summaryrefslogtreecommitdiffstats
path: root/security/nss/lib/crmf/crmfi.h
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--security/nss/lib/crmf/crmfi.h185
1 files changed, 185 insertions, 0 deletions
diff --git a/security/nss/lib/crmf/crmfi.h b/security/nss/lib/crmf/crmfi.h
new file mode 100644
index 0000000000..badfd2b053
--- /dev/null
+++ b/security/nss/lib/crmf/crmfi.h
@@ -0,0 +1,185 @@
+/* -*- Mode: C; tab-width: 8 -*-*/
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _CRMFI_H_
+#define _CRMFI_H_
+/* This file will contain all declarations common to both
+ * encoding and decoding of CRMF Cert Requests. This header
+ * file should only be included internally by CRMF implementation
+ * files.
+ */
+#include "secasn1.h"
+#include "crmfit.h"
+#include "secerr.h"
+#include "blapit.h"
+
+#define CRMF_DEFAULT_ARENA_SIZE 1024
+
+/*
+ * Explanation for the definition of MAX_WRAPPED_KEY_LEN:
+ *
+ * It's used for internal buffers to transport a wrapped private key.
+ * The value is in BYTES.
+ * We want to define a reasonable upper bound for this value.
+ * Ideally this could be calculated, but in order to simplify the code
+ * we want to estimate the maximum requires size.
+ * See also bug 655850 for the full explanation.
+ *
+ * We know the largest wrapped keys are RSA keys.
+ * We'll estimate the maximum size needed for wrapped RSA keys,
+ * and assume it's sufficient for wrapped keys of any type we support.
+ *
+ * The maximum size of RSA keys in bits is defined elsewhere as
+ * RSA_MAX_MODULUS_BITS
+ *
+ * The idea is to define MAX_WRAPPED_KEY_LEN based on the above.
+ *
+ * A wrapped RSA key requires about
+ * ( ( RSA_MAX_MODULUS_BITS / 8 ) * 5.5) + 65
+ * bytes.
+ *
+ * Therefore, a safe upper bound is:
+ * ( ( RSA_MAX_MODULUS_BITS / 8 ) *8 ) = RSA_MAX_MODULUS_BITS
+ *
+ */
+#define MAX_WRAPPED_KEY_LEN RSA_MAX_MODULUS_BITS
+
+#define CRMF_BITS_TO_BYTES(bits) (((bits) + 7) / 8)
+#define CRMF_BYTES_TO_BITS(bytes) ((bytes)*8)
+
+struct crmfEncoderArg {
+ SECItem *buffer;
+ unsigned long allocatedLen;
+};
+
+struct crmfEncoderOutput {
+ CRMFEncoderOutputCallback fn;
+ void *outputArg;
+};
+
+/*
+ * This function is used by the API for encoding functions that are
+ * exposed through the API, ie all of the CMMF_Encode* and CRMF_Encode*
+ * functions.
+ */
+extern void
+crmf_encoder_out(void *arg, const char *buf, unsigned long len,
+ int depth, SEC_ASN1EncodingPart data_kind);
+
+/*
+ * This function is used when we want to encode something locally within
+ * the library, ie the CertRequest so that we can produce its signature.
+ */
+extern SECStatus
+crmf_init_encoder_callback_arg(struct crmfEncoderArg *encoderArg,
+ SECItem *derDest);
+
+/*
+ * This is the callback function we feed to the ASN1 encoder when doing
+ * internal DER-encodings. ie, encoding the cert request so we can
+ * produce a signature.
+ */
+extern void
+crmf_generic_encoder_callback(void *arg, const char *buf, unsigned long len,
+ int depth, SEC_ASN1EncodingPart data_kind);
+
+/* The ASN1 templates that need to be seen by internal files
+ * in order to implement CRMF.
+ */
+extern const SEC_ASN1Template CRMFCertReqMsgTemplate[];
+extern const SEC_ASN1Template CRMFRAVerifiedTemplate[];
+extern const SEC_ASN1Template CRMFPOPOSigningKeyTemplate[];
+extern const SEC_ASN1Template CRMFPOPOKeyEnciphermentTemplate[];
+extern const SEC_ASN1Template CRMFPOPOKeyAgreementTemplate[];
+extern const SEC_ASN1Template CRMFThisMessageTemplate[];
+extern const SEC_ASN1Template CRMFSubsequentMessageTemplate[];
+extern const SEC_ASN1Template CRMFDHMACTemplate[];
+extern const SEC_ASN1Template CRMFEncryptedKeyWithEncryptedValueTemplate[];
+extern const SEC_ASN1Template CRMFEncryptedValueTemplate[];
+
+/*
+ * Use these two values for encoding Boolean values.
+ */
+extern const unsigned char hexTrue;
+extern const unsigned char hexFalse;
+/*
+ * Prototypes for helper routines used internally by multiple files.
+ */
+extern SECStatus crmf_encode_integer(PLArenaPool *poolp, SECItem *dest,
+ long value);
+extern SECStatus crmf_make_bitstring_copy(PLArenaPool *arena, SECItem *dest,
+ SECItem *src);
+
+extern SECStatus crmf_copy_pkiarchiveoptions(PLArenaPool *poolp,
+ CRMFPKIArchiveOptions *destOpt,
+ CRMFPKIArchiveOptions *srcOpt);
+extern SECStatus
+crmf_destroy_pkiarchiveoptions(CRMFPKIArchiveOptions *inArchOptions,
+ PRBool freeit);
+extern const SEC_ASN1Template *
+crmf_get_pkiarchiveoptions_subtemplate(CRMFControl *inControl);
+
+extern SECStatus crmf_copy_encryptedkey(PLArenaPool *poolp,
+ CRMFEncryptedKey *srcEncrKey,
+ CRMFEncryptedKey *destEncrKey);
+extern SECStatus
+crmf_copy_encryptedvalue(PLArenaPool *poolp,
+ CRMFEncryptedValue *srcValue,
+ CRMFEncryptedValue *destValue);
+
+extern SECStatus
+crmf_copy_encryptedvalue_secalg(PLArenaPool *poolp,
+ SECAlgorithmID *srcAlgId,
+ SECAlgorithmID **destAlgId);
+
+extern SECStatus crmf_template_copy_secalg(PLArenaPool *poolp,
+ SECAlgorithmID **dest,
+ SECAlgorithmID *src);
+
+extern SECStatus crmf_copy_cert_name(PLArenaPool *poolp, CERTName **dest,
+ CERTName *src);
+
+extern SECStatus crmf_template_add_public_key(PLArenaPool *poolp,
+ CERTSubjectPublicKeyInfo **dest,
+ CERTSubjectPublicKeyInfo *pubKey);
+
+extern CRMFCertExtension *crmf_create_cert_extension(PLArenaPool *poolp,
+ SECOidTag tag,
+ PRBool isCritical,
+ SECItem *data);
+extern CRMFCertRequest *
+crmf_copy_cert_request(PLArenaPool *poolp, CRMFCertRequest *srcReq);
+
+extern SECStatus crmf_destroy_encrypted_value(CRMFEncryptedValue *inEncrValue,
+ PRBool freeit);
+
+extern CRMFEncryptedValue *
+crmf_create_encrypted_value_wrapped_privkey(SECKEYPrivateKey *inPrivKey,
+ SECKEYPublicKey *inPubKey,
+ CRMFEncryptedValue *destValue);
+
+extern CK_MECHANISM_TYPE
+crmf_get_mechanism_from_public_key(SECKEYPublicKey *inPubKey);
+
+extern SECStatus
+crmf_encrypted_value_unwrap_priv_key(PLArenaPool *poolp,
+ CRMFEncryptedValue *encValue,
+ SECKEYPrivateKey *privKey,
+ SECKEYPublicKey *newPubKey,
+ SECItem *nickname,
+ PK11SlotInfo *slot,
+ unsigned char keyUsage,
+ SECKEYPrivateKey **unWrappedKey,
+ void *wincx);
+
+extern SECItem *
+crmf_get_public_value(SECKEYPublicKey *pubKey, SECItem *dest);
+
+extern CRMFCertExtension *
+crmf_copy_cert_extension(PLArenaPool *poolp, CRMFCertExtension *inExtension);
+
+extern SECStatus
+crmf_create_prtime(SECItem *src, PRTime **dest);
+#endif /*_CRMFI_H_*/