diff options
Diffstat (limited to 'crypto/ec_private_key.h')
| -rw-r--r-- | crypto/ec_private_key.h | 56 |
1 files changed, 49 insertions, 7 deletions
diff --git a/crypto/ec_private_key.h b/crypto/ec_private_key.h index 432019be5d..a24219bef5 100644 --- a/crypto/ec_private_key.h +++ b/crypto/ec_private_key.h @@ -15,7 +15,17 @@ #include "base/macros.h" #include "build/build_config.h" #include "crypto/crypto_export.h" -#include "third_party/boringssl/src/include/openssl/base.h" + +#if defined(USE_OPENSSL) +// Forward declaration for openssl/*.h +typedef struct evp_pkey_st EVP_PKEY; +#else +// Forward declaration. +typedef struct CERTSubjectPublicKeyInfoStr CERTSubjectPublicKeyInfo; +typedef struct PK11SlotInfoStr PK11SlotInfo; +typedef struct SECKEYPrivateKeyStr SECKEYPrivateKey; +typedef struct SECKEYPublicKeyStr SECKEYPublicKey; +#endif namespace crypto { @@ -41,30 +51,57 @@ class CRYPTO_EXPORT ECPrivateKey { // Creates a new instance by importing an existing key pair. // The key pair is given as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo - // block with empty password and an X.509 SubjectPublicKeyInfo block. + // block and an X.509 SubjectPublicKeyInfo block. // Returns nullptr if initialization fails. // // This function is deprecated. Use CreateFromPrivateKeyInfo for new code. // See https://crbug.com/603319. static std::unique_ptr<ECPrivateKey> CreateFromEncryptedPrivateKeyInfo( + const std::string& password, const std::vector<uint8_t>& encrypted_private_key_info, const std::vector<uint8_t>& subject_public_key_info); +#if !defined(USE_OPENSSL) + // Imports the key pair into |slot| and returns in |public_key| and |key|. + // Shortcut for code that needs to keep a reference directly to NSS types + // without having to create a ECPrivateKey object and make a copy of them. + // TODO(mattm): move this function to some NSS util file. + static bool ImportFromEncryptedPrivateKeyInfo( + PK11SlotInfo* slot, + const std::string& password, + const uint8_t* encrypted_private_key_info, + size_t encrypted_private_key_info_len, + CERTSubjectPublicKeyInfo* decoded_spki, + bool permanent, + bool sensitive, + SECKEYPrivateKey** key, + SECKEYPublicKey** public_key); +#endif + // Returns a copy of the object. std::unique_ptr<ECPrivateKey> Copy() const; - EVP_PKEY* key() { return key_.get(); } +#if defined(USE_OPENSSL) + EVP_PKEY* key() { return key_; } +#else + SECKEYPrivateKey* key() { return key_; } + SECKEYPublicKey* public_key() { return public_key_; } +#endif // Exports the private key to a PKCS #8 PrivateKeyInfo block. bool ExportPrivateKey(std::vector<uint8_t>* output) const; // Exports the private key as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo - // block wth empty password. This was historically used as a workaround for - // NSS API deficiencies and does not provide security. + // block and the public key as an X.509 SubjectPublicKeyInfo block. + // The |password| and |iterations| are used as inputs to the key derivation + // function for generating the encryption key. PKCS #5 recommends a minimum + // of 1000 iterations, on modern systems a larger value may be preferrable. // // This function is deprecated. Use ExportPrivateKey for new code. See // https://crbug.com/603319. - bool ExportEncryptedPrivateKey(std::vector<uint8_t>* output) const; + bool ExportEncryptedPrivateKey(const std::string& password, + int iterations, + std::vector<uint8_t>* output) const; // Exports the public key to an X.509 SubjectPublicKeyInfo block. bool ExportPublicKey(std::vector<uint8_t>* output) const; @@ -76,7 +113,12 @@ class CRYPTO_EXPORT ECPrivateKey { // Constructor is private. Use one of the Create*() methods above instead. ECPrivateKey(); - bssl::UniquePtr<EVP_PKEY> key_; +#if defined(USE_OPENSSL) + EVP_PKEY* key_; +#else + SECKEYPrivateKey* key_; + SECKEYPublicKey* public_key_; +#endif DISALLOW_COPY_AND_ASSIGN(ECPrivateKey); }; |