michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public michael@0: * License, v. 2.0. If a copy of the MPL was not distributed with this michael@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ michael@0: #ifndef _KEYTHI_H_ michael@0: #define _KEYTHI_H_ 1 michael@0: michael@0: #include "plarena.h" michael@0: #include "pkcs11t.h" michael@0: #include "secmodt.h" michael@0: #include "prclist.h" michael@0: michael@0: /* michael@0: ** RFC 4055 Section 1.2 specifies three different RSA key types. michael@0: ** michael@0: ** rsaKey maps to keys with SEC_OID_PKCS1_RSA_ENCRYPTION and can be used for michael@0: ** both encryption and signatures with old (PKCS #1 v1.5) and new (PKCS #1 michael@0: ** v2.1) padding schemes. michael@0: ** michael@0: ** rsaPssKey maps to keys with SEC_OID_PKCS1_RSA_PSS_SIGNATURE and may only michael@0: ** be used for signatures with PSS padding (PKCS #1 v2.1). michael@0: ** michael@0: ** rsaOaepKey maps to keys with SEC_OID_PKCS1_RSA_OAEP_ENCRYPTION and may only michael@0: ** be used for encryption with OAEP padding (PKCS #1 v2.1). michael@0: */ michael@0: michael@0: typedef enum { michael@0: nullKey = 0, michael@0: rsaKey = 1, michael@0: dsaKey = 2, michael@0: fortezzaKey = 3, /* deprecated */ michael@0: dhKey = 4, michael@0: keaKey = 5, /* deprecated */ michael@0: ecKey = 6, michael@0: rsaPssKey = 7, michael@0: rsaOaepKey = 8 michael@0: } KeyType; michael@0: michael@0: /* michael@0: ** Template Definitions michael@0: **/ michael@0: michael@0: SEC_BEGIN_PROTOS michael@0: extern const SEC_ASN1Template SECKEY_RSAPublicKeyTemplate[]; michael@0: extern const SEC_ASN1Template SECKEY_RSAPSSParamsTemplate[]; michael@0: extern const SEC_ASN1Template SECKEY_DSAPublicKeyTemplate[]; michael@0: extern const SEC_ASN1Template SECKEY_DHPublicKeyTemplate[]; michael@0: extern const SEC_ASN1Template SECKEY_DHParamKeyTemplate[]; michael@0: extern const SEC_ASN1Template SECKEY_PQGParamsTemplate[]; michael@0: extern const SEC_ASN1Template SECKEY_DSAPrivateKeyExportTemplate[]; michael@0: michael@0: /* Windows DLL accessor functions */ michael@0: SEC_ASN1_CHOOSER_DECLARE(SECKEY_DSAPublicKeyTemplate) michael@0: SEC_ASN1_CHOOSER_DECLARE(SECKEY_RSAPublicKeyTemplate) michael@0: SEC_ASN1_CHOOSER_DECLARE(SECKEY_RSAPSSParamsTemplate) michael@0: SEC_END_PROTOS michael@0: michael@0: michael@0: /* michael@0: ** RSA Public Key structures michael@0: ** member names from PKCS#1, section 7.1 michael@0: */ michael@0: michael@0: struct SECKEYRSAPublicKeyStr { michael@0: PLArenaPool * arena; michael@0: SECItem modulus; michael@0: SECItem publicExponent; michael@0: }; michael@0: typedef struct SECKEYRSAPublicKeyStr SECKEYRSAPublicKey; michael@0: michael@0: /* michael@0: ** RSA-PSS parameters michael@0: */ michael@0: struct SECKEYRSAPSSParamsStr { michael@0: SECAlgorithmID *hashAlg; michael@0: SECAlgorithmID *maskAlg; michael@0: SECItem saltLength; michael@0: SECItem trailerField; michael@0: }; michael@0: typedef struct SECKEYRSAPSSParamsStr SECKEYRSAPSSParams; michael@0: michael@0: /* michael@0: ** DSA Public Key and related structures michael@0: */ michael@0: michael@0: struct SECKEYPQGParamsStr { michael@0: PLArenaPool *arena; michael@0: SECItem prime; /* p */ michael@0: SECItem subPrime; /* q */ michael@0: SECItem base; /* g */ michael@0: /* XXX chrisk: this needs to be expanded to hold j and validationParms (RFC2459 7.3.2) */ michael@0: }; michael@0: typedef struct SECKEYPQGParamsStr SECKEYPQGParams; michael@0: michael@0: struct SECKEYDSAPublicKeyStr { michael@0: SECKEYPQGParams params; michael@0: SECItem publicValue; michael@0: }; michael@0: typedef struct SECKEYDSAPublicKeyStr SECKEYDSAPublicKey; michael@0: michael@0: michael@0: /* michael@0: ** Diffie-Hellman Public Key structure michael@0: ** Structure member names suggested by PKCS#3. michael@0: */ michael@0: struct SECKEYDHParamsStr { michael@0: PLArenaPool * arena; michael@0: SECItem prime; /* p */ michael@0: SECItem base; /* g */ michael@0: }; michael@0: typedef struct SECKEYDHParamsStr SECKEYDHParams; michael@0: michael@0: struct SECKEYDHPublicKeyStr { michael@0: PLArenaPool * arena; michael@0: SECItem prime; michael@0: SECItem base; michael@0: SECItem publicValue; michael@0: }; michael@0: typedef struct SECKEYDHPublicKeyStr SECKEYDHPublicKey; michael@0: michael@0: /* michael@0: ** Elliptic curve Public Key structure michael@0: ** The PKCS#11 layer needs DER encoding of ANSI X9.62 michael@0: ** parameters value michael@0: */ michael@0: typedef SECItem SECKEYECParams; michael@0: michael@0: struct SECKEYECPublicKeyStr { michael@0: SECKEYECParams DEREncodedParams; michael@0: int size; /* size in bits */ michael@0: SECItem publicValue; /* encoded point */ michael@0: /* XXX Even though the PKCS#11 interface takes encoded parameters, michael@0: * we may still wish to decode them above PKCS#11 for things like michael@0: * printing key information. For named curves, which is what michael@0: * we initially support, we ought to have the curve name at the michael@0: * very least. michael@0: */ michael@0: }; michael@0: typedef struct SECKEYECPublicKeyStr SECKEYECPublicKey; michael@0: michael@0: /* michael@0: ** FORTEZZA Public Key structures michael@0: */ michael@0: struct SECKEYFortezzaPublicKeyStr { michael@0: int KEAversion; michael@0: int DSSversion; michael@0: unsigned char KMID[8]; michael@0: SECItem clearance; michael@0: SECItem KEApriviledge; michael@0: SECItem DSSpriviledge; michael@0: SECItem KEAKey; michael@0: SECItem DSSKey; michael@0: SECKEYPQGParams params; michael@0: SECKEYPQGParams keaParams; michael@0: }; michael@0: typedef struct SECKEYFortezzaPublicKeyStr SECKEYFortezzaPublicKey; michael@0: #define KEAprivilege KEApriviledge /* corrected spelling */ michael@0: #define DSSprivilege DSSpriviledge /* corrected spelling */ michael@0: michael@0: struct SECKEYDiffPQGParamsStr { michael@0: SECKEYPQGParams DiffKEAParams; michael@0: SECKEYPQGParams DiffDSAParams; michael@0: }; michael@0: typedef struct SECKEYDiffPQGParamsStr SECKEYDiffPQGParams; michael@0: michael@0: struct SECKEYPQGDualParamsStr { michael@0: SECKEYPQGParams CommParams; michael@0: SECKEYDiffPQGParams DiffParams; michael@0: }; michael@0: typedef struct SECKEYPQGDualParamsStr SECKEYPQGDualParams; michael@0: michael@0: struct SECKEYKEAParamsStr { michael@0: PLArenaPool *arena; michael@0: SECItem hash; michael@0: }; michael@0: typedef struct SECKEYKEAParamsStr SECKEYKEAParams; michael@0: michael@0: struct SECKEYKEAPublicKeyStr { michael@0: SECKEYKEAParams params; michael@0: SECItem publicValue; michael@0: }; michael@0: typedef struct SECKEYKEAPublicKeyStr SECKEYKEAPublicKey; michael@0: michael@0: /* michael@0: ** A Generic public key object. michael@0: */ michael@0: struct SECKEYPublicKeyStr { michael@0: PLArenaPool *arena; michael@0: KeyType keyType; michael@0: PK11SlotInfo *pkcs11Slot; michael@0: CK_OBJECT_HANDLE pkcs11ID; michael@0: union { michael@0: SECKEYRSAPublicKey rsa; michael@0: SECKEYDSAPublicKey dsa; michael@0: SECKEYDHPublicKey dh; michael@0: SECKEYKEAPublicKey kea; michael@0: SECKEYFortezzaPublicKey fortezza; michael@0: SECKEYECPublicKey ec; michael@0: } u; michael@0: }; michael@0: typedef struct SECKEYPublicKeyStr SECKEYPublicKey; michael@0: michael@0: /* bit flag definitions for staticflags */ michael@0: #define SECKEY_Attributes_Cached 0x1 /* bit 0 states michael@0: whether attributes are cached */ michael@0: #define SECKEY_CKA_PRIVATE (1U << 1) /* bit 1 is the value of CKA_PRIVATE */ michael@0: #define SECKEY_CKA_ALWAYS_AUTHENTICATE (1U << 2) michael@0: michael@0: #define SECKEY_ATTRIBUTES_CACHED(key) \ michael@0: (0 != (key->staticflags & SECKEY_Attributes_Cached)) michael@0: michael@0: #define SECKEY_ATTRIBUTE_VALUE(key,attribute) \ michael@0: (0 != (key->staticflags & SECKEY_##attribute)) michael@0: michael@0: #define SECKEY_HAS_ATTRIBUTE_SET(key,attribute) \ michael@0: (0 != (key->staticflags & SECKEY_Attributes_Cached)) ? \ michael@0: (0 != (key->staticflags & SECKEY_##attribute)) : \ michael@0: PK11_HasAttributeSet(key->pkcs11Slot,key->pkcs11ID,attribute, PR_FALSE) michael@0: michael@0: #define SECKEY_HAS_ATTRIBUTE_SET_LOCK(key,attribute, haslock) \ michael@0: (0 != (key->staticflags & SECKEY_Attributes_Cached)) ? \ michael@0: (0 != (key->staticflags & SECKEY_##attribute)) : \ michael@0: PK11_HasAttributeSet(key->pkcs11Slot,key->pkcs11ID,attribute, haslock) michael@0: michael@0: /* michael@0: ** A generic key structure michael@0: */ michael@0: struct SECKEYPrivateKeyStr { michael@0: PLArenaPool *arena; michael@0: KeyType keyType; michael@0: PK11SlotInfo *pkcs11Slot; /* pkcs11 slot this key lives in */ michael@0: CK_OBJECT_HANDLE pkcs11ID; /* ID of pkcs11 object */ michael@0: PRBool pkcs11IsTemp; /* temp pkcs11 object, delete it when done */ michael@0: void *wincx; /* context for errors and pw prompts */ michael@0: PRUint32 staticflags; /* bit flag of cached PKCS#11 attributes */ michael@0: }; michael@0: typedef struct SECKEYPrivateKeyStr SECKEYPrivateKey; michael@0: michael@0: typedef struct { michael@0: PRCList links; michael@0: SECKEYPrivateKey *key; michael@0: } SECKEYPrivateKeyListNode; michael@0: michael@0: typedef struct { michael@0: PRCList list; michael@0: PLArenaPool *arena; michael@0: } SECKEYPrivateKeyList; michael@0: michael@0: typedef struct { michael@0: PRCList links; michael@0: SECKEYPublicKey *key; michael@0: } SECKEYPublicKeyListNode; michael@0: michael@0: typedef struct { michael@0: PRCList list; michael@0: PLArenaPool *arena; michael@0: } SECKEYPublicKeyList; michael@0: #endif /* _KEYTHI_H_ */ michael@0: