1/* 2 * Copyright (c) 2003-2006,2008,2010-2012 Apple Inc. All Rights Reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. Please obtain a copy of the License at 10 * http://www.opensource.apple.com/apsl/ and read it before using this 11 * file. 12 * 13 * The Original Code and all software distributed under the License are 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 * Please see the License for the specific language governing rights and 19 * limitations under the License. 20 * 21 * @APPLE_LICENSE_HEADER_END@ 22 * 23 * keyTemplate.h - ASN1 templates for asymmetric keys and related 24 * structs. 25 */ 26 27#ifndef _NSS_KEY_TEMPLATES_H_ 28#define _NSS_KEY_TEMPLATES_H_ 29 30#include <Security/SecAsn1Types.h> 31 32/* 33 * Arrays of SecAsn1Templates are always associated with a specific 34 * C struct. We attempt to use C structs which are defined in CDSA 35 * if at all possible; these always start with the CSSM_ prefix. 36 * Otherwise we define the struct here, with an NSS_ prefix. 37 * In either case, the name of the C struct is listed in comments 38 * along with the extern declaration of the SecAsn1Template array. 39 */ 40 41#ifdef __cplusplus 42extern "C" { 43#endif 44 45/* 46 * ASN class : AlgorithmIdentifier 47 * C struct : SecAsn1AlgId 48 */ 49extern const SecAsn1Template kSecAsn1AlgorithmIDTemplate[]; 50 51/* 52 * ASN class : SubjectPublicKeyInfo 53 * C struct : SecAsn1PubKeyInfo 54 */ 55extern const SecAsn1Template kSecAsn1SubjectPublicKeyInfoTemplate[]; 56 57/* 58 * ASN class : Attribute 59 * C struct : NSS_Attribute 60 */ 61typedef struct { 62 SecAsn1Oid attrType; 63 SecAsn1Item **attrValue; 64} NSS_Attribute; 65 66extern const SecAsn1Template kSecAsn1AttributeTemplate[]; 67extern const SecAsn1Template kSecAsn1SetOfAttributeTemplate[]; 68 69/* 70 * PKCS8 private key info 71 * ASN class : PrivateKeyInfo 72 * C struct : NSS_PrivateKeyInfo 73 */ 74typedef struct { 75 SecAsn1Item version; 76 SecAsn1AlgId algorithm; 77 SecAsn1Item privateKey; 78 NSS_Attribute **attributes; 79} NSS_PrivateKeyInfo; 80 81extern const SecAsn1Template kSecAsn1PrivateKeyInfoTemplate[]; 82 83/* 84 * PKCS8 Encrypted Private Key Info 85 * ASN class : EncryptedPrivateKeyInfo 86 * C struct : NSS_EncryptedPrivateKeyInfo 87 * 88 * The decrypted encryptedData field is a DER-encoded 89 * NSS_PrivateKeyInfo. 90 */ 91typedef struct { 92 SecAsn1AlgId algorithm; 93 SecAsn1Item encryptedData; 94} NSS_EncryptedPrivateKeyInfo; 95 96extern const SecAsn1Template kSecAsn1EncryptedPrivateKeyInfoTemplate[]; 97 98/* 99 * ASN class : DigestInfo 100 * C struct : NSS_DigestInfo 101 */ 102typedef struct { 103 SecAsn1AlgId digestAlgorithm; 104 SecAsn1Item digest; 105} NSS_DigestInfo; 106 107extern const SecAsn1Template kSecAsn1DigestInfoTemplate[]; 108 109/* 110 * Key structs and templates, placed here due to their ubiquitous use. 111 */ 112 113// MARK: *** RSA *** 114 115/* 116 * RSA public key, PKCS1 format 117 * 118 * ASN class : RSAPublicKey 119 * C struct : NSS_RSAPublicKeyPKCS1 120 */ 121typedef struct { 122 SecAsn1Item modulus; 123 SecAsn1Item publicExponent; 124} NSS_RSAPublicKeyPKCS1; 125 126extern const SecAsn1Template kSecAsn1RSAPublicKeyPKCS1Template[]; 127 128/* 129 * RSA public key, X509 format: NSS_SubjectPublicKeyInfoTemplate 130 */ 131 132/* 133 * RSA private key, PKCS1 format, used by openssl 134 * 135 * ASN class : RSAPrivateKey 136 * C struct : NSS_RSAPrivateKeyPKCS1 137 */ 138typedef struct { 139 SecAsn1Item version; 140 SecAsn1Item modulus; 141 SecAsn1Item publicExponent; 142 SecAsn1Item privateExponent; 143 SecAsn1Item prime1; 144 SecAsn1Item prime2; 145 SecAsn1Item exponent1; 146 SecAsn1Item exponent2; 147 SecAsn1Item coefficient; 148} NSS_RSAPrivateKeyPKCS1; 149 150extern const SecAsn1Template kSecAsn1RSAPrivateKeyPKCS1Template[]; 151 152/* 153 * RSA private key, PKCS8 format: NSS_PrivateKeyInfo; the privateKey 154 * value is a DER-encoded NSS_RSAPrivateKeyPKCS1. 155 */ 156 157// MARK: *** Diffie-Hellman *** 158 159/*** from PKCS3 ***/ 160 161/* 162 * ASN class : DHParameter 163 * C struct : NSS_DHParameter 164 */ 165typedef struct { 166 SecAsn1Item prime; 167 SecAsn1Item base; 168 SecAsn1Item privateValueLength; // optional 169} NSS_DHParameter; 170 171extern const SecAsn1Template kSecAsn1DHParameterTemplate[]; 172 173/* 174 * ASN class : DHParameterBlock 175 * C struct : NSS_DHParameterBlock 176 */ 177typedef struct { 178 SecAsn1Oid oid; // CSSMOID_PKCS3 179 NSS_DHParameter params; 180} NSS_DHParameterBlock; 181 182extern const SecAsn1Template kSecAsn1DHParameterBlockTemplate[]; 183 184/* 185 * ASN class : DHPrivateKey 186 * C struct : NSS_DHPrivateKey 187 */ 188typedef struct { 189 SecAsn1Oid dhOid; // CSSMOID_DH 190 NSS_DHParameter params; 191 SecAsn1Item secretPart; 192} NSS_DHPrivateKey; 193 194extern const SecAsn1Template kSecAsn1DHPrivateKeyTemplate[]; 195 196/* 197 * ANSI X9.42 style Diffie-Hellman keys. 198 * 199 * DomainParameters ::= SEQUENCE { -- Galois field group parameters 200 * p INTEGER, -- odd prime, p = jq + 1 201 * g INTEGER, -- generator, g ^ q = 1 mod p 202 * q INTEGER, -- prime factor of p-1 203 * j INTEGER OPTIONAL, -- cofactor, j >= 2 204 * -- required for cofactor method 205 * valParms ValidationParms OPTIONAL 206 * } 207 * 208 * ValidationParms ::= SEQUENCE { 209 * seed BIT STRING, -- seed for prime number generation 210 * pGenCounter INTEGER -- parameter verification 211 * } 212 */ 213typedef struct { 214 SecAsn1Item seed; // BIT STRING, length in bits 215 SecAsn1Item pGenCounter; 216} NSS_DHValidationParams; 217 218typedef struct { 219 SecAsn1Item p; 220 SecAsn1Item g; 221 SecAsn1Item q; 222 SecAsn1Item j; // OPTIONAL 223 NSS_DHValidationParams *valParams; // OPTIONAL 224} NSS_DHDomainParamsX942; 225 226/* Custom X9.42 D-H AlgorithmIdentifier */ 227typedef struct { 228 SecAsn1Oid oid; // CSSMOID_ANSI_DH_PUB_NUMBER 229 NSS_DHDomainParamsX942 params; 230} NSS_DHAlgorithmIdentifierX942; 231 232extern const SecAsn1Template kSecAsn1DHValidationParamsTemplate[]; 233extern const SecAsn1Template kSecAsn1DHDomainParamsX942Template[]; 234extern const SecAsn1Template kSecAsn1DHAlgorithmIdentifierX942Template[]; 235 236/* PKCS8 form of D-H private key using X9.42 domain parameters */ 237typedef struct { 238 SecAsn1Item version; 239 NSS_DHAlgorithmIdentifierX942 algorithm; 240 /* octet string containing DER-encoded integer */ 241 SecAsn1Item privateKey; 242 NSS_Attribute **attributes; // OPTIONAL 243} NSS_DHPrivateKeyPKCS8; 244 245/* X509 form of D-H public key using X9.42 domain parameters */ 246typedef struct { 247 NSS_DHAlgorithmIdentifierX942 algorithm; 248 /* bit string containing DER-encoded integer representing 249 * raw public key */ 250 SecAsn1Item publicKey; // length in BITS 251} NSS_DHPublicKeyX509; 252 253extern const SecAsn1Template kSecAsn1DHPrivateKeyPKCS8Template[]; 254extern const SecAsn1Template kSecAsn1DHPublicKeyX509Template[]; 255 256// MARK: *** ECDSA *** 257 258/* 259 * ECDSA Private key as defined in section C.4 of Certicom SEC1. 260 * The DER encoding of this is placed in the privateKey field 261 * of a NSS_PrivateKeyInfo. 262 */ 263typedef struct { 264 SecAsn1Item version; 265 SecAsn1Item privateKey; 266 SecAsn1Item params; /* optional, ANY */ 267 SecAsn1Item pubKey; /* BITSTRING, optional */ 268} NSS_ECDSA_PrivateKey; 269 270extern const SecAsn1Template kSecAsn1ECDSAPrivateKeyInfoTemplate[]; 271 272#ifdef __cplusplus 273} 274#endif 275 276#endif /* _NSS_RSA_KEY_TEMPLATES_H_ */ 277