michael@0: /* -*- Mode: C; tab-width: 8 -*-*/ michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public michael@0: * License, v. 2.0. If a copy of the MPL was not distributed with this michael@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ michael@0: michael@0: michael@0: #ifndef _CRMF_H_ michael@0: #define _CRMF_H_ michael@0: michael@0: #include "seccomon.h" michael@0: #include "cert.h" michael@0: #include "crmft.h" michael@0: #include "secoid.h" michael@0: #include "secpkcs7.h" michael@0: michael@0: SEC_BEGIN_PROTOS michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_EncodeCertReqMsg michael@0: * INPUTS: michael@0: * inCertReqMsg michael@0: * The Certificate Request Message to be encoded. michael@0: * fn michael@0: * A Callback function that the ASN1 encoder calls whenever michael@0: * the encoder wants to write out some DER encoded bytes. michael@0: * arg michael@0: * An opaque pointer that gets passed to the function fn michael@0: * OUTPUT: michael@0: * The function fn will be called multiple times. Look at the michael@0: * comments in crmft.h where the CRMFEncoderOutputCallback type is michael@0: * defined for information on proper behavior of the function fn. michael@0: * RETURN: michael@0: * SECSuccess if encoding was successful. Any other return value michael@0: * indicates an error occurred during encoding. michael@0: */ michael@0: extern SECStatus michael@0: CRMF_EncodeCertReqMsg (CRMFCertReqMsg *inCertReqMsg, michael@0: CRMFEncoderOutputCallback fn, michael@0: void *arg); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_EncoderCertRequest michael@0: * INPUTS: michael@0: * inCertReq michael@0: * The Certificate Request to be encoded. michael@0: * fn michael@0: * A Callback function that the ASN1 encoder calls whenever michael@0: * the encoder wants to write out some DER encoded bytes. michael@0: * arg michael@0: * An opaque pointer that gets passed to the function fn. michael@0: * OUTPUT: michael@0: * The function fn will be called, probably multiple times whenever michael@0: * the ASN1 encoder wants to write out DER-encoded bytes. Look at the michael@0: * comments in crmft.h where the CRMFEncoderOutputCallback type is michael@0: * defined for information on proper behavior of the function fn. michael@0: * RETURN: michael@0: * SECSuccess if encoding was successful. Any other return value michael@0: * indicates an error occurred during encoding. michael@0: */ michael@0: extern SECStatus CRMF_EncodeCertRequest (CRMFCertRequest *inCertReq, michael@0: CRMFEncoderOutputCallback fn, michael@0: void *arg); michael@0: /* michael@0: * FUNCTION: CRMF_EncodeCertReqMessages michael@0: * INPUTS: michael@0: * inCertReqMsgs michael@0: * An array of pointers to the Certificate Request Messages michael@0: * to encode. The user must place a NULL pointer in the index michael@0: * after the last message to be encoded. When the library runs michael@0: * into the NULL pointer, the library assumes there are no more michael@0: * messages to encode. michael@0: * fn michael@0: * A Callback function that the ASN1 encoder calls whenever michael@0: * the encoder wants to write out some DER encoded byts. michael@0: * arg michael@0: * An opaque pointer that gets passed to the function fn. michael@0: * michael@0: * NOTES: michael@0: * The parameter inCertReqMsgs needs to be an array with a NULL pointer michael@0: * to signal the end of messages. An array in the form of michael@0: * {m1, m2, m3, NULL, m4, ...} will only encode the messages m1, m2, and michael@0: * m3. All messages from m4 on will not be looked at by the library. michael@0: * michael@0: * OUTPUT: michael@0: * The function fn will be called, probably multiple times. Look at the michael@0: * comments in crmft.h where the CRMFEncoderOutputCallback type is michael@0: * defined for information on proper behavior of the function fn. michael@0: * michael@0: * RETURN: michael@0: * SECSuccess if encoding the Certificate Request Messages was successful. michael@0: * Any other return value indicates an error occurred while encoding the michael@0: * certificate request messages. michael@0: */ michael@0: extern SECStatus michael@0: CRMF_EncodeCertReqMessages(CRMFCertReqMsg **inCertReqMsgs, michael@0: CRMFEncoderOutputCallback fn, michael@0: void *arg); michael@0: michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_CreateCertReqMsg michael@0: * INPUTS: michael@0: * NONE michael@0: * OUTPUT: michael@0: * An empty CRMF Certificate Request Message. michael@0: * Before encoding this message, the user must set michael@0: * the ProofOfPossession field and the certificate michael@0: * request which are necessary for the full message. michael@0: * After the user no longer needs this CertReqMsg, michael@0: * the user must call CRMF_DestroyCertReqMsg to free michael@0: * all memory associated with the Certificate Request michael@0: * Message. michael@0: * RETURN: michael@0: * A pointer to a Certificate Request Message. The user michael@0: * must pass the return value of this function to michael@0: * CRMF_DestroyCertReqMsg after the Certificate Request michael@0: * Message is no longer necessary. michael@0: */ michael@0: extern CRMFCertReqMsg* CRMF_CreateCertReqMsg(void); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_DestroyCertReqMsg michael@0: * INPUTS: michael@0: * inCertReqMsg michael@0: * The Certificate Request Message to destroy. michael@0: * NOTES: michael@0: * This function frees all the memory used for the Certificate michael@0: * Request Message and all the memory used in making copies of michael@0: * fields of elelments of the message, eg. the Proof Of Possession michael@0: * filed and the Cetificate Request. michael@0: * RETURN: michael@0: * SECSuccess if destruction was successful. Any other return value michael@0: * indicates an error while trying to free the memory associated michael@0: * with inCertReqMsg. michael@0: * michael@0: */ michael@0: extern SECStatus CRMF_DestroyCertReqMsg(CRMFCertReqMsg *inCertReqMsg); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_CertReqMsgSetCertRequest michael@0: * INPUTS: michael@0: * inCertReqMsg michael@0: * The Certificate Request Message that the function will set michael@0: * the certificate request for. michael@0: * inCertReq michael@0: * The Certificate Request that will be added to the Certificate michael@0: * Request Message. michael@0: * NOTES: michael@0: * This function will make a copy of the Certificate Request passed in michael@0: * and store it as part of the Certificate Request Message. Therefore, michael@0: * the user must not call this function until the Certificate Request michael@0: * has been fully built and is ready to be encoded. michael@0: * RETURN: michael@0: * SECSuccess michael@0: * If copying the Certificate as a member of the Certificate michael@0: * request message was successful. michael@0: * Any other return value indicates a failure to copy the Certificate michael@0: * Request and make it a part of the Certificate Request Message. michael@0: */ michael@0: extern SECStatus CRMF_CertReqMsgSetCertRequest(CRMFCertReqMsg *inCertReqMsg, michael@0: CRMFCertRequest *inCertReq); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_CreateCertRequest michael@0: * INPUTS: michael@0: * inRequestID michael@0: * The ID that will be associated with this certificate request. michael@0: * OUTPUTS: michael@0: * A certificate request which only has the requestID set. michael@0: * NOTES: michael@0: * The user must call the function CRMF_DestroyCertRequest when michael@0: * the returned value is no longer needed. This is usually the michael@0: * case after fully constructing the Certificate Request and then michael@0: * calling the function CRMF_CertReqMsgSetCertRequest. michael@0: * RETURN: michael@0: * A pointer to the new Certificate Request. A NULL return value michael@0: * indicates an error in creating the Certificate Request. michael@0: */ michael@0: extern CRMFCertRequest *CRMF_CreateCertRequest (PRUint32 inRequestID); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_DestroyCertRequest michael@0: * INPUTS: michael@0: * inCertReq michael@0: * The Certificate Request that will be destroyed. michael@0: * RETURN: michael@0: * SECSuccess michael@0: * If freeing the memory associated with the certificate request michael@0: * was successful. michael@0: * Any other return value indicates an error while trying to free the michael@0: * memory. michael@0: */ michael@0: extern SECStatus CRMF_DestroyCertRequest (CRMFCertRequest *inCertReq); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_CreateCertExtension michael@0: * INPUTS: michael@0: * id michael@0: * The SECOidTag to associate with this CertExtension. This must michael@0: * correspond to a valid Certificate Extension, if not the function michael@0: * will fail. michael@0: * isCritical michael@0: * A boolean value stating if the extension value is crtical. PR_TRUE michael@0: * means the value is crtical. PR_FALSE indicates the value is not michael@0: * critical. michael@0: * data michael@0: * This is the data associated with the extension. The user of the michael@0: * library is responsible for making sure the value passed in is a michael@0: * valid interpretation of the certificate extension. michael@0: * NOTES: michael@0: * Use this function to create CRMFCertExtension Structures which will michael@0: * then be passed to CRMF_AddFieldToCertTemplate as part of the michael@0: * CRMFCertCreationInfo.extensions The user must call michael@0: * CRMF_DestroyCertExtension after the extension has been added to a certifcate michael@0: * and the extension is no longer needed. michael@0: * michael@0: * RETURN: michael@0: * A pointer to a newly created CertExtension. A return value of NULL michael@0: * indicates the id passed in was an invalid certificate extension. michael@0: */ michael@0: extern CRMFCertExtension *CRMF_CreateCertExtension(SECOidTag id, michael@0: PRBool isCritical, michael@0: SECItem *data); michael@0: michael@0: /* michael@0: * FUNCTION: CMRF_DestroyCertExtension michael@0: * INPUTS: michael@0: * inExtension michael@0: * The Cert Extension to destroy michael@0: * NOTES: michael@0: * Destroy a structure allocated by CRMF_CreateCertExtension. michael@0: * michael@0: * RETURN: michael@0: * SECSuccess if freeing the memory associated with the certificate extension michael@0: * was successful. Any other error indicates an error while freeing the michael@0: * memory. michael@0: */ michael@0: extern SECStatus CRMF_DestroyCertExtension(CRMFCertExtension *inExtension); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_CertRequestSetTemplateField michael@0: * INPUTS: michael@0: * inCertReq michael@0: * The Certificate Request to operate on. michael@0: * inTemplateField michael@0: * An enumeration that indicates which field of the Certificate michael@0: * template to add. michael@0: * data michael@0: * A generic pointer that will be type cast according to the michael@0: * table under NOTES and used as the key for adding to the michael@0: * certificate template; michael@0: * NOTES: michael@0: * michael@0: * Below is a table that tells what type to pass in as data michael@0: * depending on the template field one wants to set. michael@0: * michael@0: * Look in crmft.h for the definition of CRMFCertTemplateField. michael@0: * michael@0: * In all cases, the library makes copies of the data passed in. michael@0: * michael@0: * CRMFCertTemplateField Type of data What data means michael@0: * --------------------- ------------ --------------- michael@0: * crmfVersion long * The version of michael@0: * the certificate michael@0: * to be created. michael@0: * michael@0: * crmfSerialNumber long * The serial number michael@0: * for the cert to be michael@0: * created. michael@0: * michael@0: * crmfSigningAlg SECAlgorithm * The ASN.1 object ID for michael@0: * the algorithm used in encoding michael@0: * the certificate. michael@0: * michael@0: * crmfIssuer CERTName * Certificate Library michael@0: * representation of the ASN1 type michael@0: * Name from X.509 michael@0: * michael@0: * crmfValidity CRMFValidityCreationInfo * At least one of the two michael@0: * fields in the structure must michael@0: * be present. A NULL pointer michael@0: * in the structure indicates michael@0: * that member should not be michael@0: * added. michael@0: * michael@0: * crmfSubject CERTName * Certificate Library michael@0: * representation of the ASN1 type michael@0: * Name from X.509 michael@0: * michael@0: * crmfPublicKey CERTSubjectPublicKeyInfo * The public key info for the michael@0: * certificate being requested. michael@0: * michael@0: * crmfIssuerUID SECItem * A bit string representation michael@0: * of the issuer UID. NOTE: The michael@0: * length is the number of bits michael@0: * and not the number of bytes. michael@0: * michael@0: * crmfSubjectUID SECItem* A bit string representation michael@0: * of the subject UID. NOTE: The michael@0: * length is the number of bits michael@0: * and not the number of bytes. michael@0: * michael@0: * crmfExtension CRMFCertExtCreationInfo * A pointer to the structure michael@0: * populated with an array of michael@0: * of certificate extensions michael@0: * and an integer that tells michael@0: * how many elements are in the michael@0: * array. Look in crmft.h for michael@0: * the definition of michael@0: * CRMFCertExtCreationInfo michael@0: * RETURN: michael@0: * SECSuccess if adding the desired field to the template was successful. michael@0: * Any other return value indicates failure when trying to add the field michael@0: * to the template. michael@0: * michael@0: */ michael@0: extern SECStatus michael@0: CRMF_CertRequestSetTemplateField(CRMFCertRequest *inCertReq, michael@0: CRMFCertTemplateField inTemplateField, michael@0: void *data); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_CertRequestIsFieldPresent michael@0: * INPUTS: michael@0: * inCertReq michael@0: * The certificate request to operate on. michael@0: * inTemplateField michael@0: * The enumeration for the template field the user wants to query michael@0: * about. michael@0: * NOTES: michael@0: * This function checks to see if the the field associated with inTemplateField michael@0: * enumeration is already present in the certificate request passed in. michael@0: * michael@0: * RETURN: michael@0: * The function returns PR_TRUE if the field associated with inTemplateField michael@0: * is already present in the certificate request. If the field is not present michael@0: * the function returns PR_FALSE. michael@0: */ michael@0: extern PRBool michael@0: CRMF_CertRequestIsFieldPresent(CRMFCertRequest *inCertReq, michael@0: CRMFCertTemplateField inTemplateField); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_CertRequestIsControlPresent michael@0: * INPUTS: michael@0: * inCertReq michael@0: * The certificate request to operate on. michael@0: * inControlType michael@0: * The type of control to look for. michael@0: * NOTES: michael@0: * This function looks at the control present in the certificate request michael@0: * and returns PR_TRUE iff a control of type inControlType already exists. michael@0: * The CRMF draft does not explicitly state that two controls of the same michael@0: * type can not exist within the same request. So the library will not michael@0: * cause an error if you try to add a control and one of the same type michael@0: * already exists. It is up to the application to ensure that multiple michael@0: * controls of the same type do not exist, if that is the desired behavior michael@0: * by the application. michael@0: * michael@0: * RETURN: michael@0: * The function returns PR_TRUE if a control of type inControlType already michael@0: * exists in the certificate request. If a control of type inControlType michael@0: * does not exist, the function will return PR_FALSE. michael@0: */ michael@0: extern PRBool michael@0: CRMF_CertRequestIsControlPresent(CRMFCertRequest *inCertReq, michael@0: CRMFControlType inControlType); michael@0: michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_CertRequestSetRegTokenControl michael@0: * INPUTS: michael@0: * inCertReq michael@0: * The Certificate Request to operate on. michael@0: * value michael@0: * The UTF8 value which will be the Registration Token Control michael@0: * for this Certificate Request. michael@0: * NOTES: michael@0: * The library does no verification that the value passed in is michael@0: * a valid UTF8 value. The caller must make sure of this in order michael@0: * to get an encoding that is valid. The library will ultimately michael@0: * encode this value as it was passed in. michael@0: * RETURN: michael@0: * SECSucces on successful addition of the Registration Token Control. michael@0: * Any other return value indicates an unsuccessful attempt to add the michael@0: * control. michael@0: * michael@0: */ michael@0: extern SECStatus CRMF_CertRequestSetRegTokenControl(CRMFCertRequest *inCertReq, michael@0: SECItem *value); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_CertRequestSetAuthenticatorControl michael@0: * INPUTS: michael@0: * inCertReq michael@0: * The Certificate Request to operate on. michael@0: * value michael@0: * The UTF8 value that will become the Authenticator Control michael@0: * for the passed in Certificate Request. michael@0: * NOTES: michael@0: * The library does no verification that the value passed in is michael@0: * a valid UTF8 value. The caller must make sure of this in order michael@0: * to get an encoding that is valid. The library will ultimately michael@0: * encode this value as it was passed in. michael@0: * RETURN: michael@0: * SECSucces on successful addition of the Authenticator Control. michael@0: * Any other return value indicates an unsuccessful attempt to add the michael@0: * control. michael@0: */ michael@0: extern SECStatus michael@0: CRMF_CertRequestSetAuthenticatorControl (CRMFCertRequest *inCertReq, michael@0: SECItem *value); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_CreateEncryptedKeyWithencryptedValue michael@0: * INPUTS: michael@0: * inPrivKey michael@0: * This is the private key associated with a certificate that is michael@0: * being requested. This structure will eventually wind up as michael@0: * a part of the PKIArchiveOptions Control. michael@0: * inCACert michael@0: * This is the certificate for the CA that will be receiving the michael@0: * certificate request for the private key passed in. michael@0: * OUTPUT: michael@0: * A CRMFEncryptedKey that can ultimately be used as part of the michael@0: * PKIArchiveOptions Control. michael@0: * michael@0: * RETURN: michael@0: * A pointer to a CRMFEncyptedKey. A NULL return value indicates an erro michael@0: * during the creation of the encrypted key. michael@0: */ michael@0: extern CRMFEncryptedKey* michael@0: CRMF_CreateEncryptedKeyWithEncryptedValue(SECKEYPrivateKey *inPrivKey, michael@0: CERTCertificate *inCACert); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_DestroyEncryptedKey michael@0: * INPUTS: michael@0: * inEncrKey michael@0: * The CRMFEncryptedKey to be destroyed. michael@0: * NOTES: michael@0: * Frees all memory associated with the CRMFEncryptedKey passed in. michael@0: * RETURN: michael@0: * SECSuccess if freeing the memory was successful. Any other return michael@0: * value indicates an error while freeig the memroy. michael@0: */ michael@0: extern SECStatus CRMF_DestroyEncryptedKey(CRMFEncryptedKey *inEncrKey); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_CreatePKIArchiveOptions michael@0: * INPUTS: michael@0: * inType michael@0: * An enumeration value indicating which option for michael@0: * PKIArchiveOptions to use. michael@0: * data michael@0: * A pointer that will be type-cast and de-referenced according michael@0: * to the table under NOTES. michael@0: * NOTES: michael@0: * A table listing what should be passed in as data michael@0: * ------------------------------------------------ michael@0: * michael@0: * inType data michael@0: * ------ ---- michael@0: * crmfEncryptedPrivateKey CRMFEncryptedKey* michael@0: * crmfKeyGenParameters SECItem*(This needs to be an octet string) michael@0: * crmfArchiveRemGenPrivKey PRBool* michael@0: * michael@0: * RETURN: michael@0: * A pointer the a CRMFPKIArchiveOptions that can be added to a Certificate michael@0: * Request. A NULL pointer indicates an error occurred while creating michael@0: * the CRMFPKIArchiveOptions Structure. michael@0: */ michael@0: extern CRMFPKIArchiveOptions* michael@0: CRMF_CreatePKIArchiveOptions(CRMFPKIArchiveOptionsType inType, michael@0: void *data); michael@0: /* michael@0: * FUNCTION: CRMF_DestroyPKIArchiveOptions michael@0: * INPUTS: michael@0: * inArchOpt michael@0: * A pointer to the CRMFPKIArchiveOptions structure to free. michael@0: * NOTES: michael@0: * Will free all memory associated with 'inArchOpt'. michael@0: * RETURN: michael@0: * SECSuccess if successful in freeing the memory used by 'inArchOpt' michael@0: * Any other return value indicates an error while freeing the memory. michael@0: */ michael@0: extern SECStatus michael@0: CRMF_DestroyPKIArchiveOptions(CRMFPKIArchiveOptions *inArchOpt); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_CertRequestSetPKIArchiveOptions michael@0: * INPUTS: michael@0: * inCertReq michael@0: * The Certificate Request to add the the options to. michael@0: * inOptions michael@0: * The Archive Options to add to the Certificate Request. michael@0: * NOTES: michael@0: * Adds the PKIArchiveOption to the Certificate Request. This is what michael@0: * enables Key Escrow to take place through CRMF. The library makes michael@0: * its own copy of the information. michael@0: * RETURN: michael@0: * SECSuccess if successful in adding the ArchiveOptions to the Certificate michael@0: * request. Any other return value indicates an error when trying to add michael@0: * the Archive Options to the Certificate Request. michael@0: */ michael@0: extern SECStatus michael@0: CRMF_CertRequestSetPKIArchiveOptions(CRMFCertRequest *inCertReq, michael@0: CRMFPKIArchiveOptions *inOptions); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_CertReqMsgGetPOPType michael@0: * INPUTS: michael@0: * inCertReqMsg michael@0: * The Certificate Request Message to operate on. michael@0: * NOTES: michael@0: * Returns an enumeration value indicating the method of Proof michael@0: * of Possession that was used for the passed in Certificate Request michael@0: * Message. michael@0: * RETURN: michael@0: * An enumeration indicating what method for Proof Of Possession is michael@0: * being used in this Certificate Request Message. Look in the file michael@0: * crmft.h for the definition of CRMFPOPChoice for the possible return michael@0: * values. michael@0: */ michael@0: extern CRMFPOPChoice CRMF_CertReqMsgGetPOPType(CRMFCertReqMsg *inCertReqMsg); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_CertReqMsgSetRAVerifiedPOP michael@0: * INPUT: michael@0: * InCertReqMsg michael@0: * The Certificate Request Message to operate on. michael@0: * NOTES: michael@0: * This function will set the method of Proof Of Possession to michael@0: * crmfRAVerified which means the RA has already verified the michael@0: * requester does possess the private key. michael@0: * RETURN: michael@0: * SECSuccess if adding RAVerified to the message is successful. michael@0: * Any other message indicates an error while trying to add RAVerified michael@0: * as the Proof of Possession. michael@0: */ michael@0: extern SECStatus CRMF_CertReqMsgSetRAVerifiedPOP(CRMFCertReqMsg *inCertReqMsg); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_CertReqMsgSetSignaturePOP michael@0: * INPUT: michael@0: * inCertReqMsg michael@0: * The Certificate Request Message to add the SignaturePOP to. michael@0: * inPrivKey michael@0: * The Private Key which corresponds to the the Certificate Request michael@0: * Message. michael@0: * inPubKey michael@0: * The Public Key which corresponds to the Private Key passed in. michael@0: * inCertForInput michael@0: * A Certificate that in the future may be used to create michael@0: * POPOSigningKeyInput. michael@0: * fn michael@0: * A callback for retrieving a password which may be used in the michael@0: * future to generate POPOSigningKeyInput. michael@0: * arg michael@0: * An opaque pointer that would be passed to fn whenever it is michael@0: * called. michael@0: * NOTES: michael@0: * Adds Proof Of Possession to the CertRequest using the signature field michael@0: * of the ProofOfPossession field. NOTE: In order to use this option, michael@0: * the certificate template must contain the publicKey at the very minimum. michael@0: * michael@0: * If you don't want the function to generate POPOSigningKeyInput, then michael@0: * make sure the cert template already contains the subject and public key michael@0: * values. Currently creating POPOSigningKeyInput is not supported, so michael@0: * a Message passed to this function must have the publicKey and the subject michael@0: * as part of the template michael@0: * michael@0: * This will take care of creating the entire POPOSigningKey structure michael@0: * that will become part of the message. michael@0: * michael@0: * inPrivKey is the key to be used in the signing operation when creating michael@0: * POPOSigningKey structure. This should be the key corresponding to michael@0: * the certificate being requested. michael@0: * michael@0: * inCertForInput will be used if POPOSigningKeyInput needs to be generated. michael@0: * It will be used in generating the authInfo.sender field. If the parameter michael@0: * is not passed in then authInfo.publicKeyMAC will be generated instead. michael@0: * If passed in, this certificate needs to be a valid certificate. michael@0: * michael@0: * The last 3 arguments are for future compatibility in case we ever want to michael@0: * support generating POPOSigningKeyInput. Pass in NULL for all 3 if you michael@0: * definitely don't want the function to even try to generate michael@0: * POPOSigningKeyInput. If you try to use POPOSigningKeyInput, the function michael@0: * will fail. michael@0: * michael@0: * RETURN: michael@0: * SECSuccess if adding the Signature Proof Of Possession worked. michael@0: * Any other return value indicates an error in trying to add michael@0: * the Signature Proof Of Possession. michael@0: */ michael@0: extern SECStatus michael@0: CRMF_CertReqMsgSetSignaturePOP(CRMFCertReqMsg *inCertReqMsg, michael@0: SECKEYPrivateKey *inPrivKey, michael@0: SECKEYPublicKey *inPubKey, michael@0: CERTCertificate *inCertForInput, michael@0: CRMFMACPasswordCallback fn, michael@0: void *arg); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_CertReqMsgSetKeyEnciphermentPOP michael@0: * INPUTS: michael@0: * inCertReqMsg michael@0: * The Certificate Request Message to operate on. michael@0: * inKeyChoice michael@0: * An enumeration indicating which POPOPrivKey Choice to use michael@0: * in constructing the KeyEnciphermentPOP. michael@0: * subseqMess michael@0: * This parameter must be provided iff inKeyChoice is michael@0: * crmfSubsequentMessage. This details how the RA is to respond michael@0: * in order to perform Proof Of Possession. Look in crmft.h under michael@0: * the definition of CRMFSubseqMessOptions for possible values. michael@0: * encPrivKey michael@0: * This parameter only needs to be provided if inKeyChoice is michael@0: * crmfThisMessage. The item should contain the encrypted private michael@0: * key. michael@0: * michael@0: * NOTES: michael@0: * Adds Proof Of Possession using the keyEncipherment field of michael@0: * ProofOfPossession. michael@0: * michael@0: * The function looks at the the inKeyChoice parameter and interprets it in michael@0: * in the following manner. michael@0: * michael@0: * If a parameter is not mentioned under interpretation, the function will not michael@0: * look at its value when implementing that case. michael@0: * michael@0: * inKeyChoice Interpretation michael@0: * ----------- -------------- michael@0: * crmfThisMessage This options requires that the encrypted private key michael@0: * be included in the thisMessage field of POPOPrivKey. michael@0: * We don't support this yet, so any clients who want michael@0: * to use this feature have to implement a wrapping michael@0: * function and agree with the server on how to properly michael@0: * wrap the key. That encrypted key must be passed in michael@0: * as the encPrivKey parameter. michael@0: * michael@0: * crmfSubequentMessage Must pass in a value for subseqMess. The value must michael@0: * be either CRMFEncrCert or CRMFChallengeResp. The michael@0: * parameter encPrivKey will not be looked at in this michael@0: * case. michael@0: * michael@0: * crmfDHMAC This is not a valid option for this function. Passing michael@0: * in this value will result in the function returning michael@0: * SECFailure. michael@0: * RETURN: michael@0: * SECSuccess if adding KeyEnciphermentPOP was successful. Any other return michael@0: * value indicates an error in adding KeyEnciphermentPOP. michael@0: */ michael@0: extern SECStatus michael@0: CRMF_CertReqMsgSetKeyEnciphermentPOP(CRMFCertReqMsg *inCertReqMsg, michael@0: CRMFPOPOPrivKeyChoice inKeyChoice, michael@0: CRMFSubseqMessOptions subseqMess, michael@0: SECItem *encPrivKey); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_CertReqMsgSetKeyAgreementPOP michael@0: * INPUTS: michael@0: * inCertReqMsg michael@0: * The Certificate Request Message to operate on. michael@0: * inKeyChoice michael@0: * An enumeration indicating which POPOPrivKey Choice to use michael@0: * in constructing the KeyAgreementPOP. michael@0: * subseqMess michael@0: * This parameter must be provided iff inKeyChoice is michael@0: * crmfSubsequentMessage. This details how the RA is to respond michael@0: * in order to perform Proof Of Possession. Look in crmft.h under michael@0: * the definition of CRMFSubseqMessOptions for possible values. michael@0: * encPrivKey michael@0: * This parameter only needs to be provided if inKeyChoice is michael@0: * crmfThisMessage. The item should contain the encrypted private michael@0: * key. michael@0: * Adds Proof Of Possession using the keyAgreement field of michael@0: * ProofOfPossession. michael@0: * michael@0: * The function looks at the the inKeyChoice parameter and interprets it in michael@0: * in the following manner. michael@0: * michael@0: * If a parameter is not mentioned under interpretation, the function will not michael@0: * look at its value when implementing that case. michael@0: * michael@0: * inKeyChoice Interpretation michael@0: * ----------- -------------- michael@0: * crmfThisMessage This options requires that the encrypted private key michael@0: * be included in the thisMessage field of POPOPrivKey. michael@0: * We don't support this yet, so any clients who want michael@0: * to use this feature have to implement a wrapping michael@0: * function and agree with the server on how to properly michael@0: * wrap the key. That encrypted key must be passed in michael@0: * as the encPrivKey parameter. michael@0: * michael@0: * crmfSubequentMessage Must pass in a value for subseqMess. The value must michael@0: * be either crmfEncrCert or crmfChallengeResp. The michael@0: * parameter encPrivKey will not be looked at in this michael@0: * case. michael@0: * michael@0: * crmfDHMAC This option is not supported. michael@0: */ michael@0: extern SECStatus michael@0: CRMF_CertReqMsgSetKeyAgreementPOP(CRMFCertReqMsg *inCertReqMsg, michael@0: CRMFPOPOPrivKeyChoice inKeyChoice, michael@0: CRMFSubseqMessOptions subseqMess, michael@0: SECItem *encPrivKey); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_CreateCertReqMsgFromDER michael@0: * INPUTS: michael@0: * buf michael@0: * A buffer to the DER-encoded Certificate Request Message. michael@0: * len michael@0: * The length in bytes of the buffer 'buf' michael@0: * NOTES: michael@0: * This function passes the buffer to the ASN1 decoder and creates a michael@0: * CRMFCertReqMsg structure. Do not try adding any fields to a message michael@0: * returned from this function. Specifically adding more Controls or michael@0: * Extensions may cause your program to crash. michael@0: * michael@0: * RETURN: michael@0: * A pointer to the Certificate Request Message structure. A NULL return michael@0: * value indicates the library was unable to parse the DER. michael@0: */ michael@0: extern CRMFCertReqMsg* CRMF_CreateCertReqMsgFromDER(const char *buf, long len); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_CreateCertReqMessagesFromDER michael@0: * INPUTS: michael@0: * buf michael@0: * A buffer to the DER-encoded Certificate Request Messages. michael@0: * len michael@0: * The length in bytes of buf michael@0: * NOTES: michael@0: * This function passes the buffer to the ASN1 decoder and creates a michael@0: * CRMFCertReqMessages structure. Do not try adding any fields to a message michael@0: * derived from this function. Specifically adding more Controls or michael@0: * Extensions may cause your program to crash. michael@0: * The user must call CRMF_DestroyCertReqMessages after the return value is michael@0: * no longer needed, ie when all individual messages have been extracted. michael@0: * michael@0: * RETURN: michael@0: * A pointer to the Certificate Request Messages structure. A NULL return michael@0: * value indicates the library was unable to parse the DER. michael@0: */ michael@0: extern CRMFCertReqMessages* michael@0: CRMF_CreateCertReqMessagesFromDER(const char *buf, long len); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_DestroyCertReqMessages michael@0: * INPUTS michael@0: * inCertReqMsgs michael@0: * The Messages to destroy. michael@0: * RETURN: michael@0: * SECSuccess if freeing the memory was done successfully. Any other michael@0: * return value indicates an error in freeing up memory. michael@0: */ michael@0: extern SECStatus michael@0: CRMF_DestroyCertReqMessages(CRMFCertReqMessages *inCertReqMsgs); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_CertReqMessagesGetNumMessages michael@0: * INPUTS: michael@0: * inCertReqMsgs michael@0: * The Request Messages to operate on. michael@0: * RETURN: michael@0: * The number of messages contained in the in the Request Messages michael@0: * strucure. michael@0: */ michael@0: extern int michael@0: CRMF_CertReqMessagesGetNumMessages(CRMFCertReqMessages *inCertReqMsgs); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_CertReqMessagesGetCertReqMsgAtIndex michael@0: * INPUTS: michael@0: * inReqMsgs michael@0: * The Certificate Request Messages to operate on. michael@0: * index michael@0: * The index of the single message the user wants a copy of. michael@0: * NOTES: michael@0: * This function returns a copy of the request messages stored at the michael@0: * index corresponding to the parameter 'index'. Indexing of the messages michael@0: * is done in the same manner as a C array. Meaning the valid index are michael@0: * 0...numMessages-1. User must call CRMF_DestroyCertReqMsg when done using michael@0: * the return value of this function. michael@0: * michael@0: * RETURN: michael@0: * SECSuccess if copying the message at the requested index was successful. michael@0: * Any other return value indicates an invalid index or error while copying michael@0: * the single request message. michael@0: */ michael@0: extern CRMFCertReqMsg* michael@0: CRMF_CertReqMessagesGetCertReqMsgAtIndex(CRMFCertReqMessages *inReqMsgs, michael@0: int index); michael@0: michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_CertReqMsgGetID michael@0: * INPUTS: michael@0: * inCertReqMsg michael@0: * The Certificate Request Message to get the ID from. michael@0: * destID michael@0: * A pointer to where the library can place the ID of the Message. michael@0: * RETURN: michael@0: * SECSuccess if the function was able to retrieve the ID and place it michael@0: * at *destID. Any other return value indicates an error meaning the value michael@0: * in *destId is un-reliable and should not be used by the caller of this michael@0: * function. michael@0: * michael@0: */ michael@0: extern SECStatus CRMF_CertReqMsgGetID(CRMFCertReqMsg *inCertReqMsg, michael@0: long *destID); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_DoesRequestHaveField michael@0: * INPUTS: michael@0: * inCertReq michael@0: * The Certificate Request to operate on. michael@0: * inField michael@0: * An enumeration indicating which filed of the certificate template michael@0: * to look for. michael@0: * NOTES: michael@0: * All the fields in a certificate template are optional. This function michael@0: * checks to see if the requested field is present. Look in crmft.h at the michael@0: * definition of CRMFCertTemplateField for possible values for possible michael@0: * querying. michael@0: * michael@0: * RETURN: michael@0: * PR_TRUE iff the field corresponding to 'inField' has been specified as part michael@0: * of 'inCertReq' michael@0: * PR_FALSE iff the field corresponding to 'inField' has not been speicified michael@0: * as part of 'inCertReq' michael@0: * michael@0: */ michael@0: extern PRBool CRMF_DoesRequestHaveField(CRMFCertRequest *inCertReq, michael@0: CRMFCertTemplateField inField); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_CertReqMsgGetCertRequest michael@0: * INPUTS: michael@0: * inCertReqMsg michael@0: * The Certificate Request Message to operate on. michael@0: * NOTES: michael@0: * This function returns a copy of the Certificate Request to the user. michael@0: * The user can keep adding to this request and then making it a part michael@0: * of another message. After the user no longer wants to use the michael@0: * returned request, the user must call CRMF_DestroyCertRequest and michael@0: * pass it the request returned by this function. michael@0: * RETURN: michael@0: * A pointer to a copy of the certificate request contained by the message. michael@0: * A NULL return value indicates an error occurred while copying the michael@0: * certificate request. michael@0: */ michael@0: extern CRMFCertRequest * michael@0: CRMF_CertReqMsgGetCertRequest(CRMFCertReqMsg *inCertReqMsg); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_CertRequestGetCertTemplateVersion michael@0: * INPUTS: michael@0: * inCertReq michael@0: * The Certificate Request to operate on. michael@0: * version michael@0: * A pointer to where the library can store the version contatined michael@0: * in the certificate template within the certifcate request. michael@0: * RETURN: michael@0: * SECSuccess if the Certificate template contains the version field. In michael@0: * this case, *version will hold the value of the certificate template michael@0: * version. michael@0: * SECFailure indicates that version field was not present as part of michael@0: * of the certificate template. michael@0: */ michael@0: extern SECStatus michael@0: CRMF_CertRequestGetCertTemplateVersion(CRMFCertRequest *inCertReq, michael@0: long *version); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_CertRequestGetCertTemplateSerialNumber michael@0: * INPUTS: michael@0: * inCertReq michael@0: * The certificate request to operate on. michael@0: * serialNumber michael@0: * A pointer where the library can put the serial number contained michael@0: * in the certificate request's certificate template. michael@0: * RETURN: michael@0: * If a serial number exists in the CertTemplate of the request, the function michael@0: * returns SECSuccess and the value at *serialNumber contains the serial michael@0: * number. michael@0: * If no serial number is present, then the function returns SECFailure and michael@0: * the value at *serialNumber is un-changed. michael@0: */ michael@0: extern SECStatus michael@0: CRMF_CertRequestGetCertTemplateSerialNumber(CRMFCertRequest *inCertReq, michael@0: long *serialNumber); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_CertRequestGetCertTemplateSigningAlg michael@0: * INPUT: michael@0: * inCertReq michael@0: * The Certificate Request to operate on. michael@0: * destAlg michael@0: * A Pointer to where the library can place a copy of the signing alg michael@0: * used in the cert request's cert template. michael@0: * RETURN: michael@0: * If the signingAlg is present in the CertRequest's CertTemplate, then michael@0: * the function returns SECSuccess and places a copy of sigingAlg in michael@0: * *destAlg. michael@0: * If no signingAlg is present, then the function returns SECFailure and michael@0: * the value at *destAlg is un-changed michael@0: */ michael@0: extern SECStatus michael@0: CRMF_CertRequestGetCertTemplateSigningAlg(CRMFCertRequest *inCertReq, michael@0: SECAlgorithmID *destAlg); michael@0: /* michael@0: * FUNCTION: CRMF_CertRequestGetCertTemplateIssuer michael@0: * INPUTS: michael@0: * inCertReq michael@0: * The Certificate Request to operate on. michael@0: * destIssuer michael@0: * A pointer to where the library can place a copy of the cert michael@0: * request's cert template issuer field. michael@0: * RETURN: michael@0: * If the issuer is present in the cert request cert template, the function michael@0: * returns SECSuccess and places a copy of the issuer in *destIssuer. michael@0: * If there is no issuer present, the function returns SECFailure and the michael@0: * value at *destIssuer is unchanged. michael@0: */ michael@0: extern SECStatus michael@0: CRMF_CertRequestGetCertTemplateIssuer(CRMFCertRequest *inCertReq, michael@0: CERTName *destIssuer); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_CertRequestGetCertTemplateValidity michael@0: * INPUTS: michael@0: * inCertReq michael@0: * The Certificate Request to operate on. michael@0: * destValdity michael@0: * A pointer to where the library can place a copy of the validity michael@0: * info in the cert request cert template. michael@0: * NOTES: michael@0: * Pass the pointer to michael@0: * RETURN: michael@0: * If there is an OptionalValidity field, the function will return SECSuccess michael@0: * and place the appropriate values in *destValidity->notBefore and michael@0: * *destValidity->notAfter. (Each field is optional, but at least one will michael@0: * be present if the function returns SECSuccess) michael@0: * michael@0: * If there is no OptionalValidity field, the function will return SECFailure michael@0: * and the values at *destValidity will be un-changed. michael@0: */ michael@0: extern SECStatus michael@0: CRMF_CertRequestGetCertTemplateValidity(CRMFCertRequest *inCertReq, michael@0: CRMFGetValidity *destValidity); michael@0: /* michael@0: * FUNCTION: CRMF_DestroyGetValidity michael@0: * INPUTS: michael@0: * inValidity michael@0: * A pointer to the memroy to be freed. michael@0: * NOTES: michael@0: * The function will free the memory allocated by the function michael@0: * CRMF_CertRequestGetCertTemplateValidity. That means only memory pointed michael@0: * to within the CRMFGetValidity structure. Since michael@0: * CRMF_CertRequestGetCertTemplateValidity does not allocate memory for the michael@0: * structure passed into it, it will not free it. Meaning this function will michael@0: * free the memory at inValidity->notBefore and inValidity->notAfter, but not michael@0: * the memory directly at inValdity. michael@0: * michael@0: * RETURN: michael@0: * SECSuccess if freeing the memory was successful. Any other return value michael@0: * indicates an error while freeing the memory. michael@0: */ michael@0: extern SECStatus michael@0: CRMF_DestroyGetValidity(CRMFGetValidity *inValidity); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_CertRequestGetCertTemplateSubject michael@0: * INPUTS: michael@0: * inCertReq michael@0: * The Certificate Request to operate on. michael@0: * destSubject michael@0: * A pointer to where the library can place a copy of the subject michael@0: * contained in the request's cert template. michael@0: * RETURN: michael@0: * If there is a subject in the CertTemplate, then the function returns michael@0: * SECSuccess and a copy of the subject is placed in *destSubject. michael@0: * michael@0: * If there is no subject, the function returns SECFailure and the values at michael@0: * *destSubject is unchanged. michael@0: */ michael@0: extern SECStatus michael@0: CRMF_CertRequestGetCertTemplateSubject (CRMFCertRequest *inCertReq, michael@0: CERTName *destSubject); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_CertRequestGetCertTemplatePublicKey michael@0: * INPUTS: michael@0: * inCertReq michael@0: * The Cert request to operate on. michael@0: * destPublicKey michael@0: * A pointer to where the library can place a copy of the request's michael@0: * cert template public key. michael@0: * RETURN: michael@0: * If there is a publicKey parameter in the CertRequest, the function returns michael@0: * SECSuccess, and places a copy of the publicKey in *destPublicKey. michael@0: * michael@0: * If there is no publicKey, the function returns SECFailure and the value michael@0: * at *destPublicKey is un-changed. michael@0: */ michael@0: extern SECStatus michael@0: CRMF_CertRequestGetCertTemplatePublicKey(CRMFCertRequest *inCertReq, michael@0: CERTSubjectPublicKeyInfo *destPublicKey); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_CertRequestGetCertTemplateIssuerUID michael@0: * INPUTS: michael@0: * inCertReq michael@0: * The Cert request to operate on. michael@0: * destIssuerUID michael@0: * A pointer to where the library can store a copy of the request's michael@0: * cert template destIssuerUID. michael@0: * michael@0: * NOTES: michael@0: * destIssuerUID is a bit string and will be returned in a SECItem as michael@0: * a bit string. Meaning the len field contains the number of valid bits as michael@0: * opposed to the number of bytes allocated. michael@0: * michael@0: * RETURN: michael@0: * If the CertTemplate has an issuerUID, the function returns SECSuccess and michael@0: * places a copy of the issuerUID in *destIssuerUID. michael@0: * michael@0: * If there is no issuerUID, the function returns SECFailure and the value michael@0: * *destIssuerUID is unchanged. michael@0: */ michael@0: extern SECStatus michael@0: CRMF_CertRequestGetCertTemplateIssuerUID(CRMFCertRequest *inCertReq, michael@0: SECItem *destIssuerUID); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_CertRequestGetCertTemplateSubjectUID michael@0: * inCertReq michael@0: * The Cert request to operate on. michael@0: * destSubjectUID michael@0: * A pointer to where the library can store a copy of the request's michael@0: * cert template destIssuerUID. michael@0: * michael@0: * NOTES: michael@0: * destSubjectUID is a bit string and will be returned in a SECItem as michael@0: * a bit string. Meaning the len field contains the number of valid bits as michael@0: * opposed to the number of bytes allocated. michael@0: * michael@0: * RETURN: michael@0: * If the CertTemplate has an issuerUID, the function returns SECSuccess and michael@0: * places a copy of the issuerUID in *destIssuerUID. michael@0: * michael@0: * If there is no issuerUID, the function returns SECSuccess and the value michael@0: * *destIssuerUID is unchanged. michael@0: */ michael@0: extern SECStatus CRMF_GetCertTemplateSubjectUID(CRMFCertRequest *inCertReq, michael@0: SECItem *destSubjectUID); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_CertRequestGetNumberOfExtensions michael@0: * INPUTS: michael@0: * inCertReq michael@0: * The cert request to operate on. michael@0: * RETURN: michael@0: * Returns the number of extensions contained by the Cert Request. michael@0: */ michael@0: extern int CRMF_CertRequestGetNumberOfExtensions(CRMFCertRequest *inCertReq); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_CertRequestGetExtensionAtIndex michael@0: * INPUTS: michael@0: * inCertReq michael@0: * The Certificate request to operate on. michael@0: * index michael@0: * The index of the extension array whihc the user wants to access. michael@0: * NOTES: michael@0: * This function retrieves the extension at the index corresponding to the michael@0: * parameter "index" indicates. Indexing is done like a C array. michael@0: * (0 ... numElements-1) michael@0: * michael@0: * Call CRMF_DestroyCertExtension when done using the return value. michael@0: * michael@0: * RETURN: michael@0: * A pointer to a copy of the extension at the desired index. A NULL michael@0: * return value indicates an invalid index or an error while copying michael@0: * the extension. michael@0: */ michael@0: extern CRMFCertExtension * michael@0: CRMF_CertRequestGetExtensionAtIndex(CRMFCertRequest *inCertReq, michael@0: int index); michael@0: /* michael@0: * FUNCTION: CRMF_CertExtensionGetOidTag michael@0: * INPUTS: michael@0: * inExtension michael@0: michael@0: * The extension to operate on. michael@0: * RETURN: michael@0: * Returns the SECOidTag associated with the cert extension passed in. michael@0: */ michael@0: extern SECOidTag CRMF_CertExtensionGetOidTag(CRMFCertExtension *inExtension); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_CertExtensionGetIsCritical michael@0: * INPUT: michael@0: * inExt michael@0: * The cert extension to operate on. michael@0: * michael@0: * RETURN: michael@0: * PR_TRUE if the extension is critical. michael@0: * PR_FALSE if the extension is not critical. michael@0: */ michael@0: extern PRBool CRMF_CertExtensionGetIsCritical(CRMFCertExtension *inExt); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_CertExtensionGetValue michael@0: * INPUT: michael@0: * inExtension michael@0: * The extension to operate on. michael@0: * NOTES: michael@0: * Caller is responsible for freeing the memory associated with the return michael@0: * value. Call SECITEM_FreeItem(retVal, PR_TRUE) when done using the return michael@0: * value. michael@0: * michael@0: * RETURN: michael@0: * A pointer to an item containig the value for the certificate extension. michael@0: * A NULL return value indicates an error in copying the information. michael@0: */ michael@0: extern SECItem* CRMF_CertExtensionGetValue(CRMFCertExtension *inExtension); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_CertReqMsgGetPOPOSigningKey michael@0: * INPUTS: michael@0: * inCertReqMsg michael@0: * The certificate request message to operate on. michael@0: * destKey michael@0: * A pointer to where the library can place a pointer to michael@0: * a copy of the Proof Of Possession Signing Key used michael@0: * by the message. michael@0: * michael@0: * RETURN: michael@0: * Get the POPOSigningKey associated with this CRMFCertReqMsg. michael@0: * If the CertReqMsg does not have a pop, the function returns michael@0: * SECFailure and the value at *destKey is un-changed.. michael@0: * michael@0: * If the CertReqMsg does have a pop, then the CertReqMsg's michael@0: * POPOSigningKey will be placed at *destKey. michael@0: */ michael@0: extern SECStatus michael@0: CRMF_CertReqMsgGetPOPOSigningKey(CRMFCertReqMsg *inCertReqMsg, michael@0: CRMFPOPOSigningKey **destKey); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_DestroyPOPOSigningKey michael@0: * INPUTS: michael@0: * inKey michael@0: * The signing key to free. michael@0: * michael@0: * RETURN: michael@0: * SECSuccess if freeing the memory was successful. Any other return value michael@0: * indicates an error while freeing memory. michael@0: */ michael@0: extern SECStatus CRMF_DestroyPOPOSigningKey (CRMFPOPOSigningKey *inKey); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_POPOSigningKeyGetAlgID michael@0: * INPUTS: michael@0: * inSignKey michael@0: * The Signing Key to operate on. michael@0: * RETURN: michael@0: * Return the algorithmID used by the CRMFPOPOSigningKey. User must michael@0: * call SECOID_DestroyAlgorithmID(destID, PR_TRUE) when done using the michael@0: * return value. michael@0: */ michael@0: extern SECAlgorithmID* michael@0: CRMF_POPOSigningKeyGetAlgID(CRMFPOPOSigningKey *inSignKey); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_POPOSigningKeyGetSignature michael@0: * INPUTS: michael@0: * inSignKey michael@0: * The Signing Key to operate on. michael@0: * michael@0: * RETURN: michael@0: * Get the actual signature stored away in the CRMFPOPOSigningKey. SECItem michael@0: * returned is a BIT STRING, so the len field is the number of bits as opposed michael@0: * to the total number of bytes allocatd. User must call michael@0: * SECITEM_FreeItem(retVal,PR_TRUE) when done using the return value. michael@0: */ michael@0: extern SECItem* CRMF_POPOSigningKeyGetSignature(CRMFPOPOSigningKey *inSignKey); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_POPOSigningKeyGetInput michael@0: * INPUTS: michael@0: * inSignKey michael@0: * The Signing Key to operate on. michael@0: * NOTES: michael@0: * This function will return the der encoded input that was read in while michael@0: * decoding. The API does not support this option when creating, so you michael@0: * cannot add this field. michael@0: * michael@0: * RETURN: michael@0: * Get the poposkInput that is part of the of the POPOSigningKey. If the michael@0: * optional field is not part of the POPOSigningKey, the function returns michael@0: * NULL. michael@0: * michael@0: * If the optional field is part of the POPOSingingKey, the function will michael@0: * return a copy of the der encoded poposkInput. michael@0: */ michael@0: extern SECItem* CRMF_POPOSigningKeyGetInput(CRMFPOPOSigningKey *inSignKey); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_CertReqMsgGetPOPKeyEncipherment michael@0: * INPUTS: michael@0: * inCertReqMsg michael@0: * The certificate request message to operate on. michael@0: * destKey michael@0: * A pointer to where the library can place a pointer to a michael@0: * copy of the POPOPrivKey representing Key Encipherment michael@0: * Proof of Possession. michael@0: *NOTES: michael@0: * This function gets the POPOPrivKey associated with this CRMFCertReqMsg michael@0: * for Key Encipherment. michael@0: * michael@0: * RETURN: michael@0: * If the CertReqMsg did not use Key Encipherment for Proof Of Possession, the michael@0: * function returns SECFailure and the value at *destKey is un-changed. michael@0: * michael@0: * If the CertReqMsg did use Key Encipherment for ProofOfPossession, the michael@0: * function returns SECSuccess and places the POPOPrivKey representing the michael@0: * Key Encipherment Proof Of Possessin at *destKey. michael@0: */ michael@0: extern SECStatus michael@0: CRMF_CertReqMsgGetPOPKeyEncipherment(CRMFCertReqMsg *inCertReqMsg, michael@0: CRMFPOPOPrivKey **destKey); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_CertReqMsgGetPOPKeyAgreement michael@0: * INPUTS: michael@0: * inCertReqMsg michael@0: * The certificate request message to operate on. michael@0: * destKey michael@0: * A pointer to where the library can place a pointer to a michael@0: * copy of the POPOPrivKey representing Key Agreement michael@0: * Proof of Possession. michael@0: * NOTES: michael@0: * This function gets the POPOPrivKey associated with this CRMFCertReqMsg for michael@0: * Key Agreement. michael@0: * michael@0: * RETURN: michael@0: * If the CertReqMsg used Key Agreement for Proof Of Possession, the michael@0: * function returns SECSuccess and the POPOPrivKey for Key Agreement michael@0: * is placed at *destKey. michael@0: * michael@0: * If the CertReqMsg did not use Key Agreement for Proof Of Possession, the michael@0: * function return SECFailure and the value at *destKey is unchanged. michael@0: */ michael@0: extern SECStatus michael@0: CRMF_CertReqMsgGetPOPKeyAgreement(CRMFCertReqMsg *inCertReqMsg, michael@0: CRMFPOPOPrivKey **destKey); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_DestroyPOPOPrivKey michael@0: * INPUTS: michael@0: * inPrivKey michael@0: * The POPOPrivKey to destroy. michael@0: * NOTES: michael@0: * Destroy a structure allocated by CRMF_GetPOPKeyEncipherment or michael@0: * CRMF_GetPOPKeyAgreement. michael@0: * michael@0: * RETURN: michael@0: * SECSuccess on successful destruction of the POPOPrivKey. michael@0: * Any other return value indicates an error in freeing the michael@0: * memory. michael@0: */ michael@0: extern SECStatus CRMF_DestroyPOPOPrivKey(CRMFPOPOPrivKey *inPrivKey); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_POPOPrivKeyGetChoice michael@0: * INPUT: michael@0: * inKey michael@0: * The POPOPrivKey to operate on. michael@0: * RETURN: michael@0: * Returns which choice was used in constructing the POPPOPrivKey. Look at michael@0: * the definition of CRMFPOPOPrivKeyChoice in crmft.h for the possible return michael@0: * values. michael@0: */ michael@0: extern CRMFPOPOPrivKeyChoice CRMF_POPOPrivKeyGetChoice(CRMFPOPOPrivKey *inKey); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_POPOPrivKeyGetThisMessage michael@0: * INPUTS: michael@0: * inKey michael@0: * The POPOPrivKey to operate on. michael@0: * destString michael@0: * A pointer to where the library can place a copy of the This Message michael@0: * field stored in the POPOPrivKey michael@0: * michael@0: * RETURN: michael@0: * Returns the field thisMessage from the POPOPrivKey. michael@0: * If the POPOPrivKey did not use the field thisMessage, the function michael@0: * returns SECFailure and the value at *destString is unchanged. michael@0: * michael@0: * If the POPOPrivKey did use the field thisMessage, the function returns michael@0: * SECSuccess and the BIT STRING representing thisMessage is placed michael@0: * at *destString. BIT STRING representation means the len field is the michael@0: * number of valid bits as opposed to the total number of bytes. michael@0: */ michael@0: extern SECStatus CRMF_POPOPrivKeyGetThisMessage(CRMFPOPOPrivKey *inKey, michael@0: SECItem *destString); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_POPOPrivKeyGetSubseqMess michael@0: * INPUTS: michael@0: * inKey michael@0: * The POPOPrivKey to operate on. michael@0: * destOpt michael@0: * A pointer to where the library can place the value of the michael@0: * Subsequent Message option used by POPOPrivKey. michael@0: * michael@0: * RETURN: michael@0: * Retrieves the field subsequentMessage from the POPOPrivKey. michael@0: * If the POPOPrivKey used the subsequentMessage option, the function michael@0: * returns SECSuccess and places the appropriate enumerated value at michael@0: * *destMessageOption. michael@0: * michael@0: * If the POPOPrivKey did not use the subsequenMessage option, the function michael@0: * returns SECFailure and the value at *destOpt is un-changed. michael@0: */ michael@0: extern SECStatus CRMF_POPOPrivKeyGetSubseqMess(CRMFPOPOPrivKey *inKey, michael@0: CRMFSubseqMessOptions *destOpt); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_POPOPrivKeyGetDHMAC michael@0: * INPUTS: michael@0: * inKey michael@0: * The POPOPrivKey to operate on. michael@0: * destMAC michael@0: * A pointer to where the library can place a copy of the dhMAC michael@0: * field of the POPOPrivKey. michael@0: * michael@0: * NOTES: michael@0: * Returns the field dhMAC from the POPOPrivKey. The populated SECItem michael@0: * is in BIT STRING format. michael@0: * michael@0: * RETURN: michael@0: * If the POPOPrivKey used the dhMAC option, the function returns SECSuccess michael@0: * and the BIT STRING for dhMAC will be placed at *destMAC. The len field in michael@0: * destMAC (ie destMAC->len) will be the valid number of bits as opposed to michael@0: * the number of allocated bytes. michael@0: * michael@0: * If the POPOPrivKey did not use the dhMAC option, the function returns michael@0: * SECFailure and the value at *destMAC is unchanged. michael@0: * michael@0: */ michael@0: extern SECStatus CRMF_POPOPrivKeyGetDHMAC(CRMFPOPOPrivKey *inKey, michael@0: SECItem *destMAC); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_CertRequestGetNumControls michael@0: * INPUTS: michael@0: * inCertReq michael@0: * The Certificate Request to operate on. michael@0: * RETURN: michael@0: * Returns the number of Controls registered with this CertRequest. michael@0: */ michael@0: extern int CRMF_CertRequestGetNumControls (CRMFCertRequest *inCertReq); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_CertRequestGetControlAtIndex michael@0: * INPUTS: michael@0: * inCertReq michael@0: * The certificate request to operate on. michael@0: * index michael@0: * The index of the control the user wants a copy of. michael@0: * NOTES: michael@0: * Function retrieves the Control at located at index. The Controls michael@0: * are numbered like a traditional C array (0 ... numElements-1) michael@0: * michael@0: * RETURN: michael@0: * Returns a copy of the control at the index specified. This is a copy michael@0: * so the user must call CRMF_DestroyControl after the return value is no michael@0: * longer needed. A return value of NULL indicates an error while copying michael@0: * the control or that the index was invalid. michael@0: */ michael@0: extern CRMFControl* michael@0: CRMF_CertRequestGetControlAtIndex(CRMFCertRequest *inCertReq, michael@0: int index); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_DestroyControl michael@0: * INPUTS: michael@0: * inControl michael@0: * The Control to destroy. michael@0: * NOTES: michael@0: * Destroy a CRMFControl allocated by CRMF_GetControlAtIndex. michael@0: * michael@0: * RETURN: michael@0: * SECSuccess if freeing the memory was successful. Any other return michael@0: * value indicates an error while freeing the memory. michael@0: */ michael@0: extern SECStatus CRMF_DestroyControl(CRMFControl *inControl); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_ControlGetControlType michael@0: * INPUTS: michael@0: * inControl michael@0: * The control to operate on. michael@0: * NOTES: michael@0: * The function returns an enumertion which indicates the type of control michael@0: * 'inControl'. michael@0: * michael@0: * RETURN: michael@0: * Look in crmft.h at the definition of the enumerated type CRMFControlType michael@0: * for the possible return values. michael@0: */ michael@0: extern CRMFControlType CRMF_ControlGetControlType(CRMFControl *inControl); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_ControlGetRegTokenControlValue michael@0: * INPUTS: michael@0: * inControl michael@0: * The Control to operate on. michael@0: * NOTES: michael@0: * The user must call SECITEM_FreeItem passing in the return value michael@0: * after the returnvalue is no longer needed. michael@0: michael@0: * RETURN: michael@0: * Return the value for a Registration Token Control. michael@0: * The SECItem returned should be in UTF8 format. A NULL michael@0: * return value indicates there was no Registration Control associated michael@0: * with the Control. michael@0: * (This library will not verify format. It assumes the client properly michael@0: * formatted the strings when adding it or the message decoded was properly michael@0: * formatted. The library will just give back the bytes it was given.) michael@0: */ michael@0: extern SECItem* CRMF_ControlGetRegTokenControlValue(CRMFControl *inControl); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_ControlGetAuthenticatorControlValue michael@0: * INPUTS: michael@0: * inControl michael@0: * The Control to operate on. michael@0: * NOTES: michael@0: * The user must call SECITEM_FreeItem passing in the return value michael@0: * after the returnvalue is no longer needed. michael@0: * michael@0: * RETURN: michael@0: * Return the value for the Authenticator Control. michael@0: * The SECItem returned should be in UTF8 format. A NULL michael@0: * return value indicates there was no Authenticator Control associated michael@0: * with the CRMFControl.. michael@0: * (This library will not verify format. It assumes the client properly michael@0: * formatted the strings when adding it or the message decoded was properly michael@0: * formatted. The library will just give back the bytes it was given.) michael@0: */ michael@0: extern SECItem* CRMF_ControlGetAuthicatorControlValue(CRMFControl *inControl); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_ControlGetPKIArchiveOptions michael@0: * INPUTS:inControl michael@0: * The Control tooperate on. michael@0: * NOTES: michael@0: * This function returns a copy of the PKIArchiveOptions. The user must call michael@0: * the function CRMF_DestroyPKIArchiveOptions when the return value is no michael@0: * longer needed. michael@0: * michael@0: * RETURN: michael@0: * Get the PKIArchiveOptions associated with the Control. A return michael@0: * value of NULL indicates the Control was not a PKIArchiveOptions michael@0: * Control. michael@0: */ michael@0: extern CRMFPKIArchiveOptions* michael@0: CRMF_ControlGetPKIArchiveOptions(CRMFControl *inControl); michael@0: michael@0: /* michael@0: * FUNCTION: CMRF_DestroyPKIArchiveOptions michael@0: * INPUTS: michael@0: * inOptions michael@0: * The ArchiveOptions to destroy. michael@0: * NOTE: michael@0: * Destroy the CRMFPKIArchiveOptions structure. michael@0: * michael@0: * RETURN: michael@0: * SECSuccess if successful in freeing all the memory associated with michael@0: * the PKIArchiveOptions. Any other return value indicates an error while michael@0: * freeing the PKIArchiveOptions. michael@0: */ michael@0: extern SECStatus michael@0: CRMF_DestroyPKIArchiveOptions(CRMFPKIArchiveOptions *inOptions); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_PKIArchiveOptionsGetOptionType michael@0: * INPUTS: michael@0: * inOptions michael@0: * The PKIArchiveOptions to operate on. michael@0: * RETURN: michael@0: * Returns the choice used for the PKIArchiveOptions. Look at the definition michael@0: * of CRMFPKIArchiveOptionsType in crmft.h for possible return values. michael@0: */ michael@0: extern CRMFPKIArchiveOptionsType michael@0: CRMF_PKIArchiveOptionsGetOptionType(CRMFPKIArchiveOptions *inOptions); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_PKIArchiveOptionsGetEncryptedPrivKey michael@0: * INPUTS: michael@0: * inOpts michael@0: * The PKIArchiveOptions to operate on. michael@0: * michael@0: * NOTES: michael@0: * The user must call CRMF_DestroyEncryptedKey when done using this return michael@0: * value. michael@0: * michael@0: * RETURN: michael@0: * Get the encryptedPrivKey field of the PKIArchiveOptions structure. michael@0: * A return value of NULL indicates that encryptedPrivKey was not used as michael@0: * the choice for this PKIArchiveOptions. michael@0: */ michael@0: extern CRMFEncryptedKey* michael@0: CRMF_PKIArchiveOptionsGetEncryptedPrivKey(CRMFPKIArchiveOptions *inOpts); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_EncryptedKeyGetChoice michael@0: * INPUTS: michael@0: * inEncrKey michael@0: * The EncryptedKey to operate on. michael@0: * michael@0: * NOTES: michael@0: * Get the choice used for representing the EncryptedKey. michael@0: * michael@0: * RETURN: michael@0: * Returns the Choice used in representing the EncryptedKey. Look in michael@0: * crmft.h at the definition of CRMFEncryptedKeyChoice for possible return michael@0: * values. michael@0: */ michael@0: extern CRMFEncryptedKeyChoice michael@0: CRMF_EncryptedKeyGetChoice(CRMFEncryptedKey *inEncrKey); michael@0: michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_EncryptedKeyGetEncryptedValue michael@0: * INPUTS: michael@0: * inKey michael@0: * The EncryptedKey to operate on. michael@0: * michael@0: * NOTES: michael@0: * The user must call CRMF_DestroyEncryptedValue passing in michael@0: * CRMF_GetEncryptedValue's return value. michael@0: * michael@0: * RETURN: michael@0: * A pointer to a copy of the EncryptedValue contained as a member of michael@0: * the EncryptedKey. michael@0: */ michael@0: extern CRMFEncryptedValue* michael@0: CRMF_EncryptedKeyGetEncryptedValue(CRMFEncryptedKey *inKey); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_DestroyEncryptedValue michael@0: * INPUTS: michael@0: * inEncrValue michael@0: * The EncryptedValue to destroy. michael@0: * michael@0: * NOTES: michael@0: * Free up all memory associated with 'inEncrValue'. michael@0: * michael@0: * RETURN: michael@0: * SECSuccess if freeing up the memory associated with the EncryptedValue michael@0: * is successful. Any other return value indicates an error while freeing the michael@0: * memory. michael@0: */ michael@0: extern SECStatus CRMF_DestroyEncryptedValue(CRMFEncryptedValue *inEncrValue); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_EncryptedValueGetEncValue michael@0: * INPUTS: michael@0: * inEncValue michael@0: * The EncryptedValue to operate on. michael@0: * NOTES: michael@0: * Function retrieves the encValue from an EncryptedValue structure. michael@0: * michael@0: * RETURN: michael@0: * A poiner to a SECItem containing the encValue of the EncryptedValue michael@0: * structure. The return value is in BIT STRING format, meaning the michael@0: * len field of the return structure represents the number of valid bits michael@0: * as opposed to the allocated number of bytes. michael@0: * ANULL return value indicates an error in copying the encValue field. michael@0: */ michael@0: extern SECItem* CRMF_EncryptedValueGetEncValue(CRMFEncryptedValue *inEncValue); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_EncryptedValueGetIntendedAlg michael@0: * INPUTS michael@0: * inEncValue michael@0: * The EncryptedValue to operate on. michael@0: * NOTES: michael@0: * Retrieve the IntendedAlg field from the EncryptedValue structure. michael@0: * Call SECOID_DestroyAlgorithmID (destAlgID, PR_TRUE) after done using michael@0: * the return value. When present, this alogorithm is the alogrithm for michael@0: * which the private key will be used. michael@0: * michael@0: * RETURN: michael@0: * A Copy of the intendedAlg field. A NULL return value indicates the michael@0: * optional field was not present in the structure. michael@0: */ michael@0: extern SECAlgorithmID* michael@0: CRMF_EncryptedValueGetIntendedAlg(CRMFEncryptedValue *inEncValue); michael@0: michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_EncryptedValueGetSymmAlg michael@0: * INPUTS michael@0: * inEncValue michael@0: * The EncryptedValue to operate on. michael@0: * NOTES: michael@0: * Retrieve the symmAlg field from the EncryptedValue structure. michael@0: * Call SECOID_DestroyAlgorithmID (destAlgID, PR_TRUE) after done using michael@0: * the return value. When present, this is algorithm used to michael@0: * encrypt the encValue of the EncryptedValue. michael@0: * michael@0: * RETURN: michael@0: * A Copy of the symmAlg field. A NULL return value indicates the michael@0: * optional field was not present in the structure. michael@0: */ michael@0: extern SECAlgorithmID* michael@0: CRMF_EncryptedValueGetSymmAlg(CRMFEncryptedValue *inEncValue); michael@0: michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_EncryptedValueGetKeyAlg michael@0: * INPUTS michael@0: * inEncValue michael@0: * The EncryptedValue to operate on. michael@0: * NOTES: michael@0: * Retrieve the keyAlg field from the EncryptedValue structure. michael@0: * Call SECOID_DestroyAlgorithmID (destAlgID, PR_TRUE) after done using michael@0: * the return value. When present, this is the algorithm used to encrypt michael@0: * the symmetric key in the encSymmKey field of the EncryptedValue structure. michael@0: * michael@0: * RETURN: michael@0: * A Copy of the keyAlg field. A NULL return value indicates the michael@0: * optional field was not present in the structure. michael@0: */ michael@0: extern SECAlgorithmID* michael@0: CRMF_EncryptedValueGetKeyAlg(CRMFEncryptedValue *inEncValue); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_EncryptedValueGetValueHint michael@0: * INPUTS: michael@0: * inEncValue michael@0: * The EncryptedValue to operate on. michael@0: * michael@0: * NOTES: michael@0: * Return a copy of the der-encoded value hint. michael@0: * User must call SECITEM_FreeItem(retVal, PR_TRUE) when done using the michael@0: * return value. When, present, this is a value that the client which michael@0: * originally issued a certificate request can use to reproduce any data michael@0: * it wants. The RA does not know how to interpret this data. michael@0: * michael@0: * RETURN: michael@0: * A copy of the valueHint field of the EncryptedValue. A NULL return michael@0: * value indicates the optional valueHint field is not present in the michael@0: * EncryptedValue. michael@0: */ michael@0: extern SECItem* michael@0: CRMF_EncryptedValueGetValueHint(CRMFEncryptedValue *inEncValue); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_EncrypteValueGetEncSymmKey michael@0: * INPUTS: michael@0: * inEncValue michael@0: * The EncryptedValue to operate on. michael@0: * michael@0: * NOTES: michael@0: * Return a copy of the encSymmKey field. This field is the encrypted michael@0: * symmetric key that the client uses in doing Public Key wrap of a private michael@0: * key. When present, this is the symmetric key that was used to wrap the michael@0: * private key. (The encrypted private key will be stored in encValue michael@0: * of the same EncryptedValue structure.) The user must call michael@0: * SECITEM_FreeItem(retVal, PR_TRUE) when the return value is no longer michael@0: * needed. michael@0: * michael@0: * RETURN: michael@0: * A copy of the optional encSymmKey field of the EncryptedValue structure. michael@0: * The return value will be in BIT STRING format, meaning the len field will michael@0: * be the number of valid bits as opposed to the number of bytes. A return michael@0: * value of NULL means the optional encSymmKey field was not present in michael@0: * the EncryptedValue structure. michael@0: */ michael@0: extern SECItem* michael@0: CRMF_EncryptedValueGetEncSymmKey(CRMFEncryptedValue *inEncValue); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_PKIArchiveOptionsGetKeyGenParameters michael@0: * INPUTS: michael@0: * inOptions michael@0: * The PKiArchiveOptions to operate on. michael@0: * michael@0: * NOTES: michael@0: * User must call SECITEM_FreeItem(retVal, PR_TRUE) after the return michael@0: * value is no longer needed. michael@0: * michael@0: * RETURN: michael@0: * Get the keyGenParameters field of the PKIArchiveOptions. michael@0: * A NULL return value indicates that keyGenParameters was not michael@0: * used as the choice for this PKIArchiveOptions. michael@0: * michael@0: * The SECItem returned is in BIT STRING format (ie, the len field indicates michael@0: * number of valid bits as opposed to allocated number of bytes.) michael@0: */ michael@0: extern SECItem* michael@0: CRMF_PKIArchiveOptionsGetKeyGenParameters(CRMFPKIArchiveOptions *inOptions); michael@0: michael@0: /* michael@0: * FUNCTION: CRMF_PKIArchiveOptionsGetArchiveRemGenPrivKey michael@0: * INPUTS: michael@0: * inOpt michael@0: * The PKIArchiveOptions to operate on. michael@0: * destVal michael@0: * A pointer to where the library can place the value for michael@0: * arciveRemGenPrivKey michael@0: * RETURN: michael@0: * If the PKIArchiveOptions used the archiveRemGenPrivKey field, the michael@0: * function returns SECSuccess and fills the value at *destValue with either michael@0: * PR_TRUE or PR_FALSE, depending on what the PKIArchiveOptions has as a michael@0: * value. michael@0: * michael@0: * If the PKIArchiveOptions does not use the archiveRemGenPrivKey field, the michael@0: * function returns SECFailure and the value at *destValue is unchanged. michael@0: */ michael@0: extern SECStatus michael@0: CRMF_PKIArchiveOptionsGetArchiveRemGenPrivKey(CRMFPKIArchiveOptions *inOpt, michael@0: PRBool *destVal); michael@0: michael@0: /* Helper functions that can be used by other libraries. */ michael@0: /* michael@0: * A quick helper function to get the best wrap mechanism. michael@0: */ michael@0: extern CK_MECHANISM_TYPE CRMF_GetBestWrapPadMechanism(PK11SlotInfo *slot); michael@0: michael@0: /* michael@0: * A helper function to get a randomly generated IV from a mechanism michael@0: * type. michael@0: */ michael@0: extern SECItem* CRMF_GetIVFromMechanism(CK_MECHANISM_TYPE mechType); michael@0: michael@0: SEC_END_PROTOS michael@0: #endif /*_CRMF_H_*/ michael@0: michael@0: