michael@0: /* -*- Mode: C; tab-width: 8 -*-*/ michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public michael@0: * License, v. 2.0. If a copy of the MPL was not distributed with this michael@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ michael@0: michael@0: michael@0: #ifndef _CRMFI_H_ michael@0: #define _CRMFI_H_ michael@0: /* This file will contain all declarations common to both michael@0: * encoding and decoding of CRMF Cert Requests. This header michael@0: * file should only be included internally by CRMF implementation michael@0: * files. michael@0: */ michael@0: #include "secasn1.h" michael@0: #include "crmfit.h" michael@0: #include "secerr.h" michael@0: #include "blapit.h" michael@0: michael@0: #define CRMF_DEFAULT_ARENA_SIZE 1024 michael@0: michael@0: /* michael@0: * Explanation for the definition of MAX_WRAPPED_KEY_LEN: michael@0: * michael@0: * It's used for internal buffers to transport a wrapped private key. michael@0: * The value is in BYTES. michael@0: * We want to define a reasonable upper bound for this value. michael@0: * Ideally this could be calculated, but in order to simplify the code michael@0: * we want to estimate the maximum requires size. michael@0: * See also bug 655850 for the full explanation. michael@0: * michael@0: * We know the largest wrapped keys are RSA keys. michael@0: * We'll estimate the maximum size needed for wrapped RSA keys, michael@0: * and assume it's sufficient for wrapped keys of any type we support. michael@0: * michael@0: * The maximum size of RSA keys in bits is defined elsewhere as michael@0: * RSA_MAX_MODULUS_BITS michael@0: * michael@0: * The idea is to define MAX_WRAPPED_KEY_LEN based on the above. michael@0: * michael@0: * A wrapped RSA key requires about michael@0: * ( ( RSA_MAX_MODULUS_BITS / 8 ) * 5.5) + 65 michael@0: * bytes. michael@0: * michael@0: * Therefore, a safe upper bound is: michael@0: * ( ( RSA_MAX_MODULUS_BITS / 8 ) *8 ) = RSA_MAX_MODULUS_BITS michael@0: * michael@0: */ michael@0: #define MAX_WRAPPED_KEY_LEN RSA_MAX_MODULUS_BITS michael@0: michael@0: #define CRMF_BITS_TO_BYTES(bits) (((bits)+7)/8) michael@0: #define CRMF_BYTES_TO_BITS(bytes) ((bytes)*8) michael@0: michael@0: struct crmfEncoderArg { michael@0: SECItem *buffer; michael@0: long allocatedLen; michael@0: }; michael@0: michael@0: struct crmfEncoderOutput { michael@0: CRMFEncoderOutputCallback fn; michael@0: void *outputArg; michael@0: }; michael@0: michael@0: /* michael@0: * This function is used by the API for encoding functions that are michael@0: * exposed through the API, ie all of the CMMF_Encode* and CRMF_Encode* michael@0: * functions. michael@0: */ michael@0: extern void michael@0: crmf_encoder_out(void *arg, const char *buf, unsigned long len, michael@0: int depth, SEC_ASN1EncodingPart data_kind); michael@0: michael@0: /* michael@0: * This function is used when we want to encode something locally within michael@0: * the library, ie the CertRequest so that we can produce its signature. michael@0: */ michael@0: extern SECStatus michael@0: crmf_init_encoder_callback_arg (struct crmfEncoderArg *encoderArg, michael@0: SECItem *derDest); michael@0: michael@0: /* michael@0: * This is the callback function we feed to the ASN1 encoder when doing michael@0: * internal DER-encodings. ie, encoding the cert request so we can michael@0: * produce a signature. michael@0: */ michael@0: extern void michael@0: crmf_generic_encoder_callback(void *arg, const char* buf, unsigned long len, michael@0: int depth, SEC_ASN1EncodingPart data_kind); michael@0: michael@0: /* The ASN1 templates that need to be seen by internal files michael@0: * in order to implement CRMF. michael@0: */ michael@0: extern const SEC_ASN1Template CRMFCertReqMsgTemplate[]; michael@0: extern const SEC_ASN1Template CRMFRAVerifiedTemplate[]; michael@0: extern const SEC_ASN1Template CRMFPOPOSigningKeyTemplate[]; michael@0: extern const SEC_ASN1Template CRMFPOPOKeyEnciphermentTemplate[]; michael@0: extern const SEC_ASN1Template CRMFPOPOKeyAgreementTemplate[]; michael@0: extern const SEC_ASN1Template CRMFThisMessageTemplate[]; michael@0: extern const SEC_ASN1Template CRMFSubsequentMessageTemplate[]; michael@0: extern const SEC_ASN1Template CRMFDHMACTemplate[]; michael@0: extern const SEC_ASN1Template CRMFEncryptedKeyWithEncryptedValueTemplate[]; michael@0: extern const SEC_ASN1Template CRMFEncryptedValueTemplate[]; michael@0: michael@0: /* michael@0: * Use these two values for encoding Boolean values. michael@0: */ michael@0: extern const unsigned char hexTrue; michael@0: extern const unsigned char hexFalse; michael@0: /* michael@0: * Prototypes for helper routines used internally by multiple files. michael@0: */ michael@0: extern SECStatus crmf_encode_integer(PLArenaPool *poolp, SECItem *dest, michael@0: long value); michael@0: extern SECStatus crmf_make_bitstring_copy(PLArenaPool *arena, SECItem *dest, michael@0: SECItem *src); michael@0: michael@0: extern SECStatus crmf_copy_pkiarchiveoptions(PLArenaPool *poolp, michael@0: CRMFPKIArchiveOptions *destOpt, michael@0: CRMFPKIArchiveOptions *srcOpt); michael@0: extern SECStatus michael@0: crmf_destroy_pkiarchiveoptions(CRMFPKIArchiveOptions *inArchOptions, michael@0: PRBool freeit); michael@0: extern const SEC_ASN1Template* michael@0: crmf_get_pkiarchiveoptions_subtemplate(CRMFControl *inControl); michael@0: michael@0: extern SECStatus crmf_copy_encryptedkey(PLArenaPool *poolp, michael@0: CRMFEncryptedKey *srcEncrKey, michael@0: CRMFEncryptedKey *destEncrKey); michael@0: extern SECStatus michael@0: crmf_copy_encryptedvalue(PLArenaPool *poolp, michael@0: CRMFEncryptedValue *srcValue, michael@0: CRMFEncryptedValue *destValue); michael@0: michael@0: extern SECStatus michael@0: crmf_copy_encryptedvalue_secalg(PLArenaPool *poolp, michael@0: SECAlgorithmID *srcAlgId, michael@0: SECAlgorithmID **destAlgId); michael@0: michael@0: extern SECStatus crmf_template_copy_secalg(PLArenaPool *poolp, michael@0: SECAlgorithmID **dest, michael@0: SECAlgorithmID *src); michael@0: michael@0: extern SECStatus crmf_copy_cert_name(PLArenaPool *poolp, CERTName **dest, michael@0: CERTName *src); michael@0: michael@0: extern SECStatus crmf_template_add_public_key(PLArenaPool *poolp, michael@0: CERTSubjectPublicKeyInfo **dest, michael@0: CERTSubjectPublicKeyInfo *pubKey); michael@0: michael@0: extern CRMFCertExtension* crmf_create_cert_extension(PLArenaPool *poolp, michael@0: SECOidTag tag, michael@0: PRBool isCritical, michael@0: SECItem *data); michael@0: extern CRMFCertRequest* michael@0: crmf_copy_cert_request(PLArenaPool *poolp, CRMFCertRequest *srcReq); michael@0: michael@0: extern SECStatus crmf_destroy_encrypted_value(CRMFEncryptedValue *inEncrValue, michael@0: PRBool freeit); michael@0: michael@0: extern CRMFEncryptedValue * michael@0: crmf_create_encrypted_value_wrapped_privkey(SECKEYPrivateKey *inPrivKey, michael@0: SECKEYPublicKey *inPubKey, michael@0: CRMFEncryptedValue *destValue); michael@0: michael@0: extern CK_MECHANISM_TYPE michael@0: crmf_get_mechanism_from_public_key(SECKEYPublicKey *inPubKey); michael@0: michael@0: extern SECStatus michael@0: crmf_encrypted_value_unwrap_priv_key(PLArenaPool *poolp, michael@0: CRMFEncryptedValue *encValue, michael@0: SECKEYPrivateKey *privKey, michael@0: SECKEYPublicKey *newPubKey, michael@0: SECItem *nickname, michael@0: PK11SlotInfo *slot, michael@0: unsigned char keyUsage, michael@0: SECKEYPrivateKey **unWrappedKey, michael@0: void *wincx); michael@0: michael@0: extern SECItem* michael@0: crmf_get_public_value(SECKEYPublicKey *pubKey, SECItem *dest); michael@0: michael@0: extern CRMFCertExtension* michael@0: crmf_copy_cert_extension(PLArenaPool *poolp, CRMFCertExtension *inExtension); michael@0: michael@0: extern SECStatus michael@0: crmf_create_prtime(SECItem *src, PRTime **dest); michael@0: #endif /*_CRMFI_H_*/