| /* -*- Mode: C; tab-width: 8 -*-*/ |
| /* This Source Code Form is subject to the terms of the Mozilla Public |
| * License, v. 2.0. If a copy of the MPL was not distributed with this |
| * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| |
| #ifndef _CRMFI_H_ |
| #define _CRMFI_H_ |
| /* This file will contain all declarations common to both |
| * encoding and decoding of CRMF Cert Requests. This header |
| * file should only be included internally by CRMF implementation |
| * files. |
| */ |
| #include "secasn1.h" |
| #include "crmfit.h" |
| #include "secerr.h" |
| #include "blapit.h" |
| |
| #define CRMF_DEFAULT_ARENA_SIZE 1024 |
| |
| /* |
| * Explanation for the definition of MAX_WRAPPED_KEY_LEN: |
| * |
| * It's used for internal buffers to transport a wrapped private key. |
| * The value is in BYTES. |
| * We want to define a reasonable upper bound for this value. |
| * Ideally this could be calculated, but in order to simplify the code |
| * we want to estimate the maximum requires size. |
| * See also bug 655850 for the full explanation. |
| * |
| * We know the largest wrapped keys are RSA keys. |
| * We'll estimate the maximum size needed for wrapped RSA keys, |
| * and assume it's sufficient for wrapped keys of any type we support. |
| * |
| * The maximum size of RSA keys in bits is defined elsewhere as |
| * RSA_MAX_MODULUS_BITS |
| * |
| * The idea is to define MAX_WRAPPED_KEY_LEN based on the above. |
| * |
| * A wrapped RSA key requires about |
| * ( ( RSA_MAX_MODULUS_BITS / 8 ) * 5.5) + 65 |
| * bytes. |
| * |
| * Therefore, a safe upper bound is: |
| * ( ( RSA_MAX_MODULUS_BITS / 8 ) *8 ) = RSA_MAX_MODULUS_BITS |
| * |
| */ |
| #define MAX_WRAPPED_KEY_LEN RSA_MAX_MODULUS_BITS |
| |
| #define CRMF_BITS_TO_BYTES(bits) (((bits) + 7) / 8) |
| #define CRMF_BYTES_TO_BITS(bytes) ((bytes)*8) |
| |
| struct crmfEncoderArg { |
| SECItem *buffer; |
| unsigned long allocatedLen; |
| }; |
| |
| struct crmfEncoderOutput { |
| CRMFEncoderOutputCallback fn; |
| void *outputArg; |
| }; |
| |
| /* |
| * This function is used by the API for encoding functions that are |
| * exposed through the API, ie all of the CMMF_Encode* and CRMF_Encode* |
| * functions. |
| */ |
| extern void |
| crmf_encoder_out(void *arg, const char *buf, unsigned long len, |
| int depth, SEC_ASN1EncodingPart data_kind); |
| |
| /* |
| * This function is used when we want to encode something locally within |
| * the library, ie the CertRequest so that we can produce its signature. |
| */ |
| extern SECStatus |
| crmf_init_encoder_callback_arg(struct crmfEncoderArg *encoderArg, |
| SECItem *derDest); |
| |
| /* |
| * This is the callback function we feed to the ASN1 encoder when doing |
| * internal DER-encodings. ie, encoding the cert request so we can |
| * produce a signature. |
| */ |
| extern void |
| crmf_generic_encoder_callback(void *arg, const char *buf, unsigned long len, |
| int depth, SEC_ASN1EncodingPart data_kind); |
| |
| /* The ASN1 templates that need to be seen by internal files |
| * in order to implement CRMF. |
| */ |
| extern const SEC_ASN1Template CRMFCertReqMsgTemplate[]; |
| extern const SEC_ASN1Template CRMFRAVerifiedTemplate[]; |
| extern const SEC_ASN1Template CRMFPOPOSigningKeyTemplate[]; |
| extern const SEC_ASN1Template CRMFPOPOKeyEnciphermentTemplate[]; |
| extern const SEC_ASN1Template CRMFPOPOKeyAgreementTemplate[]; |
| extern const SEC_ASN1Template CRMFThisMessageTemplate[]; |
| extern const SEC_ASN1Template CRMFSubsequentMessageTemplate[]; |
| extern const SEC_ASN1Template CRMFDHMACTemplate[]; |
| extern const SEC_ASN1Template CRMFEncryptedKeyWithEncryptedValueTemplate[]; |
| extern const SEC_ASN1Template CRMFEncryptedValueTemplate[]; |
| |
| /* |
| * Use these two values for encoding Boolean values. |
| */ |
| extern const unsigned char hexTrue; |
| extern const unsigned char hexFalse; |
| /* |
| * Prototypes for helper routines used internally by multiple files. |
| */ |
| extern SECStatus crmf_encode_integer(PLArenaPool *poolp, SECItem *dest, |
| long value); |
| extern SECStatus crmf_make_bitstring_copy(PLArenaPool *arena, SECItem *dest, |
| SECItem *src); |
| |
| extern SECStatus crmf_copy_pkiarchiveoptions(PLArenaPool *poolp, |
| CRMFPKIArchiveOptions *destOpt, |
| CRMFPKIArchiveOptions *srcOpt); |
| extern SECStatus |
| crmf_destroy_pkiarchiveoptions(CRMFPKIArchiveOptions *inArchOptions, |
| PRBool freeit); |
| extern const SEC_ASN1Template * |
| crmf_get_pkiarchiveoptions_subtemplate(CRMFControl *inControl); |
| |
| extern SECStatus crmf_copy_encryptedkey(PLArenaPool *poolp, |
| CRMFEncryptedKey *srcEncrKey, |
| CRMFEncryptedKey *destEncrKey); |
| extern SECStatus |
| crmf_copy_encryptedvalue(PLArenaPool *poolp, |
| CRMFEncryptedValue *srcValue, |
| CRMFEncryptedValue *destValue); |
| |
| extern SECStatus |
| crmf_copy_encryptedvalue_secalg(PLArenaPool *poolp, |
| SECAlgorithmID *srcAlgId, |
| SECAlgorithmID **destAlgId); |
| |
| extern SECStatus crmf_template_copy_secalg(PLArenaPool *poolp, |
| SECAlgorithmID **dest, |
| SECAlgorithmID *src); |
| |
| extern SECStatus crmf_copy_cert_name(PLArenaPool *poolp, CERTName **dest, |
| CERTName *src); |
| |
| extern SECStatus crmf_template_add_public_key(PLArenaPool *poolp, |
| CERTSubjectPublicKeyInfo **dest, |
| CERTSubjectPublicKeyInfo *pubKey); |
| |
| extern CRMFCertExtension *crmf_create_cert_extension(PLArenaPool *poolp, |
| SECOidTag tag, |
| PRBool isCritical, |
| SECItem *data); |
| extern CRMFCertRequest * |
| crmf_copy_cert_request(PLArenaPool *poolp, CRMFCertRequest *srcReq); |
| |
| extern SECStatus crmf_destroy_encrypted_value(CRMFEncryptedValue *inEncrValue, |
| PRBool freeit); |
| |
| extern CRMFEncryptedValue * |
| crmf_create_encrypted_value_wrapped_privkey(SECKEYPrivateKey *inPrivKey, |
| SECKEYPublicKey *inPubKey, |
| CRMFEncryptedValue *destValue); |
| |
| extern CK_MECHANISM_TYPE |
| crmf_get_mechanism_from_public_key(SECKEYPublicKey *inPubKey); |
| |
| extern SECStatus |
| crmf_encrypted_value_unwrap_priv_key(PLArenaPool *poolp, |
| CRMFEncryptedValue *encValue, |
| SECKEYPrivateKey *privKey, |
| SECKEYPublicKey *newPubKey, |
| SECItem *nickname, |
| PK11SlotInfo *slot, |
| unsigned char keyUsage, |
| SECKEYPrivateKey **unWrappedKey, |
| void *wincx); |
| |
| extern SECItem * |
| crmf_get_public_value(SECKEYPublicKey *pubKey, SECItem *dest); |
| |
| extern CRMFCertExtension * |
| crmf_copy_cert_extension(PLArenaPool *poolp, CRMFCertExtension *inExtension); |
| |
| extern SECStatus |
| crmf_create_prtime(SECItem *src, PRTime **dest); |
| #endif /*_CRMFI_H_*/ |