
110#endif
111
112  DISALLOW_COPY_AND_ASSIGN(ECPrivateKey);
113};
114
115
116}  // namespace crypto
117
118#endif  // CRYPTO_EC_PRIVATE_KEY_H_
119