1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/nss/lib/cryptohi/keythi.h Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,258 @@
1.4 +/* This Source Code Form is subject to the terms of the Mozilla Public
1.5 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.6 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.7 +#ifndef _KEYTHI_H_
1.8 +#define _KEYTHI_H_ 1
1.9 +
1.10 +#include "plarena.h"
1.11 +#include "pkcs11t.h"
1.12 +#include "secmodt.h"
1.13 +#include "prclist.h"
1.14 +
1.15 +/*
1.16 +** RFC 4055 Section 1.2 specifies three different RSA key types.
1.17 +**
1.18 +** rsaKey maps to keys with SEC_OID_PKCS1_RSA_ENCRYPTION and can be used for
1.19 +** both encryption and signatures with old (PKCS #1 v1.5) and new (PKCS #1
1.20 +** v2.1) padding schemes.
1.21 +**
1.22 +** rsaPssKey maps to keys with SEC_OID_PKCS1_RSA_PSS_SIGNATURE and may only
1.23 +** be used for signatures with PSS padding (PKCS #1 v2.1).
1.24 +**
1.25 +** rsaOaepKey maps to keys with SEC_OID_PKCS1_RSA_OAEP_ENCRYPTION and may only
1.26 +** be used for encryption with OAEP padding (PKCS #1 v2.1).
1.27 +*/
1.28 +
1.29 +typedef enum {
1.30 + nullKey = 0,
1.31 + rsaKey = 1,
1.32 + dsaKey = 2,
1.33 + fortezzaKey = 3, /* deprecated */
1.34 + dhKey = 4,
1.35 + keaKey = 5, /* deprecated */
1.36 + ecKey = 6,
1.37 + rsaPssKey = 7,
1.38 + rsaOaepKey = 8
1.39 +} KeyType;
1.40 +
1.41 +/*
1.42 +** Template Definitions
1.43 +**/
1.44 +
1.45 +SEC_BEGIN_PROTOS
1.46 +extern const SEC_ASN1Template SECKEY_RSAPublicKeyTemplate[];
1.47 +extern const SEC_ASN1Template SECKEY_RSAPSSParamsTemplate[];
1.48 +extern const SEC_ASN1Template SECKEY_DSAPublicKeyTemplate[];
1.49 +extern const SEC_ASN1Template SECKEY_DHPublicKeyTemplate[];
1.50 +extern const SEC_ASN1Template SECKEY_DHParamKeyTemplate[];
1.51 +extern const SEC_ASN1Template SECKEY_PQGParamsTemplate[];
1.52 +extern const SEC_ASN1Template SECKEY_DSAPrivateKeyExportTemplate[];
1.53 +
1.54 +/* Windows DLL accessor functions */
1.55 +SEC_ASN1_CHOOSER_DECLARE(SECKEY_DSAPublicKeyTemplate)
1.56 +SEC_ASN1_CHOOSER_DECLARE(SECKEY_RSAPublicKeyTemplate)
1.57 +SEC_ASN1_CHOOSER_DECLARE(SECKEY_RSAPSSParamsTemplate)
1.58 +SEC_END_PROTOS
1.59 +
1.60 +
1.61 +/*
1.62 +** RSA Public Key structures
1.63 +** member names from PKCS#1, section 7.1
1.64 +*/
1.65 +
1.66 +struct SECKEYRSAPublicKeyStr {
1.67 + PLArenaPool * arena;
1.68 + SECItem modulus;
1.69 + SECItem publicExponent;
1.70 +};
1.71 +typedef struct SECKEYRSAPublicKeyStr SECKEYRSAPublicKey;
1.72 +
1.73 +/*
1.74 +** RSA-PSS parameters
1.75 +*/
1.76 +struct SECKEYRSAPSSParamsStr {
1.77 + SECAlgorithmID *hashAlg;
1.78 + SECAlgorithmID *maskAlg;
1.79 + SECItem saltLength;
1.80 + SECItem trailerField;
1.81 +};
1.82 +typedef struct SECKEYRSAPSSParamsStr SECKEYRSAPSSParams;
1.83 +
1.84 +/*
1.85 +** DSA Public Key and related structures
1.86 +*/
1.87 +
1.88 +struct SECKEYPQGParamsStr {
1.89 + PLArenaPool *arena;
1.90 + SECItem prime; /* p */
1.91 + SECItem subPrime; /* q */
1.92 + SECItem base; /* g */
1.93 + /* XXX chrisk: this needs to be expanded to hold j and validationParms (RFC2459 7.3.2) */
1.94 +};
1.95 +typedef struct SECKEYPQGParamsStr SECKEYPQGParams;
1.96 +
1.97 +struct SECKEYDSAPublicKeyStr {
1.98 + SECKEYPQGParams params;
1.99 + SECItem publicValue;
1.100 +};
1.101 +typedef struct SECKEYDSAPublicKeyStr SECKEYDSAPublicKey;
1.102 +
1.103 +
1.104 +/*
1.105 +** Diffie-Hellman Public Key structure
1.106 +** Structure member names suggested by PKCS#3.
1.107 +*/
1.108 +struct SECKEYDHParamsStr {
1.109 + PLArenaPool * arena;
1.110 + SECItem prime; /* p */
1.111 + SECItem base; /* g */
1.112 +};
1.113 +typedef struct SECKEYDHParamsStr SECKEYDHParams;
1.114 +
1.115 +struct SECKEYDHPublicKeyStr {
1.116 + PLArenaPool * arena;
1.117 + SECItem prime;
1.118 + SECItem base;
1.119 + SECItem publicValue;
1.120 +};
1.121 +typedef struct SECKEYDHPublicKeyStr SECKEYDHPublicKey;
1.122 +
1.123 +/*
1.124 +** Elliptic curve Public Key structure
1.125 +** The PKCS#11 layer needs DER encoding of ANSI X9.62
1.126 +** parameters value
1.127 +*/
1.128 +typedef SECItem SECKEYECParams;
1.129 +
1.130 +struct SECKEYECPublicKeyStr {
1.131 + SECKEYECParams DEREncodedParams;
1.132 + int size; /* size in bits */
1.133 + SECItem publicValue; /* encoded point */
1.134 + /* XXX Even though the PKCS#11 interface takes encoded parameters,
1.135 + * we may still wish to decode them above PKCS#11 for things like
1.136 + * printing key information. For named curves, which is what
1.137 + * we initially support, we ought to have the curve name at the
1.138 + * very least.
1.139 + */
1.140 +};
1.141 +typedef struct SECKEYECPublicKeyStr SECKEYECPublicKey;
1.142 +
1.143 +/*
1.144 +** FORTEZZA Public Key structures
1.145 +*/
1.146 +struct SECKEYFortezzaPublicKeyStr {
1.147 + int KEAversion;
1.148 + int DSSversion;
1.149 + unsigned char KMID[8];
1.150 + SECItem clearance;
1.151 + SECItem KEApriviledge;
1.152 + SECItem DSSpriviledge;
1.153 + SECItem KEAKey;
1.154 + SECItem DSSKey;
1.155 + SECKEYPQGParams params;
1.156 + SECKEYPQGParams keaParams;
1.157 +};
1.158 +typedef struct SECKEYFortezzaPublicKeyStr SECKEYFortezzaPublicKey;
1.159 +#define KEAprivilege KEApriviledge /* corrected spelling */
1.160 +#define DSSprivilege DSSpriviledge /* corrected spelling */
1.161 +
1.162 +struct SECKEYDiffPQGParamsStr {
1.163 + SECKEYPQGParams DiffKEAParams;
1.164 + SECKEYPQGParams DiffDSAParams;
1.165 +};
1.166 +typedef struct SECKEYDiffPQGParamsStr SECKEYDiffPQGParams;
1.167 +
1.168 +struct SECKEYPQGDualParamsStr {
1.169 + SECKEYPQGParams CommParams;
1.170 + SECKEYDiffPQGParams DiffParams;
1.171 +};
1.172 +typedef struct SECKEYPQGDualParamsStr SECKEYPQGDualParams;
1.173 +
1.174 +struct SECKEYKEAParamsStr {
1.175 + PLArenaPool *arena;
1.176 + SECItem hash;
1.177 +};
1.178 +typedef struct SECKEYKEAParamsStr SECKEYKEAParams;
1.179 +
1.180 +struct SECKEYKEAPublicKeyStr {
1.181 + SECKEYKEAParams params;
1.182 + SECItem publicValue;
1.183 +};
1.184 +typedef struct SECKEYKEAPublicKeyStr SECKEYKEAPublicKey;
1.185 +
1.186 +/*
1.187 +** A Generic public key object.
1.188 +*/
1.189 +struct SECKEYPublicKeyStr {
1.190 + PLArenaPool *arena;
1.191 + KeyType keyType;
1.192 + PK11SlotInfo *pkcs11Slot;
1.193 + CK_OBJECT_HANDLE pkcs11ID;
1.194 + union {
1.195 + SECKEYRSAPublicKey rsa;
1.196 + SECKEYDSAPublicKey dsa;
1.197 + SECKEYDHPublicKey dh;
1.198 + SECKEYKEAPublicKey kea;
1.199 + SECKEYFortezzaPublicKey fortezza;
1.200 + SECKEYECPublicKey ec;
1.201 + } u;
1.202 +};
1.203 +typedef struct SECKEYPublicKeyStr SECKEYPublicKey;
1.204 +
1.205 +/* bit flag definitions for staticflags */
1.206 +#define SECKEY_Attributes_Cached 0x1 /* bit 0 states
1.207 + whether attributes are cached */
1.208 +#define SECKEY_CKA_PRIVATE (1U << 1) /* bit 1 is the value of CKA_PRIVATE */
1.209 +#define SECKEY_CKA_ALWAYS_AUTHENTICATE (1U << 2)
1.210 +
1.211 +#define SECKEY_ATTRIBUTES_CACHED(key) \
1.212 + (0 != (key->staticflags & SECKEY_Attributes_Cached))
1.213 +
1.214 +#define SECKEY_ATTRIBUTE_VALUE(key,attribute) \
1.215 + (0 != (key->staticflags & SECKEY_##attribute))
1.216 +
1.217 +#define SECKEY_HAS_ATTRIBUTE_SET(key,attribute) \
1.218 + (0 != (key->staticflags & SECKEY_Attributes_Cached)) ? \
1.219 + (0 != (key->staticflags & SECKEY_##attribute)) : \
1.220 + PK11_HasAttributeSet(key->pkcs11Slot,key->pkcs11ID,attribute, PR_FALSE)
1.221 +
1.222 +#define SECKEY_HAS_ATTRIBUTE_SET_LOCK(key,attribute, haslock) \
1.223 + (0 != (key->staticflags & SECKEY_Attributes_Cached)) ? \
1.224 + (0 != (key->staticflags & SECKEY_##attribute)) : \
1.225 + PK11_HasAttributeSet(key->pkcs11Slot,key->pkcs11ID,attribute, haslock)
1.226 +
1.227 +/*
1.228 +** A generic key structure
1.229 +*/
1.230 +struct SECKEYPrivateKeyStr {
1.231 + PLArenaPool *arena;
1.232 + KeyType keyType;
1.233 + PK11SlotInfo *pkcs11Slot; /* pkcs11 slot this key lives in */
1.234 + CK_OBJECT_HANDLE pkcs11ID; /* ID of pkcs11 object */
1.235 + PRBool pkcs11IsTemp; /* temp pkcs11 object, delete it when done */
1.236 + void *wincx; /* context for errors and pw prompts */
1.237 + PRUint32 staticflags; /* bit flag of cached PKCS#11 attributes */
1.238 +};
1.239 +typedef struct SECKEYPrivateKeyStr SECKEYPrivateKey;
1.240 +
1.241 +typedef struct {
1.242 + PRCList links;
1.243 + SECKEYPrivateKey *key;
1.244 +} SECKEYPrivateKeyListNode;
1.245 +
1.246 +typedef struct {
1.247 + PRCList list;
1.248 + PLArenaPool *arena;
1.249 +} SECKEYPrivateKeyList;
1.250 +
1.251 +typedef struct {
1.252 + PRCList links;
1.253 + SECKEYPublicKey *key;
1.254 +} SECKEYPublicKeyListNode;
1.255 +
1.256 +typedef struct {
1.257 + PRCList list;
1.258 + PLArenaPool *arena;
1.259 +} SECKEYPublicKeyList;
1.260 +#endif /* _KEYTHI_H_ */
1.261 +
