2 * Copyright (c) 2003-2006,2008,2010-2012 Apple Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
21 * @APPLE_LICENSE_HEADER_END@
23 * keyTemplate.h - ASN1 templates for asymmetric keys and related
27 #ifndef _NSS_KEY_TEMPLATES_H_
28 #define _NSS_KEY_TEMPLATES_H_
30 #include <Security/SecAsn1Types.h>
33 * Arrays of SecAsn1Templates are always associated with a specific
34 * C struct. We attempt to use C structs which are defined in CDSA
35 * if at all possible; these always start with the CSSM_ prefix.
36 * Otherwise we define the struct here, with an NSS_ prefix.
37 * In either case, the name of the C struct is listed in comments
38 * along with the extern declaration of the SecAsn1Template array.
46 * ASN class : AlgorithmIdentifier
47 * C struct : SecAsn1AlgId
49 extern const SecAsn1Template kSecAsn1AlgorithmIDTemplate
[];
52 * ASN class : SubjectPublicKeyInfo
53 * C struct : SecAsn1PubKeyInfo
55 extern const SecAsn1Template kSecAsn1SubjectPublicKeyInfoTemplate
[];
58 * ASN class : Attribute
59 * C struct : NSS_Attribute
63 SecAsn1Item
**attrValue
;
66 extern const SecAsn1Template kSecAsn1AttributeTemplate
[];
67 extern const SecAsn1Template kSecAsn1SetOfAttributeTemplate
[];
70 * PKCS8 private key info
71 * ASN class : PrivateKeyInfo
72 * C struct : NSS_PrivateKeyInfo
76 SecAsn1AlgId algorithm
;
77 SecAsn1Item privateKey
;
78 NSS_Attribute
**attributes
;
81 extern const SecAsn1Template kSecAsn1PrivateKeyInfoTemplate
[];
84 * PKCS8 Encrypted Private Key Info
85 * ASN class : EncryptedPrivateKeyInfo
86 * C struct : NSS_EncryptedPrivateKeyInfo
88 * The decrypted encryptedData field is a DER-encoded
92 SecAsn1AlgId algorithm
;
93 SecAsn1Item encryptedData
;
94 } NSS_EncryptedPrivateKeyInfo
;
96 extern const SecAsn1Template kSecAsn1EncryptedPrivateKeyInfoTemplate
[];
99 * ASN class : DigestInfo
100 * C struct : NSS_DigestInfo
103 SecAsn1AlgId digestAlgorithm
;
107 extern const SecAsn1Template kSecAsn1DigestInfoTemplate
[];
110 * Key structs and templates, placed here due to their ubiquitous use.
116 * RSA public key, PKCS1 format
118 * ASN class : RSAPublicKey
119 * C struct : NSS_RSAPublicKeyPKCS1
123 SecAsn1Item publicExponent
;
124 } NSS_RSAPublicKeyPKCS1
;
126 extern const SecAsn1Template kSecAsn1RSAPublicKeyPKCS1Template
[];
129 * RSA public key, X509 format: NSS_SubjectPublicKeyInfoTemplate
133 * RSA private key, PKCS1 format, used by openssl
135 * ASN class : RSAPrivateKey
136 * C struct : NSS_RSAPrivateKeyPKCS1
141 SecAsn1Item publicExponent
;
142 SecAsn1Item privateExponent
;
145 SecAsn1Item exponent1
;
146 SecAsn1Item exponent2
;
147 SecAsn1Item coefficient
;
148 } NSS_RSAPrivateKeyPKCS1
;
150 extern const SecAsn1Template kSecAsn1RSAPrivateKeyPKCS1Template
[];
153 * RSA private key, PKCS8 format: NSS_PrivateKeyInfo; the privateKey
154 * value is a DER-encoded NSS_RSAPrivateKeyPKCS1.
157 // MARK: *** Diffie-Hellman ***
162 * ASN class : DHParameter
163 * C struct : NSS_DHParameter
168 SecAsn1Item privateValueLength
; // optional
171 extern const SecAsn1Template kSecAsn1DHParameterTemplate
[];
174 * ASN class : DHParameterBlock
175 * C struct : NSS_DHParameterBlock
178 SecAsn1Oid oid
; // CSSMOID_PKCS3
179 NSS_DHParameter params
;
180 } NSS_DHParameterBlock
;
182 extern const SecAsn1Template kSecAsn1DHParameterBlockTemplate
[];
185 * ASN class : DHPrivateKey
186 * C struct : NSS_DHPrivateKey
189 SecAsn1Oid dhOid
; // CSSMOID_DH
190 NSS_DHParameter params
;
191 SecAsn1Item secretPart
;
194 extern const SecAsn1Template kSecAsn1DHPrivateKeyTemplate
[];
197 * ANSI X9.42 style Diffie-Hellman keys.
199 * DomainParameters ::= SEQUENCE { -- Galois field group parameters
200 * p INTEGER, -- odd prime, p = jq + 1
201 * g INTEGER, -- generator, g ^ q = 1 mod p
202 * q INTEGER, -- prime factor of p-1
203 * j INTEGER OPTIONAL, -- cofactor, j >= 2
204 * -- required for cofactor method
205 * valParms ValidationParms OPTIONAL
208 * ValidationParms ::= SEQUENCE {
209 * seed BIT STRING, -- seed for prime number generation
210 * pGenCounter INTEGER -- parameter verification
214 SecAsn1Item seed
; // BIT STRING, length in bits
215 SecAsn1Item pGenCounter
;
216 } NSS_DHValidationParams
;
222 SecAsn1Item j
; // OPTIONAL
223 NSS_DHValidationParams
*valParams
; // OPTIONAL
224 } NSS_DHDomainParamsX942
;
226 /* Custom X9.42 D-H AlgorithmIdentifier */
228 SecAsn1Oid oid
; // CSSMOID_ANSI_DH_PUB_NUMBER
229 NSS_DHDomainParamsX942 params
;
230 } NSS_DHAlgorithmIdentifierX942
;
232 extern const SecAsn1Template kSecAsn1DHValidationParamsTemplate
[];
233 extern const SecAsn1Template kSecAsn1DHDomainParamsX942Template
[];
234 extern const SecAsn1Template kSecAsn1DHAlgorithmIdentifierX942Template
[];
236 /* PKCS8 form of D-H private key using X9.42 domain parameters */
239 NSS_DHAlgorithmIdentifierX942 algorithm
;
240 /* octet string containing DER-encoded integer */
241 SecAsn1Item privateKey
;
242 NSS_Attribute
**attributes
; // OPTIONAL
243 } NSS_DHPrivateKeyPKCS8
;
245 /* X509 form of D-H public key using X9.42 domain parameters */
247 NSS_DHAlgorithmIdentifierX942 algorithm
;
248 /* bit string containing DER-encoded integer representing
250 SecAsn1Item publicKey
; // length in BITS
251 } NSS_DHPublicKeyX509
;
253 extern const SecAsn1Template kSecAsn1DHPrivateKeyPKCS8Template
[];
254 extern const SecAsn1Template kSecAsn1DHPublicKeyX509Template
[];
256 // MARK: *** ECDSA ***
259 * ECDSA Private key as defined in section C.4 of Certicom SEC1.
260 * The DER encoding of this is placed in the privateKey field
261 * of a NSS_PrivateKeyInfo.
265 SecAsn1Item privateKey
;
266 SecAsn1Item params
; /* optional, ANY */
267 SecAsn1Item pubKey
; /* BITSTRING, optional */
268 } NSS_ECDSA_PrivateKey
;
270 extern const SecAsn1Template kSecAsn1ECDSAPrivateKeyInfoTemplate
[];
276 #endif /* _NSS_RSA_KEY_TEMPLATES_H_ */