[apple/security.git] / libsecurity_asn1 / lib / keyTemplates.h

/*
 * Copyright (c) 2003-2006,2008,2010 Apple Inc. All Rights Reserved.
 * 
 * @APPLE_LICENSE_HEADER_START@
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 *
 * keyTemplate.h -  ASN1 templates for asymmetric keys and related
 * structs.
 */

#ifndef	_NSS_KEY_TEMPLATES_H_
#define _NSS_KEY_TEMPLATES_H_

#include <Security/SecAsn1Types.h>

/*
 * Arrays of SecAsn1Templates are always associated with a specific
 * C struct. We attempt to use C structs which are defined in CDSA
 * if at all possible; these always start with the CSSM_ prefix.
 * Otherwise we define the struct here, with an NSS_ prefix.
 * In either case, the name of the C struct is listed in comments
 * along with the extern declaration of the SecAsn1Template array.
 */

#ifdef  __cplusplus
extern "C" {
#endif

/*
 * ASN class : AlgorithmIdentifier
 * C struct  : SecAsn1AlgId
 */
extern const SecAsn1Template kSecAsn1AlgorithmIDTemplate[];

/*
 * ASN class : SubjectPublicKeyInfo
 * C struct  : SecAsn1PubKeyInfo
 */
extern const SecAsn1Template kSecAsn1SubjectPublicKeyInfoTemplate[];

/*
 * ASN class : Attribute
 * C struct  : NSS_Attribute
 */
typedef struct {
    SecAsn1Oid 	attrType;	
    SecAsn1Item 	**attrValue;
} NSS_Attribute;

extern const SecAsn1Template kSecAsn1AttributeTemplate[];
extern const SecAsn1Template kSecAsn1SetOfAttributeTemplate[];

/*
 * PKCS8 private key info
 * ASN class : PrivateKeyInfo
 * C struct  : NSS_PrivateKeyInfo
 */
typedef struct {
    SecAsn1Item 						version;
    SecAsn1AlgId 	algorithm;
    SecAsn1Item 						privateKey;
    NSS_Attribute 					**attributes;
} NSS_PrivateKeyInfo;

extern const SecAsn1Template kSecAsn1PrivateKeyInfoTemplate[];

/*
 * PKCS8 Encrypted Private Key Info
 * ASN class : EncryptedPrivateKeyInfo
 * C struct  : NSS_EncryptedPrivateKeyInfo
 *
 * The decrypted encryptedData field is a DER-encoded
 * NSS_PrivateKeyInfo.
 */
typedef struct {
	SecAsn1AlgId	algorithm;
	SecAsn1Item						encryptedData;
} NSS_EncryptedPrivateKeyInfo;

extern const SecAsn1Template kSecAsn1EncryptedPrivateKeyInfoTemplate[];

/*
 * ASN class : DigestInfo
 * C struct  : NSS_DigestInfo
 */
typedef struct {
	SecAsn1AlgId	digestAlgorithm;
	SecAsn1Item						digest;
} NSS_DigestInfo;

extern const SecAsn1Template kSecAsn1DigestInfoTemplate[];

/*
 * Key structs and templates, placed here due to their ubiquitous use.
 */

// MARK: *** RSA ***

/*
 * RSA public key, PKCS1 format
 * 
 * ASN class : RSAPublicKey
 * C struct  : NSS_RSAPublicKeyPKCS1
 */
typedef struct {
    SecAsn1Item modulus;
    SecAsn1Item publicExponent;
} NSS_RSAPublicKeyPKCS1;

extern const SecAsn1Template kSecAsn1RSAPublicKeyPKCS1Template[];

/*
 * RSA public key, X509 format: NSS_SubjectPublicKeyInfoTemplate
 */

/*
 * RSA private key, PKCS1 format, used by openssl
 *
 * ASN class : RSAPrivateKey
 * C struct  : NSS_RSAPrivateKeyPKCS1
 */
typedef struct {
	SecAsn1Item version;
    SecAsn1Item modulus;
    SecAsn1Item publicExponent;
    SecAsn1Item privateExponent;
    SecAsn1Item prime1;
    SecAsn1Item prime2;
    SecAsn1Item exponent1;
    SecAsn1Item exponent2;
    SecAsn1Item coefficient;
} NSS_RSAPrivateKeyPKCS1;

extern const SecAsn1Template kSecAsn1RSAPrivateKeyPKCS1Template[];

/*
 * RSA private key, PKCS8 format: NSS_PrivateKeyInfo; the privateKey
 * value is a DER-encoded NSS_RSAPrivateKeyPKCS1.
 */

// MARK: *** Diffie-Hellman ***

/*** from PKCS3 ***/

/*
 * ASN class : DHParameter
 * C struct  : NSS_DHParameter
 */
typedef struct {
	SecAsn1Item		prime;
	SecAsn1Item		base;
	SecAsn1Item		privateValueLength;	// optional
} NSS_DHParameter;

extern const SecAsn1Template kSecAsn1DHParameterTemplate[];

/*
 * ASN class : DHParameterBlock
 * C struct  : NSS_DHParameterBlock
 */
typedef struct {
	SecAsn1Oid		oid;				// CSSMOID_PKCS3
	NSS_DHParameter	params;
} NSS_DHParameterBlock;

extern const SecAsn1Template kSecAsn1DHParameterBlockTemplate[];

/*
 * ASN class : DHPrivateKey
 * C struct  : NSS_DHPrivateKey
 */
typedef struct {
	SecAsn1Oid		dhOid;				// CSSMOID_DH
	NSS_DHParameter	params;
	SecAsn1Item		secretPart;
} NSS_DHPrivateKey;

extern const SecAsn1Template kSecAsn1DHPrivateKeyTemplate[];

/* 
 * ANSI X9.42 style Diffie-Hellman keys.
 * 
 * DomainParameters ::= SEQUENCE {  -- Galois field group parameters
 *   p         INTEGER,            -- odd prime, p = jq + 1
 *   g         INTEGER,            -- generator, g ^ q = 1 mod p
 *   q         INTEGER,            -- prime factor of p-1
 *   j         INTEGER  OPTIONAL,  -- cofactor, j >= 2
 *                                 -- required for cofactor method
 *   valParms  ValidationParms  OPTIONAL
 * } 
 *
 * ValidationParms ::= SEQUENCE {
 *   seed           BIT STRING,  -- seed for prime number generation
 *   pGenCounter    INTEGER      -- parameter verification 
 * }
 */
typedef struct {
	SecAsn1Item		seed;			// BIT STRING, length in bits
	SecAsn1Item		pGenCounter;
} NSS_DHValidationParams;

typedef struct {
	SecAsn1Item				p;
	SecAsn1Item				g;
	SecAsn1Item				q;
	SecAsn1Item				j;			// OPTIONAL
	NSS_DHValidationParams	*valParams;	// OPTIONAL
} NSS_DHDomainParamsX942;

/* Custom X9.42 D-H AlgorithmIdentifier */
typedef struct {
	SecAsn1Oid				oid;		// CSSMOID_ANSI_DH_PUB_NUMBER
	NSS_DHDomainParamsX942	params;
} NSS_DHAlgorithmIdentifierX942;

extern const SecAsn1Template kSecAsn1DHValidationParamsTemplate[];
extern const SecAsn1Template kSecAsn1DHDomainParamsX942Template[];
extern const SecAsn1Template kSecAsn1DHAlgorithmIdentifierX942Template[];

/* PKCS8 form of D-H private key using X9.42 domain parameters */
typedef struct {
    SecAsn1Item 						version;
	NSS_DHAlgorithmIdentifierX942	algorithm;
	/* octet string containing DER-encoded integer */
	SecAsn1Item						privateKey;
    NSS_Attribute 					**attributes;	// OPTIONAL
} NSS_DHPrivateKeyPKCS8;

/* X509 form of D-H public key using X9.42 domain parameters */
typedef struct {
	NSS_DHAlgorithmIdentifierX942	algorithm;
	/* bit string containing DER-encoded integer representing 
	 * raw public key */
	SecAsn1Item						publicKey;		// length in BITS
} NSS_DHPublicKeyX509;

extern const SecAsn1Template kSecAsn1DHPrivateKeyPKCS8Template[];
extern const SecAsn1Template kSecAsn1DHPublicKeyX509Template[];
 
// MARK: *** ECDSA ***

/* 
 * ECDSA Private key as defined in section C.4 of Certicom SEC1.
 * The DER encoding of this is placed in the privateKey field
 * of a NSS_PrivateKeyInfo.
 */
typedef struct {
    SecAsn1Item 	version;
	SecAsn1Item		privateKey;
	SecAsn1Item		params;		/* optional, ANY */
	SecAsn1Item		pubKey;		/* BITSTRING, optional */
} NSS_ECDSA_PrivateKey;

extern const SecAsn1Template kSecAsn1ECDSAPrivateKeyInfoTemplate[];

#ifdef  __cplusplus
}
#endif

#endif	/* _NSS_RSA_KEY_TEMPLATES_H_ */
Commit	Line	Data
b1ab9ed8 A	1	/*
	2	* Copyright (c) 2003-2006,2008,2010 Apple Inc. All Rights Reserved.
	3	*
	4	* @APPLE_LICENSE_HEADER_START@
	5	*
	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. Please obtain a copy of the License at
	10	* http://www.opensource.apple.com/apsl/ and read it before using this
	11	* file.
	12	*
	13	* The Original Code and all software distributed under the License are
	14	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	15	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	16	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	17	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	18	* Please see the License for the specific language governing rights and
	19	* limitations under the License.
	20	*
	21	* @APPLE_LICENSE_HEADER_END@
	22	*
	23	* keyTemplate.h - ASN1 templates for asymmetric keys and related
	24	* structs.
	25	*/
	26
	27	#ifndef _NSS_KEY_TEMPLATES_H_
	28	#define _NSS_KEY_TEMPLATES_H_
	29
	30	#include <Security/SecAsn1Types.h>
	31
	32	/*
	33	* Arrays of SecAsn1Templates are always associated with a specific
	34	* C struct. We attempt to use C structs which are defined in CDSA
	35	* if at all possible; these always start with the CSSM_ prefix.
	36	* Otherwise we define the struct here, with an NSS_ prefix.
	37	* In either case, the name of the C struct is listed in comments
	38	* along with the extern declaration of the SecAsn1Template array.
	39	*/
	40
	41	#ifdef __cplusplus
	42	extern "C" {
	43	#endif
	44
	45	/*
	46	* ASN class : AlgorithmIdentifier
	47	* C struct : SecAsn1AlgId
	48	*/
	49	extern const SecAsn1Template kSecAsn1AlgorithmIDTemplate[];
	50
	51	/*
	52	* ASN class : SubjectPublicKeyInfo
	53	* C struct : SecAsn1PubKeyInfo
	54	*/
	55	extern const SecAsn1Template kSecAsn1SubjectPublicKeyInfoTemplate[];
	56
	57	/*
	58	* ASN class : Attribute
	59	* C struct : NSS_Attribute
	60	*/
	61	typedef struct {
	62	SecAsn1Oid attrType;
	63	SecAsn1Item **attrValue;
	64	} NSS_Attribute;
65
66	extern const SecAsn1Template kSecAsn1AttributeTemplate[];
67	extern const SecAsn1Template kSecAsn1SetOfAttributeTemplate[];
68
69	/*
70	* PKCS8 private key info
71	* ASN class : PrivateKeyInfo
72	* C struct : NSS_PrivateKeyInfo
73	*/
74	typedef struct {
75	SecAsn1Item version;
76	SecAsn1AlgId algorithm;
77	SecAsn1Item privateKey;
78	NSS_Attribute **attributes;
79	} NSS_PrivateKeyInfo;
80
81	extern const SecAsn1Template kSecAsn1PrivateKeyInfoTemplate[];
82
83	/*
84	* PKCS8 Encrypted Private Key Info
85	* ASN class : EncryptedPrivateKeyInfo
86	* C struct : NSS_EncryptedPrivateKeyInfo
87	*
88	* The decrypted encryptedData field is a DER-encoded
89	* NSS_PrivateKeyInfo.
90	*/
91	typedef struct {
92	SecAsn1AlgId algorithm;
93	SecAsn1Item encryptedData;
94	} NSS_EncryptedPrivateKeyInfo;
95
96	extern const SecAsn1Template kSecAsn1EncryptedPrivateKeyInfoTemplate[];
97
98	/*
99	* ASN class : DigestInfo
100	* C struct : NSS_DigestInfo
101	*/
102	typedef struct {
103	SecAsn1AlgId digestAlgorithm;
104	SecAsn1Item digest;
105	} NSS_DigestInfo;
106
107	extern const SecAsn1Template kSecAsn1DigestInfoTemplate[];
108
109	/*
110	* Key structs and templates, placed here due to their ubiquitous use.
111	*/
112
427c49bc	113	// MARK: * RSA *
b1ab9ed8 A	114
	115	/*
	116	* RSA public key, PKCS1 format
	117	*
	118	* ASN class : RSAPublicKey
	119	* C struct : NSS_RSAPublicKeyPKCS1
	120	*/
	121	typedef struct {
	122	SecAsn1Item modulus;
	123	SecAsn1Item publicExponent;
	124	} NSS_RSAPublicKeyPKCS1;
	125
	126	extern const SecAsn1Template kSecAsn1RSAPublicKeyPKCS1Template[];
	127
	128	/*
	129	* RSA public key, X509 format: NSS_SubjectPublicKeyInfoTemplate
	130	*/
	131
	132	/*
	133	* RSA private key, PKCS1 format, used by openssl
	134	*
	135	* ASN class : RSAPrivateKey
	136	* C struct : NSS_RSAPrivateKeyPKCS1
	137	*/
	138	typedef struct {
	139	SecAsn1Item version;
	140	SecAsn1Item modulus;
	141	SecAsn1Item publicExponent;
	142	SecAsn1Item privateExponent;
	143	SecAsn1Item prime1;
	144	SecAsn1Item prime2;
	145	SecAsn1Item exponent1;
	146	SecAsn1Item exponent2;
	147	SecAsn1Item coefficient;
	148	} NSS_RSAPrivateKeyPKCS1;
	149
	150	extern const SecAsn1Template kSecAsn1RSAPrivateKeyPKCS1Template[];
	151
	152	/*
	153	* RSA private key, PKCS8 format: NSS_PrivateKeyInfo; the privateKey
	154	* value is a DER-encoded NSS_RSAPrivateKeyPKCS1.
	155	*/
	156
427c49bc	157	// MARK: * Diffie-Hellman *
b1ab9ed8 A	158
	159	/* from PKCS3 */
	160
	161	/*
	162	* ASN class : DHParameter
	163	* C struct : NSS_DHParameter
	164	*/
	165	typedef struct {
	166	SecAsn1Item prime;
	167	SecAsn1Item base;
	168	SecAsn1Item privateValueLength; // optional
	169	} NSS_DHParameter;
	170
	171	extern const SecAsn1Template kSecAsn1DHParameterTemplate[];
	172
	173	/*
	174	* ASN class : DHParameterBlock
	175	* C struct : NSS_DHParameterBlock
	176	*/
	177	typedef struct {
	178	SecAsn1Oid oid; // CSSMOID_PKCS3
	179	NSS_DHParameter params;
	180	} NSS_DHParameterBlock;
	181
	182	extern const SecAsn1Template kSecAsn1DHParameterBlockTemplate[];
	183
	184	/*
	185	* ASN class : DHPrivateKey
	186	* C struct : NSS_DHPrivateKey
	187	*/
	188	typedef struct {
	189	SecAsn1Oid dhOid; // CSSMOID_DH
	190	NSS_DHParameter params;
	191	SecAsn1Item secretPart;
	192	} NSS_DHPrivateKey;
	193
	194	extern const SecAsn1Template kSecAsn1DHPrivateKeyTemplate[];
	195
	196	/*
	197	* ANSI X9.42 style Diffie-Hellman keys.
	198	*
	199	* DomainParameters ::= SEQUENCE { -- Galois field group parameters
	200	* p INTEGER, -- odd prime, p = jq + 1
	201	* g INTEGER, -- generator, g ^ q = 1 mod p
	202	* q INTEGER, -- prime factor of p-1
	203	* j INTEGER OPTIONAL, -- cofactor, j >= 2
	204	* -- required for cofactor method
	205	* valParms ValidationParms OPTIONAL
	206	* }
	207	*
	208	* ValidationParms ::= SEQUENCE {
	209	* seed BIT STRING, -- seed for prime number generation
	210	* pGenCounter INTEGER -- parameter verification
	211	* }
	212	*/
	213	typedef struct {
	214	SecAsn1Item seed; // BIT STRING, length in bits
	215	SecAsn1Item pGenCounter;
	216	} NSS_DHValidationParams;
	217
	218	typedef struct {
	219	SecAsn1Item p;
	220	SecAsn1Item g;
	221	SecAsn1Item q;
222	SecAsn1Item j; // OPTIONAL
223	NSS_DHValidationParams *valParams; // OPTIONAL
224	} NSS_DHDomainParamsX942;
225
226	/* Custom X9.42 D-H AlgorithmIdentifier */
227	typedef struct {
228	SecAsn1Oid oid; // CSSMOID_ANSI_DH_PUB_NUMBER
229	NSS_DHDomainParamsX942 params;
230	} NSS_DHAlgorithmIdentifierX942;
231
232	extern const SecAsn1Template kSecAsn1DHValidationParamsTemplate[];
233	extern const SecAsn1Template kSecAsn1DHDomainParamsX942Template[];
234	extern const SecAsn1Template kSecAsn1DHAlgorithmIdentifierX942Template[];
235
236	/* PKCS8 form of D-H private key using X9.42 domain parameters */
237	typedef struct {
238	SecAsn1Item version;
239	NSS_DHAlgorithmIdentifierX942 algorithm;
240	/* octet string containing DER-encoded integer */
241	SecAsn1Item privateKey;
242	NSS_Attribute **attributes; // OPTIONAL
243	} NSS_DHPrivateKeyPKCS8;
244
245	/* X509 form of D-H public key using X9.42 domain parameters */
246	typedef struct {
247	NSS_DHAlgorithmIdentifierX942 algorithm;
248	/* bit string containing DER-encoded integer representing
249	* raw public key */
250	SecAsn1Item publicKey; // length in BITS
251	} NSS_DHPublicKeyX509;
252
253	extern const SecAsn1Template kSecAsn1DHPrivateKeyPKCS8Template[];
254	extern const SecAsn1Template kSecAsn1DHPublicKeyX509Template[];
255
427c49bc	256	// MARK: * ECDSA *
b1ab9ed8 A	257
	258	/*
	259	* ECDSA Private key as defined in section C.4 of Certicom SEC1.
	260	* The DER encoding of this is placed in the privateKey field
	261	* of a NSS_PrivateKeyInfo.
	262	*/
	263	typedef struct {
	264	SecAsn1Item version;
	265	SecAsn1Item privateKey;
	266	SecAsn1Item params; /* optional, ANY */
	267	SecAsn1Item pubKey; /* BITSTRING, optional */
	268	} NSS_ECDSA_PrivateKey;
	269
	270	extern const SecAsn1Template kSecAsn1ECDSAPrivateKeyInfoTemplate[];
	271
	272	#ifdef __cplusplus
	273	}
	274	#endif
	275
	276	#endif /* _NSS_RSA_KEY_TEMPLATES_H_ */