xref: /aosp_15_r20/external/cronet/net/ssl/ssl_platform_key_util.h (revision 6777b5387eb2ff775bb5750e3f5d96f37fb7352b) 
1 // Copyright 2015 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef NET_SSL_SSL_PLATFORM_KEY_UTIL_H_
6 #define NET_SSL_SSL_PLATFORM_KEY_UTIL_H_
7 
8 #include <stddef.h>
9 #include <stdint.h>
10 
11 #include <optional>
12 #include <vector>
13 
14 #include "base/containers/span.h"
15 #include "base/memory/scoped_refptr.h"
16 #include "base/task/single_thread_task_runner.h"
17 #include "net/base/net_export.h"
18 #include "third_party/boringssl/src/include/openssl/base.h"
19 
20 namespace net {
21 
22 class X509Certificate;
23 
24 // Returns a task runner to serialize all private key operations on a single
25 // background thread to avoid problems with buggy smartcards. Its underlying
26 // Thread is non-joinable and as such provides
27 // TaskShutdownBehavior::CONTINUE_ON_SHUTDOWN semantics.
28 NET_EXPORT_PRIVATE scoped_refptr<base::SingleThreadTaskRunner>
29 GetSSLPlatformKeyTaskRunner();
30 
31 // Returns the public key of |certificate| as an |EVP_PKEY| or nullptr on error.
32 bssl::UniquePtr<EVP_PKEY> GetClientCertPublicKey(
33     const X509Certificate* certificate);
34 
35 // Determines the key type and maximum signature length of |certificate|'s
36 // public key. |*out_type| will be set to one of the |EVP_PKEY_*| values from
37 // BoringSSL.
38 NET_EXPORT_PRIVATE bool GetClientCertInfo(const X509Certificate* certificate,
39                                           int* out_type,
40                                           size_t* out_max_length);
41 
42 // Parses a DER-encoded SPKI buffer and returns the public key as an |EVP_PKEY|,
43 // or nullptr on error.
44 NET_EXPORT_PRIVATE bssl::UniquePtr<EVP_PKEY> ParseSpki(
45     base::span<const uint8_t> spki);
46 
47 // Determines the key type and maximum signature length of the public key
48 // encoded in |spki|. |*out_type| will be set to one of the |EVP_PKEY_*|
49 // values from BoringSSL.
50 NET_EXPORT_PRIVATE bool GetPublicKeyInfo(base::span<const uint8_t> spki,
51                                          int* out_type,
52                                          size_t* out_max_length);
53 
54 // Returns the encoded form of |digest| for use with RSA-PSS with |pubkey|,
55 // using |md| as the hash function and MGF-1 function, and the digest size of
56 // |md| as the salt length.
57 std::optional<std::vector<uint8_t>> AddPSSPadding(
58     EVP_PKEY* pubkey,
59     const EVP_MD* md,
60     base::span<const uint8_t> digest);
61 
62 }  // namespace net
63 
64 #endif  // NET_SSL_SSL_PLATFORM_KEY_UTIL_H_
65