X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/80e2389990082500d76eb566d4946be3e786c3ef..d8f41ccd20de16f8ebe2ccc84d47bf1cb2b26bbb:/Security/libsecurity_cryptkit/lib/feePublicKey.h diff --git a/Security/libsecurity_cryptkit/lib/feePublicKey.h b/Security/libsecurity_cryptkit/lib/feePublicKey.h new file mode 100644 index 00000000..6f88fa62 --- /dev/null +++ b/Security/libsecurity_cryptkit/lib/feePublicKey.h @@ -0,0 +1,341 @@ +/* Copyright (c) 1998,2011-2012,2014 Apple Inc. All Rights Reserved. + * + * NOTICE: USE OF THE MATERIALS ACCOMPANYING THIS NOTICE IS SUBJECT + * TO THE TERMS OF THE SIGNED "FAST ELLIPTIC ENCRYPTION (FEE) REFERENCE + * SOURCE CODE EVALUATION AGREEMENT" BETWEEN APPLE, INC. AND THE + * ORIGINAL LICENSEE THAT OBTAINED THESE MATERIALS FROM APPLE, + * INC. ANY USE OF THESE MATERIALS NOT PERMITTED BY SUCH AGREEMENT WILL + * EXPOSE YOU TO LIABILITY. + *************************************************************************** + * + * feePublicKey.h + * + * Revision History + * ---------------- + * 23 Mar 98 at Apple + * Added blob support. + * 17 Jul 97 at Apple + * Added ECDSA signature routines. + * 20 Aug 96 at NeXT + * Created. + */ + +#ifndef _CK_FEEPUBLICKEY_H_ +#define _CK_FEEPUBLICKEY_H_ + +#include "ckconfig.h" + +#include /* size_t */ + +#if !defined(__MACH__) +#include +#else +#include +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * Obatin a newly allocated feePubKey. + */ +feePubKey feePubKeyAlloc(void); + +void feePubKeyFree(feePubKey pubKey); + +/* + * Init feePubKey from private "password" data. Incoming password data will + * be processed with digests before use if hashPrivData is true, otherwise + * it'll be used as is. In the 'as is' case, the privData must be at least + * as large as the key being created. + * + * Currently two versions - one in which the size of the key is specified as + * a feeDepth; one for key size in bits and optional primeType and curveType. + */ +feeReturn feePubKeyInitFromPrivDataDepth(feePubKey pubKey, + const unsigned char *privData, + unsigned privDataLen, + feeDepth depth, + char hashPrivData); + +feeReturn feePubKeyInitFromPrivDataKeyBits(feePubKey pubKey, + const unsigned char *privData, + unsigned privDataLen, + unsigned keyBits, /* key size in bits */ + feePrimeType primeType, /* FPT_Fefault means "best one" */ + feeCurveType curveType, /* FCT_Default means "best one" */ + char hashPrivData); + +/* + * Init feePubKey from private "password" and from data curve parameters + * matching existing oldKey. Incoming password data will + * be processed with digests before use if hashPrivData is true, otherwise + * it'll be used as is. In the 'as is' case, the privData must be at least + * as large as the key being created. + + */ +feeReturn feePubKeyInitFromKey(feePubKey pubKey, + const unsigned char *privData, + unsigned privDataLen, + feePubKey oldKey, + char hashPrivData); + +/*** + *** Exportable key blob support. + *** + *** Currently there are three different ways of representing a feePubKey in + *** an exportable format. + *** + *** Raw blob: basic native blob format. + *** DER blob: DER-encoded. Currently not available in ANSI C version of + *** CryptKit library without additional porting; the OS X version of + *** Apple implements this functionality via SNACC-generated C++ classes. + *** KeyString: NULL-terminated ASCII C string, suitable for application such as + *** distributing one's public key via email. Only public keys (not + *** private) can be exported and imported via KeyStrings. + ***/ + +/* + * Obtain portable public and private key blobs from a key. + */ +feeReturn feePubKeyCreatePubBlob(feePubKey pubKey, + unsigned char **keyBlob, // mallocd and RETURNED + unsigned *keyBlobLen); // RETURNED + +feeReturn feePubKeyCreatePrivBlob(feePubKey pubKey, + unsigned char **keyBlob, // mallocd and RETURNED + unsigned *keyBlobLen); // RETURNED + +/* + * Init an empty feePubKey from a blob, public and private key versions. + */ +feeReturn feePubKeyInitFromPubBlob(feePubKey pubKey, + unsigned char *keyBlob, + unsigned keyBlobLen); +feeReturn feePubKeyInitFromPrivBlob(feePubKey pubKey, + unsigned char *keyBlob, + unsigned keyBlobLen); + +/* + * Create a public key in the form of a null-terminated C string. + */ +feeReturn feePubKeyCreateKeyString(feePubKey pubKey, + char **pubKeyString, /* fmalloc'd & RETURNED */ + unsigned *pubKeyStringLen); /* RETURNED */ + +/* + * Init feePubKey from a public key string. + */ +feeReturn feePubKeyInitFromKeyString(feePubKey pubKey, + const char *keyStr, + unsigned keyStrLen); + +#if CRYPTKIT_DER_ENABLE + +/* + * DER format support. + * Obtain portable public and private DER-encoded key blobs from a key. + */ +feeReturn feePubKeyCreateDERPubBlob(feePubKey pubKey, + unsigned char **keyBlob, // mallocd and RETURNED + unsigned *keyBlobLen); // RETURNED + +feeReturn feePubKeyCreateDERPrivBlob(feePubKey pubKey, + unsigned char **keyBlob, // mallocd and RETURNED + unsigned *keyBlobLen); // RETURNED + +/* + * Init an empty feePubKey from a DER-encoded blob, public and private key versions. + */ +feeReturn feePubKeyInitFromDERPubBlob(feePubKey pubKey, + unsigned char *keyBlob, + size_t keyBlobLen); +feeReturn feePubKeyInitFromDERPrivBlob(feePubKey pubKey, + unsigned char *keyBlob, + size_t keyBlobLen); + +/* + * X509 (public) and PKCS8 (private) key formatting. + */ +feeReturn feePubKeyCreateX509Blob( + feePubKey pubKey, // public key + unsigned char **keyBlob, // mallocd and RETURNED + unsigned *keyBlobLen); // RETURNED + +feeReturn feePubKeyCreatePKCS8Blob( + feePubKey pubKey, // private key + unsigned char **keyBlob, // mallocd and RETURNED + unsigned *keyBlobLen); // RETURNED + +feeReturn feePubKeyInitFromX509Blob( + feePubKey pubKey, // public key + unsigned char *keyBlob, + size_t keyBlobLen); + +feeReturn feePubKeyInitFromPKCS8Blob( + feePubKey pubKey, // private key + unsigned char *keyBlob, + size_t keyBlobLen); + +/* + * The native OpenSSL ECDSA key format contains both the private and public + * components in one blob. This throws a bit of a monkey wrench into the API + * here, as we only have one encoder - which requires a private key - and one + * decoder, which can result in the decoding of either a public or a private + * key. + */ +feeReturn feePubKeyCreateOpenSSLBlob( + feePubKey pubKey, // private key + unsigned char **keyBlob, // mallocd and RETURNED + unsigned *keyBlobLen); // RETURNED + +feeReturn feePubKeyInitFromOpenSSLBlob( + feePubKey pubKey, // private or public key + int pubOnly, + unsigned char *keyBlob, + size_t keyBlobLen); + +#endif /* CRYPTKIT_DER_ENABLE */ + +/* + * ANSI X9.62/Certicom key support. + * Public key is 04 || x || y + * Private key is privData per Certicom SEC1 C.4. + */ +feeReturn feeCreateECDSAPubBlob(feePubKey pubKey, + unsigned char **keyBlob, + unsigned *keyBlobLen); + +feeReturn feeCreateECDSAPrivBlob(feePubKey pubKey, + unsigned char **keyBlob, + unsigned *keyBlobLen); + +/* Caller determines depth from other sources (e.g. AlgId.Params) */ +feeReturn feePubKeyInitFromECDSAPubBlob(feePubKey pubKey, + const unsigned char *keyBlob, + unsigned keyBlobLen, + feeDepth depth); + +feeReturn feePubKeyInitFromECDSAPrivBlob(feePubKey pubKey, + const unsigned char *keyBlob, + unsigned keyBlobLen, + feeDepth depth); + + +/*** + *** Miscellaneous feePubKey functions. + ***/ + +/* + * Given private-capable privKey, initialize pubKey to be its corresponding + * public key. + */ +feeReturn feePubKeyInitPubKeyFromPriv(feePubKey privKey, + feePubKey pubKey); + +/* + * Returns non-zero if two keys are equivalent. + */ +int feePubKeyIsEqual(feePubKey key1, + feePubKey key2); + +/* + * Returns non-zero if key is private-capable (i.e., capable of signing + * and decrypting). + */ +int feePubKeyIsPrivate(feePubKey key); + +#if CRYPTKIT_KEY_EXCHANGE + +/* + * Generate a pad, for use with symmetric encryption, derived from two keys. + * 'myKey' must be created with private data (via feePubKeyInitFromPrivData() + * or feePubKeyInitFromKey(). + */ +feeReturn feePubKeyCreatePad(feePubKey myKey, + feePubKey theirKey, + unsigned char **padData, /* fmalloc'd & RETURNED */ + unsigned *padDataLen); /* RETURNED padData length in bytes */ + +#endif /* CRYPTKIT_KEY_EXCHANGE */ + +#if CRYPTKIT_HIGH_LEVEL_SIG + +/* + * The following two routines are implemented using primitives in the + * feeHash and feeDigitalSignature objects. + * + * Generate digital signature, ElGamal style. + */ +feeReturn feePubKeyCreateSignature(feePubKey pubKey, + const unsigned char *data, + unsigned dataLen, + unsigned char **signature, /* fmalloc'd and RETURNED */ + unsigned *signatureLen); /* RETURNED */ + +/* + * Verify digital signature, ElGamal style. + */ +feeReturn feePubKeyVerifySignature(feePubKey pubKey, + const unsigned char *data, + unsigned dataLen, + const unsigned char *signature, + unsigned signatureLen); + +#if CRYPTKIT_ECDSA_ENABLE + +/* + * The following two routines are implemented using primitives in the + * feeHash and feeECDSA objects. + * + * Generate digital signature, ECDSA style. + */ +feeReturn feePubKeyCreateECDSASignature(feePubKey pubKey, + const unsigned char *data, + unsigned dataLen, + unsigned char **signature, /* fmalloc'd and RETURNED */ + unsigned *signatureLen); /* RETURNED */ + +/* + * Verify digital signature, ECDSA style. + */ +feeReturn feePubKeyVerifyECDSASignature(feePubKey pubKey, + const unsigned char *data, + unsigned dataLen, + const unsigned char *signature, + unsigned signatureLen); + +#endif /* CRYPTKIT_ECDSA_ENABLE */ + +#endif /* CRYPTKIT_HIGH_LEVEL_SIG */ + +/* + * Diffie-Hellman. Public key is specified either as a feePubKey or + * a ANSI X9.62 format public key string (0x04 | x | y). In either case + * the caller must ensure that the two keys are on the same curve. + * Output data is falloc'd here; caller must free. Output data is + * exactly the size of the curve's modulus in bytes. + */ +feeReturn feePubKeyECDH( + feePubKey privKey, + /* one of the following two is non-NULL */ + feePubKey pubKey, + const unsigned char *pubKeyStr, + unsigned pubKeyStrLen, + /* output fallocd and RETURNED here */ + unsigned char **output, + unsigned *outputLen); + +/* + * Accessor routines. + */ +const char *feePubKeyAlgorithmName(void); + +unsigned feePubKeyBitsize(feePubKey pubKey); + +#ifdef __cplusplus +} +#endif + +#endif /*_CK_FEEPUBLICKEY_H_*/