1/*
2 * Copyright (c) 2000-2004 Apple Computer, Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23/*
24 * SecImportExportCrypto.h - low-level crypto routines for wrapping and unwrapping
25 *							 keys.
26 */
27
28
29#ifndef	_SECURITY_SEC_IMPORT_EXPORT_CRYPTO_H_
30#define _SECURITY_SEC_IMPORT_EXPORT_CRYPTO_H_
31
32#include <Security/cssmtype.h>
33#include <Security/SecAccess.h>
34#include <Security/SecKeychain.h>
35#include <Security/SecImportExport.h>
36#include <CoreFoundation/CoreFoundation.h>
37#include <security_cdsa_utilities/cssmdata.h>
38#include <stdint.h>
39
40#ifdef	__cplusplus
41extern "C" {
42#endif
43
44/*
45 * Post notification of a "new key added" event.
46 * If you know of another way to do this, other than a dlclient-based lookup of the
47 * existing key in order to get a KeychainCore::Item, by all means have at it.
48 */
49OSStatus impExpKeyNotify(
50	SecKeychainRef	importKeychain,
51	const CssmData	&keyLabel,		// stored with this, we use it to do a lookup
52	const CSSM_KEY	&cssmKey);		// unwrapped key in CSSM format
53
54/*
55 * Attempt to import a raw key. This can be used as a lightweight
56 * "guess" evaluator if a handle to the raw CSP is passed in (with
57 * no keychaain), or as the real thing which does full keychain import.
58 */
59OSStatus impExpImportRawKey(
60	CFDataRef							inData,
61	SecExternalFormat					externForm,
62	SecExternalItemType					itemType,
63	CSSM_ALGORITHMS						keyAlg,
64	SecKeychainRef						importKeychain, // optional
65	CSSM_CSP_HANDLE						cspHand,		// optional
66	SecItemImportExportFlags			flags,
67	const SecKeyImportExportParameters	*keyParams,		// optional
68	const char							*printName,		// optional
69	CFMutableArrayRef					outArray);		// optional, append here
70
71/*
72 * Auxiliary encryption parameters associated with a key unwrap.
73 * Most of these are usually zero (meaning "tell the CSP to take the default").
74 */
75typedef struct {
76	CSSM_ALGORITHMS			encrAlg;		// 0 ==> null unwrap
77	CSSM_ENCRYPT_MODE		encrMode;
78	CSSM_KEY_PTR			unwrappingKey;  // NULL ==> null unwrap
79	CSSM_PADDING			encrPad;
80	CSSM_DATA				iv;
81
82	/* weird RC2/RC5 params */
83	uint32					effectiveKeySizeInBits; // RC2
84	uint32					blockSizeInBits;		// RC5
85	uint32					rounds;					// RC5
86} impExpKeyUnwrapParams;
87
88/*
89 * Common code to unwrap a key, used for raw keys (which do a NULL unwrap) and
90 * wrapped keys.
91 */
92OSStatus impExpImportKeyCommon(
93	const CSSM_KEY					*wrappedKey,
94	SecKeychainRef					importKeychain, // optional
95	CSSM_CSP_HANDLE					cspHand,		// optional
96	SecItemImportExportFlags		flags,
97	const SecKeyImportExportParameters *keyParams,  // optional
98	const impExpKeyUnwrapParams		*unwrapParams,
99	const char						*printName,		// optional
100	CFMutableArrayRef				outArray);		// optional, append here
101
102/*
103 * Common code to wrap a key. NULL unwraps don't use this (yet?).
104 */
105CSSM_RETURN impExpExportKeyCommon(
106	CSSM_CSP_HANDLE		cspHand,		// for all three keys
107	SecKeyRef			secKey,
108	CSSM_KEY_PTR		wrappingKey,
109	CSSM_KEY_PTR		wrappedKey,		// RETURNED
110	CSSM_ALGORITHMS		wrapAlg,
111	CSSM_ENCRYPT_MODE   wrapMode,
112	CSSM_PADDING		wrapPad,
113	CSSM_KEYBLOB_FORMAT	wrapFormat,		// NONE, PKCS7, PKCS8
114	CSSM_ATTRIBUTE_TYPE blobAttrType,	// optional raw key format attr
115	CSSM_KEYBLOB_FORMAT blobForm,		// ditto
116	const CSSM_DATA		*descData,		// optional descriptive data
117	const CSSM_DATA		*iv);
118
119#ifdef	__cplusplus
120}
121#endif
122
123#endif  /* _SECURITY_SEC_IMPORT_EXPORT_CRYPTO_H_ */
124