Back to index

lightning-sunbird  0.9+nobinonly
softoken.h
Go to the documentation of this file.
00001 /*
00002  * softoken.h - private data structures and prototypes for the softoken lib
00003  *
00004  * ***** BEGIN LICENSE BLOCK *****
00005  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
00006  *
00007  * The contents of this file are subject to the Mozilla Public License Version
00008  * 1.1 (the "License"); you may not use this file except in compliance with
00009  * the License. You may obtain a copy of the License at
00010  * http://www.mozilla.org/MPL/
00011  *
00012  * Software distributed under the License is distributed on an "AS IS" basis,
00013  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
00014  * for the specific language governing rights and limitations under the
00015  * License.
00016  *
00017  * The Original Code is the Netscape security libraries.
00018  *
00019  * The Initial Developer of the Original Code is
00020  * Netscape Communications Corporation.
00021  * Portions created by the Initial Developer are Copyright (C) 1994-2000
00022  * the Initial Developer. All Rights Reserved.
00023  *
00024  * Contributor(s):
00025  *
00026  * Alternatively, the contents of this file may be used under the terms of
00027  * either the GNU General Public License Version 2 or later (the "GPL"), or
00028  * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
00029  * in which case the provisions of the GPL or the LGPL are applicable instead
00030  * of those above. If you wish to allow use of your version of this file only
00031  * under the terms of either the GPL or the LGPL, and not to allow others to
00032  * use your version of this file under the terms of the MPL, indicate your
00033  * decision by deleting the provisions above and replace them with the notice
00034  * and other provisions required by the GPL or the LGPL. If you do not delete
00035  * the provisions above, a recipient may use your version of this file under
00036  * the terms of any one of the MPL, the GPL or the LGPL.
00037  *
00038  * ***** END LICENSE BLOCK ***** */
00039 /* $Id: softoken.h,v 1.7.30.5 2006/10/02 22:58:51 wtchang%redhat.com Exp $ */
00040 
00041 #ifndef _SOFTOKEN_H_
00042 #define _SOFTOKEN_H_
00043 
00044 #include "blapi.h"
00045 #include "lowkeyti.h"
00046 #include "softoknt.h"
00047 #include "secoidt.h"
00048 
00049 #include "pkcs11t.h"     /* CK_RV Required for sftk_fipsPowerUpSelfTest(). */
00050 
00051 SEC_BEGIN_PROTOS
00052 
00053 /*
00054 ** RSA encryption/decryption. When encrypting/decrypting the output
00055 ** buffer must be at least the size of the public key modulus.
00056 */
00057 
00058 /*
00059 ** Format some data into a PKCS#1 encryption block, preparing the
00060 ** data for RSA encryption.
00061 **     "result" where the formatted block is stored (memory is allocated)
00062 **     "modulusLen" the size of the formatted block
00063 **     "blockType" what block type to use (SEC_RSABlock*)
00064 **     "data" the data to format
00065 */
00066 extern SECStatus RSA_FormatBlock(SECItem *result,
00067                              unsigned int modulusLen,
00068                              RSA_BlockType blockType,
00069                              SECItem *data);
00070 /*
00071 ** Similar, but just returns a pointer to the allocated memory, *and*
00072 ** will *only* format one block, even if we (in the future) modify
00073 ** RSA_FormatBlock() to loop over multiples of modulusLen.
00074 */
00075 extern unsigned char *RSA_FormatOneBlock(unsigned int modulusLen,
00076                                     RSA_BlockType blockType,
00077                                     SECItem *data);
00078 
00079 
00080 
00081 /*
00082  * convenience wrappers for doing single RSA operations. They create the
00083  * RSA context internally and take care of the formatting
00084  * requirements. Blinding happens automagically within RSA_Sign and
00085  * RSA_DecryptBlock.
00086  */
00087 extern
00088 SECStatus RSA_Sign(NSSLOWKEYPrivateKey *key, unsigned char *output,
00089                      unsigned int *outputLen, unsigned int maxOutputLen,
00090                      unsigned char *input, unsigned int inputLen);
00091 extern
00092 SECStatus RSA_HashSign(SECOidTag hashOid,
00093                      NSSLOWKEYPrivateKey *key, unsigned char *sig,
00094                      unsigned int *sigLen, unsigned int maxLen,
00095                      unsigned char *hash, unsigned int hashLen);
00096 extern
00097 SECStatus RSA_CheckSign(NSSLOWKEYPublicKey *key, unsigned char *sign,
00098                          unsigned int signLength, unsigned char *hash,
00099                          unsigned int hashLength);
00100 extern
00101 SECStatus RSA_HashCheckSign(SECOidTag hashOid,
00102                          NSSLOWKEYPublicKey *key, unsigned char *sig,
00103                          unsigned int sigLen, unsigned char *digest,
00104                          unsigned int digestLen);
00105 extern
00106 SECStatus RSA_CheckSignRecover(NSSLOWKEYPublicKey *key, unsigned char *data,
00107                          unsigned int *data_len,unsigned int max_output_len, 
00108                          unsigned char *sign, unsigned int sign_len);
00109 extern
00110 SECStatus RSA_EncryptBlock(NSSLOWKEYPublicKey *key, unsigned char *output,
00111                         unsigned int *outputLen, unsigned int maxOutputLen,
00112                         unsigned char *input, unsigned int inputLen);
00113 extern
00114 SECStatus RSA_DecryptBlock(NSSLOWKEYPrivateKey *key, unsigned char *output,
00115                         unsigned int *outputLen, unsigned int maxOutputLen,
00116                         unsigned char *input, unsigned int inputLen);
00117 
00118 /*
00119  * added to make pkcs #11 happy
00120  *   RAW is RSA_X_509
00121  */
00122 extern
00123 SECStatus RSA_SignRaw( NSSLOWKEYPrivateKey *key, unsigned char *output,
00124                       unsigned int *output_len, unsigned int maxOutputLen,
00125                       unsigned char *input, unsigned int input_len);
00126 extern
00127 SECStatus RSA_CheckSignRaw( NSSLOWKEYPublicKey *key, unsigned char *sign, 
00128                          unsigned int sign_len, unsigned char *hash, 
00129                          unsigned int hash_len);
00130 extern
00131 SECStatus RSA_CheckSignRecoverRaw( NSSLOWKEYPublicKey *key, unsigned char *data,
00132                          unsigned int *data_len, unsigned int max_output_len,
00133                          unsigned char *sign, unsigned int sign_len);
00134 extern
00135 SECStatus RSA_EncryptRaw( NSSLOWKEYPublicKey *key, unsigned char *output,
00136                          unsigned int *output_len,
00137                          unsigned int max_output_len, 
00138                          unsigned char *input, unsigned int input_len);
00139 extern
00140 SECStatus RSA_DecryptRaw(NSSLOWKEYPrivateKey *key, unsigned char *output,
00141                           unsigned int *output_len,
00142                           unsigned int max_output_len,
00143                           unsigned char *input, unsigned int input_len);
00144 #ifdef NSS_ENABLE_ECC
00145 /*
00146 ** pepare an ECParam structure from DEREncoded params
00147  */
00148 extern SECStatus EC_FillParams(PRArenaPool *arena,
00149                                const SECItem *encodedParams, ECParams *params);
00150 #endif
00151 
00152 
00153 /*
00154 ** Prepare a buffer for DES encryption, growing to the appropriate boundary,
00155 ** filling with the appropriate padding.
00156 ** We add from 1 to DES_KEY_LENGTH bytes -- we *always* grow.
00157 ** The extra bytes contain the value of the length of the padding:
00158 ** if we have 2 bytes of padding, then the padding is "0x02, 0x02".
00159 **
00160 ** NOTE: If arena is non-NULL, we re-allocate from there, otherwise
00161 ** we assume (and use) PR memory (re)allocation.
00162 ** Maybe this belongs in util?
00163 */
00164 extern unsigned char * DES_PadBuffer(PRArenaPool *arena, unsigned char *inbuf, 
00165                                      unsigned int inlen, unsigned int *outlen);
00166 
00167 
00168 /****************************************/
00169 /*
00170 ** Power-Up selftests required for FIPS and invoked only
00171 ** under PKCS #11 FIPS mode.
00172 */
00173 extern CK_RV sftk_fipsPowerUpSelfTest( void ); 
00174 
00175 /*
00176 ** make known fixed PKCS #11 key types to their sizes in bytes
00177 */     
00178 unsigned long sftk_MapKeySize(CK_KEY_TYPE keyType);
00179 
00180 /*
00181 ** FIPS 140-2 auditing
00182 */
00183 extern PRBool sftk_audit_enabled;
00184 
00185 extern void sftk_LogAuditMessage(NSSAuditSeverity severity, const char *msg);
00186 
00187 extern void sftk_AuditCreateObject(CK_SESSION_HANDLE hSession,
00188                      CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
00189                      CK_OBJECT_HANDLE_PTR phObject, CK_RV rv);
00190 
00191 extern void sftk_AuditCopyObject(CK_SESSION_HANDLE hSession,
00192                      CK_OBJECT_HANDLE hObject,
00193                      CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
00194                      CK_OBJECT_HANDLE_PTR phNewObject, CK_RV rv);
00195 
00196 extern void sftk_AuditDestroyObject(CK_SESSION_HANDLE hSession,
00197                      CK_OBJECT_HANDLE hObject, CK_RV rv);
00198 
00199 extern void sftk_AuditGetObjectSize(CK_SESSION_HANDLE hSession,
00200                      CK_OBJECT_HANDLE hObject, CK_ULONG_PTR pulSize,
00201                      CK_RV rv);
00202 
00203 extern void sftk_AuditGetAttributeValue(CK_SESSION_HANDLE hSession,
00204                      CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate,
00205                      CK_ULONG ulCount, CK_RV rv);
00206 
00207 extern void sftk_AuditSetAttributeValue(CK_SESSION_HANDLE hSession,
00208                      CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate,
00209                      CK_ULONG ulCount, CK_RV rv);
00210 
00211 extern void sftk_AuditCryptInit(const char *opName,
00212                      CK_SESSION_HANDLE hSession,
00213                      CK_MECHANISM_PTR pMechanism,
00214                      CK_OBJECT_HANDLE hKey, CK_RV rv);
00215 
00216 extern void sftk_AuditGenerateKey(CK_SESSION_HANDLE hSession,
00217                      CK_MECHANISM_PTR pMechanism,
00218                      CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
00219                      CK_OBJECT_HANDLE_PTR phKey, CK_RV rv);
00220 
00221 extern void sftk_AuditGenerateKeyPair(CK_SESSION_HANDLE hSession,
00222                      CK_MECHANISM_PTR pMechanism,
00223                      CK_ATTRIBUTE_PTR pPublicKeyTemplate,
00224                      CK_ULONG ulPublicKeyAttributeCount,
00225                      CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
00226                      CK_ULONG ulPrivateKeyAttributeCount,
00227                      CK_OBJECT_HANDLE_PTR phPublicKey,
00228                      CK_OBJECT_HANDLE_PTR phPrivateKey, CK_RV rv);
00229 
00230 extern void sftk_AuditWrapKey(CK_SESSION_HANDLE hSession,
00231                      CK_MECHANISM_PTR pMechanism,
00232                      CK_OBJECT_HANDLE hWrappingKey, CK_OBJECT_HANDLE hKey,
00233                      CK_BYTE_PTR pWrappedKey,
00234                      CK_ULONG_PTR pulWrappedKeyLen, CK_RV rv);
00235 
00236 extern void sftk_AuditUnwrapKey(CK_SESSION_HANDLE hSession,
00237                      CK_MECHANISM_PTR pMechanism,
00238                      CK_OBJECT_HANDLE hUnwrappingKey,
00239                      CK_BYTE_PTR pWrappedKey, CK_ULONG ulWrappedKeyLen,
00240                      CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount,
00241                      CK_OBJECT_HANDLE_PTR phKey, CK_RV rv);
00242 
00243 extern void sftk_AuditDeriveKey(CK_SESSION_HANDLE hSession,
00244                      CK_MECHANISM_PTR pMechanism,
00245                      CK_OBJECT_HANDLE hBaseKey,
00246                      CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount,
00247                      CK_OBJECT_HANDLE_PTR phKey, CK_RV rv);
00248 
00249 extern void sftk_AuditDigestKey(CK_SESSION_HANDLE hSession,
00250                      CK_OBJECT_HANDLE hKey, CK_RV rv);
00251 
00252 /*
00253 ** FIPS 140-2 Error state
00254 */
00255 extern PRBool sftk_fatalError;
00256 
00257 SEC_END_PROTOS
00258 
00259 #endif /* _SOFTOKEN_H_ */