diff options
author | relyea%netscape.com <devnull@localhost> | 2004-07-19 22:12:38 +0000 |
---|---|---|
committer | relyea%netscape.com <devnull@localhost> | 2004-07-19 22:12:38 +0000 |
commit | f7b01eb6c7452786c247e9612d310b85873da8f9 (patch) | |
tree | 28aaf6d22794d5efc236f3da6e72f0b0362667ad /security/nss/lib/pk11wrap/pk11pub.h | |
parent | 3a6f0f7ff2cd1f04dde490a2f191be06b8be52a2 (diff) | |
download | nss-hg-f7b01eb6c7452786c247e9612d310b85873da8f9.tar.gz |
refactor pk11util, splitting large single files down to a managable size.
bug 246130. The new factor is:
pk11akey.c - asymetric keys constructed from pk11cert.c and pk11skey.c
pk11auth.c - authentication/password management factored from pk11slot.c
pk11cert.c - cert code with private key, crls and trust factored out.
pk11ctx.c -- pkcs11 context code, factored out of pk11skey.c
new pk11func.h -- for backward compatibility.
pk11mech.c - mechanism mapping code, factored mostly from pk11slot.c
pk11nobj.c - netscape objects (crls and trust), factored mostly from pk11cert.c
pk11obj.c - generic object support, factored from pk11skey.c pk11slot.c and
pk11cert.c
pk11priv.h -- private functions factored from pk11func.h
pk11pub.h -- public functions factored from pk11func.h
pk11skey.c - now only symetric key ops; private, public key ops, generic ops
and crypto contexs have been factored out.
pk11slot.c - still slot operations. Authentication, generic object ops,
mechanism mapping has been factored out.
This patch should only have refactoring, no new functions or other changes.
Diffstat (limited to 'security/nss/lib/pk11wrap/pk11pub.h')
-rw-r--r-- | security/nss/lib/pk11wrap/pk11pub.h | 583 |
1 files changed, 583 insertions, 0 deletions
diff --git a/security/nss/lib/pk11wrap/pk11pub.h b/security/nss/lib/pk11wrap/pk11pub.h new file mode 100644 index 000000000..62cfc6712 --- /dev/null +++ b/security/nss/lib/pk11wrap/pk11pub.h @@ -0,0 +1,583 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ +#ifndef _PK11PUB_H_ +#define _PK11PUB_H_ +#include "plarena.h" +#include "seccomon.h" +#include "secoidt.h" +#include "secdert.h" +#include "keyt.h" +#include "certt.h" +#include "pkcs11t.h" +#include "secmodt.h" +#include "seccomon.h" +#include "pkcs7t.h" +#include "cmsreclist.h" + +/* + * Exported PK11 wrap functions. + */ + +SEC_BEGIN_PROTOS + +/************************************************************ + * Generic Slot Lists Management + ************************************************************/ +void PK11_FreeSlotList(PK11SlotList *list); +PK11SlotListElement * PK11_GetFirstSafe(PK11SlotList *list); +PK11SlotListElement *PK11_GetNextSafe(PK11SlotList *list, + PK11SlotListElement *le, PRBool restart); + +/************************************************************ + * Generic Slot Management + ************************************************************/ +PK11SlotInfo *PK11_ReferenceSlot(PK11SlotInfo *slot); +void PK11_FreeSlot(PK11SlotInfo *slot); +SECStatus PK11_DestroyObject(PK11SlotInfo *slot,CK_OBJECT_HANDLE object); +SECStatus PK11_DestroyTokenObject(PK11SlotInfo *slot,CK_OBJECT_HANDLE object); +PK11SlotInfo *PK11_GetInternalKeySlot(void); +PK11SlotInfo *PK11_GetInternalSlot(void); +SECStatus PK11_Logout(PK11SlotInfo *slot); +void PK11_LogoutAll(void); + + +/************************************************************ + * Slot Password Management + ************************************************************/ +void PK11_SetSlotPWValues(PK11SlotInfo *slot,int askpw, int timeout); +void PK11_GetSlotPWValues(PK11SlotInfo *slot,int *askpw, int *timeout); +SECStatus PK11_CheckSSOPassword(PK11SlotInfo *slot, char *ssopw); +SECStatus PK11_CheckUserPassword(PK11SlotInfo *slot,char *pw); +PRBool PK11_IsLoggedIn(PK11SlotInfo *slot, void *wincx); +SECStatus PK11_InitPin(PK11SlotInfo *slot,char *ssopw, char *pk11_userpwd); +SECStatus PK11_ChangePW(PK11SlotInfo *slot,char *oldpw, char *newpw); +void PK11_SetPasswordFunc(PK11PasswordFunc func); +int PK11_GetMinimumPwdLength(PK11SlotInfo *slot); +SECStatus PK11_ResetToken(PK11SlotInfo *slot, char *sso_pwd); +SECStatus PK11_Authenticate(PK11SlotInfo *slot, PRBool loadCerts, void *wincx); +SECStatus PK11_TokenRefresh(PK11SlotInfo *slot); + + +/****************************************************************** + * Slot info functions + ******************************************************************/ +PK11SlotInfo *PK11_FindSlotByName(char *name); +/****************************************************************** + * PK11_FindSlotsByNames searches for a PK11SlotInfo using one or + * more criteria : dllName, slotName and tokenName . In addition, if + * presentOnly is set , only slots with a token inserted will be + * returned. + ******************************************************************/ +PK11SlotList *PK11_FindSlotsByNames(const char *dllName, + const char* slotName, const char* tokenName, PRBool presentOnly); +PRBool PK11_IsReadOnly(PK11SlotInfo *slot); +PRBool PK11_IsInternal(PK11SlotInfo *slot); +char * PK11_GetTokenName(PK11SlotInfo *slot); +char * PK11_GetSlotName(PK11SlotInfo *slot); +PRBool PK11_NeedLogin(PK11SlotInfo *slot); +PRBool PK11_IsFriendly(PK11SlotInfo *slot); +PRBool PK11_IsHW(PK11SlotInfo *slot); +PRBool PK11_NeedUserInit(PK11SlotInfo *slot); +PRBool PK11_ProtectedAuthenticationPath(PK11SlotInfo *slot); +int PK11_GetSlotSeries(PK11SlotInfo *slot); +int PK11_GetCurrentWrapIndex(PK11SlotInfo *slot); +unsigned long PK11_GetDefaultFlags(PK11SlotInfo *slot); +CK_SLOT_ID PK11_GetSlotID(PK11SlotInfo *slot); +SECMODModuleID PK11_GetModuleID(PK11SlotInfo *slot); +SECStatus PK11_GetSlotInfo(PK11SlotInfo *slot, CK_SLOT_INFO *info); +SECStatus PK11_GetTokenInfo(PK11SlotInfo *slot, CK_TOKEN_INFO *info); +PRBool PK11_IsDisabled(PK11SlotInfo *slot); +PRBool PK11_HasRootCerts(PK11SlotInfo *slot); +PK11DisableReasons PK11_GetDisabledReason(PK11SlotInfo *slot); +/* Prevents the slot from being used, and set disable reason to user-disable */ +/* NOTE: Mechanisms that were ON continue to stay ON */ +/* Therefore, when the slot is enabled, it will remember */ +/* what mechanisms needs to be turned on */ +PRBool PK11_UserDisableSlot(PK11SlotInfo *slot); +/* Allow all mechanisms that are ON before UserDisableSlot() */ +/* was called to be available again */ +PRBool PK11_UserEnableSlot(PK11SlotInfo *slot); +/* + * wait for a specific slot event. + * event is a specific event to wait for. Currently only + * PK11TokenChangeOrRemovalEvent and PK11TokenPresentEvents are defined. + * timeout can be an interval time to wait, PR_INTERVAL_NO_WAIT (meaning only + * poll once), or PR_INTERVAL_NO_TIMEOUT (meaning block until a change). + * pollInterval is a suggested pulling interval value. '0' means use the + * default. Future implementations that don't poll may ignore this value. + * series is the current series for the last slot. This should be the series + * value for the slot the last time you read persistant information from the + * slot. For instance, if you publish a cert from the slot, you should obtain + * the slot series at that time. Then PK11_WaitForTokenEvent can detect a + * a change in the slot between the time you publish and the time + * PK11_WaitForTokenEvent is called, elliminating potential race conditions. + * + * The current status that is returned is: + * PK11TokenNotRemovable - always returned for any non-removable token. + * PK11TokenPresent - returned when the token is present and we are waiting + * on a PK11TokenPresentEvent. Then next event to look for is a + * PK11TokenChangeOrRemovalEvent. + * PK11TokenChanged - returned when the old token has been removed and a new + * token ad been inserted, and we are waiting for a + * PK11TokenChangeOrRemovalEvent. The next event to look for is another + * PK11TokenChangeOrRemovalEvent. + * PK11TokenRemoved - returned when the token is not present and we are + * waiting for a PK11TokenChangeOrRemovalEvent. The next event to look for + * is a PK11TokenPresentEvent. + */ +PK11TokenStatus PK11_WaitForTokenEvent(PK11SlotInfo *slot, PK11TokenEvent event, + PRIntervalTime timeout, PRIntervalTime pollInterval, int series); + +PRBool PK11_NeedPWInit(void); +PRBool PK11_TokenExists(CK_MECHANISM_TYPE); +SECStatus PK11_GetModInfo(SECMODModule *mod, CK_INFO *info); +PRBool PK11_IsFIPS(void); +SECMODModule *PK11_GetModule(PK11SlotInfo *slot); + +/********************************************************************* + * Slot mapping utility functions. + *********************************************************************/ +PRBool PK11_IsPresent(PK11SlotInfo *slot); +PRBool PK11_DoesMechanism(PK11SlotInfo *slot, CK_MECHANISM_TYPE type); +PK11SlotList * PK11_GetAllTokens(CK_MECHANISM_TYPE type,PRBool needRW, + PRBool loadCerts, void *wincx); +PK11SlotInfo *PK11_GetBestSlotMultiple(CK_MECHANISM_TYPE *type, int count, + void *wincx); +PK11SlotInfo *PK11_GetBestSlot(CK_MECHANISM_TYPE type, void *wincx); +CK_MECHANISM_TYPE PK11_GetBestWrapMechanism(PK11SlotInfo *slot); +int PK11_GetBestKeyLength(PK11SlotInfo *slot, CK_MECHANISM_TYPE type); + +/********************************************************************* + * Mechanism Mapping functions + *********************************************************************/ +CK_MECHANISM_TYPE PK11_GetKeyType(CK_MECHANISM_TYPE type,unsigned long len); +CK_MECHANISM_TYPE PK11_GetKeyGen(CK_MECHANISM_TYPE type); +int PK11_GetBlockSize(CK_MECHANISM_TYPE type,SECItem *params); +int PK11_GetIVLength(CK_MECHANISM_TYPE type); +SECItem *PK11_ParamFromIV(CK_MECHANISM_TYPE type,SECItem *iv); +unsigned char *PK11_IVFromParam(CK_MECHANISM_TYPE type,SECItem *param,int *len); +SECItem * PK11_BlockData(SECItem *data,unsigned long size); + +/* PKCS #11 to DER mapping functions */ +SECItem *PK11_ParamFromAlgid(SECAlgorithmID *algid); +SECItem *PK11_GenerateNewParam(CK_MECHANISM_TYPE, PK11SymKey *); +CK_MECHANISM_TYPE PK11_AlgtagToMechanism(SECOidTag algTag); +SECOidTag PK11_MechanismToAlgtag(CK_MECHANISM_TYPE type); +SECOidTag PK11_FortezzaMapSig(SECOidTag algTag); +SECStatus PK11_ParamToAlgid(SECOidTag algtag, SECItem *param, + PRArenaPool *arena, SECAlgorithmID *algid); +SECStatus PK11_SeedRandom(PK11SlotInfo *,unsigned char *data,int len); +SECStatus PK11_RandomUpdate(void *data, size_t bytes); +SECStatus PK11_GenerateRandom(unsigned char *data,int len); +CK_RV PK11_MapPBEMechanismToCryptoMechanism(CK_MECHANISM_PTR pPBEMechanism, + CK_MECHANISM_PTR pCryptoMechanism, + SECItem *pbe_pwd, PRBool bad3DES); +CK_MECHANISM_TYPE PK11_GetPadMechanism(CK_MECHANISM_TYPE); + +/********************************************************************** + * Symetric, Public, and Private Keys + **********************************************************************/ +void PK11_FreeSymKey(PK11SymKey *key); +PK11SymKey *PK11_ReferenceSymKey(PK11SymKey *symKey); +PK11SymKey *PK11_ImportSymKey(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, + PK11Origin origin, CK_ATTRIBUTE_TYPE operation, SECItem *key, void *wincx); +PK11SymKey *PK11_ImportSymKeyWithFlags(PK11SlotInfo *slot, + CK_MECHANISM_TYPE type, PK11Origin origin, CK_ATTRIBUTE_TYPE operation, + SECItem *key, CK_FLAGS flags, PRBool isPerm, void *wincx); +PK11SymKey *PK11_SymKeyFromHandle(PK11SlotInfo *slot, PK11SymKey *parent, + PK11Origin origin, CK_MECHANISM_TYPE type, CK_OBJECT_HANDLE keyID, + PRBool owner, void *wincx); +PK11SymKey *PK11_GetWrapKey(PK11SlotInfo *slot, int wrap, + CK_MECHANISM_TYPE type,int series, void *wincx); +/* + * This function is not thread-safe. It can only be called when only + * one thread has a reference to wrapKey. + */ +void PK11_SetWrapKey(PK11SlotInfo *slot, int wrap, PK11SymKey *wrapKey); +CK_MECHANISM_TYPE PK11_GetMechanism(PK11SymKey *symKey); +CK_OBJECT_HANDLE PK11_ImportPublicKey(PK11SlotInfo *slot, + SECKEYPublicKey *pubKey, PRBool isToken); +PK11SymKey *PK11_KeyGen(PK11SlotInfo *slot,CK_MECHANISM_TYPE type, + SECItem *param, int keySize,void *wincx); +PK11SymKey *PK11_TokenKeyGen(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, + SECItem *param, int keySize, SECItem *keyid, + PRBool isToken, void *wincx); +PK11SymKey * PK11_ListFixedKeysInSlot(PK11SlotInfo *slot, char *nickname, + void *wincx); +PK11SymKey *PK11_GetNextSymKey(PK11SymKey *symKey); +CK_KEY_TYPE PK11_GetSymKeyType(PK11SymKey *key); + +SECStatus PK11_PubWrapSymKey(CK_MECHANISM_TYPE type, SECKEYPublicKey *pubKey, + PK11SymKey *symKey, SECItem *wrappedKey); +SECStatus PK11_WrapSymKey(CK_MECHANISM_TYPE type, SECItem *params, + PK11SymKey *wrappingKey, PK11SymKey *symKey, SECItem *wrappedKey); +/* move a key to 'slot' optionally set the key attributes according to either + * operation or the flags and making the key permanent at the same time. + * If the key is moved to the same slot, operation and flags values are + * currently ignored */ +PK11SymKey *PK11_MoveSymKey(PK11SlotInfo *slot, CK_ATTRIBUTE_TYPE operation, + CK_FLAGS flags, PRBool perm, PK11SymKey *symKey); +/* + * derive a new key from the base key. + * PK11_Derive returns a key which can do exactly one operation, and is + * ephemeral (session key). + * PK11_DeriveWithFlags is the same as PK11_Derive, except you can use + * CKF_ flags to enable more than one operation. + * PK11_DeriveWithFlagsPerm is the same as PK11_DeriveWithFlags except you can + * (optionally) make the key permanent (token key). + */ +PK11SymKey *PK11_Derive(PK11SymKey *baseKey, CK_MECHANISM_TYPE mechanism, + SECItem *param, CK_MECHANISM_TYPE target, + CK_ATTRIBUTE_TYPE operation, int keySize); +PK11SymKey *PK11_DeriveWithFlags( PK11SymKey *baseKey, + CK_MECHANISM_TYPE derive, SECItem *param, CK_MECHANISM_TYPE target, + CK_ATTRIBUTE_TYPE operation, int keySize, CK_FLAGS flags); +PK11SymKey * PK11_DeriveWithFlagsPerm( PK11SymKey *baseKey, + CK_MECHANISM_TYPE derive, + SECItem *param, CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, + int keySize, CK_FLAGS flags, PRBool isPerm); + +PK11SymKey *PK11_PubDerive( SECKEYPrivateKey *privKey, + SECKEYPublicKey *pubKey, PRBool isSender, SECItem *randomA, SECItem *randomB, + CK_MECHANISM_TYPE derive, CK_MECHANISM_TYPE target, + CK_ATTRIBUTE_TYPE operation, int keySize,void *wincx) ; +PK11SymKey *PK11_PubDeriveWithKDF( SECKEYPrivateKey *privKey, + SECKEYPublicKey *pubKey, PRBool isSender, SECItem *randomA, SECItem *randomB, + CK_MECHANISM_TYPE derive, CK_MECHANISM_TYPE target, + CK_ATTRIBUTE_TYPE operation, int keySize, + CK_ULONG kdf, SECItem *sharedData, void *wincx); + +/* + * unwrap a new key with a symetric key. + * PK11_Unwrap returns a key which can do exactly one operation, and is + * ephemeral (session key). + * PK11_UnwrapWithFlags is the same as PK11_Unwrap, except you can use + * CKF_ flags to enable more than one operation. + * PK11_UnwrapWithFlagsPerm is the same as PK11_UnwrapWithFlags except you can + * (optionally) make the key permanent (token key). + */ +PK11SymKey *PK11_UnwrapSymKey(PK11SymKey *key, + CK_MECHANISM_TYPE wraptype, SECItem *param, SECItem *wrapppedKey, + CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, int keySize); +PK11SymKey *PK11_UnwrapSymKeyWithFlags(PK11SymKey *wrappingKey, + CK_MECHANISM_TYPE wrapType, SECItem *param, SECItem *wrappedKey, + CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, int keySize, + CK_FLAGS flags); +PK11SymKey * PK11_UnwrapSymKeyWithFlagsPerm(PK11SymKey *wrappingKey, + CK_MECHANISM_TYPE wrapType, + SECItem *param, SECItem *wrappedKey, + CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, + int keySize, CK_FLAGS flags, PRBool isPerm); + +/* + * unwrap a new key with a private key. + * PK11_PubUnwrap returns a key which can do exactly one operation, and is + * ephemeral (session key). + * PK11_PubUnwrapWithFlagsPerm is the same as PK11_PubUnwrap except you can + * use * CKF_ flags to enable more than one operation, and optionally make + * the key permanent (token key). + */ +PK11SymKey *PK11_PubUnwrapSymKey(SECKEYPrivateKey *key, SECItem *wrapppedKey, + CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, int keySize); +PK11SymKey * PK11_PubUnwrapSymKeyWithFlagsPerm(SECKEYPrivateKey *wrappingKey, + SECItem *wrappedKey, CK_MECHANISM_TYPE target, + CK_ATTRIBUTE_TYPE operation, int keySize, + CK_FLAGS flags, PRBool isPerm); +PK11SymKey *PK11_FindFixedKey(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, + SECItem *keyID, void *wincx); +SECStatus PK11_DeleteTokenPrivateKey(SECKEYPrivateKey *privKey,PRBool force); +SECStatus PK11_DeleteTokenPublicKey(SECKEYPublicKey *pubKey); +SECStatus PK11_DeleteTokenSymKey(PK11SymKey *symKey); +SECStatus PK11_DeleteTokenCertAndKey(CERTCertificate *cert,void *wincx); +SECKEYPrivateKey * PK11_LoadPrivKey(PK11SlotInfo *slot, + SECKEYPrivateKey *privKey, SECKEYPublicKey *pubKey, + PRBool token, PRBool sensitive); +char * PK11_GetSymKeyNickname(PK11SymKey *symKey); +char * PK11_GetPrivateKeyNickname(SECKEYPrivateKey *privKey); +char * PK11_GetPublicKeyNickname(SECKEYPublicKey *pubKey); +SECStatus PK11_SetSymKeyNickname(PK11SymKey *symKey, const char *nickname); +SECStatus PK11_SetPrivateKeyNickname(SECKEYPrivateKey *privKey, + const char *nickname); +SECStatus PK11_SetPublicKeyNickname(SECKEYPublicKey *pubKey, + const char *nickname); + +/* size to hold key in bytes */ +unsigned int PK11_GetKeyLength(PK11SymKey *key); +/* size of actual secret parts of key in bits */ +/* algid is because RC4 strength is determined by the effective bits as well + * as the key bits */ +unsigned int PK11_GetKeyStrength(PK11SymKey *key,SECAlgorithmID *algid); +SECStatus PK11_ExtractKeyValue(PK11SymKey *symKey); +SECItem * PK11_GetKeyData(PK11SymKey *symKey); +PK11SlotInfo * PK11_GetSlotFromKey(PK11SymKey *symKey); +void *PK11_GetWindow(PK11SymKey *symKey); +SECKEYPrivateKey *PK11_GenerateKeyPair(PK11SlotInfo *slot, + CK_MECHANISM_TYPE type, void *param, SECKEYPublicKey **pubk, + PRBool isPerm, PRBool isSensitive, void *wincx); +SECKEYPrivateKey * PK11_FindPrivateKeyFromCert(PK11SlotInfo *slot, + CERTCertificate *cert, void *wincx); +SECKEYPrivateKey * PK11_FindKeyByAnyCert(CERTCertificate *cert, void *wincx); +SECKEYPrivateKey * PK11_FindKeyByKeyID(PK11SlotInfo *slot, SECItem *keyID, + void *wincx); +int PK11_GetPrivateModulusLen(SECKEYPrivateKey *key); +SECStatus PK11_PubDecryptRaw(SECKEYPrivateKey *key, unsigned char *data, + unsigned *outLen, unsigned int maxLen, unsigned char *enc, unsigned encLen); +/* The encrypt version of the above function */ +SECStatus PK11_PubEncryptRaw(SECKEYPublicKey *key, unsigned char *enc, + unsigned char *data, unsigned dataLen, void *wincx); +SECStatus PK11_ImportPrivateKeyInfo(PK11SlotInfo *slot, + SECKEYPrivateKeyInfo *pki, SECItem *nickname, + SECItem *publicValue, PRBool isPerm, PRBool isPrivate, + unsigned int usage, void *wincx); +SECStatus PK11_ImportPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot, + SECKEYPrivateKeyInfo *pki, SECItem *nickname, + SECItem *publicValue, PRBool isPerm, PRBool isPrivate, + unsigned int usage, SECKEYPrivateKey** privk, void *wincx); +SECStatus PK11_ImportDERPrivateKeyInfo(PK11SlotInfo *slot, + SECItem *derPKI, SECItem *nickname, + SECItem *publicValue, PRBool isPerm, PRBool isPrivate, + unsigned int usage, void *wincx); +SECStatus PK11_ImportDERPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot, + SECItem *derPKI, SECItem *nickname, + SECItem *publicValue, PRBool isPerm, PRBool isPrivate, + unsigned int usage, SECKEYPrivateKey** privk, void *wincx); +SECStatus PK11_ImportEncryptedPrivateKeyInfo(PK11SlotInfo *slot, + SECKEYEncryptedPrivateKeyInfo *epki, SECItem *pwitem, + SECItem *nickname, SECItem *publicValue, PRBool isPerm, + PRBool isPrivate, KeyType type, + unsigned int usage, void *wincx); +SECKEYPrivateKeyInfo *PK11_ExportPrivateKeyInfo( + CERTCertificate *cert, void *wincx); +SECKEYEncryptedPrivateKeyInfo *PK11_ExportEncryptedPrivKeyInfo( + PK11SlotInfo *slot, SECOidTag algTag, SECItem *pwitem, + SECKEYPrivateKey *pk, int iteration, void *wincx); +SECKEYEncryptedPrivateKeyInfo *PK11_ExportEncryptedPrivateKeyInfo( + PK11SlotInfo *slot, SECOidTag algTag, SECItem *pwitem, + CERTCertificate *cert, int iteration, void *wincx); +SECKEYPrivateKey *PK11_FindKeyByDERCert(PK11SlotInfo *slot, + CERTCertificate *cert, void *wincx); +SECKEYPublicKey *PK11_MakeKEAPubKey(unsigned char *data, int length); +SECStatus PK11_DigestKey(PK11Context *context, PK11SymKey *key); +PRBool PK11_VerifyKeyOK(PK11SymKey *key); +SECKEYPrivateKey *PK11_UnwrapPrivKey(PK11SlotInfo *slot, + PK11SymKey *wrappingKey, CK_MECHANISM_TYPE wrapType, + SECItem *param, SECItem *wrappedKey, SECItem *label, + SECItem *publicValue, PRBool token, PRBool sensitive, + CK_KEY_TYPE keyType, CK_ATTRIBUTE_TYPE *usage, int usageCount, + void *wincx); +SECStatus PK11_WrapPrivKey(PK11SlotInfo *slot, PK11SymKey *wrappingKey, + SECKEYPrivateKey *privKey, CK_MECHANISM_TYPE wrapType, + SECItem *param, SECItem *wrappedKey, void *wincx); +SECItem* PK11_DEREncodePublicKey(SECKEYPublicKey *pubk); +PK11SymKey* PK11_CopySymKeyForSigning(PK11SymKey *originalKey, + CK_MECHANISM_TYPE mech); +SECKEYPrivateKeyList* PK11_ListPrivKeysInSlot(PK11SlotInfo *slot, + char *nickname, void *wincx); +SECKEYPublicKeyList* PK11_ListPublicKeysInSlot(PK11SlotInfo *slot, + char *nickname); +SECKEYPQGParams *PK11_GetPQGParamsFromPrivateKey(SECKEYPrivateKey *privKey); +/* depricated */ +SECKEYPrivateKeyList* PK11_ListPrivateKeysInSlot(PK11SlotInfo *slot); + +PK11SymKey *PK11_ConvertSessionSymKeyToTokenSymKey(PK11SymKey *symk, + void *wincx); +SECKEYPrivateKey *PK11_ConvertSessionPrivKeyToTokenPrivKey( + SECKEYPrivateKey *privk, void* wincx); + +/********************************************************************** + * Certs + **********************************************************************/ +SECItem *PK11_MakeIDFromPubKey(SECItem *pubKeyData); +SECStatus PK11_TraverseSlotCerts( + SECStatus(* callback)(CERTCertificate*,SECItem *,void *), + void *arg, void *wincx); +CERTCertificate * PK11_FindCertFromNickname(char *nickname, void *wincx); +CERTCertList * PK11_FindCertsFromNickname(char *nickname, void *wincx); +SECStatus PK11_ImportCert(PK11SlotInfo *slot, CERTCertificate *cert, + CK_OBJECT_HANDLE key, char *nickname, PRBool includeTrust); +SECStatus PK11_ImportDERCert(PK11SlotInfo *slot, SECItem *derCert, + CK_OBJECT_HANDLE key, char *nickname, PRBool includeTrust); +PK11SlotInfo *PK11_ImportCertForKey(CERTCertificate *cert, char *nickname, + void *wincx); +PK11SlotInfo *PK11_ImportDERCertForKey(SECItem *derCert, char *nickname, + void *wincx); +PK11SlotInfo *PK11_KeyForCertExists(CERTCertificate *cert, + CK_OBJECT_HANDLE *keyPtr, void *wincx); +PK11SlotInfo *PK11_KeyForDERCertExists(SECItem *derCert, + CK_OBJECT_HANDLE *keyPtr, void *wincx); +CERTCertificate * PK11_FindCertByIssuerAndSN(PK11SlotInfo **slot, + CERTIssuerAndSN *sn, void *wincx); +CERTCertificate * PK11_FindCertAndKeyByRecipientList(PK11SlotInfo **slot, + SEC_PKCS7RecipientInfo **array, SEC_PKCS7RecipientInfo **rip, + SECKEYPrivateKey**privKey, void *wincx); +int PK11_FindCertAndKeyByRecipientListNew(NSSCMSRecipient **recipientlist, + void *wincx); +SECStatus PK11_TraverseCertsForSubjectInSlot(CERTCertificate *cert, + PK11SlotInfo *slot, SECStatus(*callback)(CERTCertificate *, void *), + void *arg); +CERTCertificate *PK11_FindCertFromDERCert(PK11SlotInfo *slot, + CERTCertificate *cert, void *wincx); +SECStatus PK11_ImportCertForKeyToSlot(PK11SlotInfo *slot, CERTCertificate *cert, + char *nickname, PRBool addUsage, + void *wincx); +CERTCertificate *PK11_FindBestKEAMatch(CERTCertificate *serverCert,void *wincx); +PRBool PK11_FortezzaHasKEA(CERTCertificate *cert); +CK_OBJECT_HANDLE PK11_FindCertInSlot(PK11SlotInfo *slot, CERTCertificate *cert, + void *wincx); +SECStatus PK11_TraverseCertsForNicknameInSlot(SECItem *nickname, + PK11SlotInfo *slot, SECStatus(*callback)(CERTCertificate *, void *), + void *arg); +CERTCertList * PK11_ListCerts(PK11CertListType type, void *pwarg); +CERTCertList * PK11_ListCertsInSlot(PK11SlotInfo *slot); +CERTSignedCrl* PK11_ImportCRL(PK11SlotInfo * slot, SECItem *derCRL, char *url, + int type, void *wincx, PRInt32 importOptions, PRArenaPool* arena, PRInt32 decodeOptions); + +/********************************************************************** + * Sign/Verify + **********************************************************************/ +int PK11_SignatureLen(SECKEYPrivateKey *key); +PK11SlotInfo * PK11_GetSlotFromPrivateKey(SECKEYPrivateKey *key); +SECStatus PK11_Sign(SECKEYPrivateKey *key, SECItem *sig, SECItem *hash); +SECStatus PK11_VerifyRecover(SECKEYPublicKey *key, SECItem *sig, + SECItem *dsig, void * wincx); +SECStatus PK11_Verify(SECKEYPublicKey *key, SECItem *sig, + SECItem *hash, void *wincx); + + + +/********************************************************************** + * Crypto Contexts + **********************************************************************/ +void PK11_DestroyContext(PK11Context *context, PRBool freeit); +PK11Context *PK11_CreateContextBySymKey(CK_MECHANISM_TYPE type, + CK_ATTRIBUTE_TYPE operation, PK11SymKey *symKey, SECItem *param); +PK11Context *PK11_CreateDigestContext(SECOidTag hashAlg); +PK11Context *PK11_CloneContext(PK11Context *old); +SECStatus PK11_DigestBegin(PK11Context *cx); +SECStatus PK11_HashBuf(SECOidTag hashAlg, unsigned char *out, unsigned char *in, + int32 len); +SECStatus PK11_DigestOp(PK11Context *context, const unsigned char *in, + unsigned len); +SECStatus PK11_CipherOp(PK11Context *context, unsigned char * out, int *outlen, + int maxout, unsigned char *in, int inlen); +SECStatus PK11_Finalize(PK11Context *context); +SECStatus PK11_DigestFinal(PK11Context *context, unsigned char *data, + unsigned int *outLen, unsigned int length); +SECStatus PK11_SaveContext(PK11Context *cx,unsigned char *save, + int *len, int saveLength); + +/* Save the context's state, with possible allocation. + * The caller may supply an already allocated buffer in preAllocBuf, + * with length pabLen. If the buffer is large enough for the context's + * state, it will receive the state. + * If the buffer is not large enough (or NULL), then a new buffer will + * be allocated with PORT_Alloc. + * In either case, the state will be returned as a buffer, and the length + * of the state will be given in *stateLen. + */ +unsigned char * +PK11_SaveContextAlloc(PK11Context *cx, + unsigned char *preAllocBuf, unsigned int pabLen, + unsigned int *stateLen); + +SECStatus PK11_RestoreContext(PK11Context *cx,unsigned char *save,int len); +SECStatus PK11_GenerateFortezzaIV(PK11SymKey *symKey,unsigned char *iv,int len); +void PK11_SetFortezzaHack(PK11SymKey *symKey) ; + + +/********************************************************************** + * PBE functions + **********************************************************************/ + +/* This function creates PBE parameters from the given inputs. The result + * can be used to create a password integrity key for PKCS#12, by sending + * the return value to PK11_KeyGen along with the appropriate mechanism. + */ +SECItem * +PK11_CreatePBEParams(SECItem *salt, SECItem *pwd, unsigned int iterations); + +/* free params created above (can be called after keygen is done */ +void PK11_DestroyPBEParams(SECItem *params); + +SECAlgorithmID * +PK11_CreatePBEAlgorithmID(SECOidTag algorithm, int iteration, SECItem *salt); +PK11SymKey * +PK11_PBEKeyGen(PK11SlotInfo *slot, SECAlgorithmID *algid, SECItem *pwitem, + PRBool faulty3DES, void *wincx); +PK11SymKey * +PK11_RawPBEKeyGen(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, SECItem *params, + SECItem *pwitem, PRBool faulty3DES, void *wincx); +SECItem * +PK11_GetPBEIV(SECAlgorithmID *algid, SECItem *pwitem); + +/********************************************************************** + * Functions to manage secmod flags + **********************************************************************/ +PK11DefaultArrayEntry * PK11_GetDefaultArray(int *); +SECStatus PK11_UpdateSlotAttribute(PK11SlotInfo *, PK11DefaultArrayEntry *, + PRBool ); + +/********************************************************************** + * Functions to look at PKCS #11 dependent data + **********************************************************************/ +PK11GenericObject *PK11_FindGenericObjects(PK11SlotInfo *slot, + CK_OBJECT_CLASS objClass); +PK11GenericObject *PK11_GetNextGenericObject(PK11GenericObject *object); +PK11GenericObject *PK11_GetPrevtGenericObject(PK11GenericObject *object); +SECStatus PK11_UnlinkGenericObject(PK11GenericObject *object); +SECStatus PK11_LinkGenericObject(PK11GenericObject *list, + PK11GenericObject *object); +SECStatus PK11_DestroyGenericObjects(PK11GenericObject *object); +SECStatus PK11_DestroyGenericObject(PK11GenericObject *object); +SECStatus PK11_ReadRawAttribute(PK11ObjectType type, void *object, + CK_ATTRIBUTE_TYPE attr, SECItem *item); + + +/********************************************************************** + * New fucntions which are already depricated.... + **********************************************************************/ +SECItem * +PK11_GetLowLevelKeyIDForCert(PK11SlotInfo *slot, + CERTCertificate *cert, void *pwarg); +SECItem * +PK11_GetLowLevelKeyIDForPrivateKey(SECKEYPrivateKey *key); + +PRBool SECMOD_HasRootCerts(void); + +SEC_END_PROTOS + +#endif |