diff -r 675a964f4eb5 -r 35751d3474b7 cryptoservices/certificateandkeymgmt/inc/x509keys.h --- a/cryptoservices/certificateandkeymgmt/inc/x509keys.h Tue Jul 21 01:04:32 2009 +0100 +++ b/cryptoservices/certificateandkeymgmt/inc/x509keys.h Thu Sep 10 14:01:51 2009 +0300 @@ -1,809 +1,601 @@ -/* -* Copyright (c) 1998-2009 Nokia Corporation and/or its subsidiary(-ies). -* All rights reserved. -* This component and the accompanying materials are made available -* under the terms of the License "Eclipse Public License v1.0" -* which accompanies this distribution, and is available -* at the URL "http://www.eclipse.org/legal/epl-v10.html". -* -* Initial Contributors: -* Nokia Corporation - initial contribution. -* -* Contributors: -* -* Description: -* X.509 key classes and utility classes for key encoding/decoding. -* -*/ - - - - -/** - @file - @internalTechnology -*/ - -#if !defined (__X509KEYS_H__) -#define __X509KEYS_H__ - -#include -#include -#include -#include -#include -#include -#include - -// Forward declarations -class CASN1EncBase; -class CASN1EncContainer; -class CASN1EncSequence; -class CASN1EncBitString; - -class CX509RSAPublicKey : public CRSAPublicKey -/** Adds the capability to decode DER-encoded RSA public keys. -* -* Adds a commitment to a specific encoding scheme allowing X.509 RSA public key -* superclasses to remain encoding-independent. -* -* @publishedAll -* @released -* -* @since v6.0 -*/ - { -public: - /** Creates a new RSA Public key object from the specified buffer containing the - * encoded binary representation. - * - * Initialises the object from its encoded binary form into an internal representation. - * - * @param aBinaryData The encoded binary representation. - * @return A pointer to the new CX509RSAPublicKey object. */ - IMPORT_C static CX509RSAPublicKey* NewL(const TDesC8& aBinaryData); - - /** Creates a new RSA Public Key object from the specified buffer containing the - * encoded binary representation, and puts a pointer to it onto the cleanup stack. - * - * @param aBinaryData The encoded binary representation. - * @return A pointer to the new CX509RSAPublicKey object. */ - IMPORT_C static CX509RSAPublicKey* NewLC(const TDesC8& aBinaryData); - - /** Creates a new RSA Public key object from the specified buffer containing the - * encoded binary representation, starting at the specified offset. - * - * @param aBinaryData The encoded binary representation. - * @param aPos The offset position from which to start decoding. - * @return A pointer to the new CX509RSAPublicKey object. */ - IMPORT_C static CX509RSAPublicKey* NewL(const TDesC8& aBinaryData, TInt& aPos); - - /** Creates a new RSA Public key object from the specified buffer containing the - * encoded binary representation, starting at the specified offset, and puts - * a pointer to it onto the cleanup stack. - * - * @param aBinaryData The encoded binary representation. - * @param aPos The offset position from which to start decoding. - * @return A pointer to the new CX509RSAPublicKey object. */ - IMPORT_C static CX509RSAPublicKey* NewLC(const TDesC8& aBinaryData, TInt& aPos); -private: - void ConstructL(const TDesC8& aBinaryData, TInt& aPos); - CX509RSAPublicKey(); - }; - -class TASN1EncRSAPublicKey -/** - * Class for encoding RSA public keys to ASN.1 encoding. - * - * @publishedAll - * @released - * @since v8.0 - */ - { -public: - /** - * Encodes the supplied public key into buffer in DER format ASN.1: - * @code - * SEQUENCE-OF - * INTEGER modulus - * INTEGER exponent - * @endcode - * - * @param aKey Key to encode. - * @return Allocated buffer containing DER encoding of - * the supplied key aKey. - */ - IMPORT_C HBufC8* EncodeDERL(const CRSAPublicKey& aKey) const; - }; - -class TASN1DecRSAPublicKey -/** - * Class for decoding RSA public keys from ASN.1 DER encoding. - * - * @publishedAll - * @released - * @since v8.0 - */ - { -public: - /** - * Decodes an RSA key from the supplied buffer starting at the - * specified position. - * - * @param aDER Buffer containing DER ASN.1 encoding of the key. - * @param aPos Starting position in the buffer (updated on exit). - * @return A pointer to the new CRSAPublicKey object. - */ - IMPORT_C CRSAPublicKey* DecodeDERL(const TDesC8& aDER, TInt& aPos) const; - }; - -class TASN1DecRSAKeyPair -/** - * Class for decoding RSA key pairs from ASN.1 DER encoding. - * - * @publishedAll - * @released - * @since v8.0 - */ - { -public: - /** - * Decodes an RSA key pair from buffer containing ASN.1 - * DER-encoded private key. The encoding of a private key - * contains public key components as well. - * - * @param aDER DER-encoded private key. - * @param aPos Position in the buffer to start decoding - * (updated on exit). - * @param aPublicKey On return, the RSA public key object - * @param aPrivateKey On return, the RSA private key object - * @param aKeyType Key type, default is @c EStandardCRT - */ - IMPORT_C void DecodeDERL(const TDesC8& aDER, TInt& aPos, - CRSAPublicKey*& aPublicKey, - CRSAPrivateKey*& aPrivateKey, - TRSAPrivateKeyType aKeyType = EStandardCRT); - }; - -class CX509DSAPublicKey : public CDSAPublicKey -/** Encapsulates the X.509 DSA public key. -* -* Adds a commitment to a specific encoding scheme allowing superclasses to remain -* encoding-independent. -* -* @publishedAll -* @released -* @since v6.0 -*/ -// DSA public key, params, signature. - { -public: - /** Creates a new X.509 DSA public key object. - * - * @param aParamsData A non-modifiable descriptor representing the entire encoding. - * @param aBinaryData The encoded binary representation. - * @return A pointer to the new CX509DSAPublicKey object. */ - IMPORT_C static CX509DSAPublicKey* NewL(const TDesC8& aParamsData, const TDesC8& aBinaryData); - - /** Creates a new X.509 DSA public key object, and puts a pointer to it onto the cleanup stack. - * - * @param aParamsData A non-modifiable descriptor representing the entire encoding. - * @param aBinaryData The encoded binary representation. - * @return A pointer to the new CX509DSAPublicKey object. */ - IMPORT_C static CX509DSAPublicKey* NewLC(const TDesC8& aParamsData, const TDesC8& aBinaryData); - - /** Creates a new X.509 DSA public key object. - * - * @param aParams The DSA parameters. - * @param aBinaryData The encoded binary representation. - * @return A pointer to the new CX509DSAPublicKey object. */ - IMPORT_C static CX509DSAPublicKey* NewL(const CDSAParameters& aParams, const TDesC8& aBinaryData); - - /** Creates a new X.509 DSA public key object, and puts a pointer to it onto the cleanup stack. - * - * @param aParams The DSA parameters. - * @param aBinaryData The encoded binary representation. - * @return A pointer to the new CX509DSAPublicKey object. */ - IMPORT_C static CX509DSAPublicKey* NewLC(const CDSAParameters& aParams, const TDesC8& aBinaryData); - - /** Creates a new X.509 DSA public key object. - * - * @param aParamsData A non-modifiable descriptor representing the entire encoding. - * @param aBinaryData The encoded binary representation. - * @param aPos The position from which to start decoding. - * @return A pointer to the new CX509DSAPublicKey object. */ - IMPORT_C static CX509DSAPublicKey* NewL(const TDesC8& aParamsData, const TDesC8& aBinaryData,TInt& aPos); - - /** Creates a new X.509 DSA public key object, and puts a pointer to it onto the cleanup stack. - * - * @param aParamsData A non-modifiable descriptor representing the entire encoding. - * @param aBinaryData The encoded binary representation. - * @param aPos The position from which to start decoding. - * @return A pointer to the new CX509DSAPublicKey object. */ - IMPORT_C static CX509DSAPublicKey* NewLC(const TDesC8& aParamsData, const TDesC8& aBinaryData, TInt& aPos); - - /** Creates a new X.509 DSA public key object. - * - * @param aParams The DSA parameters. - * @param aBinaryData The encoded binary representation. - * @param aPos The position from which to start decoding. - * @return A pointer to the new CX509DSAPublicKey object. */ - IMPORT_C static CX509DSAPublicKey* NewL(const CDSAParameters& aParams, const TDesC8& aBinaryData, TInt& aPos); - - /** Creates a new X.509 DSA public key object, and puts a pointer to it onto the cleanup stack. - * - * @param aParams The DSA parameters. - * @param aBinaryData The encoded binary representation. - * @param aPos The position from which to start decoding. - * @return A pointer to the new CX509DSAPublicKey object. */ - IMPORT_C static CX509DSAPublicKey* NewLC(const CDSAParameters& aParams, const TDesC8& aBinaryData, TInt& aPos); -public: - /** Gets the DSA parameters from the encoding key. - * - * @param aParamsData A non-modifiable descriptor representing the entire encoding. - * @return The DSA parameters. */ - IMPORT_C static CDSAParameters* DSAParametersL(const TDesC8& aParamsData); -protected: - /** @internalComponent */ - void ConstructL(const TDesC8& aParamsData, const TDesC8& aBinaryData, TInt& aPos); - /** @internalComponent */ - void ConstructL(const CDSAParameters& aParams, const TDesC8& aBinaryData, TInt& aPos); - /** @internalComponent */ - CX509DSAPublicKey(); - }; - -class TASN1DecDSAKeyPair -/** - * Class for decoding DSA key pairs from ASN.1 DER encoding. - * - * @publishedAll - * @released - * @since v8.0 - */ - { -public: - /** - * Decodes a DSA key pair from a buffer containing an ASN.1 - * DER-encoded private key. - * - * The encoding of the private key contains public key components as well. - * - * The DER encoding has the following format: - * @verbatim - * SEQUENCE-OF - * INTEGER version (==0, ignored) - * INTEGER p (public prime) - * INTEGER q (160-bit public subprime, q | p-1) - * INTEGER g (public generator of subgroup) - * INTEGER x (private key) - * INTEGER y (public key y=g^x) - * @endverbatim - * - * @param aDER DER-encoded private key. - * @param aPos Position in the buffer to start decoding - * (updated on exit). - * @param aPublicKey On return, the DSA public key object - * @param aPrivateKey On return, the DSA private key object - */ - IMPORT_C void DecodeDERL(const TDesC8& aDER, TInt& aPos, - CDSAPublicKey*& aPublicKey, CDSAPrivateKey*& aPrivateKey); - }; - -/** - * Class for encoding DSA public keys to ASN.1 encoding. - * - * @publishedAll - * @released - * @since v8.0 - */ -class TASN1EncDSAPublicKey - { -public: - /** - * Encodes the supplied public key into a buffer in DER format. - * - * Note that the encoding has the following format: - * @code - * SEQUENCE-OF - * SEQUENCE-OF - * INTEGER p - * INTEGER q - * INTEGER g - * BIT STRING (encoded INTEGER public value) - * @endcode - * - * @param aKey Key to encode. - * @return Sequence containing public key information. - */ - IMPORT_C CASN1EncSequence* EncodeDERL(const CDSAPublicKey& aKey) const; - - /** - * Encodes DSA parameters into an ASN.1 encoding structure suitable for - * inclusion into other objects, like a PKCS#10 certificate request. - * - * Note that the encoding has the following form: - * @code - * SEQUENCE-OF - * INTEGER p - * INTEGER q - * INTEGER g - * @endcode - * - * @param aKey DSA public key. - * @return ASN.1 encoding structure on the cleanup stack. - */ - IMPORT_C CASN1EncSequence* EncodeParamsLC(const CDSAPublicKey& aKey) const; - - /** - * Encodes a public key as a bit string. - * - * @param aKey DSA public key. - * @return ASN.1 bit string (public key). This is left on the cleanup stack. - */ - - IMPORT_C CASN1EncBitString* EncodePublicValueLC(const CDSAPublicKey& aKey) const; - }; - -class CX509DSASignature : public CDSASignature -/** Encapsulates the X.509 DSA signature. -* -* Adds a commitment to a specific encoding scheme allowing superclasses to remain -* encoding-independent. -* -* @publishedAll -* @released -* @since v6.0 */ - { -public: - /** Creates a new DSA Signature object from the specified buffer containing the - * encoded binary representation. - * - * @param aBinaryData The encoded binary representation. - * @return A pointer to the new CX509DSASignature object. */ - IMPORT_C static CX509DSASignature* NewL(const TDesC8& aBinaryData); - - /** Creates a new DSA Signature object from the specified buffer containing the - * encoded binary representation, and puts a pointer to it onto the cleanup stack. - * - * @param aBinaryData The encoded binary representation. - * @return A pointer to the new CX509DSASignature object. */ - IMPORT_C static CX509DSASignature* NewLC(const TDesC8& aBinaryData); - - /** Creates a new DSA Signature object from the specified buffer containing the - * encoded binary representation, starting at the specified offset. - * - * @param aBinaryData The encoded binary representation. - * @param aPos The offset position from which to start decoding. - * @return A pointer to the new CX509DSASignature object. */ - IMPORT_C static CX509DSASignature* NewL(const TDesC8& aBinaryData, TInt& aPos); - - /** Creates a new DSA Signature object from the specified buffer containing the - * encoded binary representation, starting at the specified offset, and puts - * a pointer to it onto the cleanup stack. - * - * @param aBinaryData The encoded binary representation. - * @param aPos The offset position from which to start decoding. - * @return A pointer to the new CX509DSASignature object. */ - IMPORT_C static CX509DSASignature* NewLC(const TDesC8& aBinaryData, TInt& aPos); -private: - void ConstructL(const TDesC8& aBinaryData, TInt& aPos); - CX509DSASignature(); - }; - -class CX509DHPublicKey : public CDHPublicKey -/** Provides clients with the information they need for Diffie-Hellman key exchange -* within a protocol. -* -* @publishedAll -* @released -* @since v6.0 */ - { -public: - /** Creates a new CX509DHPublicKey object from the specified buffer containing the encoded - * binary representation. - * - * @param aParamsData A non-modifiable descriptor representing the entire encoding. - * @param aKeyData - * @return A pointer to the new CX509DHPublicKey object.*/ - IMPORT_C static CX509DHPublicKey* NewL(const TDesC8& aParamsData, const TDesC8& aKeyData); - - /** Creates a new CX509DHPublicKey object from the specified buffer containing the encoded - * binary representation, and puts a pointer to it onto the cleanup stack. - * - * @param aParamsData A non-modifiable descriptor representing the entire encoding. - * @param aKeyData - * @return A pointer to the new CX509DHPublicKey object.*/ - IMPORT_C static CX509DHPublicKey* NewLC(const TDesC8& aParamsData, const TDesC8& aKeyData); -public: - /** Destructor. - * - * Frees all resources owned by the object, prior to its destruction. */ - IMPORT_C virtual ~CX509DHPublicKey(); -protected: - /** @internalComponent */ - CX509DHPublicKey(); - /** @internalComponent */ - void ConstructL(const TDesC8& aParamsData, const TDesC8& aKeyData); - }; - -class CX509DHKeyPair : public CDHKeyPair -/** This class represents the Diffie-Hellman Key Pair. -* -* @publishedAll -* @released -* @since v8.0 */ -{ -public: - /** Creates a new DH key pair object from the specified buffer containing - * the encoded binary representation . - * - * @param aParamsData A non-modifiable descriptor representing the entire encoding. - * @return A pointer to the new CX509DHKeyPair object. - */ - IMPORT_C static CX509DHKeyPair* NewL(const TDesC8& aParamsData); - - /** Creates a new DH Key Pair object from the specified buffer containing the encoded binary - * representation, and puts a pointer to it onto the cleanup stack. - * - * @param aParamsData A non-modifiable descriptor representing the entire encoding. - * @return A pointer to the new CX509DHKeyPair object. - */ - IMPORT_C static CX509DHKeyPair* NewLC(const TDesC8& aParamsData); -public: - - /** Virtual Destructor. - * Frees all resources owned by the object, prior to its destruction. - * - */ - IMPORT_C virtual ~CX509DHKeyPair(); -protected: - /** @internalComponent */ - CX509DHKeyPair(); - /** @internalComponent */ - void ConstructL(const TDesC8& aParamsData); -}; - -class CX509DHValidationParams : public CBase -/** Validates Diffie-Hellman (DH) Domain parameters. -* -* Provides access to the DH Validation Parameters, which are used to determine -* if the DH Public Key has been generated in conformance with the algorithm -* specified in ESDH (see RFC 2631). -* -* @publishedAll -* @released -* @since v6.0 */ - { -public: - /** Creates a new DH Validation parameters object from the specified buffer containing - * the encoded binary representation. - * - * @param aBinaryData The encoded binary representation. - * @return A pointer to the new CX509DHValidationParams object. */ - IMPORT_C static CX509DHValidationParams* NewL(const TDesC8& aBinaryData); - - /** Creates a new DH Validation parameters object from the specified buffer containing - * the encoded binary representation, and puts a pointer to it onto the cleanup stack. - * - * @param aBinaryData The encoded binary representation. - * @return A pointer to the new CX509DHValidationParams object. */ - IMPORT_C static CX509DHValidationParams* NewLC(const TDesC8& aBinaryData); - - /** Creates a new DH Validation parameters object from the specified buffer containing - * the encoded binary representation, starting at the specified offset. - * - * @param aBinaryData The encoded binary representation. - * @param aPos The offset position from which to start decoding. - * @return A pointer to the new CX509DHValidationParams object. */ - IMPORT_C static CX509DHValidationParams* NewL(const TDesC8& aBinaryData, TInt& aPos); - - /** Creates a new DH Validation parameters object from the specified buffer containing - * the encoded binary representation, starting at the specified offset, and puts - * a pointer to it onto the cleanup stack. - * - * @param aBinaryData The encoded binary representation. - * @param aPos The offset position from which to start decoding. - * @return A pointer to the new CX509DHValidationParams object. */ - IMPORT_C static CX509DHValidationParams* NewLC(const TDesC8& aBinaryData, TInt& aPos); - - /** Gets a DSA prime generation seed. - * - * @return The bit string parameter used as the seed. */ - IMPORT_C const TPtrC8 Seed() const; - - /** Gets the output from a DSA prime generation counter. - * - * @return The integer value output. */ - IMPORT_C const TInteger& PGenCounter() const; - - /** Destructor. - * - * Frees all resources owned by the object, prior to its destruction. */ - virtual ~CX509DHValidationParams(); -protected: - /** @internalComponent */ - CX509DHValidationParams(); - /** @internalComponent */ - void ConstructL(const TDesC8& aBinaryData, TInt& aPos); - HBufC8* iSeed; - RInteger iPGenCounter; - }; - -class CX509DHDomainParams : public CBase -/** Encapsulates the compulsory Diffie-Hellman domain parameter values P and G -* (See RFC 2459). -* -* @publishedAll -* @released -* @since v6.0 */ - { -public: - /** Creates a new DH Domain parameters object from the specified buffer containing - * the encoded binary representation. - * - * @param aBinaryData The encoded binary representation. - * @return A pointer to the new CX509DHDomainParams object. */ - IMPORT_C static CX509DHDomainParams* NewL(const TDesC8& aBinaryData); - - /** Creates a new DH Domain parameters object from the specified buffer containing - * the encoded binary representation, and puts a pointer to it onto the cleanup stack. - * - * @param aBinaryData The encoded binary representation. - * @return A pointer to the new CX509DHDomainParams object. */ - IMPORT_C static CX509DHDomainParams* NewLC(const TDesC8& aBinaryData); - - /** Creates a new DH Domain parameters object from the specified buffer containing - * the encoded binary representation, starting at the specified offset. - * - * @param aBinaryData The encoded binary representation. - * @param aPos The offset position from which to start decoding. - * @return A pointer to the new CX509DHDomainParams object. */ - IMPORT_C static CX509DHDomainParams* NewL(const TDesC8& aBinaryData, TInt& aPos); - - /** Creates a new DH Domain parameters object from the specified buffer containing - * the encoded binary representation, starting at the specified offset, and puts - * a pointer to it onto the cleanup stack. - * - * @param aBinaryData The encoded binary representation. - * @param aPos The offset position from which to start decoding. - * @return A pointer to the new CX509DHDomainParams object. */ - IMPORT_C static CX509DHDomainParams* NewLC(const TDesC8& aBinaryData, TInt& aPos); - - /** Gets the compulsory parameter value P. - * - * @return The compulsory parameter value P. */ - IMPORT_C const TInteger& P() const; - - /** Gets the compulsory parameter value G. - * - * @return The compulsory parameter value G. */ - IMPORT_C const TInteger& G() const; - -//the next 3 members are optional, in which case NULL is returned -//the returned objects remain the property of this object - -//N.B. according to RFC 2459 the Q member is *not* optional, -//however it is not essential for doing DH, and empirical studies -//suggest it doesn't get included much, so I'm relaxing the spec here -//to permit DomainParams objects which contain no Q. - - /** Gets the optional value Q. - * - * @return The optional value Q. */ - IMPORT_C const TInteger& Q() const; - - /** Gets the optional value J. - * - * @return The optional value J. */ - IMPORT_C const TInteger& J() const; - - /** Gets the optional validation parameters. - * - * @return The optional validation parameters. */ - IMPORT_C const CX509DHValidationParams* ValidationParams() const; - - /** Destructor. - * - * Frees all resources owned by the object, prior to its destruction. */ - virtual ~CX509DHDomainParams(); -protected: - /** @internalComponent */ - CX509DHDomainParams(); - /** @internalComponent */ - void ConstructL(const TDesC8& aBinaryData, TInt& aPos); - RInteger iP; - RInteger iG; - RInteger iQ; - RInteger iJ; - CX509DHValidationParams* iValidationParams; - }; - -class TX509KeyEncoder -/** - * Abstract class that is the base class for RSA and DSA key encoder classes. - * These classes are used to encode the X509 ASN.1 types AlgorithmIdentifier and - * SubjectPublicKeyInfo. - * - * This class is part of the pkcs10 API, and will be changed or removed in a - * future release. You should not use it. - * - * @internalTechnology - */ - { -public: - /** - * Constructor that takes an algorithm identifier and saves it into the - * corresponding member variable. It is then used in the - * EncodeSignatureAlgorithm() function. - * - * @param aDigestAlg Digest algorithm to use. Currently the following - * algorithms are supported: MD2, MD5, and SHA-1. - */ - IMPORT_C TX509KeyEncoder(TAlgorithmId aDigestAlg); - - /** - * Produces the SubjectPublicKeyInfo encoding. - * - * The encoding has the following ASN.1 format: - * @code - * SubjectPublicKeyInfo {ALGORITHM : IOSet} ::= SEQUENCE { - * algorithm AlgorithmIdentifier {{IOSet}}, - * subjectPublicKey BIT STRING - * } - * @endcode - */ - IMPORT_C virtual CASN1EncBase* EncodeKeyLC() const = 0; - - /** - * Produces the AlgorithmIdentifier encoding. - * - * @return ASN.1 sequence containing signature algorithm - */ - IMPORT_C virtual CASN1EncSequence* EncodeSignatureAlgorithmLC() const = 0; - - /** - * Produces the DigestAlgorithmIdentifier encoder. - * - * The encoding has the following ASN.1 format - * @code - * DigestAlgorithmIdentifier ::= SEQUENCE { - * algorithm AlgorithmIdentifier, - * parameters ANY DEFINED BY algorithm OPTIONAL } - * - * AlgorithmIdentifier ::= OBJECT IDENTIFIER - * @endcode - * - * @return Appropriate ASN.1 sequence of type DigestAlgorithmIdentifier - */ - IMPORT_C virtual CASN1EncSequence* EncodeDigestAlgorithmLC() const; - -protected: - /** Digest algorithm to use. */ - TAlgorithmId iDigestAlg; - }; - -class TX509RSAKeyEncoder : public TX509KeyEncoder -/** - * Subclasses TC509KeyEncoder to provides key encoding capability for RSA public keys. - * - * This class is part of the pkcs10 API, and will be changed or removed in a - * future release. You should not use it. - * - * @internalTechnology - */ - { -public: - /** - * Constructs a RSA key pair encoder, saving reference to the passed - * key pair in the member variable. - * - * @param aPublicKey RSA public key to use for encoding. - * @param aDigestAlg Digest algorithm to use. - */ - IMPORT_C TX509RSAKeyEncoder(const CRSAPublicKey& aPublicKey, TAlgorithmId aDigestAlg); - - /** - * Produces the SubjectPublicKeyInfo encoding. - * - * The resulting encoding has the following form: - * @code - * SEQUENCE-OF - * SEQUENCE-OF - * OID of the encryption algorithm (KRSA) - * NULL - * BIT STRING encoded public key. - * @endcode - * - * @return DER-encoded public key information, placed on the cleanup stack. - */ - IMPORT_C virtual CASN1EncBase* EncodeKeyLC() const; - - /** - * Produces the AlgorithmIdentifier encoding. - * - * This has the following form: - * @code - * SEQUENCE-OF - * OID signature-algorithm - * NULL - * @endcode - * - * @return ASN.1 sequence containing signature algorithm encoding, - * placed on the cleanup stack. - */ - IMPORT_C virtual CASN1EncSequence* EncodeSignatureAlgorithmLC() const; - -private: - /** - * Saved reference to the RSA public key to be used for encoding. - */ - const CRSAPublicKey& iPublicKey; - }; - -class TX509DSAKeyEncoder : public TX509KeyEncoder -/** - * Provides key encoding and signing capability using a DSA public key. - * - * This class is part of the pkcs10 API, and will be changed or removed in a - * future release. You should not use it. - * - * @internalTechnology - */ - { -public: - /** - * Constructs a DSA key pair encoder, saving reference to the passed - * public key in the member variable. - * - * @param aKeyPublic DSA public key to use for encoding. - * @param aDigestAlg Digest algorithm to use. - */ - IMPORT_C TX509DSAKeyEncoder(const CDSAPublicKey& aKeyPublic, - TAlgorithmId aDigestAlg); - - /** - * Produces the SubjectPublicKeyInfo encoding. - * - * The ASN.1 encoding of a DSA key has the following form: - * @code - * SEQUENCE-OF - * SEQUENCE-OF - * OID dsa (1.2.840.10040.4.1) - * SEQUENCE-OF - * INTEGER p - * INTEGER q - * INTEGER g - * BIT STRING - * INTEGER public value (y) - * @endcode - * - * @return DER-encoded public key information, placed on the cleanup stack. - */ - IMPORT_C virtual CASN1EncBase* EncodeKeyLC() const; - - /** - * Produces the AlgorithmIdentifier encoding. - * - * This has the following form: - * @code - * SEQUENCE-OF - * OID dsa-signature-oid - * SEQUENCE-OF dsa-params - * INTEGER p - * INTEGER q - * INTEGER g - * @endcode - * - * @return ASN.1 sequence containing signature algorithm encoding, - * placed on the cleanup stack. - */ - IMPORT_C virtual CASN1EncSequence* EncodeSignatureAlgorithmLC() const; - -private: - /** - * Saved reference to the DSA public key to be used for encoding. - */ - const CDSAPublicKey& iPublicKey; - }; - -#endif +/* +* Copyright (c) 1998-2009 Nokia Corporation and/or its subsidiary(-ies). +* All rights reserved. +* This component and the accompanying materials are made available +* under the terms of the License "Eclipse Public License v1.0" +* which accompanies this distribution, and is available +* at the URL "http://www.eclipse.org/legal/epl-v10.html". +* +* Initial Contributors: +* Nokia Corporation - initial contribution. +* +* Contributors: +* +* Description: +* X.509 key classes and utility classes for key encoding/decoding. +* +*/ + + +/** + @file + @publishedAll + @released +*/ + +#if !defined (__X509KEYS_H__) +#define __X509KEYS_H__ + +#include +#include +#include +#include +#include +#include +#include + +// Forward declarations +class CASN1EncBase; +class CASN1EncContainer; +class CASN1EncSequence; +class CASN1EncBitString; + + +#ifndef SYMBIAN_ENABLE_SPLIT_HEADERS +#include +#endif + +class CX509RSAPublicKey : public CRSAPublicKey +/** Adds the capability to decode DER-encoded RSA public keys. +* +* Adds a commitment to a specific encoding scheme allowing X.509 RSA public key +* superclasses to remain encoding-independent. +* +* +* @since v6.0 +*/ + { +public: + /** Creates a new RSA Public key object from the specified buffer containing the + * encoded binary representation. + * + * Initialises the object from its encoded binary form into an internal representation. + * + * @param aBinaryData The encoded binary representation. + * @return A pointer to the new CX509RSAPublicKey object. */ + IMPORT_C static CX509RSAPublicKey* NewL(const TDesC8& aBinaryData); + + /** Creates a new RSA Public Key object from the specified buffer containing the + * encoded binary representation, and puts a pointer to it onto the cleanup stack. + * + * @param aBinaryData The encoded binary representation. + * @return A pointer to the new CX509RSAPublicKey object. */ + IMPORT_C static CX509RSAPublicKey* NewLC(const TDesC8& aBinaryData); + + /** Creates a new RSA Public key object from the specified buffer containing the + * encoded binary representation, starting at the specified offset. + * + * @param aBinaryData The encoded binary representation. + * @param aPos The offset position from which to start decoding. + * @return A pointer to the new CX509RSAPublicKey object. */ + IMPORT_C static CX509RSAPublicKey* NewL(const TDesC8& aBinaryData, TInt& aPos); + + /** Creates a new RSA Public key object from the specified buffer containing the + * encoded binary representation, starting at the specified offset, and puts + * a pointer to it onto the cleanup stack. + * + * @param aBinaryData The encoded binary representation. + * @param aPos The offset position from which to start decoding. + * @return A pointer to the new CX509RSAPublicKey object. */ + IMPORT_C static CX509RSAPublicKey* NewLC(const TDesC8& aBinaryData, TInt& aPos); +private: + void ConstructL(const TDesC8& aBinaryData, TInt& aPos); + CX509RSAPublicKey(); + }; + +class TASN1EncRSAPublicKey +/** + * Class for encoding RSA public keys to ASN.1 encoding. + * + * @since v8.0 + */ + { +public: + /** + * Encodes the supplied public key into buffer in DER format ASN.1: + * @code + * SEQUENCE-OF + * INTEGER modulus + * INTEGER exponent + * @endcode + * + * @param aKey Key to encode. + * @return Allocated buffer containing DER encoding of + * the supplied key aKey. + */ + IMPORT_C HBufC8* EncodeDERL(const CRSAPublicKey& aKey) const; + }; + +class TASN1DecRSAPublicKey +/** + * Class for decoding RSA public keys from ASN.1 DER encoding. + * + * @since v8.0 + */ + { +public: + /** + * Decodes an RSA key from the supplied buffer starting at the + * specified position. + * + * @param aDER Buffer containing DER ASN.1 encoding of the key. + * @param aPos Starting position in the buffer (updated on exit). + * @return A pointer to the new CRSAPublicKey object. + */ + IMPORT_C CRSAPublicKey* DecodeDERL(const TDesC8& aDER, TInt& aPos) const; + }; + +class TASN1DecRSAKeyPair +/** + * Class for decoding RSA key pairs from ASN.1 DER encoding. + * + * @since v8.0 + */ + { +public: + /** + * Decodes an RSA key pair from buffer containing ASN.1 + * DER-encoded private key. The encoding of a private key + * contains public key components as well. + * + * @param aDER DER-encoded private key. + * @param aPos Position in the buffer to start decoding + * (updated on exit). + * @param aPublicKey On return, the RSA public key object + * @param aPrivateKey On return, the RSA private key object + * @param aKeyType Key type, default is @c EStandardCRT + */ + IMPORT_C void DecodeDERL(const TDesC8& aDER, TInt& aPos, + CRSAPublicKey*& aPublicKey, + CRSAPrivateKey*& aPrivateKey, + TRSAPrivateKeyType aKeyType = EStandardCRT); + }; + +class CX509DSAPublicKey : public CDSAPublicKey +/** Encapsulates the X.509 DSA public key. +* +* Adds a commitment to a specific encoding scheme allowing superclasses to remain +* encoding-independent. +* +* @since v6.0 +*/ +// DSA public key, params, signature. + { +public: + /** Creates a new X.509 DSA public key object. + * + * @param aParamsData A non-modifiable descriptor representing the entire encoding. + * @param aBinaryData The encoded binary representation. + * @return A pointer to the new CX509DSAPublicKey object. */ + IMPORT_C static CX509DSAPublicKey* NewL(const TDesC8& aParamsData, const TDesC8& aBinaryData); + + /** Creates a new X.509 DSA public key object, and puts a pointer to it onto the cleanup stack. + * + * @param aParamsData A non-modifiable descriptor representing the entire encoding. + * @param aBinaryData The encoded binary representation. + * @return A pointer to the new CX509DSAPublicKey object. */ + IMPORT_C static CX509DSAPublicKey* NewLC(const TDesC8& aParamsData, const TDesC8& aBinaryData); + + /** Creates a new X.509 DSA public key object. + * + * @param aParams The DSA parameters. + * @param aBinaryData The encoded binary representation. + * @return A pointer to the new CX509DSAPublicKey object. */ + IMPORT_C static CX509DSAPublicKey* NewL(const CDSAParameters& aParams, const TDesC8& aBinaryData); + + /** Creates a new X.509 DSA public key object, and puts a pointer to it onto the cleanup stack. + * + * @param aParams The DSA parameters. + * @param aBinaryData The encoded binary representation. + * @return A pointer to the new CX509DSAPublicKey object. */ + IMPORT_C static CX509DSAPublicKey* NewLC(const CDSAParameters& aParams, const TDesC8& aBinaryData); + + /** Creates a new X.509 DSA public key object. + * + * @param aParamsData A non-modifiable descriptor representing the entire encoding. + * @param aBinaryData The encoded binary representation. + * @param aPos The position from which to start decoding. + * @return A pointer to the new CX509DSAPublicKey object. */ + IMPORT_C static CX509DSAPublicKey* NewL(const TDesC8& aParamsData, const TDesC8& aBinaryData,TInt& aPos); + + /** Creates a new X.509 DSA public key object, and puts a pointer to it onto the cleanup stack. + * + * @param aParamsData A non-modifiable descriptor representing the entire encoding. + * @param aBinaryData The encoded binary representation. + * @param aPos The position from which to start decoding. + * @return A pointer to the new CX509DSAPublicKey object. */ + IMPORT_C static CX509DSAPublicKey* NewLC(const TDesC8& aParamsData, const TDesC8& aBinaryData, TInt& aPos); + + /** Creates a new X.509 DSA public key object. + * + * @param aParams The DSA parameters. + * @param aBinaryData The encoded binary representation. + * @param aPos The position from which to start decoding. + * @return A pointer to the new CX509DSAPublicKey object. */ + IMPORT_C static CX509DSAPublicKey* NewL(const CDSAParameters& aParams, const TDesC8& aBinaryData, TInt& aPos); + + /** Creates a new X.509 DSA public key object, and puts a pointer to it onto the cleanup stack. + * + * @param aParams The DSA parameters. + * @param aBinaryData The encoded binary representation. + * @param aPos The position from which to start decoding. + * @return A pointer to the new CX509DSAPublicKey object. */ + IMPORT_C static CX509DSAPublicKey* NewLC(const CDSAParameters& aParams, const TDesC8& aBinaryData, TInt& aPos); +public: + /** Gets the DSA parameters from the encoding key. + * + * @param aParamsData A non-modifiable descriptor representing the entire encoding. + * @return The DSA parameters. */ + IMPORT_C static CDSAParameters* DSAParametersL(const TDesC8& aParamsData); +protected: + /** @internalComponent */ + void ConstructL(const TDesC8& aParamsData, const TDesC8& aBinaryData, TInt& aPos); + /** @internalComponent */ + void ConstructL(const CDSAParameters& aParams, const TDesC8& aBinaryData, TInt& aPos); + /** @internalComponent */ + CX509DSAPublicKey(); + }; + +class TASN1DecDSAKeyPair +/** + * Class for decoding DSA key pairs from ASN.1 DER encoding. + * + * @since v8.0 + */ + { +public: + /** + * Decodes a DSA key pair from a buffer containing an ASN.1 + * DER-encoded private key. + * + * The encoding of the private key contains public key components as well. + * + * The DER encoding has the following format: + * @verbatim + * SEQUENCE-OF + * INTEGER version (==0, ignored) + * INTEGER p (public prime) + * INTEGER q (160-bit public subprime, q | p-1) + * INTEGER g (public generator of subgroup) + * INTEGER x (private key) + * INTEGER y (public key y=g^x) + * @endverbatim + * + * @param aDER DER-encoded private key. + * @param aPos Position in the buffer to start decoding + * (updated on exit). + * @param aPublicKey On return, the DSA public key object + * @param aPrivateKey On return, the DSA private key object + */ + IMPORT_C void DecodeDERL(const TDesC8& aDER, TInt& aPos, + CDSAPublicKey*& aPublicKey, CDSAPrivateKey*& aPrivateKey); + }; + +/** + * Class for encoding DSA public keys to ASN.1 encoding. + * + * @since v8.0 + */ +class TASN1EncDSAPublicKey + { +public: + /** + * Encodes the supplied public key into a buffer in DER format. + * + * Note that the encoding has the following format: + * @code + * SEQUENCE-OF + * SEQUENCE-OF + * INTEGER p + * INTEGER q + * INTEGER g + * BIT STRING (encoded INTEGER public value) + * @endcode + * + * @param aKey Key to encode. + * @return Sequence containing public key information. + */ + IMPORT_C CASN1EncSequence* EncodeDERL(const CDSAPublicKey& aKey) const; + + /** + * Encodes DSA parameters into an ASN.1 encoding structure suitable for + * inclusion into other objects, like a PKCS#10 certificate request. + * + * Note that the encoding has the following form: + * @code + * SEQUENCE-OF + * INTEGER p + * INTEGER q + * INTEGER g + * @endcode + * + * @param aKey DSA public key. + * @return ASN.1 encoding structure on the cleanup stack. + */ + IMPORT_C CASN1EncSequence* EncodeParamsLC(const CDSAPublicKey& aKey) const; + + /** + * Encodes a public key as a bit string. + * + * @param aKey DSA public key. + * @return ASN.1 bit string (public key). This is left on the cleanup stack. + */ + + IMPORT_C CASN1EncBitString* EncodePublicValueLC(const CDSAPublicKey& aKey) const; + }; + +class CX509DSASignature : public CDSASignature +/** Encapsulates the X.509 DSA signature. +* +* Adds a commitment to a specific encoding scheme allowing superclasses to remain +* encoding-independent. +* +* @since v6.0 */ + { +public: + /** Creates a new DSA Signature object from the specified buffer containing the + * encoded binary representation. + * + * @param aBinaryData The encoded binary representation. + * @return A pointer to the new CX509DSASignature object. */ + IMPORT_C static CX509DSASignature* NewL(const TDesC8& aBinaryData); + + /** Creates a new DSA Signature object from the specified buffer containing the + * encoded binary representation, and puts a pointer to it onto the cleanup stack. + * + * @param aBinaryData The encoded binary representation. + * @return A pointer to the new CX509DSASignature object. */ + IMPORT_C static CX509DSASignature* NewLC(const TDesC8& aBinaryData); + + /** Creates a new DSA Signature object from the specified buffer containing the + * encoded binary representation, starting at the specified offset. + * + * @param aBinaryData The encoded binary representation. + * @param aPos The offset position from which to start decoding. + * @return A pointer to the new CX509DSASignature object. */ + IMPORT_C static CX509DSASignature* NewL(const TDesC8& aBinaryData, TInt& aPos); + + /** Creates a new DSA Signature object from the specified buffer containing the + * encoded binary representation, starting at the specified offset, and puts + * a pointer to it onto the cleanup stack. + * + * @param aBinaryData The encoded binary representation. + * @param aPos The offset position from which to start decoding. + * @return A pointer to the new CX509DSASignature object. */ + IMPORT_C static CX509DSASignature* NewLC(const TDesC8& aBinaryData, TInt& aPos); +private: + void ConstructL(const TDesC8& aBinaryData, TInt& aPos); + CX509DSASignature(); + }; + +class CX509DHPublicKey : public CDHPublicKey +/** Provides clients with the information they need for Diffie-Hellman key exchange +* within a protocol. +* +* @since v6.0 */ + { +public: + /** Creates a new CX509DHPublicKey object from the specified buffer containing the encoded + * binary representation. + * + * @param aParamsData A non-modifiable descriptor representing the entire encoding. + * @param aKeyData + * @return A pointer to the new CX509DHPublicKey object.*/ + IMPORT_C static CX509DHPublicKey* NewL(const TDesC8& aParamsData, const TDesC8& aKeyData); + + /** Creates a new CX509DHPublicKey object from the specified buffer containing the encoded + * binary representation, and puts a pointer to it onto the cleanup stack. + * + * @param aParamsData A non-modifiable descriptor representing the entire encoding. + * @param aKeyData + * @return A pointer to the new CX509DHPublicKey object.*/ + IMPORT_C static CX509DHPublicKey* NewLC(const TDesC8& aParamsData, const TDesC8& aKeyData); +public: + /** Destructor. + * + * Frees all resources owned by the object, prior to its destruction. */ + IMPORT_C virtual ~CX509DHPublicKey(); +protected: + /** @internalComponent */ + CX509DHPublicKey(); + /** @internalComponent */ + void ConstructL(const TDesC8& aParamsData, const TDesC8& aKeyData); + }; + +class CX509DHKeyPair : public CDHKeyPair +/** This class represents the Diffie-Hellman Key Pair. +* +* @since v8.0 */ +{ +public: + /** Creates a new DH key pair object from the specified buffer containing + * the encoded binary representation . + * + * @param aParamsData A non-modifiable descriptor representing the entire encoding. + * @return A pointer to the new CX509DHKeyPair object. + */ + IMPORT_C static CX509DHKeyPair* NewL(const TDesC8& aParamsData); + + /** Creates a new DH Key Pair object from the specified buffer containing the encoded binary + * representation, and puts a pointer to it onto the cleanup stack. + * + * @param aParamsData A non-modifiable descriptor representing the entire encoding. + * @return A pointer to the new CX509DHKeyPair object. + */ + IMPORT_C static CX509DHKeyPair* NewLC(const TDesC8& aParamsData); +public: + + /** Virtual Destructor. + * Frees all resources owned by the object, prior to its destruction. + * + */ + IMPORT_C virtual ~CX509DHKeyPair(); +protected: + /** @internalComponent */ + CX509DHKeyPair(); + /** @internalComponent */ + void ConstructL(const TDesC8& aParamsData); +}; + +class CX509DHValidationParams : public CBase +/** Validates Diffie-Hellman (DH) Domain parameters. +* +* Provides access to the DH Validation Parameters, which are used to determine +* if the DH Public Key has been generated in conformance with the algorithm +* specified in ESDH (see RFC 2631). +* +* @since v6.0 */ + { +public: + /** Creates a new DH Validation parameters object from the specified buffer containing + * the encoded binary representation. + * + * @param aBinaryData The encoded binary representation. + * @return A pointer to the new CX509DHValidationParams object. */ + IMPORT_C static CX509DHValidationParams* NewL(const TDesC8& aBinaryData); + + /** Creates a new DH Validation parameters object from the specified buffer containing + * the encoded binary representation, and puts a pointer to it onto the cleanup stack. + * + * @param aBinaryData The encoded binary representation. + * @return A pointer to the new CX509DHValidationParams object. */ + IMPORT_C static CX509DHValidationParams* NewLC(const TDesC8& aBinaryData); + + /** Creates a new DH Validation parameters object from the specified buffer containing + * the encoded binary representation, starting at the specified offset. + * + * @param aBinaryData The encoded binary representation. + * @param aPos The offset position from which to start decoding. + * @return A pointer to the new CX509DHValidationParams object. */ + IMPORT_C static CX509DHValidationParams* NewL(const TDesC8& aBinaryData, TInt& aPos); + + /** Creates a new DH Validation parameters object from the specified buffer containing + * the encoded binary representation, starting at the specified offset, and puts + * a pointer to it onto the cleanup stack. + * + * @param aBinaryData The encoded binary representation. + * @param aPos The offset position from which to start decoding. + * @return A pointer to the new CX509DHValidationParams object. */ + IMPORT_C static CX509DHValidationParams* NewLC(const TDesC8& aBinaryData, TInt& aPos); + + /** Gets a DSA prime generation seed. + * + * @return The bit string parameter used as the seed. */ + IMPORT_C const TPtrC8 Seed() const; + + /** Gets the output from a DSA prime generation counter. + * + * @return The integer value output. */ + IMPORT_C const TInteger& PGenCounter() const; + + /** Destructor. + * + * Frees all resources owned by the object, prior to its destruction. */ + virtual ~CX509DHValidationParams(); +protected: + /** @internalComponent */ + CX509DHValidationParams(); + /** @internalComponent */ + void ConstructL(const TDesC8& aBinaryData, TInt& aPos); + HBufC8* iSeed; + RInteger iPGenCounter; + }; + +class CX509DHDomainParams : public CBase +/** Encapsulates the compulsory Diffie-Hellman domain parameter values P and G +* (See RFC 2459). +* +* @since v6.0 */ + { +public: + /** Creates a new DH Domain parameters object from the specified buffer containing + * the encoded binary representation. + * + * @param aBinaryData The encoded binary representation. + * @return A pointer to the new CX509DHDomainParams object. */ + IMPORT_C static CX509DHDomainParams* NewL(const TDesC8& aBinaryData); + + /** Creates a new DH Domain parameters object from the specified buffer containing + * the encoded binary representation, and puts a pointer to it onto the cleanup stack. + * + * @param aBinaryData The encoded binary representation. + * @return A pointer to the new CX509DHDomainParams object. */ + IMPORT_C static CX509DHDomainParams* NewLC(const TDesC8& aBinaryData); + + /** Creates a new DH Domain parameters object from the specified buffer containing + * the encoded binary representation, starting at the specified offset. + * + * @param aBinaryData The encoded binary representation. + * @param aPos The offset position from which to start decoding. + * @return A pointer to the new CX509DHDomainParams object. */ + IMPORT_C static CX509DHDomainParams* NewL(const TDesC8& aBinaryData, TInt& aPos); + + /** Creates a new DH Domain parameters object from the specified buffer containing + * the encoded binary representation, starting at the specified offset, and puts + * a pointer to it onto the cleanup stack. + * + * @param aBinaryData The encoded binary representation. + * @param aPos The offset position from which to start decoding. + * @return A pointer to the new CX509DHDomainParams object. */ + IMPORT_C static CX509DHDomainParams* NewLC(const TDesC8& aBinaryData, TInt& aPos); + + /** Gets the compulsory parameter value P. + * + * @return The compulsory parameter value P. */ + IMPORT_C const TInteger& P() const; + + /** Gets the compulsory parameter value G. + * + * @return The compulsory parameter value G. */ + IMPORT_C const TInteger& G() const; + +//the next 3 members are optional, in which case NULL is returned +//the returned objects remain the property of this object + +//N.B. according to RFC 2459 the Q member is *not* optional, +//however it is not essential for doing DH, and empirical studies +//suggest it doesn't get included much, so I'm relaxing the spec here +//to permit DomainParams objects which contain no Q. + + /** Gets the optional value Q. + * + * @return The optional value Q. */ + IMPORT_C const TInteger& Q() const; + + /** Gets the optional value J. + * + * @return The optional value J. */ + IMPORT_C const TInteger& J() const; + + /** Gets the optional validation parameters. + * + * @return The optional validation parameters. */ + IMPORT_C const CX509DHValidationParams* ValidationParams() const; + + /** Destructor. + * + * Frees all resources owned by the object, prior to its destruction. */ + virtual ~CX509DHDomainParams(); +protected: + /** @internalComponent */ + CX509DHDomainParams(); + /** @internalComponent */ + void ConstructL(const TDesC8& aBinaryData, TInt& aPos); + RInteger iP; + RInteger iG; + RInteger iQ; + RInteger iJ; + CX509DHValidationParams* iValidationParams; + }; + +#endif