security/nss/lib/crmf/crmfi.h@6474c204b198 (annotated)
security/nss/lib/crmf/crmfi.h
Wed, 31 Dec 2014 06:09:35 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 31 Dec 2014 06:09:35 +0100
- changeset 0
- 6474c204b198
- permissions
- -rw-r--r--
Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.
| michael@0 | 1 | /* -*- Mode: C; tab-width: 8 -*-*/ |
| michael@0 | 2 | /* This Source Code Form is subject to the terms of the Mozilla Public |
| michael@0 | 3 | * License, v. 2.0. If a copy of the MPL was not distributed with this |
| michael@0 | 4 | * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| michael@0 | 5 | |
| michael@0 | 6 | |
| michael@0 | 7 | #ifndef _CRMFI_H_ |
| michael@0 | 8 | #define _CRMFI_H_ |
| michael@0 | 9 | /* This file will contain all declarations common to both |
| michael@0 | 10 | * encoding and decoding of CRMF Cert Requests. This header |
| michael@0 | 11 | * file should only be included internally by CRMF implementation |
| michael@0 | 12 | * files. |
| michael@0 | 13 | */ |
| michael@0 | 14 | #include "secasn1.h" |
| michael@0 | 15 | #include "crmfit.h" |
| michael@0 | 16 | #include "secerr.h" |
| michael@0 | 17 | #include "blapit.h" |
| michael@0 | 18 | |
| michael@0 | 19 | #define CRMF_DEFAULT_ARENA_SIZE 1024 |
| michael@0 | 20 | |
| michael@0 | 21 | /* |
| michael@0 | 22 | * Explanation for the definition of MAX_WRAPPED_KEY_LEN: |
| michael@0 | 23 | * |
| michael@0 | 24 | * It's used for internal buffers to transport a wrapped private key. |
| michael@0 | 25 | * The value is in BYTES. |
| michael@0 | 26 | * We want to define a reasonable upper bound for this value. |
| michael@0 | 27 | * Ideally this could be calculated, but in order to simplify the code |
| michael@0 | 28 | * we want to estimate the maximum requires size. |
| michael@0 | 29 | * See also bug 655850 for the full explanation. |
| michael@0 | 30 | * |
| michael@0 | 31 | * We know the largest wrapped keys are RSA keys. |
| michael@0 | 32 | * We'll estimate the maximum size needed for wrapped RSA keys, |
| michael@0 | 33 | * and assume it's sufficient for wrapped keys of any type we support. |
| michael@0 | 34 | * |
| michael@0 | 35 | * The maximum size of RSA keys in bits is defined elsewhere as |
| michael@0 | 36 | * RSA_MAX_MODULUS_BITS |
| michael@0 | 37 | * |
| michael@0 | 38 | * The idea is to define MAX_WRAPPED_KEY_LEN based on the above. |
| michael@0 | 39 | * |
| michael@0 | 40 | * A wrapped RSA key requires about |
| michael@0 | 41 | * ( ( RSA_MAX_MODULUS_BITS / 8 ) * 5.5) + 65 |
| michael@0 | 42 | * bytes. |
| michael@0 | 43 | * |
| michael@0 | 44 | * Therefore, a safe upper bound is: |
| michael@0 | 45 | * ( ( RSA_MAX_MODULUS_BITS / 8 ) *8 ) = RSA_MAX_MODULUS_BITS |
| michael@0 | 46 | * |
| michael@0 | 47 | */ |
| michael@0 | 48 | #define MAX_WRAPPED_KEY_LEN RSA_MAX_MODULUS_BITS |
| michael@0 | 49 | |
| michael@0 | 50 | #define CRMF_BITS_TO_BYTES(bits) (((bits)+7)/8) |
| michael@0 | 51 | #define CRMF_BYTES_TO_BITS(bytes) ((bytes)*8) |
| michael@0 | 52 | |
| michael@0 | 53 | struct crmfEncoderArg { |
| michael@0 | 54 | SECItem *buffer; |
| michael@0 | 55 | long allocatedLen; |
| michael@0 | 56 | }; |
| michael@0 | 57 | |
| michael@0 | 58 | struct crmfEncoderOutput { |
| michael@0 | 59 | CRMFEncoderOutputCallback fn; |
| michael@0 | 60 | void *outputArg; |
| michael@0 | 61 | }; |
| michael@0 | 62 | |
| michael@0 | 63 | /* |
| michael@0 | 64 | * This function is used by the API for encoding functions that are |
| michael@0 | 65 | * exposed through the API, ie all of the CMMF_Encode* and CRMF_Encode* |
| michael@0 | 66 | * functions. |
| michael@0 | 67 | */ |
| michael@0 | 68 | extern void |
| michael@0 | 69 | crmf_encoder_out(void *arg, const char *buf, unsigned long len, |
| michael@0 | 70 | int depth, SEC_ASN1EncodingPart data_kind); |
| michael@0 | 71 | |
| michael@0 | 72 | /* |
| michael@0 | 73 | * This function is used when we want to encode something locally within |
| michael@0 | 74 | * the library, ie the CertRequest so that we can produce its signature. |
| michael@0 | 75 | */ |
| michael@0 | 76 | extern SECStatus |
| michael@0 | 77 | crmf_init_encoder_callback_arg (struct crmfEncoderArg *encoderArg, |
| michael@0 | 78 | SECItem *derDest); |
| michael@0 | 79 | |
| michael@0 | 80 | /* |
| michael@0 | 81 | * This is the callback function we feed to the ASN1 encoder when doing |
| michael@0 | 82 | * internal DER-encodings. ie, encoding the cert request so we can |
| michael@0 | 83 | * produce a signature. |
| michael@0 | 84 | */ |
| michael@0 | 85 | extern void |
| michael@0 | 86 | crmf_generic_encoder_callback(void *arg, const char* buf, unsigned long len, |
| michael@0 | 87 | int depth, SEC_ASN1EncodingPart data_kind); |
| michael@0 | 88 | |
| michael@0 | 89 | /* The ASN1 templates that need to be seen by internal files |
| michael@0 | 90 | * in order to implement CRMF. |
| michael@0 | 91 | */ |
| michael@0 | 92 | extern const SEC_ASN1Template CRMFCertReqMsgTemplate[]; |
| michael@0 | 93 | extern const SEC_ASN1Template CRMFRAVerifiedTemplate[]; |
| michael@0 | 94 | extern const SEC_ASN1Template CRMFPOPOSigningKeyTemplate[]; |
| michael@0 | 95 | extern const SEC_ASN1Template CRMFPOPOKeyEnciphermentTemplate[]; |
| michael@0 | 96 | extern const SEC_ASN1Template CRMFPOPOKeyAgreementTemplate[]; |
| michael@0 | 97 | extern const SEC_ASN1Template CRMFThisMessageTemplate[]; |
| michael@0 | 98 | extern const SEC_ASN1Template CRMFSubsequentMessageTemplate[]; |
| michael@0 | 99 | extern const SEC_ASN1Template CRMFDHMACTemplate[]; |
| michael@0 | 100 | extern const SEC_ASN1Template CRMFEncryptedKeyWithEncryptedValueTemplate[]; |
| michael@0 | 101 | extern const SEC_ASN1Template CRMFEncryptedValueTemplate[]; |
| michael@0 | 102 | |
| michael@0 | 103 | /* |
| michael@0 | 104 | * Use these two values for encoding Boolean values. |
| michael@0 | 105 | */ |
| michael@0 | 106 | extern const unsigned char hexTrue; |
| michael@0 | 107 | extern const unsigned char hexFalse; |
| michael@0 | 108 | /* |
| michael@0 | 109 | * Prototypes for helper routines used internally by multiple files. |
| michael@0 | 110 | */ |
| michael@0 | 111 | extern SECStatus crmf_encode_integer(PLArenaPool *poolp, SECItem *dest, |
| michael@0 | 112 | long value); |
| michael@0 | 113 | extern SECStatus crmf_make_bitstring_copy(PLArenaPool *arena, SECItem *dest, |
| michael@0 | 114 | SECItem *src); |
| michael@0 | 115 | |
| michael@0 | 116 | extern SECStatus crmf_copy_pkiarchiveoptions(PLArenaPool *poolp, |
| michael@0 | 117 | CRMFPKIArchiveOptions *destOpt, |
| michael@0 | 118 | CRMFPKIArchiveOptions *srcOpt); |
| michael@0 | 119 | extern SECStatus |
| michael@0 | 120 | crmf_destroy_pkiarchiveoptions(CRMFPKIArchiveOptions *inArchOptions, |
| michael@0 | 121 | PRBool freeit); |
| michael@0 | 122 | extern const SEC_ASN1Template* |
| michael@0 | 123 | crmf_get_pkiarchiveoptions_subtemplate(CRMFControl *inControl); |
| michael@0 | 124 | |
| michael@0 | 125 | extern SECStatus crmf_copy_encryptedkey(PLArenaPool *poolp, |
| michael@0 | 126 | CRMFEncryptedKey *srcEncrKey, |
| michael@0 | 127 | CRMFEncryptedKey *destEncrKey); |
| michael@0 | 128 | extern SECStatus |
| michael@0 | 129 | crmf_copy_encryptedvalue(PLArenaPool *poolp, |
| michael@0 | 130 | CRMFEncryptedValue *srcValue, |
| michael@0 | 131 | CRMFEncryptedValue *destValue); |
| michael@0 | 132 | |
| michael@0 | 133 | extern SECStatus |
| michael@0 | 134 | crmf_copy_encryptedvalue_secalg(PLArenaPool *poolp, |
| michael@0 | 135 | SECAlgorithmID *srcAlgId, |
| michael@0 | 136 | SECAlgorithmID **destAlgId); |
| michael@0 | 137 | |
| michael@0 | 138 | extern SECStatus crmf_template_copy_secalg(PLArenaPool *poolp, |
| michael@0 | 139 | SECAlgorithmID **dest, |
| michael@0 | 140 | SECAlgorithmID *src); |
| michael@0 | 141 | |
| michael@0 | 142 | extern SECStatus crmf_copy_cert_name(PLArenaPool *poolp, CERTName **dest, |
| michael@0 | 143 | CERTName *src); |
| michael@0 | 144 | |
| michael@0 | 145 | extern SECStatus crmf_template_add_public_key(PLArenaPool *poolp, |
| michael@0 | 146 | CERTSubjectPublicKeyInfo **dest, |
| michael@0 | 147 | CERTSubjectPublicKeyInfo *pubKey); |
| michael@0 | 148 | |
| michael@0 | 149 | extern CRMFCertExtension* crmf_create_cert_extension(PLArenaPool *poolp, |
| michael@0 | 150 | SECOidTag tag, |
| michael@0 | 151 | PRBool isCritical, |
| michael@0 | 152 | SECItem *data); |
| michael@0 | 153 | extern CRMFCertRequest* |
| michael@0 | 154 | crmf_copy_cert_request(PLArenaPool *poolp, CRMFCertRequest *srcReq); |
| michael@0 | 155 | |
| michael@0 | 156 | extern SECStatus crmf_destroy_encrypted_value(CRMFEncryptedValue *inEncrValue, |
| michael@0 | 157 | PRBool freeit); |
| michael@0 | 158 | |
| michael@0 | 159 | extern CRMFEncryptedValue * |
| michael@0 | 160 | crmf_create_encrypted_value_wrapped_privkey(SECKEYPrivateKey *inPrivKey, |
| michael@0 | 161 | SECKEYPublicKey *inPubKey, |
| michael@0 | 162 | CRMFEncryptedValue *destValue); |
| michael@0 | 163 | |
| michael@0 | 164 | extern CK_MECHANISM_TYPE |
| michael@0 | 165 | crmf_get_mechanism_from_public_key(SECKEYPublicKey *inPubKey); |
| michael@0 | 166 | |
| michael@0 | 167 | extern SECStatus |
| michael@0 | 168 | crmf_encrypted_value_unwrap_priv_key(PLArenaPool *poolp, |
| michael@0 | 169 | CRMFEncryptedValue *encValue, |
| michael@0 | 170 | SECKEYPrivateKey *privKey, |
| michael@0 | 171 | SECKEYPublicKey *newPubKey, |
| michael@0 | 172 | SECItem *nickname, |
| michael@0 | 173 | PK11SlotInfo *slot, |
| michael@0 | 174 | unsigned char keyUsage, |
| michael@0 | 175 | SECKEYPrivateKey **unWrappedKey, |
| michael@0 | 176 | void *wincx); |
| michael@0 | 177 | |
| michael@0 | 178 | extern SECItem* |
| michael@0 | 179 | crmf_get_public_value(SECKEYPublicKey *pubKey, SECItem *dest); |
| michael@0 | 180 | |
| michael@0 | 181 | extern CRMFCertExtension* |
| michael@0 | 182 | crmf_copy_cert_extension(PLArenaPool *poolp, CRMFCertExtension *inExtension); |
| michael@0 | 183 | |
| michael@0 | 184 | extern SECStatus |
| michael@0 | 185 | crmf_create_prtime(SECItem *src, PRTime **dest); |
| michael@0 | 186 | #endif /*_CRMFI_H_*/ |
