blob: de6970965ee32d1607c35277070f908dd349980e [file] [log] [blame]
// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef CRYPTO_EC_PRIVATE_KEY_H_
#define CRYPTO_EC_PRIVATE_KEY_H_
#include <stddef.h>
#include <stdint.h>
#include <memory>
#include <string>
#include <vector>
#include "base/containers/span.h"
#include "base/macros.h"
#include "build/build_config.h"
#include "crypto/crypto_export.h"
#include "third_party/boringssl/src/include/openssl/base.h"
namespace crypto {
// Encapsulates an elliptic curve (EC) private key. Can be used to generate new
// keys, export keys to other formats, or to extract a public key.
// TODO(mattm): make this and RSAPrivateKey implement some PrivateKey interface.
// (The difference in types of key() and public_key() make this a little
// tricky.)
class CRYPTO_EXPORT ECPrivateKey {
public:
~ECPrivateKey();
// Creates a new random instance. Can return nullptr if initialization fails.
// The created key will use the NIST P-256 curve.
// TODO(mattm): Add a curve parameter.
static std::unique_ptr<ECPrivateKey> Create();
// Create a new instance by importing an existing private key. The format is
// an ASN.1-encoded PrivateKeyInfo block from PKCS #8. This can return
// nullptr if initialization fails.
static std::unique_ptr<ECPrivateKey> CreateFromPrivateKeyInfo(
base::span<const uint8_t> input);
// Creates a new instance by importing an existing key pair.
// The key pair is given as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo
// block with empty password and an X.509 SubjectPublicKeyInfo block.
// Returns nullptr if initialization fails.
//
// This function is deprecated. Use CreateFromPrivateKeyInfo for new code.
// See https://crbug.com/603319.
static std::unique_ptr<ECPrivateKey> CreateFromEncryptedPrivateKeyInfo(
base::span<const uint8_t> encrypted_private_key_info);
// Creates a new instance by deriving private key from |secret|, and generates
// public key points accordingly. The created key will use the NIST P-256
// curve. This can return nullptr if initialization fails.
static std::unique_ptr<ECPrivateKey> DeriveFromSecret(
base::span<const uint8_t> secret);
// Returns a copy of the object.
std::unique_ptr<ECPrivateKey> Copy() const;
EVP_PKEY* key() { return key_.get(); }
// Exports the private key to a PKCS #8 PrivateKeyInfo block.
bool ExportPrivateKey(std::vector<uint8_t>* output) const;
// Exports the private key as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo
// block wth empty password. This was historically used as a workaround for
// NSS API deficiencies and does not provide security.
//
// This function is deprecated. Use ExportPrivateKey for new code. See
// https://crbug.com/603319.
bool ExportEncryptedPrivateKey(std::vector<uint8_t>* output) const;
// Exports the public key to an X.509 SubjectPublicKeyInfo block.
bool ExportPublicKey(std::vector<uint8_t>* output) const;
// Exports the public key as an EC point in the uncompressed point format.
bool ExportRawPublicKey(std::string* output) const;
private:
// Constructor is private. Use one of the Create*() methods above instead.
ECPrivateKey();
bssl::UniquePtr<EVP_PKEY> key_;
DISALLOW_COPY_AND_ASSIGN(ECPrivateKey);
};
} // namespace crypto
#endif // CRYPTO_EC_PRIVATE_KEY_H_