1/* 2 * Copyright (c) 2001,2011,2014 Apple Inc. All Rights Reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. Please obtain a copy of the License at 10 * http://www.opensource.apple.com/apsl/ and read it before using this 11 * file. 12 * 13 * The Original Code and all software distributed under the License are 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 * Please see the License for the specific language governing rights and 19 * limitations under the License. 20 * 21 * @APPLE_LICENSE_HEADER_END@ 22 */ 23 24 25#ifndef _CRYPTKIT_DER_H_ 26#define _CRYPTKIT_DER_H_ 27 28#include <security_cryptkit/ckconfig.h> 29 30#if CRYPTKIT_DER_ENABLE 31 32#include <security_cryptkit/feeTypes.h> 33#include <security_cryptkit/feePublicKey.h> 34#include <security_cryptkit/giantIntegers.h> 35#include <security_cryptkit/falloc.h> 36#include <security_cryptkit/curveParams.h> 37 38#ifdef __cplusplus 39extern "C" { 40#endif 41 42/* 43 * Encode/decode the two FEE signature types. We malloc returned data via 44 * falloc(); caller must free via ffree(). 45 */ 46feeReturn feeDEREncodeElGamalSignature( 47 giant u, 48 giant PmX, 49 unsigned char **encodedSig, // fallocd and RETURNED 50 unsigned *encodedSigLen); // RETURNED 51 52feeReturn feeDEREncodeECDSASignature( 53 giant c, 54 giant d, 55 unsigned char **encodedSig, // fallocd and RETURNED 56 unsigned *encodedSigLen); // RETURNED 57 58feeReturn feeDERDecodeElGamalSignature( 59 const unsigned char *encodedSig, 60 size_t encodedSigLen, 61 giant *u, // newGiant'd and RETURNED 62 giant *PmX); // newGiant'd and RETURNED 63 64feeReturn feeDERDecodeECDSASignature( 65 const unsigned char *encodedSig, 66 size_t encodedSigLen, 67 giant *c, // newGiant'd and RETURNED 68 giant *d); // newGiant'd and RETURNED 69 70/* 71 * Encode/decode the FEE private and public keys. We malloc returned data via 72 * falloc(); caller must free via ffree(). 73 * These use a DER format which is custom to this module. 74 */ 75feeReturn feeDEREncodePublicKey( 76 int version, 77 const curveParams *cp, 78 giant plusX, 79 giant minusX, 80 giant plusY, // may be NULL 81 unsigned char **keyBlob, // fmallocd and RETURNED 82 unsigned *keyBlobLen); // RETURNED 83 84feeReturn feeDEREncodePrivateKey( 85 int version, 86 const curveParams *cp, 87 const giant privData, 88 unsigned char **keyBlob, // fmallocd and RETURNED 89 unsigned *keyBlobLen); // RETURNED 90 91feeReturn feeDERDecodePublicKey( 92 const unsigned char *keyBlob, 93 unsigned keyBlobLen, 94 int *version, // this and remainder RETURNED 95 curveParams **cp, 96 giant *plusX, 97 giant *minusX, 98 giant *plusY); // always valid, may be (giant)0 99 100feeReturn feeDERDecodePrivateKey( 101 const unsigned char *keyBlob, 102 unsigned keyBlobLen, 103 int *version, // this and remainder RETURNED 104 curveParams **cp, 105 giant *privData); // RETURNED 106 107/* obtain the max size of a DER-encoded signature (either ElGamal or ECDSA) */ 108unsigned feeSizeOfDERSig( 109 giant g1, 110 giant g2); 111 112/* 113 * Encode/decode public key in X.509 format. 114 */ 115feeReturn feeDEREncodeX509PublicKey( 116 const unsigned char *pubBlob, /* x and y octet string */ 117 unsigned pubBlobLen, 118 curveParams *cp, 119 unsigned char **x509Blob, /* fmallocd and RETURNED */ 120 unsigned *x509BlobLen); /* RETURNED */ 121 122feeReturn feeDERDecodeX509PublicKey( 123 const unsigned char *x509Blob, 124 unsigned x509BlobLen, 125 feeDepth *depth, /* RETURNED */ 126 unsigned char **pubBlob, /* x and y octet string RETURNED */ 127 unsigned *pubBlobLen); /* RETURNED */ 128 129/* 130 * Encode private, and decode private or public key, in unencrypted OpenSSL format. 131 */ 132feeReturn feeDEREncodeOpenSSLPrivateKey( 133 const unsigned char *privBlob, /* private data octet string */ 134 unsigned privBlobLen, 135 const unsigned char *pubBlob, /* public key, optional */ 136 unsigned pubBlobLen, 137 curveParams *cp, 138 unsigned char **openBlob, /* fmallocd and RETURNED */ 139 unsigned *openBlobLen); /* RETURNED */ 140 141feeReturn feeDERDecodeOpenSSLKey( 142 const unsigned char *osBlob, 143 unsigned osBlobLen, 144 feeDepth *depth, /* RETURNED */ 145 unsigned char **privBlob, /* private data octet string RETURNED */ 146 unsigned *privBlobLen, /* RETURNED */ 147 unsigned char **pubBlob, /* public data octet string optionally RETURNED */ 148 unsigned *pubBlobLen); 149 150/* 151 * Encode/decode private key in unencrypted PKCS8 format. 152 */ 153feeReturn feeDEREncodePKCS8PrivateKey( 154 const unsigned char *privBlob, /* private data octet string */ 155 unsigned privBlobLen, 156 const unsigned char *pubBlob, /* public blob, optional */ 157 unsigned pubBlobLen, 158 curveParams *cp, 159 unsigned char **pkcs8Blob, /* fmallocd and RETURNED */ 160 unsigned *pkcs8BlobLen); /* RETURNED */ 161 162feeReturn feeDERDecodePKCS8PrivateKey( 163 const unsigned char *pkcs8Blob, 164 unsigned pkcs8BlobLen, 165 feeDepth *depth, /* RETURNED */ 166 unsigned char **privBlob, /* private data octet string RETURNED */ 167 unsigned *privBlobLen, /* RETURNED */ 168 unsigned char **pubBlob, /* optionally returned, if it's there */ 169 unsigned *pubBlobLen); 170 171 172#ifdef __cplusplus 173} 174#endif 175 176#endif /* CRYPTKIT_DER_ENABLE */ 177#endif /* _CRYPTKIT_DER_H_ */ 178 179 180