1/*
2 * Copyright (c) 2000-2001,2011,2013-2014 Apple Inc. All Rights Reserved.
3 *
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
8 * using this file.
9 *
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
16 */
17
18
19/*
20 * RSA_DSA_keys.h - key pair support for RSA/DSA
21 */
22
23#ifndef	_RSA_DSA_KEYS_H_
24#define _RSA_DSA_KEYS_H_
25
26#include <AppleCSPContext.h>
27#include <AppleCSPSession.h>
28#include <RSA_DSA_csp.h>
29#include "AppleCSPKeys.h"
30#include <Security/osKeyTemplates.h>
31#include <openssl/rsa.h>
32#include <openssl/dsa.h>
33#include <security_cdsa_utilities/context.h>
34#include <security_asn1/SecNssCoder.h>
35
36#define RSA_PUB_KEY_FORMAT		CSSM_KEYBLOB_RAW_FORMAT_PKCS1
37#define RSA_PRIV_KEY_FORMAT		CSSM_KEYBLOB_RAW_FORMAT_PKCS8
38
39#define DSA_PUB_KEY_FORMAT		CSSM_KEYBLOB_RAW_FORMAT_X509
40#define DSA_PRIV_KEY_FORMAT		CSSM_KEYBLOB_RAW_FORMAT_FIPS186
41
42#define	DSA_MIN_KEY_SIZE		512
43#define DSA_MAX_KEY_SIZE		4096
44#define DSA_KEY_BITS_MASK		(64 - 1)	/* these bits must be zero */
45											/* i.e., aligned to 64 bits */
46
47#define RSA_MAX_KEY_SIZE			4096
48#define RSA_MAX_PUB_EXPONENT_SIZE	64
49
50/* Those max RSA sizes can be overridden with these system preferences */
51#define kRSAKeySizePrefsDomain		"com.apple.security"
52#define kRSAMaxKeySizePref			CFSTR("RSAMaxKeySize")
53#define kRSAMaxPublicExponentPref	CFSTR("RSAMaxPublicExponent")
54
55/*
56 * RSA version of a BinaryKey.
57 */
58class RSABinaryKey : public BinaryKey {
59public:
60	RSABinaryKey(RSA *rsaKey = NULL);
61	~RSABinaryKey();
62	void generateKeyBlob(
63		Allocator			&allocator,
64		CssmData			&blob,
65		CSSM_KEYBLOB_FORMAT	&format,
66		AppleCSPSession		&session,
67		const CssmKey		*paramKey,		/* optional, unused here */
68		CSSM_KEYATTR_FLAGS	&attrFlags);	/* IN/OUT */
69
70	RSA						*mRsaKey;
71
72	bool isOaep()				{ return mOaep; }
73	const CSSM_DATA &label()	{ return mLabel; }
74	void setOaep(
75		const CSSM_DATA		&label);
76private:
77	/*
78	 * optional fields for OEAP keys
79	 * (mKeyHeader.AlgorithmId == CSSM_ALGMODE_PKCS1_EME_OAEP)
80	 */
81	bool					mOaep;
82	CssmAutoData			mLabel;
83};
84
85class RSAKeyPairGenContext :
86	public AppleCSPContext, private AppleKeyPairGenContext  {
87public:
88	RSAKeyPairGenContext(
89		AppleCSPSession &session,
90		const Context &) :
91			AppleCSPContext(session) {}
92
93	~RSAKeyPairGenContext() { }
94
95	/* no init functionality, but we need to implement it */
96	void init(
97		const Context &,
98		bool) { }
99
100	// this one is specified in, and called from, CSPFullPluginSession
101	void generate(
102		const Context 	&context,
103		CssmKey 		&pubKey,
104		CssmKey 		&privKey);
105
106	// this one is specified in, and called from, AppleKeyPairGenContext
107	void generate(
108		const Context 	&context,
109		BinaryKey		&pubBinKey,
110		BinaryKey		&privBinKey,
111		uint32			&keySize);
112
113};	/* KeyPairGenContext */
114
115/*
116 * CSPKeyInfoProvider for RSA keys
117 */
118class RSAKeyInfoProvider : public CSPKeyInfoProvider
119{
120private:
121	RSAKeyInfoProvider(
122		const CssmKey		&cssmKey,
123		AppleCSPSession		&session);
124public:
125	static CSPKeyInfoProvider *provider(
126		const CssmKey 		&cssmKey,
127		AppleCSPSession		&session);
128
129	~RSAKeyInfoProvider() { }
130	void CssmKeyToBinary(
131		CssmKey				*paramKey,	// optional
132		CSSM_KEYATTR_FLAGS	&attrFlags,	// IN/OUT
133		BinaryKey			**binKey);	// RETURNED
134	void QueryKeySizeInBits(
135		CSSM_KEY_SIZE		&keySize);	// RETURNED
136	bool getHashableBlob(
137		Allocator 		&allocator,
138		CssmData			&hashBlob);
139};
140
141/*
142 * DSA version of a BinaryKey.
143 */
144class DSABinaryKey : public BinaryKey {
145public:
146	DSABinaryKey(DSA *dsaKey = NULL);
147	~DSABinaryKey();
148	void generateKeyBlob(
149		Allocator 		&allocator,
150		CssmData			&blob,
151		CSSM_KEYBLOB_FORMAT	&format,
152		AppleCSPSession		&session,
153		const CssmKey		*paramKey,		/* optional */
154		CSSM_KEYATTR_FLAGS	&attrFlags);	/* IN/OUT */
155
156	DSA						*mDsaKey;
157};
158
159class DSAKeyPairGenContext :
160	public AppleCSPContext, private AppleKeyPairGenContext  {
161public:
162	DSAKeyPairGenContext(
163		AppleCSPSession &session,
164		const Context &) :
165			AppleCSPContext(session), mGenAttrs(NULL) {}
166
167	~DSAKeyPairGenContext() { freeGenAttrs(); }
168
169	/* no init functionality, but we need to implement it */
170	void init(
171		const Context &,
172		bool) { }
173
174	// this one is specified in, and called from, CSPFullPluginSession
175	void generate(
176		const Context 	&context,
177		CssmKey 		&pubKey,
178		CssmKey 		&privKey);
179
180	// this one is specified in, and called from, AppleKeyPairGenContext
181	void generate(
182		const Context 	&context,
183		BinaryKey		&pubBinKey,
184		BinaryKey		&privBinKey,
185		uint32			&keySize);
186
187	// specified in, and called from, CSPFullPluginSession�- generate parameters
188	void generate(
189		const Context 	&context,
190		uint32 			bitSize,
191		CssmData 		&params,
192		uint32 			&attrCount,
193		Context::Attr * &attrs);
194
195	/*
196	 * Necessary to handle and deflect "context changed" notification which occurs
197	 * after the strange return from "generate parameters", when the plugin adds
198	 * the "returned" values to the Context.
199	 */
200	bool changed(const Context &context) { return true; }
201
202	void dsaGenParams(
203		uint32			keySizeInBits,
204		const void		*inSeed,			// optional
205		unsigned		inSeedLen,
206		NSS_DSAAlgParams &algParams,
207		SecNssCoder		&coder);
208
209private:
210	/* gross hack to store attributes "returned" from GenParams */
211	Context::Attr		*mGenAttrs;
212	void				freeGenAttrs();
213};	/* KeyPairGenContext */
214
215/*
216 * CSPKeyInfoProvider for DSA keys
217 */
218class DSAKeyInfoProvider : public CSPKeyInfoProvider
219{
220private:
221	DSAKeyInfoProvider(
222		const CssmKey		&cssmKey,
223		AppleCSPSession		&session);
224public:
225	static CSPKeyInfoProvider *provider(
226		const CssmKey 		&cssmKey,
227		AppleCSPSession		&session);
228
229	~DSAKeyInfoProvider() { }
230	void CssmKeyToBinary(
231		CssmKey				*paramKey,	// optional
232		CSSM_KEYATTR_FLAGS	&attrFlags,	// IN/OUT
233		BinaryKey			**binKey);	// RETURNED
234	void QueryKeySizeInBits(
235		CSSM_KEY_SIZE		&keySize);	// RETURNED
236	bool getHashableBlob(
237		Allocator 	&allocator,
238		CssmData		&hashBlob);
239};
240
241#endif	/* _RSA_DSA_KEYS_H_ */
242