1/*
2 * Copyright (c) 2001,2011,2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24
25#ifndef	_CRYPTKIT_DER_H_
26#define _CRYPTKIT_DER_H_
27
28#include <security_cryptkit/ckconfig.h>
29
30#if	CRYPTKIT_DER_ENABLE
31
32#include <security_cryptkit/feeTypes.h>
33#include <security_cryptkit/feePublicKey.h>
34#include <security_cryptkit/giantIntegers.h>
35#include <security_cryptkit/falloc.h>
36#include <security_cryptkit/curveParams.h>
37
38#ifdef	__cplusplus
39extern "C" {
40#endif
41
42/*
43 * Encode/decode the two FEE signature types. We malloc returned data via
44 * falloc(); caller must free via ffree().
45 */
46feeReturn feeDEREncodeElGamalSignature(
47	giant			u,
48	giant			PmX,
49	unsigned char	**encodedSig,		// fallocd and RETURNED
50	unsigned		*encodedSigLen);	// RETURNED
51
52feeReturn feeDEREncodeECDSASignature(
53	giant			c,
54	giant			d,
55	unsigned char	**encodedSig,		// fallocd and RETURNED
56	unsigned		*encodedSigLen);	// RETURNED
57
58feeReturn feeDERDecodeElGamalSignature(
59	const unsigned char	*encodedSig,
60	size_t			encodedSigLen,
61	giant			*u,					// newGiant'd and RETURNED
62	giant			*PmX);				// newGiant'd and RETURNED
63
64feeReturn feeDERDecodeECDSASignature(
65	const unsigned char	*encodedSig,
66	size_t			encodedSigLen,
67	giant			*c,					// newGiant'd and RETURNED
68	giant			*d);				// newGiant'd and RETURNED
69
70/*
71 * Encode/decode the FEE private and public keys. We malloc returned data via
72 * falloc(); caller must free via ffree().
73 * These use a DER format which is custom to this module.
74 */
75feeReturn feeDEREncodePublicKey(
76	int			version,
77	const curveParams	*cp,
78	giant			plusX,
79	giant			minusX,
80	giant			plusY,			// may be NULL
81	unsigned char	**keyBlob,		// fmallocd and RETURNED
82	unsigned		*keyBlobLen);		// RETURNED
83
84feeReturn feeDEREncodePrivateKey(
85	int				version,
86	const curveParams	*cp,
87	const giant		privData,
88	unsigned char	**keyBlob,		// fmallocd and RETURNED
89	unsigned		*keyBlobLen);	// RETURNED
90
91feeReturn feeDERDecodePublicKey(
92	const unsigned char	*keyBlob,
93	unsigned		keyBlobLen,
94	int				*version,		// this and remainder RETURNED
95	curveParams		**cp,
96	giant			*plusX,
97	giant			*minusX,
98	giant			*plusY);		// always valid, may be (giant)0
99
100feeReturn feeDERDecodePrivateKey(
101	const unsigned char	*keyBlob,
102	unsigned		keyBlobLen,
103	int				*version,		// this and remainder RETURNED
104	curveParams		**cp,
105	giant			*privData);		// RETURNED
106
107/* obtain the max size of a DER-encoded signature (either ElGamal or ECDSA) */
108unsigned feeSizeOfDERSig(
109	giant g1,
110	giant g2);
111
112/*
113 * Encode/decode public key in X.509 format.
114 */
115feeReturn feeDEREncodeX509PublicKey(
116	const unsigned char	*pubBlob,		/* x and y octet string */
117	unsigned			pubBlobLen,
118	curveParams			*cp,
119	unsigned char		**x509Blob,		/* fmallocd and RETURNED */
120	unsigned			*x509BlobLen);	/* RETURNED */
121
122feeReturn feeDERDecodeX509PublicKey(
123	const unsigned char	*x509Blob,
124	unsigned			x509BlobLen,
125	feeDepth			*depth,			/* RETURNED */
126	unsigned char		**pubBlob,		/* x and y octet string RETURNED */
127	unsigned			*pubBlobLen);	/* RETURNED */
128
129/*
130 * Encode private, and decode private or public key, in unencrypted OpenSSL format.
131 */
132feeReturn feeDEREncodeOpenSSLPrivateKey(
133	const unsigned char	*privBlob,		/* private data octet string */
134	unsigned			privBlobLen,
135	const unsigned char *pubBlob,		/* public key, optional */
136	unsigned			pubBlobLen,
137	curveParams			*cp,
138	unsigned char		**openBlob,		/* fmallocd and RETURNED */
139	unsigned			*openBlobLen);	/* RETURNED */
140
141feeReturn feeDERDecodeOpenSSLKey(
142	const unsigned char	*osBlob,
143	unsigned			osBlobLen,
144	feeDepth			*depth,			/* RETURNED */
145	unsigned char		**privBlob,		/* private data octet string RETURNED */
146	unsigned			*privBlobLen,	/* RETURNED */
147	unsigned char		**pubBlob,		/* public data octet string optionally RETURNED */
148	unsigned			*pubBlobLen);
149
150/*
151 * Encode/decode private key in unencrypted PKCS8 format.
152 */
153feeReturn feeDEREncodePKCS8PrivateKey(
154	const unsigned char	*privBlob,		/* private data octet string */
155	unsigned			privBlobLen,
156	const unsigned char	*pubBlob,		/* public blob, optional */
157	unsigned			pubBlobLen,
158	curveParams			*cp,
159	unsigned char		**pkcs8Blob,	/* fmallocd and RETURNED */
160	unsigned			*pkcs8BlobLen);	/* RETURNED */
161
162feeReturn feeDERDecodePKCS8PrivateKey(
163	const unsigned char	*pkcs8Blob,
164	unsigned			pkcs8BlobLen,
165	feeDepth			*depth,			/* RETURNED */
166	unsigned char		**privBlob,		/* private data octet string RETURNED */
167	unsigned			*privBlobLen,	/* RETURNED */
168	unsigned char		**pubBlob,		/* optionally returned, if it's there */
169	unsigned			*pubBlobLen);
170
171
172#ifdef	__cplusplus
173}
174#endif
175
176#endif	/* CRYPTKIT_DER_ENABLE */
177#endif	/* _CRYPTKIT_DER_H_ */
178
179
180