michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public michael@0: * License, v. 2.0. If a copy of the MPL was not distributed with this michael@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ michael@0: michael@0: #ifndef _KEYHI_H_ michael@0: #define _KEYHI_H_ michael@0: michael@0: #include "plarena.h" michael@0: michael@0: #include "seccomon.h" michael@0: #include "secoidt.h" michael@0: #include "secdert.h" michael@0: #include "keythi.h" michael@0: #include "certt.h" michael@0: /*#include "secpkcs5.h" */ michael@0: michael@0: SEC_BEGIN_PROTOS michael@0: michael@0: michael@0: /* michael@0: ** Destroy a subject-public-key-info object. michael@0: */ michael@0: extern void SECKEY_DestroySubjectPublicKeyInfo(CERTSubjectPublicKeyInfo *spki); michael@0: michael@0: /* michael@0: ** Copy subject-public-key-info "src" to "dst". "dst" is filled in michael@0: ** appropriately (memory is allocated for each of the sub objects). michael@0: */ michael@0: extern SECStatus SECKEY_CopySubjectPublicKeyInfo(PLArenaPool *arena, michael@0: CERTSubjectPublicKeyInfo *dst, michael@0: CERTSubjectPublicKeyInfo *src); michael@0: michael@0: /* michael@0: ** Update the PQG parameters for a cert's public key. michael@0: ** Only done for DSA certs michael@0: */ michael@0: extern SECStatus michael@0: SECKEY_UpdateCertPQG(CERTCertificate * subjectCert); michael@0: michael@0: michael@0: /* michael@0: ** Return the strength of the public key in bytes michael@0: */ michael@0: extern unsigned SECKEY_PublicKeyStrength(const SECKEYPublicKey *pubk); michael@0: michael@0: /* michael@0: ** Return the strength of the public key in bits michael@0: */ michael@0: extern unsigned SECKEY_PublicKeyStrengthInBits(const SECKEYPublicKey *pubk); michael@0: michael@0: /* michael@0: ** Return the length of the signature in bytes michael@0: */ michael@0: extern unsigned SECKEY_SignatureLen(const SECKEYPublicKey *pubk); michael@0: michael@0: /* michael@0: ** Make a copy of the private key "privKey" michael@0: */ michael@0: extern SECKEYPrivateKey *SECKEY_CopyPrivateKey(const SECKEYPrivateKey *privKey); michael@0: michael@0: /* michael@0: ** Make a copy of the public key "pubKey" michael@0: */ michael@0: extern SECKEYPublicKey *SECKEY_CopyPublicKey(const SECKEYPublicKey *pubKey); michael@0: michael@0: /* michael@0: ** Convert a private key "privateKey" into a public key michael@0: */ michael@0: extern SECKEYPublicKey *SECKEY_ConvertToPublicKey(SECKEYPrivateKey *privateKey); michael@0: michael@0: /* michael@0: * create a new RSA key pair. The private Key is returned... michael@0: */ michael@0: SECKEYPrivateKey *SECKEY_CreateRSAPrivateKey(int keySizeInBits, michael@0: SECKEYPublicKey **pubk, void *cx); michael@0: michael@0: /* michael@0: * create a new DH key pair. The private Key is returned... michael@0: */ michael@0: SECKEYPrivateKey *SECKEY_CreateDHPrivateKey(SECKEYDHParams *param, michael@0: SECKEYPublicKey **pubk, void *cx); michael@0: michael@0: /* michael@0: * create a new EC key pair. The private Key is returned... michael@0: */ michael@0: SECKEYPrivateKey *SECKEY_CreateECPrivateKey(SECKEYECParams *param, michael@0: SECKEYPublicKey **pubk, void *cx); michael@0: michael@0: /* michael@0: ** Create a subject-public-key-info based on a public key. michael@0: */ michael@0: extern CERTSubjectPublicKeyInfo * michael@0: SECKEY_CreateSubjectPublicKeyInfo(const SECKEYPublicKey *k); michael@0: michael@0: /* michael@0: ** Convert a base64 ascii encoded DER public key and challenge to spki, michael@0: ** and verify the signature and challenge data are correct michael@0: */ michael@0: extern CERTSubjectPublicKeyInfo * michael@0: SECKEY_ConvertAndDecodePublicKeyAndChallenge(char *pkacstr, char *challenge, michael@0: void *cx); michael@0: michael@0: /* michael@0: ** Encode a CERTSubjectPublicKeyInfo structure. into a michael@0: ** DER encoded subject public key info. michael@0: */ michael@0: SECItem * michael@0: SECKEY_EncodeDERSubjectPublicKeyInfo(const SECKEYPublicKey *pubk); michael@0: michael@0: /* michael@0: ** Decode a DER encoded subject public key info into a michael@0: ** CERTSubjectPublicKeyInfo structure. michael@0: */ michael@0: extern CERTSubjectPublicKeyInfo * michael@0: SECKEY_DecodeDERSubjectPublicKeyInfo(const SECItem *spkider); michael@0: michael@0: /* michael@0: ** Convert a base64 ascii encoded DER subject public key info to our michael@0: ** internal format. michael@0: */ michael@0: extern CERTSubjectPublicKeyInfo * michael@0: SECKEY_ConvertAndDecodeSubjectPublicKeyInfo(const char *spkistr); michael@0: michael@0: /* michael@0: * extract the public key from a subject Public Key info structure. michael@0: * (used by JSS). michael@0: */ michael@0: extern SECKEYPublicKey * michael@0: SECKEY_ExtractPublicKey(const CERTSubjectPublicKeyInfo *); michael@0: michael@0: /* michael@0: ** Destroy a private key object. michael@0: ** "key" the object michael@0: */ michael@0: extern void SECKEY_DestroyPrivateKey(SECKEYPrivateKey *key); michael@0: michael@0: michael@0: /* michael@0: ** Destroy a public key object. michael@0: ** "key" the object michael@0: */ michael@0: extern void SECKEY_DestroyPublicKey(SECKEYPublicKey *key); michael@0: michael@0: /* Destroy and zero out a private key info structure. for now this michael@0: * function zero's out memory allocated in an arena for the key michael@0: * since PORT_FreeArena does not currently do this. michael@0: * michael@0: * NOTE -- If a private key info is allocated in an arena, one should michael@0: * not call this function with freeit = PR_FALSE. The function should michael@0: * destroy the arena. michael@0: */ michael@0: extern void michael@0: SECKEY_DestroyPrivateKeyInfo(SECKEYPrivateKeyInfo *pvk, PRBool freeit); michael@0: michael@0: /* Destroy and zero out an encrypted private key info. michael@0: * michael@0: * NOTE -- If a encrypted private key info is allocated in an arena, one should michael@0: * not call this function with freeit = PR_FALSE. The function should michael@0: * destroy the arena. michael@0: */ michael@0: extern void michael@0: SECKEY_DestroyEncryptedPrivateKeyInfo(SECKEYEncryptedPrivateKeyInfo *epki, michael@0: PRBool freeit); michael@0: michael@0: /* Copy private key info structure. michael@0: * poolp is the arena into which the contents of from is to be copied. michael@0: * NULL is a valid entry. michael@0: * to is the destination private key info michael@0: * from is the source private key info michael@0: * if either from or to is NULL or an error occurs, SECFailure is michael@0: * returned. otherwise, SECSuccess is returned. michael@0: */ michael@0: extern SECStatus michael@0: SECKEY_CopyPrivateKeyInfo(PLArenaPool *poolp, michael@0: SECKEYPrivateKeyInfo *to, michael@0: const SECKEYPrivateKeyInfo *from); michael@0: michael@0: extern SECStatus michael@0: SECKEY_CacheStaticFlags(SECKEYPrivateKey* key); michael@0: michael@0: /* Copy encrypted private key info structure. michael@0: * poolp is the arena into which the contents of from is to be copied. michael@0: * NULL is a valid entry. michael@0: * to is the destination encrypted private key info michael@0: * from is the source encrypted private key info michael@0: * if either from or to is NULL or an error occurs, SECFailure is michael@0: * returned. otherwise, SECSuccess is returned. michael@0: */ michael@0: extern SECStatus michael@0: SECKEY_CopyEncryptedPrivateKeyInfo(PLArenaPool *poolp, michael@0: SECKEYEncryptedPrivateKeyInfo *to, michael@0: const SECKEYEncryptedPrivateKeyInfo *from); michael@0: /* michael@0: * Accessor functions for key type of public and private keys. michael@0: */ michael@0: KeyType SECKEY_GetPrivateKeyType(const SECKEYPrivateKey *privKey); michael@0: KeyType SECKEY_GetPublicKeyType(const SECKEYPublicKey *pubKey); michael@0: michael@0: /* michael@0: * Creates a PublicKey from its DER encoding. michael@0: * Currently only supports RSA, DSA, and DH keys. michael@0: */ michael@0: SECKEYPublicKey* michael@0: SECKEY_ImportDERPublicKey(const SECItem *derKey, CK_KEY_TYPE type); michael@0: michael@0: SECKEYPrivateKeyList* michael@0: SECKEY_NewPrivateKeyList(void); michael@0: michael@0: void michael@0: SECKEY_DestroyPrivateKeyList(SECKEYPrivateKeyList *keys); michael@0: michael@0: void michael@0: SECKEY_RemovePrivateKeyListNode(SECKEYPrivateKeyListNode *node); michael@0: michael@0: SECStatus michael@0: SECKEY_AddPrivateKeyToListTail( SECKEYPrivateKeyList *list, michael@0: SECKEYPrivateKey *key); michael@0: michael@0: #define PRIVKEY_LIST_HEAD(l) ((SECKEYPrivateKeyListNode*)PR_LIST_HEAD(&l->list)) michael@0: #define PRIVKEY_LIST_NEXT(n) ((SECKEYPrivateKeyListNode *)n->links.next) michael@0: #define PRIVKEY_LIST_END(n,l) (((void *)n) == ((void *)&l->list)) michael@0: michael@0: SECKEYPublicKeyList* michael@0: SECKEY_NewPublicKeyList(void); michael@0: michael@0: void michael@0: SECKEY_DestroyPublicKeyList(SECKEYPublicKeyList *keys); michael@0: michael@0: void michael@0: SECKEY_RemovePublicKeyListNode(SECKEYPublicKeyListNode *node); michael@0: michael@0: SECStatus michael@0: SECKEY_AddPublicKeyToListTail( SECKEYPublicKeyList *list, michael@0: SECKEYPublicKey *key); michael@0: michael@0: #define PUBKEY_LIST_HEAD(l) ((SECKEYPublicKeyListNode*)PR_LIST_HEAD(&l->list)) michael@0: #define PUBKEY_LIST_NEXT(n) ((SECKEYPublicKeyListNode *)n->links.next) michael@0: #define PUBKEY_LIST_END(n,l) (((void *)n) == ((void *)&l->list)) michael@0: michael@0: /* michael@0: * Length in bits of the EC's field size. This is also the length of michael@0: * the x and y coordinates of EC points, such as EC public keys and michael@0: * base points. michael@0: * michael@0: * Return 0 on failure (unknown EC domain parameters). michael@0: */ michael@0: extern int SECKEY_ECParamsToKeySize(const SECItem *params); michael@0: michael@0: /* michael@0: * Length in bits of the EC base point order, usually denoted n. This michael@0: * is also the length of EC private keys and ECDSA signature components michael@0: * r and s. michael@0: * michael@0: * Return 0 on failure (unknown EC domain parameters). michael@0: */ michael@0: extern int SECKEY_ECParamsToBasePointOrderLen(const SECItem *params); michael@0: michael@0: SEC_END_PROTOS michael@0: michael@0: #endif /* _KEYHI_H_ */