tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

keythi.h (7579B)

      1 /* This Source Code Form is subject to the terms of the Mozilla Public
      2 * License, v. 2.0. If a copy of the MPL was not distributed with this
      3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      4 #ifndef _KEYTHI_H_
      5 #define _KEYTHI_H_ 1
      6 
      7 #include "eccutil.h"
      8 #include "kyber.h"
      9 #include "ml_dsat.h"
     10 #include "plarena.h"
     11 #include "pkcs11t.h"
     12 #include "secmodt.h"
     13 #include "prclist.h"
     14 
     15 /*
     16 ** RFC 4055 Section 1.2 specifies three different RSA key types.
     17 **
     18 ** rsaKey maps to keys with SEC_OID_PKCS1_RSA_ENCRYPTION and can be used for
     19 ** both encryption and signatures with old (PKCS #1 v1.5) and new (PKCS #1
     20 ** v2.1) padding schemes.
     21 **
     22 ** rsaPssKey maps to keys with SEC_OID_PKCS1_RSA_PSS_SIGNATURE and may only
     23 ** be used for signatures with PSS padding (PKCS #1 v2.1).
     24 **
     25 ** rsaOaepKey maps to keys with SEC_OID_PKCS1_RSA_OAEP_ENCRYPTION and may only
     26 ** be used for encryption with OAEP padding (PKCS #1 v2.1).
     27 */
     28 
     29 typedef enum {
     30    nullKey = 0,
     31    rsaKey = 1,
     32    dsaKey = 2,
     33    fortezzaKey = 3, /* deprecated */
     34    dhKey = 4,
     35    keaKey = 5, /* deprecated */
     36    ecKey = 6,
     37    rsaPssKey = 7,
     38    rsaOaepKey = 8,
     39    kyberKey = 9,
     40    edKey = 10,
     41    ecMontKey = 11,
     42    mldsaKey = 12
     43 } KeyType;
     44 
     45 /*
     46 ** Template Definitions
     47 **/
     48 
     49 SEC_BEGIN_PROTOS
     50 extern const SEC_ASN1Template SECKEY_RSAPublicKeyTemplate[];
     51 extern const SEC_ASN1Template SECKEY_RSAPSSParamsTemplate[];
     52 extern const SEC_ASN1Template SECKEY_DSAPublicKeyTemplate[];
     53 extern const SEC_ASN1Template SECKEY_DHPublicKeyTemplate[];
     54 extern const SEC_ASN1Template SECKEY_DHParamKeyTemplate[];
     55 extern const SEC_ASN1Template SECKEY_PQGParamsTemplate[];
     56 extern const SEC_ASN1Template SECKEY_DSAPrivateKeyExportTemplate[];
     57 
     58 /* Windows DLL accessor functions */
     59 SEC_ASN1_CHOOSER_DECLARE(SECKEY_DSAPublicKeyTemplate)
     60 SEC_ASN1_CHOOSER_DECLARE(SECKEY_RSAPublicKeyTemplate)
     61 SEC_ASN1_CHOOSER_DECLARE(SECKEY_RSAPSSParamsTemplate)
     62 SEC_END_PROTOS
     63 
     64 /*
     65 ** RSA Public Key structures
     66 ** member names from PKCS#1, section 7.1
     67 */
     68 
     69 struct SECKEYRSAPublicKeyStr {
     70    PLArenaPool *arena;
     71    SECItem modulus;
     72    SECItem publicExponent;
     73 };
     74 typedef struct SECKEYRSAPublicKeyStr SECKEYRSAPublicKey;
     75 
     76 /*
     77 ** RSA-PSS parameters
     78 */
     79 struct SECKEYRSAPSSParamsStr {
     80    SECAlgorithmID *hashAlg;
     81    SECAlgorithmID *maskAlg;
     82    SECItem saltLength;
     83    SECItem trailerField;
     84 };
     85 typedef struct SECKEYRSAPSSParamsStr SECKEYRSAPSSParams;
     86 
     87 /*
     88 ** DSA Public Key and related structures
     89 */
     90 
     91 struct SECKEYPQGParamsStr {
     92    PLArenaPool *arena;
     93    SECItem prime;    /* p */
     94    SECItem subPrime; /* q */
     95    SECItem base;     /* g */
     96    /* XXX chrisk: this needs to be expanded to hold j and validationParms (RFC2459 7.3.2) */
     97 };
     98 typedef struct SECKEYPQGParamsStr SECKEYPQGParams;
     99 
    100 struct SECKEYDSAPublicKeyStr {
    101    SECKEYPQGParams params;
    102    SECItem publicValue;
    103 };
    104 typedef struct SECKEYDSAPublicKeyStr SECKEYDSAPublicKey;
    105 
    106 /*
    107 ** Diffie-Hellman Public Key structure
    108 ** Structure member names suggested by PKCS#3.
    109 */
    110 struct SECKEYDHParamsStr {
    111    PLArenaPool *arena;
    112    SECItem prime; /* p */
    113    SECItem base;  /* g */
    114 };
    115 typedef struct SECKEYDHParamsStr SECKEYDHParams;
    116 
    117 struct SECKEYDHPublicKeyStr {
    118    PLArenaPool *arena;
    119    SECItem prime;
    120    SECItem base;
    121    SECItem publicValue;
    122 };
    123 typedef struct SECKEYDHPublicKeyStr SECKEYDHPublicKey;
    124 
    125 /*
    126 ** Elliptic curve Public Key structure
    127 ** The PKCS#11 layer needs DER encoding of ANSI X9.62
    128 ** parameters value
    129 */
    130 typedef SECItem SECKEYECParams;
    131 
    132 struct SECKEYECPublicKeyStr {
    133    SECKEYECParams DEREncodedParams;
    134    int size;                 /* size in bits */
    135    SECItem publicValue;      /* encoded point */
    136    ECPointEncoding encoding; /* deprecated, ignored */
    137 };
    138 typedef struct SECKEYECPublicKeyStr SECKEYECPublicKey;
    139 
    140 /*
    141 ** FORTEZZA Public Key structures
    142 */
    143 struct SECKEYFortezzaPublicKeyStr {
    144    int KEAversion;
    145    int DSSversion;
    146    unsigned char KMID[8];
    147    SECItem clearance;
    148    SECItem KEApriviledge;
    149    SECItem DSSpriviledge;
    150    SECItem KEAKey;
    151    SECItem DSSKey;
    152    SECKEYPQGParams params;
    153    SECKEYPQGParams keaParams;
    154 };
    155 typedef struct SECKEYFortezzaPublicKeyStr SECKEYFortezzaPublicKey;
    156 #define KEAprivilege KEApriviledge /* corrected spelling */
    157 #define DSSprivilege DSSpriviledge /* corrected spelling */
    158 
    159 struct SECKEYDiffPQGParamsStr {
    160    SECKEYPQGParams DiffKEAParams;
    161    SECKEYPQGParams DiffDSAParams;
    162 };
    163 typedef struct SECKEYDiffPQGParamsStr SECKEYDiffPQGParams;
    164 
    165 struct SECKEYPQGDualParamsStr {
    166    SECKEYPQGParams CommParams;
    167    SECKEYDiffPQGParams DiffParams;
    168 };
    169 typedef struct SECKEYPQGDualParamsStr SECKEYPQGDualParams;
    170 
    171 struct SECKEYKEAParamsStr {
    172    PLArenaPool *arena;
    173    SECItem hash;
    174 };
    175 typedef struct SECKEYKEAParamsStr SECKEYKEAParams;
    176 
    177 struct SECKEYKEAPublicKeyStr {
    178    SECKEYKEAParams params;
    179    SECItem publicValue;
    180 };
    181 typedef struct SECKEYKEAPublicKeyStr SECKEYKEAPublicKey;
    182 
    183 /*
    184 ** Kyber Public Key structure
    185 */
    186 
    187 struct SECKEYKyberPublicKeyStr {
    188    KyberParams params;
    189    SECItem publicValue;
    190 };
    191 typedef struct SECKEYKyberPublicKeyStr SECKEYKyberPublicKey;
    192 
    193 /*
    194 ** ML-DSA Public Key structure
    195 */
    196 struct SECKEYMLDSAPublicKeyStr {
    197    SECOidTag paramSet;
    198    SECItem publicValue;
    199 };
    200 typedef struct SECKEYMLDSAPublicKeyStr SECKEYMLDSAPublicKey;
    201 
    202 /*
    203 ** A Generic  public key object.
    204 */
    205 struct SECKEYPublicKeyStr {
    206    PLArenaPool *arena;
    207    KeyType keyType;
    208    PK11SlotInfo *pkcs11Slot;
    209    CK_OBJECT_HANDLE pkcs11ID;
    210    union {
    211        SECKEYRSAPublicKey rsa;
    212        SECKEYDSAPublicKey dsa;
    213        SECKEYDHPublicKey dh;
    214        SECKEYKEAPublicKey kea;
    215        SECKEYFortezzaPublicKey fortezza;
    216        SECKEYECPublicKey ec;
    217        SECKEYKyberPublicKey kyber;
    218        SECKEYMLDSAPublicKey mldsa;
    219    } u;
    220 };
    221 typedef struct SECKEYPublicKeyStr SECKEYPublicKey;
    222 
    223 /* bit flag definitions for staticflags */
    224 #define SECKEY_Attributes_Cached 0x1 /* bit 0 states \
    225                                        whether attributes are cached */
    226 #define SECKEY_CKA_PRIVATE (1U << 1) /* bit 1 is the value of CKA_PRIVATE */
    227 #define SECKEY_CKA_ALWAYS_AUTHENTICATE (1U << 2)
    228 
    229 #define SECKEY_ATTRIBUTES_CACHED(key) \
    230    (0 != (key->staticflags & SECKEY_Attributes_Cached))
    231 
    232 #define SECKEY_ATTRIBUTE_VALUE(key, attribute) \
    233    (0 != (key->staticflags & SECKEY_##attribute))
    234 
    235 #define SECKEY_HAS_ATTRIBUTE_SET(key, attribute) \
    236    (0 != (key->staticflags & SECKEY_Attributes_Cached)) ? (0 != (key->staticflags & SECKEY_##attribute)) : PK11_HasAttributeSet(key->pkcs11Slot, key->pkcs11ID, attribute, PR_FALSE)
    237 
    238 #define SECKEY_HAS_ATTRIBUTE_SET_LOCK(key, attribute, haslock) \
    239    (0 != (key->staticflags & SECKEY_Attributes_Cached)) ? (0 != (key->staticflags & SECKEY_##attribute)) : pk11_HasAttributeSet_Lock(key->pkcs11Slot, key->pkcs11ID, attribute, haslock)
    240 
    241 /*
    242 ** A generic key structure
    243 */
    244 struct SECKEYPrivateKeyStr {
    245    PLArenaPool *arena;
    246    KeyType keyType;
    247    PK11SlotInfo *pkcs11Slot;  /* pkcs11 slot this key lives in */
    248    CK_OBJECT_HANDLE pkcs11ID; /* ID of pkcs11 object */
    249    PRBool pkcs11IsTemp;       /* temp pkcs11 object, delete it when done */
    250    void *wincx;               /* context for errors and pw prompts */
    251    PRUint32 staticflags;      /* bit flag of cached PKCS#11 attributes */
    252 };
    253 typedef struct SECKEYPrivateKeyStr SECKEYPrivateKey;
    254 
    255 typedef struct {
    256    PRCList links;
    257    SECKEYPrivateKey *key;
    258 } SECKEYPrivateKeyListNode;
    259 
    260 typedef struct {
    261    PRCList list;
    262    PLArenaPool *arena;
    263 } SECKEYPrivateKeyList;
    264 
    265 typedef struct {
    266    PRCList links;
    267    SECKEYPublicKey *key;
    268 } SECKEYPublicKeyListNode;
    269 
    270 typedef struct {
    271    PRCList list;
    272    PLArenaPool *arena;
    273 } SECKEYPublicKeyList;
    274 #endif /* _KEYTHI_H_ */