1/* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4#ifndef _KEYTHI_H_
5#define _KEYTHI_H_ 1
6
7#include "eccutil.h"
8#include "plarena.h"
9#include "pkcs11t.h"
10#include "secmodt.h"
11#include "prclist.h"
12
13/*
14** RFC 4055 Section 1.2 specifies three different RSA key types.
15**
16** rsaKey maps to keys with SEC_OID_PKCS1_RSA_ENCRYPTION and can be used for
17** both encryption and signatures with old (PKCS #1 v1.5) and new (PKCS #1
18** v2.1) padding schemes.
19**
20** rsaPssKey maps to keys with SEC_OID_PKCS1_RSA_PSS_SIGNATURE and may only
21** be used for signatures with PSS padding (PKCS #1 v2.1).
22**
23** rsaOaepKey maps to keys with SEC_OID_PKCS1_RSA_OAEP_ENCRYPTION and may only
24** be used for encryption with OAEP padding (PKCS #1 v2.1).
25*/
26
27typedef enum {
28 nullKey = 0,
29 rsaKey = 1,
30 dsaKey = 2,
31 fortezzaKey = 3, /* deprecated */
32 dhKey = 4,
33 keaKey = 5, /* deprecated */
34 ecKey = 6,
35 rsaPssKey = 7,
36 rsaOaepKey = 8
37} KeyType;
38
39/*
40** Template Definitions
41**/
42
43SEC_BEGIN_PROTOS
44extern const SEC_ASN1Template SECKEY_RSAPublicKeyTemplate[];
45extern const SEC_ASN1Template SECKEY_RSAPSSParamsTemplate[];
46extern const SEC_ASN1Template SECKEY_DSAPublicKeyTemplate[];
47extern const SEC_ASN1Template SECKEY_DHPublicKeyTemplate[];
48extern const SEC_ASN1Template SECKEY_DHParamKeyTemplate[];
49extern const SEC_ASN1Template SECKEY_PQGParamsTemplate[];
50extern const SEC_ASN1Template SECKEY_DSAPrivateKeyExportTemplate[];
51
52/* Windows DLL accessor functions */
53SEC_ASN1_CHOOSER_DECLARE(SECKEY_DSAPublicKeyTemplate)
54SEC_ASN1_CHOOSER_DECLARE(SECKEY_RSAPublicKeyTemplate)
55SEC_ASN1_CHOOSER_DECLARE(SECKEY_RSAPSSParamsTemplate)
56SEC_END_PROTOS
57
58/*
59** RSA Public Key structures
60** member names from PKCS#1, section 7.1
61*/
62
63struct SECKEYRSAPublicKeyStr {
64 PLArenaPool *arena;
65 SECItem modulus;
66 SECItem publicExponent;
67};
68typedef struct SECKEYRSAPublicKeyStr SECKEYRSAPublicKey;
69
70/*
71** RSA-PSS parameters
72*/
73struct SECKEYRSAPSSParamsStr {
74 SECAlgorithmID *hashAlg;
75 SECAlgorithmID *maskAlg;
76 SECItem saltLength;
77 SECItem trailerField;
78};
79typedef struct SECKEYRSAPSSParamsStr SECKEYRSAPSSParams;
80
81/*
82** DSA Public Key and related structures
83*/
84
85struct SECKEYPQGParamsStr {
86 PLArenaPool *arena;
87 SECItem prime; /* p */
88 SECItem subPrime; /* q */
89 SECItem base; /* g */
90 /* XXX chrisk: this needs to be expanded to hold j and validationParms (RFC2459 7.3.2) */
91};
92typedef struct SECKEYPQGParamsStr SECKEYPQGParams;
93
94struct SECKEYDSAPublicKeyStr {
95 SECKEYPQGParams params;
96 SECItem publicValue;
97};
98typedef struct SECKEYDSAPublicKeyStr SECKEYDSAPublicKey;
99
100/*
101** Diffie-Hellman Public Key structure
102** Structure member names suggested by PKCS#3.
103*/
104struct SECKEYDHParamsStr {
105 PLArenaPool *arena;
106 SECItem prime; /* p */
107 SECItem base; /* g */
108};
109typedef struct SECKEYDHParamsStr SECKEYDHParams;
110
111struct SECKEYDHPublicKeyStr {
112 PLArenaPool *arena;
113 SECItem prime;
114 SECItem base;
115 SECItem publicValue;
116};
117typedef struct SECKEYDHPublicKeyStr SECKEYDHPublicKey;
118
119/*
120** Elliptic curve Public Key structure
121** The PKCS#11 layer needs DER encoding of ANSI X9.62
122** parameters value
123*/
124typedef SECItem SECKEYECParams;
125
126struct SECKEYECPublicKeyStr {
127 SECKEYECParams DEREncodedParams;
128 int size; /* size in bits */
129 SECItem publicValue; /* encoded point */
130 ECPointEncoding encoding; /* deprecated, ignored */
131};
132typedef struct SECKEYECPublicKeyStr SECKEYECPublicKey;
133
134/*
135** FORTEZZA Public Key structures
136*/
137struct SECKEYFortezzaPublicKeyStr {
138 int KEAversion;
139 int DSSversion;
140 unsigned char KMID[8];
141 SECItem clearance;
142 SECItem KEApriviledge;
143 SECItem DSSpriviledge;
144 SECItem KEAKey;
145 SECItem DSSKey;
146 SECKEYPQGParams params;
147 SECKEYPQGParams keaParams;
148};
149typedef struct SECKEYFortezzaPublicKeyStr SECKEYFortezzaPublicKey;
150#define KEAprivilege KEApriviledge /* corrected spelling */
151#define DSSprivilege DSSpriviledge /* corrected spelling */
152
153struct SECKEYDiffPQGParamsStr {
154 SECKEYPQGParams DiffKEAParams;
155 SECKEYPQGParams DiffDSAParams;
156};
157typedef struct SECKEYDiffPQGParamsStr SECKEYDiffPQGParams;
158
159struct SECKEYPQGDualParamsStr {
160 SECKEYPQGParams CommParams;
161 SECKEYDiffPQGParams DiffParams;
162};
163typedef struct SECKEYPQGDualParamsStr SECKEYPQGDualParams;
164
165struct SECKEYKEAParamsStr {
166 PLArenaPool *arena;
167 SECItem hash;
168};
169typedef struct SECKEYKEAParamsStr SECKEYKEAParams;
170
171struct SECKEYKEAPublicKeyStr {
172 SECKEYKEAParams params;
173 SECItem publicValue;
174};
175typedef struct SECKEYKEAPublicKeyStr SECKEYKEAPublicKey;
176
177/*
178** A Generic public key object.
179*/
180struct SECKEYPublicKeyStr {
181 PLArenaPool *arena;
182 KeyType keyType;
183 PK11SlotInfo *pkcs11Slot;
184 CK_OBJECT_HANDLE pkcs11ID;
185 union {
186 SECKEYRSAPublicKey rsa;
187 SECKEYDSAPublicKey dsa;
188 SECKEYDHPublicKey dh;
189 SECKEYKEAPublicKey kea;
190 SECKEYFortezzaPublicKey fortezza;
191 SECKEYECPublicKey ec;
192 } u;
193};
194typedef struct SECKEYPublicKeyStr SECKEYPublicKey;
195
196/* bit flag definitions for staticflags */
197#define SECKEY_Attributes_Cached 0x1 /* bit 0 states \
198 whether attributes are cached */
199#define SECKEY_CKA_PRIVATE (1U << 1) /* bit 1 is the value of CKA_PRIVATE */
200#define SECKEY_CKA_ALWAYS_AUTHENTICATE (1U << 2)
201
202#define SECKEY_ATTRIBUTES_CACHED(key) \
203 (0 != (key->staticflags & SECKEY_Attributes_Cached))
204
205#define SECKEY_ATTRIBUTE_VALUE(key, attribute) \
206 (0 != (key->staticflags & SECKEY_##attribute))
207
208#define SECKEY_HAS_ATTRIBUTE_SET(key, attribute) \
209 (0 != (key->staticflags & SECKEY_Attributes_Cached)) ? (0 != (key->staticflags & SECKEY_##attribute)) : PK11_HasAttributeSet(key->pkcs11Slot, key->pkcs11ID, attribute, PR_FALSE)
210
211#define SECKEY_HAS_ATTRIBUTE_SET_LOCK(key, attribute, haslock) \
212 (0 != (key->staticflags & SECKEY_Attributes_Cached)) ? (0 != (key->staticflags & SECKEY_##attribute)) : pk11_HasAttributeSet_Lock(key->pkcs11Slot, key->pkcs11ID, attribute, haslock)
213
214/*
215** A generic key structure
216*/
217struct SECKEYPrivateKeyStr {
218 PLArenaPool *arena;
219 KeyType keyType;
220 PK11SlotInfo *pkcs11Slot; /* pkcs11 slot this key lives in */
221 CK_OBJECT_HANDLE pkcs11ID; /* ID of pkcs11 object */
222 PRBool pkcs11IsTemp; /* temp pkcs11 object, delete it when done */
223 void *wincx; /* context for errors and pw prompts */
224 PRUint32 staticflags; /* bit flag of cached PKCS#11 attributes */
225};
226typedef struct SECKEYPrivateKeyStr SECKEYPrivateKey;
227
228typedef struct {
229 PRCList links;
230 SECKEYPrivateKey *key;
231} SECKEYPrivateKeyListNode;
232
233typedef struct {
234 PRCList list;
235 PLArenaPool *arena;
236} SECKEYPrivateKeyList;
237
238typedef struct {
239 PRCList links;
240 SECKEYPublicKey *key;
241} SECKEYPublicKeyListNode;
242
243typedef struct {
244 PRCList list;
245 PLArenaPool *arena;
246} SECKEYPublicKeyList;
247#endif /* _KEYTHI_H_ */
248