summaryrefslogtreecommitdiff
path: root/chromium/net/ssl/ssl_private_key.h
blob: d1aa09951d77377f6b8f05c9a7fcd9593ce023ee (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71

// Copyright 2015 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef NET_SSL_SSL_PRIVATE_KEY_H_
#define NET_SSL_SSL_PRIVATE_KEY_H_

#include <stdint.h>

#include <vector>

#include "base/callback_forward.h"
#include "base/macros.h"
#include "base/memory/scoped_ptr.h"
#include "base/strings/string_piece.h"
#include "net/base/net_errors.h"

namespace net {

// An interface for a private key for use with SSL client authentication.
class SSLPrivateKey {
 public:
  using SignCallback = base::Callback<void(Error, const std::vector<uint8_t>&)>;

  enum class Type {
    RSA,
    ECDSA,
  };

  enum class Hash {
    MD5_SHA1,
    SHA1,
    SHA256,
    SHA384,
    SHA512,
  };

  SSLPrivateKey() {}
  virtual ~SSLPrivateKey() {}

  // Returns whether the key is an RSA key or an ECDSA key. Although the signing
  // interface is type-agnositic and type tags in interfaces are discouraged,
  // TLS has key-specific logic in selecting which hashes to sign. Exposing the
  // key type avoids replicating BoringSSL's TLS-specific logic in SSLPrivateKey
  // implementations and complicating the interface between Chromium and
  // BoringSSL.
  virtual Type GetType() = 0;

  // Returns the digests that are supported by the key in decreasing preference.
  virtual std::vector<SSLPrivateKey::Hash> GetDigestPreferences() = 0;

  // Returns the maximum size of a signature, in bytes. For an RSA key, this
  // must be the size of the modulus.
  virtual size_t GetMaxSignatureLengthInBytes() = 0;

  // Asynchronously signs an |input| which was computed with the hash |hash|. On
  // completion, it calls |callback| with the signature or an error code if the
  // operation failed. For an RSA key, the signature is a PKCS#1 signature. The
  // SSLPrivateKey implementation is responsible for prepending the DigestInfo
  // prefix and adding PKCS#1 padding.
  virtual void SignDigest(Hash hash,
                          const base::StringPiece& input,
                          const SignCallback& callback) = 0;

 private:
  DISALLOW_COPY_AND_ASSIGN(SSLPrivateKey);
};

}  // namespace net

#endif  // NET_SSL_SSL_PRIVATE_KEY_H_
View Lorry Controller Status