1/*
2 * Copyright (c) 2003-2006,2008,2010 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23/*
24 * osKeyTemplate.h -  ASN1 templates for openssl asymmetric keys
25 */
26
27#ifndef	_OS_KEY_TEMPLATES_H_
28#define _OS_KEY_TEMPLATES_H_
29
30#include <Security/keyTemplates.h>
31
32/*
33 * Arrays of SecAsn1Template are always associated with a specific
34 * C struct. We attempt to use C structs which are defined in CDSA
35 * if at all possible; these always start with the CSSM_ prefix.
36 * Otherwise we define the struct here, with an NSS_ prefix.
37 * In either case, the name of the C struct is listed in comments
38 * along with the extern declaration of the SecAsn1Template array.
39 */
40
41#ifdef	__cplusplus
42extern "C" {
43#endif
44
45/***
46 *** Note: RSA and Diffie-Hellman keys and structs are in
47 *** security_asn1/keyTemplates.h.
48 ***/
49
50// MARK: *** DSA ***
51
52/*
53 * Note that most of the DSA structs are hand rolled and are not
54 * expressed in ASN1 in any doc that I'm aware of.
55 */
56
57/****
58 **** DSA support
59 ****/
60
61/*
62 * DSA algorithm parameters. Used in CDSA key generation context as
63 * well as the parameters in an X509-formatted DSA public key.
64 */
65typedef struct {
66	SecAsn1Item	p;
67	SecAsn1Item	q;
68	SecAsn1Item	g;
69} NSS_DSAAlgParams;
70
71extern const SecAsn1Template kSecAsn1DSAAlgParamsTemplate[];
72
73/*
74 * DSA algorithm parameters, BSAFE style. Only used in FIPS186 format
75 * public and private keys.
76 */
77typedef struct {
78	SecAsn1Item	keySizeInBits;
79	SecAsn1Item	p;
80	SecAsn1Item	q;
81	SecAsn1Item	g;
82} NSS_DSAAlgParamsBSAFE;
83
84extern const SecAsn1Template kSecAsn1DSAAlgParamsBSAFETemplate[];
85
86/*
87 * DSA X509-style AlgorithmID. Avoids ASN_ANY processing via direct
88 * insertion of the appropriate parameters.
89 */
90typedef struct {
91	SecAsn1Oid			algorithm;
92	NSS_DSAAlgParams	*params;		// optional
93} NSS_DSAAlgorithmIdX509;
94
95extern const SecAsn1Template kSecAsn1DSAAlgorithmIdX509Template[];
96
97/*
98 * DSA AlgorithmID, BSAFE style. Avoids ASN_ANY
99 * processing via direct insertion of the appropriate parameters.
100 */
101typedef struct {
102	SecAsn1Oid				algorithm;
103	NSS_DSAAlgParamsBSAFE	params;
104} NSS_DSAAlgorithmIdBSAFE;
105
106extern const SecAsn1Template kSecAsn1DSAAlgorithmIdBSAFETemplate[];
107
108/****
109 **** DSA public keys
110 ****/
111
112/*
113 * DSA public key, openssl/X509 format.
114 *
115 * The publicKey is actually the DER encoding of an ASN
116 * integer, wrapped in a BIT STRING.
117 */
118typedef struct {
119	NSS_DSAAlgorithmIdX509	dsaAlg;
120	SecAsn1Item				publicKey;		// BIT string - Length in bits
121} NSS_DSAPublicKeyX509;
122
123extern const SecAsn1Template kSecAsn1DSAPublicKeyX509Template[];
124
125/*
126 * DSA public key, BSAFE/FIPS186 format.
127 * The public key is the DER encoding of an ASN integer, wrapped
128 * in a bit string.
129 */
130typedef struct {
131	NSS_DSAAlgorithmIdBSAFE		dsaAlg;
132	SecAsn1Item					publicKey;	// BIT string - Length in bits
133} NSS_DSAPublicKeyBSAFE;
134
135extern const SecAsn1Template kSecAsn1DSAPublicKeyBSAFETemplate[];
136
137/****
138 **** DSA private keys
139 ****/
140
141/*
142 * DSA Private key, openssl custom format.
143 */
144typedef struct {
145	SecAsn1Item	version;
146	SecAsn1Item	p;
147	SecAsn1Item	q;
148	SecAsn1Item	g;
149	SecAsn1Item	pub;
150	SecAsn1Item	priv;
151} NSS_DSAPrivateKeyOpenssl;
152
153extern const SecAsn1Template kSecAsn1DSAPrivateKeyOpensslTemplate[];
154
155/*
156 * DSA private key, BSAFE/FIPS186 style.
157 * This is basically a DSA-specific NSS_PrivateKeyInfo.
158 *
159 * NSS_DSAPrivateKeyBSAFE.privateKey is an octet string containing
160 * the DER encoding of this.
161 */
162typedef struct {
163	SecAsn1Item				privateKey;
164} NSS_DSAPrivateKeyOcts;
165
166extern const SecAsn1Template kSecAsn1DSAPrivateKeyOctsTemplate[];
167
168typedef struct {
169	SecAsn1Item				version;
170	NSS_DSAAlgorithmIdBSAFE	dsaAlg;
171	/* octet string containing a DER-encoded NSS_DSAPrivateKeyOcts */
172	SecAsn1Item				privateKey;
173} NSS_DSAPrivateKeyBSAFE;
174
175extern const SecAsn1Template kSecAsn1DSAPrivateKeyBSAFETemplate[];
176
177/*
178 * DSA Private Key, PKCS8/SMIME style. Doesn't have keySizeInBits
179 * in the alg params; has version in the top-level struct; the
180 * private key itself is a DER-encoded integer wrapped in an
181 * octet string.
182 */
183typedef struct {
184	SecAsn1Item				version;
185	NSS_DSAAlgorithmIdX509	dsaAlg;
186	/* octet string containing DER-encoded integer */
187	SecAsn1Item				privateKey;
188    NSS_Attribute 			**attributes;		// optional
189} NSS_DSAPrivateKeyPKCS8;
190
191extern const SecAsn1Template kSecAsn1DSAPrivateKeyPKCS8Template[];
192
193/*
194 * DSA Signature.
195 */
196typedef struct {
197	SecAsn1Item	r;
198	SecAsn1Item	s;
199} NSS_DSASignature;
200
201extern const SecAsn1Template kSecAsn1DSASignatureTemplate[];
202
203#ifdef	__cplusplus
204}
205#endif
206
207
208#endif	/* _OS_KEY_TEMPLATES_H_ */
209