1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/nss/lib/ckfw/capi/ckcapi.h Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,271 @@
1.4 +/* This Source Code Form is subject to the terms of the Mozilla Public
1.5 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.6 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.7 +
1.8 +#ifndef CKCAPI_H
1.9 +#define CKCAPI_H 1
1.10 +
1.11 +#include "nssckmdt.h"
1.12 +#include "nssckfw.h"
1.13 +
1.14 +/*
1.15 + * I'm including this for access to the arena functions.
1.16 + * Looks like we should publish that API.
1.17 + */
1.18 +#ifndef BASE_H
1.19 +#include "base.h"
1.20 +#endif /* BASE_H */
1.21 +
1.22 +/*
1.23 + * This is where the Netscape extensions live, at least for now.
1.24 + */
1.25 +#ifndef CKT_H
1.26 +#include "ckt.h"
1.27 +#endif /* CKT_H */
1.28 +
1.29 +#include "wtypes.h"
1.30 +#include "wincrypt.h"
1.31 +
1.32 +/*
1.33 + * statically defined raw objects. Allows us to data description objects
1.34 + * to this PKCS #11 module.
1.35 + */
1.36 +struct ckcapiRawObjectStr {
1.37 + CK_ULONG n;
1.38 + const CK_ATTRIBUTE_TYPE *types;
1.39 + const NSSItem *items;
1.40 +};
1.41 +typedef struct ckcapiRawObjectStr ckcapiRawObject;
1.42 +
1.43 +
1.44 +/*
1.45 + * common values needed for both bare keys and cert referenced keys.
1.46 + */
1.47 +struct ckcapiKeyParamsStr {
1.48 + NSSItem modulus;
1.49 + NSSItem exponent;
1.50 + NSSItem privateExponent;
1.51 + NSSItem prime1;
1.52 + NSSItem prime2;
1.53 + NSSItem exponent1;
1.54 + NSSItem exponent2;
1.55 + NSSItem coefficient;
1.56 + unsigned char publicExponentData[sizeof(CK_ULONG)];
1.57 + void *privateKey;
1.58 + void *pubKey;
1.59 +};
1.60 +typedef struct ckcapiKeyParamsStr ckcapiKeyParams;
1.61 +
1.62 +/*
1.63 + * Key objects. Handles bare keys which do not yet have certs associated
1.64 + * with them. These are usually short lived, but may exist for several days
1.65 + * while the CA is issuing the certificate.
1.66 + */
1.67 +struct ckcapiKeyObjectStr {
1.68 + CRYPT_KEY_PROV_INFO provInfo;
1.69 + char *provName;
1.70 + char *containerName;
1.71 + HCRYPTPROV hProv;
1.72 + ckcapiKeyParams key;
1.73 +};
1.74 +typedef struct ckcapiKeyObjectStr ckcapiKeyObject;
1.75 +
1.76 +/*
1.77 + * Certificate and certificate referenced keys.
1.78 + */
1.79 +struct ckcapiCertObjectStr {
1.80 + PCCERT_CONTEXT certContext;
1.81 + PRBool hasID;
1.82 + const char *certStore;
1.83 + NSSItem label;
1.84 + NSSItem subject;
1.85 + NSSItem issuer;
1.86 + NSSItem serial;
1.87 + NSSItem derCert;
1.88 + ckcapiKeyParams key;
1.89 + unsigned char *labelData;
1.90 + /* static data: to do, make this dynamic like labelData */
1.91 + unsigned char derSerial[128];
1.92 +};
1.93 +typedef struct ckcapiCertObjectStr ckcapiCertObject;
1.94 +
1.95 +typedef enum {
1.96 + ckcapiRaw,
1.97 + ckcapiCert,
1.98 + ckcapiBareKey
1.99 +} ckcapiObjectType;
1.100 +
1.101 +/*
1.102 + * all the various types of objects are abstracted away in cobject and
1.103 + * cfind as ckcapiInternalObjects.
1.104 + */
1.105 +struct ckcapiInternalObjectStr {
1.106 + ckcapiObjectType type;
1.107 + union {
1.108 + ckcapiRawObject raw;
1.109 + ckcapiCertObject cert;
1.110 + ckcapiKeyObject key;
1.111 + } u;
1.112 + CK_OBJECT_CLASS objClass;
1.113 + NSSItem hashKey;
1.114 + NSSItem id;
1.115 + void *idData;
1.116 + unsigned char hashKeyData[128];
1.117 + NSSCKMDObject mdObject;
1.118 +};
1.119 +typedef struct ckcapiInternalObjectStr ckcapiInternalObject;
1.120 +
1.121 +/* our raw object data array */
1.122 +NSS_EXTERN_DATA ckcapiInternalObject nss_ckcapi_data[];
1.123 +NSS_EXTERN_DATA const PRUint32 nss_ckcapi_nObjects;
1.124 +
1.125 +NSS_EXTERN_DATA const CK_VERSION nss_ckcapi_CryptokiVersion;
1.126 +NSS_EXTERN_DATA const NSSUTF8 * nss_ckcapi_ManufacturerID;
1.127 +NSS_EXTERN_DATA const NSSUTF8 * nss_ckcapi_LibraryDescription;
1.128 +NSS_EXTERN_DATA const CK_VERSION nss_ckcapi_LibraryVersion;
1.129 +NSS_EXTERN_DATA const NSSUTF8 * nss_ckcapi_SlotDescription;
1.130 +NSS_EXTERN_DATA const CK_VERSION nss_ckcapi_HardwareVersion;
1.131 +NSS_EXTERN_DATA const CK_VERSION nss_ckcapi_FirmwareVersion;
1.132 +NSS_EXTERN_DATA const NSSUTF8 * nss_ckcapi_TokenLabel;
1.133 +NSS_EXTERN_DATA const NSSUTF8 * nss_ckcapi_TokenModel;
1.134 +NSS_EXTERN_DATA const NSSUTF8 * nss_ckcapi_TokenSerialNumber;
1.135 +
1.136 +NSS_EXTERN_DATA const NSSCKMDInstance nss_ckcapi_mdInstance;
1.137 +NSS_EXTERN_DATA const NSSCKMDSlot nss_ckcapi_mdSlot;
1.138 +NSS_EXTERN_DATA const NSSCKMDToken nss_ckcapi_mdToken;
1.139 +NSS_EXTERN_DATA const NSSCKMDMechanism nss_ckcapi_mdMechanismRSA;
1.140 +
1.141 +NSS_EXTERN NSSCKMDSession *
1.142 +nss_ckcapi_CreateSession
1.143 +(
1.144 + NSSCKFWSession *fwSession,
1.145 + CK_RV *pError
1.146 +);
1.147 +
1.148 +NSS_EXTERN NSSCKMDFindObjects *
1.149 +nss_ckcapi_FindObjectsInit
1.150 +(
1.151 + NSSCKFWSession *fwSession,
1.152 + CK_ATTRIBUTE_PTR pTemplate,
1.153 + CK_ULONG ulAttributeCount,
1.154 + CK_RV *pError
1.155 +);
1.156 +
1.157 +/*
1.158 + * Object Utilities
1.159 + */
1.160 +NSS_EXTERN NSSCKMDObject *
1.161 +nss_ckcapi_CreateMDObject
1.162 +(
1.163 + NSSArena *arena,
1.164 + ckcapiInternalObject *io,
1.165 + CK_RV *pError
1.166 +);
1.167 +
1.168 +NSS_EXTERN NSSCKMDObject *
1.169 +nss_ckcapi_CreateObject
1.170 +(
1.171 + NSSCKFWSession *fwSession,
1.172 + CK_ATTRIBUTE_PTR pTemplate,
1.173 + CK_ULONG ulAttributeCount,
1.174 + CK_RV *pError
1.175 +);
1.176 +
1.177 +NSS_EXTERN const NSSItem *
1.178 +nss_ckcapi_FetchAttribute
1.179 +(
1.180 + ckcapiInternalObject *io,
1.181 + CK_ATTRIBUTE_TYPE type
1.182 +);
1.183 +
1.184 +NSS_EXTERN void
1.185 +nss_ckcapi_DestroyInternalObject
1.186 +(
1.187 + ckcapiInternalObject *io
1.188 +);
1.189 +
1.190 +NSS_EXTERN CK_RV
1.191 +nss_ckcapi_FetchKeyContainer
1.192 +(
1.193 + ckcapiInternalObject *iKey,
1.194 + HCRYPTPROV *hProv,
1.195 + DWORD *keySpec,
1.196 + HCRYPTKEY *hKey
1.197 +);
1.198 +
1.199 +/*
1.200 + * generic utilities
1.201 + */
1.202 +
1.203 +/*
1.204 + * So everyone else in the worlds stores their bignum data MSB first, but not
1.205 + * Microsoft, we need to byte swap everything coming into and out of CAPI.
1.206 + */
1.207 +void
1.208 +ckcapi_ReverseData
1.209 +(
1.210 + NSSItem *item
1.211 +);
1.212 +
1.213 +/*
1.214 + * unwrap a single DER value
1.215 + */
1.216 +unsigned char *
1.217 +nss_ckcapi_DERUnwrap
1.218 +(
1.219 + unsigned char *src,
1.220 + unsigned int size,
1.221 + unsigned int *outSize,
1.222 + unsigned char **next
1.223 +);
1.224 +
1.225 +/*
1.226 + * Return the size in bytes of a wide string
1.227 + */
1.228 +int
1.229 +nss_ckcapi_WideSize
1.230 +(
1.231 + LPCWSTR wide
1.232 +);
1.233 +
1.234 +/*
1.235 + * Covert a Unicode wide character string to a UTF8 string
1.236 + */
1.237 +char *
1.238 +nss_ckcapi_WideToUTF8
1.239 +(
1.240 + LPCWSTR wide
1.241 +);
1.242 +
1.243 +/*
1.244 + * Return a Wide String duplicated with nss allocated memory.
1.245 + */
1.246 +LPWSTR
1.247 +nss_ckcapi_WideDup
1.248 +(
1.249 + LPCWSTR wide
1.250 +);
1.251 +
1.252 +/*
1.253 + * Covert a UTF8 string to Unicode wide character
1.254 + */
1.255 +LPWSTR
1.256 +nss_ckcapi_UTF8ToWide
1.257 +(
1.258 + char *buf
1.259 +);
1.260 +
1.261 +
1.262 +NSS_EXTERN PRUint32
1.263 +nss_ckcapi_collect_all_certs(
1.264 + CK_ATTRIBUTE_PTR pTemplate,
1.265 + CK_ULONG ulAttributeCount,
1.266 + ckcapiInternalObject ***listp,
1.267 + PRUint32 *sizep,
1.268 + PRUint32 count,
1.269 + CK_RV *pError
1.270 +);
1.271 +
1.272 +#define NSS_CKCAPI_ARRAY_SIZE(x) ((sizeof (x))/(sizeof ((x)[0])))
1.273 +
1.274 +#endif
