diff -r 000000000000 -r 6474c204b198 security/nss/lib/ckfw/capi/ckcapi.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/security/nss/lib/ckfw/capi/ckcapi.h Wed Dec 31 06:09:35 2014 +0100 @@ -0,0 +1,271 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef CKCAPI_H +#define CKCAPI_H 1 + +#include "nssckmdt.h" +#include "nssckfw.h" + +/* + * I'm including this for access to the arena functions. + * Looks like we should publish that API. + */ +#ifndef BASE_H +#include "base.h" +#endif /* BASE_H */ + +/* + * This is where the Netscape extensions live, at least for now. + */ +#ifndef CKT_H +#include "ckt.h" +#endif /* CKT_H */ + +#include "wtypes.h" +#include "wincrypt.h" + +/* + * statically defined raw objects. Allows us to data description objects + * to this PKCS #11 module. + */ +struct ckcapiRawObjectStr { + CK_ULONG n; + const CK_ATTRIBUTE_TYPE *types; + const NSSItem *items; +}; +typedef struct ckcapiRawObjectStr ckcapiRawObject; + + +/* + * common values needed for both bare keys and cert referenced keys. + */ +struct ckcapiKeyParamsStr { + NSSItem modulus; + NSSItem exponent; + NSSItem privateExponent; + NSSItem prime1; + NSSItem prime2; + NSSItem exponent1; + NSSItem exponent2; + NSSItem coefficient; + unsigned char publicExponentData[sizeof(CK_ULONG)]; + void *privateKey; + void *pubKey; +}; +typedef struct ckcapiKeyParamsStr ckcapiKeyParams; + +/* + * Key objects. Handles bare keys which do not yet have certs associated + * with them. These are usually short lived, but may exist for several days + * while the CA is issuing the certificate. + */ +struct ckcapiKeyObjectStr { + CRYPT_KEY_PROV_INFO provInfo; + char *provName; + char *containerName; + HCRYPTPROV hProv; + ckcapiKeyParams key; +}; +typedef struct ckcapiKeyObjectStr ckcapiKeyObject; + +/* + * Certificate and certificate referenced keys. + */ +struct ckcapiCertObjectStr { + PCCERT_CONTEXT certContext; + PRBool hasID; + const char *certStore; + NSSItem label; + NSSItem subject; + NSSItem issuer; + NSSItem serial; + NSSItem derCert; + ckcapiKeyParams key; + unsigned char *labelData; + /* static data: to do, make this dynamic like labelData */ + unsigned char derSerial[128]; +}; +typedef struct ckcapiCertObjectStr ckcapiCertObject; + +typedef enum { + ckcapiRaw, + ckcapiCert, + ckcapiBareKey +} ckcapiObjectType; + +/* + * all the various types of objects are abstracted away in cobject and + * cfind as ckcapiInternalObjects. + */ +struct ckcapiInternalObjectStr { + ckcapiObjectType type; + union { + ckcapiRawObject raw; + ckcapiCertObject cert; + ckcapiKeyObject key; + } u; + CK_OBJECT_CLASS objClass; + NSSItem hashKey; + NSSItem id; + void *idData; + unsigned char hashKeyData[128]; + NSSCKMDObject mdObject; +}; +typedef struct ckcapiInternalObjectStr ckcapiInternalObject; + +/* our raw object data array */ +NSS_EXTERN_DATA ckcapiInternalObject nss_ckcapi_data[]; +NSS_EXTERN_DATA const PRUint32 nss_ckcapi_nObjects; + +NSS_EXTERN_DATA const CK_VERSION nss_ckcapi_CryptokiVersion; +NSS_EXTERN_DATA const NSSUTF8 * nss_ckcapi_ManufacturerID; +NSS_EXTERN_DATA const NSSUTF8 * nss_ckcapi_LibraryDescription; +NSS_EXTERN_DATA const CK_VERSION nss_ckcapi_LibraryVersion; +NSS_EXTERN_DATA const NSSUTF8 * nss_ckcapi_SlotDescription; +NSS_EXTERN_DATA const CK_VERSION nss_ckcapi_HardwareVersion; +NSS_EXTERN_DATA const CK_VERSION nss_ckcapi_FirmwareVersion; +NSS_EXTERN_DATA const NSSUTF8 * nss_ckcapi_TokenLabel; +NSS_EXTERN_DATA const NSSUTF8 * nss_ckcapi_TokenModel; +NSS_EXTERN_DATA const NSSUTF8 * nss_ckcapi_TokenSerialNumber; + +NSS_EXTERN_DATA const NSSCKMDInstance nss_ckcapi_mdInstance; +NSS_EXTERN_DATA const NSSCKMDSlot nss_ckcapi_mdSlot; +NSS_EXTERN_DATA const NSSCKMDToken nss_ckcapi_mdToken; +NSS_EXTERN_DATA const NSSCKMDMechanism nss_ckcapi_mdMechanismRSA; + +NSS_EXTERN NSSCKMDSession * +nss_ckcapi_CreateSession +( + NSSCKFWSession *fwSession, + CK_RV *pError +); + +NSS_EXTERN NSSCKMDFindObjects * +nss_ckcapi_FindObjectsInit +( + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError +); + +/* + * Object Utilities + */ +NSS_EXTERN NSSCKMDObject * +nss_ckcapi_CreateMDObject +( + NSSArena *arena, + ckcapiInternalObject *io, + CK_RV *pError +); + +NSS_EXTERN NSSCKMDObject * +nss_ckcapi_CreateObject +( + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError +); + +NSS_EXTERN const NSSItem * +nss_ckcapi_FetchAttribute +( + ckcapiInternalObject *io, + CK_ATTRIBUTE_TYPE type +); + +NSS_EXTERN void +nss_ckcapi_DestroyInternalObject +( + ckcapiInternalObject *io +); + +NSS_EXTERN CK_RV +nss_ckcapi_FetchKeyContainer +( + ckcapiInternalObject *iKey, + HCRYPTPROV *hProv, + DWORD *keySpec, + HCRYPTKEY *hKey +); + +/* + * generic utilities + */ + +/* + * So everyone else in the worlds stores their bignum data MSB first, but not + * Microsoft, we need to byte swap everything coming into and out of CAPI. + */ +void +ckcapi_ReverseData +( + NSSItem *item +); + +/* + * unwrap a single DER value + */ +unsigned char * +nss_ckcapi_DERUnwrap +( + unsigned char *src, + unsigned int size, + unsigned int *outSize, + unsigned char **next +); + +/* + * Return the size in bytes of a wide string + */ +int +nss_ckcapi_WideSize +( + LPCWSTR wide +); + +/* + * Covert a Unicode wide character string to a UTF8 string + */ +char * +nss_ckcapi_WideToUTF8 +( + LPCWSTR wide +); + +/* + * Return a Wide String duplicated with nss allocated memory. + */ +LPWSTR +nss_ckcapi_WideDup +( + LPCWSTR wide +); + +/* + * Covert a UTF8 string to Unicode wide character + */ +LPWSTR +nss_ckcapi_UTF8ToWide +( + char *buf +); + + +NSS_EXTERN PRUint32 +nss_ckcapi_collect_all_certs( + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + ckcapiInternalObject ***listp, + PRUint32 *sizep, + PRUint32 count, + CK_RV *pError +); + +#define NSS_CKCAPI_ARRAY_SIZE(x) ((sizeof (x))/(sizeof ((x)[0]))) + +#endif