/*

* Copyright (c) 2003-2009 Nokia Corporation and/or its subsidiary(-ies).

* All rights reserved.

* This component and the accompanying materials are made available

* under the terms of the License "Eclipse Public License v1.0"

* which accompanies this distribution, and is available

* at the URL "http://www.eclipse.org/legal/epl-v10.html".

*

* Initial Contributors:

* Nokia Corporation - initial contribution.

*

* Contributors:

*

* Description: 

*

*/

#ifndef __ASNPKCS_H__

#define __ASNPKCS_H__

#include <e32std.h>

#include <e32base.h>

#include <s32file.h>

#include <signed.h>

#include <x509cert.h>

#include <mctkeystore.h>

/**

 * @file

 * @publishedPartner 

 * @released

 */

class CASN1EncSequence;

class CPBEncryptParms;

/**

 * This class provides the means to encode PKCS#5 parameters 

 * into an ASN1 sequence as specified in the PKCS#5 specifications.

 * 

 */

class TASN1EncPKCS5

	{

public:

	/**

	 * Returns an ASN1 sequence encoding the given PKCS#5 PBE parameters.

	 * The ASN1 syntax used is specified in the PKCS#5 v2.0  specifications. 

	 * Refer to the specs for a detailed description of the returned sequence.

	 *

	 * This class is used, for instance, by TASN1EncPKCS8 to specify the PBE

	 * parameters of encrypted private keys.

	 *

	 * @param aParms The PBE parameters to be encoded

	 *

	 * @return An ASN1 sequence encoding the given PBE parameters.

	 */

	IMPORT_C static CASN1EncSequence* EncodeDERL(const CPBEncryptParms& aParms);

	};

/**

 * This class provides the means to decode an ASN1 sequence encoding

 * PKCS#5 PBE parameters.

 * 

 */

class TASN1DecPKCS5

	{

public:

	/**

	 * Decodes a ASN1 sequence encoding PKCS#5 PBE parameters.

	 * The ASN1 syntax is specified in the PKCS#5 v2.0  specifications.

	 *

	 * @param aBinaryData A descriptor containing the ASN1 data in binary format.

	 *

	 * @return The decoded PBE parameters.

	 */

	IMPORT_C static CPBEncryptParms* DecodeDERL(const TDesC8& aBinaryData);

	};

//!

//!	Converts stored key data and key info to PKCS8 and returns ASN1 encoding thereof

//!	

class CDecPKCS8Data;

/// The minimum number of bytes necessary to determine that data is cleartext pkcs8

const TInt KIsPKCS8DataMinLength = 24;

/// The minimum number of bytes necessary to determine that data is encrypted pkcs8

const TInt KIsEncryptedPKCS8DataMinLength = 36;

/**

 * Provides the means to decode PKCS#8 encoded private keys.

 * 

 */

class TASN1DecPKCS8

	{

public:

	/**

	 * Decodes DER encoded ASN1 data representing a PKCS#8 clear text private key.

	 * See the PKCS#8 specifications for the ASN1 syntax.

	 *

	 * @param aBinaryData A descriptor containing the ASN1 data.

	 *

	 * @return A pointer to a CDecPKCS8Data object containing the decoded private key.

	 */

	IMPORT_C static CDecPKCS8Data* DecodeDERL(const TDesC8& aBinaryData);

	/**

	 * Decodes DER encoded ASN1 data representing a PKCS#8 encrypted  private key.

	 * See the PKCS#8 specifications for the ASN1 syntax.

	 *

	 * @param aBinaryData A descriptor containing the ASN1 data.

	 * @param aPassword The password to decrypt the key.

	 *

	 * @return A pointer to a CDecPKCS8Data object containing the decoded private key.

	 */

	IMPORT_C static CDecPKCS8Data* DecodeEncryptedDERL(const TDesC8& aBinaryData, const TDesC8& aPassword);

	/**

	 * Determines if some binary data is a pkcs#8 clear text private key.

	 * 

	 * @param aBinaryData A descriptor containing the data.  This must be at

	 * least KIsPKCS8DataMinLength bytes long.

	 *

	 * @return ETrue if binary data is pkcs#8 clear text private key or EFalse if it is not.

	 */

	IMPORT_C static TBool IsPKCS8Data(const TDesC8& aBinaryData);

	/**

	 * Determines if some binary data is an encrypted pkcs#8 private key.

	 * 

	 * @param aBinaryData A descriptor containing the data.

	 *

	 * @return ETrue if binary data is an encrypted pkcs#8 private key or EFalse if it is not.

	 */

	IMPORT_C static TBool IsEncryptedPKCS8Data(const TDesC8& aBinaryData);

private:

	static TBool IsASN1Sequence(const TDesC8& aBinaryData, TInt& aPos);

	static TBool IsExpectedData(const TDesC8& aBinaryData, TInt& aPos, const TDesC8& aExpectedData);

};

//!

//!	Server side object decodes a PKCS8 data object incoming from client

//!	On construction, decodes the data to determine version, key

//!	algorithm and gives access to the key data by creating the appropriate

//!	MPKCS8DecodedKeyPairData object for the algorithm

//!	

//!	PrivateKeyInfo ::= SEQUENCE {

//!	version Version,

//!	privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,

//!	privateKey PrivateKey,

//!	attributes [0] IMPLICIT Attributes OPTIONAL }

//!	

//!	Version ::= INTEGER

//!	PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier

//!	PrivateKey ::= OCTET STRING

//!	Attributes ::= SET OF Attribute

//!

class MPKCS8DecodedKeyPairData;	//	Forward declare

/**

 * This class provides the means to decode PKCS#8 encoded private keys.

 * 

 */

class CDecPKCS8Data : public CBase

{

public:

	/**

	 * @internalComponent

	 * 

	 * Decodes a ASN1 sequence encoding PKCS#8 encrypted  private key.

	 *

	 * @param aData A descriptor containing the data.

	 *

	 * @return A pointer to a CDecPKCS8Data object containing the decoded private key.

	 */

	static CDecPKCS8Data* NewL(const TDesC8& aData);

public:

	/** 

     * Destructor

     */

	virtual ~CDecPKCS8Data();

public:

	/*

	 * Returns the version number of the certificate.

	 *

	 * @return Version number of the certificate.

	 */

	inline TInt Version() const;

	/*

	 * Return the algorithm identifier.

	 *

	 * @return algorithm identifier.

	 */

	inline TAlgorithmId Algorithm() const;

	/*

	 * Returns the key pair data. This depends on the value returned by CDecPKCS8Data::Algorithm()

	 *

	 * @return either RSA or DSA to M class key pair data. 

	 */

	inline MPKCS8DecodedKeyPairData* KeyPairData() const;

	/*

	 * Returns a DER-encoded set of PKCS8 attributes (use TASN1DecSet to decode)

	 *

	 * @return a PKCS8 attributes

	 */

	inline const TDesC8& PKCS8Attributes() const;

protected:

	/** @internalComponent */

	CDecPKCS8Data();

	/** @internalComponent */

	void ConstructL(const TDesC8& aData);

private:	//	No copying

	CDecPKCS8Data(const CDecPKCS8Data&);

	CDecPKCS8Data& operator=(CDecPKCS8Data&);

private:

	TInt iVersion;

	TAlgorithmId iAlgorithmID;

	MPKCS8DecodedKeyPairData* iKeyPairData;

	HBufC8* iAttributes;

};

//!	Mixin class for generic actions to be performed on a keypair

//!	

//!

class MPKCS8DecodedKeyPairData

{

public:

	/** 

	 * Gets a key identifier

	 *

     * @param aKeyIdentifier A descriptor containing a key identifier (SHA1 hash of modulus)

     */

	virtual void GetKeyIdentifierL(TKeyIdentifier& aKeyIdentifier) const = 0;

	virtual TUint KeySize() const = 0;	

	virtual void Release() = 0;

protected:

	virtual ~MPKCS8DecodedKeyPairData();

};

class CRSAPublicKey;

class CRSAPrivateKey;

class TASN1DecGeneric;

//!	Represents an RSA key pair and provides the means to externalize it to

//!	a stream and generate a key identifier (SHA1 hash of modulus)

//!

class CPKCS8KeyPairRSA : public CBase, public MPKCS8DecodedKeyPairData

{

public:

	/**

	 * @internalComponent

	 *

	 * Constructs the ASN1 PKCS#8 RSA private key.	 

 	 *

 	 * @param aSource A descriptor containing the key identifier

 	 *

 	 * @return A pointer to a MPKCS8DecodedKeyPairData object containing the decoded private key.

	 */ 

	static MPKCS8DecodedKeyPairData* NewL(const TASN1DecGeneric& aSource);

public:

	/** 

     * Destructor

     */

	virtual ~CPKCS8KeyPairRSA();

public:

	/** 

	 * Gets a key identifier

	 *

     * @param aKeyIdentifier A descriptor containing a key identifier

     */

	virtual void GetKeyIdentifierL(TKeyIdentifier& aKeyIdentifier) const;	

	virtual TUint KeySize() const;	

	virtual void Release();

	/** 

	 * Contructs a RSA Public Key

	 *

 	 * @return A RSA Public Key

     */

	inline const CRSAPublicKey& PublicKey() const;

	/** 

	 * Contructs a RSA Private Key

	 *

 	 * @return A RSA Private Key

     */

	inline const CRSAPrivateKey& PrivateKey() const;

protected:

	CPKCS8KeyPairRSA(){}	

	/** @internalComponent */

	void ConstructL(const TASN1DecGeneric& aSource);

private:

	CRSAPublicKey* iPublicKey;

	CRSAPrivateKey* iPrivateKey;

};

class CDSAPublicKey;

class CDSAPrivateKey;

//!	Represents a DSA key pair and provides the means to externalize it to

//!	a stream and generate a key identifier

//!

class CPKCS8KeyPairDSA : public CBase, public MPKCS8DecodedKeyPairData

{

public:

	/** 

	 * @internalComponent

	 * 

	 * Contructs the ASN1 PKCS#8 DSA private key

	 *

	 * @param aParamsData A block of PKCS#8 parameters data for DER data to decode

	 *

	 * @param aSource A descriptor containing a key identifier		

	 *

	 * @return A pointer to MPKCS8DecodedKeyPairData object containing the decoded key.

	 */

	static MPKCS8DecodedKeyPairData* NewL(const TDesC8& aParamsData, const TASN1DecGeneric& aSource);

public:

	/** 

     * Destructor

     */

	virtual ~CPKCS8KeyPairDSA();

public:

	/** 

	 * Gets a key identifier

	 *

     * @param aKeyIdentifier A descriptor containing a key identifier

     */

	virtual void GetKeyIdentifierL(TKeyIdentifier& aKeyIdentifier) const;

	virtual TUint KeySize() const;

	virtual void Release();

	/** 

	 * Contructs a DSA Public Key

	 *

 	 * @return A DSA Public Key

     */	

	inline const CDSAPublicKey& PublicKey() const;

	/** 

	 * Contructs a RSA Private Key

	 *

 	 * @return A RSA Private Key

     */	

	inline const CDSAPrivateKey& PrivateKey() const;

protected:

	CPKCS8KeyPairDSA(){}

	/** @internalComponent */

	void ConstructL(const TDesC8& aParamsData, const TASN1DecGeneric& aSource);

private:

	CDSAPublicKey* iPublicKey;

	CDSAPrivateKey* iPrivateKey;

};

class CRSAPrivateKeyCRT;

class CASN1EncOctetString;

class CASN1EncBase;

class CPBEncryptParms;

class CPBEncryptor; 

class RInteger;

/**

 * Encodes the given private key using the pkcs#8 standard.

 *

 * The returned ASN1 sequence respects the following grammar:

 * 

 *	PrivateKeyInfo ::= SEQUENCE {

 *	version Version,

 *	privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,

 *	privateKey PrivateKey,

 *	attributes [0] IMPLICIT Attributes OPTIONAL }

 *	

 *	Version ::= INTEGER

 *	PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier

 *	PrivateKey ::= OCTET STRING

 *	Attributes ::= SET OF Attribute

 *

 * The PrivateKeyAlgorithmIdentifier format it depends on the 

 * specific algorithm it represents. For RSA is specified in 

 * the PKCS#1 document, for DSA in PKCS#11.

 *

 * Or, in the case of encrypted private keys:

 *

 *	EncryptedPrivateKeyInfo ::= SEQUENCE {

 *	encryptionAlgorithm EncryptionAlgorithmIdentifier,

 *	encryptedData EncryptedData }

 *	

 *	EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier

 *	EncryptedData ::= OCTET STRING

 *

 * AlgorithmIdentifier is the ASN1 sequence defined in the

 * PKCS#5 standard. 

 */	

class TASN1EncPKCS8

	{

public:

	/**

	 * Returns the ASN1 PKCS#8 encoding of a RSA private key.

	 *

	 * The private key syntax for this key type is defined in 

	 * the PKCS#1 document. It follows the grammar:

	 *

	 * RSAPrivateKey ::= SEQUENCE {

	 *   version Version,

	 *   modulus INTEGER, -- n

	 *   publicExponent INTEGER, -- e

	 *	 privateExponent INTEGER, -- d

	 *	 prime1 INTEGER, -- p

	 *	 prime2 INTEGER, -- q

	 *	 exponent1 INTEGER, -- d mod (p-1)

	 *	 exponent2 INTEGER, -- d mod (q-1)

	 *	 coefficient INTEGER, -- (inverse of q) mod p

	 *	 otherPrimeInfos OtherPrimeInfos OPTIONAL

 	 *	}

 	 *

 	 * @param aPrivateKey The private key to be encoded (must be in CRT format)

 	 * @param aPublicKey The corresponding public key.

 	 * @param attributes A set of attributes of the extended information

 	 * 					 that is encrypted along with the private-key

 	 *					 information.

	 *

 	 * @return An ASN1 Sequence encoding the key.

	 */

	IMPORT_C static CASN1EncSequence* EncodeL(const CRSAPrivateKeyCRT& aPrivateKey,

	                                          const CRSAPublicKey& aPublicKey, const TDesC8& attributes);

	/**

	 * Encodes an RSA key in encrypted format.

	 * 

 	 * @param aPrivateKey The private key to be encoded (must be in CRT format)

 	 * @param aPublicKey The corresponding public key.

	 * @param aEncryptor The object used to encrypt the data.

	 * @param aData The encryption parameters of the given encryptor.

	 *              These parameters are stored in the resulting sequence.

 	 * @param attributes A set of attributes of the extended information

 	 * 					 that is encrypted along with the private-key

 	 *					 information.

	 *

 	 * @return An ASN1 Sequence encoding the encrypted key.

	 */

	IMPORT_C static CASN1EncSequence* EncodeEncryptedL(const CRSAPrivateKeyCRT& aPrivateKey, 

	                                                   const CRSAPublicKey& aPublicKey, 

	                                                   CPBEncryptor& aEncryptor, 

	                                                   CPBEncryptParms& aData, const TDesC8& attributes);

	/**

	 * Returns the ASN1 PKCS#8 encoding of a DSA private key.

	 *

	 * The private key syntax for this key type is defined in 

	 * the PKCS#11 document. 

	 *

 	 * @param aPrivateKey The private key to be encoded 

 	 * @param attributes A set of attributes of the extended information

 	 * 					 that is encrypted along with the private-key

 	 *					 information.

	 *

 	 * @return An ASN1 Sequence encoding the key.

	 */

	IMPORT_C static CASN1EncSequence* EncodeL(const CDSAPrivateKey& aPrivateKey, const TDesC8& attributes);

	/**

	 * Encodes a DSA key in encrypted format.

	 * 

 	 * @param aPrivateKey The private key to be encoded.

	 * @param aEncryptor The object used to encrypt the data.

	 * @param aData The encryption parameters of the given encryptor.

	 *              These parameters are stored in the resulting sequence.

 	 * @param attributes

	 *

 	 * @return An ASN1 Sequence encoding the encrypted key.

	 */

	IMPORT_C static CASN1EncSequence* EncodeEncryptedL(const CDSAPrivateKey& aPrivateKey, 

	                                                   CPBEncryptor& aEncryptor, 

	                                                   CPBEncryptParms& aData,

							  const TDesC8& attributes);

private:

	/**

	 *

	 * Converts the ASN1 element to an octet string.

	 *

	 * @param aAsnElement The ASN1 element to be converted

	 * 

	 * @return An ASN1 Octet string representing the input element.

	 */

 	static CASN1EncOctetString* ElementToOctetL(CASN1EncBase& aAsnElement);

	/**

 	 * Given a ASN1 sequence representing a private key and a CPBEncryptor object,

 	 * it returns an ASN1 octet string containing the key sequence encrypted by

 	 * the given encryptor.

 	 *

 	 * @param aKeySeq The key sequence to be encrypted.

  	 * @param aEncryptor The CPBEncryptor object used to encrypt the given key.

	 *

	 * @return An ASN1 octet string containing the encrypted key.

 	 */

	static CASN1EncOctetString* EncryptKeySequenceL(CASN1EncSequence& aKeySeq, 

	                                                CPBEncryptor& aEncryptor);

	/**

	 *

	 * Given a valid key sequence and appropriate PBE encryptors it 

	 * encrypts the key and creates a PKCS#8 sequence of type

	 * EncryptedPrivateKeyInfo.

	 *

	 * @param aPrivateKeySequence A ASN1 sequence of the private key to be 

	 *                            encrypted. Generally the structure of the

	 *                            sequence will depend on the key type.

	 * @param aEncryptor The PBE encryptor to be used to encrypt the key.

	 * @param aData The PBE encryptor parameters. This information must be 

	 *              included in the final ASN1 sequence.

	 *

	 * @return An ASN1 sequence of type EncryptedPrivateKeyInfo.

	 */

	static CASN1EncSequence* EncryptedSequenceL(CASN1EncSequence& aPrivateKeySequence, 

                                                    CPBEncryptor& aEncryptor, 

                                                    CPBEncryptParms& aData);

	/**

	* Given a CRT RSA private key it calculates the RSA private exponent "d".

	*

	* @param aPrivateKey The RSA private key in CRT format we are interested in.

	* @param aPublicKey The RSA public key

	*

	* @return The RSA private exponent "d".

	*/                                                    

    static const RInteger CalculateRSAPrivExpL(const CRSAPrivateKeyCRT& aPrivateKey, const CRSAPublicKey& aPublicKey);

	/**

	 * Adds the given DER encoded ASN1 structure to the given sequence. If the structure is KNullDesC8

	 * nothing is added. This method is used by the encoder to add the optional pkcs8 attributes to 

	 * the ASN1 pkcs8 key it generates. PKCS8 attributes are stored as uninterpreted DER encoded

	 * binary data in the keystore.

	 *

	 * @param aAttribute The DER encoded ASN1 structure.

	 * @param aSeq The sequence to which we want to add the attributes.

	 */

	static void AddAttributesL(CASN1EncSequence& aSeq, const TDesC8& aAttribute);

	};

// Inline function definition //

inline TInt CDecPKCS8Data::Version() const 

	{

	return (iVersion);

	}

inline TAlgorithmId CDecPKCS8Data::Algorithm() const 

	{

	return (iAlgorithmID);

	}

inline MPKCS8DecodedKeyPairData* CDecPKCS8Data::KeyPairData() const 

	{

	return (iKeyPairData);

	}

inline const TDesC8& CDecPKCS8Data::PKCS8Attributes() const 

	{

	if (iAttributes)

		return (*iAttributes);

	else

		return (KNullDesC8);

	}	

inline const CRSAPublicKey& CPKCS8KeyPairRSA::PublicKey() const

	{

	return *iPublicKey;

	}

inline const CRSAPrivateKey& CPKCS8KeyPairRSA::PrivateKey() const

	{

	return *iPrivateKey;

	}

inline const CDSAPublicKey& CPKCS8KeyPairDSA::PublicKey() const

	{

	return *iPublicKey;

	}

inline const CDSAPrivateKey& CPKCS8KeyPairDSA::PrivateKey() const

	{

	return *iPrivateKey;

	}

#endif	//	__ASNPKCS_H__