1/* 2 * Copyright (c) 2000-2001,2011,2013-2014 Apple Inc. All Rights Reserved. 3 * 4 * The contents of this file constitute Original Code as defined in and are 5 * subject to the Apple Public Source License Version 1.2 (the 'License'). 6 * You may not use this file except in compliance with the License. Please obtain 7 * a copy of the License at http://www.apple.com/publicsource and read it before 8 * using this file. 9 * 10 * This Original Code and all software distributed under the License are 11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS 12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT 13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR 14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the 15 * specific language governing rights and limitations under the License. 16 */ 17 18 19/* 20 * RSA_DSA_keys.h - key pair support for RSA/DSA 21 */ 22 23#ifndef _RSA_DSA_KEYS_H_ 24#define _RSA_DSA_KEYS_H_ 25 26#include <AppleCSPContext.h> 27#include <AppleCSPSession.h> 28#include <RSA_DSA_csp.h> 29#include "AppleCSPKeys.h" 30#include <Security/osKeyTemplates.h> 31#include <openssl/rsa.h> 32#include <openssl/dsa.h> 33#include <security_cdsa_utilities/context.h> 34#include <security_asn1/SecNssCoder.h> 35 36#define RSA_PUB_KEY_FORMAT CSSM_KEYBLOB_RAW_FORMAT_PKCS1 37#define RSA_PRIV_KEY_FORMAT CSSM_KEYBLOB_RAW_FORMAT_PKCS8 38 39#define DSA_PUB_KEY_FORMAT CSSM_KEYBLOB_RAW_FORMAT_X509 40#define DSA_PRIV_KEY_FORMAT CSSM_KEYBLOB_RAW_FORMAT_FIPS186 41 42#define DSA_MIN_KEY_SIZE 512 43#define DSA_MAX_KEY_SIZE 4096 44#define DSA_KEY_BITS_MASK (64 - 1) /* these bits must be zero */ 45 /* i.e., aligned to 64 bits */ 46 47#define RSA_MAX_KEY_SIZE 4096 48#define RSA_MAX_PUB_EXPONENT_SIZE 64 49 50/* Those max RSA sizes can be overridden with these system preferences */ 51#define kRSAKeySizePrefsDomain "com.apple.security" 52#define kRSAMaxKeySizePref CFSTR("RSAMaxKeySize") 53#define kRSAMaxPublicExponentPref CFSTR("RSAMaxPublicExponent") 54 55/* 56 * RSA version of a BinaryKey. 57 */ 58class RSABinaryKey : public BinaryKey { 59public: 60 RSABinaryKey(RSA *rsaKey = NULL); 61 ~RSABinaryKey(); 62 void generateKeyBlob( 63 Allocator &allocator, 64 CssmData &blob, 65 CSSM_KEYBLOB_FORMAT &format, 66 AppleCSPSession &session, 67 const CssmKey *paramKey, /* optional, unused here */ 68 CSSM_KEYATTR_FLAGS &attrFlags); /* IN/OUT */ 69 70 RSA *mRsaKey; 71 72 bool isOaep() { return mOaep; } 73 const CSSM_DATA &label() { return mLabel; } 74 void setOaep( 75 const CSSM_DATA &label); 76private: 77 /* 78 * optional fields for OEAP keys 79 * (mKeyHeader.AlgorithmId == CSSM_ALGMODE_PKCS1_EME_OAEP) 80 */ 81 bool mOaep; 82 CssmAutoData mLabel; 83}; 84 85class RSAKeyPairGenContext : 86 public AppleCSPContext, private AppleKeyPairGenContext { 87public: 88 RSAKeyPairGenContext( 89 AppleCSPSession &session, 90 const Context &) : 91 AppleCSPContext(session) {} 92 93 ~RSAKeyPairGenContext() { } 94 95 /* no init functionality, but we need to implement it */ 96 void init( 97 const Context &, 98 bool) { } 99 100 // this one is specified in, and called from, CSPFullPluginSession 101 void generate( 102 const Context &context, 103 CssmKey &pubKey, 104 CssmKey &privKey); 105 106 // this one is specified in, and called from, AppleKeyPairGenContext 107 void generate( 108 const Context &context, 109 BinaryKey &pubBinKey, 110 BinaryKey &privBinKey, 111 uint32 &keySize); 112 113}; /* KeyPairGenContext */ 114 115/* 116 * CSPKeyInfoProvider for RSA keys 117 */ 118class RSAKeyInfoProvider : public CSPKeyInfoProvider 119{ 120private: 121 RSAKeyInfoProvider( 122 const CssmKey &cssmKey, 123 AppleCSPSession &session); 124public: 125 static CSPKeyInfoProvider *provider( 126 const CssmKey &cssmKey, 127 AppleCSPSession &session); 128 129 ~RSAKeyInfoProvider() { } 130 void CssmKeyToBinary( 131 CssmKey *paramKey, // optional 132 CSSM_KEYATTR_FLAGS &attrFlags, // IN/OUT 133 BinaryKey **binKey); // RETURNED 134 void QueryKeySizeInBits( 135 CSSM_KEY_SIZE &keySize); // RETURNED 136 bool getHashableBlob( 137 Allocator &allocator, 138 CssmData &hashBlob); 139}; 140 141/* 142 * DSA version of a BinaryKey. 143 */ 144class DSABinaryKey : public BinaryKey { 145public: 146 DSABinaryKey(DSA *dsaKey = NULL); 147 ~DSABinaryKey(); 148 void generateKeyBlob( 149 Allocator &allocator, 150 CssmData &blob, 151 CSSM_KEYBLOB_FORMAT &format, 152 AppleCSPSession &session, 153 const CssmKey *paramKey, /* optional */ 154 CSSM_KEYATTR_FLAGS &attrFlags); /* IN/OUT */ 155 156 DSA *mDsaKey; 157}; 158 159class DSAKeyPairGenContext : 160 public AppleCSPContext, private AppleKeyPairGenContext { 161public: 162 DSAKeyPairGenContext( 163 AppleCSPSession &session, 164 const Context &) : 165 AppleCSPContext(session), mGenAttrs(NULL) {} 166 167 ~DSAKeyPairGenContext() { freeGenAttrs(); } 168 169 /* no init functionality, but we need to implement it */ 170 void init( 171 const Context &, 172 bool) { } 173 174 // this one is specified in, and called from, CSPFullPluginSession 175 void generate( 176 const Context &context, 177 CssmKey &pubKey, 178 CssmKey &privKey); 179 180 // this one is specified in, and called from, AppleKeyPairGenContext 181 void generate( 182 const Context &context, 183 BinaryKey &pubBinKey, 184 BinaryKey &privBinKey, 185 uint32 &keySize); 186 187 // specified in, and called from, CSPFullPluginSession�- generate parameters 188 void generate( 189 const Context &context, 190 uint32 bitSize, 191 CssmData ¶ms, 192 uint32 &attrCount, 193 Context::Attr * &attrs); 194 195 /* 196 * Necessary to handle and deflect "context changed" notification which occurs 197 * after the strange return from "generate parameters", when the plugin adds 198 * the "returned" values to the Context. 199 */ 200 bool changed(const Context &context) { return true; } 201 202 void dsaGenParams( 203 uint32 keySizeInBits, 204 const void *inSeed, // optional 205 unsigned inSeedLen, 206 NSS_DSAAlgParams &algParams, 207 SecNssCoder &coder); 208 209private: 210 /* gross hack to store attributes "returned" from GenParams */ 211 Context::Attr *mGenAttrs; 212 void freeGenAttrs(); 213}; /* KeyPairGenContext */ 214 215/* 216 * CSPKeyInfoProvider for DSA keys 217 */ 218class DSAKeyInfoProvider : public CSPKeyInfoProvider 219{ 220private: 221 DSAKeyInfoProvider( 222 const CssmKey &cssmKey, 223 AppleCSPSession &session); 224public: 225 static CSPKeyInfoProvider *provider( 226 const CssmKey &cssmKey, 227 AppleCSPSession &session); 228 229 ~DSAKeyInfoProvider() { } 230 void CssmKeyToBinary( 231 CssmKey *paramKey, // optional 232 CSSM_KEYATTR_FLAGS &attrFlags, // IN/OUT 233 BinaryKey **binKey); // RETURNED 234 void QueryKeySizeInBits( 235 CSSM_KEY_SIZE &keySize); // RETURNED 236 bool getHashableBlob( 237 Allocator &allocator, 238 CssmData &hashBlob); 239}; 240 241#endif /* _RSA_DSA_KEYS_H_ */ 242