security/nss/lib/cryptohi/keyhi.h@7e26c7da4463 (annotated)
security/nss/lib/cryptohi/keyhi.h
Wed, 31 Dec 2014 06:55:50 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 31 Dec 2014 06:55:50 +0100
- changeset 2
- 7e26c7da4463
- permissions
- -rw-r--r--
Added tag UPSTREAM_283F7C6 for changeset ca08bd8f51b2
| michael@0 | 1 | /* This Source Code Form is subject to the terms of the Mozilla Public |
| michael@0 | 2 | * License, v. 2.0. If a copy of the MPL was not distributed with this |
| michael@0 | 3 | * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| michael@0 | 4 | |
| michael@0 | 5 | #ifndef _KEYHI_H_ |
| michael@0 | 6 | #define _KEYHI_H_ |
| michael@0 | 7 | |
| michael@0 | 8 | #include "plarena.h" |
| michael@0 | 9 | |
| michael@0 | 10 | #include "seccomon.h" |
| michael@0 | 11 | #include "secoidt.h" |
| michael@0 | 12 | #include "secdert.h" |
| michael@0 | 13 | #include "keythi.h" |
| michael@0 | 14 | #include "certt.h" |
| michael@0 | 15 | /*#include "secpkcs5.h" */ |
| michael@0 | 16 | |
| michael@0 | 17 | SEC_BEGIN_PROTOS |
| michael@0 | 18 | |
| michael@0 | 19 | |
| michael@0 | 20 | /* |
| michael@0 | 21 | ** Destroy a subject-public-key-info object. |
| michael@0 | 22 | */ |
| michael@0 | 23 | extern void SECKEY_DestroySubjectPublicKeyInfo(CERTSubjectPublicKeyInfo *spki); |
| michael@0 | 24 | |
| michael@0 | 25 | /* |
| michael@0 | 26 | ** Copy subject-public-key-info "src" to "dst". "dst" is filled in |
| michael@0 | 27 | ** appropriately (memory is allocated for each of the sub objects). |
| michael@0 | 28 | */ |
| michael@0 | 29 | extern SECStatus SECKEY_CopySubjectPublicKeyInfo(PLArenaPool *arena, |
| michael@0 | 30 | CERTSubjectPublicKeyInfo *dst, |
| michael@0 | 31 | CERTSubjectPublicKeyInfo *src); |
| michael@0 | 32 | |
| michael@0 | 33 | /* |
| michael@0 | 34 | ** Update the PQG parameters for a cert's public key. |
| michael@0 | 35 | ** Only done for DSA certs |
| michael@0 | 36 | */ |
| michael@0 | 37 | extern SECStatus |
| michael@0 | 38 | SECKEY_UpdateCertPQG(CERTCertificate * subjectCert); |
| michael@0 | 39 | |
| michael@0 | 40 | |
| michael@0 | 41 | /* |
| michael@0 | 42 | ** Return the strength of the public key in bytes |
| michael@0 | 43 | */ |
| michael@0 | 44 | extern unsigned SECKEY_PublicKeyStrength(const SECKEYPublicKey *pubk); |
| michael@0 | 45 | |
| michael@0 | 46 | /* |
| michael@0 | 47 | ** Return the strength of the public key in bits |
| michael@0 | 48 | */ |
| michael@0 | 49 | extern unsigned SECKEY_PublicKeyStrengthInBits(const SECKEYPublicKey *pubk); |
| michael@0 | 50 | |
| michael@0 | 51 | /* |
| michael@0 | 52 | ** Return the length of the signature in bytes |
| michael@0 | 53 | */ |
| michael@0 | 54 | extern unsigned SECKEY_SignatureLen(const SECKEYPublicKey *pubk); |
| michael@0 | 55 | |
| michael@0 | 56 | /* |
| michael@0 | 57 | ** Make a copy of the private key "privKey" |
| michael@0 | 58 | */ |
| michael@0 | 59 | extern SECKEYPrivateKey *SECKEY_CopyPrivateKey(const SECKEYPrivateKey *privKey); |
| michael@0 | 60 | |
| michael@0 | 61 | /* |
| michael@0 | 62 | ** Make a copy of the public key "pubKey" |
| michael@0 | 63 | */ |
| michael@0 | 64 | extern SECKEYPublicKey *SECKEY_CopyPublicKey(const SECKEYPublicKey *pubKey); |
| michael@0 | 65 | |
| michael@0 | 66 | /* |
| michael@0 | 67 | ** Convert a private key "privateKey" into a public key |
| michael@0 | 68 | */ |
| michael@0 | 69 | extern SECKEYPublicKey *SECKEY_ConvertToPublicKey(SECKEYPrivateKey *privateKey); |
| michael@0 | 70 | |
| michael@0 | 71 | /* |
| michael@0 | 72 | * create a new RSA key pair. The private Key is returned... |
| michael@0 | 73 | */ |
| michael@0 | 74 | SECKEYPrivateKey *SECKEY_CreateRSAPrivateKey(int keySizeInBits, |
| michael@0 | 75 | SECKEYPublicKey **pubk, void *cx); |
| michael@0 | 76 | |
| michael@0 | 77 | /* |
| michael@0 | 78 | * create a new DH key pair. The private Key is returned... |
| michael@0 | 79 | */ |
| michael@0 | 80 | SECKEYPrivateKey *SECKEY_CreateDHPrivateKey(SECKEYDHParams *param, |
| michael@0 | 81 | SECKEYPublicKey **pubk, void *cx); |
| michael@0 | 82 | |
| michael@0 | 83 | /* |
| michael@0 | 84 | * create a new EC key pair. The private Key is returned... |
| michael@0 | 85 | */ |
| michael@0 | 86 | SECKEYPrivateKey *SECKEY_CreateECPrivateKey(SECKEYECParams *param, |
| michael@0 | 87 | SECKEYPublicKey **pubk, void *cx); |
| michael@0 | 88 | |
| michael@0 | 89 | /* |
| michael@0 | 90 | ** Create a subject-public-key-info based on a public key. |
| michael@0 | 91 | */ |
| michael@0 | 92 | extern CERTSubjectPublicKeyInfo * |
| michael@0 | 93 | SECKEY_CreateSubjectPublicKeyInfo(const SECKEYPublicKey *k); |
| michael@0 | 94 | |
| michael@0 | 95 | /* |
| michael@0 | 96 | ** Convert a base64 ascii encoded DER public key and challenge to spki, |
| michael@0 | 97 | ** and verify the signature and challenge data are correct |
| michael@0 | 98 | */ |
| michael@0 | 99 | extern CERTSubjectPublicKeyInfo * |
| michael@0 | 100 | SECKEY_ConvertAndDecodePublicKeyAndChallenge(char *pkacstr, char *challenge, |
| michael@0 | 101 | void *cx); |
| michael@0 | 102 | |
| michael@0 | 103 | /* |
| michael@0 | 104 | ** Encode a CERTSubjectPublicKeyInfo structure. into a |
| michael@0 | 105 | ** DER encoded subject public key info. |
| michael@0 | 106 | */ |
| michael@0 | 107 | SECItem * |
| michael@0 | 108 | SECKEY_EncodeDERSubjectPublicKeyInfo(const SECKEYPublicKey *pubk); |
| michael@0 | 109 | |
| michael@0 | 110 | /* |
| michael@0 | 111 | ** Decode a DER encoded subject public key info into a |
| michael@0 | 112 | ** CERTSubjectPublicKeyInfo structure. |
| michael@0 | 113 | */ |
| michael@0 | 114 | extern CERTSubjectPublicKeyInfo * |
| michael@0 | 115 | SECKEY_DecodeDERSubjectPublicKeyInfo(const SECItem *spkider); |
| michael@0 | 116 | |
| michael@0 | 117 | /* |
| michael@0 | 118 | ** Convert a base64 ascii encoded DER subject public key info to our |
| michael@0 | 119 | ** internal format. |
| michael@0 | 120 | */ |
| michael@0 | 121 | extern CERTSubjectPublicKeyInfo * |
| michael@0 | 122 | SECKEY_ConvertAndDecodeSubjectPublicKeyInfo(const char *spkistr); |
| michael@0 | 123 | |
| michael@0 | 124 | /* |
| michael@0 | 125 | * extract the public key from a subject Public Key info structure. |
| michael@0 | 126 | * (used by JSS). |
| michael@0 | 127 | */ |
| michael@0 | 128 | extern SECKEYPublicKey * |
| michael@0 | 129 | SECKEY_ExtractPublicKey(const CERTSubjectPublicKeyInfo *); |
| michael@0 | 130 | |
| michael@0 | 131 | /* |
| michael@0 | 132 | ** Destroy a private key object. |
| michael@0 | 133 | ** "key" the object |
| michael@0 | 134 | */ |
| michael@0 | 135 | extern void SECKEY_DestroyPrivateKey(SECKEYPrivateKey *key); |
| michael@0 | 136 | |
| michael@0 | 137 | |
| michael@0 | 138 | /* |
| michael@0 | 139 | ** Destroy a public key object. |
| michael@0 | 140 | ** "key" the object |
| michael@0 | 141 | */ |
| michael@0 | 142 | extern void SECKEY_DestroyPublicKey(SECKEYPublicKey *key); |
| michael@0 | 143 | |
| michael@0 | 144 | /* Destroy and zero out a private key info structure. for now this |
| michael@0 | 145 | * function zero's out memory allocated in an arena for the key |
| michael@0 | 146 | * since PORT_FreeArena does not currently do this. |
| michael@0 | 147 | * |
| michael@0 | 148 | * NOTE -- If a private key info is allocated in an arena, one should |
| michael@0 | 149 | * not call this function with freeit = PR_FALSE. The function should |
| michael@0 | 150 | * destroy the arena. |
| michael@0 | 151 | */ |
| michael@0 | 152 | extern void |
| michael@0 | 153 | SECKEY_DestroyPrivateKeyInfo(SECKEYPrivateKeyInfo *pvk, PRBool freeit); |
| michael@0 | 154 | |
| michael@0 | 155 | /* Destroy and zero out an encrypted private key info. |
| michael@0 | 156 | * |
| michael@0 | 157 | * NOTE -- If a encrypted private key info is allocated in an arena, one should |
| michael@0 | 158 | * not call this function with freeit = PR_FALSE. The function should |
| michael@0 | 159 | * destroy the arena. |
| michael@0 | 160 | */ |
| michael@0 | 161 | extern void |
| michael@0 | 162 | SECKEY_DestroyEncryptedPrivateKeyInfo(SECKEYEncryptedPrivateKeyInfo *epki, |
| michael@0 | 163 | PRBool freeit); |
| michael@0 | 164 | |
| michael@0 | 165 | /* Copy private key info structure. |
| michael@0 | 166 | * poolp is the arena into which the contents of from is to be copied. |
| michael@0 | 167 | * NULL is a valid entry. |
| michael@0 | 168 | * to is the destination private key info |
| michael@0 | 169 | * from is the source private key info |
| michael@0 | 170 | * if either from or to is NULL or an error occurs, SECFailure is |
| michael@0 | 171 | * returned. otherwise, SECSuccess is returned. |
| michael@0 | 172 | */ |
| michael@0 | 173 | extern SECStatus |
| michael@0 | 174 | SECKEY_CopyPrivateKeyInfo(PLArenaPool *poolp, |
| michael@0 | 175 | SECKEYPrivateKeyInfo *to, |
| michael@0 | 176 | const SECKEYPrivateKeyInfo *from); |
| michael@0 | 177 | |
| michael@0 | 178 | extern SECStatus |
| michael@0 | 179 | SECKEY_CacheStaticFlags(SECKEYPrivateKey* key); |
| michael@0 | 180 | |
| michael@0 | 181 | /* Copy encrypted private key info structure. |
| michael@0 | 182 | * poolp is the arena into which the contents of from is to be copied. |
| michael@0 | 183 | * NULL is a valid entry. |
| michael@0 | 184 | * to is the destination encrypted private key info |
| michael@0 | 185 | * from is the source encrypted private key info |
| michael@0 | 186 | * if either from or to is NULL or an error occurs, SECFailure is |
| michael@0 | 187 | * returned. otherwise, SECSuccess is returned. |
| michael@0 | 188 | */ |
| michael@0 | 189 | extern SECStatus |
| michael@0 | 190 | SECKEY_CopyEncryptedPrivateKeyInfo(PLArenaPool *poolp, |
| michael@0 | 191 | SECKEYEncryptedPrivateKeyInfo *to, |
| michael@0 | 192 | const SECKEYEncryptedPrivateKeyInfo *from); |
| michael@0 | 193 | /* |
| michael@0 | 194 | * Accessor functions for key type of public and private keys. |
| michael@0 | 195 | */ |
| michael@0 | 196 | KeyType SECKEY_GetPrivateKeyType(const SECKEYPrivateKey *privKey); |
| michael@0 | 197 | KeyType SECKEY_GetPublicKeyType(const SECKEYPublicKey *pubKey); |
| michael@0 | 198 | |
| michael@0 | 199 | /* |
| michael@0 | 200 | * Creates a PublicKey from its DER encoding. |
| michael@0 | 201 | * Currently only supports RSA, DSA, and DH keys. |
| michael@0 | 202 | */ |
| michael@0 | 203 | SECKEYPublicKey* |
| michael@0 | 204 | SECKEY_ImportDERPublicKey(const SECItem *derKey, CK_KEY_TYPE type); |
| michael@0 | 205 | |
| michael@0 | 206 | SECKEYPrivateKeyList* |
| michael@0 | 207 | SECKEY_NewPrivateKeyList(void); |
| michael@0 | 208 | |
| michael@0 | 209 | void |
| michael@0 | 210 | SECKEY_DestroyPrivateKeyList(SECKEYPrivateKeyList *keys); |
| michael@0 | 211 | |
| michael@0 | 212 | void |
| michael@0 | 213 | SECKEY_RemovePrivateKeyListNode(SECKEYPrivateKeyListNode *node); |
| michael@0 | 214 | |
| michael@0 | 215 | SECStatus |
| michael@0 | 216 | SECKEY_AddPrivateKeyToListTail( SECKEYPrivateKeyList *list, |
| michael@0 | 217 | SECKEYPrivateKey *key); |
| michael@0 | 218 | |
| michael@0 | 219 | #define PRIVKEY_LIST_HEAD(l) ((SECKEYPrivateKeyListNode*)PR_LIST_HEAD(&l->list)) |
| michael@0 | 220 | #define PRIVKEY_LIST_NEXT(n) ((SECKEYPrivateKeyListNode *)n->links.next) |
| michael@0 | 221 | #define PRIVKEY_LIST_END(n,l) (((void *)n) == ((void *)&l->list)) |
| michael@0 | 222 | |
| michael@0 | 223 | SECKEYPublicKeyList* |
| michael@0 | 224 | SECKEY_NewPublicKeyList(void); |
| michael@0 | 225 | |
| michael@0 | 226 | void |
| michael@0 | 227 | SECKEY_DestroyPublicKeyList(SECKEYPublicKeyList *keys); |
| michael@0 | 228 | |
| michael@0 | 229 | void |
| michael@0 | 230 | SECKEY_RemovePublicKeyListNode(SECKEYPublicKeyListNode *node); |
| michael@0 | 231 | |
| michael@0 | 232 | SECStatus |
| michael@0 | 233 | SECKEY_AddPublicKeyToListTail( SECKEYPublicKeyList *list, |
| michael@0 | 234 | SECKEYPublicKey *key); |
| michael@0 | 235 | |
| michael@0 | 236 | #define PUBKEY_LIST_HEAD(l) ((SECKEYPublicKeyListNode*)PR_LIST_HEAD(&l->list)) |
| michael@0 | 237 | #define PUBKEY_LIST_NEXT(n) ((SECKEYPublicKeyListNode *)n->links.next) |
| michael@0 | 238 | #define PUBKEY_LIST_END(n,l) (((void *)n) == ((void *)&l->list)) |
| michael@0 | 239 | |
| michael@0 | 240 | /* |
| michael@0 | 241 | * Length in bits of the EC's field size. This is also the length of |
| michael@0 | 242 | * the x and y coordinates of EC points, such as EC public keys and |
| michael@0 | 243 | * base points. |
| michael@0 | 244 | * |
| michael@0 | 245 | * Return 0 on failure (unknown EC domain parameters). |
| michael@0 | 246 | */ |
| michael@0 | 247 | extern int SECKEY_ECParamsToKeySize(const SECItem *params); |
| michael@0 | 248 | |
| michael@0 | 249 | /* |
| michael@0 | 250 | * Length in bits of the EC base point order, usually denoted n. This |
| michael@0 | 251 | * is also the length of EC private keys and ECDSA signature components |
| michael@0 | 252 | * r and s. |
| michael@0 | 253 | * |
| michael@0 | 254 | * Return 0 on failure (unknown EC domain parameters). |
| michael@0 | 255 | */ |
| michael@0 | 256 | extern int SECKEY_ECParamsToBasePointOrderLen(const SECItem *params); |
| michael@0 | 257 | |
| michael@0 | 258 | SEC_END_PROTOS |
| michael@0 | 259 | |
| michael@0 | 260 | #endif /* _KEYHI_H_ */ |
