tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

keyhi.h (9408B)

      1 /* This Source Code Form is subject to the terms of the Mozilla Public
      2 * License, v. 2.0. If a copy of the MPL was not distributed with this
      3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      4 
      5 #ifndef _KEYHI_H_
      6 #define _KEYHI_H_
      7 
      8 #include "plarena.h"
      9 
     10 #include "seccomon.h"
     11 #include "secoidt.h"
     12 #include "secdert.h"
     13 #include "keythi.h"
     14 #include "certt.h"
     15 #include "secerr.h"
     16 
     17 SEC_BEGIN_PROTOS
     18 
     19 /*
     20 ** Destroy a subject-public-key-info object.
     21 */
     22 extern void SECKEY_DestroySubjectPublicKeyInfo(CERTSubjectPublicKeyInfo *spki);
     23 
     24 /*
     25 ** Copy subject-public-key-info "src" to "dst". "dst" is filled in
     26 ** appropriately (memory is allocated for each of the sub objects).
     27 */
     28 extern SECStatus SECKEY_CopySubjectPublicKeyInfo(PLArenaPool *arena,
     29                                                 CERTSubjectPublicKeyInfo *dst,
     30                                                 CERTSubjectPublicKeyInfo *src);
     31 
     32 /*
     33 ** Update the PQG parameters for a cert's public key.
     34 ** Only done for DSA certs
     35 */
     36 extern SECStatus
     37 SECKEY_UpdateCertPQG(CERTCertificate *subjectCert);
     38 
     39 /*
     40 ** Return the number of bits in the provided big integer.  This assumes that the
     41 ** SECItem contains a big-endian number and counts from the first non-zero bit.
     42 */
     43 extern unsigned SECKEY_BigIntegerBitLength(const SECItem *number);
     44 
     45 /*
     46 ** Return the strength of the public key in bytes
     47 */
     48 extern unsigned SECKEY_PublicKeyStrength(const SECKEYPublicKey *pubk);
     49 
     50 /*
     51 ** Return the strength of the public key in bits
     52 */
     53 extern unsigned SECKEY_PublicKeyStrengthInBits(const SECKEYPublicKey *pubk);
     54 
     55 /*
     56 ** Return the strength of the private key in bits
     57 */
     58 extern unsigned SECKEY_PrivateKeyStrengthInBits(const SECKEYPrivateKey *privk);
     59 
     60 /*
     61 ** Return the length of the signature in bytes
     62 */
     63 extern unsigned SECKEY_SignatureLen(const SECKEYPublicKey *pubk);
     64 
     65 /*
     66 ** Make a copy of the private key "privKey"
     67 */
     68 extern SECKEYPrivateKey *SECKEY_CopyPrivateKey(const SECKEYPrivateKey *privKey);
     69 
     70 /*
     71 ** Make a copy of the public key "pubKey"
     72 */
     73 extern SECKEYPublicKey *SECKEY_CopyPublicKey(const SECKEYPublicKey *pubKey);
     74 
     75 /*
     76 ** Convert a private key "privateKey" into a public key
     77 */
     78 extern SECKEYPublicKey *SECKEY_ConvertToPublicKey(SECKEYPrivateKey *privateKey);
     79 
     80 /*
     81 * create a new RSA key pair. The private Key is returned...
     82 */
     83 SECKEYPrivateKey *SECKEY_CreateRSAPrivateKey(int keySizeInBits,
     84                                             SECKEYPublicKey **pubk, void *cx);
     85 
     86 /*
     87 * create a new DH key pair. The private Key is returned...
     88 */
     89 SECKEYPrivateKey *SECKEY_CreateDHPrivateKey(SECKEYDHParams *param,
     90                                            SECKEYPublicKey **pubk, void *cx);
     91 
     92 /*
     93 * create a new EC key pair. The private Key is returned...
     94 */
     95 SECKEYPrivateKey *SECKEY_CreateECPrivateKey(SECKEYECParams *param,
     96                                            SECKEYPublicKey **pubk, void *cx);
     97 
     98 /*
     99 ** Create a subject-public-key-info based on a public key.
    100 */
    101 extern CERTSubjectPublicKeyInfo *
    102 SECKEY_CreateSubjectPublicKeyInfo(const SECKEYPublicKey *k);
    103 
    104 /*
    105 ** Convert a base64 ascii encoded DER public key and challenge to spki,
    106 ** and verify the signature and challenge data are correct
    107 */
    108 extern CERTSubjectPublicKeyInfo *
    109 SECKEY_ConvertAndDecodePublicKeyAndChallenge(char *pkacstr, char *challenge,
    110                                             void *cx);
    111 
    112 /*
    113 ** Encode a  CERTSubjectPublicKeyInfo structure. into a
    114 ** DER encoded subject public key info.
    115 */
    116 SECItem *
    117 SECKEY_EncodeDERSubjectPublicKeyInfo(const SECKEYPublicKey *pubk);
    118 
    119 /*
    120 ** Decode a DER encoded subject public key info into a
    121 ** CERTSubjectPublicKeyInfo structure.
    122 */
    123 extern CERTSubjectPublicKeyInfo *
    124 SECKEY_DecodeDERSubjectPublicKeyInfo(const SECItem *spkider);
    125 
    126 /*
    127 ** Convert a base64 ascii encoded DER subject public key info to our
    128 ** internal format.
    129 */
    130 extern CERTSubjectPublicKeyInfo *
    131 SECKEY_ConvertAndDecodeSubjectPublicKeyInfo(const char *spkistr);
    132 
    133 /*
    134 * extract the public key from a subject Public Key info structure.
    135 * (used by JSS).
    136 */
    137 extern SECKEYPublicKey *
    138 SECKEY_ExtractPublicKey(const CERTSubjectPublicKeyInfo *);
    139 
    140 /*
    141 ** Destroy a private key object.
    142 **	"key" the object
    143 */
    144 extern void SECKEY_DestroyPrivateKey(SECKEYPrivateKey *key);
    145 
    146 /*
    147 ** Destroy a public key object.
    148 **	"key" the object
    149 */
    150 extern void SECKEY_DestroyPublicKey(SECKEYPublicKey *key);
    151 
    152 /* Destroy and zero out a private key info structure.  for now this
    153 * function zero's out memory allocated in an arena for the key
    154 * since PORT_FreeArena does not currently do this.
    155 *
    156 * NOTE -- If a private key info is allocated in an arena, one should
    157 * not call this function with freeit = PR_FALSE.  The function should
    158 * destroy the arena.
    159 */
    160 extern void
    161 SECKEY_DestroyPrivateKeyInfo(SECKEYPrivateKeyInfo *pvk, PRBool freeit);
    162 
    163 /* Destroy and zero out an encrypted private key info.
    164 *
    165 * NOTE -- If a encrypted private key info is allocated in an arena, one should
    166 * not call this function with freeit = PR_FALSE.  The function should
    167 * destroy the arena.
    168 */
    169 extern void
    170 SECKEY_DestroyEncryptedPrivateKeyInfo(SECKEYEncryptedPrivateKeyInfo *epki,
    171                                      PRBool freeit);
    172 
    173 /* Copy private key info structure.
    174 *  poolp is the arena into which the contents of from is to be copied.
    175 *	NULL is a valid entry.
    176 *  to is the destination private key info
    177 *  from is the source private key info
    178 * if either from or to is NULL or an error occurs, SECFailure is
    179 * returned.  otherwise, SECSuccess is returned.
    180 */
    181 extern SECStatus
    182 SECKEY_CopyPrivateKeyInfo(PLArenaPool *poolp,
    183                          SECKEYPrivateKeyInfo *to,
    184                          const SECKEYPrivateKeyInfo *from);
    185 
    186 extern SECStatus
    187 SECKEY_CacheStaticFlags(SECKEYPrivateKey *key);
    188 
    189 /* Copy encrypted private key info structure.
    190 *  poolp is the arena into which the contents of from is to be copied.
    191 *	NULL is a valid entry.
    192 *  to is the destination encrypted private key info
    193 *  from is the source encrypted private key info
    194 * if either from or to is NULL or an error occurs, SECFailure is
    195 * returned.  otherwise, SECSuccess is returned.
    196 */
    197 extern SECStatus
    198 SECKEY_CopyEncryptedPrivateKeyInfo(PLArenaPool *poolp,
    199                                   SECKEYEncryptedPrivateKeyInfo *to,
    200                                   const SECKEYEncryptedPrivateKeyInfo *from);
    201 /*
    202 * Accessor functions for key type of public and private keys.
    203 */
    204 KeyType SECKEY_GetPrivateKeyType(const SECKEYPrivateKey *privKey);
    205 KeyType SECKEY_GetPublicKeyType(const SECKEYPublicKey *pubKey);
    206 
    207 /*
    208 * Creates a PublicKey from its DER encoding.
    209 * Currently only supports RSA, DSA, and DH keys.
    210 */
    211 SECKEYPublicKey *
    212 SECKEY_ImportDERPublicKey(const SECItem *derKey, CK_KEY_TYPE type);
    213 
    214 SECKEYPrivateKeyList *
    215 SECKEY_NewPrivateKeyList(void);
    216 
    217 void
    218 SECKEY_DestroyPrivateKeyList(SECKEYPrivateKeyList *keys);
    219 
    220 void
    221 SECKEY_RemovePrivateKeyListNode(SECKEYPrivateKeyListNode *node);
    222 
    223 SECStatus
    224 SECKEY_AddPrivateKeyToListTail(SECKEYPrivateKeyList *list,
    225                               SECKEYPrivateKey *key);
    226 
    227 #define PRIVKEY_LIST_HEAD(l) ((SECKEYPrivateKeyListNode *)PR_LIST_HEAD(&l->list))
    228 #define PRIVKEY_LIST_NEXT(n) ((SECKEYPrivateKeyListNode *)n->links.next)
    229 #define PRIVKEY_LIST_END(n, l) (((void *)n) == ((void *)&l->list))
    230 
    231 SECKEYPublicKeyList *
    232 SECKEY_NewPublicKeyList(void);
    233 
    234 void
    235 SECKEY_DestroyPublicKeyList(SECKEYPublicKeyList *keys);
    236 
    237 void
    238 SECKEY_RemovePublicKeyListNode(SECKEYPublicKeyListNode *node);
    239 
    240 SECStatus
    241 SECKEY_AddPublicKeyToListTail(SECKEYPublicKeyList *list,
    242                              SECKEYPublicKey *key);
    243 
    244 #define PUBKEY_LIST_HEAD(l) ((SECKEYPublicKeyListNode *)PR_LIST_HEAD(&l->list))
    245 #define PUBKEY_LIST_NEXT(n) ((SECKEYPublicKeyListNode *)n->links.next)
    246 #define PUBKEY_LIST_END(n, l) (((void *)n) == ((void *)&l->list))
    247 
    248 /*
    249 * Length in bits of the EC's field size.  This is also the length of
    250 * the x and y coordinates of EC points, such as EC public keys and
    251 * base points.
    252 *
    253 * Return 0 on failure (unknown EC domain parameters).
    254 */
    255 extern int SECKEY_ECParamsToKeySize(const SECItem *params);
    256 
    257 /*
    258 * Length in bits of the EC base point order, usually denoted n.  This
    259 * is also the length of EC private keys and ECDSA signature components
    260 * r and s.
    261 *
    262 * Return 0 on failure (unknown EC domain parameters).
    263 */
    264 extern int SECKEY_ECParamsToBasePointOrderLen(const SECItem *params);
    265 
    266 /*
    267 * Returns the object identifier of the curve, of the provided
    268 * elliptic curve parameters structures.
    269 *
    270 * Return 0 on failure (unknown EC domain parameters).
    271 */
    272 SECOidTag SECKEY_GetECCOid(const SECKEYECParams *params);
    273 
    274 /* make sure the key length matches the policy for keyType */
    275 SECStatus SECKEY_EnforceKeySize(KeyType keyType, unsigned keyLength,
    276                                SECErrorCodes error);
    277 
    278 /* get the descriptive string for a given key type */
    279 const char *SECKEY_GetKeyTypeString(KeyType keyType);
    280 
    281 /* Maps an ML-DSA OID tag to its corresponding PKCS#11's CKP_* parameter set */
    282 CK_ML_DSA_PARAMETER_SET_TYPE
    283 SECKEY_GetMLDSAPkcs11ParamSetByOidTag(SECOidTag tag);
    284 
    285 /* Maps a PKCS#11's CKP_* parameter set to its corresponding ML-DSA OID tag */
    286 SECOidTag
    287 SECKEY_GetMLDSAOidTagByPkcs11ParamSet(CK_ML_DSA_PARAMETER_SET_TYPE paramSet);
    288 
    289 typedef enum {
    290    SECKEYPubKeyType = 1,
    291    SECKEYPrivKeyType,
    292    SECKEYSignatureType,
    293 } SECKEYSizeType;
    294 
    295 unsigned int SECKEY_MLDSAOidParamsToLen(SECOidTag oid, SECKEYSizeType type);
    296 
    297 SEC_END_PROTOS
    298 
    299 #endif /* _KEYHI_H_ */