1
/* ***** BEGIN LICENSE BLOCK *****
2
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
4
* The contents of this file are subject to the Mozilla Public License Version
5
* 1.1 (the "License"); you may not use this file except in compliance with
6
* the License. You may obtain a copy of the License at
7
* http://www.mozilla.org/MPL/
9
* Software distributed under the License is distributed on an "AS IS" basis,
10
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
11
* for the specific language governing rights and limitations under the
14
* The Original Code is the Netscape security libraries.
16
* The Initial Developer of the Original Code is
17
* Netscape Communications Corporation.
18
* Portions created by the Initial Developer are Copyright (C) 1994-2000
19
* the Initial Developer. All Rights Reserved.
22
* Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories
24
* Alternatively, the contents of this file may be used under the terms of
25
* either the GNU General Public License Version 2 or later (the "GPL"), or
26
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
27
* in which case the provisions of the GPL or the LGPL are applicable instead
28
* of those above. If you wish to allow use of your version of this file only
29
* under the terms of either the GPL or the LGPL, and not to allow others to
30
* use your version of this file under the terms of the MPL, indicate your
31
* decision by deleting the provisions above and replace them with the notice
32
* and other provisions required by the GPL or the LGPL. If you do not delete
33
* the provisions above, a recipient may use your version of this file under
34
* the terms of any one of the MPL, the GPL or the LGPL.
36
* ***** END LICENSE BLOCK ***** */
37
/* $Id: lowkeyi.h,v 1.10 2004/04/27 23:04:38 gerv%gerv.net Exp $ */
51
* See bugzilla bug 125359
52
* Since NSS (via PKCS#11) wants to handle big integers as unsigned ints,
53
* all of the templates above that en/decode into integers must be converted
54
* from ASN.1's signed integer type. This is done by marking either the
55
* source or destination (encoding or decoding, respectively) type as
58
extern void prepare_low_rsa_priv_key_for_asn1(NSSLOWKEYPrivateKey *key);
59
extern void prepare_low_pqg_params_for_asn1(PQGParams *params);
60
extern void prepare_low_dsa_priv_key_for_asn1(NSSLOWKEYPrivateKey *key);
61
extern void prepare_low_dsa_priv_key_export_for_asn1(NSSLOWKEYPrivateKey *key);
62
extern void prepare_low_dh_priv_key_for_asn1(NSSLOWKEYPrivateKey *key);
64
extern void prepare_low_ec_priv_key_for_asn1(NSSLOWKEYPrivateKey *key);
65
extern void prepare_low_ecparams_for_asn1(ECParams *params);
66
#endif /* NSS_ENABLE_ECC */
68
typedef char * (* NSSLOWKEYDBNameFunc)(void *arg, int dbVersion);
71
** Open a key database.
73
extern NSSLOWKEYDBHandle *nsslowkey_OpenKeyDB(PRBool readOnly,
76
NSSLOWKEYDBNameFunc namecb,
81
* Clear out all the keys in the existing database
83
extern SECStatus nsslowkey_ResetKeyDB(NSSLOWKEYDBHandle *handle);
86
** Close the specified key database.
88
extern void nsslowkey_CloseKeyDB(NSSLOWKEYDBHandle *handle);
91
* Get the version number of the database
93
extern int nsslowkey_GetKeyDBVersion(NSSLOWKEYDBHandle *handle);
96
** Support a default key database.
98
extern void nsslowkey_SetDefaultKeyDB(NSSLOWKEYDBHandle *handle);
99
extern NSSLOWKEYDBHandle *nsslowkey_GetDefaultKeyDB(void);
101
/* set the alg id of the key encryption algorithm */
102
extern void nsslowkey_SetDefaultKeyDBAlg(SECOidTag alg);
105
* given a password and salt, produce a hash of the password
107
extern SECItem *nsslowkey_HashPassword(char *pw, SECItem *salt);
110
* Derive the actual password value for a key database from the
111
* password string value. The derivation uses global salt value
112
* stored in the key database.
115
nsslowkey_DeriveKeyDBPassword(NSSLOWKEYDBHandle *handle, char *pw);
118
** Delete a key from the database
120
extern SECStatus nsslowkey_DeleteKey(NSSLOWKEYDBHandle *handle,
124
** Store a key in the database, indexed by its public key modulus.
125
** "pk" is the private key to store
126
** "f" is a the callback function for getting the password
127
** "arg" is the argument for the callback
129
extern SECStatus nsslowkey_StoreKeyByPublicKey(NSSLOWKEYDBHandle *handle,
130
NSSLOWKEYPrivateKey *pk,
135
/* does the key for this cert exist in the database filed by modulus */
136
extern PRBool nsslowkey_KeyForCertExists(NSSLOWKEYDBHandle *handle,
137
NSSLOWCERTCertificate *cert);
138
/* does a key with this ID already exist? */
139
extern PRBool nsslowkey_KeyForIDExists(NSSLOWKEYDBHandle *handle, SECItem *id);
142
extern SECStatus nsslowkey_HasKeyDBPassword(NSSLOWKEYDBHandle *handle);
143
extern SECStatus nsslowkey_SetKeyDBPassword(NSSLOWKEYDBHandle *handle,
145
extern SECStatus nsslowkey_CheckKeyDBPassword(NSSLOWKEYDBHandle *handle,
147
extern SECStatus nsslowkey_ChangeKeyDBPassword(NSSLOWKEYDBHandle *handle,
152
** Destroy a private key object.
154
** "freeit" if PR_TRUE then free the object as well as its sub-objects
156
extern void nsslowkey_DestroyPrivateKey(NSSLOWKEYPrivateKey *key);
159
** Destroy a public key object.
161
** "freeit" if PR_TRUE then free the object as well as its sub-objects
163
extern void nsslowkey_DestroyPublicKey(NSSLOWKEYPublicKey *key);
166
** Return the modulus length of "pubKey".
168
extern unsigned int nsslowkey_PublicModulusLen(NSSLOWKEYPublicKey *pubKey);
172
** Return the modulus length of "privKey".
174
extern unsigned int nsslowkey_PrivateModulusLen(NSSLOWKEYPrivateKey *privKey);
178
** Convert a low private key "privateKey" into a public low key
180
extern NSSLOWKEYPublicKey
181
*nsslowkey_ConvertToPublicKey(NSSLOWKEYPrivateKey *privateKey);
184
* Set the Key Database password.
185
* handle is a handle to the key database
186
* pwitem is the new password
187
* algorithm is the algorithm by which the key database
188
* password is to be encrypted.
189
* On failure, SECFailure is returned, otherwise SECSuccess is
193
nsslowkey_SetKeyDBPasswordAlg(NSSLOWKEYDBHandle *handle,
195
SECOidTag algorithm);
197
/* Check the key database password.
198
* handle is a handle to the key database
199
* pwitem is the suspect password
200
* algorithm is the algorithm by which the key database
201
* password is to be encrypted.
202
* The password is checked against plaintext to see if it is the
203
* actual password. If it is not, SECFailure is returned.
206
nsslowkey_CheckKeyDBPasswordAlg(NSSLOWKEYDBHandle *handle,
208
SECOidTag algorithm);
210
/* Change the key database password and/or algorithm by which
211
* the password is stored with.
212
* handle is a handle to the key database
213
* old_pwitem is the current password
214
* new_pwitem is the new password
215
* old_algorithm is the algorithm by which the key database
216
* password is currently encrypted.
217
* new_algorithm is the algorithm with which the new password
218
* is to be encrypted.
219
* A return of anything but SECSuccess indicates failure.
222
nsslowkey_ChangeKeyDBPasswordAlg(NSSLOWKEYDBHandle *handle,
223
SECItem *oldpwitem, SECItem *newpwitem,
224
SECOidTag old_algorithm);
227
nsslowkey_UpdateNickname(NSSLOWKEYDBHandle *handle,
228
NSSLOWKEYPrivateKey *privkey,
233
/* Store key by modulus and specify an encryption algorithm to use.
234
* handle is the pointer to the key database,
235
* privkey is the private key to be stored,
236
* f and arg are the function and arguments to the callback
238
* algorithm is the algorithm which the privKey is to be stored.
239
* A return of anything but SECSuccess indicates failure.
242
nsslowkey_StoreKeyByPublicKeyAlg(NSSLOWKEYDBHandle *handle,
243
NSSLOWKEYPrivateKey *privkey,
250
/* Find key by modulus. This function is the inverse of store key
251
* by modulus. An attempt to locate the key with "modulus" is
252
* performed. If the key is found, the private key is returned,
253
* else NULL is returned.
254
* modulus is the modulus to locate
256
extern NSSLOWKEYPrivateKey *
257
nsslowkey_FindKeyByPublicKey(NSSLOWKEYDBHandle *handle, SECItem *modulus,
261
nsslowkey_FindKeyNicknameByPublicKey(NSSLOWKEYDBHandle *handle,
262
SECItem *modulus, SECItem *pwitem);
265
/* Make a copy of a low private key in it's own arena.
266
* a return of NULL indicates an error.
268
extern NSSLOWKEYPrivateKey *
269
nsslowkey_CopyPrivateKey(NSSLOWKEYPrivateKey *privKey);
274
#endif /* _LOWKEYI_H_ */