1/* 2 * Copyright (c) 2003-2006,2008,2010 Apple Inc. All Rights Reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. Please obtain a copy of the License at 10 * http://www.opensource.apple.com/apsl/ and read it before using this 11 * file. 12 * 13 * The Original Code and all software distributed under the License are 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 * Please see the License for the specific language governing rights and 19 * limitations under the License. 20 * 21 * @APPLE_LICENSE_HEADER_END@ 22 */ 23/* 24 * osKeyTemplate.h - ASN1 templates for openssl asymmetric keys 25 */ 26 27#ifndef _OS_KEY_TEMPLATES_H_ 28#define _OS_KEY_TEMPLATES_H_ 29 30#include <Security/keyTemplates.h> 31 32/* 33 * Arrays of SecAsn1Template are always associated with a specific 34 * C struct. We attempt to use C structs which are defined in CDSA 35 * if at all possible; these always start with the CSSM_ prefix. 36 * Otherwise we define the struct here, with an NSS_ prefix. 37 * In either case, the name of the C struct is listed in comments 38 * along with the extern declaration of the SecAsn1Template array. 39 */ 40 41#ifdef __cplusplus 42extern "C" { 43#endif 44 45/*** 46 *** Note: RSA and Diffie-Hellman keys and structs are in 47 *** security_asn1/keyTemplates.h. 48 ***/ 49 50// MARK: *** DSA *** 51 52/* 53 * Note that most of the DSA structs are hand rolled and are not 54 * expressed in ASN1 in any doc that I'm aware of. 55 */ 56 57/**** 58 **** DSA support 59 ****/ 60 61/* 62 * DSA algorithm parameters. Used in CDSA key generation context as 63 * well as the parameters in an X509-formatted DSA public key. 64 */ 65typedef struct { 66 SecAsn1Item p; 67 SecAsn1Item q; 68 SecAsn1Item g; 69} NSS_DSAAlgParams; 70 71extern const SecAsn1Template kSecAsn1DSAAlgParamsTemplate[]; 72 73/* 74 * DSA algorithm parameters, BSAFE style. Only used in FIPS186 format 75 * public and private keys. 76 */ 77typedef struct { 78 SecAsn1Item keySizeInBits; 79 SecAsn1Item p; 80 SecAsn1Item q; 81 SecAsn1Item g; 82} NSS_DSAAlgParamsBSAFE; 83 84extern const SecAsn1Template kSecAsn1DSAAlgParamsBSAFETemplate[]; 85 86/* 87 * DSA X509-style AlgorithmID. Avoids ASN_ANY processing via direct 88 * insertion of the appropriate parameters. 89 */ 90typedef struct { 91 SecAsn1Oid algorithm; 92 NSS_DSAAlgParams *params; // optional 93} NSS_DSAAlgorithmIdX509; 94 95extern const SecAsn1Template kSecAsn1DSAAlgorithmIdX509Template[]; 96 97/* 98 * DSA AlgorithmID, BSAFE style. Avoids ASN_ANY 99 * processing via direct insertion of the appropriate parameters. 100 */ 101typedef struct { 102 SecAsn1Oid algorithm; 103 NSS_DSAAlgParamsBSAFE params; 104} NSS_DSAAlgorithmIdBSAFE; 105 106extern const SecAsn1Template kSecAsn1DSAAlgorithmIdBSAFETemplate[]; 107 108/**** 109 **** DSA public keys 110 ****/ 111 112/* 113 * DSA public key, openssl/X509 format. 114 * 115 * The publicKey is actually the DER encoding of an ASN 116 * integer, wrapped in a BIT STRING. 117 */ 118typedef struct { 119 NSS_DSAAlgorithmIdX509 dsaAlg; 120 SecAsn1Item publicKey; // BIT string - Length in bits 121} NSS_DSAPublicKeyX509; 122 123extern const SecAsn1Template kSecAsn1DSAPublicKeyX509Template[]; 124 125/* 126 * DSA public key, BSAFE/FIPS186 format. 127 * The public key is the DER encoding of an ASN integer, wrapped 128 * in a bit string. 129 */ 130typedef struct { 131 NSS_DSAAlgorithmIdBSAFE dsaAlg; 132 SecAsn1Item publicKey; // BIT string - Length in bits 133} NSS_DSAPublicKeyBSAFE; 134 135extern const SecAsn1Template kSecAsn1DSAPublicKeyBSAFETemplate[]; 136 137/**** 138 **** DSA private keys 139 ****/ 140 141/* 142 * DSA Private key, openssl custom format. 143 */ 144typedef struct { 145 SecAsn1Item version; 146 SecAsn1Item p; 147 SecAsn1Item q; 148 SecAsn1Item g; 149 SecAsn1Item pub; 150 SecAsn1Item priv; 151} NSS_DSAPrivateKeyOpenssl; 152 153extern const SecAsn1Template kSecAsn1DSAPrivateKeyOpensslTemplate[]; 154 155/* 156 * DSA private key, BSAFE/FIPS186 style. 157 * This is basically a DSA-specific NSS_PrivateKeyInfo. 158 * 159 * NSS_DSAPrivateKeyBSAFE.privateKey is an octet string containing 160 * the DER encoding of this. 161 */ 162typedef struct { 163 SecAsn1Item privateKey; 164} NSS_DSAPrivateKeyOcts; 165 166extern const SecAsn1Template kSecAsn1DSAPrivateKeyOctsTemplate[]; 167 168typedef struct { 169 SecAsn1Item version; 170 NSS_DSAAlgorithmIdBSAFE dsaAlg; 171 /* octet string containing a DER-encoded NSS_DSAPrivateKeyOcts */ 172 SecAsn1Item privateKey; 173} NSS_DSAPrivateKeyBSAFE; 174 175extern const SecAsn1Template kSecAsn1DSAPrivateKeyBSAFETemplate[]; 176 177/* 178 * DSA Private Key, PKCS8/SMIME style. Doesn't have keySizeInBits 179 * in the alg params; has version in the top-level struct; the 180 * private key itself is a DER-encoded integer wrapped in an 181 * octet string. 182 */ 183typedef struct { 184 SecAsn1Item version; 185 NSS_DSAAlgorithmIdX509 dsaAlg; 186 /* octet string containing DER-encoded integer */ 187 SecAsn1Item privateKey; 188 NSS_Attribute **attributes; // optional 189} NSS_DSAPrivateKeyPKCS8; 190 191extern const SecAsn1Template kSecAsn1DSAPrivateKeyPKCS8Template[]; 192 193/* 194 * DSA Signature. 195 */ 196typedef struct { 197 SecAsn1Item r; 198 SecAsn1Item s; 199} NSS_DSASignature; 200 201extern const SecAsn1Template kSecAsn1DSASignatureTemplate[]; 202 203#ifdef __cplusplus 204} 205#endif 206 207 208#endif /* _OS_KEY_TEMPLATES_H_ */ 209