1 | /* This Source Code Form is subject to the terms of the Mozilla Public |
2 | * License, v. 2.0. If a copy of the MPL was not distributed with this |
3 | * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
4 | #ifndef _KEYTHI_H_ |
5 | #define _KEYTHI_H_ 1 |
6 | |
7 | #include "eccutil.h" |
8 | #include "kyber.h" |
9 | #include "plarena.h" |
10 | #include "pkcs11t.h" |
11 | #include "secmodt.h" |
12 | #include "prclist.h" |
13 | |
14 | /* |
15 | ** RFC 4055 Section 1.2 specifies three different RSA key types. |
16 | ** |
17 | ** rsaKey maps to keys with SEC_OID_PKCS1_RSA_ENCRYPTION and can be used for |
18 | ** both encryption and signatures with old (PKCS #1 v1.5) and new (PKCS #1 |
19 | ** v2.1) padding schemes. |
20 | ** |
21 | ** rsaPssKey maps to keys with SEC_OID_PKCS1_RSA_PSS_SIGNATURE and may only |
22 | ** be used for signatures with PSS padding (PKCS #1 v2.1). |
23 | ** |
24 | ** rsaOaepKey maps to keys with SEC_OID_PKCS1_RSA_OAEP_ENCRYPTION and may only |
25 | ** be used for encryption with OAEP padding (PKCS #1 v2.1). |
26 | */ |
27 | |
28 | typedef enum { |
29 | nullKey = 0, |
30 | rsaKey = 1, |
31 | dsaKey = 2, |
32 | fortezzaKey = 3, /* deprecated */ |
33 | dhKey = 4, |
34 | keaKey = 5, /* deprecated */ |
35 | ecKey = 6, |
36 | rsaPssKey = 7, |
37 | rsaOaepKey = 8, |
38 | kyberKey = 9, |
39 | } KeyType; |
40 | |
41 | /* |
42 | ** Template Definitions |
43 | **/ |
44 | |
45 | SEC_BEGIN_PROTOS |
46 | extern const SEC_ASN1Template SECKEY_RSAPublicKeyTemplate[]; |
47 | extern const SEC_ASN1Template SECKEY_RSAPSSParamsTemplate[]; |
48 | extern const SEC_ASN1Template SECKEY_DSAPublicKeyTemplate[]; |
49 | extern const SEC_ASN1Template SECKEY_DHPublicKeyTemplate[]; |
50 | extern const SEC_ASN1Template SECKEY_DHParamKeyTemplate[]; |
51 | extern const SEC_ASN1Template SECKEY_PQGParamsTemplate[]; |
52 | extern const SEC_ASN1Template SECKEY_DSAPrivateKeyExportTemplate[]; |
53 | |
54 | /* Windows DLL accessor functions */ |
55 | SEC_ASN1_CHOOSER_DECLARE(SECKEY_DSAPublicKeyTemplate) |
56 | SEC_ASN1_CHOOSER_DECLARE(SECKEY_RSAPublicKeyTemplate) |
57 | SEC_ASN1_CHOOSER_DECLARE(SECKEY_RSAPSSParamsTemplate) |
58 | SEC_END_PROTOS |
59 | |
60 | /* |
61 | ** RSA Public Key structures |
62 | ** member names from PKCS#1, section 7.1 |
63 | */ |
64 | |
65 | struct SECKEYRSAPublicKeyStr { |
66 | PLArenaPool *arena; |
67 | SECItem modulus; |
68 | SECItem publicExponent; |
69 | }; |
70 | typedef struct SECKEYRSAPublicKeyStr SECKEYRSAPublicKey; |
71 | |
72 | /* |
73 | ** RSA-PSS parameters |
74 | */ |
75 | struct SECKEYRSAPSSParamsStr { |
76 | SECAlgorithmID *hashAlg; |
77 | SECAlgorithmID *maskAlg; |
78 | SECItem saltLength; |
79 | SECItem trailerField; |
80 | }; |
81 | typedef struct SECKEYRSAPSSParamsStr SECKEYRSAPSSParams; |
82 | |
83 | /* |
84 | ** DSA Public Key and related structures |
85 | */ |
86 | |
87 | struct SECKEYPQGParamsStr { |
88 | PLArenaPool *arena; |
89 | SECItem prime; /* p */ |
90 | SECItem subPrime; /* q */ |
91 | SECItem base; /* g */ |
92 | /* XXX chrisk: this needs to be expanded to hold j and validationParms (RFC2459 7.3.2) */ |
93 | }; |
94 | typedef struct SECKEYPQGParamsStr SECKEYPQGParams; |
95 | |
96 | struct SECKEYDSAPublicKeyStr { |
97 | SECKEYPQGParams params; |
98 | SECItem publicValue; |
99 | }; |
100 | typedef struct SECKEYDSAPublicKeyStr SECKEYDSAPublicKey; |
101 | |
102 | /* |
103 | ** Diffie-Hellman Public Key structure |
104 | ** Structure member names suggested by PKCS#3. |
105 | */ |
106 | struct SECKEYDHParamsStr { |
107 | PLArenaPool *arena; |
108 | SECItem prime; /* p */ |
109 | SECItem base; /* g */ |
110 | }; |
111 | typedef struct SECKEYDHParamsStr SECKEYDHParams; |
112 | |
113 | struct SECKEYDHPublicKeyStr { |
114 | PLArenaPool *arena; |
115 | SECItem prime; |
116 | SECItem base; |
117 | SECItem publicValue; |
118 | }; |
119 | typedef struct SECKEYDHPublicKeyStr SECKEYDHPublicKey; |
120 | |
121 | /* |
122 | ** Elliptic curve Public Key structure |
123 | ** The PKCS#11 layer needs DER encoding of ANSI X9.62 |
124 | ** parameters value |
125 | */ |
126 | typedef SECItem SECKEYECParams; |
127 | |
128 | struct SECKEYECPublicKeyStr { |
129 | SECKEYECParams DEREncodedParams; |
130 | int size; /* size in bits */ |
131 | SECItem publicValue; /* encoded point */ |
132 | ECPointEncoding encoding; /* deprecated, ignored */ |
133 | }; |
134 | typedef struct SECKEYECPublicKeyStr SECKEYECPublicKey; |
135 | |
136 | /* |
137 | ** FORTEZZA Public Key structures |
138 | */ |
139 | struct SECKEYFortezzaPublicKeyStr { |
140 | int KEAversion; |
141 | int DSSversion; |
142 | unsigned char KMID[8]; |
143 | SECItem clearance; |
144 | SECItem KEApriviledge; |
145 | SECItem DSSpriviledge; |
146 | SECItem KEAKey; |
147 | SECItem DSSKey; |
148 | SECKEYPQGParams params; |
149 | SECKEYPQGParams keaParams; |
150 | }; |
151 | typedef struct SECKEYFortezzaPublicKeyStr SECKEYFortezzaPublicKey; |
152 | #define KEAprivilege KEApriviledge /* corrected spelling */ |
153 | #define DSSprivilege DSSpriviledge /* corrected spelling */ |
154 | |
155 | struct SECKEYDiffPQGParamsStr { |
156 | SECKEYPQGParams DiffKEAParams; |
157 | SECKEYPQGParams DiffDSAParams; |
158 | }; |
159 | typedef struct SECKEYDiffPQGParamsStr SECKEYDiffPQGParams; |
160 | |
161 | struct SECKEYPQGDualParamsStr { |
162 | SECKEYPQGParams CommParams; |
163 | SECKEYDiffPQGParams DiffParams; |
164 | }; |
165 | typedef struct SECKEYPQGDualParamsStr SECKEYPQGDualParams; |
166 | |
167 | struct SECKEYKEAParamsStr { |
168 | PLArenaPool *arena; |
169 | SECItem hash; |
170 | }; |
171 | typedef struct SECKEYKEAParamsStr SECKEYKEAParams; |
172 | |
173 | struct SECKEYKEAPublicKeyStr { |
174 | SECKEYKEAParams params; |
175 | SECItem publicValue; |
176 | }; |
177 | typedef struct SECKEYKEAPublicKeyStr SECKEYKEAPublicKey; |
178 | |
179 | /* |
180 | ** Kyber Public Key structure |
181 | */ |
182 | |
183 | struct SECKEYKyberPublicKeyStr { |
184 | KyberParams params; |
185 | SECItem publicValue; |
186 | }; |
187 | typedef struct SECKEYKyberPublicKeyStr SECKEYKyberPublicKey; |
188 | |
189 | /* |
190 | ** A Generic public key object. |
191 | */ |
192 | struct SECKEYPublicKeyStr { |
193 | PLArenaPool *arena; |
194 | KeyType keyType; |
195 | PK11SlotInfo *pkcs11Slot; |
196 | CK_OBJECT_HANDLE pkcs11ID; |
197 | union { |
198 | SECKEYRSAPublicKey rsa; |
199 | SECKEYDSAPublicKey dsa; |
200 | SECKEYDHPublicKey dh; |
201 | SECKEYKEAPublicKey kea; |
202 | SECKEYFortezzaPublicKey fortezza; |
203 | SECKEYECPublicKey ec; |
204 | SECKEYKyberPublicKey kyber; |
205 | } u; |
206 | }; |
207 | typedef struct SECKEYPublicKeyStr SECKEYPublicKey; |
208 | |
209 | /* bit flag definitions for staticflags */ |
210 | #define SECKEY_Attributes_Cached 0x1 /* bit 0 states \ |
211 | whether attributes are cached */ |
212 | #define SECKEY_CKA_PRIVATE (1U << 1) /* bit 1 is the value of CKA_PRIVATE */ |
213 | #define SECKEY_CKA_ALWAYS_AUTHENTICATE (1U << 2) |
214 | |
215 | #define SECKEY_ATTRIBUTES_CACHED(key) \ |
216 | (0 != (key->staticflags & SECKEY_Attributes_Cached)) |
217 | |
218 | #define SECKEY_ATTRIBUTE_VALUE(key, attribute) \ |
219 | (0 != (key->staticflags & SECKEY_##attribute)) |
220 | |
221 | #define SECKEY_HAS_ATTRIBUTE_SET(key, attribute) \ |
222 | (0 != (key->staticflags & SECKEY_Attributes_Cached)) ? (0 != (key->staticflags & SECKEY_##attribute)) : PK11_HasAttributeSet(key->pkcs11Slot, key->pkcs11ID, attribute, PR_FALSE) |
223 | |
224 | #define SECKEY_HAS_ATTRIBUTE_SET_LOCK(key, attribute, haslock) \ |
225 | (0 != (key->staticflags & SECKEY_Attributes_Cached)) ? (0 != (key->staticflags & SECKEY_##attribute)) : pk11_HasAttributeSet_Lock(key->pkcs11Slot, key->pkcs11ID, attribute, haslock) |
226 | |
227 | /* |
228 | ** A generic key structure |
229 | */ |
230 | struct SECKEYPrivateKeyStr { |
231 | PLArenaPool *arena; |
232 | KeyType keyType; |
233 | PK11SlotInfo *pkcs11Slot; /* pkcs11 slot this key lives in */ |
234 | CK_OBJECT_HANDLE pkcs11ID; /* ID of pkcs11 object */ |
235 | PRBool pkcs11IsTemp; /* temp pkcs11 object, delete it when done */ |
236 | void *wincx; /* context for errors and pw prompts */ |
237 | PRUint32 staticflags; /* bit flag of cached PKCS#11 attributes */ |
238 | }; |
239 | typedef struct SECKEYPrivateKeyStr SECKEYPrivateKey; |
240 | |
241 | typedef struct { |
242 | PRCList links; |
243 | SECKEYPrivateKey *key; |
244 | } SECKEYPrivateKeyListNode; |
245 | |
246 | typedef struct { |
247 | PRCList list; |
248 | PLArenaPool *arena; |
249 | } SECKEYPrivateKeyList; |
250 | |
251 | typedef struct { |
252 | PRCList links; |
253 | SECKEYPublicKey *key; |
254 | } SECKEYPublicKeyListNode; |
255 | |
256 | typedef struct { |
257 | PRCList list; |
258 | PLArenaPool *arena; |
259 | } SECKEYPublicKeyList; |
260 | #endif /* _KEYTHI_H_ */ |
261 | |