The Tor Browser: security/nss/lib/crmf/crmfi.h@6474c204b198

Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.

     1 /* -*- Mode: C; tab-width: 8 -*-*/

     2 /* This Source Code Form is subject to the terms of the Mozilla Public

     3  * License, v. 2.0. If a copy of the MPL was not distributed with this

     4  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

     7 #ifndef _CRMFI_H_

     8 #define _CRMFI_H_

     9 /* This file will contain all declarations common to both

    10  * encoding and decoding of CRMF Cert Requests.  This header

    11  * file should only be included internally by CRMF implementation

    12  * files.

    13  */

    14 #include "secasn1.h"

    15 #include "crmfit.h"

    16 #include "secerr.h"

    17 #include "blapit.h"

    19 #define CRMF_DEFAULT_ARENA_SIZE   1024

    21 /*

    22  * Explanation for the definition of MAX_WRAPPED_KEY_LEN:

    23  *

    24  * It's used for internal buffers to transport a wrapped private key.

    25  * The value is in BYTES.

    26  * We want to define a reasonable upper bound for this value.

    27  * Ideally this could be calculated, but in order to simplify the code

    28  * we want to estimate the maximum requires size.

    29  * See also bug 655850 for the full explanation.

    30  *

    31  * We know the largest wrapped keys are RSA keys.

    32  * We'll estimate the maximum size needed for wrapped RSA keys,

    33  * and assume it's sufficient for wrapped keys of any type we support.

    34  *

    35  * The maximum size of RSA keys in bits is defined elsewhere as

    36  *   RSA_MAX_MODULUS_BITS

    37  *

    38  * The idea is to define MAX_WRAPPED_KEY_LEN based on the above.

    39  *

    40  * A wrapped RSA key requires about

    41  *   ( ( RSA_MAX_MODULUS_BITS / 8 ) * 5.5) + 65

    42  * bytes.

    43  *

    44  * Therefore, a safe upper bound is:

    45  *   ( ( RSA_MAX_MODULUS_BITS / 8 ) *8 ) = RSA_MAX_MODULUS_BITS

    46  *

    47  */

    48 #define MAX_WRAPPED_KEY_LEN       RSA_MAX_MODULUS_BITS

    50 #define CRMF_BITS_TO_BYTES(bits) (((bits)+7)/8)

    51 #define CRMF_BYTES_TO_BITS(bytes) ((bytes)*8)

    53 struct crmfEncoderArg {

    54     SECItem *buffer;

    55     long     allocatedLen;

    56 };

    58 struct crmfEncoderOutput {

    59     CRMFEncoderOutputCallback fn;

    60     void *outputArg;

    61 };

    63 /*

    64  * This function is used by the API for encoding functions that are

    65  * exposed through the API, ie all of the CMMF_Encode* and CRMF_Encode*

    66  * functions.

    67  */

    68 extern void

    69        crmf_encoder_out(void *arg, const char *buf, unsigned long len,

    70                         int depth, SEC_ASN1EncodingPart data_kind);

    72 /*

    73  * This function is used when we want to encode something locally within

    74  * the library, ie the CertRequest so that we can produce its signature.

    75  */

    76 extern SECStatus

    77        crmf_init_encoder_callback_arg (struct crmfEncoderArg *encoderArg,

    78 				       SECItem               *derDest);

    80 /*

    81  * This is the callback function we feed to the ASN1 encoder when doing

    82  * internal DER-encodings.  ie, encoding the cert request so we can

    83  * produce a signature.

    84  */

    85 extern void

    86 crmf_generic_encoder_callback(void *arg, const char* buf, unsigned long len,

    87 			      int depth, SEC_ASN1EncodingPart data_kind);

    89 /* The ASN1 templates that need to be seen by internal files

    90  * in order to implement CRMF.

    91  */

    92 extern const SEC_ASN1Template CRMFCertReqMsgTemplate[];

    93 extern const SEC_ASN1Template CRMFRAVerifiedTemplate[];

    94 extern const SEC_ASN1Template CRMFPOPOSigningKeyTemplate[];

    95 extern const SEC_ASN1Template CRMFPOPOKeyEnciphermentTemplate[];

    96 extern const SEC_ASN1Template CRMFPOPOKeyAgreementTemplate[];

    97 extern const SEC_ASN1Template CRMFThisMessageTemplate[];

    98 extern const SEC_ASN1Template CRMFSubsequentMessageTemplate[];

    99 extern const SEC_ASN1Template CRMFDHMACTemplate[];

   100 extern const SEC_ASN1Template CRMFEncryptedKeyWithEncryptedValueTemplate[];

   101 extern const SEC_ASN1Template CRMFEncryptedValueTemplate[];

   103 /*

   104  * Use these two values for encoding Boolean values.

   105  */

   106 extern const unsigned char hexTrue;

   107 extern const unsigned char hexFalse;

   108 /*

   109  * Prototypes for helper routines used internally by multiple files.

   110  */

   111 extern SECStatus crmf_encode_integer(PLArenaPool *poolp, SECItem *dest,

   112 				     long value);

   113 extern SECStatus crmf_make_bitstring_copy(PLArenaPool *arena, SECItem *dest,

   114 					  SECItem *src);

   116 extern SECStatus crmf_copy_pkiarchiveoptions(PLArenaPool           *poolp,

   117 					     CRMFPKIArchiveOptions *destOpt,

   118 					     CRMFPKIArchiveOptions *srcOpt);

   119 extern SECStatus

   120        crmf_destroy_pkiarchiveoptions(CRMFPKIArchiveOptions *inArchOptions,

   121 				      PRBool                 freeit);

   122 extern const SEC_ASN1Template*

   123        crmf_get_pkiarchiveoptions_subtemplate(CRMFControl *inControl);

   125 extern SECStatus crmf_copy_encryptedkey(PLArenaPool       *poolp,

   126 					CRMFEncryptedKey  *srcEncrKey,

   127 					CRMFEncryptedKey  *destEncrKey);

   128 extern SECStatus

   129 crmf_copy_encryptedvalue(PLArenaPool        *poolp,

   130 			 CRMFEncryptedValue *srcValue,

   131 			 CRMFEncryptedValue *destValue);

   133 extern SECStatus

   134 crmf_copy_encryptedvalue_secalg(PLArenaPool     *poolp,

   135 				SECAlgorithmID  *srcAlgId,

   136 				SECAlgorithmID **destAlgId);

   138 extern SECStatus crmf_template_copy_secalg(PLArenaPool *poolp,

   139 					   SECAlgorithmID **dest,

   140 					   SECAlgorithmID *src);

   142 extern SECStatus crmf_copy_cert_name(PLArenaPool *poolp, CERTName **dest,

   143 				     CERTName *src);

   145 extern SECStatus crmf_template_add_public_key(PLArenaPool               *poolp,

   146 					      CERTSubjectPublicKeyInfo **dest,

   147 					      CERTSubjectPublicKeyInfo  *pubKey);

   149 extern CRMFCertExtension* crmf_create_cert_extension(PLArenaPool *poolp,

   150 						     SECOidTag    tag,

   151 						     PRBool       isCritical,

   152 						     SECItem     *data);

   153 extern CRMFCertRequest*

   154 crmf_copy_cert_request(PLArenaPool *poolp, CRMFCertRequest *srcReq);

   156 extern SECStatus crmf_destroy_encrypted_value(CRMFEncryptedValue *inEncrValue,

   157 					      PRBool freeit);

   159 extern CRMFEncryptedValue *

   160 crmf_create_encrypted_value_wrapped_privkey(SECKEYPrivateKey   *inPrivKey,

   161 					    SECKEYPublicKey    *inPubKey,

   162 					    CRMFEncryptedValue *destValue);

   164 extern CK_MECHANISM_TYPE

   165        crmf_get_mechanism_from_public_key(SECKEYPublicKey *inPubKey);

   167 extern SECStatus

   168 crmf_encrypted_value_unwrap_priv_key(PLArenaPool        *poolp,

   169 				     CRMFEncryptedValue *encValue,

   170 				     SECKEYPrivateKey   *privKey,

   171 				     SECKEYPublicKey    *newPubKey,

   172 				     SECItem            *nickname,

   173 				     PK11SlotInfo       *slot,

   174 				     unsigned char       keyUsage,

   175 				     SECKEYPrivateKey  **unWrappedKey,

   176 				     void               *wincx);

   178 extern SECItem*

   179 crmf_get_public_value(SECKEYPublicKey *pubKey, SECItem *dest);

   181 extern CRMFCertExtension*

   182 crmf_copy_cert_extension(PLArenaPool *poolp, CRMFCertExtension *inExtension);

   184 extern SECStatus

   185 crmf_create_prtime(SECItem *src, PRTime **dest);

   186 #endif /*_CRMFI_H_*/

The Tor Browser / file revision