1/* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4#ifndef _KEYTHI_H_
5#define _KEYTHI_H_ 1
6
7#include "eccutil.h"
8#include "kyber.h"
9#include "plarena.h"
10#include "pkcs11t.h"
11#include "secmodt.h"
12#include "prclist.h"
13
14/*
15** RFC 4055 Section 1.2 specifies three different RSA key types.
16**
17** rsaKey maps to keys with SEC_OID_PKCS1_RSA_ENCRYPTION and can be used for
18** both encryption and signatures with old (PKCS #1 v1.5) and new (PKCS #1
19** v2.1) padding schemes.
20**
21** rsaPssKey maps to keys with SEC_OID_PKCS1_RSA_PSS_SIGNATURE and may only
22** be used for signatures with PSS padding (PKCS #1 v2.1).
23**
24** rsaOaepKey maps to keys with SEC_OID_PKCS1_RSA_OAEP_ENCRYPTION and may only
25** be used for encryption with OAEP padding (PKCS #1 v2.1).
26*/
27
28typedef enum {
29 nullKey = 0,
30 rsaKey = 1,
31 dsaKey = 2,
32 fortezzaKey = 3, /* deprecated */
33 dhKey = 4,
34 keaKey = 5, /* deprecated */
35 ecKey = 6,
36 rsaPssKey = 7,
37 rsaOaepKey = 8,
38 kyberKey = 9,
39} KeyType;
40
41/*
42** Template Definitions
43**/
44
45SEC_BEGIN_PROTOS
46extern const SEC_ASN1Template SECKEY_RSAPublicKeyTemplate[];
47extern const SEC_ASN1Template SECKEY_RSAPSSParamsTemplate[];
48extern const SEC_ASN1Template SECKEY_DSAPublicKeyTemplate[];
49extern const SEC_ASN1Template SECKEY_DHPublicKeyTemplate[];
50extern const SEC_ASN1Template SECKEY_DHParamKeyTemplate[];
51extern const SEC_ASN1Template SECKEY_PQGParamsTemplate[];
52extern const SEC_ASN1Template SECKEY_DSAPrivateKeyExportTemplate[];
53
54/* Windows DLL accessor functions */
55SEC_ASN1_CHOOSER_DECLARE(SECKEY_DSAPublicKeyTemplate)
56SEC_ASN1_CHOOSER_DECLARE(SECKEY_RSAPublicKeyTemplate)
57SEC_ASN1_CHOOSER_DECLARE(SECKEY_RSAPSSParamsTemplate)
58SEC_END_PROTOS
59
60/*
61** RSA Public Key structures
62** member names from PKCS#1, section 7.1
63*/
64
65struct SECKEYRSAPublicKeyStr {
66 PLArenaPool *arena;
67 SECItem modulus;
68 SECItem publicExponent;
69};
70typedef struct SECKEYRSAPublicKeyStr SECKEYRSAPublicKey;
71
72/*
73** RSA-PSS parameters
74*/
75struct SECKEYRSAPSSParamsStr {
76 SECAlgorithmID *hashAlg;
77 SECAlgorithmID *maskAlg;
78 SECItem saltLength;
79 SECItem trailerField;
80};
81typedef struct SECKEYRSAPSSParamsStr SECKEYRSAPSSParams;
82
83/*
84** DSA Public Key and related structures
85*/
86
87struct SECKEYPQGParamsStr {
88 PLArenaPool *arena;
89 SECItem prime; /* p */
90 SECItem subPrime; /* q */
91 SECItem base; /* g */
92 /* XXX chrisk: this needs to be expanded to hold j and validationParms (RFC2459 7.3.2) */
93};
94typedef struct SECKEYPQGParamsStr SECKEYPQGParams;
95
96struct SECKEYDSAPublicKeyStr {
97 SECKEYPQGParams params;
98 SECItem publicValue;
99};
100typedef struct SECKEYDSAPublicKeyStr SECKEYDSAPublicKey;
101
102/*
103** Diffie-Hellman Public Key structure
104** Structure member names suggested by PKCS#3.
105*/
106struct SECKEYDHParamsStr {
107 PLArenaPool *arena;
108 SECItem prime; /* p */
109 SECItem base; /* g */
110};
111typedef struct SECKEYDHParamsStr SECKEYDHParams;
112
113struct SECKEYDHPublicKeyStr {
114 PLArenaPool *arena;
115 SECItem prime;
116 SECItem base;
117 SECItem publicValue;
118};
119typedef struct SECKEYDHPublicKeyStr SECKEYDHPublicKey;
120
121/*
122** Elliptic curve Public Key structure
123** The PKCS#11 layer needs DER encoding of ANSI X9.62
124** parameters value
125*/
126typedef SECItem SECKEYECParams;
127
128struct SECKEYECPublicKeyStr {
129 SECKEYECParams DEREncodedParams;
130 int size; /* size in bits */
131 SECItem publicValue; /* encoded point */
132 ECPointEncoding encoding; /* deprecated, ignored */
133};
134typedef struct SECKEYECPublicKeyStr SECKEYECPublicKey;
135
136/*
137** FORTEZZA Public Key structures
138*/
139struct SECKEYFortezzaPublicKeyStr {
140 int KEAversion;
141 int DSSversion;
142 unsigned char KMID[8];
143 SECItem clearance;
144 SECItem KEApriviledge;
145 SECItem DSSpriviledge;
146 SECItem KEAKey;
147 SECItem DSSKey;
148 SECKEYPQGParams params;
149 SECKEYPQGParams keaParams;
150};
151typedef struct SECKEYFortezzaPublicKeyStr SECKEYFortezzaPublicKey;
152#define KEAprivilege KEApriviledge /* corrected spelling */
153#define DSSprivilege DSSpriviledge /* corrected spelling */
154
155struct SECKEYDiffPQGParamsStr {
156 SECKEYPQGParams DiffKEAParams;
157 SECKEYPQGParams DiffDSAParams;
158};
159typedef struct SECKEYDiffPQGParamsStr SECKEYDiffPQGParams;
160
161struct SECKEYPQGDualParamsStr {
162 SECKEYPQGParams CommParams;
163 SECKEYDiffPQGParams DiffParams;
164};
165typedef struct SECKEYPQGDualParamsStr SECKEYPQGDualParams;
166
167struct SECKEYKEAParamsStr {
168 PLArenaPool *arena;
169 SECItem hash;
170};
171typedef struct SECKEYKEAParamsStr SECKEYKEAParams;
172
173struct SECKEYKEAPublicKeyStr {
174 SECKEYKEAParams params;
175 SECItem publicValue;
176};
177typedef struct SECKEYKEAPublicKeyStr SECKEYKEAPublicKey;
178
179/*
180** Kyber Public Key structure
181*/
182
183struct SECKEYKyberPublicKeyStr {
184 KyberParams params;
185 SECItem publicValue;
186};
187typedef struct SECKEYKyberPublicKeyStr SECKEYKyberPublicKey;
188
189/*
190** A Generic public key object.
191*/
192struct SECKEYPublicKeyStr {
193 PLArenaPool *arena;
194 KeyType keyType;
195 PK11SlotInfo *pkcs11Slot;
196 CK_OBJECT_HANDLE pkcs11ID;
197 union {
198 SECKEYRSAPublicKey rsa;
199 SECKEYDSAPublicKey dsa;
200 SECKEYDHPublicKey dh;
201 SECKEYKEAPublicKey kea;
202 SECKEYFortezzaPublicKey fortezza;
203 SECKEYECPublicKey ec;
204 SECKEYKyberPublicKey kyber;
205 } u;
206};
207typedef struct SECKEYPublicKeyStr SECKEYPublicKey;
208
209/* bit flag definitions for staticflags */
210#define SECKEY_Attributes_Cached 0x1 /* bit 0 states \
211 whether attributes are cached */
212#define SECKEY_CKA_PRIVATE (1U << 1) /* bit 1 is the value of CKA_PRIVATE */
213#define SECKEY_CKA_ALWAYS_AUTHENTICATE (1U << 2)
214
215#define SECKEY_ATTRIBUTES_CACHED(key) \
216 (0 != (key->staticflags & SECKEY_Attributes_Cached))
217
218#define SECKEY_ATTRIBUTE_VALUE(key, attribute) \
219 (0 != (key->staticflags & SECKEY_##attribute))
220
221#define SECKEY_HAS_ATTRIBUTE_SET(key, attribute) \
222 (0 != (key->staticflags & SECKEY_Attributes_Cached)) ? (0 != (key->staticflags & SECKEY_##attribute)) : PK11_HasAttributeSet(key->pkcs11Slot, key->pkcs11ID, attribute, PR_FALSE)
223
224#define SECKEY_HAS_ATTRIBUTE_SET_LOCK(key, attribute, haslock) \
225 (0 != (key->staticflags & SECKEY_Attributes_Cached)) ? (0 != (key->staticflags & SECKEY_##attribute)) : pk11_HasAttributeSet_Lock(key->pkcs11Slot, key->pkcs11ID, attribute, haslock)
226
227/*
228** A generic key structure
229*/
230struct SECKEYPrivateKeyStr {
231 PLArenaPool *arena;
232 KeyType keyType;
233 PK11SlotInfo *pkcs11Slot; /* pkcs11 slot this key lives in */
234 CK_OBJECT_HANDLE pkcs11ID; /* ID of pkcs11 object */
235 PRBool pkcs11IsTemp; /* temp pkcs11 object, delete it when done */
236 void *wincx; /* context for errors and pw prompts */
237 PRUint32 staticflags; /* bit flag of cached PKCS#11 attributes */
238};
239typedef struct SECKEYPrivateKeyStr SECKEYPrivateKey;
240
241typedef struct {
242 PRCList links;
243 SECKEYPrivateKey *key;
244} SECKEYPrivateKeyListNode;
245
246typedef struct {
247 PRCList list;
248 PLArenaPool *arena;
249} SECKEYPrivateKeyList;
250
251typedef struct {
252 PRCList links;
253 SECKEYPublicKey *key;
254} SECKEYPublicKeyListNode;
255
256typedef struct {
257 PRCList list;
258 PLArenaPool *arena;
259} SECKEYPublicKeyList;
260#endif /* _KEYTHI_H_ */
261

source code of include/nss/keythi.h