1*635a8641SAndroid Build Coastguard Worker // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2*635a8641SAndroid Build Coastguard Worker // Use of this source code is governed by a BSD-style license that can be 3*635a8641SAndroid Build Coastguard Worker // found in the LICENSE file. 4*635a8641SAndroid Build Coastguard Worker 5*635a8641SAndroid Build Coastguard Worker #ifndef CRYPTO_EC_PRIVATE_KEY_H_ 6*635a8641SAndroid Build Coastguard Worker #define CRYPTO_EC_PRIVATE_KEY_H_ 7*635a8641SAndroid Build Coastguard Worker 8*635a8641SAndroid Build Coastguard Worker #include <stddef.h> 9*635a8641SAndroid Build Coastguard Worker #include <stdint.h> 10*635a8641SAndroid Build Coastguard Worker 11*635a8641SAndroid Build Coastguard Worker #include <memory> 12*635a8641SAndroid Build Coastguard Worker #include <string> 13*635a8641SAndroid Build Coastguard Worker #include <vector> 14*635a8641SAndroid Build Coastguard Worker 15*635a8641SAndroid Build Coastguard Worker #include "base/macros.h" 16*635a8641SAndroid Build Coastguard Worker #include "build/build_config.h" 17*635a8641SAndroid Build Coastguard Worker #include "crypto/crypto_export.h" 18*635a8641SAndroid Build Coastguard Worker #include "third_party/boringssl/src/include/openssl/base.h" 19*635a8641SAndroid Build Coastguard Worker 20*635a8641SAndroid Build Coastguard Worker namespace crypto { 21*635a8641SAndroid Build Coastguard Worker 22*635a8641SAndroid Build Coastguard Worker // Encapsulates an elliptic curve (EC) private key. Can be used to generate new 23*635a8641SAndroid Build Coastguard Worker // keys, export keys to other formats, or to extract a public key. 24*635a8641SAndroid Build Coastguard Worker // TODO(mattm): make this and RSAPrivateKey implement some PrivateKey interface. 25*635a8641SAndroid Build Coastguard Worker // (The difference in types of key() and public_key() make this a little 26*635a8641SAndroid Build Coastguard Worker // tricky.) 27*635a8641SAndroid Build Coastguard Worker class CRYPTO_EXPORT ECPrivateKey { 28*635a8641SAndroid Build Coastguard Worker public: 29*635a8641SAndroid Build Coastguard Worker ~ECPrivateKey(); 30*635a8641SAndroid Build Coastguard Worker 31*635a8641SAndroid Build Coastguard Worker // Creates a new random instance. Can return nullptr if initialization fails. 32*635a8641SAndroid Build Coastguard Worker // The created key will use the NIST P-256 curve. 33*635a8641SAndroid Build Coastguard Worker // TODO(mattm): Add a curve parameter. 34*635a8641SAndroid Build Coastguard Worker static std::unique_ptr<ECPrivateKey> Create(); 35*635a8641SAndroid Build Coastguard Worker 36*635a8641SAndroid Build Coastguard Worker // Create a new instance by importing an existing private key. The format is 37*635a8641SAndroid Build Coastguard Worker // an ASN.1-encoded PrivateKeyInfo block from PKCS #8. This can return 38*635a8641SAndroid Build Coastguard Worker // nullptr if initialization fails. 39*635a8641SAndroid Build Coastguard Worker static std::unique_ptr<ECPrivateKey> CreateFromPrivateKeyInfo( 40*635a8641SAndroid Build Coastguard Worker const std::vector<uint8_t>& input); 41*635a8641SAndroid Build Coastguard Worker 42*635a8641SAndroid Build Coastguard Worker // Creates a new instance by importing an existing key pair. 43*635a8641SAndroid Build Coastguard Worker // The key pair is given as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo 44*635a8641SAndroid Build Coastguard Worker // block with empty password and an X.509 SubjectPublicKeyInfo block. 45*635a8641SAndroid Build Coastguard Worker // Returns nullptr if initialization fails. 46*635a8641SAndroid Build Coastguard Worker // 47*635a8641SAndroid Build Coastguard Worker // This function is deprecated. Use CreateFromPrivateKeyInfo for new code. 48*635a8641SAndroid Build Coastguard Worker // See https://crbug.com/603319. 49*635a8641SAndroid Build Coastguard Worker static std::unique_ptr<ECPrivateKey> CreateFromEncryptedPrivateKeyInfo( 50*635a8641SAndroid Build Coastguard Worker const std::vector<uint8_t>& encrypted_private_key_info); 51*635a8641SAndroid Build Coastguard Worker 52*635a8641SAndroid Build Coastguard Worker // Returns a copy of the object. 53*635a8641SAndroid Build Coastguard Worker std::unique_ptr<ECPrivateKey> Copy() const; 54*635a8641SAndroid Build Coastguard Worker key()55*635a8641SAndroid Build Coastguard Worker EVP_PKEY* key() { return key_.get(); } 56*635a8641SAndroid Build Coastguard Worker 57*635a8641SAndroid Build Coastguard Worker // Exports the private key to a PKCS #8 PrivateKeyInfo block. 58*635a8641SAndroid Build Coastguard Worker bool ExportPrivateKey(std::vector<uint8_t>* output) const; 59*635a8641SAndroid Build Coastguard Worker 60*635a8641SAndroid Build Coastguard Worker // Exports the private key as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo 61*635a8641SAndroid Build Coastguard Worker // block wth empty password. This was historically used as a workaround for 62*635a8641SAndroid Build Coastguard Worker // NSS API deficiencies and does not provide security. 63*635a8641SAndroid Build Coastguard Worker // 64*635a8641SAndroid Build Coastguard Worker // This function is deprecated. Use ExportPrivateKey for new code. See 65*635a8641SAndroid Build Coastguard Worker // https://crbug.com/603319. 66*635a8641SAndroid Build Coastguard Worker bool ExportEncryptedPrivateKey(std::vector<uint8_t>* output) const; 67*635a8641SAndroid Build Coastguard Worker 68*635a8641SAndroid Build Coastguard Worker // Exports the public key to an X.509 SubjectPublicKeyInfo block. 69*635a8641SAndroid Build Coastguard Worker bool ExportPublicKey(std::vector<uint8_t>* output) const; 70*635a8641SAndroid Build Coastguard Worker 71*635a8641SAndroid Build Coastguard Worker // Exports the public key as an EC point in the uncompressed point format. 72*635a8641SAndroid Build Coastguard Worker bool ExportRawPublicKey(std::string* output) const; 73*635a8641SAndroid Build Coastguard Worker 74*635a8641SAndroid Build Coastguard Worker private: 75*635a8641SAndroid Build Coastguard Worker // Constructor is private. Use one of the Create*() methods above instead. 76*635a8641SAndroid Build Coastguard Worker ECPrivateKey(); 77*635a8641SAndroid Build Coastguard Worker 78*635a8641SAndroid Build Coastguard Worker bssl::UniquePtr<EVP_PKEY> key_; 79*635a8641SAndroid Build Coastguard Worker 80*635a8641SAndroid Build Coastguard Worker DISALLOW_COPY_AND_ASSIGN(ECPrivateKey); 81*635a8641SAndroid Build Coastguard Worker }; 82*635a8641SAndroid Build Coastguard Worker 83*635a8641SAndroid Build Coastguard Worker 84*635a8641SAndroid Build Coastguard Worker } // namespace crypto 85*635a8641SAndroid Build Coastguard Worker 86*635a8641SAndroid Build Coastguard Worker #endif // CRYPTO_EC_PRIVATE_KEY_H_ 87