Back to index

lightning-sunbird  0.9+nobinonly
lowkeyi.h
Go to the documentation of this file.
00001 /* ***** BEGIN LICENSE BLOCK *****
00002  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
00003  *
00004  * The contents of this file are subject to the Mozilla Public License Version
00005  * 1.1 (the "License"); you may not use this file except in compliance with
00006  * the License. You may obtain a copy of the License at
00007  * http://www.mozilla.org/MPL/
00008  *
00009  * Software distributed under the License is distributed on an "AS IS" basis,
00010  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
00011  * for the specific language governing rights and limitations under the
00012  * License.
00013  *
00014  * The Original Code is the Netscape security libraries.
00015  *
00016  * The Initial Developer of the Original Code is
00017  * Netscape Communications Corporation.
00018  * Portions created by the Initial Developer are Copyright (C) 1994-2000
00019  * the Initial Developer. All Rights Reserved.
00020  *
00021  * Contributor(s):
00022  *   Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories
00023  *
00024  * Alternatively, the contents of this file may be used under the terms of
00025  * either the GNU General Public License Version 2 or later (the "GPL"), or
00026  * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
00027  * in which case the provisions of the GPL or the LGPL are applicable instead
00028  * of those above. If you wish to allow use of your version of this file only
00029  * under the terms of either the GPL or the LGPL, and not to allow others to
00030  * use your version of this file under the terms of the MPL, indicate your
00031  * decision by deleting the provisions above and replace them with the notice
00032  * and other provisions required by the GPL or the LGPL. If you do not delete
00033  * the provisions above, a recipient may use your version of this file under
00034  * the terms of any one of the MPL, the GPL or the LGPL.
00035  *
00036  * ***** END LICENSE BLOCK ***** */
00037 /* $Id: lowkeyi.h,v 1.10 2004/04/27 23:04:38 gerv%gerv.net Exp $ */
00038 
00039 #ifndef _LOWKEYI_H_
00040 #define _LOWKEYI_H_
00041 
00042 #include "prtypes.h"
00043 #include "seccomon.h"
00044 #include "secoidt.h"
00045 #include "pcertt.h"
00046 #include "lowkeyti.h"
00047 
00048 SEC_BEGIN_PROTOS
00049 
00050 /*
00051  * See bugzilla bug 125359
00052  * Since NSS (via PKCS#11) wants to handle big integers as unsigned ints,
00053  * all of the templates above that en/decode into integers must be converted
00054  * from ASN.1's signed integer type.  This is done by marking either the
00055  * source or destination (encoding or decoding, respectively) type as
00056  * siUnsignedInteger.
00057  */
00058 extern void prepare_low_rsa_priv_key_for_asn1(NSSLOWKEYPrivateKey *key);
00059 extern void prepare_low_pqg_params_for_asn1(PQGParams *params);
00060 extern void prepare_low_dsa_priv_key_for_asn1(NSSLOWKEYPrivateKey *key);
00061 extern void prepare_low_dsa_priv_key_export_for_asn1(NSSLOWKEYPrivateKey *key);
00062 extern void prepare_low_dh_priv_key_for_asn1(NSSLOWKEYPrivateKey *key);
00063 #ifdef NSS_ENABLE_ECC
00064 extern void prepare_low_ec_priv_key_for_asn1(NSSLOWKEYPrivateKey *key);
00065 extern void prepare_low_ecparams_for_asn1(ECParams *params);
00066 #endif /* NSS_ENABLE_ECC */
00067 
00068 typedef char * (* NSSLOWKEYDBNameFunc)(void *arg, int dbVersion);
00069     
00070 /*
00071 ** Open a key database.
00072 */
00073 extern NSSLOWKEYDBHandle *nsslowkey_OpenKeyDB(PRBool readOnly,
00074                                       const char *domain,
00075                                       const char *prefix,
00076                                       NSSLOWKEYDBNameFunc namecb,
00077                                       void *cbarg);
00078 
00079 
00080 /*
00081  * Clear out all the keys in the existing database
00082  */
00083 extern SECStatus nsslowkey_ResetKeyDB(NSSLOWKEYDBHandle *handle);
00084 
00085 /*
00086 ** Close the specified key database.
00087 */
00088 extern void nsslowkey_CloseKeyDB(NSSLOWKEYDBHandle *handle);
00089 
00090 /*
00091  * Get the version number of the database
00092  */
00093 extern int nsslowkey_GetKeyDBVersion(NSSLOWKEYDBHandle *handle);
00094 
00095 /*
00096 ** Support a default key database.
00097 */
00098 extern void nsslowkey_SetDefaultKeyDB(NSSLOWKEYDBHandle *handle);
00099 extern NSSLOWKEYDBHandle *nsslowkey_GetDefaultKeyDB(void);
00100 
00101 /* set the alg id of the key encryption algorithm */
00102 extern void nsslowkey_SetDefaultKeyDBAlg(SECOidTag alg);
00103 
00104 /*
00105  * given a password and salt, produce a hash of the password
00106  */
00107 extern SECItem *nsslowkey_HashPassword(char *pw, SECItem *salt);
00108 
00109 /*
00110  * Derive the actual password value for a key database from the
00111  * password string value.  The derivation uses global salt value
00112  * stored in the key database.
00113  */
00114 extern SECItem *
00115 nsslowkey_DeriveKeyDBPassword(NSSLOWKEYDBHandle *handle, char *pw);
00116 
00117 /*
00118 ** Delete a key from the database
00119 */
00120 extern SECStatus nsslowkey_DeleteKey(NSSLOWKEYDBHandle *handle, 
00121                               SECItem *pubkey);
00122 
00123 /*
00124 ** Store a key in the database, indexed by its public key modulus.
00125 **     "pk" is the private key to store
00126 **     "f" is a the callback function for getting the password
00127 **     "arg" is the argument for the callback
00128 */
00129 extern SECStatus nsslowkey_StoreKeyByPublicKey(NSSLOWKEYDBHandle *handle, 
00130                                        NSSLOWKEYPrivateKey *pk,
00131                                        SECItem *pubKeyData,
00132                                        char *nickname,
00133                                        SECItem *arg);
00134 
00135 /* does the key for this cert exist in the database filed by modulus */
00136 extern PRBool nsslowkey_KeyForCertExists(NSSLOWKEYDBHandle *handle,
00137                                     NSSLOWCERTCertificate *cert);
00138 /* does a key with this ID already exist? */
00139 extern PRBool nsslowkey_KeyForIDExists(NSSLOWKEYDBHandle *handle, SECItem *id);
00140 
00141 
00142 extern SECStatus nsslowkey_HasKeyDBPassword(NSSLOWKEYDBHandle *handle);
00143 extern SECStatus nsslowkey_SetKeyDBPassword(NSSLOWKEYDBHandle *handle,
00144                                  SECItem *pwitem);
00145 extern SECStatus nsslowkey_CheckKeyDBPassword(NSSLOWKEYDBHandle *handle,
00146                                       SECItem *pwitem);
00147 extern SECStatus nsslowkey_ChangeKeyDBPassword(NSSLOWKEYDBHandle *handle,
00148                                        SECItem *oldpwitem,
00149                                        SECItem *newpwitem);
00150 
00151 /*
00152 ** Destroy a private key object.
00153 **     "key" the object
00154 **     "freeit" if PR_TRUE then free the object as well as its sub-objects
00155 */
00156 extern void nsslowkey_DestroyPrivateKey(NSSLOWKEYPrivateKey *key);
00157 
00158 /*
00159 ** Destroy a public key object.
00160 **     "key" the object
00161 **     "freeit" if PR_TRUE then free the object as well as its sub-objects
00162 */
00163 extern void nsslowkey_DestroyPublicKey(NSSLOWKEYPublicKey *key);
00164 
00165 /*
00166 ** Return the modulus length of "pubKey".
00167 */
00168 extern unsigned int nsslowkey_PublicModulusLen(NSSLOWKEYPublicKey *pubKey);
00169 
00170 
00171 /*
00172 ** Return the modulus length of "privKey".
00173 */
00174 extern unsigned int nsslowkey_PrivateModulusLen(NSSLOWKEYPrivateKey *privKey);
00175 
00176 
00177 /*
00178 ** Convert a low private key "privateKey" into a public low key
00179 */
00180 extern NSSLOWKEYPublicKey 
00181               *nsslowkey_ConvertToPublicKey(NSSLOWKEYPrivateKey *privateKey);
00182 
00183 /*
00184  * Set the Key Database password.
00185  *   handle is a handle to the key database
00186  *   pwitem is the new password
00187  *   algorithm is the algorithm by which the key database 
00188  *     password is to be encrypted.
00189  * On failure, SECFailure is returned, otherwise SECSuccess is 
00190  * returned.
00191  */
00192 extern SECStatus 
00193 nsslowkey_SetKeyDBPasswordAlg(NSSLOWKEYDBHandle *handle,
00194                      SECItem *pwitem, 
00195                      SECOidTag algorithm);
00196 
00197 /* Check the key database password.
00198  *   handle is a handle to the key database
00199  *   pwitem is the suspect password
00200  *   algorithm is the algorithm by which the key database 
00201  *     password is to be encrypted.
00202  * The password is checked against plaintext to see if it is the
00203  * actual password.  If it is not, SECFailure is returned.
00204  */
00205 extern SECStatus 
00206 nsslowkey_CheckKeyDBPasswordAlg(NSSLOWKEYDBHandle *handle,
00207                             SECItem *pwitem, 
00208                             SECOidTag algorithm);
00209 
00210 /* Change the key database password and/or algorithm by which
00211  * the password is stored with.  
00212  *   handle is a handle to the key database
00213  *   old_pwitem is the current password
00214  *   new_pwitem is the new password
00215  *   old_algorithm is the algorithm by which the key database 
00216  *     password is currently encrypted.
00217  *   new_algorithm is the algorithm with which the new password
00218  *      is to be encrypted.
00219  * A return of anything but SECSuccess indicates failure.
00220  */
00221 extern SECStatus 
00222 nsslowkey_ChangeKeyDBPasswordAlg(NSSLOWKEYDBHandle *handle,
00223                            SECItem *oldpwitem, SECItem *newpwitem,
00224                            SECOidTag old_algorithm);
00225 
00226 SECStatus
00227 nsslowkey_UpdateNickname(NSSLOWKEYDBHandle *handle,
00228                            NSSLOWKEYPrivateKey *privkey,
00229                            SECItem *pubKeyData,
00230                            char *nickname,
00231                            SECItem *arg);
00232 
00233 /* Store key by modulus and specify an encryption algorithm to use.
00234  *   handle is the pointer to the key database,
00235  *   privkey is the private key to be stored,
00236  *   f and arg are the function and arguments to the callback
00237  *       to get a password,
00238  *   algorithm is the algorithm which the privKey is to be stored.
00239  * A return of anything but SECSuccess indicates failure.
00240  */
00241 extern SECStatus 
00242 nsslowkey_StoreKeyByPublicKeyAlg(NSSLOWKEYDBHandle *handle, 
00243                            NSSLOWKEYPrivateKey *privkey, 
00244                            SECItem *pubKeyData,
00245                            char *nickname,
00246                            SECItem *arg,
00247                            SECOidTag algorithm,
00248                               PRBool update); 
00249 
00250 /* Find key by modulus.  This function is the inverse of store key
00251  * by modulus.  An attempt to locate the key with "modulus" is 
00252  * performed.  If the key is found, the private key is returned,
00253  * else NULL is returned.
00254  *   modulus is the modulus to locate
00255  */
00256 extern NSSLOWKEYPrivateKey *
00257 nsslowkey_FindKeyByPublicKey(NSSLOWKEYDBHandle *handle, SECItem *modulus, 
00258                        SECItem *arg);
00259 
00260 extern char *
00261 nsslowkey_FindKeyNicknameByPublicKey(NSSLOWKEYDBHandle *handle,
00262                                         SECItem *modulus, SECItem *pwitem);
00263 
00264 
00265 /* Make a copy of a low private key in it's own arena.
00266  * a return of NULL indicates an error.
00267  */
00268 extern NSSLOWKEYPrivateKey *
00269 nsslowkey_CopyPrivateKey(NSSLOWKEYPrivateKey *privKey);
00270 
00271 
00272 SEC_END_PROTOS
00273 
00274 #endif /* _LOWKEYI_H_ */