diff options
Diffstat (limited to 'mozilla/security/nss/lib/crmf/crmfi.h')
-rw-r--r-- | mozilla/security/nss/lib/crmf/crmfi.h | 218 |
1 files changed, 218 insertions, 0 deletions
diff --git a/mozilla/security/nss/lib/crmf/crmfi.h b/mozilla/security/nss/lib/crmf/crmfi.h new file mode 100644 index 0000000..5a4fbe4 --- /dev/null +++ b/mozilla/security/nss/lib/crmf/crmfi.h @@ -0,0 +1,218 @@ +/* -*- Mode: C; tab-width: 8 -*-*/ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + + +#ifndef _CRMFI_H_ +#define _CRMFI_H_ +/* This file will contain all declarations common to both + * encoding and decoding of CRMF Cert Requests. This header + * file should only be included internally by CRMF implementation + * files. + */ +#include "secasn1.h" +#include "crmfit.h" +#include "secerr.h" +#include "blapit.h" + +#define CRMF_DEFAULT_ARENA_SIZE 1024 + +/* + * Explanation for the definition of MAX_WRAPPED_KEY_LEN: + * + * It's used for internal buffers to transport a wrapped private key. + * The value is in BYTES. + * We want to define a reasonable upper bound for this value. + * Ideally this could be calculated, but in order to simplify the code + * we want to estimate the maximum requires size. + * See also bug 655850 for the full explanation. + * + * We know the largest wrapped keys are RSA keys. + * We'll estimate the maximum size needed for wrapped RSA keys, + * and assume it's sufficient for wrapped keys of any type we support. + * + * The maximum size of RSA keys in bits is defined elsewhere as + * RSA_MAX_MODULUS_BITS + * + * The idea is to define MAX_WRAPPED_KEY_LEN based on the above. + * + * A wrapped RSA key requires about + * ( ( RSA_MAX_MODULUS_BITS / 8 ) * 5.5) + 65 + * bytes. + * + * Therefore, a safe upper bound is: + * ( ( RSA_MAX_MODULUS_BITS / 8 ) *8 ) = RSA_MAX_MODULUS_BITS + * + */ +#define MAX_WRAPPED_KEY_LEN RSA_MAX_MODULUS_BITS + +#define CRMF_BITS_TO_BYTES(bits) (((bits)+7)/8) +#define CRMF_BYTES_TO_BITS(bytes) ((bytes)*8) + +struct crmfEncoderArg { + SECItem *buffer; + long allocatedLen; +}; + +struct crmfEncoderOutput { + CRMFEncoderOutputCallback fn; + void *outputArg; +}; + +/* + * This funciton is used by the API for encoding functions that are + * exposed through the API, ie all of the CMMF_Encode* and CRMF_Encode* + * functions. + */ +extern void + crmf_encoder_out(void *arg, const char *buf, unsigned long len, + int depth, SEC_ASN1EncodingPart data_kind); + +/* + * This function is used when we want to encode something locally within + * the library, ie the CertRequest so that we can produce its signature. + */ +extern SECStatus + crmf_init_encoder_callback_arg (struct crmfEncoderArg *encoderArg, + SECItem *derDest); + +/* + * This is the callback function we feed to the ASN1 encoder when doing + * internal DER-encodings. ie, encoding the cert request so we can + * produce a signature. + */ +extern void +crmf_generic_encoder_callback(void *arg, const char* buf, unsigned long len, + int depth, SEC_ASN1EncodingPart data_kind); + +/* The ASN1 templates that need to be seen by internal files + * in order to implement CRMF. + */ +extern const SEC_ASN1Template CRMFCertReqMsgTemplate[]; +extern const SEC_ASN1Template CRMFRAVerifiedTemplate[]; +extern const SEC_ASN1Template CRMFPOPOSigningKeyTemplate[]; +extern const SEC_ASN1Template CRMFPOPOKeyEnciphermentTemplate[]; +extern const SEC_ASN1Template CRMFPOPOKeyAgreementTemplate[]; +extern const SEC_ASN1Template CRMFThisMessageTemplate[]; +extern const SEC_ASN1Template CRMFSubsequentMessageTemplate[]; +extern const SEC_ASN1Template CRMFDHMACTemplate[]; +extern const SEC_ASN1Template CRMFEncryptedKeyWithEncryptedValueTemplate[]; +extern const SEC_ASN1Template CRMFEncryptedValueTemplate[]; + +/* + * Use these two values for encoding Boolean values. + */ +extern const unsigned char hexTrue; +extern const unsigned char hexFalse; +/* + * Prototypes for helper routines used internally by multiple files. + */ +extern SECStatus crmf_encode_integer(PRArenaPool *poolp, SECItem *dest, + long value); +extern SECStatus crmf_make_bitstring_copy(PRArenaPool *arena, SECItem *dest, + SECItem *src); + +extern SECStatus crmf_copy_pkiarchiveoptions(PRArenaPool *poolp, + CRMFPKIArchiveOptions *destOpt, + CRMFPKIArchiveOptions *srcOpt); +extern SECStatus + crmf_destroy_pkiarchiveoptions(CRMFPKIArchiveOptions *inArchOptions, + PRBool freeit); +extern const SEC_ASN1Template* + crmf_get_pkiarchiveoptions_subtemplate(CRMFControl *inControl); + +extern SECStatus crmf_copy_encryptedkey(PRArenaPool *poolp, + CRMFEncryptedKey *srcEncrKey, + CRMFEncryptedKey *destEncrKey); +extern SECStatus +crmf_copy_encryptedvalue(PRArenaPool *poolp, + CRMFEncryptedValue *srcValue, + CRMFEncryptedValue *destValue); + +extern SECStatus +crmf_copy_encryptedvalue_secalg(PRArenaPool *poolp, + SECAlgorithmID *srcAlgId, + SECAlgorithmID **destAlgId); + +extern SECStatus crmf_template_copy_secalg(PRArenaPool *poolp, + SECAlgorithmID **dest, + SECAlgorithmID *src); + +extern SECStatus crmf_copy_cert_name(PRArenaPool *poolp, CERTName **dest, + CERTName *src); + +extern SECStatus crmf_template_add_public_key(PRArenaPool *poolp, + CERTSubjectPublicKeyInfo **dest, + CERTSubjectPublicKeyInfo *pubKey); + +extern CRMFCertExtension* crmf_create_cert_extension(PRArenaPool *poolp, + SECOidTag tag, + PRBool isCritical, + SECItem *data); +extern CRMFCertRequest* +crmf_copy_cert_request(PRArenaPool *poolp, CRMFCertRequest *srcReq); + +extern SECStatus crmf_destroy_encrypted_value(CRMFEncryptedValue *inEncrValue, + PRBool freeit); + +extern CRMFEncryptedValue * +crmf_create_encrypted_value_wrapped_privkey(SECKEYPrivateKey *inPrivKey, + SECKEYPublicKey *inPubKey, + CRMFEncryptedValue *destValue); + +extern CK_MECHANISM_TYPE + crmf_get_mechanism_from_public_key(SECKEYPublicKey *inPubKey); + +extern SECStatus +crmf_encrypted_value_unwrap_priv_key(PRArenaPool *poolp, + CRMFEncryptedValue *encValue, + SECKEYPrivateKey *privKey, + SECKEYPublicKey *newPubKey, + SECItem *nickname, + PK11SlotInfo *slot, + unsigned char keyUsage, + SECKEYPrivateKey **unWrappedKey, + void *wincx); + +extern SECItem* +crmf_get_public_value(SECKEYPublicKey *pubKey, SECItem *dest); + +extern CRMFCertExtension* +crmf_copy_cert_extension(PRArenaPool *poolp, CRMFCertExtension *inExtension); + +extern SECStatus +crmf_create_prtime(SECItem *src, PRTime **dest); +#endif /*_CRMFI_H_*/ |