andre@0: /* This Source Code Form is subject to the terms of the Mozilla Public andre@0: * License, v. 2.0. If a copy of the MPL was not distributed with this andre@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ andre@0: #ifndef _KEYTHI_H_ andre@0: #define _KEYTHI_H_ 1 andre@0: andre@0: #include "plarena.h" andre@0: #include "pkcs11t.h" andre@0: #include "secmodt.h" andre@0: #include "prclist.h" andre@0: andre@0: /* andre@0: ** RFC 4055 Section 1.2 specifies three different RSA key types. andre@0: ** andre@0: ** rsaKey maps to keys with SEC_OID_PKCS1_RSA_ENCRYPTION and can be used for andre@0: ** both encryption and signatures with old (PKCS #1 v1.5) and new (PKCS #1 andre@0: ** v2.1) padding schemes. andre@0: ** andre@0: ** rsaPssKey maps to keys with SEC_OID_PKCS1_RSA_PSS_SIGNATURE and may only andre@0: ** be used for signatures with PSS padding (PKCS #1 v2.1). andre@0: ** andre@0: ** rsaOaepKey maps to keys with SEC_OID_PKCS1_RSA_OAEP_ENCRYPTION and may only andre@0: ** be used for encryption with OAEP padding (PKCS #1 v2.1). andre@0: */ andre@0: andre@0: typedef enum { andre@0: nullKey = 0, andre@0: rsaKey = 1, andre@0: dsaKey = 2, andre@0: fortezzaKey = 3, /* deprecated */ andre@0: dhKey = 4, andre@0: keaKey = 5, /* deprecated */ andre@0: ecKey = 6, andre@0: rsaPssKey = 7, andre@0: rsaOaepKey = 8 andre@0: } KeyType; andre@0: andre@0: /* andre@0: ** Template Definitions andre@0: **/ andre@0: andre@0: SEC_BEGIN_PROTOS andre@0: extern const SEC_ASN1Template SECKEY_RSAPublicKeyTemplate[]; andre@0: extern const SEC_ASN1Template SECKEY_RSAPSSParamsTemplate[]; andre@0: extern const SEC_ASN1Template SECKEY_DSAPublicKeyTemplate[]; andre@0: extern const SEC_ASN1Template SECKEY_DHPublicKeyTemplate[]; andre@0: extern const SEC_ASN1Template SECKEY_DHParamKeyTemplate[]; andre@0: extern const SEC_ASN1Template SECKEY_PQGParamsTemplate[]; andre@0: extern const SEC_ASN1Template SECKEY_DSAPrivateKeyExportTemplate[]; andre@0: andre@0: /* Windows DLL accessor functions */ andre@0: SEC_ASN1_CHOOSER_DECLARE(SECKEY_DSAPublicKeyTemplate) andre@0: SEC_ASN1_CHOOSER_DECLARE(SECKEY_RSAPublicKeyTemplate) andre@0: SEC_ASN1_CHOOSER_DECLARE(SECKEY_RSAPSSParamsTemplate) andre@0: SEC_END_PROTOS andre@0: andre@0: andre@0: /* andre@0: ** RSA Public Key structures andre@0: ** member names from PKCS#1, section 7.1 andre@0: */ andre@0: andre@0: struct SECKEYRSAPublicKeyStr { andre@0: PLArenaPool * arena; andre@0: SECItem modulus; andre@0: SECItem publicExponent; andre@0: }; andre@0: typedef struct SECKEYRSAPublicKeyStr SECKEYRSAPublicKey; andre@0: andre@0: /* andre@0: ** RSA-PSS parameters andre@0: */ andre@0: struct SECKEYRSAPSSParamsStr { andre@0: SECAlgorithmID *hashAlg; andre@0: SECAlgorithmID *maskAlg; andre@0: SECItem saltLength; andre@0: SECItem trailerField; andre@0: }; andre@0: typedef struct SECKEYRSAPSSParamsStr SECKEYRSAPSSParams; andre@0: andre@0: /* andre@0: ** DSA Public Key and related structures andre@0: */ andre@0: andre@0: struct SECKEYPQGParamsStr { andre@0: PLArenaPool *arena; andre@0: SECItem prime; /* p */ andre@0: SECItem subPrime; /* q */ andre@0: SECItem base; /* g */ andre@0: /* XXX chrisk: this needs to be expanded to hold j and validationParms (RFC2459 7.3.2) */ andre@0: }; andre@0: typedef struct SECKEYPQGParamsStr SECKEYPQGParams; andre@0: andre@0: struct SECKEYDSAPublicKeyStr { andre@0: SECKEYPQGParams params; andre@0: SECItem publicValue; andre@0: }; andre@0: typedef struct SECKEYDSAPublicKeyStr SECKEYDSAPublicKey; andre@0: andre@0: andre@0: /* andre@0: ** Diffie-Hellman Public Key structure andre@0: ** Structure member names suggested by PKCS#3. andre@0: */ andre@0: struct SECKEYDHParamsStr { andre@0: PLArenaPool * arena; andre@0: SECItem prime; /* p */ andre@0: SECItem base; /* g */ andre@0: }; andre@0: typedef struct SECKEYDHParamsStr SECKEYDHParams; andre@0: andre@0: struct SECKEYDHPublicKeyStr { andre@0: PLArenaPool * arena; andre@0: SECItem prime; andre@0: SECItem base; andre@0: SECItem publicValue; andre@0: }; andre@0: typedef struct SECKEYDHPublicKeyStr SECKEYDHPublicKey; andre@0: andre@0: /* andre@0: ** Elliptic curve Public Key structure andre@0: ** The PKCS#11 layer needs DER encoding of ANSI X9.62 andre@0: ** parameters value andre@0: */ andre@0: typedef SECItem SECKEYECParams; andre@0: andre@0: struct SECKEYECPublicKeyStr { andre@0: SECKEYECParams DEREncodedParams; andre@0: int size; /* size in bits */ andre@0: SECItem publicValue; /* encoded point */ andre@0: /* XXX Even though the PKCS#11 interface takes encoded parameters, andre@0: * we may still wish to decode them above PKCS#11 for things like andre@0: * printing key information. For named curves, which is what andre@0: * we initially support, we ought to have the curve name at the andre@0: * very least. andre@0: */ andre@0: }; andre@0: typedef struct SECKEYECPublicKeyStr SECKEYECPublicKey; andre@0: andre@0: /* andre@0: ** FORTEZZA Public Key structures andre@0: */ andre@0: struct SECKEYFortezzaPublicKeyStr { andre@0: int KEAversion; andre@0: int DSSversion; andre@0: unsigned char KMID[8]; andre@0: SECItem clearance; andre@0: SECItem KEApriviledge; andre@0: SECItem DSSpriviledge; andre@0: SECItem KEAKey; andre@0: SECItem DSSKey; andre@0: SECKEYPQGParams params; andre@0: SECKEYPQGParams keaParams; andre@0: }; andre@0: typedef struct SECKEYFortezzaPublicKeyStr SECKEYFortezzaPublicKey; andre@0: #define KEAprivilege KEApriviledge /* corrected spelling */ andre@0: #define DSSprivilege DSSpriviledge /* corrected spelling */ andre@0: andre@0: struct SECKEYDiffPQGParamsStr { andre@0: SECKEYPQGParams DiffKEAParams; andre@0: SECKEYPQGParams DiffDSAParams; andre@0: }; andre@0: typedef struct SECKEYDiffPQGParamsStr SECKEYDiffPQGParams; andre@0: andre@0: struct SECKEYPQGDualParamsStr { andre@0: SECKEYPQGParams CommParams; andre@0: SECKEYDiffPQGParams DiffParams; andre@0: }; andre@0: typedef struct SECKEYPQGDualParamsStr SECKEYPQGDualParams; andre@0: andre@0: struct SECKEYKEAParamsStr { andre@0: PLArenaPool *arena; andre@0: SECItem hash; andre@0: }; andre@0: typedef struct SECKEYKEAParamsStr SECKEYKEAParams; andre@0: andre@0: struct SECKEYKEAPublicKeyStr { andre@0: SECKEYKEAParams params; andre@0: SECItem publicValue; andre@0: }; andre@0: typedef struct SECKEYKEAPublicKeyStr SECKEYKEAPublicKey; andre@0: andre@0: /* andre@0: ** A Generic public key object. andre@0: */ andre@0: struct SECKEYPublicKeyStr { andre@0: PLArenaPool *arena; andre@0: KeyType keyType; andre@0: PK11SlotInfo *pkcs11Slot; andre@0: CK_OBJECT_HANDLE pkcs11ID; andre@0: union { andre@0: SECKEYRSAPublicKey rsa; andre@0: SECKEYDSAPublicKey dsa; andre@0: SECKEYDHPublicKey dh; andre@0: SECKEYKEAPublicKey kea; andre@0: SECKEYFortezzaPublicKey fortezza; andre@0: SECKEYECPublicKey ec; andre@0: } u; andre@0: }; andre@0: typedef struct SECKEYPublicKeyStr SECKEYPublicKey; andre@0: andre@0: /* bit flag definitions for staticflags */ andre@0: #define SECKEY_Attributes_Cached 0x1 /* bit 0 states andre@0: whether attributes are cached */ andre@0: #define SECKEY_CKA_PRIVATE (1U << 1) /* bit 1 is the value of CKA_PRIVATE */ andre@0: #define SECKEY_CKA_ALWAYS_AUTHENTICATE (1U << 2) andre@0: andre@0: #define SECKEY_ATTRIBUTES_CACHED(key) \ andre@0: (0 != (key->staticflags & SECKEY_Attributes_Cached)) andre@0: andre@0: #define SECKEY_ATTRIBUTE_VALUE(key,attribute) \ andre@0: (0 != (key->staticflags & SECKEY_##attribute)) andre@0: andre@0: #define SECKEY_HAS_ATTRIBUTE_SET(key,attribute) \ andre@0: (0 != (key->staticflags & SECKEY_Attributes_Cached)) ? \ andre@0: (0 != (key->staticflags & SECKEY_##attribute)) : \ andre@0: PK11_HasAttributeSet(key->pkcs11Slot,key->pkcs11ID,attribute, PR_FALSE) andre@0: andre@0: #define SECKEY_HAS_ATTRIBUTE_SET_LOCK(key,attribute, haslock) \ andre@0: (0 != (key->staticflags & SECKEY_Attributes_Cached)) ? \ andre@0: (0 != (key->staticflags & SECKEY_##attribute)) : \ andre@0: PK11_HasAttributeSet(key->pkcs11Slot,key->pkcs11ID,attribute, haslock) andre@0: andre@0: /* andre@0: ** A generic key structure andre@0: */ andre@0: struct SECKEYPrivateKeyStr { andre@0: PLArenaPool *arena; andre@0: KeyType keyType; andre@0: PK11SlotInfo *pkcs11Slot; /* pkcs11 slot this key lives in */ andre@0: CK_OBJECT_HANDLE pkcs11ID; /* ID of pkcs11 object */ andre@0: PRBool pkcs11IsTemp; /* temp pkcs11 object, delete it when done */ andre@0: void *wincx; /* context for errors and pw prompts */ andre@0: PRUint32 staticflags; /* bit flag of cached PKCS#11 attributes */ andre@0: }; andre@0: typedef struct SECKEYPrivateKeyStr SECKEYPrivateKey; andre@0: andre@0: typedef struct { andre@0: PRCList links; andre@0: SECKEYPrivateKey *key; andre@0: } SECKEYPrivateKeyListNode; andre@0: andre@0: typedef struct { andre@0: PRCList list; andre@0: PLArenaPool *arena; andre@0: } SECKEYPrivateKeyList; andre@0: andre@0: typedef struct { andre@0: PRCList links; andre@0: SECKEYPublicKey *key; andre@0: } SECKEYPublicKeyListNode; andre@0: andre@0: typedef struct { andre@0: PRCList list; andre@0: PLArenaPool *arena; andre@0: } SECKEYPublicKeyList; andre@0: #endif /* _KEYTHI_H_ */ andre@0: