security/nss/lib/cryptohi/keythi.h@b8a032363ba2
security/nss/lib/cryptohi/keythi.h
Thu, 22 Jan 2015 13:21:57 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Thu, 22 Jan 2015 13:21:57 +0100
- branch
- TOR_BUG_9701
- changeset 15
- b8a032363ba2
- permissions
- -rw-r--r--
Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6
1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4 #ifndef _KEYTHI_H_
5 #define _KEYTHI_H_ 1
7 #include "plarena.h"
8 #include "pkcs11t.h"
9 #include "secmodt.h"
10 #include "prclist.h"
12 /*
13 ** RFC 4055 Section 1.2 specifies three different RSA key types.
14 **
15 ** rsaKey maps to keys with SEC_OID_PKCS1_RSA_ENCRYPTION and can be used for
16 ** both encryption and signatures with old (PKCS #1 v1.5) and new (PKCS #1
17 ** v2.1) padding schemes.
18 **
19 ** rsaPssKey maps to keys with SEC_OID_PKCS1_RSA_PSS_SIGNATURE and may only
20 ** be used for signatures with PSS padding (PKCS #1 v2.1).
21 **
22 ** rsaOaepKey maps to keys with SEC_OID_PKCS1_RSA_OAEP_ENCRYPTION and may only
23 ** be used for encryption with OAEP padding (PKCS #1 v2.1).
24 */
26 typedef enum {
27 nullKey = 0,
28 rsaKey = 1,
29 dsaKey = 2,
30 fortezzaKey = 3, /* deprecated */
31 dhKey = 4,
32 keaKey = 5, /* deprecated */
33 ecKey = 6,
34 rsaPssKey = 7,
35 rsaOaepKey = 8
36 } KeyType;
38 /*
39 ** Template Definitions
40 **/
42 SEC_BEGIN_PROTOS
43 extern const SEC_ASN1Template SECKEY_RSAPublicKeyTemplate[];
44 extern const SEC_ASN1Template SECKEY_RSAPSSParamsTemplate[];
45 extern const SEC_ASN1Template SECKEY_DSAPublicKeyTemplate[];
46 extern const SEC_ASN1Template SECKEY_DHPublicKeyTemplate[];
47 extern const SEC_ASN1Template SECKEY_DHParamKeyTemplate[];
48 extern const SEC_ASN1Template SECKEY_PQGParamsTemplate[];
49 extern const SEC_ASN1Template SECKEY_DSAPrivateKeyExportTemplate[];
51 /* Windows DLL accessor functions */
52 SEC_ASN1_CHOOSER_DECLARE(SECKEY_DSAPublicKeyTemplate)
53 SEC_ASN1_CHOOSER_DECLARE(SECKEY_RSAPublicKeyTemplate)
54 SEC_ASN1_CHOOSER_DECLARE(SECKEY_RSAPSSParamsTemplate)
55 SEC_END_PROTOS
58 /*
59 ** RSA Public Key structures
60 ** member names from PKCS#1, section 7.1
61 */
63 struct SECKEYRSAPublicKeyStr {
64 PLArenaPool * arena;
65 SECItem modulus;
66 SECItem publicExponent;
67 };
68 typedef struct SECKEYRSAPublicKeyStr SECKEYRSAPublicKey;
70 /*
71 ** RSA-PSS parameters
72 */
73 struct SECKEYRSAPSSParamsStr {
74 SECAlgorithmID *hashAlg;
75 SECAlgorithmID *maskAlg;
76 SECItem saltLength;
77 SECItem trailerField;
78 };
79 typedef struct SECKEYRSAPSSParamsStr SECKEYRSAPSSParams;
81 /*
82 ** DSA Public Key and related structures
83 */
85 struct SECKEYPQGParamsStr {
86 PLArenaPool *arena;
87 SECItem prime; /* p */
88 SECItem subPrime; /* q */
89 SECItem base; /* g */
90 /* XXX chrisk: this needs to be expanded to hold j and validationParms (RFC2459 7.3.2) */
91 };
92 typedef struct SECKEYPQGParamsStr SECKEYPQGParams;
94 struct SECKEYDSAPublicKeyStr {
95 SECKEYPQGParams params;
96 SECItem publicValue;
97 };
98 typedef struct SECKEYDSAPublicKeyStr SECKEYDSAPublicKey;
101 /*
102 ** Diffie-Hellman Public Key structure
103 ** Structure member names suggested by PKCS#3.
104 */
105 struct SECKEYDHParamsStr {
106 PLArenaPool * arena;
107 SECItem prime; /* p */
108 SECItem base; /* g */
109 };
110 typedef struct SECKEYDHParamsStr SECKEYDHParams;
112 struct SECKEYDHPublicKeyStr {
113 PLArenaPool * arena;
114 SECItem prime;
115 SECItem base;
116 SECItem publicValue;
117 };
118 typedef struct SECKEYDHPublicKeyStr SECKEYDHPublicKey;
120 /*
121 ** Elliptic curve Public Key structure
122 ** The PKCS#11 layer needs DER encoding of ANSI X9.62
123 ** parameters value
124 */
125 typedef SECItem SECKEYECParams;
127 struct SECKEYECPublicKeyStr {
128 SECKEYECParams DEREncodedParams;
129 int size; /* size in bits */
130 SECItem publicValue; /* encoded point */
131 /* XXX Even though the PKCS#11 interface takes encoded parameters,
132 * we may still wish to decode them above PKCS#11 for things like
133 * printing key information. For named curves, which is what
134 * we initially support, we ought to have the curve name at the
135 * very least.
136 */
137 };
138 typedef struct SECKEYECPublicKeyStr SECKEYECPublicKey;
140 /*
141 ** FORTEZZA Public Key structures
142 */
143 struct SECKEYFortezzaPublicKeyStr {
144 int KEAversion;
145 int DSSversion;
146 unsigned char KMID[8];
147 SECItem clearance;
148 SECItem KEApriviledge;
149 SECItem DSSpriviledge;
150 SECItem KEAKey;
151 SECItem DSSKey;
152 SECKEYPQGParams params;
153 SECKEYPQGParams keaParams;
154 };
155 typedef struct SECKEYFortezzaPublicKeyStr SECKEYFortezzaPublicKey;
156 #define KEAprivilege KEApriviledge /* corrected spelling */
157 #define DSSprivilege DSSpriviledge /* corrected spelling */
159 struct SECKEYDiffPQGParamsStr {
160 SECKEYPQGParams DiffKEAParams;
161 SECKEYPQGParams DiffDSAParams;
162 };
163 typedef struct SECKEYDiffPQGParamsStr SECKEYDiffPQGParams;
165 struct SECKEYPQGDualParamsStr {
166 SECKEYPQGParams CommParams;
167 SECKEYDiffPQGParams DiffParams;
168 };
169 typedef struct SECKEYPQGDualParamsStr SECKEYPQGDualParams;
171 struct SECKEYKEAParamsStr {
172 PLArenaPool *arena;
173 SECItem hash;
174 };
175 typedef struct SECKEYKEAParamsStr SECKEYKEAParams;
177 struct SECKEYKEAPublicKeyStr {
178 SECKEYKEAParams params;
179 SECItem publicValue;
180 };
181 typedef struct SECKEYKEAPublicKeyStr SECKEYKEAPublicKey;
183 /*
184 ** A Generic public key object.
185 */
186 struct SECKEYPublicKeyStr {
187 PLArenaPool *arena;
188 KeyType keyType;
189 PK11SlotInfo *pkcs11Slot;
190 CK_OBJECT_HANDLE pkcs11ID;
191 union {
192 SECKEYRSAPublicKey rsa;
193 SECKEYDSAPublicKey dsa;
194 SECKEYDHPublicKey dh;
195 SECKEYKEAPublicKey kea;
196 SECKEYFortezzaPublicKey fortezza;
197 SECKEYECPublicKey ec;
198 } u;
199 };
200 typedef struct SECKEYPublicKeyStr SECKEYPublicKey;
202 /* bit flag definitions for staticflags */
203 #define SECKEY_Attributes_Cached 0x1 /* bit 0 states
204 whether attributes are cached */
205 #define SECKEY_CKA_PRIVATE (1U << 1) /* bit 1 is the value of CKA_PRIVATE */
206 #define SECKEY_CKA_ALWAYS_AUTHENTICATE (1U << 2)
208 #define SECKEY_ATTRIBUTES_CACHED(key) \
209 (0 != (key->staticflags & SECKEY_Attributes_Cached))
211 #define SECKEY_ATTRIBUTE_VALUE(key,attribute) \
212 (0 != (key->staticflags & SECKEY_##attribute))
214 #define SECKEY_HAS_ATTRIBUTE_SET(key,attribute) \
215 (0 != (key->staticflags & SECKEY_Attributes_Cached)) ? \
216 (0 != (key->staticflags & SECKEY_##attribute)) : \
217 PK11_HasAttributeSet(key->pkcs11Slot,key->pkcs11ID,attribute, PR_FALSE)
219 #define SECKEY_HAS_ATTRIBUTE_SET_LOCK(key,attribute, haslock) \
220 (0 != (key->staticflags & SECKEY_Attributes_Cached)) ? \
221 (0 != (key->staticflags & SECKEY_##attribute)) : \
222 PK11_HasAttributeSet(key->pkcs11Slot,key->pkcs11ID,attribute, haslock)
224 /*
225 ** A generic key structure
226 */
227 struct SECKEYPrivateKeyStr {
228 PLArenaPool *arena;
229 KeyType keyType;
230 PK11SlotInfo *pkcs11Slot; /* pkcs11 slot this key lives in */
231 CK_OBJECT_HANDLE pkcs11ID; /* ID of pkcs11 object */
232 PRBool pkcs11IsTemp; /* temp pkcs11 object, delete it when done */
233 void *wincx; /* context for errors and pw prompts */
234 PRUint32 staticflags; /* bit flag of cached PKCS#11 attributes */
235 };
236 typedef struct SECKEYPrivateKeyStr SECKEYPrivateKey;
238 typedef struct {
239 PRCList links;
240 SECKEYPrivateKey *key;
241 } SECKEYPrivateKeyListNode;
243 typedef struct {
244 PRCList list;
245 PLArenaPool *arena;
246 } SECKEYPrivateKeyList;
248 typedef struct {
249 PRCList links;
250 SECKEYPublicKey *key;
251 } SECKEYPublicKeyListNode;
253 typedef struct {
254 PRCList list;
255 PLArenaPool *arena;
256 } SECKEYPublicKeyList;
257 #endif /* _KEYTHI_H_ */
