michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public michael@0: * License, v. 2.0. If a copy of the MPL was not distributed with this michael@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ michael@0: michael@0: /* michael@0: * These functions to be implemented in the future if the features michael@0: * which these functions would implement wind up being needed. michael@0: */ michael@0: michael@0: /* michael@0: * Use this function to create the CRMFSinglePubInfo* variables that will michael@0: * populate the inPubInfoArray parameter for the function michael@0: * CRMF_CreatePKIPublicationInfo. michael@0: * michael@0: * "inPubMethod" specifies which publication method will be used michael@0: * "pubLocation" is a representation of the location where michael@0: */ michael@0: extern CRMFSinglePubInfo* michael@0: CRMF_CreateSinglePubInfo(CRMFPublicationMethod inPubMethod, michael@0: CRMFGeneralName *pubLocation); michael@0: michael@0: /* michael@0: * Create a PKIPublicationInfo that can later be passed to the function michael@0: * CRMFAddPubInfoControl. michael@0: */ michael@0: extern CRMFPKIPublicationInfo * michael@0: CRMF_CreatePKIPublicationInfo(CRMFPublicationAction inAction, michael@0: CRMFSinglePubInfo **inPubInfoArray, michael@0: int numPubInfo); michael@0: michael@0: /* michael@0: * Only call this function on a CRMFPublicationInfo that was created by michael@0: * CRMF_CreatePKIPublicationInfo that was passed in NULL for arena. michael@0: */ michael@0: michael@0: extern SECStatus michael@0: CRMF_DestroyPKIPublicationInfo(CRMFPKIPublicationInfo *inPubInfo); michael@0: michael@0: extern SECStatus CRMF_AddPubInfoControl(CRMFCertRequest *inCertReq, michael@0: CRMFPKIPublicationInfo *inPubInfo); michael@0: michael@0: /* michael@0: * This is to create a Cert ID Control which can later be added to michael@0: * a certificate request. michael@0: */ michael@0: extern CRMFCertID* CRMF_CreateCertID(CRMFGeneralName *issuer, michael@0: long serialNumber); michael@0: michael@0: extern SECStatus CRMF_DestroyCertID(CRMFCertID* certID); michael@0: michael@0: extern SECStatus CRMF_AddCertIDControl(CRMFCertRequest *inCertReq, michael@0: CRMFCertID *certID); michael@0: michael@0: extern SECStatus michael@0: CRMF_AddProtocolEncryptioKeyControl(CRMFCertRequest *inCertReq, michael@0: CERTSubjectPublicKeyInfo *spki); michael@0: michael@0: /* michael@0: * Add the ASCII Pairs Registration Info to the Certificate Request. michael@0: * The SECItem must be an OCTET string representation. michael@0: */ michael@0: extern SECStatus michael@0: CRMF_AddUTF8PairsRegInfo(CRMFCertRequest *inCertReq, michael@0: SECItem *asciiPairs); michael@0: michael@0: /* michael@0: * This takes a CertRequest and adds it to another CertRequest. michael@0: */ michael@0: extern SECStatus michael@0: CRMF_AddCertReqToRegInfo(CRMFCertRequest *certReqToAddTo, michael@0: CRMFCertRequest *certReqBeingAdded); michael@0: michael@0: /* michael@0: * Returns which option was used for the authInfo field of POPOSigningKeyInput michael@0: */ michael@0: extern CRMFPOPOSkiInputAuthChoice michael@0: CRMF_GetSignKeyInputAuthChoice(CRMFPOPOSigningKeyInput *inKeyInput); michael@0: michael@0: /* michael@0: * Gets the PKMACValue associated with the POPOSigningKeyInput. michael@0: * If the POPOSigningKeyInput did not use authInfo.publicKeyMAC michael@0: * the function returns SECFailure and the value at *destValue is unchanged. michael@0: * michael@0: * If the POPOSigningKeyInput did use authInfo.publicKeyMAC, the function michael@0: * returns SECSuccess and places the PKMACValue at *destValue. michael@0: */ michael@0: extern SECStatus michael@0: CRMF_GetSignKeyInputPKMACValue(CRMFPOPOSigningKeyInput *inKeyInput, michael@0: CRMFPKMACValue **destValue); michael@0: /* michael@0: * Gets the SubjectPublicKeyInfo from the POPOSigningKeyInput michael@0: */ michael@0: extern CERTSubjectPublicKeyInfo * michael@0: CRMF_GetSignKeyInputPublicKey(CRMFPOPOSigningKeyInput *inKeyInput); michael@0: michael@0: michael@0: /* michael@0: * Return the value for the PKIPublicationInfo Control. michael@0: * A return value of NULL indicates that the Control was michael@0: * not a PKIPublicationInfo Control. Call michael@0: * CRMF_DestroyPKIPublicationInfo on the return value when done michael@0: * using the pointer. michael@0: */ michael@0: extern CRMFPKIPublicationInfo* CRMF_GetPKIPubInfo(CRMFControl *inControl); michael@0: michael@0: /* michael@0: * Free up a CRMFPKIPublicationInfo structure. michael@0: */ michael@0: extern SECStatus michael@0: CRMF_DestroyPKIPublicationInfo(CRMFPKIPublicationInfo *inPubInfo); michael@0: michael@0: /* michael@0: * Get the choice used for action in this PKIPublicationInfo. michael@0: */ michael@0: extern CRMFPublicationAction michael@0: CRMF_GetPublicationAction(CRMFPKIPublicationInfo *inPubInfo); michael@0: michael@0: /* michael@0: * Get the number of pubInfos are stored in the PKIPubicationInfo. michael@0: */ michael@0: extern int CRMF_GetNumPubInfos(CRMFPKIPublicationInfo *inPubInfo); michael@0: michael@0: /* michael@0: * Get the pubInfo at index for the given PKIPubicationInfo. michael@0: * Indexing is done like a traditional C Array. (0 .. numElements-1) michael@0: */ michael@0: extern CRMFSinglePubInfo* michael@0: CRMF_GetPubInfoAtIndex(CRMFPKIPublicationInfo *inPubInfo, michael@0: int index); michael@0: michael@0: /* michael@0: * Destroy the CRMFSinglePubInfo. michael@0: */ michael@0: extern SECStatus CRMF_DestroySinglePubInfo(CRMFSinglePubInfo *inPubInfo); michael@0: michael@0: /* michael@0: * Get the pubMethod used by the SinglePubInfo. michael@0: */ michael@0: extern CRMFPublicationMethod michael@0: CRMF_GetPublicationMethod(CRMFSinglePubInfo *inPubInfo); michael@0: michael@0: /* michael@0: * Get the pubLocation associated with the SinglePubInfo. michael@0: * A NULL return value indicates there was no pubLocation associated michael@0: * with the SinglePuInfo. michael@0: */ michael@0: extern CRMFGeneralName* CRMF_GetPubLocation(CRMFSinglePubInfo *inPubInfo); michael@0: michael@0: /* michael@0: * Get the authInfo.sender field out of the POPOSigningKeyInput. michael@0: * If the POPOSigningKeyInput did not use the authInfo the function michael@0: * returns SECFailure and the value at *destName is unchanged. michael@0: * michael@0: * If the POPOSigningKeyInput did use authInfo.sender, the function returns michael@0: * SECSuccess and puts the authInfo.sender at *destName/ michael@0: */ michael@0: extern SECStatus CRMF_GetSignKeyInputSender(CRMFPOPOSigningKeyInput *keyInput, michael@0: CRMFGeneralName **destName); michael@0: michael@0: /**************** CMMF Functions that need to be added. **********************/ michael@0: michael@0: /* michael@0: * FUNCTION: CMMF_POPODecKeyChallContentSetNextChallenge michael@0: * INPUTS: michael@0: * inDecKeyChall michael@0: * The CMMFPOPODecKeyChallContent to operate on. michael@0: * inRandom michael@0: * The random number to use when generating the challenge, michael@0: * inSender michael@0: * The GeneralName representation of the sender of the challenge. michael@0: * inPubKey michael@0: * The public key to use when encrypting the challenge. michael@0: * NOTES: michael@0: * This function adds a challenge to the end of the list of challenges michael@0: * contained by 'inDecKeyChall'. Refer to the CMMF draft on how the michael@0: * the random number passed in and the sender's GeneralName are used michael@0: * to generate the challenge and witness fields of the challenge. This michael@0: * library will use SHA1 as the one-way function for generating the michael@0: * witess field of the challenge. michael@0: * michael@0: * RETURN: michael@0: * SECSuccess if generating the challenge and adding to the end of list michael@0: * of challenges was successful. Any other return value indicates an error michael@0: * while trying to generate the challenge. michael@0: */ michael@0: extern SECStatus michael@0: CMMF_POPODecKeyChallContentSetNextChallenge michael@0: (CMMFPOPODecKeyChallContent *inDecKeyChall, michael@0: long inRandom, michael@0: CERTGeneralName *inSender, michael@0: SECKEYPublicKey *inPubKey); michael@0: michael@0: /* michael@0: * FUNCTION: CMMF_POPODecKeyChallContentGetNumChallenges michael@0: * INPUTS: michael@0: * inKeyChallCont michael@0: * The CMMFPOPODecKeyChallContent to operate on. michael@0: * RETURN: michael@0: * This function returns the number of CMMFChallenges are contained in michael@0: * the CMMFPOPODecKeyChallContent structure. michael@0: */ michael@0: extern int CMMF_POPODecKeyChallContentGetNumChallenges michael@0: (CMMFPOPODecKeyChallContent *inKeyChallCont); michael@0: michael@0: /* michael@0: * FUNCTION: CMMF_ChallengeGetRandomNumber michael@0: * INPUTS: michael@0: * inChallenge michael@0: * The CMMFChallenge to operate on. michael@0: * inDest michael@0: * A pointer to a user supplied buffer where the library michael@0: * can place a copy of the random integer contatained in the michael@0: * challenge. michael@0: * NOTES: michael@0: * This function returns the value held in the decrypted Rand structure michael@0: * corresponding to the random integer. The user must call michael@0: * CMMF_ChallengeDecryptWitness before calling this function. Call michael@0: * CMMF_ChallengeIsDecrypted to find out if the challenge has been michael@0: * decrypted. michael@0: * michael@0: * RETURN: michael@0: * SECSuccess indicates the witness field has been previously decrypted michael@0: * and the value for the random integer was successfully placed at *inDest. michael@0: * Any other return value indicates an error and that the value at *inDest michael@0: * is not a valid value. michael@0: */ michael@0: extern SECStatus CMMF_ChallengeGetRandomNumber(CMMFChallenge *inChallenge, michael@0: long *inDest); michael@0: michael@0: /* michael@0: * FUNCTION: CMMF_ChallengeGetSender michael@0: * INPUTS: michael@0: * inChallenge michael@0: * the CMMFChallenge to operate on. michael@0: * NOTES: michael@0: * This function returns the value held in the decrypted Rand structure michael@0: * corresponding to the sender. The user must call michael@0: * CMMF_ChallengeDecryptWitness before calling this function. Call michael@0: * CMMF_ChallengeIsDecrypted to find out if the witness field has been michael@0: * decrypted. The user must call CERT_DestroyGeneralName after the return michael@0: * value is no longer needed. michael@0: * michael@0: * RETURN: michael@0: * A pointer to a copy of the sender CERTGeneralName. A return value of michael@0: * NULL indicates an error in trying to copy the information or that the michael@0: * witness field has not been decrypted. michael@0: */ michael@0: extern CERTGeneralName* CMMF_ChallengeGetSender(CMMFChallenge *inChallenge); michael@0: michael@0: /* michael@0: * FUNCTION: CMMF_ChallengeGetAlgId michael@0: * INPUTS: michael@0: * inChallenge michael@0: * The CMMFChallenge to operate on. michael@0: * inDestAlgId michael@0: * A pointer to memory where a pointer to a copy of the algorithm michael@0: * id can be placed. michael@0: * NOTES: michael@0: * This function retrieves the one way function algorithm identifier michael@0: * contained within the CMMFChallenge if the optional field is present. michael@0: * michael@0: * RETURN: michael@0: * SECSucces indicates the function was able to place a pointer to a copy of michael@0: * the alogrithm id at *inAlgId. If the value at *inDestAlgId is NULL, michael@0: * that means there was no algorithm identifier present in the michael@0: * CMMFChallenge. Any other return value indicates the function was not michael@0: * able to make a copy of the algorithm identifier. In this case the value michael@0: * at *inDestAlgId is not valid. michael@0: */ michael@0: extern SECStatus CMMF_ChallengeGetAlgId(CMMFChallenge *inChallenge, michael@0: SECAlgorithmID *inAlgId); michael@0: michael@0: /* michael@0: * FUNCTION: CMMF_DestroyChallenge michael@0: * INPUTS: michael@0: * inChallenge michael@0: * The CMMFChallenge to free up. michael@0: * NOTES: michael@0: * This function frees up all the memory associated with the CMMFChallenge michael@0: * passed in. michael@0: * RETURN: michael@0: * SECSuccess if freeing all the memory associated with the CMMFChallenge michael@0: * passed in is successful. Any other return value indicates an error michael@0: * while freeing the memory. michael@0: */ michael@0: extern SECStatus CMMF_DestroyChallenge (CMMFChallenge *inChallenge); michael@0: michael@0: /* michael@0: * FUNCTION: CMMF_DestroyPOPODecKeyRespContent michael@0: * INPUTS: michael@0: * inDecKeyResp michael@0: * The CMMFPOPODecKeyRespContent structure to free. michael@0: * NOTES: michael@0: * This function frees up all the memory associate with the michael@0: * CMMFPOPODecKeyRespContent. michael@0: * michael@0: * RETURN: michael@0: * SECSuccess if freeint up all the memory associated with the michael@0: * CMMFPOPODecKeyRespContent structure is successful. Any other michael@0: * return value indicates an error while freeing the memory. michael@0: */ michael@0: extern SECStatus michael@0: CMMF_DestroyPOPODecKeyRespContent(CMMFPOPODecKeyRespContent *inDecKeyResp); michael@0: michael@0: /* michael@0: * FUNCTION: CMMF_ChallengeDecryptWitness michael@0: * INPUTS: michael@0: * inChallenge michael@0: * The CMMFChallenge to operate on. michael@0: * inPrivKey michael@0: * The private key to use to decrypt the witness field. michael@0: * NOTES: michael@0: * This function uses the private key to decrypt the challenge field michael@0: * contained in the CMMFChallenge. Make sure the private key matches the michael@0: * public key that was used to encrypt the witness. The creator of michael@0: * the challenge will most likely be an RA that has the public key michael@0: * from a Cert request. So the private key should be the private key michael@0: * associated with public key in that request. This function will also michael@0: * verify the witness field of the challenge. michael@0: * michael@0: * RETURN: michael@0: * SECSuccess if decrypting the witness field was successful. This does michael@0: * not indicate that the decrypted data is valid, since the private key michael@0: * passed in may not be the actual key needed to properly decrypt the michael@0: * witness field. Meaning that there is a decrypted structure now, but michael@0: * may be garbage because the private key was incorrect. michael@0: * Any other return value indicates the function could not complete the michael@0: * decryption process. michael@0: */ michael@0: extern SECStatus CMMF_ChallengeDecryptWitness(CMMFChallenge *inChallenge, michael@0: SECKEYPrivateKey *inPrivKey); michael@0: michael@0: /* michael@0: * FUNCTION: CMMF_ChallengeIsDecrypted michael@0: * INPUTS: michael@0: * inChallenge michael@0: * The CMMFChallenge to operate on. michael@0: * RETURN: michael@0: * This is a predicate function that returns PR_TRUE if the decryption michael@0: * process has already been performed. The function return PR_FALSE if michael@0: * the decryption process has not been performed yet. michael@0: */ michael@0: extern PRBool CMMF_ChallengeIsDecrypted(CMMFChallenge *inChallenge); michael@0: michael@0: /* michael@0: * FUNCTION: CMMF_DestroyPOPODecKeyChallContent michael@0: * INPUTS: michael@0: * inDecKeyCont michael@0: * The CMMFPOPODecKeyChallContent to free michael@0: * NOTES: michael@0: * This function frees up all the memory associated with the michael@0: * CMMFPOPODecKeyChallContent michael@0: * RETURN: michael@0: * SECSuccess if freeing up all the memory associatd with the michael@0: * CMMFPOPODecKeyChallContent is successful. Any other return value michael@0: * indicates an error while freeing the memory. michael@0: * michael@0: */ michael@0: extern SECStatus michael@0: CMMF_DestroyPOPODecKeyChallContent (CMMFPOPODecKeyChallContent *inDecKeyCont); michael@0: