The Tor Browser / file comparison
comparison: security/nss/lib/crmf/crmfi.h
security/nss/lib/crmf/crmfi.h
- changeset 0
- 6474c204b198
equal
deleted
inserted
replaced
| -1:000000000000 | 0:91f162823a2c |
|---|---|
| 1 /* -*- Mode: C; tab-width: 8 -*-*/ | |
| 2 /* This Source Code Form is subject to the terms of the Mozilla Public | |
| 3 * License, v. 2.0. If a copy of the MPL was not distributed with this | |
| 4 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | |
| 5 | |
| 6 | |
| 7 #ifndef _CRMFI_H_ | |
| 8 #define _CRMFI_H_ | |
| 9 /* This file will contain all declarations common to both | |
| 10 * encoding and decoding of CRMF Cert Requests. This header | |
| 11 * file should only be included internally by CRMF implementation | |
| 12 * files. | |
| 13 */ | |
| 14 #include "secasn1.h" | |
| 15 #include "crmfit.h" | |
| 16 #include "secerr.h" | |
| 17 #include "blapit.h" | |
| 18 | |
| 19 #define CRMF_DEFAULT_ARENA_SIZE 1024 | |
| 20 | |
| 21 /* | |
| 22 * Explanation for the definition of MAX_WRAPPED_KEY_LEN: | |
| 23 * | |
| 24 * It's used for internal buffers to transport a wrapped private key. | |
| 25 * The value is in BYTES. | |
| 26 * We want to define a reasonable upper bound for this value. | |
| 27 * Ideally this could be calculated, but in order to simplify the code | |
| 28 * we want to estimate the maximum requires size. | |
| 29 * See also bug 655850 for the full explanation. | |
| 30 * | |
| 31 * We know the largest wrapped keys are RSA keys. | |
| 32 * We'll estimate the maximum size needed for wrapped RSA keys, | |
| 33 * and assume it's sufficient for wrapped keys of any type we support. | |
| 34 * | |
| 35 * The maximum size of RSA keys in bits is defined elsewhere as | |
| 36 * RSA_MAX_MODULUS_BITS | |
| 37 * | |
| 38 * The idea is to define MAX_WRAPPED_KEY_LEN based on the above. | |
| 39 * | |
| 40 * A wrapped RSA key requires about | |
| 41 * ( ( RSA_MAX_MODULUS_BITS / 8 ) * 5.5) + 65 | |
| 42 * bytes. | |
| 43 * | |
| 44 * Therefore, a safe upper bound is: | |
| 45 * ( ( RSA_MAX_MODULUS_BITS / 8 ) *8 ) = RSA_MAX_MODULUS_BITS | |
| 46 * | |
| 47 */ | |
| 48 #define MAX_WRAPPED_KEY_LEN RSA_MAX_MODULUS_BITS | |
| 49 | |
| 50 #define CRMF_BITS_TO_BYTES(bits) (((bits)+7)/8) | |
| 51 #define CRMF_BYTES_TO_BITS(bytes) ((bytes)*8) | |
| 52 | |
| 53 struct crmfEncoderArg { | |
| 54 SECItem *buffer; | |
| 55 long allocatedLen; | |
| 56 }; | |
| 57 | |
| 58 struct crmfEncoderOutput { | |
| 59 CRMFEncoderOutputCallback fn; | |
| 60 void *outputArg; | |
| 61 }; | |
| 62 | |
| 63 /* | |
| 64 * This function is used by the API for encoding functions that are | |
| 65 * exposed through the API, ie all of the CMMF_Encode* and CRMF_Encode* | |
| 66 * functions. | |
| 67 */ | |
| 68 extern void | |
| 69 crmf_encoder_out(void *arg, const char *buf, unsigned long len, | |
| 70 int depth, SEC_ASN1EncodingPart data_kind); | |
| 71 | |
| 72 /* | |
| 73 * This function is used when we want to encode something locally within | |
| 74 * the library, ie the CertRequest so that we can produce its signature. | |
| 75 */ | |
| 76 extern SECStatus | |
| 77 crmf_init_encoder_callback_arg (struct crmfEncoderArg *encoderArg, | |
| 78 SECItem *derDest); | |
| 79 | |
| 80 /* | |
| 81 * This is the callback function we feed to the ASN1 encoder when doing | |
| 82 * internal DER-encodings. ie, encoding the cert request so we can | |
| 83 * produce a signature. | |
| 84 */ | |
| 85 extern void | |
| 86 crmf_generic_encoder_callback(void *arg, const char* buf, unsigned long len, | |
| 87 int depth, SEC_ASN1EncodingPart data_kind); | |
| 88 | |
| 89 /* The ASN1 templates that need to be seen by internal files | |
| 90 * in order to implement CRMF. | |
| 91 */ | |
| 92 extern const SEC_ASN1Template CRMFCertReqMsgTemplate[]; | |
| 93 extern const SEC_ASN1Template CRMFRAVerifiedTemplate[]; | |
| 94 extern const SEC_ASN1Template CRMFPOPOSigningKeyTemplate[]; | |
| 95 extern const SEC_ASN1Template CRMFPOPOKeyEnciphermentTemplate[]; | |
| 96 extern const SEC_ASN1Template CRMFPOPOKeyAgreementTemplate[]; | |
| 97 extern const SEC_ASN1Template CRMFThisMessageTemplate[]; | |
| 98 extern const SEC_ASN1Template CRMFSubsequentMessageTemplate[]; | |
| 99 extern const SEC_ASN1Template CRMFDHMACTemplate[]; | |
| 100 extern const SEC_ASN1Template CRMFEncryptedKeyWithEncryptedValueTemplate[]; | |
| 101 extern const SEC_ASN1Template CRMFEncryptedValueTemplate[]; | |
| 102 | |
| 103 /* | |
| 104 * Use these two values for encoding Boolean values. | |
| 105 */ | |
| 106 extern const unsigned char hexTrue; | |
| 107 extern const unsigned char hexFalse; | |
| 108 /* | |
| 109 * Prototypes for helper routines used internally by multiple files. | |
| 110 */ | |
| 111 extern SECStatus crmf_encode_integer(PLArenaPool *poolp, SECItem *dest, | |
| 112 long value); | |
| 113 extern SECStatus crmf_make_bitstring_copy(PLArenaPool *arena, SECItem *dest, | |
| 114 SECItem *src); | |
| 115 | |
| 116 extern SECStatus crmf_copy_pkiarchiveoptions(PLArenaPool *poolp, | |
| 117 CRMFPKIArchiveOptions *destOpt, | |
| 118 CRMFPKIArchiveOptions *srcOpt); | |
| 119 extern SECStatus | |
| 120 crmf_destroy_pkiarchiveoptions(CRMFPKIArchiveOptions *inArchOptions, | |
| 121 PRBool freeit); | |
| 122 extern const SEC_ASN1Template* | |
| 123 crmf_get_pkiarchiveoptions_subtemplate(CRMFControl *inControl); | |
| 124 | |
| 125 extern SECStatus crmf_copy_encryptedkey(PLArenaPool *poolp, | |
| 126 CRMFEncryptedKey *srcEncrKey, | |
| 127 CRMFEncryptedKey *destEncrKey); | |
| 128 extern SECStatus | |
| 129 crmf_copy_encryptedvalue(PLArenaPool *poolp, | |
| 130 CRMFEncryptedValue *srcValue, | |
| 131 CRMFEncryptedValue *destValue); | |
| 132 | |
| 133 extern SECStatus | |
| 134 crmf_copy_encryptedvalue_secalg(PLArenaPool *poolp, | |
| 135 SECAlgorithmID *srcAlgId, | |
| 136 SECAlgorithmID **destAlgId); | |
| 137 | |
| 138 extern SECStatus crmf_template_copy_secalg(PLArenaPool *poolp, | |
| 139 SECAlgorithmID **dest, | |
| 140 SECAlgorithmID *src); | |
| 141 | |
| 142 extern SECStatus crmf_copy_cert_name(PLArenaPool *poolp, CERTName **dest, | |
| 143 CERTName *src); | |
| 144 | |
| 145 extern SECStatus crmf_template_add_public_key(PLArenaPool *poolp, | |
| 146 CERTSubjectPublicKeyInfo **dest, | |
| 147 CERTSubjectPublicKeyInfo *pubKey); | |
| 148 | |
| 149 extern CRMFCertExtension* crmf_create_cert_extension(PLArenaPool *poolp, | |
| 150 SECOidTag tag, | |
| 151 PRBool isCritical, | |
| 152 SECItem *data); | |
| 153 extern CRMFCertRequest* | |
| 154 crmf_copy_cert_request(PLArenaPool *poolp, CRMFCertRequest *srcReq); | |
| 155 | |
| 156 extern SECStatus crmf_destroy_encrypted_value(CRMFEncryptedValue *inEncrValue, | |
| 157 PRBool freeit); | |
| 158 | |
| 159 extern CRMFEncryptedValue * | |
| 160 crmf_create_encrypted_value_wrapped_privkey(SECKEYPrivateKey *inPrivKey, | |
| 161 SECKEYPublicKey *inPubKey, | |
| 162 CRMFEncryptedValue *destValue); | |
| 163 | |
| 164 extern CK_MECHANISM_TYPE | |
| 165 crmf_get_mechanism_from_public_key(SECKEYPublicKey *inPubKey); | |
| 166 | |
| 167 extern SECStatus | |
| 168 crmf_encrypted_value_unwrap_priv_key(PLArenaPool *poolp, | |
| 169 CRMFEncryptedValue *encValue, | |
| 170 SECKEYPrivateKey *privKey, | |
| 171 SECKEYPublicKey *newPubKey, | |
| 172 SECItem *nickname, | |
| 173 PK11SlotInfo *slot, | |
| 174 unsigned char keyUsage, | |
| 175 SECKEYPrivateKey **unWrappedKey, | |
| 176 void *wincx); | |
| 177 | |
| 178 extern SECItem* | |
| 179 crmf_get_public_value(SECKEYPublicKey *pubKey, SECItem *dest); | |
| 180 | |
| 181 extern CRMFCertExtension* | |
| 182 crmf_copy_cert_extension(PLArenaPool *poolp, CRMFCertExtension *inExtension); | |
| 183 | |
| 184 extern SECStatus | |
| 185 crmf_create_prtime(SECItem *src, PRTime **dest); | |
| 186 #endif /*_CRMFI_H_*/ |
