]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_apple_csp/lib/RSA_DSA_keys.h
Security-58286.200.222.tar.gz
[apple/security.git] / OSX / libsecurity_apple_csp / lib / RSA_DSA_keys.h
1 /*
2 * Copyright (c) 2000-2001,2011,2013-2014 Apple Inc. All Rights Reserved.
3 *
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
8 * using this file.
9 *
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
16 */
17
18
19 /*
20 * RSA_DSA_keys.h - key pair support for RSA/DSA
21 */
22
23 #ifndef _RSA_DSA_KEYS_H_
24 #define _RSA_DSA_KEYS_H_
25
26 #include <AppleCSPContext.h>
27 #include <AppleCSPSession.h>
28 #include <RSA_DSA_csp.h>
29 #include "AppleCSPKeys.h"
30 #include <Security/osKeyTemplates.h>
31 #include <openssl/rsa_legacy.h>
32 #include <openssl/dsa_legacy.h>
33 #include <security_cdsa_utilities/context.h>
34 #include <security_asn1/SecNssCoder.h>
35
36 #define RSA_PUB_KEY_FORMAT CSSM_KEYBLOB_RAW_FORMAT_PKCS1
37 #define RSA_PRIV_KEY_FORMAT CSSM_KEYBLOB_RAW_FORMAT_PKCS8
38
39 #define DSA_PUB_KEY_FORMAT CSSM_KEYBLOB_RAW_FORMAT_X509
40 #define DSA_PRIV_KEY_FORMAT CSSM_KEYBLOB_RAW_FORMAT_FIPS186
41
42 #define DSA_MIN_KEY_SIZE 512
43 #define DSA_MAX_KEY_SIZE 4096
44 #define DSA_KEY_BITS_MASK (64 - 1) /* these bits must be zero */
45 /* i.e., aligned to 64 bits */
46
47 #define RSA_MAX_KEY_SIZE (8 * 1024)
48 #define RSA_MAX_PUB_EXPONENT_SIZE 64
49
50 /* Those max RSA sizes can be overridden with these system preferences */
51 #define kRSAKeySizePrefsDomain "com.apple.security"
52 #define kRSAMaxKeySizePref CFSTR("RSAMaxKeySize")
53 #define kRSAMaxPublicExponentPref CFSTR("RSAMaxPublicExponent")
54
55 /*
56 * RSA version of a BinaryKey.
57 */
58 class RSABinaryKey : public BinaryKey {
59 public:
60 RSABinaryKey(RSA *rsaKey = NULL);
61 ~RSABinaryKey();
62 void generateKeyBlob(
63 Allocator &allocator,
64 CssmData &blob,
65 CSSM_KEYBLOB_FORMAT &format,
66 AppleCSPSession &session,
67 const CssmKey *paramKey, /* optional, unused here */
68 CSSM_KEYATTR_FLAGS &attrFlags); /* IN/OUT */
69
70 RSA *mRsaKey;
71
72 bool isOaep() { return mOaep; }
73 const CSSM_DATA &label() { return mLabel; }
74 void setOaep(
75 const CSSM_DATA &label);
76 private:
77 /*
78 * optional fields for OEAP keys
79 * (mKeyHeader.AlgorithmId == CSSM_ALGMODE_PKCS1_EME_OAEP)
80 */
81 bool mOaep;
82 CssmAutoData mLabel;
83 };
84
85 class RSAKeyPairGenContext :
86 public AppleCSPContext, private AppleKeyPairGenContext {
87 public:
88 RSAKeyPairGenContext(
89 AppleCSPSession &session,
90 const Context &) :
91 AppleCSPContext(session) {}
92
93 ~RSAKeyPairGenContext() { }
94
95 /* no init functionality, but we need to implement it */
96 void init(
97 const Context &,
98 bool) { }
99
100 // this one is specified in, and called from, CSPFullPluginSession
101 void generate(
102 const Context &context,
103 CssmKey &pubKey,
104 CssmKey &privKey);
105
106 // declared in CSPFullPluginSession, but not implemented here
107 void generate(const Context &context, uint32, CssmData &params, uint32 &attrCount, Context::Attr * &attrs);
108
109 // this one is specified in, and called from, AppleKeyPairGenContext
110 void generate(
111 const Context &context,
112 BinaryKey &pubBinKey,
113 BinaryKey &privBinKey,
114 uint32 &keySize);
115
116 }; /* KeyPairGenContext */
117
118 /*
119 * CSPKeyInfoProvider for RSA keys
120 */
121 class RSAKeyInfoProvider : public CSPKeyInfoProvider
122 {
123 private:
124 RSAKeyInfoProvider(
125 const CssmKey &cssmKey,
126 AppleCSPSession &session);
127 public:
128 static CSPKeyInfoProvider *provider(
129 const CssmKey &cssmKey,
130 AppleCSPSession &session);
131
132 ~RSAKeyInfoProvider() { }
133 void CssmKeyToBinary(
134 CssmKey *paramKey, // optional
135 CSSM_KEYATTR_FLAGS &attrFlags, // IN/OUT
136 BinaryKey **binKey); // RETURNED
137 void QueryKeySizeInBits(
138 CSSM_KEY_SIZE &keySize); // RETURNED
139 bool getHashableBlob(
140 Allocator &allocator,
141 CssmData &hashBlob);
142 };
143
144 /*
145 * DSA version of a BinaryKey.
146 */
147 class DSABinaryKey : public BinaryKey {
148 public:
149 DSABinaryKey(DSA *dsaKey = NULL);
150 ~DSABinaryKey();
151 void generateKeyBlob(
152 Allocator &allocator,
153 CssmData &blob,
154 CSSM_KEYBLOB_FORMAT &format,
155 AppleCSPSession &session,
156 const CssmKey *paramKey, /* optional */
157 CSSM_KEYATTR_FLAGS &attrFlags); /* IN/OUT */
158
159 DSA *mDsaKey;
160 };
161
162 class DSAKeyPairGenContext :
163 public AppleCSPContext, private AppleKeyPairGenContext {
164 public:
165 DSAKeyPairGenContext(
166 AppleCSPSession &session,
167 const Context &) :
168 AppleCSPContext(session), mGenAttrs(NULL) {}
169
170 ~DSAKeyPairGenContext() { freeGenAttrs(); }
171
172 /* no init functionality, but we need to implement it */
173 void init(
174 const Context &,
175 bool) { }
176
177 // this one is specified in, and called from, CSPFullPluginSession
178 void generate(
179 const Context &context,
180 CssmKey &pubKey,
181 CssmKey &privKey);
182
183 // this one is specified in, and called from, AppleKeyPairGenContext
184 void generate(
185 const Context &context,
186 BinaryKey &pubBinKey,
187 BinaryKey &privBinKey,
188 uint32 &keySize);
189
190 // specified in, and called from, CSPFullPluginSessionÊ- generate parameters
191 void generate(
192 const Context &context,
193 uint32 bitSize,
194 CssmData &params,
195 uint32 &attrCount,
196 Context::Attr * &attrs);
197
198 /*
199 * Necessary to handle and deflect "context changed" notification which occurs
200 * after the strange return from "generate parameters", when the plugin adds
201 * the "returned" values to the Context.
202 */
203 bool changed(const Context &context) { return true; }
204
205 void dsaGenParams(
206 uint32 keySizeInBits,
207 const void *inSeed, // optional
208 unsigned inSeedLen,
209 NSS_DSAAlgParams &algParams,
210 SecNssCoder &coder);
211
212 private:
213 /* gross hack to store attributes "returned" from GenParams */
214 Context::Attr *mGenAttrs;
215 void freeGenAttrs();
216 }; /* KeyPairGenContext */
217
218 /*
219 * CSPKeyInfoProvider for DSA keys
220 */
221 class DSAKeyInfoProvider : public CSPKeyInfoProvider
222 {
223 private:
224 DSAKeyInfoProvider(
225 const CssmKey &cssmKey,
226 AppleCSPSession &session);
227 public:
228 static CSPKeyInfoProvider *provider(
229 const CssmKey &cssmKey,
230 AppleCSPSession &session);
231
232 ~DSAKeyInfoProvider() { }
233 void CssmKeyToBinary(
234 CssmKey *paramKey, // optional
235 CSSM_KEYATTR_FLAGS &attrFlags, // IN/OUT
236 BinaryKey **binKey); // RETURNED
237 void QueryKeySizeInBits(
238 CSSM_KEY_SIZE &keySize); // RETURNED
239 bool getHashableBlob(
240 Allocator &allocator,
241 CssmData &hashBlob);
242 };
243
244 #endif /* _RSA_DSA_KEYS_H_ */