--- /dev/null
+/* Copyright (c) 1998,2011-2012,2014 Apple Inc. All Rights Reserved.
+ *
+ * NOTICE: USE OF THE MATERIALS ACCOMPANYING THIS NOTICE IS SUBJECT
+ * TO THE TERMS OF THE SIGNED "FAST ELLIPTIC ENCRYPTION (FEE) REFERENCE
+ * SOURCE CODE EVALUATION AGREEMENT" BETWEEN APPLE, INC. AND THE
+ * ORIGINAL LICENSEE THAT OBTAINED THESE MATERIALS FROM APPLE,
+ * INC. ANY USE OF THESE MATERIALS NOT PERMITTED BY SUCH AGREEMENT WILL
+ * EXPOSE YOU TO LIABILITY.
+ ***************************************************************************
+ *
+ * feePublicKey.h
+ *
+ * Revision History
+ * ----------------
+ * 23 Mar 98 at Apple
+ * Added blob support.
+ * 17 Jul 97 at Apple
+ * Added ECDSA signature routines.
+ * 20 Aug 96 at NeXT
+ * Created.
+ */
+
+#ifndef _CK_FEEPUBLICKEY_H_
+#define _CK_FEEPUBLICKEY_H_
+
+#include "ckconfig.h"
+
+#include <sys/types.h> /* size_t */
+
+#if !defined(__MACH__)
+#include <feeTypes.h>
+#else
+#include <security_cryptkit/feeTypes.h>
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * Obatin a newly allocated feePubKey.
+ */
+feePubKey feePubKeyAlloc(void);
+
+void feePubKeyFree(feePubKey pubKey);
+
+/*
+ * Init feePubKey from private "password" data. Incoming password data will
+ * be processed with digests before use if hashPrivData is true, otherwise
+ * it'll be used as is. In the 'as is' case, the privData must be at least
+ * as large as the key being created.
+ *
+ * Currently two versions - one in which the size of the key is specified as
+ * a feeDepth; one for key size in bits and optional primeType and curveType.
+ */
+feeReturn feePubKeyInitFromPrivDataDepth(feePubKey pubKey,
+ const unsigned char *privData,
+ unsigned privDataLen,
+ feeDepth depth,
+ char hashPrivData);
+
+feeReturn feePubKeyInitFromPrivDataKeyBits(feePubKey pubKey,
+ const unsigned char *privData,
+ unsigned privDataLen,
+ unsigned keyBits, /* key size in bits */
+ feePrimeType primeType, /* FPT_Fefault means "best one" */
+ feeCurveType curveType, /* FCT_Default means "best one" */
+ char hashPrivData);
+
+/*
+ * Init feePubKey from private "password" and from data curve parameters
+ * matching existing oldKey. Incoming password data will
+ * be processed with digests before use if hashPrivData is true, otherwise
+ * it'll be used as is. In the 'as is' case, the privData must be at least
+ * as large as the key being created.
+
+ */
+feeReturn feePubKeyInitFromKey(feePubKey pubKey,
+ const unsigned char *privData,
+ unsigned privDataLen,
+ feePubKey oldKey,
+ char hashPrivData);
+
+/***
+ *** Exportable key blob support.
+ ***
+ *** Currently there are three different ways of representing a feePubKey in
+ *** an exportable format.
+ ***
+ *** Raw blob: basic native blob format.
+ *** DER blob: DER-encoded. Currently not available in ANSI C version of
+ *** CryptKit library without additional porting; the OS X version of
+ *** Apple implements this functionality via SNACC-generated C++ classes.
+ *** KeyString: NULL-terminated ASCII C string, suitable for application such as
+ *** distributing one's public key via email. Only public keys (not
+ *** private) can be exported and imported via KeyStrings.
+ ***/
+
+/*
+ * Obtain portable public and private key blobs from a key.
+ */
+feeReturn feePubKeyCreatePubBlob(feePubKey pubKey,
+ unsigned char **keyBlob, // mallocd and RETURNED
+ unsigned *keyBlobLen); // RETURNED
+
+feeReturn feePubKeyCreatePrivBlob(feePubKey pubKey,
+ unsigned char **keyBlob, // mallocd and RETURNED
+ unsigned *keyBlobLen); // RETURNED
+
+/*
+ * Init an empty feePubKey from a blob, public and private key versions.
+ */
+feeReturn feePubKeyInitFromPubBlob(feePubKey pubKey,
+ unsigned char *keyBlob,
+ unsigned keyBlobLen);
+feeReturn feePubKeyInitFromPrivBlob(feePubKey pubKey,
+ unsigned char *keyBlob,
+ unsigned keyBlobLen);
+
+/*
+ * Create a public key in the form of a null-terminated C string.
+ */
+feeReturn feePubKeyCreateKeyString(feePubKey pubKey,
+ char **pubKeyString, /* fmalloc'd & RETURNED */
+ unsigned *pubKeyStringLen); /* RETURNED */
+
+/*
+ * Init feePubKey from a public key string.
+ */
+feeReturn feePubKeyInitFromKeyString(feePubKey pubKey,
+ const char *keyStr,
+ unsigned keyStrLen);
+
+#if CRYPTKIT_DER_ENABLE
+
+/*
+ * DER format support.
+ * Obtain portable public and private DER-encoded key blobs from a key.
+ */
+feeReturn feePubKeyCreateDERPubBlob(feePubKey pubKey,
+ unsigned char **keyBlob, // mallocd and RETURNED
+ unsigned *keyBlobLen); // RETURNED
+
+feeReturn feePubKeyCreateDERPrivBlob(feePubKey pubKey,
+ unsigned char **keyBlob, // mallocd and RETURNED
+ unsigned *keyBlobLen); // RETURNED
+
+/*
+ * Init an empty feePubKey from a DER-encoded blob, public and private key versions.
+ */
+feeReturn feePubKeyInitFromDERPubBlob(feePubKey pubKey,
+ unsigned char *keyBlob,
+ size_t keyBlobLen);
+feeReturn feePubKeyInitFromDERPrivBlob(feePubKey pubKey,
+ unsigned char *keyBlob,
+ size_t keyBlobLen);
+
+/*
+ * X509 (public) and PKCS8 (private) key formatting.
+ */
+feeReturn feePubKeyCreateX509Blob(
+ feePubKey pubKey, // public key
+ unsigned char **keyBlob, // mallocd and RETURNED
+ unsigned *keyBlobLen); // RETURNED
+
+feeReturn feePubKeyCreatePKCS8Blob(
+ feePubKey pubKey, // private key
+ unsigned char **keyBlob, // mallocd and RETURNED
+ unsigned *keyBlobLen); // RETURNED
+
+feeReturn feePubKeyInitFromX509Blob(
+ feePubKey pubKey, // public key
+ unsigned char *keyBlob,
+ size_t keyBlobLen);
+
+feeReturn feePubKeyInitFromPKCS8Blob(
+ feePubKey pubKey, // private key
+ unsigned char *keyBlob,
+ size_t keyBlobLen);
+
+/*
+ * The native OpenSSL ECDSA key format contains both the private and public
+ * components in one blob. This throws a bit of a monkey wrench into the API
+ * here, as we only have one encoder - which requires a private key - and one
+ * decoder, which can result in the decoding of either a public or a private
+ * key.
+ */
+feeReturn feePubKeyCreateOpenSSLBlob(
+ feePubKey pubKey, // private key
+ unsigned char **keyBlob, // mallocd and RETURNED
+ unsigned *keyBlobLen); // RETURNED
+
+feeReturn feePubKeyInitFromOpenSSLBlob(
+ feePubKey pubKey, // private or public key
+ int pubOnly,
+ unsigned char *keyBlob,
+ size_t keyBlobLen);
+
+#endif /* CRYPTKIT_DER_ENABLE */
+
+/*
+ * ANSI X9.62/Certicom key support.
+ * Public key is 04 || x || y
+ * Private key is privData per Certicom SEC1 C.4.
+ */
+feeReturn feeCreateECDSAPubBlob(feePubKey pubKey,
+ unsigned char **keyBlob,
+ unsigned *keyBlobLen);
+
+feeReturn feeCreateECDSAPrivBlob(feePubKey pubKey,
+ unsigned char **keyBlob,
+ unsigned *keyBlobLen);
+
+/* Caller determines depth from other sources (e.g. AlgId.Params) */
+feeReturn feePubKeyInitFromECDSAPubBlob(feePubKey pubKey,
+ const unsigned char *keyBlob,
+ unsigned keyBlobLen,
+ feeDepth depth);
+
+feeReturn feePubKeyInitFromECDSAPrivBlob(feePubKey pubKey,
+ const unsigned char *keyBlob,
+ unsigned keyBlobLen,
+ feeDepth depth);
+
+
+/***
+ *** Miscellaneous feePubKey functions.
+ ***/
+
+/*
+ * Given private-capable privKey, initialize pubKey to be its corresponding
+ * public key.
+ */
+feeReturn feePubKeyInitPubKeyFromPriv(feePubKey privKey,
+ feePubKey pubKey);
+
+/*
+ * Returns non-zero if two keys are equivalent.
+ */
+int feePubKeyIsEqual(feePubKey key1,
+ feePubKey key2);
+
+/*
+ * Returns non-zero if key is private-capable (i.e., capable of signing
+ * and decrypting).
+ */
+int feePubKeyIsPrivate(feePubKey key);
+
+#if CRYPTKIT_KEY_EXCHANGE
+
+/*
+ * Generate a pad, for use with symmetric encryption, derived from two keys.
+ * 'myKey' must be created with private data (via feePubKeyInitFromPrivData()
+ * or feePubKeyInitFromKey().
+ */
+feeReturn feePubKeyCreatePad(feePubKey myKey,
+ feePubKey theirKey,
+ unsigned char **padData, /* fmalloc'd & RETURNED */
+ unsigned *padDataLen); /* RETURNED padData length in bytes */
+
+#endif /* CRYPTKIT_KEY_EXCHANGE */
+
+#if CRYPTKIT_HIGH_LEVEL_SIG
+
+/*
+ * The following two routines are implemented using primitives in the
+ * feeHash and feeDigitalSignature objects.
+ *
+ * Generate digital signature, ElGamal style.
+ */
+feeReturn feePubKeyCreateSignature(feePubKey pubKey,
+ const unsigned char *data,
+ unsigned dataLen,
+ unsigned char **signature, /* fmalloc'd and RETURNED */
+ unsigned *signatureLen); /* RETURNED */
+
+/*
+ * Verify digital signature, ElGamal style.
+ */
+feeReturn feePubKeyVerifySignature(feePubKey pubKey,
+ const unsigned char *data,
+ unsigned dataLen,
+ const unsigned char *signature,
+ unsigned signatureLen);
+
+#if CRYPTKIT_ECDSA_ENABLE
+
+/*
+ * The following two routines are implemented using primitives in the
+ * feeHash and feeECDSA objects.
+ *
+ * Generate digital signature, ECDSA style.
+ */
+feeReturn feePubKeyCreateECDSASignature(feePubKey pubKey,
+ const unsigned char *data,
+ unsigned dataLen,
+ unsigned char **signature, /* fmalloc'd and RETURNED */
+ unsigned *signatureLen); /* RETURNED */
+
+/*
+ * Verify digital signature, ECDSA style.
+ */
+feeReturn feePubKeyVerifyECDSASignature(feePubKey pubKey,
+ const unsigned char *data,
+ unsigned dataLen,
+ const unsigned char *signature,
+ unsigned signatureLen);
+
+#endif /* CRYPTKIT_ECDSA_ENABLE */
+
+#endif /* CRYPTKIT_HIGH_LEVEL_SIG */
+
+/*
+ * Diffie-Hellman. Public key is specified either as a feePubKey or
+ * a ANSI X9.62 format public key string (0x04 | x | y). In either case
+ * the caller must ensure that the two keys are on the same curve.
+ * Output data is falloc'd here; caller must free. Output data is
+ * exactly the size of the curve's modulus in bytes.
+ */
+feeReturn feePubKeyECDH(
+ feePubKey privKey,
+ /* one of the following two is non-NULL */
+ feePubKey pubKey,
+ const unsigned char *pubKeyStr,
+ unsigned pubKeyStrLen,
+ /* output fallocd and RETURNED here */
+ unsigned char **output,
+ unsigned *outputLen);
+
+/*
+ * Accessor routines.
+ */
+const char *feePubKeyAlgorithmName(void);
+
+unsigned feePubKeyBitsize(feePubKey pubKey);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /*_CK_FEEPUBLICKEY_H_*/
projects / apple / security.git / blobdiff