andre@0: /* This Source Code Form is subject to the terms of the Mozilla Public andre@0: * License, v. 2.0. If a copy of the MPL was not distributed with this andre@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ andre@0: andre@0: #ifndef _KEYHI_H_ andre@0: #define _KEYHI_H_ andre@0: andre@0: #include "plarena.h" andre@0: andre@0: #include "seccomon.h" andre@0: #include "secoidt.h" andre@0: #include "secdert.h" andre@0: #include "keythi.h" andre@0: #include "certt.h" andre@0: /*#include "secpkcs5.h" */ andre@0: andre@0: SEC_BEGIN_PROTOS andre@0: andre@0: andre@0: /* andre@0: ** Destroy a subject-public-key-info object. andre@0: */ andre@0: extern void SECKEY_DestroySubjectPublicKeyInfo(CERTSubjectPublicKeyInfo *spki); andre@0: andre@0: /* andre@0: ** Copy subject-public-key-info "src" to "dst". "dst" is filled in andre@0: ** appropriately (memory is allocated for each of the sub objects). andre@0: */ andre@0: extern SECStatus SECKEY_CopySubjectPublicKeyInfo(PLArenaPool *arena, andre@0: CERTSubjectPublicKeyInfo *dst, andre@0: CERTSubjectPublicKeyInfo *src); andre@0: andre@0: /* andre@0: ** Update the PQG parameters for a cert's public key. andre@0: ** Only done for DSA certs andre@0: */ andre@0: extern SECStatus andre@0: SECKEY_UpdateCertPQG(CERTCertificate * subjectCert); andre@0: andre@0: andre@0: /* andre@0: ** Return the strength of the public key in bytes andre@0: */ andre@0: extern unsigned SECKEY_PublicKeyStrength(const SECKEYPublicKey *pubk); andre@0: andre@0: /* andre@0: ** Return the strength of the public key in bits andre@0: */ andre@0: extern unsigned SECKEY_PublicKeyStrengthInBits(const SECKEYPublicKey *pubk); andre@0: andre@0: /* andre@0: ** Return the length of the signature in bytes andre@0: */ andre@0: extern unsigned SECKEY_SignatureLen(const SECKEYPublicKey *pubk); andre@0: andre@0: /* andre@0: ** Make a copy of the private key "privKey" andre@0: */ andre@0: extern SECKEYPrivateKey *SECKEY_CopyPrivateKey(const SECKEYPrivateKey *privKey); andre@0: andre@0: /* andre@0: ** Make a copy of the public key "pubKey" andre@0: */ andre@0: extern SECKEYPublicKey *SECKEY_CopyPublicKey(const SECKEYPublicKey *pubKey); andre@0: andre@0: /* andre@0: ** Convert a private key "privateKey" into a public key andre@0: */ andre@0: extern SECKEYPublicKey *SECKEY_ConvertToPublicKey(SECKEYPrivateKey *privateKey); andre@0: andre@0: /* andre@0: * create a new RSA key pair. The private Key is returned... andre@0: */ andre@0: SECKEYPrivateKey *SECKEY_CreateRSAPrivateKey(int keySizeInBits, andre@0: SECKEYPublicKey **pubk, void *cx); andre@0: andre@0: /* andre@0: * create a new DH key pair. The private Key is returned... andre@0: */ andre@0: SECKEYPrivateKey *SECKEY_CreateDHPrivateKey(SECKEYDHParams *param, andre@0: SECKEYPublicKey **pubk, void *cx); andre@0: andre@0: /* andre@0: * create a new EC key pair. The private Key is returned... andre@0: */ andre@0: SECKEYPrivateKey *SECKEY_CreateECPrivateKey(SECKEYECParams *param, andre@0: SECKEYPublicKey **pubk, void *cx); andre@0: andre@0: /* andre@0: ** Create a subject-public-key-info based on a public key. andre@0: */ andre@0: extern CERTSubjectPublicKeyInfo * andre@0: SECKEY_CreateSubjectPublicKeyInfo(const SECKEYPublicKey *k); andre@0: andre@0: /* andre@0: ** Convert a base64 ascii encoded DER public key and challenge to spki, andre@0: ** and verify the signature and challenge data are correct andre@0: */ andre@0: extern CERTSubjectPublicKeyInfo * andre@0: SECKEY_ConvertAndDecodePublicKeyAndChallenge(char *pkacstr, char *challenge, andre@0: void *cx); andre@0: andre@0: /* andre@0: ** Encode a CERTSubjectPublicKeyInfo structure. into a andre@0: ** DER encoded subject public key info. andre@0: */ andre@0: SECItem * andre@0: SECKEY_EncodeDERSubjectPublicKeyInfo(const SECKEYPublicKey *pubk); andre@0: andre@0: /* andre@0: ** Decode a DER encoded subject public key info into a andre@0: ** CERTSubjectPublicKeyInfo structure. andre@0: */ andre@0: extern CERTSubjectPublicKeyInfo * andre@0: SECKEY_DecodeDERSubjectPublicKeyInfo(const SECItem *spkider); andre@0: andre@0: /* andre@0: ** Convert a base64 ascii encoded DER subject public key info to our andre@0: ** internal format. andre@0: */ andre@0: extern CERTSubjectPublicKeyInfo * andre@0: SECKEY_ConvertAndDecodeSubjectPublicKeyInfo(const char *spkistr); andre@0: andre@0: /* andre@0: * extract the public key from a subject Public Key info structure. andre@0: * (used by JSS). andre@0: */ andre@0: extern SECKEYPublicKey * andre@0: SECKEY_ExtractPublicKey(const CERTSubjectPublicKeyInfo *); andre@0: andre@0: /* andre@0: ** Destroy a private key object. andre@0: ** "key" the object andre@0: */ andre@0: extern void SECKEY_DestroyPrivateKey(SECKEYPrivateKey *key); andre@0: andre@0: andre@0: /* andre@0: ** Destroy a public key object. andre@0: ** "key" the object andre@0: */ andre@0: extern void SECKEY_DestroyPublicKey(SECKEYPublicKey *key); andre@0: andre@0: /* Destroy and zero out a private key info structure. for now this andre@0: * function zero's out memory allocated in an arena for the key andre@0: * since PORT_FreeArena does not currently do this. andre@0: * andre@0: * NOTE -- If a private key info is allocated in an arena, one should andre@0: * not call this function with freeit = PR_FALSE. The function should andre@0: * destroy the arena. andre@0: */ andre@0: extern void andre@0: SECKEY_DestroyPrivateKeyInfo(SECKEYPrivateKeyInfo *pvk, PRBool freeit); andre@0: andre@0: /* Destroy and zero out an encrypted private key info. andre@0: * andre@0: * NOTE -- If a encrypted private key info is allocated in an arena, one should andre@0: * not call this function with freeit = PR_FALSE. The function should andre@0: * destroy the arena. andre@0: */ andre@0: extern void andre@0: SECKEY_DestroyEncryptedPrivateKeyInfo(SECKEYEncryptedPrivateKeyInfo *epki, andre@0: PRBool freeit); andre@0: andre@0: /* Copy private key info structure. andre@0: * poolp is the arena into which the contents of from is to be copied. andre@0: * NULL is a valid entry. andre@0: * to is the destination private key info andre@0: * from is the source private key info andre@0: * if either from or to is NULL or an error occurs, SECFailure is andre@0: * returned. otherwise, SECSuccess is returned. andre@0: */ andre@0: extern SECStatus andre@0: SECKEY_CopyPrivateKeyInfo(PLArenaPool *poolp, andre@0: SECKEYPrivateKeyInfo *to, andre@0: const SECKEYPrivateKeyInfo *from); andre@0: andre@0: extern SECStatus andre@0: SECKEY_CacheStaticFlags(SECKEYPrivateKey* key); andre@0: andre@0: /* Copy encrypted private key info structure. andre@0: * poolp is the arena into which the contents of from is to be copied. andre@0: * NULL is a valid entry. andre@0: * to is the destination encrypted private key info andre@0: * from is the source encrypted private key info andre@0: * if either from or to is NULL or an error occurs, SECFailure is andre@0: * returned. otherwise, SECSuccess is returned. andre@0: */ andre@0: extern SECStatus andre@0: SECKEY_CopyEncryptedPrivateKeyInfo(PLArenaPool *poolp, andre@0: SECKEYEncryptedPrivateKeyInfo *to, andre@0: const SECKEYEncryptedPrivateKeyInfo *from); andre@0: /* andre@0: * Accessor functions for key type of public and private keys. andre@0: */ andre@0: KeyType SECKEY_GetPrivateKeyType(const SECKEYPrivateKey *privKey); andre@0: KeyType SECKEY_GetPublicKeyType(const SECKEYPublicKey *pubKey); andre@0: andre@0: /* andre@0: * Creates a PublicKey from its DER encoding. andre@0: * Currently only supports RSA, DSA, and DH keys. andre@0: */ andre@0: SECKEYPublicKey* andre@0: SECKEY_ImportDERPublicKey(const SECItem *derKey, CK_KEY_TYPE type); andre@0: andre@0: SECKEYPrivateKeyList* andre@0: SECKEY_NewPrivateKeyList(void); andre@0: andre@0: void andre@0: SECKEY_DestroyPrivateKeyList(SECKEYPrivateKeyList *keys); andre@0: andre@0: void andre@0: SECKEY_RemovePrivateKeyListNode(SECKEYPrivateKeyListNode *node); andre@0: andre@0: SECStatus andre@0: SECKEY_AddPrivateKeyToListTail( SECKEYPrivateKeyList *list, andre@0: SECKEYPrivateKey *key); andre@0: andre@0: #define PRIVKEY_LIST_HEAD(l) ((SECKEYPrivateKeyListNode*)PR_LIST_HEAD(&l->list)) andre@0: #define PRIVKEY_LIST_NEXT(n) ((SECKEYPrivateKeyListNode *)n->links.next) andre@0: #define PRIVKEY_LIST_END(n,l) (((void *)n) == ((void *)&l->list)) andre@0: andre@0: SECKEYPublicKeyList* andre@0: SECKEY_NewPublicKeyList(void); andre@0: andre@0: void andre@0: SECKEY_DestroyPublicKeyList(SECKEYPublicKeyList *keys); andre@0: andre@0: void andre@0: SECKEY_RemovePublicKeyListNode(SECKEYPublicKeyListNode *node); andre@0: andre@0: SECStatus andre@0: SECKEY_AddPublicKeyToListTail( SECKEYPublicKeyList *list, andre@0: SECKEYPublicKey *key); andre@0: andre@0: #define PUBKEY_LIST_HEAD(l) ((SECKEYPublicKeyListNode*)PR_LIST_HEAD(&l->list)) andre@0: #define PUBKEY_LIST_NEXT(n) ((SECKEYPublicKeyListNode *)n->links.next) andre@0: #define PUBKEY_LIST_END(n,l) (((void *)n) == ((void *)&l->list)) andre@0: andre@0: /* andre@0: * Length in bits of the EC's field size. This is also the length of andre@0: * the x and y coordinates of EC points, such as EC public keys and andre@0: * base points. andre@0: * andre@0: * Return 0 on failure (unknown EC domain parameters). andre@0: */ andre@0: extern int SECKEY_ECParamsToKeySize(const SECItem *params); andre@0: andre@0: /* andre@0: * Length in bits of the EC base point order, usually denoted n. This andre@0: * is also the length of EC private keys and ECDSA signature components andre@0: * r and s. andre@0: * andre@0: * Return 0 on failure (unknown EC domain parameters). andre@0: */ andre@0: extern int SECKEY_ECParamsToBasePointOrderLen(const SECItem *params); andre@0: andre@0: SEC_END_PROTOS andre@0: andre@0: #endif /* _KEYHI_H_ */