| /* This Source Code Form is subject to the terms of the Mozilla Public |
| * License, v. 2.0. If a copy of the MPL was not distributed with this |
| * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| |
| /* |
| * These functions to be implemented in the future if the features |
| * which these functions would implement wind up being needed. |
| */ |
| |
| /* |
| * Use this function to create the CRMFSinglePubInfo* variables that will |
| * populate the inPubInfoArray parameter for the function |
| * CRMF_CreatePKIPublicationInfo. |
| * |
| * "inPubMethod" specifies which publication method will be used |
| * "pubLocation" is a representation of the location where |
| */ |
| extern CRMFSinglePubInfo * |
| CRMF_CreateSinglePubInfo(CRMFPublicationMethod inPubMethod, |
| CRMFGeneralName *pubLocation); |
| |
| /* |
| * Create a PKIPublicationInfo that can later be passed to the function |
| * CRMFAddPubInfoControl. |
| */ |
| extern CRMFPKIPublicationInfo * |
| CRMF_CreatePKIPublicationInfo(CRMFPublicationAction inAction, |
| CRMFSinglePubInfo **inPubInfoArray, |
| int numPubInfo); |
| |
| /* |
| * Only call this function on a CRMFPublicationInfo that was created by |
| * CRMF_CreatePKIPublicationInfo that was passed in NULL for arena. |
| */ |
| |
| extern SECStatus |
| CRMF_DestroyPKIPublicationInfo(CRMFPKIPublicationInfo *inPubInfo); |
| |
| extern SECStatus CRMF_AddPubInfoControl(CRMFCertRequest *inCertReq, |
| CRMFPKIPublicationInfo *inPubInfo); |
| |
| /* |
| * This is to create a Cert ID Control which can later be added to |
| * a certificate request. |
| */ |
| extern CRMFCertID *CRMF_CreateCertID(CRMFGeneralName *issuer, |
| long serialNumber); |
| |
| extern SECStatus CRMF_DestroyCertID(CRMFCertID *certID); |
| |
| extern SECStatus CRMF_AddCertIDControl(CRMFCertRequest *inCertReq, |
| CRMFCertID *certID); |
| |
| extern SECStatus |
| CRMF_AddProtocolEncryptioKeyControl(CRMFCertRequest *inCertReq, |
| CERTSubjectPublicKeyInfo *spki); |
| |
| /* |
| * Add the ASCII Pairs Registration Info to the Certificate Request. |
| * The SECItem must be an OCTET string representation. |
| */ |
| extern SECStatus |
| CRMF_AddUTF8PairsRegInfo(CRMFCertRequest *inCertReq, |
| SECItem *asciiPairs); |
| |
| /* |
| * This takes a CertRequest and adds it to another CertRequest. |
| */ |
| extern SECStatus |
| CRMF_AddCertReqToRegInfo(CRMFCertRequest *certReqToAddTo, |
| CRMFCertRequest *certReqBeingAdded); |
| |
| /* |
| * Returns which option was used for the authInfo field of POPOSigningKeyInput |
| */ |
| extern CRMFPOPOSkiInputAuthChoice |
| CRMF_GetSignKeyInputAuthChoice(CRMFPOPOSigningKeyInput *inKeyInput); |
| |
| /* |
| * Gets the PKMACValue associated with the POPOSigningKeyInput. |
| * If the POPOSigningKeyInput did not use authInfo.publicKeyMAC |
| * the function returns SECFailure and the value at *destValue is unchanged. |
| * |
| * If the POPOSigningKeyInput did use authInfo.publicKeyMAC, the function |
| * returns SECSuccess and places the PKMACValue at *destValue. |
| */ |
| extern SECStatus |
| CRMF_GetSignKeyInputPKMACValue(CRMFPOPOSigningKeyInput *inKeyInput, |
| CRMFPKMACValue **destValue); |
| /* |
| * Gets the SubjectPublicKeyInfo from the POPOSigningKeyInput |
| */ |
| extern CERTSubjectPublicKeyInfo * |
| CRMF_GetSignKeyInputPublicKey(CRMFPOPOSigningKeyInput *inKeyInput); |
| |
| /* |
| * Return the value for the PKIPublicationInfo Control. |
| * A return value of NULL indicates that the Control was |
| * not a PKIPublicationInfo Control. Call |
| * CRMF_DestroyPKIPublicationInfo on the return value when done |
| * using the pointer. |
| */ |
| extern CRMFPKIPublicationInfo *CRMF_GetPKIPubInfo(CRMFControl *inControl); |
| |
| /* |
| * Free up a CRMFPKIPublicationInfo structure. |
| */ |
| extern SECStatus |
| CRMF_DestroyPKIPublicationInfo(CRMFPKIPublicationInfo *inPubInfo); |
| |
| /* |
| * Get the choice used for action in this PKIPublicationInfo. |
| */ |
| extern CRMFPublicationAction |
| CRMF_GetPublicationAction(CRMFPKIPublicationInfo *inPubInfo); |
| |
| /* |
| * Get the number of pubInfos are stored in the PKIPubicationInfo. |
| */ |
| extern int CRMF_GetNumPubInfos(CRMFPKIPublicationInfo *inPubInfo); |
| |
| /* |
| * Get the pubInfo at index for the given PKIPubicationInfo. |
| * Indexing is done like a traditional C Array. (0 .. numElements-1) |
| */ |
| extern CRMFSinglePubInfo * |
| CRMF_GetPubInfoAtIndex(CRMFPKIPublicationInfo *inPubInfo, |
| int index); |
| |
| /* |
| * Destroy the CRMFSinglePubInfo. |
| */ |
| extern SECStatus CRMF_DestroySinglePubInfo(CRMFSinglePubInfo *inPubInfo); |
| |
| /* |
| * Get the pubMethod used by the SinglePubInfo. |
| */ |
| extern CRMFPublicationMethod |
| CRMF_GetPublicationMethod(CRMFSinglePubInfo *inPubInfo); |
| |
| /* |
| * Get the pubLocation associated with the SinglePubInfo. |
| * A NULL return value indicates there was no pubLocation associated |
| * with the SinglePuInfo. |
| */ |
| extern CRMFGeneralName *CRMF_GetPubLocation(CRMFSinglePubInfo *inPubInfo); |
| |
| /* |
| * Get the authInfo.sender field out of the POPOSigningKeyInput. |
| * If the POPOSigningKeyInput did not use the authInfo the function |
| * returns SECFailure and the value at *destName is unchanged. |
| * |
| * If the POPOSigningKeyInput did use authInfo.sender, the function returns |
| * SECSuccess and puts the authInfo.sender at *destName/ |
| */ |
| extern SECStatus CRMF_GetSignKeyInputSender(CRMFPOPOSigningKeyInput *keyInput, |
| CRMFGeneralName **destName); |
| |
| /**************** CMMF Functions that need to be added. **********************/ |
| |
| /* |
| * FUNCTION: CMMF_POPODecKeyChallContentSetNextChallenge |
| * INPUTS: |
| * inDecKeyChall |
| * The CMMFPOPODecKeyChallContent to operate on. |
| * inRandom |
| * The random number to use when generating the challenge, |
| * inSender |
| * The GeneralName representation of the sender of the challenge. |
| * inPubKey |
| * The public key to use when encrypting the challenge. |
| * NOTES: |
| * This function adds a challenge to the end of the list of challenges |
| * contained by 'inDecKeyChall'. Refer to the CMMF draft on how the |
| * the random number passed in and the sender's GeneralName are used |
| * to generate the challenge and witness fields of the challenge. This |
| * library will use SHA1 as the one-way function for generating the |
| * witess field of the challenge. |
| * |
| * RETURN: |
| * SECSuccess if generating the challenge and adding to the end of list |
| * of challenges was successful. Any other return value indicates an error |
| * while trying to generate the challenge. |
| */ |
| extern SECStatus |
| CMMF_POPODecKeyChallContentSetNextChallenge(CMMFPOPODecKeyChallContent *inDecKeyChall, |
| long inRandom, |
| CERTGeneralName *inSender, |
| SECKEYPublicKey *inPubKey); |
| |
| /* |
| * FUNCTION: CMMF_POPODecKeyChallContentGetNumChallenges |
| * INPUTS: |
| * inKeyChallCont |
| * The CMMFPOPODecKeyChallContent to operate on. |
| * RETURN: |
| * This function returns the number of CMMFChallenges are contained in |
| * the CMMFPOPODecKeyChallContent structure. |
| */ |
| extern int CMMF_POPODecKeyChallContentGetNumChallenges(CMMFPOPODecKeyChallContent *inKeyChallCont); |
| |
| /* |
| * FUNCTION: CMMF_ChallengeGetRandomNumber |
| * INPUTS: |
| * inChallenge |
| * The CMMFChallenge to operate on. |
| * inDest |
| * A pointer to a user supplied buffer where the library |
| * can place a copy of the random integer contatained in the |
| * challenge. |
| * NOTES: |
| * This function returns the value held in the decrypted Rand structure |
| * corresponding to the random integer. The user must call |
| * CMMF_ChallengeDecryptWitness before calling this function. Call |
| * CMMF_ChallengeIsDecrypted to find out if the challenge has been |
| * decrypted. |
| * |
| * RETURN: |
| * SECSuccess indicates the witness field has been previously decrypted |
| * and the value for the random integer was successfully placed at *inDest. |
| * Any other return value indicates an error and that the value at *inDest |
| * is not a valid value. |
| */ |
| extern SECStatus CMMF_ChallengeGetRandomNumber(CMMFChallenge *inChallenge, |
| long *inDest); |
| |
| /* |
| * FUNCTION: CMMF_ChallengeGetSender |
| * INPUTS: |
| * inChallenge |
| * the CMMFChallenge to operate on. |
| * NOTES: |
| * This function returns the value held in the decrypted Rand structure |
| * corresponding to the sender. The user must call |
| * CMMF_ChallengeDecryptWitness before calling this function. Call |
| * CMMF_ChallengeIsDecrypted to find out if the witness field has been |
| * decrypted. The user must call CERT_DestroyGeneralName after the return |
| * value is no longer needed. |
| * |
| * RETURN: |
| * A pointer to a copy of the sender CERTGeneralName. A return value of |
| * NULL indicates an error in trying to copy the information or that the |
| * witness field has not been decrypted. |
| */ |
| extern CERTGeneralName *CMMF_ChallengeGetSender(CMMFChallenge *inChallenge); |
| |
| /* |
| * FUNCTION: CMMF_ChallengeGetAlgId |
| * INPUTS: |
| * inChallenge |
| * The CMMFChallenge to operate on. |
| * inDestAlgId |
| * A pointer to memory where a pointer to a copy of the algorithm |
| * id can be placed. |
| * NOTES: |
| * This function retrieves the one way function algorithm identifier |
| * contained within the CMMFChallenge if the optional field is present. |
| * |
| * RETURN: |
| * SECSucces indicates the function was able to place a pointer to a copy of |
| * the alogrithm id at *inAlgId. If the value at *inDestAlgId is NULL, |
| * that means there was no algorithm identifier present in the |
| * CMMFChallenge. Any other return value indicates the function was not |
| * able to make a copy of the algorithm identifier. In this case the value |
| * at *inDestAlgId is not valid. |
| */ |
| extern SECStatus CMMF_ChallengeGetAlgId(CMMFChallenge *inChallenge, |
| SECAlgorithmID *inAlgId); |
| |
| /* |
| * FUNCTION: CMMF_DestroyChallenge |
| * INPUTS: |
| * inChallenge |
| * The CMMFChallenge to free up. |
| * NOTES: |
| * This function frees up all the memory associated with the CMMFChallenge |
| * passed in. |
| * RETURN: |
| * SECSuccess if freeing all the memory associated with the CMMFChallenge |
| * passed in is successful. Any other return value indicates an error |
| * while freeing the memory. |
| */ |
| extern SECStatus CMMF_DestroyChallenge(CMMFChallenge *inChallenge); |
| |
| /* |
| * FUNCTION: CMMF_DestroyPOPODecKeyRespContent |
| * INPUTS: |
| * inDecKeyResp |
| * The CMMFPOPODecKeyRespContent structure to free. |
| * NOTES: |
| * This function frees up all the memory associate with the |
| * CMMFPOPODecKeyRespContent. |
| * |
| * RETURN: |
| * SECSuccess if freeint up all the memory associated with the |
| * CMMFPOPODecKeyRespContent structure is successful. Any other |
| * return value indicates an error while freeing the memory. |
| */ |
| extern SECStatus |
| CMMF_DestroyPOPODecKeyRespContent(CMMFPOPODecKeyRespContent *inDecKeyResp); |
| |
| /* |
| * FUNCTION: CMMF_ChallengeDecryptWitness |
| * INPUTS: |
| * inChallenge |
| * The CMMFChallenge to operate on. |
| * inPrivKey |
| * The private key to use to decrypt the witness field. |
| * NOTES: |
| * This function uses the private key to decrypt the challenge field |
| * contained in the CMMFChallenge. Make sure the private key matches the |
| * public key that was used to encrypt the witness. The creator of |
| * the challenge will most likely be an RA that has the public key |
| * from a Cert request. So the private key should be the private key |
| * associated with public key in that request. This function will also |
| * verify the witness field of the challenge. |
| * |
| * RETURN: |
| * SECSuccess if decrypting the witness field was successful. This does |
| * not indicate that the decrypted data is valid, since the private key |
| * passed in may not be the actual key needed to properly decrypt the |
| * witness field. Meaning that there is a decrypted structure now, but |
| * may be garbage because the private key was incorrect. |
| * Any other return value indicates the function could not complete the |
| * decryption process. |
| */ |
| extern SECStatus CMMF_ChallengeDecryptWitness(CMMFChallenge *inChallenge, |
| SECKEYPrivateKey *inPrivKey); |
| |
| /* |
| * FUNCTION: CMMF_ChallengeIsDecrypted |
| * INPUTS: |
| * inChallenge |
| * The CMMFChallenge to operate on. |
| * RETURN: |
| * This is a predicate function that returns PR_TRUE if the decryption |
| * process has already been performed. The function return PR_FALSE if |
| * the decryption process has not been performed yet. |
| */ |
| extern PRBool CMMF_ChallengeIsDecrypted(CMMFChallenge *inChallenge); |
| |
| /* |
| * FUNCTION: CMMF_DestroyPOPODecKeyChallContent |
| * INPUTS: |
| * inDecKeyCont |
| * The CMMFPOPODecKeyChallContent to free |
| * NOTES: |
| * This function frees up all the memory associated with the |
| * CMMFPOPODecKeyChallContent |
| * RETURN: |
| * SECSuccess if freeing up all the memory associatd with the |
| * CMMFPOPODecKeyChallContent is successful. Any other return value |
| * indicates an error while freeing the memory. |
| * |
| */ |
| extern SECStatus |
| CMMF_DestroyPOPODecKeyChallContent(CMMFPOPODecKeyChallContent *inDecKeyCont); |