The Tor Browser: security/nss/lib/crmf/crmfi.h@b8a032363ba2 (annotated)

security/nss/lib/crmf/crmfi.h@b8a032363ba2 (annotated)

security/nss/lib/crmf/crmfi.h

Thu, 22 Jan 2015 13:21:57 +0100

author: Michael Schloh von Bennewitz <michael@schloh.com>
date: Thu, 22 Jan 2015 13:21:57 +0100
branch: TOR_BUG_9701
changeset 15: b8a032363ba2
permissions: -rw-r--r--

Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6

 /* -*- Mode: C; tab-width: 8 -*-*/
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 #ifndef _CRMFI_H_
 #define _CRMFI_H_
 /* This file will contain all declarations common to both
  * encoding and decoding of CRMF Cert Requests.  This header
  * file should only be included internally by CRMF implementation
  * files.
  */
 #include "secasn1.h"
 #include "crmfit.h"
 #include "secerr.h"
 #include "blapit.h"
 #define CRMF_DEFAULT_ARENA_SIZE   1024
 /*
  * Explanation for the definition of MAX_WRAPPED_KEY_LEN:
  *
  * It's used for internal buffers to transport a wrapped private key.
  * The value is in BYTES.
  * We want to define a reasonable upper bound for this value.
  * Ideally this could be calculated, but in order to simplify the code
  * we want to estimate the maximum requires size.
  * See also bug 655850 for the full explanation.
  *
  * We know the largest wrapped keys are RSA keys.
  * We'll estimate the maximum size needed for wrapped RSA keys,
  * and assume it's sufficient for wrapped keys of any type we support.
  *
  * The maximum size of RSA keys in bits is defined elsewhere as
  *   RSA_MAX_MODULUS_BITS
  *
  * The idea is to define MAX_WRAPPED_KEY_LEN based on the above.
  *
  * A wrapped RSA key requires about
  *   ( ( RSA_MAX_MODULUS_BITS / 8 ) * 5.5) + 65
  * bytes.
  *
  * Therefore, a safe upper bound is:
  *   ( ( RSA_MAX_MODULUS_BITS / 8 ) *8 ) = RSA_MAX_MODULUS_BITS
  *
  */
 #define MAX_WRAPPED_KEY_LEN       RSA_MAX_MODULUS_BITS
 #define CRMF_BITS_TO_BYTES(bits) (((bits)+7)/8)
 #define CRMF_BYTES_TO_BITS(bytes) ((bytes)*8)
 struct crmfEncoderArg {
     SECItem *buffer;
     long     allocatedLen;
 };
 struct crmfEncoderOutput {
     CRMFEncoderOutputCallback fn;
     void *outputArg;
 };
 /*
  * This function is used by the API for encoding functions that are
  * exposed through the API, ie all of the CMMF_Encode* and CRMF_Encode*
  * functions.
  */
 extern void
        crmf_encoder_out(void *arg, const char *buf, unsigned long len,
                         int depth, SEC_ASN1EncodingPart data_kind);
 /*
  * This function is used when we want to encode something locally within
  * the library, ie the CertRequest so that we can produce its signature.
  */
 extern SECStatus
        crmf_init_encoder_callback_arg (struct crmfEncoderArg *encoderArg,
 				       SECItem               *derDest);
 /*
  * This is the callback function we feed to the ASN1 encoder when doing
  * internal DER-encodings.  ie, encoding the cert request so we can
  * produce a signature.
  */
 extern void
 crmf_generic_encoder_callback(void *arg, const char* buf, unsigned long len,
 			      int depth, SEC_ASN1EncodingPart data_kind);
 /* The ASN1 templates that need to be seen by internal files
  * in order to implement CRMF.
  */
 extern const SEC_ASN1Template CRMFCertReqMsgTemplate[];
 extern const SEC_ASN1Template CRMFRAVerifiedTemplate[];
 extern const SEC_ASN1Template CRMFPOPOSigningKeyTemplate[];
 extern const SEC_ASN1Template CRMFPOPOKeyEnciphermentTemplate[];
 extern const SEC_ASN1Template CRMFPOPOKeyAgreementTemplate[];
 extern const SEC_ASN1Template CRMFThisMessageTemplate[];
 extern const SEC_ASN1Template CRMFSubsequentMessageTemplate[];
 extern const SEC_ASN1Template CRMFDHMACTemplate[];
 extern const SEC_ASN1Template CRMFEncryptedKeyWithEncryptedValueTemplate[];
 extern const SEC_ASN1Template CRMFEncryptedValueTemplate[];
 /*
  * Use these two values for encoding Boolean values.
  */
 extern const unsigned char hexTrue;
 extern const unsigned char hexFalse;
 /*
  * Prototypes for helper routines used internally by multiple files.
  */
 extern SECStatus crmf_encode_integer(PLArenaPool *poolp, SECItem *dest,
 				     long value);
 extern SECStatus crmf_make_bitstring_copy(PLArenaPool *arena, SECItem *dest,
 					  SECItem *src);
 extern SECStatus crmf_copy_pkiarchiveoptions(PLArenaPool           *poolp,
 					     CRMFPKIArchiveOptions *destOpt,
 					     CRMFPKIArchiveOptions *srcOpt);
 extern SECStatus
        crmf_destroy_pkiarchiveoptions(CRMFPKIArchiveOptions *inArchOptions,
 				      PRBool                 freeit);
 extern const SEC_ASN1Template*
        crmf_get_pkiarchiveoptions_subtemplate(CRMFControl *inControl);
 extern SECStatus crmf_copy_encryptedkey(PLArenaPool       *poolp,
 					CRMFEncryptedKey  *srcEncrKey,
 					CRMFEncryptedKey  *destEncrKey);
 extern SECStatus
 crmf_copy_encryptedvalue(PLArenaPool        *poolp,
 			 CRMFEncryptedValue *srcValue,
 			 CRMFEncryptedValue *destValue);
 extern SECStatus
 crmf_copy_encryptedvalue_secalg(PLArenaPool     *poolp,
 				SECAlgorithmID  *srcAlgId,
 				SECAlgorithmID **destAlgId);
 extern SECStatus crmf_template_copy_secalg(PLArenaPool *poolp,
 					   SECAlgorithmID **dest,
 					   SECAlgorithmID *src);
 extern SECStatus crmf_copy_cert_name(PLArenaPool *poolp, CERTName **dest,
 				     CERTName *src);
 extern SECStatus crmf_template_add_public_key(PLArenaPool               *poolp,
 					      CERTSubjectPublicKeyInfo **dest,
 					      CERTSubjectPublicKeyInfo  *pubKey);
 extern CRMFCertExtension* crmf_create_cert_extension(PLArenaPool *poolp,
 						     SECOidTag    tag,
 						     PRBool       isCritical,
 						     SECItem     *data);
 extern CRMFCertRequest*
 crmf_copy_cert_request(PLArenaPool *poolp, CRMFCertRequest *srcReq);
 extern SECStatus crmf_destroy_encrypted_value(CRMFEncryptedValue *inEncrValue,
 					      PRBool freeit);
 extern CRMFEncryptedValue *
 crmf_create_encrypted_value_wrapped_privkey(SECKEYPrivateKey   *inPrivKey,
 					    SECKEYPublicKey    *inPubKey,
 					    CRMFEncryptedValue *destValue);
 extern CK_MECHANISM_TYPE
        crmf_get_mechanism_from_public_key(SECKEYPublicKey *inPubKey);
 extern SECStatus
 crmf_encrypted_value_unwrap_priv_key(PLArenaPool        *poolp,
 				     CRMFEncryptedValue *encValue,
 				     SECKEYPrivateKey   *privKey,
 				     SECKEYPublicKey    *newPubKey,
 				     SECItem            *nickname,
 				     PK11SlotInfo       *slot,
 				     unsigned char       keyUsage,
 				     SECKEYPrivateKey  **unWrappedKey,
 				     void               *wincx);
 extern SECItem*
 crmf_get_public_value(SECKEYPublicKey *pubKey, SECItem *dest);
 extern CRMFCertExtension*
 crmf_copy_cert_extension(PLArenaPool *poolp, CRMFCertExtension *inExtension);
 extern SECStatus
 crmf_create_prtime(SECItem *src, PRTime **dest);
 #endif /*_CRMFI_H_*/

The Tor Browser / annotate

security/nss/lib/crmf/crmfi.h@b8a032363ba2 (annotated)

security/nss/lib/crmf/crmfi.h