1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/nss/lib/crmf/crmfi.h Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,186 @@
1.4 +/* -*- Mode: C; tab-width: 8 -*-*/
1.5 +/* This Source Code Form is subject to the terms of the Mozilla Public
1.6 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.7 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.8 +
1.9 +
1.10 +#ifndef _CRMFI_H_
1.11 +#define _CRMFI_H_
1.12 +/* This file will contain all declarations common to both
1.13 + * encoding and decoding of CRMF Cert Requests. This header
1.14 + * file should only be included internally by CRMF implementation
1.15 + * files.
1.16 + */
1.17 +#include "secasn1.h"
1.18 +#include "crmfit.h"
1.19 +#include "secerr.h"
1.20 +#include "blapit.h"
1.21 +
1.22 +#define CRMF_DEFAULT_ARENA_SIZE 1024
1.23 +
1.24 +/*
1.25 + * Explanation for the definition of MAX_WRAPPED_KEY_LEN:
1.26 + *
1.27 + * It's used for internal buffers to transport a wrapped private key.
1.28 + * The value is in BYTES.
1.29 + * We want to define a reasonable upper bound for this value.
1.30 + * Ideally this could be calculated, but in order to simplify the code
1.31 + * we want to estimate the maximum requires size.
1.32 + * See also bug 655850 for the full explanation.
1.33 + *
1.34 + * We know the largest wrapped keys are RSA keys.
1.35 + * We'll estimate the maximum size needed for wrapped RSA keys,
1.36 + * and assume it's sufficient for wrapped keys of any type we support.
1.37 + *
1.38 + * The maximum size of RSA keys in bits is defined elsewhere as
1.39 + * RSA_MAX_MODULUS_BITS
1.40 + *
1.41 + * The idea is to define MAX_WRAPPED_KEY_LEN based on the above.
1.42 + *
1.43 + * A wrapped RSA key requires about
1.44 + * ( ( RSA_MAX_MODULUS_BITS / 8 ) * 5.5) + 65
1.45 + * bytes.
1.46 + *
1.47 + * Therefore, a safe upper bound is:
1.48 + * ( ( RSA_MAX_MODULUS_BITS / 8 ) *8 ) = RSA_MAX_MODULUS_BITS
1.49 + *
1.50 + */
1.51 +#define MAX_WRAPPED_KEY_LEN RSA_MAX_MODULUS_BITS
1.52 +
1.53 +#define CRMF_BITS_TO_BYTES(bits) (((bits)+7)/8)
1.54 +#define CRMF_BYTES_TO_BITS(bytes) ((bytes)*8)
1.55 +
1.56 +struct crmfEncoderArg {
1.57 + SECItem *buffer;
1.58 + long allocatedLen;
1.59 +};
1.60 +
1.61 +struct crmfEncoderOutput {
1.62 + CRMFEncoderOutputCallback fn;
1.63 + void *outputArg;
1.64 +};
1.65 +
1.66 +/*
1.67 + * This function is used by the API for encoding functions that are
1.68 + * exposed through the API, ie all of the CMMF_Encode* and CRMF_Encode*
1.69 + * functions.
1.70 + */
1.71 +extern void
1.72 + crmf_encoder_out(void *arg, const char *buf, unsigned long len,
1.73 + int depth, SEC_ASN1EncodingPart data_kind);
1.74 +
1.75 +/*
1.76 + * This function is used when we want to encode something locally within
1.77 + * the library, ie the CertRequest so that we can produce its signature.
1.78 + */
1.79 +extern SECStatus
1.80 + crmf_init_encoder_callback_arg (struct crmfEncoderArg *encoderArg,
1.81 + SECItem *derDest);
1.82 +
1.83 +/*
1.84 + * This is the callback function we feed to the ASN1 encoder when doing
1.85 + * internal DER-encodings. ie, encoding the cert request so we can
1.86 + * produce a signature.
1.87 + */
1.88 +extern void
1.89 +crmf_generic_encoder_callback(void *arg, const char* buf, unsigned long len,
1.90 + int depth, SEC_ASN1EncodingPart data_kind);
1.91 +
1.92 +/* The ASN1 templates that need to be seen by internal files
1.93 + * in order to implement CRMF.
1.94 + */
1.95 +extern const SEC_ASN1Template CRMFCertReqMsgTemplate[];
1.96 +extern const SEC_ASN1Template CRMFRAVerifiedTemplate[];
1.97 +extern const SEC_ASN1Template CRMFPOPOSigningKeyTemplate[];
1.98 +extern const SEC_ASN1Template CRMFPOPOKeyEnciphermentTemplate[];
1.99 +extern const SEC_ASN1Template CRMFPOPOKeyAgreementTemplate[];
1.100 +extern const SEC_ASN1Template CRMFThisMessageTemplate[];
1.101 +extern const SEC_ASN1Template CRMFSubsequentMessageTemplate[];
1.102 +extern const SEC_ASN1Template CRMFDHMACTemplate[];
1.103 +extern const SEC_ASN1Template CRMFEncryptedKeyWithEncryptedValueTemplate[];
1.104 +extern const SEC_ASN1Template CRMFEncryptedValueTemplate[];
1.105 +
1.106 +/*
1.107 + * Use these two values for encoding Boolean values.
1.108 + */
1.109 +extern const unsigned char hexTrue;
1.110 +extern const unsigned char hexFalse;
1.111 +/*
1.112 + * Prototypes for helper routines used internally by multiple files.
1.113 + */
1.114 +extern SECStatus crmf_encode_integer(PLArenaPool *poolp, SECItem *dest,
1.115 + long value);
1.116 +extern SECStatus crmf_make_bitstring_copy(PLArenaPool *arena, SECItem *dest,
1.117 + SECItem *src);
1.118 +
1.119 +extern SECStatus crmf_copy_pkiarchiveoptions(PLArenaPool *poolp,
1.120 + CRMFPKIArchiveOptions *destOpt,
1.121 + CRMFPKIArchiveOptions *srcOpt);
1.122 +extern SECStatus
1.123 + crmf_destroy_pkiarchiveoptions(CRMFPKIArchiveOptions *inArchOptions,
1.124 + PRBool freeit);
1.125 +extern const SEC_ASN1Template*
1.126 + crmf_get_pkiarchiveoptions_subtemplate(CRMFControl *inControl);
1.127 +
1.128 +extern SECStatus crmf_copy_encryptedkey(PLArenaPool *poolp,
1.129 + CRMFEncryptedKey *srcEncrKey,
1.130 + CRMFEncryptedKey *destEncrKey);
1.131 +extern SECStatus
1.132 +crmf_copy_encryptedvalue(PLArenaPool *poolp,
1.133 + CRMFEncryptedValue *srcValue,
1.134 + CRMFEncryptedValue *destValue);
1.135 +
1.136 +extern SECStatus
1.137 +crmf_copy_encryptedvalue_secalg(PLArenaPool *poolp,
1.138 + SECAlgorithmID *srcAlgId,
1.139 + SECAlgorithmID **destAlgId);
1.140 +
1.141 +extern SECStatus crmf_template_copy_secalg(PLArenaPool *poolp,
1.142 + SECAlgorithmID **dest,
1.143 + SECAlgorithmID *src);
1.144 +
1.145 +extern SECStatus crmf_copy_cert_name(PLArenaPool *poolp, CERTName **dest,
1.146 + CERTName *src);
1.147 +
1.148 +extern SECStatus crmf_template_add_public_key(PLArenaPool *poolp,
1.149 + CERTSubjectPublicKeyInfo **dest,
1.150 + CERTSubjectPublicKeyInfo *pubKey);
1.151 +
1.152 +extern CRMFCertExtension* crmf_create_cert_extension(PLArenaPool *poolp,
1.153 + SECOidTag tag,
1.154 + PRBool isCritical,
1.155 + SECItem *data);
1.156 +extern CRMFCertRequest*
1.157 +crmf_copy_cert_request(PLArenaPool *poolp, CRMFCertRequest *srcReq);
1.158 +
1.159 +extern SECStatus crmf_destroy_encrypted_value(CRMFEncryptedValue *inEncrValue,
1.160 + PRBool freeit);
1.161 +
1.162 +extern CRMFEncryptedValue *
1.163 +crmf_create_encrypted_value_wrapped_privkey(SECKEYPrivateKey *inPrivKey,
1.164 + SECKEYPublicKey *inPubKey,
1.165 + CRMFEncryptedValue *destValue);
1.166 +
1.167 +extern CK_MECHANISM_TYPE
1.168 + crmf_get_mechanism_from_public_key(SECKEYPublicKey *inPubKey);
1.169 +
1.170 +extern SECStatus
1.171 +crmf_encrypted_value_unwrap_priv_key(PLArenaPool *poolp,
1.172 + CRMFEncryptedValue *encValue,
1.173 + SECKEYPrivateKey *privKey,
1.174 + SECKEYPublicKey *newPubKey,
1.175 + SECItem *nickname,
1.176 + PK11SlotInfo *slot,
1.177 + unsigned char keyUsage,
1.178 + SECKEYPrivateKey **unWrappedKey,
1.179 + void *wincx);
1.180 +
1.181 +extern SECItem*
1.182 +crmf_get_public_value(SECKEYPublicKey *pubKey, SECItem *dest);
1.183 +
1.184 +extern CRMFCertExtension*
1.185 +crmf_copy_cert_extension(PLArenaPool *poolp, CRMFCertExtension *inExtension);
1.186 +
1.187 +extern SECStatus
1.188 +crmf_create_prtime(SECItem *src, PRTime **dest);
1.189 +#endif /*_CRMFI_H_*/
