Back to index

lightning-sunbird  0.9+nobinonly
pk11pub.h
Go to the documentation of this file.
00001 /* ***** BEGIN LICENSE BLOCK *****
00002  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
00003  *
00004  * The contents of this file are subject to the Mozilla Public License Version
00005  * 1.1 (the "License"); you may not use this file except in compliance with
00006  * the License. You may obtain a copy of the License at
00007  * http://www.mozilla.org/MPL/
00008  *
00009  * Software distributed under the License is distributed on an "AS IS" basis,
00010  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
00011  * for the specific language governing rights and limitations under the
00012  * License.
00013  *
00014  * The Original Code is the Netscape security libraries.
00015  *
00016  * The Initial Developer of the Original Code is
00017  * Netscape Communications Corporation.
00018  * Portions created by the Initial Developer are Copyright (C) 1994-2000
00019  * the Initial Developer. All Rights Reserved.
00020  *
00021  * Contributor(s):
00022  *   Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
00023  *
00024  * Alternatively, the contents of this file may be used under the terms of
00025  * either the GNU General Public License Version 2 or later (the "GPL"), or
00026  * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
00027  * in which case the provisions of the GPL or the LGPL are applicable instead
00028  * of those above. If you wish to allow use of your version of this file only
00029  * under the terms of either the GPL or the LGPL, and not to allow others to
00030  * use your version of this file under the terms of the MPL, indicate your
00031  * decision by deleting the provisions above and replace them with the notice
00032  * and other provisions required by the GPL or the LGPL. If you do not delete
00033  * the provisions above, a recipient may use your version of this file under
00034  * the terms of any one of the MPL, the GPL or the LGPL.
00035  *
00036  * ***** END LICENSE BLOCK ***** */
00037 #ifndef _PK11PUB_H_
00038 #define _PK11PUB_H_
00039 #include "plarena.h"
00040 #include "seccomon.h"
00041 #include "secoidt.h"
00042 #include "secdert.h"
00043 #include "keyt.h"
00044 #include "certt.h"
00045 #include "pkcs11t.h"
00046 #include "secmodt.h"
00047 #include "seccomon.h"
00048 #include "pkcs7t.h"
00049 #include "cmsreclist.h"
00050 
00051 /*
00052  * Exported PK11 wrap functions.
00053  */
00054 
00055 SEC_BEGIN_PROTOS
00056 
00057 /************************************************************
00058  * Generic Slot Lists Management
00059  ************************************************************/
00060 void PK11_FreeSlotList(PK11SlotList *list);
00061 SECStatus PK11_FreeSlotListElement(PK11SlotList *list, PK11SlotListElement *le);
00062 PK11SlotListElement * PK11_GetFirstSafe(PK11SlotList *list);
00063 PK11SlotListElement *PK11_GetNextSafe(PK11SlotList *list, 
00064                             PK11SlotListElement *le, PRBool restart);
00065 
00066 /************************************************************
00067  * Generic Slot Management
00068  ************************************************************/
00069 PK11SlotInfo *PK11_ReferenceSlot(PK11SlotInfo *slot);
00070 void PK11_FreeSlot(PK11SlotInfo *slot);
00071 SECStatus PK11_DestroyObject(PK11SlotInfo *slot,CK_OBJECT_HANDLE object);
00072 SECStatus PK11_DestroyTokenObject(PK11SlotInfo *slot,CK_OBJECT_HANDLE object);
00073 PK11SlotInfo *PK11_GetInternalKeySlot(void);
00074 PK11SlotInfo *PK11_GetInternalSlot(void);
00075 SECStatus PK11_Logout(PK11SlotInfo *slot);
00076 void PK11_LogoutAll(void);
00077 
00078 
00079 /************************************************************
00080  *  Slot Password Management
00081  ************************************************************/
00082 void PK11_SetSlotPWValues(PK11SlotInfo *slot,int askpw, int timeout);
00083 void PK11_GetSlotPWValues(PK11SlotInfo *slot,int *askpw, int *timeout);
00084 SECStatus PK11_CheckSSOPassword(PK11SlotInfo *slot, char *ssopw);
00085 SECStatus PK11_CheckUserPassword(PK11SlotInfo *slot,char *pw);
00086 PRBool PK11_IsLoggedIn(PK11SlotInfo *slot, void *wincx);
00087 SECStatus PK11_InitPin(PK11SlotInfo *slot,char *ssopw, char *pk11_userpwd);
00088 SECStatus PK11_ChangePW(PK11SlotInfo *slot,char *oldpw, char *newpw);
00089 void PK11_SetPasswordFunc(PK11PasswordFunc func);
00090 int PK11_GetMinimumPwdLength(PK11SlotInfo *slot);
00091 SECStatus PK11_ResetToken(PK11SlotInfo *slot, char *sso_pwd);
00092 SECStatus PK11_Authenticate(PK11SlotInfo *slot, PRBool loadCerts, void *wincx);
00093 SECStatus PK11_TokenRefresh(PK11SlotInfo *slot);
00094 
00095 
00096 /******************************************************************
00097  *           Slot info functions
00098  ******************************************************************/
00099 PK11SlotInfo *PK11_FindSlotByName(const char *name);
00100 /******************************************************************
00101  * PK11_FindSlotsByNames searches for a PK11SlotInfo using one or
00102  * more criteria : dllName, slotName and tokenName . In addition, if
00103  * presentOnly is set , only slots with a token inserted will be
00104  * returned.
00105  ******************************************************************/
00106 PK11SlotList *PK11_FindSlotsByNames(const char *dllName,
00107         const char* slotName, const char* tokenName, PRBool presentOnly);
00108 PRBool PK11_IsReadOnly(PK11SlotInfo *slot);
00109 PRBool PK11_IsInternal(PK11SlotInfo *slot);
00110 char * PK11_GetTokenName(PK11SlotInfo *slot);
00111 char * PK11_GetSlotName(PK11SlotInfo *slot);
00112 PRBool PK11_NeedLogin(PK11SlotInfo *slot);
00113 PRBool PK11_IsFriendly(PK11SlotInfo *slot);
00114 PRBool PK11_IsHW(PK11SlotInfo *slot);
00115 PRBool PK11_NeedUserInit(PK11SlotInfo *slot);
00116 PRBool PK11_ProtectedAuthenticationPath(PK11SlotInfo *slot);
00117 int PK11_GetSlotSeries(PK11SlotInfo *slot);
00118 int PK11_GetCurrentWrapIndex(PK11SlotInfo *slot);
00119 unsigned long PK11_GetDefaultFlags(PK11SlotInfo *slot);
00120 CK_SLOT_ID PK11_GetSlotID(PK11SlotInfo *slot);
00121 SECMODModuleID PK11_GetModuleID(PK11SlotInfo *slot);
00122 SECStatus PK11_GetSlotInfo(PK11SlotInfo *slot, CK_SLOT_INFO *info);
00123 SECStatus PK11_GetTokenInfo(PK11SlotInfo *slot, CK_TOKEN_INFO *info);
00124 PRBool PK11_IsDisabled(PK11SlotInfo *slot);
00125 PRBool PK11_HasRootCerts(PK11SlotInfo *slot);
00126 PK11DisableReasons PK11_GetDisabledReason(PK11SlotInfo *slot);
00127 /* Prevents the slot from being used, and set disable reason to user-disable */
00128 /* NOTE: Mechanisms that were ON continue to stay ON */
00129 /*       Therefore, when the slot is enabled, it will remember */
00130 /*       what mechanisms needs to be turned on */
00131 PRBool PK11_UserDisableSlot(PK11SlotInfo *slot);
00132 /* Allow all mechanisms that are ON before UserDisableSlot() */
00133 /* was called to be available again */
00134 PRBool PK11_UserEnableSlot(PK11SlotInfo *slot);
00135 /*
00136  * wait for a specific slot event.
00137  * event is a specific event to wait for. Currently only 
00138  *    PK11TokenChangeOrRemovalEvent and PK11TokenPresentEvents are defined.
00139  * timeout can be an interval time to wait, PR_INTERVAL_NO_WAIT (meaning only
00140  * poll once), or PR_INTERVAL_NO_TIMEOUT (meaning block until a change).
00141  * pollInterval is a suggested pulling interval value. '0' means use the 
00142  *  default. Future implementations that don't poll may ignore this value.
00143  * series is the current series for the last slot. This should be the series 
00144  *  value for the slot the last time you read persistant information from the
00145  *  slot. For instance, if you publish a cert from the slot, you should obtain
00146  *  the slot series at that time. Then PK11_WaitForTokenEvent can detect a 
00147  *  a change in the slot between the time you publish and the time 
00148  *  PK11_WaitForTokenEvent is called, elliminating potential race conditions.
00149  *
00150  * The current status that is returned is:
00151  *   PK11TokenNotRemovable - always returned for any non-removable token.
00152  *   PK11TokenPresent - returned when the token is present and we are waiting
00153  *     on a PK11TokenPresentEvent. Then next event to look for is a 
00154  *     PK11TokenChangeOrRemovalEvent.
00155  *   PK11TokenChanged - returned when the old token has been removed and a new
00156  *     token ad been inserted, and we are waiting for a 
00157  *     PK11TokenChangeOrRemovalEvent. The next event to look for is another
00158  *     PK11TokenChangeOrRemovalEvent.
00159  *   PK11TokenRemoved - returned when the token is not present and we are 
00160  *     waiting for a PK11TokenChangeOrRemovalEvent. The next event to look for 
00161  *     is a PK11TokenPresentEvent.
00162  */
00163 PK11TokenStatus PK11_WaitForTokenEvent(PK11SlotInfo *slot, PK11TokenEvent event,
00164        PRIntervalTime timeout, PRIntervalTime pollInterval, int series);
00165 
00166 PRBool PK11_NeedPWInit(void);
00167 PRBool PK11_TokenExists(CK_MECHANISM_TYPE);
00168 SECStatus PK11_GetModInfo(SECMODModule *mod, CK_INFO *info);
00169 PRBool PK11_IsFIPS(void);
00170 SECMODModule *PK11_GetModule(PK11SlotInfo *slot);
00171 
00172 /*********************************************************************
00173  *            Slot mapping utility functions.
00174  *********************************************************************/
00175 PRBool PK11_IsPresent(PK11SlotInfo *slot);
00176 PRBool PK11_DoesMechanism(PK11SlotInfo *slot, CK_MECHANISM_TYPE type);
00177 PK11SlotList * PK11_GetAllTokens(CK_MECHANISM_TYPE type,PRBool needRW,
00178                                    PRBool loadCerts, void *wincx);
00179 PK11SlotInfo *PK11_GetBestSlotMultiple(CK_MECHANISM_TYPE *type, int count,
00180                                                  void *wincx);
00181 PK11SlotInfo *PK11_GetBestSlot(CK_MECHANISM_TYPE type, void *wincx);
00182 CK_MECHANISM_TYPE PK11_GetBestWrapMechanism(PK11SlotInfo *slot);
00183 int PK11_GetBestKeyLength(PK11SlotInfo *slot, CK_MECHANISM_TYPE type);
00184 /*
00185  * Open a new database using the softoken. The caller is responsible for making
00186  * sure the module spec is correct and usable. The caller should ask for one
00187  * new database per call if the caller wants to get meaningful information
00188  * about the new database.
00189  *
00190  * moduleSpec is the same data that you would pass to softoken at
00191  * initialization time under the 'tokens' options. For example, if you were
00192  * to specify tokens=<0x4=[configdir='./mybackup' tokenDescription='Backup']>
00193  * You would specify "configdir='./mybackup' tokenDescription='Backup'" as your
00194  * module spec here. The slot ID will be calculated for you by
00195  * SECMOD_OpenUserDB().
00196  *
00197  * Typical parameters here are configdir, tokenDescription and flags.
00198  *
00199  * a Full list is below:
00200  *
00201  *
00202  *  configDir - The location of the databases for this token. If configDir is
00203  *         not specified, and noCertDB and noKeyDB is not specified, the load
00204  *         will fail.
00205  *   certPrefix - Cert prefix for this token.
00206  *   keyPrefix - Prefix for the key database for this token. (if not specified,
00207  *         certPrefix will be used).
00208  *   tokenDescription - The label value for this token returned in the
00209  *         CK_TOKEN_INFO structure with an internationalize string (UTF8).
00210  *         This value will be truncated at 32 bytes (no NULL, partial UTF8
00211  *         characters dropped). You should specify a user friendly name here
00212  *         as this is the value the token will be refered to in most
00213  *         application UI's. You should make sure tokenDescription is unique.
00214  *   slotDescription - The slotDescription value for this token returned
00215  *         in the CK_SLOT_INFO structure with an internationalize string
00216  *         (UTF8). This value will be truncated at 64 bytes (no NULL, partial
00217  *         UTF8 characters dropped). This name will not change after the
00218  *         database is closed. It should have some number to make this unique.
00219  *   minPWLen - minimum password length for this token.
00220  *   flags - comma separated list of flag values, parsed case-insensitive.
00221  *         Valid flags are:
00222  *              readOnly - Databases should be opened read only.
00223  *              noCertDB - Don't try to open a certificate database.
00224  *              noKeyDB - Don't try to open a key database.
00225  *              forceOpen - Don't fail to initialize the token if the
00226  *                databases could not be opened.
00227  *              passwordRequired - zero length passwords are not acceptable
00228  *                (valid only if there is a keyDB).
00229  *              optimizeSpace - allocate smaller hash tables and lock tables.
00230  *                When this flag is not specified, Softoken will allocate
00231  *                large tables to prevent lock contention.
00232  */
00233 PK11SlotInfo *SECMOD_OpenUserDB(const char *moduleSpec);
00234 SECStatus SECMOD_CloseUserDB(PK11SlotInfo *slot);
00235 
00236 /*********************************************************************
00237  *       Mechanism Mapping functions
00238  *********************************************************************/
00239 CK_MECHANISM_TYPE PK11_GetKeyType(CK_MECHANISM_TYPE type,unsigned long len);
00240 CK_MECHANISM_TYPE PK11_GetKeyGen(CK_MECHANISM_TYPE type);
00241 int PK11_GetBlockSize(CK_MECHANISM_TYPE type,SECItem *params);
00242 int PK11_GetIVLength(CK_MECHANISM_TYPE type);
00243 SECItem *PK11_ParamFromIV(CK_MECHANISM_TYPE type,SECItem *iv);
00244 unsigned char *PK11_IVFromParam(CK_MECHANISM_TYPE type,SECItem *param,int *len);
00245 SECItem * PK11_BlockData(SECItem *data,unsigned long size);
00246 
00247 /* PKCS #11 to DER mapping functions */
00248 SECItem *PK11_ParamFromAlgid(SECAlgorithmID *algid);
00249 SECItem *PK11_GenerateNewParam(CK_MECHANISM_TYPE, PK11SymKey *);
00250 CK_MECHANISM_TYPE PK11_AlgtagToMechanism(SECOidTag algTag);
00251 SECOidTag PK11_MechanismToAlgtag(CK_MECHANISM_TYPE type);
00252 SECOidTag PK11_FortezzaMapSig(SECOidTag algTag);
00253 SECStatus PK11_ParamToAlgid(SECOidTag algtag, SECItem *param,
00254                                    PRArenaPool *arena, SECAlgorithmID *algid);
00255 SECStatus PK11_SeedRandom(PK11SlotInfo *,unsigned char *data,int len);
00256 SECStatus PK11_GenerateRandomOnSlot(PK11SlotInfo *,unsigned char *data,int len);
00257 SECStatus PK11_RandomUpdate(void *data, size_t bytes);
00258 SECStatus PK11_GenerateRandom(unsigned char *data,int len);
00259 CK_RV PK11_MapPBEMechanismToCryptoMechanism(CK_MECHANISM_PTR pPBEMechanism,
00260                                        CK_MECHANISM_PTR pCryptoMechanism,
00261                                        SECItem *pbe_pwd, PRBool bad3DES);
00262 CK_MECHANISM_TYPE PK11_GetPadMechanism(CK_MECHANISM_TYPE);
00263 CK_MECHANISM_TYPE PK11_MapSignKeyType(KeyType keyType);
00264 
00265 /**********************************************************************
00266  *                   Symetric, Public, and Private Keys 
00267  **********************************************************************/
00268 void PK11_FreeSymKey(PK11SymKey *key);
00269 PK11SymKey *PK11_ReferenceSymKey(PK11SymKey *symKey);
00270 PK11SymKey *PK11_ImportSymKey(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
00271     PK11Origin origin, CK_ATTRIBUTE_TYPE operation, SECItem *key, void *wincx);
00272 PK11SymKey *PK11_ImportSymKeyWithFlags(PK11SlotInfo *slot, 
00273     CK_MECHANISM_TYPE type, PK11Origin origin, CK_ATTRIBUTE_TYPE operation, 
00274     SECItem *key, CK_FLAGS flags, PRBool isPerm, void *wincx);
00275 PK11SymKey *PK11_SymKeyFromHandle(PK11SlotInfo *slot, PK11SymKey *parent,
00276     PK11Origin origin, CK_MECHANISM_TYPE type, CK_OBJECT_HANDLE keyID, 
00277     PRBool owner, void *wincx);
00278 PK11SymKey *PK11_GetWrapKey(PK11SlotInfo *slot, int wrap,
00279                            CK_MECHANISM_TYPE type,int series, void *wincx);
00280 /*
00281  * This function is not thread-safe.  It can only be called when only
00282  * one thread has a reference to wrapKey.
00283  */
00284 void PK11_SetWrapKey(PK11SlotInfo *slot, int wrap, PK11SymKey *wrapKey);
00285 CK_MECHANISM_TYPE PK11_GetMechanism(PK11SymKey *symKey);
00286 CK_OBJECT_HANDLE PK11_ImportPublicKey(PK11SlotInfo *slot, 
00287                             SECKEYPublicKey *pubKey, PRBool isToken);
00288 PK11SymKey *PK11_KeyGen(PK11SlotInfo *slot,CK_MECHANISM_TYPE type,
00289                             SECItem *param,      int keySize,void *wincx);
00290 PK11SymKey *PK11_TokenKeyGen(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
00291                             SECItem *param, int keySize, SECItem *keyid,
00292                             PRBool isToken, void *wincx);
00293 PK11SymKey *PK11_TokenKeyGenWithFlags(PK11SlotInfo *slot,
00294                             CK_MECHANISM_TYPE type, SECItem *param,
00295                             int keySize, SECItem *keyid, CK_FLAGS opFlags,
00296                             PK11AttrFlags attrFlags, void *wincx);
00297 PK11SymKey * PK11_ListFixedKeysInSlot(PK11SlotInfo *slot, char *nickname,
00298                                                         void *wincx);
00299 PK11SymKey *PK11_GetNextSymKey(PK11SymKey *symKey);
00300 CK_KEY_TYPE PK11_GetSymKeyType(PK11SymKey *key);
00301 
00302 /*
00303  * PK11_SetSymKeyUserData
00304  *   sets generic user data on keys (usually a pointer to a data structure)
00305  * that can later be retrieved by PK11_GetSymKeyUserData().
00306  *    symKey - key where data will be set.
00307  *    data - data to be set.
00308  *    freefunc - function used to free the data.
00309  * Setting user data on symKeys with existing user data already set will cause 
00310  * the existing user data to be freed before the new user data is set.
00311  * Freeing user data is done by calling the user specified freefunc. 
00312  * If freefunc is NULL, the user data is assumed to be global or static an 
00313  * not freed. Passing NULL for user data to PK11_SetSymKeyUserData has the 
00314  * effect of freeing any existing user data, and clearing the user data 
00315  * pointer. If user data exists when the symKey is finally freed, that 
00316  * data will be freed with freefunc.
00317  *
00318  * Applications should only use this function on keys which the application
00319  * has created directly, as there is only one user data value per key.
00320  */
00321 void PK11_SetSymKeyUserData(PK11SymKey *symKey, void *data, 
00322                                  PK11FreeDataFunc freefunc);
00323 /* PK11_GetSymKeyUserData 
00324  *   retrieves generic user data which was set on a key by 
00325  * PK11_SetSymKeyUserData.
00326  *    symKey - key with data to be fetched
00327  *
00328  * If no data exists, or the data has been cleared, PK11_GetSymKeyUserData
00329  * will return NULL. Returned data is still owned and managed by the SymKey,
00330  * the caller should not free the data.
00331  *
00332  */
00333 void *PK11_GetSymKeyUserData(PK11SymKey *symKey);
00334 
00335 SECStatus PK11_PubWrapSymKey(CK_MECHANISM_TYPE type, SECKEYPublicKey *pubKey,
00336                             PK11SymKey *symKey, SECItem *wrappedKey);
00337 SECStatus PK11_WrapSymKey(CK_MECHANISM_TYPE type, SECItem *params,
00338         PK11SymKey *wrappingKey, PK11SymKey *symKey, SECItem *wrappedKey);
00339 /* move a key to 'slot' optionally set the key attributes according to either
00340  * operation or the  flags and making the key permanent at the same time.
00341  * If the key is moved to the same slot, operation and flags values are 
00342  * currently ignored */
00343 PK11SymKey *PK11_MoveSymKey(PK11SlotInfo *slot, CK_ATTRIBUTE_TYPE operation, 
00344                      CK_FLAGS flags, PRBool  perm, PK11SymKey *symKey);
00345 /*
00346  * derive a new key from the base key.
00347  *  PK11_Derive returns a key which can do exactly one operation, and is
00348  * ephemeral (session key).
00349  *  PK11_DeriveWithFlags is the same as PK11_Derive, except you can use
00350  * CKF_ flags to enable more than one operation.
00351  *  PK11_DeriveWithFlagsPerm is the same as PK11_DeriveWithFlags except you can
00352  *  (optionally) make the key permanent (token key).
00353  */
00354 PK11SymKey *PK11_Derive(PK11SymKey *baseKey, CK_MECHANISM_TYPE mechanism,
00355                      SECItem *param, CK_MECHANISM_TYPE target, 
00356                       CK_ATTRIBUTE_TYPE operation, int keySize);
00357 PK11SymKey *PK11_DeriveWithFlags( PK11SymKey *baseKey, 
00358        CK_MECHANISM_TYPE derive, SECItem *param, CK_MECHANISM_TYPE target, 
00359        CK_ATTRIBUTE_TYPE operation, int keySize, CK_FLAGS flags);
00360 PK11SymKey * PK11_DeriveWithFlagsPerm( PK11SymKey *baseKey, 
00361        CK_MECHANISM_TYPE derive, 
00362        SECItem *param, CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, 
00363        int keySize, CK_FLAGS flags, PRBool isPerm);
00364 
00365 PK11SymKey *PK11_PubDerive( SECKEYPrivateKey *privKey, 
00366  SECKEYPublicKey *pubKey, PRBool isSender, SECItem *randomA, SECItem *randomB,
00367  CK_MECHANISM_TYPE derive, CK_MECHANISM_TYPE target,
00368                CK_ATTRIBUTE_TYPE operation, int keySize,void *wincx) ;
00369 PK11SymKey *PK11_PubDeriveWithKDF( SECKEYPrivateKey *privKey, 
00370  SECKEYPublicKey *pubKey, PRBool isSender, SECItem *randomA, SECItem *randomB,
00371  CK_MECHANISM_TYPE derive, CK_MECHANISM_TYPE target,
00372                CK_ATTRIBUTE_TYPE operation, int keySize,
00373                CK_ULONG kdf, SECItem *sharedData, void *wincx);
00374 
00375 /*
00376  * unwrap a new key with a symetric key.
00377  *  PK11_Unwrap returns a key which can do exactly one operation, and is
00378  * ephemeral (session key).
00379  *  PK11_UnwrapWithFlags is the same as PK11_Unwrap, except you can use
00380  * CKF_ flags to enable more than one operation.
00381  *  PK11_UnwrapWithFlagsPerm is the same as PK11_UnwrapWithFlags except you can
00382  *  (optionally) make the key permanent (token key).
00383  */
00384 PK11SymKey *PK11_UnwrapSymKey(PK11SymKey *key, 
00385        CK_MECHANISM_TYPE wraptype, SECItem *param, SECItem *wrapppedKey,  
00386        CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, int keySize);
00387 PK11SymKey *PK11_UnwrapSymKeyWithFlags(PK11SymKey *wrappingKey, 
00388        CK_MECHANISM_TYPE wrapType, SECItem *param, SECItem *wrappedKey, 
00389        CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, int keySize, 
00390        CK_FLAGS flags);
00391 PK11SymKey * PK11_UnwrapSymKeyWithFlagsPerm(PK11SymKey *wrappingKey, 
00392        CK_MECHANISM_TYPE wrapType,
00393         SECItem *param, SECItem *wrappedKey, 
00394        CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, 
00395         int keySize, CK_FLAGS flags, PRBool isPerm);
00396 
00397 /*
00398  * unwrap a new key with a private key.
00399  *  PK11_PubUnwrap returns a key which can do exactly one operation, and is
00400  * ephemeral (session key).
00401  *  PK11_PubUnwrapWithFlagsPerm is the same as PK11_PubUnwrap except you can 
00402  * use * CKF_ flags to enable more than one operation, and optionally make 
00403  * the key permanent (token key).
00404  */
00405 PK11SymKey *PK11_PubUnwrapSymKey(SECKEYPrivateKey *key, SECItem *wrapppedKey,
00406         CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, int keySize);
00407 PK11SymKey * PK11_PubUnwrapSymKeyWithFlagsPerm(SECKEYPrivateKey *wrappingKey, 
00408          SECItem *wrappedKey, CK_MECHANISM_TYPE target, 
00409          CK_ATTRIBUTE_TYPE operation, int keySize,
00410          CK_FLAGS flags, PRBool isPerm);
00411 PK11SymKey *PK11_FindFixedKey(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, 
00412                                           SECItem *keyID, void *wincx);
00413 SECStatus PK11_DeleteTokenPrivateKey(SECKEYPrivateKey *privKey,PRBool force);
00414 SECStatus PK11_DeleteTokenPublicKey(SECKEYPublicKey *pubKey);
00415 SECStatus PK11_DeleteTokenSymKey(PK11SymKey *symKey);
00416 SECStatus PK11_DeleteTokenCertAndKey(CERTCertificate *cert,void *wincx);
00417 SECKEYPrivateKey * PK11_LoadPrivKey(PK11SlotInfo *slot,
00418               SECKEYPrivateKey *privKey, SECKEYPublicKey *pubKey, 
00419                                    PRBool token, PRBool sensitive);
00420 char * PK11_GetSymKeyNickname(PK11SymKey *symKey);
00421 char * PK11_GetPrivateKeyNickname(SECKEYPrivateKey *privKey);
00422 char * PK11_GetPublicKeyNickname(SECKEYPublicKey *pubKey);
00423 SECStatus PK11_SetSymKeyNickname(PK11SymKey *symKey, const char *nickname);
00424 SECStatus PK11_SetPrivateKeyNickname(SECKEYPrivateKey *privKey, 
00425                                                  const char *nickname);
00426 SECStatus PK11_SetPublicKeyNickname(SECKEYPublicKey *pubKey, 
00427                                                  const char *nickname);
00428 
00429 /* size to hold key in bytes */
00430 unsigned int PK11_GetKeyLength(PK11SymKey *key);
00431 /* size of actual secret parts of key in bits */
00432 /* algid is because RC4 strength is determined by the effective bits as well
00433  * as the key bits */
00434 unsigned int PK11_GetKeyStrength(PK11SymKey *key,SECAlgorithmID *algid);
00435 SECStatus PK11_ExtractKeyValue(PK11SymKey *symKey);
00436 SECItem * PK11_GetKeyData(PK11SymKey *symKey);
00437 PK11SlotInfo * PK11_GetSlotFromKey(PK11SymKey *symKey);
00438 void *PK11_GetWindow(PK11SymKey *symKey);
00439 /*
00440  * The attrFlags is the logical OR of the PK11_ATTR_XXX bitflags.
00441  * These flags apply to the private key.  The PK11_ATTR_TOKEN,
00442  * PK11_ATTR_SESSION, PK11_ATTR_MODIFIABLE, and PK11_ATTR_UNMODIFIABLE
00443  * flags also apply to the public key.
00444  */
00445 SECKEYPrivateKey *PK11_GenerateKeyPairWithFlags(PK11SlotInfo *slot,
00446    CK_MECHANISM_TYPE type, void *param, SECKEYPublicKey **pubk,
00447                          PK11AttrFlags attrFlags, void *wincx);
00448 SECKEYPrivateKey *PK11_GenerateKeyPair(PK11SlotInfo *slot,
00449    CK_MECHANISM_TYPE type, void *param, SECKEYPublicKey **pubk,
00450                          PRBool isPerm, PRBool isSensitive, void *wincx);
00451 SECKEYPrivateKey * PK11_FindPrivateKeyFromCert(PK11SlotInfo *slot,
00452                                    CERTCertificate *cert, void *wincx);
00453 SECKEYPrivateKey * PK11_FindKeyByAnyCert(CERTCertificate *cert, void *wincx);
00454 SECKEYPrivateKey * PK11_FindKeyByKeyID(PK11SlotInfo *slot, SECItem *keyID,
00455                                    void *wincx);
00456 int PK11_GetPrivateModulusLen(SECKEYPrivateKey *key); 
00457 
00458 /* note: despite the name, this function takes a private key. */
00459 SECStatus PK11_PubDecryptRaw(SECKEYPrivateKey *key, unsigned char *data,
00460    unsigned *outLen, unsigned int maxLen, unsigned char *enc, unsigned encLen);
00461 #define PK11_PrivDecryptRaw PK11_PubDecryptRaw
00462 /* The encrypt function that complements the above decrypt function. */
00463 SECStatus PK11_PubEncryptRaw(SECKEYPublicKey *key, unsigned char *enc,
00464                 unsigned char *data, unsigned dataLen, void *wincx);
00465 
00466 SECStatus PK11_PrivDecryptPKCS1(SECKEYPrivateKey *key, unsigned char *data,
00467    unsigned *outLen, unsigned int maxLen, unsigned char *enc, unsigned encLen);
00468 /* The encrypt function that complements the above decrypt function. */
00469 SECStatus PK11_PubEncryptPKCS1(SECKEYPublicKey *key, unsigned char *enc,
00470                 unsigned char *data, unsigned dataLen, void *wincx);
00471 
00472 SECStatus PK11_ImportPrivateKeyInfo(PK11SlotInfo *slot, 
00473               SECKEYPrivateKeyInfo *pki, SECItem *nickname,
00474               SECItem *publicValue, PRBool isPerm, PRBool isPrivate,
00475               unsigned int usage, void *wincx);
00476 SECStatus PK11_ImportPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot, 
00477               SECKEYPrivateKeyInfo *pki, SECItem *nickname,
00478               SECItem *publicValue, PRBool isPerm, PRBool isPrivate,
00479               unsigned int usage, SECKEYPrivateKey** privk, void *wincx);
00480 SECStatus PK11_ImportDERPrivateKeyInfo(PK11SlotInfo *slot, 
00481               SECItem *derPKI, SECItem *nickname,
00482               SECItem *publicValue, PRBool isPerm, PRBool isPrivate,
00483               unsigned int usage, void *wincx);
00484 SECStatus PK11_ImportDERPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot, 
00485               SECItem *derPKI, SECItem *nickname,
00486               SECItem *publicValue, PRBool isPerm, PRBool isPrivate,
00487               unsigned int usage, SECKEYPrivateKey** privk, void *wincx);
00488 SECStatus PK11_ImportEncryptedPrivateKeyInfo(PK11SlotInfo *slot, 
00489               SECKEYEncryptedPrivateKeyInfo *epki, SECItem *pwitem, 
00490               SECItem *nickname, SECItem *publicValue, PRBool isPerm,
00491               PRBool isPrivate, KeyType type, 
00492               unsigned int usage, void *wincx);
00493 SECKEYPrivateKeyInfo *PK11_ExportPrivateKeyInfo(
00494               CERTCertificate *cert, void *wincx);
00495 SECKEYEncryptedPrivateKeyInfo *PK11_ExportEncryptedPrivKeyInfo(
00496               PK11SlotInfo *slot, SECOidTag algTag, SECItem *pwitem,
00497               SECKEYPrivateKey *pk, int iteration, void *wincx);
00498 SECKEYEncryptedPrivateKeyInfo *PK11_ExportEncryptedPrivateKeyInfo(
00499               PK11SlotInfo *slot, SECOidTag algTag, SECItem *pwitem,
00500               CERTCertificate *cert, int iteration, void *wincx);
00501 SECKEYPrivateKey *PK11_FindKeyByDERCert(PK11SlotInfo *slot, 
00502                                    CERTCertificate *cert, void *wincx);
00503 SECKEYPublicKey *PK11_MakeKEAPubKey(unsigned char *data, int length);
00504 SECStatus PK11_DigestKey(PK11Context *context, PK11SymKey *key);
00505 PRBool PK11_VerifyKeyOK(PK11SymKey *key);
00506 SECKEYPrivateKey *PK11_UnwrapPrivKey(PK11SlotInfo *slot, 
00507               PK11SymKey *wrappingKey, CK_MECHANISM_TYPE wrapType,
00508               SECItem *param, SECItem *wrappedKey, SECItem *label, 
00509               SECItem *publicValue, PRBool token, PRBool sensitive,
00510               CK_KEY_TYPE keyType, CK_ATTRIBUTE_TYPE *usage, int usageCount,
00511               void *wincx);
00512 SECStatus PK11_WrapPrivKey(PK11SlotInfo *slot, PK11SymKey *wrappingKey,
00513                         SECKEYPrivateKey *privKey, CK_MECHANISM_TYPE wrapType,
00514                         SECItem *param, SECItem *wrappedKey, void *wincx);
00515 SECItem* PK11_DEREncodePublicKey(SECKEYPublicKey *pubk);
00516 PK11SymKey* PK11_CopySymKeyForSigning(PK11SymKey *originalKey,
00517        CK_MECHANISM_TYPE mech);
00518 SECKEYPrivateKeyList* PK11_ListPrivKeysInSlot(PK11SlotInfo *slot,
00519                                            char *nickname, void *wincx);
00520 SECKEYPublicKeyList* PK11_ListPublicKeysInSlot(PK11SlotInfo *slot,
00521                                                  char *nickname);
00522 SECKEYPQGParams *PK11_GetPQGParamsFromPrivateKey(SECKEYPrivateKey *privKey);
00523 /* depricated */
00524 SECKEYPrivateKeyList* PK11_ListPrivateKeysInSlot(PK11SlotInfo *slot);
00525 
00526 PK11SymKey *PK11_ConvertSessionSymKeyToTokenSymKey(PK11SymKey *symk,
00527        void *wincx);
00528 SECKEYPrivateKey *PK11_ConvertSessionPrivKeyToTokenPrivKey(
00529        SECKEYPrivateKey *privk, void* wincx);
00530 SECKEYPrivateKey * PK11_CopyTokenPrivKeyToSessionPrivKey(PK11SlotInfo *destSlot,
00531                                   SECKEYPrivateKey *privKey);
00532 
00533 /**********************************************************************
00534  *                   Certs
00535  **********************************************************************/
00536 SECItem *PK11_MakeIDFromPubKey(SECItem *pubKeyData);
00537 SECStatus PK11_TraverseSlotCerts(
00538      SECStatus(* callback)(CERTCertificate*,SECItem *,void *),
00539                                                 void *arg, void *wincx);
00540 CERTCertificate * PK11_FindCertFromNickname(char *nickname, void *wincx);
00541 CERTCertList * PK11_FindCertsFromNickname(char *nickname, void *wincx);
00542 CERTCertificate *PK11_GetCertFromPrivateKey(SECKEYPrivateKey *privKey);
00543 SECStatus PK11_ImportCert(PK11SlotInfo *slot, CERTCertificate *cert,
00544                 CK_OBJECT_HANDLE key, char *nickname, PRBool includeTrust);
00545 SECStatus PK11_ImportDERCert(PK11SlotInfo *slot, SECItem *derCert,
00546                 CK_OBJECT_HANDLE key, char *nickname, PRBool includeTrust);
00547 PK11SlotInfo *PK11_ImportCertForKey(CERTCertificate *cert, char *nickname,
00548                                                         void *wincx);
00549 PK11SlotInfo *PK11_ImportDERCertForKey(SECItem *derCert, char *nickname,
00550                                                         void *wincx);
00551 PK11SlotInfo *PK11_KeyForCertExists(CERTCertificate *cert,
00552                                    CK_OBJECT_HANDLE *keyPtr, void *wincx);
00553 PK11SlotInfo *PK11_KeyForDERCertExists(SECItem *derCert,
00554                                    CK_OBJECT_HANDLE *keyPtr, void *wincx);
00555 CERTCertificate * PK11_FindCertByIssuerAndSN(PK11SlotInfo **slot,
00556                                    CERTIssuerAndSN *sn, void *wincx);
00557 CERTCertificate * PK11_FindCertAndKeyByRecipientList(PK11SlotInfo **slot,
00558        SEC_PKCS7RecipientInfo **array, SEC_PKCS7RecipientInfo **rip,
00559                             SECKEYPrivateKey**privKey, void *wincx);
00560 int PK11_FindCertAndKeyByRecipientListNew(NSSCMSRecipient **recipientlist,
00561                             void *wincx);
00562 SECStatus PK11_TraverseCertsForSubjectInSlot(CERTCertificate *cert,
00563        PK11SlotInfo *slot, SECStatus(*callback)(CERTCertificate *, void *),
00564        void *arg);
00565 CERTCertificate *PK11_FindCertFromDERCert(PK11SlotInfo *slot, 
00566                                      CERTCertificate *cert, void *wincx);
00567 SECStatus PK11_ImportCertForKeyToSlot(PK11SlotInfo *slot, CERTCertificate *cert,
00568                                    char *nickname, PRBool addUsage,
00569                                    void *wincx);
00570 CERTCertificate *PK11_FindBestKEAMatch(CERTCertificate *serverCert,void *wincx);
00571 PRBool PK11_FortezzaHasKEA(CERTCertificate *cert);
00572 CK_OBJECT_HANDLE PK11_FindCertInSlot(PK11SlotInfo *slot, CERTCertificate *cert,
00573                                  void *wincx);
00574 SECStatus PK11_TraverseCertsForNicknameInSlot(SECItem *nickname,
00575        PK11SlotInfo *slot, SECStatus(*callback)(CERTCertificate *, void *),
00576        void *arg);
00577 CERTCertList * PK11_ListCerts(PK11CertListType type, void *pwarg);
00578 CERTCertList * PK11_ListCertsInSlot(PK11SlotInfo *slot);
00579 CERTSignedCrl* PK11_ImportCRL(PK11SlotInfo * slot, SECItem *derCRL, char *url,
00580     int type, void *wincx, PRInt32 importOptions, PRArenaPool* arena, PRInt32 decodeOptions);
00581 
00582 /**********************************************************************
00583  *                   Sign/Verify 
00584  **********************************************************************/
00585 
00586 /*
00587  * Return the length in bytes of a signature generated with the
00588  * private key.
00589  *
00590  * Return 0 or -1 on failure.  (XXX Should we fix it to always return
00591  * -1 on failure?)
00592  */
00593 int PK11_SignatureLen(SECKEYPrivateKey *key);
00594 PK11SlotInfo * PK11_GetSlotFromPrivateKey(SECKEYPrivateKey *key);
00595 SECStatus PK11_Sign(SECKEYPrivateKey *key, SECItem *sig, SECItem *hash);
00596 SECStatus PK11_VerifyRecover(SECKEYPublicKey *key, SECItem *sig,
00597                                            SECItem *dsig, void * wincx);
00598 SECStatus PK11_Verify(SECKEYPublicKey *key, SECItem *sig, 
00599                                           SECItem *hash, void *wincx);
00600 
00601 
00602 
00603 /**********************************************************************
00604  *                   Crypto Contexts
00605  **********************************************************************/
00606 void PK11_DestroyContext(PK11Context *context, PRBool freeit);
00607 PK11Context *PK11_CreateContextBySymKey(CK_MECHANISM_TYPE type,
00608        CK_ATTRIBUTE_TYPE operation, PK11SymKey *symKey, SECItem *param);
00609 PK11Context *PK11_CreateDigestContext(SECOidTag hashAlg);
00610 PK11Context *PK11_CloneContext(PK11Context *old);
00611 SECStatus PK11_DigestBegin(PK11Context *cx);
00612 /*
00613  * The output buffer 'out' must be big enough to hold the output of
00614  * the hash algorithm 'hashAlg'.
00615  */
00616 SECStatus PK11_HashBuf(SECOidTag hashAlg, unsigned char *out, unsigned char *in,
00617                                    int32 len);
00618 SECStatus PK11_DigestOp(PK11Context *context, const unsigned char *in, 
00619                         unsigned len);
00620 SECStatus PK11_CipherOp(PK11Context *context, unsigned char * out, int *outlen, 
00621                             int maxout, unsigned char *in, int inlen);
00622 SECStatus PK11_Finalize(PK11Context *context);
00623 SECStatus PK11_DigestFinal(PK11Context *context, unsigned char *data, 
00624                             unsigned int *outLen, unsigned int length);
00625 SECStatus PK11_SaveContext(PK11Context *cx,unsigned char *save,
00626                                           int *len, int saveLength);
00627 
00628 /* Save the context's state, with possible allocation.
00629  * The caller may supply an already allocated buffer in preAllocBuf,
00630  * with length pabLen.  If the buffer is large enough for the context's
00631  * state, it will receive the state.
00632  * If the buffer is not large enough (or NULL), then a new buffer will
00633  * be allocated with PORT_Alloc.
00634  * In either case, the state will be returned as a buffer, and the length
00635  * of the state will be given in *stateLen.
00636  */
00637 unsigned char *
00638 PK11_SaveContextAlloc(PK11Context *cx,
00639                       unsigned char *preAllocBuf, unsigned int pabLen,
00640                       unsigned int *stateLen);
00641 
00642 SECStatus PK11_RestoreContext(PK11Context *cx,unsigned char *save,int len);
00643 SECStatus PK11_GenerateFortezzaIV(PK11SymKey *symKey,unsigned char *iv,int len);
00644 void PK11_SetFortezzaHack(PK11SymKey *symKey) ;
00645 
00646 
00647 /**********************************************************************
00648  *                   PBE functions 
00649  **********************************************************************/
00650 
00651 /* This function creates PBE parameters from the given inputs.  The result
00652  * can be used to create a password integrity key for PKCS#12, by sending
00653  * the return value to PK11_KeyGen along with the appropriate mechanism.
00654  */
00655 SECItem * 
00656 PK11_CreatePBEParams(SECItem *salt, SECItem *pwd, unsigned int iterations);
00657 
00658 /* free params created above (can be called after keygen is done */
00659 void PK11_DestroyPBEParams(SECItem *params);
00660 
00661 SECAlgorithmID *
00662 PK11_CreatePBEAlgorithmID(SECOidTag algorithm, int iteration, SECItem *salt);
00663 PK11SymKey *
00664 PK11_PBEKeyGen(PK11SlotInfo *slot, SECAlgorithmID *algid,  SECItem *pwitem,
00665               PRBool faulty3DES, void *wincx);
00666 PK11SymKey *
00667 PK11_RawPBEKeyGen(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, SECItem *params,
00668               SECItem *pwitem, PRBool faulty3DES, void *wincx);
00669 SECItem *
00670 PK11_GetPBEIV(SECAlgorithmID *algid, SECItem *pwitem);
00671 
00672 /**********************************************************************
00673  * Functions to manage secmod flags
00674  **********************************************************************/
00675 PK11DefaultArrayEntry * PK11_GetDefaultArray(int *);
00676 SECStatus PK11_UpdateSlotAttribute(PK11SlotInfo *, PK11DefaultArrayEntry *,
00677                                                  PRBool );
00678 
00679 /**********************************************************************
00680  * Functions to look at PKCS #11 dependent data
00681  **********************************************************************/
00682 PK11GenericObject *PK11_FindGenericObjects(PK11SlotInfo *slot, 
00683                                           CK_OBJECT_CLASS objClass);
00684 PK11GenericObject *PK11_GetNextGenericObject(PK11GenericObject *object);
00685 PK11GenericObject *PK11_GetPrevGenericObject(PK11GenericObject *object);
00686 SECStatus PK11_UnlinkGenericObject(PK11GenericObject *object);
00687 SECStatus PK11_LinkGenericObject(PK11GenericObject *list,
00688                              PK11GenericObject *object);
00689 SECStatus PK11_DestroyGenericObjects(PK11GenericObject *object);
00690 SECStatus PK11_DestroyGenericObject(PK11GenericObject *object);
00691 SECStatus PK11_ReadRawAttribute(PK11ObjectType type, void *object, 
00692                             CK_ATTRIBUTE_TYPE attr, SECItem *item);
00693 
00694 
00695 /**********************************************************************
00696  * New fucntions which are already depricated....
00697  **********************************************************************/
00698 SECItem *
00699 PK11_GetLowLevelKeyIDForCert(PK11SlotInfo *slot,
00700                                    CERTCertificate *cert, void *pwarg);
00701 SECItem *
00702 PK11_GetLowLevelKeyIDForPrivateKey(SECKEYPrivateKey *key);
00703 
00704 PRBool SECMOD_HasRootCerts(void);
00705 
00706 SEC_END_PROTOS
00707 
00708 #endif