1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/nss/lib/cryptohi/keyhi.h Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,260 @@
1.4 +/* This Source Code Form is subject to the terms of the Mozilla Public
1.5 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.6 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.7 +
1.8 +#ifndef _KEYHI_H_
1.9 +#define _KEYHI_H_
1.10 +
1.11 +#include "plarena.h"
1.12 +
1.13 +#include "seccomon.h"
1.14 +#include "secoidt.h"
1.15 +#include "secdert.h"
1.16 +#include "keythi.h"
1.17 +#include "certt.h"
1.18 +/*#include "secpkcs5.h" */
1.19 +
1.20 +SEC_BEGIN_PROTOS
1.21 +
1.22 +
1.23 +/*
1.24 +** Destroy a subject-public-key-info object.
1.25 +*/
1.26 +extern void SECKEY_DestroySubjectPublicKeyInfo(CERTSubjectPublicKeyInfo *spki);
1.27 +
1.28 +/*
1.29 +** Copy subject-public-key-info "src" to "dst". "dst" is filled in
1.30 +** appropriately (memory is allocated for each of the sub objects).
1.31 +*/
1.32 +extern SECStatus SECKEY_CopySubjectPublicKeyInfo(PLArenaPool *arena,
1.33 + CERTSubjectPublicKeyInfo *dst,
1.34 + CERTSubjectPublicKeyInfo *src);
1.35 +
1.36 +/*
1.37 +** Update the PQG parameters for a cert's public key.
1.38 +** Only done for DSA certs
1.39 +*/
1.40 +extern SECStatus
1.41 +SECKEY_UpdateCertPQG(CERTCertificate * subjectCert);
1.42 +
1.43 +
1.44 +/*
1.45 +** Return the strength of the public key in bytes
1.46 +*/
1.47 +extern unsigned SECKEY_PublicKeyStrength(const SECKEYPublicKey *pubk);
1.48 +
1.49 +/*
1.50 +** Return the strength of the public key in bits
1.51 +*/
1.52 +extern unsigned SECKEY_PublicKeyStrengthInBits(const SECKEYPublicKey *pubk);
1.53 +
1.54 +/*
1.55 +** Return the length of the signature in bytes
1.56 +*/
1.57 +extern unsigned SECKEY_SignatureLen(const SECKEYPublicKey *pubk);
1.58 +
1.59 +/*
1.60 +** Make a copy of the private key "privKey"
1.61 +*/
1.62 +extern SECKEYPrivateKey *SECKEY_CopyPrivateKey(const SECKEYPrivateKey *privKey);
1.63 +
1.64 +/*
1.65 +** Make a copy of the public key "pubKey"
1.66 +*/
1.67 +extern SECKEYPublicKey *SECKEY_CopyPublicKey(const SECKEYPublicKey *pubKey);
1.68 +
1.69 +/*
1.70 +** Convert a private key "privateKey" into a public key
1.71 +*/
1.72 +extern SECKEYPublicKey *SECKEY_ConvertToPublicKey(SECKEYPrivateKey *privateKey);
1.73 +
1.74 +/*
1.75 + * create a new RSA key pair. The private Key is returned...
1.76 + */
1.77 +SECKEYPrivateKey *SECKEY_CreateRSAPrivateKey(int keySizeInBits,
1.78 + SECKEYPublicKey **pubk, void *cx);
1.79 +
1.80 +/*
1.81 + * create a new DH key pair. The private Key is returned...
1.82 + */
1.83 +SECKEYPrivateKey *SECKEY_CreateDHPrivateKey(SECKEYDHParams *param,
1.84 + SECKEYPublicKey **pubk, void *cx);
1.85 +
1.86 +/*
1.87 + * create a new EC key pair. The private Key is returned...
1.88 + */
1.89 +SECKEYPrivateKey *SECKEY_CreateECPrivateKey(SECKEYECParams *param,
1.90 + SECKEYPublicKey **pubk, void *cx);
1.91 +
1.92 +/*
1.93 +** Create a subject-public-key-info based on a public key.
1.94 +*/
1.95 +extern CERTSubjectPublicKeyInfo *
1.96 +SECKEY_CreateSubjectPublicKeyInfo(const SECKEYPublicKey *k);
1.97 +
1.98 +/*
1.99 +** Convert a base64 ascii encoded DER public key and challenge to spki,
1.100 +** and verify the signature and challenge data are correct
1.101 +*/
1.102 +extern CERTSubjectPublicKeyInfo *
1.103 +SECKEY_ConvertAndDecodePublicKeyAndChallenge(char *pkacstr, char *challenge,
1.104 + void *cx);
1.105 +
1.106 +/*
1.107 +** Encode a CERTSubjectPublicKeyInfo structure. into a
1.108 +** DER encoded subject public key info.
1.109 +*/
1.110 +SECItem *
1.111 +SECKEY_EncodeDERSubjectPublicKeyInfo(const SECKEYPublicKey *pubk);
1.112 +
1.113 +/*
1.114 +** Decode a DER encoded subject public key info into a
1.115 +** CERTSubjectPublicKeyInfo structure.
1.116 +*/
1.117 +extern CERTSubjectPublicKeyInfo *
1.118 +SECKEY_DecodeDERSubjectPublicKeyInfo(const SECItem *spkider);
1.119 +
1.120 +/*
1.121 +** Convert a base64 ascii encoded DER subject public key info to our
1.122 +** internal format.
1.123 +*/
1.124 +extern CERTSubjectPublicKeyInfo *
1.125 +SECKEY_ConvertAndDecodeSubjectPublicKeyInfo(const char *spkistr);
1.126 +
1.127 +/*
1.128 + * extract the public key from a subject Public Key info structure.
1.129 + * (used by JSS).
1.130 + */
1.131 +extern SECKEYPublicKey *
1.132 +SECKEY_ExtractPublicKey(const CERTSubjectPublicKeyInfo *);
1.133 +
1.134 +/*
1.135 +** Destroy a private key object.
1.136 +** "key" the object
1.137 +*/
1.138 +extern void SECKEY_DestroyPrivateKey(SECKEYPrivateKey *key);
1.139 +
1.140 +
1.141 +/*
1.142 +** Destroy a public key object.
1.143 +** "key" the object
1.144 +*/
1.145 +extern void SECKEY_DestroyPublicKey(SECKEYPublicKey *key);
1.146 +
1.147 +/* Destroy and zero out a private key info structure. for now this
1.148 + * function zero's out memory allocated in an arena for the key
1.149 + * since PORT_FreeArena does not currently do this.
1.150 + *
1.151 + * NOTE -- If a private key info is allocated in an arena, one should
1.152 + * not call this function with freeit = PR_FALSE. The function should
1.153 + * destroy the arena.
1.154 + */
1.155 +extern void
1.156 +SECKEY_DestroyPrivateKeyInfo(SECKEYPrivateKeyInfo *pvk, PRBool freeit);
1.157 +
1.158 +/* Destroy and zero out an encrypted private key info.
1.159 + *
1.160 + * NOTE -- If a encrypted private key info is allocated in an arena, one should
1.161 + * not call this function with freeit = PR_FALSE. The function should
1.162 + * destroy the arena.
1.163 + */
1.164 +extern void
1.165 +SECKEY_DestroyEncryptedPrivateKeyInfo(SECKEYEncryptedPrivateKeyInfo *epki,
1.166 + PRBool freeit);
1.167 +
1.168 +/* Copy private key info structure.
1.169 + * poolp is the arena into which the contents of from is to be copied.
1.170 + * NULL is a valid entry.
1.171 + * to is the destination private key info
1.172 + * from is the source private key info
1.173 + * if either from or to is NULL or an error occurs, SECFailure is
1.174 + * returned. otherwise, SECSuccess is returned.
1.175 + */
1.176 +extern SECStatus
1.177 +SECKEY_CopyPrivateKeyInfo(PLArenaPool *poolp,
1.178 + SECKEYPrivateKeyInfo *to,
1.179 + const SECKEYPrivateKeyInfo *from);
1.180 +
1.181 +extern SECStatus
1.182 +SECKEY_CacheStaticFlags(SECKEYPrivateKey* key);
1.183 +
1.184 +/* Copy encrypted private key info structure.
1.185 + * poolp is the arena into which the contents of from is to be copied.
1.186 + * NULL is a valid entry.
1.187 + * to is the destination encrypted private key info
1.188 + * from is the source encrypted private key info
1.189 + * if either from or to is NULL or an error occurs, SECFailure is
1.190 + * returned. otherwise, SECSuccess is returned.
1.191 + */
1.192 +extern SECStatus
1.193 +SECKEY_CopyEncryptedPrivateKeyInfo(PLArenaPool *poolp,
1.194 + SECKEYEncryptedPrivateKeyInfo *to,
1.195 + const SECKEYEncryptedPrivateKeyInfo *from);
1.196 +/*
1.197 + * Accessor functions for key type of public and private keys.
1.198 + */
1.199 +KeyType SECKEY_GetPrivateKeyType(const SECKEYPrivateKey *privKey);
1.200 +KeyType SECKEY_GetPublicKeyType(const SECKEYPublicKey *pubKey);
1.201 +
1.202 +/*
1.203 + * Creates a PublicKey from its DER encoding.
1.204 + * Currently only supports RSA, DSA, and DH keys.
1.205 + */
1.206 +SECKEYPublicKey*
1.207 +SECKEY_ImportDERPublicKey(const SECItem *derKey, CK_KEY_TYPE type);
1.208 +
1.209 +SECKEYPrivateKeyList*
1.210 +SECKEY_NewPrivateKeyList(void);
1.211 +
1.212 +void
1.213 +SECKEY_DestroyPrivateKeyList(SECKEYPrivateKeyList *keys);
1.214 +
1.215 +void
1.216 +SECKEY_RemovePrivateKeyListNode(SECKEYPrivateKeyListNode *node);
1.217 +
1.218 +SECStatus
1.219 +SECKEY_AddPrivateKeyToListTail( SECKEYPrivateKeyList *list,
1.220 + SECKEYPrivateKey *key);
1.221 +
1.222 +#define PRIVKEY_LIST_HEAD(l) ((SECKEYPrivateKeyListNode*)PR_LIST_HEAD(&l->list))
1.223 +#define PRIVKEY_LIST_NEXT(n) ((SECKEYPrivateKeyListNode *)n->links.next)
1.224 +#define PRIVKEY_LIST_END(n,l) (((void *)n) == ((void *)&l->list))
1.225 +
1.226 +SECKEYPublicKeyList*
1.227 +SECKEY_NewPublicKeyList(void);
1.228 +
1.229 +void
1.230 +SECKEY_DestroyPublicKeyList(SECKEYPublicKeyList *keys);
1.231 +
1.232 +void
1.233 +SECKEY_RemovePublicKeyListNode(SECKEYPublicKeyListNode *node);
1.234 +
1.235 +SECStatus
1.236 +SECKEY_AddPublicKeyToListTail( SECKEYPublicKeyList *list,
1.237 + SECKEYPublicKey *key);
1.238 +
1.239 +#define PUBKEY_LIST_HEAD(l) ((SECKEYPublicKeyListNode*)PR_LIST_HEAD(&l->list))
1.240 +#define PUBKEY_LIST_NEXT(n) ((SECKEYPublicKeyListNode *)n->links.next)
1.241 +#define PUBKEY_LIST_END(n,l) (((void *)n) == ((void *)&l->list))
1.242 +
1.243 +/*
1.244 + * Length in bits of the EC's field size. This is also the length of
1.245 + * the x and y coordinates of EC points, such as EC public keys and
1.246 + * base points.
1.247 + *
1.248 + * Return 0 on failure (unknown EC domain parameters).
1.249 + */
1.250 +extern int SECKEY_ECParamsToKeySize(const SECItem *params);
1.251 +
1.252 +/*
1.253 + * Length in bits of the EC base point order, usually denoted n. This
1.254 + * is also the length of EC private keys and ECDSA signature components
1.255 + * r and s.
1.256 + *
1.257 + * Return 0 on failure (unknown EC domain parameters).
1.258 + */
1.259 +extern int SECKEY_ECParamsToBasePointOrderLen(const SECItem *params);
1.260 +
1.261 +SEC_END_PROTOS
1.262 +
1.263 +#endif /* _KEYHI_H_ */
