michael@0: /* -*- Mode: C; tab-width: 8 -*-*/ michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public michael@0: * License, v. 2.0. If a copy of the MPL was not distributed with this michael@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ michael@0: michael@0: #ifndef _CMMF_H_ michael@0: #define _CMMF_H_ michael@0: /* michael@0: * These are the functions exported by the security library for michael@0: * implementing Certificate Management Message Formats (CMMF). michael@0: * michael@0: * This API is designed against July 1998 CMMF draft. Please read this michael@0: * draft before trying to use this API in an application that use CMMF. michael@0: */ michael@0: #include "seccomon.h" michael@0: #include "cmmft.h" michael@0: #include "crmf.h" michael@0: michael@0: SEC_BEGIN_PROTOS michael@0: michael@0: /******************* Creation Functions *************************/ michael@0: michael@0: /* michael@0: * FUNCTION: CMMF_CreateCertRepContent michael@0: * INPUTS: michael@0: * NONE michael@0: * NOTES: michael@0: * This function will create an empty CMMFCertRepContent Structure. michael@0: * The client of the library must set the CMMFCertResponses. michael@0: * Call CMMF_CertRepContentSetCertResponse to accomplish this task. michael@0: * If the client of the library also wants to include the chain of michael@0: * CA certs required to make the certificates in CMMFCertResponse valid, michael@0: * then the user must also set the caPubs field of CMMFCertRepContent. michael@0: * Call CMMF_CertRepContentSetCAPubs to accomplish this. After setting michael@0: * the desired fields, the user can then call CMMF_EncodeCertRepContent michael@0: * to DER-encode the CertRepContent. michael@0: * RETURN: michael@0: * A pointer to the CMMFCertRepContent. A NULL return value indicates michael@0: * an error in allocating memory or failure to initialize the structure. michael@0: */ michael@0: extern CMMFCertRepContent* CMMF_CreateCertRepContent(void); michael@0: michael@0: /* michael@0: * FUNCTION: CMMF_CreateCertRepContentFromDER michael@0: * INPUTS michael@0: * db michael@0: * The certificate database where the certificates will be placed. michael@0: * The certificates will be placed in the temporary database associated michael@0: * with the handle. michael@0: * buf michael@0: * A buffer to the DER-encoded CMMFCertRepContent michael@0: * len michael@0: * The length in bytes of the buffer 'buf' michael@0: * NOTES: michael@0: * This function passes the buffer to the ASN1 decoder and creates a michael@0: * CMMFCertRepContent structure. The user must call michael@0: * CMMF_DestroyCertRepContent after the return value is no longer needed. michael@0: * michael@0: * RETURN: michael@0: * A pointer to the CMMFCertRepContent structure. A NULL return michael@0: * value indicates the library was unable to parse the DER. michael@0: */ michael@0: extern CMMFCertRepContent* michael@0: CMMF_CreateCertRepContentFromDER(CERTCertDBHandle *db, michael@0: const char *buf, michael@0: long len); michael@0: michael@0: /* michael@0: * FUNCTION: CMMF_CreateCertResponse michael@0: * INPUTS: michael@0: * inCertReqId michael@0: * The Certificate Request Id this response is for. michael@0: * NOTES: michael@0: * This creates a CMMFCertResponse. This response should correspond michael@0: * to a request that was received via CRMF. From the CRMF message you michael@0: * can get the Request Id to pass in as inCertReqId, in essence binding michael@0: * a CMRFCertRequest message to the CMMFCertResponse created by this michael@0: * function. If no requuest id is associated with the response to create michael@0: * then the user should pass in -1 for 'inCertReqId'. michael@0: * michael@0: * RETURN: michael@0: * A pointer to the new CMMFCertResponse corresponding to the request id michael@0: * passed in. A NULL return value indicates an error while trying to michael@0: * create the CMMFCertResponse. michael@0: */ michael@0: extern CMMFCertResponse* CMMF_CreateCertResponse(long inCertReqId); michael@0: michael@0: /* michael@0: * FUNCTION: CMMF_CreateKeyRecRepContent michael@0: * INPUTS: michael@0: * NONE michael@0: * NOTES: michael@0: * This function creates a new empty CMMFKeyRecRepContent structure. michael@0: * At the very minimum, the user must call michael@0: * CMMF_KeyRecRepContentSetPKIStatusInfoStatus field to have an michael@0: * encodable structure. Depending on what the response is, the user may michael@0: * have to set other fields as well to properly build up the structure so michael@0: * that it can be encoded. Refer to the CMMF draft for how to properly michael@0: * set up a CMMFKeyRecRepContent. This is the structure that an RA returns michael@0: * to an end entity when doing key recovery. michael@0: michael@0: * The user must call CMMF_DestroyKeyRecRepContent when the return value michael@0: * is no longer needed. michael@0: * RETURN: michael@0: * A pointer to the empty CMMFKeyRecRepContent. A return value of NULL michael@0: * indicates an error in allocating memory or initializing the structure. michael@0: */ michael@0: extern CMMFKeyRecRepContent *CMMF_CreateKeyRecRepContent(void); michael@0: michael@0: /* michael@0: * FUNCTION: CMMF_CreateKeyRecRepContentFromDER michael@0: * INPUTS: michael@0: * db michael@0: * The handle for the certificate database where the decoded michael@0: * certificates will be placed. The decoded certificates will michael@0: * be placed in the temporary database associated with the michael@0: * handle. michael@0: * buf michael@0: * A buffer contatining the DER-encoded CMMFKeyRecRepContent michael@0: * len michael@0: * The length in bytes of the buffer 'buf' michael@0: * NOTES michael@0: * This function passes the buffer to the ASN1 decoder and creates a michael@0: * CMMFKeyRecRepContent structure. michael@0: * michael@0: * RETURN: michael@0: * A pointer to the CMMFKeyRecRepContent structure. A NULL return michael@0: * value indicates the library was unable to parse the DER. michael@0: */ michael@0: extern CMMFKeyRecRepContent* michael@0: CMMF_CreateKeyRecRepContentFromDER(CERTCertDBHandle *db, michael@0: const char *buf, michael@0: long len); michael@0: michael@0: /* michael@0: * FUNCTION: CMMF_CreatePOPODecKeyChallContent michael@0: * INPUTS: michael@0: * NONE michael@0: * NOTES: michael@0: * This function creates an empty CMMFPOPODecKeyChallContent. The user michael@0: * must add the challenges individually specifying the random number to michael@0: * be used and the public key to be used when creating each individual michael@0: * challenge. User can accomplish this by calling the function michael@0: * CMMF_POPODecKeyChallContentSetNextChallenge. michael@0: * RETURN: michael@0: * A pointer to a CMMFPOPODecKeyChallContent structure. Ther user can michael@0: * then call CMMF_EncodePOPODecKeyChallContent passing in the return michael@0: * value from this function after setting all of the challenges. A michael@0: * return value of NULL indicates an error while creating the michael@0: * CMMFPOPODecKeyChallContent structure. michael@0: */ michael@0: extern CMMFPOPODecKeyChallContent* michael@0: CMMF_CreatePOPODecKeyChallContent(void); michael@0: michael@0: /* michael@0: * FUNCTION: CMMF_CreatePOPODecKeyChallContentFromDER michael@0: * INPUTS michael@0: * buf michael@0: * A buffer containing the DER-encoded CMMFPOPODecKeyChallContent michael@0: * len michael@0: * The length in bytes of the buffer 'buf' michael@0: * NOTES: michael@0: * This function passes the buffer to the ASN1 decoder and creates a michael@0: * CMMFPOPODecKeyChallContent structure. michael@0: * michael@0: * RETURN: michael@0: * A pointer to the CMMFPOPODecKeyChallContent structure. A NULL return michael@0: * value indicates the library was unable to parse the DER. michael@0: */ michael@0: extern CMMFPOPODecKeyChallContent* michael@0: CMMF_CreatePOPODecKeyChallContentFromDER(const char *buf, long len); michael@0: michael@0: /* michael@0: * FUNCTION: CMMF_CreatePOPODecKeyRespContentFromDER michael@0: * INPUTS: michael@0: * buf michael@0: * A buffer contatining the DER-encoded CMMFPOPODecKeyRespContent michael@0: * len michael@0: * The length in bytes of the buffer 'buf' michael@0: * NOTES michael@0: * This function passes the buffer to the ASN1 decoder and creates a michael@0: * CMMFPOPODecKeyRespContent structure. michael@0: * michael@0: * RETURN: michael@0: * A pointer to the CMMFPOPODecKeyRespContent structure. A NULL return michael@0: * value indicates the library was unable to parse the DER. michael@0: */ michael@0: extern CMMFPOPODecKeyRespContent* michael@0: CMMF_CreatePOPODecKeyRespContentFromDER(const char *buf, long len); michael@0: michael@0: /************************** Set Functions *************************/ michael@0: michael@0: /* michael@0: * FUNCTION: CMMF_CertRepContentSetCertResponses michael@0: * INPUTS: michael@0: * inCertRepContent michael@0: * The CMMFCertRepContent to operate on. michael@0: * inCertResponses michael@0: * An array of pointers to CMMFCertResponse structures to michael@0: * add to the CMMFCertRepContent structure. michael@0: * inNumResponses michael@0: * The length of the array 'inCertResponses' michael@0: * NOTES: michael@0: * This function will add the CMMFCertResponse structure to the michael@0: * CMMFCertRepContent passed in. The CMMFCertResponse field of michael@0: * CMMFCertRepContent is required, so the client must call this function michael@0: * before calling CMMF_EncodeCertRepContent. If the user calls michael@0: * CMMF_EncodeCertRepContent before calling this function, michael@0: * CMMF_EncodeCertRepContent will fail. michael@0: * michael@0: * RETURN: michael@0: * SECSuccess if adding the CMMFCertResponses to the CMMFCertRepContent michael@0: * structure was successful. Any other return value indicates an error michael@0: * while trying to add the CMMFCertResponses. michael@0: */ michael@0: extern SECStatus michael@0: CMMF_CertRepContentSetCertResponses(CMMFCertRepContent *inCertRepContent, michael@0: CMMFCertResponse **inCertResponses, michael@0: int inNumResponses); michael@0: michael@0: /* michael@0: * FUNCTION: CMMF_CertRepContentSetCAPubs michael@0: * INPUTS: michael@0: * inCertRepContent michael@0: * The CMMFCertRepContent to operate on. michael@0: * inCAPubs michael@0: * The certificate list which makes up the chain of CA certificates michael@0: * required to make the issued cert valid. michael@0: * NOTES: michael@0: * This function will set the the certificates in the CA chain as part michael@0: * of the CMMFCertRepContent. This field is an optional member of the michael@0: * CMMFCertRepContent structure, so the client is not required to call michael@0: * this function before calling CMMF_EncodeCertRepContent. michael@0: * michael@0: * RETURN: michael@0: * SECSuccess if adding the 'inCAPubs' to the CERTRepContent was successful. michael@0: * Any other return value indicates an error while adding 'inCAPubs' to the michael@0: * CMMFCertRepContent structure. michael@0: * michael@0: */ michael@0: extern SECStatus michael@0: CMMF_CertRepContentSetCAPubs (CMMFCertRepContent *inCertRepContent, michael@0: CERTCertList *inCAPubs); michael@0: michael@0: /* michael@0: * FUNCTION: CMMF_CertResponseSetPKIStatusInfoStatus michael@0: * INPUTS: michael@0: * inCertResp michael@0: * The CMMFCertResponse to operate on. michael@0: * inPKIStatus michael@0: * The value to set for the PKIStatusInfo.status field. michael@0: * NOTES: michael@0: * This function will set the CertResponse.status.status field of michael@0: * the CMMFCertResponse structure. (View the definition of CertResponse michael@0: * in the CMMF draft to see exactly which value this talks about.) This michael@0: * field is a required member of the structure, so the user must call this michael@0: * function in order to have a CMMFCertResponse that can be encoded. michael@0: * michael@0: * RETURN: michael@0: * SECSuccess if setting the field with the passed in value was successful. michael@0: * Any other return value indicates an error while trying to set the field. michael@0: */ michael@0: extern SECStatus michael@0: CMMF_CertResponseSetPKIStatusInfoStatus (CMMFCertResponse *inCertResp, michael@0: CMMFPKIStatus inPKIStatus); michael@0: michael@0: /* michael@0: * FUNCTION: CMMF_CertResponseSetCertificate michael@0: * INPUTS: michael@0: * inCertResp michael@0: * The CMMFCertResponse to operate on. michael@0: * inCertificate michael@0: * The certificate to add to the michael@0: * CertResponse.CertifiedKeyPair.certOrEncCert.certificate field. michael@0: * NOTES: michael@0: * This function will take the certificate and make it a member of the michael@0: * CMMFCertResponse. The certificate should be the actual certificate michael@0: * being issued via the response. michael@0: * michael@0: * RETURN: michael@0: * SECSuccess if adding the certificate to the response was successful. michael@0: * Any other return value indicates an error in adding the certificate to michael@0: * the CertResponse. michael@0: */ michael@0: extern SECStatus michael@0: CMMF_CertResponseSetCertificate (CMMFCertResponse *inCertResp, michael@0: CERTCertificate *inCertificate); michael@0: michael@0: /* michael@0: * FUNCTION: CMMF_KeyRecRepContentSetPKIStatusInfoStatus michael@0: * INPUTS: michael@0: * inKeyRecRep michael@0: * The CMMFKeyRecRepContent to operate on. michael@0: * inPKIStatus michael@0: * The value to set the PKIStatusInfo.status field to. michael@0: * NOTES: michael@0: * This function sets the only required field for the KeyRecRepContent. michael@0: * In most cases, the user will set this field and other fields of the michael@0: * structure to properly create the CMMFKeyRecRepContent structure. michael@0: * Refer to the CMMF draft to see which fields need to be set in order michael@0: * to create the desired CMMFKeyRecRepContent. michael@0: * michael@0: * RETURN: michael@0: * SECSuccess if setting the PKIStatusInfo.status field was successful. michael@0: * Any other return value indicates an error in setting the field. michael@0: */ michael@0: extern SECStatus michael@0: CMMF_KeyRecRepContentSetPKIStatusInfoStatus(CMMFKeyRecRepContent *inKeyRecRep, michael@0: CMMFPKIStatus inPKIStatus); michael@0: michael@0: /* michael@0: * FUNCTION: CMMF_KeyRecRepContentSetNewSignCert michael@0: * INPUTS: michael@0: * inKeyRecRep michael@0: * The CMMFKeyRecRepContent to operate on. michael@0: * inNewSignCert michael@0: * The new signing cert to add to the CMMFKeyRecRepContent structure. michael@0: * NOTES: michael@0: * This function sets the new signeing cert in the CMMFKeyRecRepContent michael@0: * structure. michael@0: * michael@0: * RETURN: michael@0: * SECSuccess if setting the new signing cert was successful. Any other michael@0: * return value indicates an error occurred while trying to add the michael@0: * new signing certificate. michael@0: */ michael@0: extern SECStatus michael@0: CMMF_KeyRecRepContentSetNewSignCert(CMMFKeyRecRepContent *inKeyRecRep, michael@0: CERTCertificate *inNewSignCert); michael@0: michael@0: /* michael@0: * FUNCTION: CMMF_KeyRecRepContentSetCACerts michael@0: * INPUTS: michael@0: * inKeyRecRep michael@0: * The CMMFKeyRecRepContent to operate on. michael@0: * inCACerts michael@0: * The list of CA certificates required to construct a valid michael@0: * certificate chain with the certificates that will be returned michael@0: * to the end user via this KeyRecRepContent. michael@0: * NOTES: michael@0: * This function sets the caCerts that are required to form a chain with the michael@0: * end entity certificates that are being re-issued in this michael@0: * CMMFKeyRecRepContent structure. michael@0: * michael@0: * RETURN: michael@0: * SECSuccess if adding the caCerts was successful. Any other return value michael@0: * indicates an error while tring to add the caCerts. michael@0: */ michael@0: extern SECStatus michael@0: CMMF_KeyRecRepContentSetCACerts(CMMFKeyRecRepContent *inKeyRecRep, michael@0: CERTCertList *inCACerts); michael@0: michael@0: /* michael@0: * FUNCTION: CMMF_KeyRecRepContentSetCertifiedKeyPair michael@0: * INPUTS: michael@0: * inKeyRecRep michael@0: * The CMMFKeyRecRepContent to operate on. michael@0: * inCert michael@0: * The certificate to add to the CMMFKeyRecRepContent structure. michael@0: * inPrivKey michael@0: * The private key associated with the certificate above passed in. michael@0: * inPubKey michael@0: * The public key to use for wrapping the private key. michael@0: * NOTES: michael@0: * This function adds another certificate-key pair to the michael@0: * CMMFKeyRecRepcontent structure. There may be more than one michael@0: * certificate-key pair in the structure, so the user must call this michael@0: * function multiple times to add more than one cert-key pair. michael@0: * michael@0: * RETURN: michael@0: * SECSuccess if adding the certified key pair was successful. Any other michael@0: * return value indicates an error in adding certified key pair to michael@0: * CMMFKeyRecRepContent structure. michael@0: */ michael@0: extern SECStatus michael@0: CMMF_KeyRecRepContentSetCertifiedKeyPair(CMMFKeyRecRepContent *inKeyRecRep, michael@0: CERTCertificate *inCert, michael@0: SECKEYPrivateKey *inPrivKey, michael@0: SECKEYPublicKey *inPubKey); michael@0: michael@0: /* michael@0: * FUNCTION: CMMF_POPODecKeyChallContentSetNextChallenge michael@0: * INPUTS: michael@0: * inDecKeyChall michael@0: * The CMMFPOPODecKeyChallContent to operate on. michael@0: * inRandom michael@0: * The random number to use when generating the challenge, michael@0: * inSender michael@0: * The GeneralName representation of the sender of the challenge. michael@0: * inPubKey michael@0: * The public key to use when encrypting the challenge. michael@0: * passwdArg michael@0: * This value will be passed to the function used for getting a michael@0: * password. The password for getting a password should be registered michael@0: * by calling PK11_SetPasswordFunc before this function is called. michael@0: * If no password callback is registered and the library needs to michael@0: * authenticate to the slot for any reason, this function will fail. michael@0: * NOTES: michael@0: * This function adds a challenge to the end of the list of challenges michael@0: * contained by 'inDecKeyChall'. Refer to the CMMF draft on how the michael@0: * the random number passed in and the sender's GeneralName are used michael@0: * to generate the challenge and witness fields of the challenge. This michael@0: * library will use SHA1 as the one-way function for generating the michael@0: * witess field of the challenge. michael@0: * michael@0: * RETURN: michael@0: * SECSuccess if generating the challenge and adding to the end of list michael@0: * of challenges was successful. Any other return value indicates an error michael@0: * while trying to generate the challenge. michael@0: */ michael@0: extern SECStatus michael@0: CMMF_POPODecKeyChallContentSetNextChallenge michael@0: (CMMFPOPODecKeyChallContent *inDecKeyChall, michael@0: long inRandom, michael@0: CERTGeneralName *inSender, michael@0: SECKEYPublicKey *inPubKey, michael@0: void *passwdArg); michael@0: michael@0: michael@0: /************************** Encoding Functions *************************/ michael@0: michael@0: /* michael@0: * FUNCTION: CMMF_EncodeCertRepContent michael@0: * INPUTS: michael@0: * inCertRepContent michael@0: * The CMMFCertRepContent to DER-encode. michael@0: * inCallback michael@0: * A callback function that the ASN1 encoder will call whenever it michael@0: * wants to write out DER-encoded bytes. Look at the defintion of michael@0: * CRMFEncoderOutputCallback in crmft.h for a description of the michael@0: * parameters to the function. michael@0: * inArg michael@0: * An opaque pointer to a user-supplied argument that will be passed michael@0: * to the callback funtion whenever the function is called. michael@0: * NOTES: michael@0: * The CMMF library will use the same DER-encoding scheme as the CRMF michael@0: * library. In other words, when reading CRMF comments that pertain to michael@0: * encoding, those comments apply to the CMMF libray as well. michael@0: * The callback function will be called multiple times, each time supplying michael@0: * the next chunk of DER-encoded bytes. The user must concatenate the michael@0: * output of each successive call to the callback in order to get the michael@0: * entire DER-encoded CMMFCertRepContent structure. michael@0: * michael@0: * RETURN: michael@0: * SECSuccess if encoding the CMMFCertRepContent was successful. Any michael@0: * other return value indicates an error while decoding the structure. michael@0: */ michael@0: extern SECStatus michael@0: CMMF_EncodeCertRepContent (CMMFCertRepContent *inCertRepContent, michael@0: CRMFEncoderOutputCallback inCallback, michael@0: void *inArg); michael@0: michael@0: /* michael@0: * FUNCTION: CMMF_EncodeKeyRecRepContent michael@0: * INPUTS: michael@0: * inKeyRecRep michael@0: * The CMMFKeyRepContent to DER-encode. michael@0: * inCallback michael@0: * A callback function that the ASN1 encoder will call whenever it michael@0: * wants to write out DER-encoded bytes. Look at the defintion of michael@0: * CRMFEncoderOutputCallback in crmft.h for a description of the michael@0: * parameters to the function. michael@0: * inArg michael@0: * An opaque pointer to a user-supplied argument that will be passed michael@0: * to the callback funtion whenever the function is called. michael@0: * NOTES: michael@0: * The CMMF library will use the same DER-encoding scheme as the CRMF michael@0: * library. In other words, when reading CRMF comments that pertain to michael@0: * encoding, those comments apply to the CMMF libray as well. michael@0: * The callback function will be called multiple times, each time supplying michael@0: * the next chunk of DER-encoded bytes. The user must concatenate the michael@0: * output of each successive call to the callback in order to get the michael@0: * entire DER-encoded CMMFCertRepContent structure. michael@0: * michael@0: * RETURN: michael@0: * SECSuccess if encoding the CMMFKeyRecRepContent was successful. Any michael@0: * other return value indicates an error while decoding the structure. michael@0: */ michael@0: extern SECStatus michael@0: CMMF_EncodeKeyRecRepContent(CMMFKeyRecRepContent *inKeyRecRep, michael@0: CRMFEncoderOutputCallback inCallback, michael@0: void *inArg); michael@0: michael@0: /* michael@0: * FUNCTION: CMMF_EncodePOPODecKeyChallContent michael@0: * INPUTS: michael@0: * inDecKeyChall michael@0: * The CMMFDecKeyChallContent to operate on. michael@0: * inCallback michael@0: * A callback function that the ASN1 encoder will call whenever it michael@0: * wants to write out DER-encoded bytes. Look at the defintion of michael@0: * CRMFEncoderOutputCallback in crmft.h for a description of the michael@0: * parameters to the function. michael@0: * inArg michael@0: * An opaque pointer to a user-supplied argument that will be passed michael@0: * to the callback function whenever the function is called. michael@0: * NOTES: michael@0: * The CMMF library will use the same DER-encoding scheme as the CRMF michael@0: * library. In other words, when reading CRMF comments that pertain to michael@0: * encoding, those comments apply to the CMMF libray as well. michael@0: * The callback function will be called multiple times, each time supplying michael@0: * the next chunk of DER-encoded bytes. The user must concatenate the michael@0: * output of each successive call to the callback in order to get the michael@0: * entire DER-encoded CMMFCertRepContent structure. michael@0: * The DER will be an encoding of the type POPODecKeyChallContents, which michael@0: * is just a sequence of challenges. michael@0: * michael@0: * RETURN: michael@0: * SECSuccess if encoding was successful. Any other return value indicates michael@0: * an error in trying to encode the Challenges. michael@0: */ michael@0: extern SECStatus michael@0: CMMF_EncodePOPODecKeyChallContent(CMMFPOPODecKeyChallContent *inDecKeyChall, michael@0: CRMFEncoderOutputCallback inCallback, michael@0: void *inArg); michael@0: michael@0: /* michael@0: * FUNCTION: CMMF_EncodePOPODecKeyRespContent michael@0: * INPUTS: michael@0: * inDecodedRand michael@0: * An array of integers to encode as the responses to michael@0: * CMMFPOPODecKeyChallContent. The integers must be in the same order michael@0: * as the challenges extracted from CMMFPOPODecKeyChallContent. michael@0: * inNumRand michael@0: * The number of random integers contained in the array 'inDecodedRand' michael@0: * inCallback michael@0: * A callback function that the ASN1 encoder will call whenever it michael@0: * wants to write out DER-encoded bytes. Look at the defintion of michael@0: * CRMFEncoderOutputCallback in crmft.h for a description of the michael@0: * parameters to the function. michael@0: * inArg michael@0: * An opaque pointer to a user-supplied argument that will be passed michael@0: * to the callback funtion whenever the function is called. michael@0: * NOTES: michael@0: * The CMMF library will use the same DER-encoding scheme as the CRMF michael@0: * library. In other words, when reading CRMF comments that pertain to michael@0: * encoding, those comments apply to the CMMF libray as well. michael@0: * The callback function will be called multiple times, each time supplying michael@0: * the next chunk of DER-encoded bytes. The user must concatenate the michael@0: * output of each successive call to the callback in order to get the michael@0: * entire DER-encoded POPODecKeyRespContent. michael@0: * michael@0: * RETURN: michael@0: * SECSuccess if encoding was successful. Any other return value indicates michael@0: * an error in trying to encode the Challenges. michael@0: */ michael@0: extern SECStatus michael@0: CMMF_EncodePOPODecKeyRespContent(long *inDecodedRand, michael@0: int inNumRand, michael@0: CRMFEncoderOutputCallback inCallback, michael@0: void *inArg); michael@0: michael@0: /*************** Accessor function ***********************************/ michael@0: michael@0: /* michael@0: * FUNCTION: CMMF_CertRepContentGetCAPubs michael@0: * INPUTS: michael@0: * inCertRepContent michael@0: * The CMMFCertRepContent to extract the caPubs from. michael@0: * NOTES: michael@0: * This function will return a copy of the list of certificates that michael@0: * make up the chain of CA's required to make the cert issued valid. michael@0: * The user must call CERT_DestroyCertList on the return value when michael@0: * done using the return value. michael@0: * michael@0: * Only call this function on a CertRepContent that has been decoded. michael@0: * The client must call CERT_DestroyCertList when the certificate list michael@0: * is no longer needed. michael@0: * michael@0: * The certs in the list will not be in the temporary database. In order michael@0: * to make these certificates a part of the permanent CA internal database, michael@0: * the user must collect the der for all of these certs and call michael@0: * CERT_ImportCAChain. Afterwards the certs will be part of the permanent michael@0: * database. michael@0: * michael@0: * RETURN: michael@0: * A pointer to the CERTCertList representing the CA chain associated michael@0: * with the issued cert. A NULL return value indicates that no CA Pubs michael@0: * were available in the CMMFCertRepContent structure. michael@0: */ michael@0: extern CERTCertList* michael@0: CMMF_CertRepContentGetCAPubs (CMMFCertRepContent *inCertRepContent); michael@0: michael@0: michael@0: /* michael@0: * FUNCTION: CMMF_CertRepContentGetNumResponses michael@0: * INPUTS: michael@0: * inCertRepContent michael@0: * The CMMFCertRepContent to operate on. michael@0: * NOTES: michael@0: * This function will return the number of CertResponses that are contained michael@0: * by the CMMFCertRepContent passed in. michael@0: * michael@0: * RETURN: michael@0: * The number of CMMFCertResponses contained in the structure passed in. michael@0: */ michael@0: extern int michael@0: CMMF_CertRepContentGetNumResponses (CMMFCertRepContent *inCertRepContent); michael@0: michael@0: /* michael@0: * FUNCTION: CMMF_CertRepContentGetResponseAtIndex michael@0: * INPUTS: michael@0: * inCertRepContent michael@0: * The CMMFCertRepContent to operate on. michael@0: * inIndex michael@0: * The index of the CMMFCertResponse the user wants a copy of. michael@0: * NOTES: michael@0: * This function creates a copy of the CMMFCertResponse at the index michael@0: * corresponding to the parameter 'inIndex'. Indexing is done like a michael@0: * traditional C array, ie the valid indexes are (0...numResponses-1). michael@0: * The user must call CMMF_DestroyCertResponse after the return value is michael@0: * no longer needed. michael@0: * michael@0: * RETURN: michael@0: * A pointer to the CMMFCertResponse at the index corresponding to michael@0: * 'inIndex'. A return value of NULL indicates an error in copying michael@0: * the CMMFCertResponse. michael@0: */ michael@0: extern CMMFCertResponse* michael@0: CMMF_CertRepContentGetResponseAtIndex (CMMFCertRepContent *inCertRepContent, michael@0: int inIndex); michael@0: michael@0: /* michael@0: * FUNCTION: CMMF_CertResponseGetCertReqId michael@0: * INPUTS: michael@0: * inCertResp michael@0: * The CMMFCertResponse to operate on. michael@0: * NOTES: michael@0: * This function returns the CertResponse.certReqId from the michael@0: * CMMFCertResponse structure passed in. If the return value is -1, that michael@0: * means there is no associated certificate request with the CertResponse. michael@0: * RETURN: michael@0: * A long representing the id of the certificate request this michael@0: * CMMFCertResponse corresponds to. A return value of -1 indicates an michael@0: * error in extracting the value of the integer. michael@0: */ michael@0: extern long CMMF_CertResponseGetCertReqId(CMMFCertResponse *inCertResp); michael@0: michael@0: /* michael@0: * FUNCTION: CMMF_CertResponseGetPKIStatusInfoStatus michael@0: * INPUTS: michael@0: * inCertResp michael@0: * The CMMFCertResponse to operate on. michael@0: * NOTES: michael@0: * This function returns the CertResponse.status.status field of the michael@0: * CMMFCertResponse structure. michael@0: * michael@0: * RETURN: michael@0: * The enumerated value corresponding to the PKIStatus defined in the CMMF michael@0: * draft. See the CMMF draft for the definition of PKIStatus. See crmft.h michael@0: * for the definition of CMMFPKIStatus. michael@0: */ michael@0: extern CMMFPKIStatus michael@0: CMMF_CertResponseGetPKIStatusInfoStatus(CMMFCertResponse *inCertResp); michael@0: michael@0: /* michael@0: * FUNCTION: CMMF_CertResponseGetCertificate michael@0: * INPUTS: michael@0: * inCertResp michael@0: * The Certificate Response to operate on. michael@0: * inCertdb michael@0: * This is the certificate database where the function will place the michael@0: * newly issued certificate. michael@0: * NOTES: michael@0: * This function retrieves the CertResponse.certifiedKeyPair.certificate michael@0: * from the CMMFCertResponse. The user will get a copy of that certificate michael@0: * so the user must call CERT_DestroyCertificate when the return value is michael@0: * no longer needed. The certificate returned will be in the temporary michael@0: * certificate database. michael@0: * michael@0: * RETURN: michael@0: * A pointer to a copy of the certificate contained within the michael@0: * CMMFCertResponse. A return value of NULL indicates an error while trying michael@0: * to make a copy of the certificate. michael@0: */ michael@0: extern CERTCertificate* michael@0: CMMF_CertResponseGetCertificate(CMMFCertResponse *inCertResp, michael@0: CERTCertDBHandle *inCertdb); michael@0: michael@0: /* michael@0: * FUNCTION: CMMF_KeyRecRepContentGetPKIStatusInfoStatus michael@0: * INPUTS: michael@0: * inKeyRecRep michael@0: * The CMMFKeyRecRepContent structure to operate on. michael@0: * NOTES: michael@0: * This function retrieves the KeyRecRepContent.status.status field of michael@0: * the CMMFKeyRecRepContent structure. michael@0: * RETURN: michael@0: * The CMMFPKIStatus corresponding to the value held in the michael@0: * CMMFKeyRecRepContent structure. michael@0: */ michael@0: extern CMMFPKIStatus michael@0: CMMF_KeyRecRepContentGetPKIStatusInfoStatus(CMMFKeyRecRepContent *inKeyRecRep); michael@0: michael@0: /* michael@0: * FUNCTION: CMMF_KeyRecRepContentGetNewSignCert michael@0: * INPUTS: michael@0: * inKeyRecRep michael@0: * The CMMFKeyRecRepContent to operate on. michael@0: * NOTES: michael@0: * This function retrieves the KeyRecRepContent.newSignCert field of the michael@0: * CMMFKeyRecRepContent structure. The user must call michael@0: * CERT_DestroyCertificate when the return value is no longer needed. The michael@0: * returned certificate will be in the temporary database. The user michael@0: * must then place the certificate permanently in whatever token the michael@0: * user determines is the proper destination. A return value of NULL michael@0: * indicates the newSigCert field was not present. michael@0: */ michael@0: extern CERTCertificate* michael@0: CMMF_KeyRecRepContentGetNewSignCert(CMMFKeyRecRepContent *inKeyRecRep); michael@0: michael@0: /* michael@0: * FUNCTION: CMMF_KeyRecRepContentGetCACerts michael@0: * INPUTS: michael@0: * inKeyRecRep michael@0: * The CMMFKeyRecRepContent to operate on. michael@0: * NOTES: michael@0: * This function returns a CERTCertList which contains all of the michael@0: * certficates that are in the sequence KeyRecRepContent.caCerts michael@0: * User must call CERT_DestroyCertList when the return value is no longer michael@0: * needed. All of these certificates will be placed in the tempoaray michael@0: * database. michael@0: * michael@0: * RETURN: michael@0: * A pointer to the list of caCerts contained in the CMMFKeyRecRepContent michael@0: * structure. A return value of NULL indicates the library was not able to michael@0: * make a copy of the certifcates. This may be because there are no caCerts michael@0: * included in the CMMFKeyRecRepContent strucure or an internal error. Call michael@0: * CMMF_KeyRecRepContentHasCACerts to find out if there are any caCerts michael@0: * included in 'inKeyRecRep'. michael@0: */ michael@0: extern CERTCertList* michael@0: CMMF_KeyRecRepContentGetCACerts(CMMFKeyRecRepContent *inKeyRecRep); michael@0: michael@0: /* michael@0: * FUNCTION: CMMF_KeyRecRepContentGetNumKeyPairs michael@0: * INPUTS: michael@0: * inKeyRecRep michael@0: * The CMMFKeyRecRepContent to operate on. michael@0: * RETURN: michael@0: * This function returns the number of CMMFCertifiedKeyPair structures that michael@0: * that are stored in the KeyRecRepContent structure. michael@0: */ michael@0: extern int michael@0: CMMF_KeyRecRepContentGetNumKeyPairs(CMMFKeyRecRepContent *inKeyRecRep); michael@0: michael@0: /* michael@0: * FUNCTION: CMMF_KeyRecRepContentGetCertKeyAtIndex michael@0: * INPUTS: michael@0: * inKeyRecRepContent michael@0: * The CMMFKeyRecRepContent to operate on. michael@0: * inIndex michael@0: * The index of the desired CMMFCertifiedKeyPair michael@0: * NOTES: michael@0: * This function retrieves the CMMFCertifiedKeyPair structure at the index michael@0: * 'inIndex'. Valid indexes are 0...(numKeyPairs-1) The user must call michael@0: * CMMF_DestroyCertifiedKeyPair when the return value is no longer needed. michael@0: * michael@0: * RETURN: michael@0: * A pointer to the Certified Key Pair at the desired index. A return value michael@0: * of NULL indicates an error in extracting the Certified Key Pair at the michael@0: * desired index. michael@0: */ michael@0: extern CMMFCertifiedKeyPair* michael@0: CMMF_KeyRecRepContentGetCertKeyAtIndex(CMMFKeyRecRepContent *inKeyRecRep, michael@0: int inIndex); michael@0: michael@0: /* michael@0: * FUNCTION: CMMF_CertifiedKeyPairGetCertificate michael@0: * INPUTS: michael@0: * inCertKeyPair michael@0: * The CMMFCertifiedKeyPair to operate on. michael@0: * inCertdb michael@0: * The database handle for the database you want this certificate michael@0: * to wind up in. michael@0: * NOTES: michael@0: * This function retrieves the certificate at michael@0: * CertifiedKeyPair.certOrEncCert.certificate michael@0: * The user must call CERT_DestroyCertificate when the return value is no michael@0: * longer needed. The user must import this certificate as a token object michael@0: * onto PKCS#11 slot in order to make it a permanent object. The returned michael@0: * certificate will be in the temporary database. michael@0: * michael@0: * RETURN: michael@0: * A pointer to the certificate contained within the certified key pair. michael@0: * A return value of NULL indicates an error in creating the copy of the michael@0: * certificate. michael@0: */ michael@0: extern CERTCertificate* michael@0: CMMF_CertifiedKeyPairGetCertificate(CMMFCertifiedKeyPair *inCertKeyPair, michael@0: CERTCertDBHandle *inCertdb); michael@0: michael@0: /* michael@0: * FUNCTION: CMMF_POPODecKeyChallContentGetNumChallenges michael@0: * INPUTS: michael@0: * inKeyChallCont michael@0: * The CMMFPOPODecKeyChallContent to operate on. michael@0: * RETURN: michael@0: * This function returns the number of CMMFChallenges are contained in michael@0: * the CMMFPOPODecKeyChallContent structure. michael@0: */ michael@0: extern int CMMF_POPODecKeyChallContentGetNumChallenges michael@0: (CMMFPOPODecKeyChallContent *inKeyChallCont); michael@0: michael@0: /* michael@0: * FUNCTION: CMMF_POPODecKeyChallContentGetPublicValue michael@0: * --------------------------------------------------- michael@0: * INPUTS: michael@0: * inKeyChallCont michael@0: * The CMMFPOPODecKeyChallContent to operate on. michael@0: * inIndex michael@0: * The index of the Challenge within inKeyChallCont to operate on. michael@0: * Indexes start from 0, ie the Nth Challenge corresponds to index michael@0: * N-1. michael@0: * NOTES: michael@0: * This function retrieves the public value stored away in the Challenge at michael@0: * index inIndex of inKeyChallCont. michael@0: * RETURN: michael@0: * A pointer to a SECItem containing the public value. User must call michael@0: * SECITEM_FreeItem on the return value when the value is no longer necessary. michael@0: * A return value of NULL indicates an error while retrieving the public value. michael@0: */ michael@0: extern SECItem* CMMF_POPODecKeyChallContentGetPublicValue michael@0: (CMMFPOPODecKeyChallContent *inKeyChallCont, michael@0: int inIndex); michael@0: michael@0: michael@0: /* michael@0: * FUNCTION: CMMF_POPODecKeyChallContentGetRandomNumber michael@0: * INPUTS: michael@0: * inChallContent michael@0: * The CMMFPOPODecKeyChallContent to operate on. michael@0: * inIndex michael@0: * The index of the challenge to look at. Valid indexes are 0 through michael@0: * (CMMF_POPODecKeyChallContentGetNumChallenges(inChallContent) - 1). michael@0: * inDest michael@0: * A pointer to a user supplied buffer where the library michael@0: * can place a copy of the random integer contatained in the michael@0: * challenge. michael@0: * NOTES: michael@0: * This function returns the value held in the decrypted Rand structure michael@0: * corresponding to the random integer. The user must call michael@0: * CMMF_POPODecKeyChallContentDecryptChallenge before calling this function. Call michael@0: * CMMF_ChallengeIsDecrypted to find out if the challenge has been michael@0: * decrypted. michael@0: * michael@0: * RETURN: michael@0: * SECSuccess indicates the witness field has been previously decrypted michael@0: * and the value for the random integer was successfully placed at *inDest. michael@0: * Any other return value indicates an error and that the value at *inDest michael@0: * is not a valid value. michael@0: */ michael@0: extern SECStatus CMMF_POPODecKeyChallContentGetRandomNumber michael@0: (CMMFPOPODecKeyChallContent *inKeyChallCont, michael@0: int inIndex, michael@0: long *inDest); michael@0: michael@0: /* michael@0: * FUNCTION: CMMF_POPODecKeyRespContentGetNumResponses michael@0: * INPUTS: michael@0: * inRespCont michael@0: * The POPODecKeyRespContent to operate on. michael@0: * RETURN: michael@0: * This function returns the number of responses contained in inRespContent. michael@0: */ michael@0: extern int michael@0: CMMF_POPODecKeyRespContentGetNumResponses(CMMFPOPODecKeyRespContent *inRespCont); michael@0: michael@0: /* michael@0: * FUNCTION: CMMF_POPODecKeyRespContentGetResponse michael@0: * INPUTS: michael@0: * inRespCont michael@0: * The POPODecKeyRespContent to operate on. michael@0: * inIndex michael@0: * The index of the response to retrieve. michael@0: * The Nth response is at index N-1, ie the 1st response is at index 0, michael@0: * the 2nd response is at index 1, and so on. michael@0: * inDest michael@0: * A pointer to a pre-allocated buffer where the library can put the michael@0: * value of the response located at inIndex. michael@0: * NOTES: michael@0: * The function returns the response contained at index inIndex. michael@0: * CMMFPOPODecKeyRespContent is a structure that the server will generally michael@0: * get in response to a CMMFPOPODecKeyChallContent. The server will expect michael@0: * to see the responses in the same order as it constructed them in michael@0: * the CMMFPOPODecKeyChallContent structure. michael@0: * RETURN: michael@0: * SECSuccess if getting the response at the desired index was successful. Any michael@0: * other return value indicates an errror. michael@0: */ michael@0: extern SECStatus michael@0: CMMF_POPODecKeyRespContentGetResponse (CMMFPOPODecKeyRespContent *inRespCont, michael@0: int inIndex, michael@0: long *inDest); michael@0: michael@0: /************************* Destructor Functions ******************************/ michael@0: michael@0: /* michael@0: * FUNCTION: CMMF_DestroyCertResponse michael@0: * INPUTS: michael@0: * inCertResp michael@0: * The CMMFCertResponse to destroy. michael@0: * NOTES: michael@0: * This function frees all the memory associated with the CMMFCertResponse michael@0: * passed in. michael@0: * RETURN: michael@0: * SECSuccess if freeing the memory was successful. Any other return value michael@0: * indicates an error while freeing the memory. michael@0: */ michael@0: extern SECStatus CMMF_DestroyCertResponse(CMMFCertResponse *inCertResp); michael@0: michael@0: /* michael@0: * FUNCTION: CMMF_DestroyCertRepContent michael@0: * INPUTS: michael@0: * inCertRepContent michael@0: * The CMMFCertRepContent to destroy michael@0: * NOTES: michael@0: * This function frees the memory associated with the CMMFCertRepContent michael@0: * passed in. michael@0: * RETURN: michael@0: * SECSuccess if freeing all the memory associated with the michael@0: * CMMFCertRepContent passed in is successful. Any other return value michael@0: * indicates an error while freeing the memory. michael@0: */ michael@0: extern SECStatus michael@0: CMMF_DestroyCertRepContent (CMMFCertRepContent *inCertRepContent); michael@0: michael@0: /* michael@0: * FUNCTION: CMMF_DestroyKeyRecRepContent michael@0: * INPUTS: michael@0: * inKeyRecRep michael@0: * The CMMFKeyRecRepContent to destroy. michael@0: * NOTES: michael@0: * This function destroys all the memory associated with the michael@0: * CMMFKeyRecRepContent passed in. michael@0: * michael@0: * RETURN: michael@0: * SECSuccess if freeing all the memory is successful. Any other return michael@0: * value indicates an error in freeing the memory. michael@0: */ michael@0: extern SECStatus michael@0: CMMF_DestroyKeyRecRepContent(CMMFKeyRecRepContent *inKeyRecRep); michael@0: michael@0: /* michael@0: * FUNCTION: CMMF_DestroyCertifiedKeyPair michael@0: * INPUTS: michael@0: * inCertKeyPair michael@0: * The CMMFCertifiedKeyPair to operate on. michael@0: * NOTES: michael@0: * This function frees up all the memory associated with 'inCertKeyPair' michael@0: * michael@0: * RETURN: michael@0: * SECSuccess if freeing all the memory associated with 'inCertKeyPair' michael@0: * is successful. Any other return value indicates an error while trying michael@0: * to free the memory. michael@0: */ michael@0: extern SECStatus michael@0: CMMF_DestroyCertifiedKeyPair(CMMFCertifiedKeyPair *inCertKeyPair); michael@0: michael@0: /* michael@0: * FUNCTION: CMMF_DestroyPOPODecKeyRespContent michael@0: * INPUTS: michael@0: * inDecKeyResp michael@0: * The CMMFPOPODecKeyRespContent structure to free. michael@0: * NOTES: michael@0: * This function frees up all the memory associate with the michael@0: * CMMFPOPODecKeyRespContent. michael@0: * michael@0: * RETURN: michael@0: * SECSuccess if freeing up all the memory associated with the michael@0: * CMMFPOPODecKeyRespContent structure is successful. Any other michael@0: * return value indicates an error while freeing the memory. michael@0: */ michael@0: extern SECStatus michael@0: CMMF_DestroyPOPODecKeyRespContent(CMMFPOPODecKeyRespContent *inDecKeyResp); michael@0: michael@0: michael@0: /************************** Miscellaneous Functions *************************/ michael@0: michael@0: /* michael@0: * FUNCTION: CMMF_CertifiedKeyPairUnwrapPrivKey michael@0: * INPUTS: michael@0: * inCertKeyPair michael@0: * The CMMFCertifiedKeyPair to operate on. michael@0: * inPrivKey michael@0: * The private key to use to un-wrap the private key michael@0: * inNickName michael@0: * This is the nickname that will be associated with the private key michael@0: * to be unwrapped. michael@0: * inSlot michael@0: * The PKCS11 slot where the unwrapped private key should end up. michael@0: * inCertdb michael@0: * The Certificate database with which the new key will be associated. michael@0: * destPrivKey michael@0: * A pointer to memory where the library can place a pointer to the michael@0: * private key after importing the key onto the specified slot. michael@0: * wincx michael@0: * An opaque pointer that the library will use in a callback function michael@0: * to get the password if necessary. michael@0: * michael@0: * NOTES: michael@0: * This function uses the private key passed in to unwrap the private key michael@0: * contained within the CMMFCertifiedKeyPair structure. After this michael@0: * function successfully returns, the private key has been unwrapped and michael@0: * placed in the specified slot. michael@0: * michael@0: * RETURN: michael@0: * SECSuccess if unwrapping the private key was successful. Any other michael@0: * return value indicates an error while trying to un-wrap the private key. michael@0: */ michael@0: extern SECStatus michael@0: CMMF_CertifiedKeyPairUnwrapPrivKey(CMMFCertifiedKeyPair *inKeyPair, michael@0: SECKEYPrivateKey *inPrivKey, michael@0: SECItem *inNickName, michael@0: PK11SlotInfo *inSlot, michael@0: CERTCertDBHandle *inCertdb, michael@0: SECKEYPrivateKey **destPrivKey, michael@0: void *wincx); michael@0: michael@0: /* michael@0: * FUNCTION: CMMF_KeyRecRepContentHasCACerts michael@0: * INPUTS: michael@0: * inKeyRecRecp michael@0: * The CMMFKeyRecRepContent to operate on. michael@0: * RETURN: michael@0: * This function returns PR_TRUE if there are one or more certificates in michael@0: * the sequence KeyRecRepContent.caCerts within the CMMFKeyRecRepContent michael@0: * structure. The function will return PR_FALSE if there are 0 certificate michael@0: * in the above mentioned sequence. michael@0: */ michael@0: extern PRBool michael@0: CMMF_KeyRecRepContentHasCACerts(CMMFKeyRecRepContent *inKeyRecRep); michael@0: michael@0: /* michael@0: * FUNCTION: CMMF_POPODecKeyChallContDecryptChallenge michael@0: * INPUTS: michael@0: * inChalCont michael@0: * The CMMFPOPODecKeyChallContent to operate on. michael@0: * inIndex michael@0: * The index of the Challenge to operate on. The 1st Challenge is michael@0: * at index 0, the second at index 1 and so forth. michael@0: * inPrivKey michael@0: * The private key to use to decrypt the witness field. michael@0: * NOTES: michael@0: * This function uses the private key to decrypt the challenge field michael@0: * contained in the appropriate challenge. Make sure the private key matches michael@0: * the public key that was used to encrypt the witness. Use michael@0: * CMMF_POPODecKeyChallContentGetPublicValue to get the public value of michael@0: * the key used to encrypt the witness and then use that to determine the michael@0: * appropriate private key. This can be done by calling PK11_MakeIDFromPubKey michael@0: * and then passing that return value to PK11_FindKeyByKeyID. The creator of michael@0: * the challenge will most likely be an RA that has the public key michael@0: * from a Cert request. So the private key should be the private key michael@0: * associated with public key in that request. This function will also michael@0: * verify the witness field of the challenge. This function also verifies michael@0: * that the sender and witness hashes match within the challenge. michael@0: * michael@0: * RETURN: michael@0: * SECSuccess if decrypting the witness field was successful. This does michael@0: * not indicate that the decrypted data is valid, since the private key michael@0: * passed in may not be the actual key needed to properly decrypt the michael@0: * witness field. Meaning that there is a decrypted structure now, but michael@0: * may be garbage because the private key was incorrect. michael@0: * Any other return value indicates the function could not complete the michael@0: * decryption process. michael@0: */ michael@0: extern SECStatus michael@0: CMMF_POPODecKeyChallContDecryptChallenge(CMMFPOPODecKeyChallContent *inChalCont, michael@0: int inIndex, michael@0: SECKEYPrivateKey *inPrivKey); michael@0: michael@0: /* michael@0: * FUNCTION: CMMF_DestroyPOPODecKeyChallContent michael@0: * INPUTS: michael@0: * inDecKeyCont michael@0: * The CMMFPOPODecKeyChallContent to free michael@0: * NOTES: michael@0: * This function frees up all the memory associated with the michael@0: * CMMFPOPODecKeyChallContent michael@0: * RETURN: michael@0: * SECSuccess if freeing up all the memory associatd with the michael@0: * CMMFPOPODecKeyChallContent is successful. Any other return value michael@0: * indicates an error while freeing the memory. michael@0: * michael@0: */ michael@0: extern SECStatus michael@0: CMMF_DestroyPOPODecKeyChallContent (CMMFPOPODecKeyChallContent *inDecKeyCont); michael@0: michael@0: SEC_END_PROTOS michael@0: #endif /* _CMMF_H_ */