]> git.saurik.com Git - apple/security.git/blob - libsecurity_apple_csp/lib/RSA_DSA_keys.h
projects / apple / security.git / blob
? search:


8bc2cb15e3249a537fccf47fe90dee8d77bfe890
[apple/security.git] / libsecurity_apple_csp / lib / RSA_DSA_keys.h
1 /*
2 * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
3 *
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
8 * using this file.
9 *
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
16 */
17
18
19 /*
20 * RSA_DSA_keys.h - key pair support for RSA/DSA
21 */
22
23 #ifndef _RSA_DSA_KEYS_H_
24 #define _RSA_DSA_KEYS_H_
25
26 #include <AppleCSPContext.h>
27 #include <AppleCSPSession.h>
28 #include <RSA_DSA_csp.h>
29 #include "AppleCSPKeys.h"
30 #include <Security/osKeyTemplates.h>
31 #include <openssl/rsa.h>
32 #include <openssl/dsa.h>
33 #include <security_cdsa_utilities/context.h>
34 #include <security_asn1/SecNssCoder.h>
35
36 #define RSA_PUB_KEY_FORMAT CSSM_KEYBLOB_RAW_FORMAT_PKCS1
37 #define RSA_PRIV_KEY_FORMAT CSSM_KEYBLOB_RAW_FORMAT_PKCS8
38
39 #define DSA_PUB_KEY_FORMAT CSSM_KEYBLOB_RAW_FORMAT_X509
40 #define DSA_PRIV_KEY_FORMAT CSSM_KEYBLOB_RAW_FORMAT_FIPS186
41
42 #define DSA_MIN_KEY_SIZE 512
43 #define DSA_MAX_KEY_SIZE 4096
44 #define DSA_KEY_BITS_MASK (64 - 1) /* these bits must be zero */
45 /* i.e., aligned to 64 bits */
46
47 #define RSA_MAX_KEY_SIZE 4096
48 #define RSA_MAX_PUB_EXPONENT_SIZE 64
49
50 /* Those max RSA sizes can be overridden with these system preferences */
51 #define kRSAKeySizePrefsDomain "com.apple.crypto"
52 #define kRSAMaxKeySizePref CFSTR("RSAMaxKeySize")
53 #define kRSAMaxPublicExponentPref CFSTR("RSAMaxPublicExponent")
54
55 /*
56 * RSA version of a BinaryKey.
57 */
58 class RSABinaryKey : public BinaryKey {
59 public:
60 RSABinaryKey(RSA *rsaKey = NULL);
61 ~RSABinaryKey();
62 void generateKeyBlob(
63 Allocator &allocator,
64 CssmData &blob,
65 CSSM_KEYBLOB_FORMAT &format,
66 AppleCSPSession &session,
67 const CssmKey *paramKey, /* optional, unused here */
68 CSSM_KEYATTR_FLAGS &attrFlags); /* IN/OUT */
69
70 RSA *mRsaKey;
71
72 bool isOaep() { return mOaep; }
73 const CSSM_DATA &label() { return mLabel; }
74 void setOaep(
75 const CSSM_DATA &label);
76 private:
77 /*
78 * optional fields for OEAP keys
79 * (mKeyHeader.AlgorithmId == CSSM_ALGMODE_PKCS1_EME_OAEP)
80 */
81 bool mOaep;
82 CssmAutoData mLabel;
83 };
84
85 class RSAKeyPairGenContext :
86 public AppleCSPContext, private AppleKeyPairGenContext {
87 public:
88 RSAKeyPairGenContext(
89 AppleCSPSession &session,
90 const Context &) :
91 AppleCSPContext(session) {}
92
93 ~RSAKeyPairGenContext() { }
94
95 /* no init functionality, but we need to implement it */
96 void init(
97 const Context &,
98 bool) { }
99
100 // this one is specified in, and called from, CSPFullPluginSession
101 void generate(
102 const Context &context,
103 CssmKey &pubKey,
104 CssmKey &privKey);
105
106 // this one is specified in, and called from, AppleKeyPairGenContext
107 void generate(
108 const Context &context,
109 BinaryKey &pubBinKey,
110 BinaryKey &privBinKey,
111 uint32 &keySize);
112
113 }; /* KeyPairGenContext */
114
115 /*
116 * CSPKeyInfoProvider for RSA keys
117 */
118 class RSAKeyInfoProvider : public CSPKeyInfoProvider
119 {
120 private:
121 RSAKeyInfoProvider(
122 const CssmKey &cssmKey,
123 AppleCSPSession &session);
124 public:
125 static CSPKeyInfoProvider *provider(
126 const CssmKey &cssmKey,
127 AppleCSPSession &session);
128
129 ~RSAKeyInfoProvider() { }
130 void CssmKeyToBinary(
131 CssmKey *paramKey, // optional
132 CSSM_KEYATTR_FLAGS &attrFlags, // IN/OUT
133 BinaryKey **binKey); // RETURNED
134 void QueryKeySizeInBits(
135 CSSM_KEY_SIZE &keySize); // RETURNED
136 bool getHashableBlob(
137 Allocator &allocator,
138 CssmData &hashBlob);
139 };
140
141 /*
142 * DSA version of a BinaryKey.
143 */
144 class DSABinaryKey : public BinaryKey {
145 public:
146 DSABinaryKey(DSA *dsaKey = NULL);
147 ~DSABinaryKey();
148 void generateKeyBlob(
149 Allocator &allocator,
150 CssmData &blob,
151 CSSM_KEYBLOB_FORMAT &format,
152 AppleCSPSession &session,
153 const CssmKey *paramKey, /* optional */
154 CSSM_KEYATTR_FLAGS &attrFlags); /* IN/OUT */
155
156 DSA *mDsaKey;
157 };
158
159 class DSAKeyPairGenContext :
160 public AppleCSPContext, private AppleKeyPairGenContext {
161 public:
162 DSAKeyPairGenContext(
163 AppleCSPSession &session,
164 const Context &) :
165 AppleCSPContext(session), mGenAttrs(NULL) {}
166
167 ~DSAKeyPairGenContext() { freeGenAttrs(); }
168
169 /* no init functionality, but we need to implement it */
170 void init(
171 const Context &,
172 bool) { }
173
174 // this one is specified in, and called from, CSPFullPluginSession
175 void generate(
176 const Context &context,
177 CssmKey &pubKey,
178 CssmKey &privKey);
179
180 // this one is specified in, and called from, AppleKeyPairGenContext
181 void generate(
182 const Context &context,
183 BinaryKey &pubBinKey,
184 BinaryKey &privBinKey,
185 uint32 &keySize);
186
187 // specified in, and called from, CSPFullPluginSessionÊ- generate parameters
188 void generate(
189 const Context &context,
190 uint32 bitSize,
191 CssmData &params,
192 uint32 &attrCount,
193 Context::Attr * &attrs);
194
195 /*
196 * Necessary to handle and deflect "context changed" notification which occurs
197 * after the strange return from "generate parameters", when the plugin adds
198 * the "returned" values to the Context.
199 */
200 bool changed(const Context &context) { return true; }
201
202 void dsaGenParams(
203 uint32 keySizeInBits,
204 const void *inSeed, // optional
205 unsigned inSeedLen,
206 NSS_DSAAlgParams &algParams,
207 SecNssCoder &coder);
208
209 private:
210 /* gross hack to store attributes "returned" from GenParams */
211 Context::Attr *mGenAttrs;
212 void freeGenAttrs();
213 }; /* KeyPairGenContext */
214
215 /*
216 * CSPKeyInfoProvider for DSA keys
217 */
218 class DSAKeyInfoProvider : public CSPKeyInfoProvider
219 {
220 private:
221 DSAKeyInfoProvider(
222 const CssmKey &cssmKey,
223 AppleCSPSession &session);
224 public:
225 static CSPKeyInfoProvider *provider(
226 const CssmKey &cssmKey,
227 AppleCSPSession &session);
228
229 ~DSAKeyInfoProvider() { }
230 void CssmKeyToBinary(
231 CssmKey *paramKey, // optional
232 CSSM_KEYATTR_FLAGS &attrFlags, // IN/OUT
233 BinaryKey **binKey); // RETURNED
234 void QueryKeySizeInBits(
235 CSSM_KEY_SIZE &keySize); // RETURNED
236 bool getHashableBlob(
237 Allocator &allocator,
238 CssmData &hashBlob);
239 };
240
241 #endif /* _RSA_DSA_KEYS_H_ */
mirror of Security