/security/nss/lib/crmf/crmfi.h
C Header | 218 lines | 101 code | 26 blank | 91 comment | 0 complexity | a72e8c677832c0c2f69fc02c5ed946bb MD5 | raw file
1/* -*- Mode: C; tab-width: 8 -*-*/ 2/* ***** BEGIN LICENSE BLOCK ***** 3 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 4 * 5 * The contents of this file are subject to the Mozilla Public License Version 6 * 1.1 (the "License"); you may not use this file except in compliance with 7 * the License. You may obtain a copy of the License at 8 * http://www.mozilla.org/MPL/ 9 * 10 * Software distributed under the License is distributed on an "AS IS" basis, 11 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License 12 * for the specific language governing rights and limitations under the 13 * License. 14 * 15 * The Original Code is the Netscape security libraries. 16 * 17 * The Initial Developer of the Original Code is 18 * Netscape Communications Corporation. 19 * Portions created by the Initial Developer are Copyright (C) 1994-2000 20 * the Initial Developer. All Rights Reserved. 21 * 22 * Contributor(s): 23 * 24 * Alternatively, the contents of this file may be used under the terms of 25 * either the GNU General Public License Version 2 or later (the "GPL"), or 26 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), 27 * in which case the provisions of the GPL or the LGPL are applicable instead 28 * of those above. If you wish to allow use of your version of this file only 29 * under the terms of either the GPL or the LGPL, and not to allow others to 30 * use your version of this file under the terms of the MPL, indicate your 31 * decision by deleting the provisions above and replace them with the notice 32 * and other provisions required by the GPL or the LGPL. If you do not delete 33 * the provisions above, a recipient may use your version of this file under 34 * the terms of any one of the MPL, the GPL or the LGPL. 35 * 36 * ***** END LICENSE BLOCK ***** */ 37 38 39#ifndef _CRMFI_H_ 40#define _CRMFI_H_ 41/* This file will contain all declarations common to both 42 * encoding and decoding of CRMF Cert Requests. This header 43 * file should only be included internally by CRMF implementation 44 * files. 45 */ 46#include "secasn1.h" 47#include "crmfit.h" 48#include "secerr.h" 49#include "blapit.h" 50 51#define CRMF_DEFAULT_ARENA_SIZE 1024 52 53/* 54 * Explanation for the definition of MAX_WRAPPED_KEY_LEN: 55 * 56 * It's used for internal buffers to transport a wrapped private key. 57 * The value is in BYTES. 58 * We want to define a reasonable upper bound for this value. 59 * Ideally this could be calculated, but in order to simplify the code 60 * we want to estimate the maximum requires size. 61 * See also bug 655850 for the full explanation. 62 * 63 * We know the largest wrapped keys are RSA keys. 64 * We'll estimate the maximum size needed for wrapped RSA keys, 65 * and assume it's sufficient for wrapped keys of any type we support. 66 * 67 * The maximum size of RSA keys in bits is defined elsewhere as 68 * RSA_MAX_MODULUS_BITS 69 * 70 * The idea is to define MAX_WRAPPED_KEY_LEN based on the above. 71 * 72 * A wrapped RSA key requires about 73 * ( ( RSA_MAX_MODULUS_BITS / 8 ) * 5.5) + 65 74 * bytes. 75 * 76 * Therefore, a safe upper bound is: 77 * ( ( RSA_MAX_MODULUS_BITS / 8 ) *8 ) = RSA_MAX_MODULUS_BITS 78 * 79 */ 80#define MAX_WRAPPED_KEY_LEN RSA_MAX_MODULUS_BITS 81 82#define CRMF_BITS_TO_BYTES(bits) (((bits)+7)/8) 83#define CRMF_BYTES_TO_BITS(bytes) ((bytes)*8) 84 85struct crmfEncoderArg { 86 SECItem *buffer; 87 long allocatedLen; 88}; 89 90struct crmfEncoderOutput { 91 CRMFEncoderOutputCallback fn; 92 void *outputArg; 93}; 94 95/* 96 * This function is used by the API for encoding functions that are 97 * exposed through the API, ie all of the CMMF_Encode* and CRMF_Encode* 98 * functions. 99 */ 100extern void 101 crmf_encoder_out(void *arg, const char *buf, unsigned long len, 102 int depth, SEC_ASN1EncodingPart data_kind); 103 104/* 105 * This function is used when we want to encode something locally within 106 * the library, ie the CertRequest so that we can produce its signature. 107 */ 108extern SECStatus 109 crmf_init_encoder_callback_arg (struct crmfEncoderArg *encoderArg, 110 SECItem *derDest); 111 112/* 113 * This is the callback function we feed to the ASN1 encoder when doing 114 * internal DER-encodings. ie, encoding the cert request so we can 115 * produce a signature. 116 */ 117extern void 118crmf_generic_encoder_callback(void *arg, const char* buf, unsigned long len, 119 int depth, SEC_ASN1EncodingPart data_kind); 120 121/* The ASN1 templates that need to be seen by internal files 122 * in order to implement CRMF. 123 */ 124extern const SEC_ASN1Template CRMFCertReqMsgTemplate[]; 125extern const SEC_ASN1Template CRMFRAVerifiedTemplate[]; 126extern const SEC_ASN1Template CRMFPOPOSigningKeyTemplate[]; 127extern const SEC_ASN1Template CRMFPOPOKeyEnciphermentTemplate[]; 128extern const SEC_ASN1Template CRMFPOPOKeyAgreementTemplate[]; 129extern const SEC_ASN1Template CRMFThisMessageTemplate[]; 130extern const SEC_ASN1Template CRMFSubsequentMessageTemplate[]; 131extern const SEC_ASN1Template CRMFDHMACTemplate[]; 132extern const SEC_ASN1Template CRMFEncryptedKeyWithEncryptedValueTemplate[]; 133extern const SEC_ASN1Template CRMFEncryptedValueTemplate[]; 134 135/* 136 * Use these two values for encoding Boolean values. 137 */ 138extern const unsigned char hexTrue; 139extern const unsigned char hexFalse; 140/* 141 * Prototypes for helper routines used internally by multiple files. 142 */ 143extern SECStatus crmf_encode_integer(PRArenaPool *poolp, SECItem *dest, 144 long value); 145extern SECStatus crmf_make_bitstring_copy(PRArenaPool *arena, SECItem *dest, 146 SECItem *src); 147 148extern SECStatus crmf_copy_pkiarchiveoptions(PRArenaPool *poolp, 149 CRMFPKIArchiveOptions *destOpt, 150 CRMFPKIArchiveOptions *srcOpt); 151extern SECStatus 152 crmf_destroy_pkiarchiveoptions(CRMFPKIArchiveOptions *inArchOptions, 153 PRBool freeit); 154extern const SEC_ASN1Template* 155 crmf_get_pkiarchiveoptions_subtemplate(CRMFControl *inControl); 156 157extern SECStatus crmf_copy_encryptedkey(PRArenaPool *poolp, 158 CRMFEncryptedKey *srcEncrKey, 159 CRMFEncryptedKey *destEncrKey); 160extern SECStatus 161crmf_copy_encryptedvalue(PRArenaPool *poolp, 162 CRMFEncryptedValue *srcValue, 163 CRMFEncryptedValue *destValue); 164 165extern SECStatus 166crmf_copy_encryptedvalue_secalg(PRArenaPool *poolp, 167 SECAlgorithmID *srcAlgId, 168 SECAlgorithmID **destAlgId); 169 170extern SECStatus crmf_template_copy_secalg(PRArenaPool *poolp, 171 SECAlgorithmID **dest, 172 SECAlgorithmID *src); 173 174extern SECStatus crmf_copy_cert_name(PRArenaPool *poolp, CERTName **dest, 175 CERTName *src); 176 177extern SECStatus crmf_template_add_public_key(PRArenaPool *poolp, 178 CERTSubjectPublicKeyInfo **dest, 179 CERTSubjectPublicKeyInfo *pubKey); 180 181extern CRMFCertExtension* crmf_create_cert_extension(PRArenaPool *poolp, 182 SECOidTag tag, 183 PRBool isCritical, 184 SECItem *data); 185extern CRMFCertRequest* 186crmf_copy_cert_request(PRArenaPool *poolp, CRMFCertRequest *srcReq); 187 188extern SECStatus crmf_destroy_encrypted_value(CRMFEncryptedValue *inEncrValue, 189 PRBool freeit); 190 191extern CRMFEncryptedValue * 192crmf_create_encrypted_value_wrapped_privkey(SECKEYPrivateKey *inPrivKey, 193 SECKEYPublicKey *inPubKey, 194 CRMFEncryptedValue *destValue); 195 196extern CK_MECHANISM_TYPE 197 crmf_get_mechanism_from_public_key(SECKEYPublicKey *inPubKey); 198 199extern SECStatus 200crmf_encrypted_value_unwrap_priv_key(PRArenaPool *poolp, 201 CRMFEncryptedValue *encValue, 202 SECKEYPrivateKey *privKey, 203 SECKEYPublicKey *newPubKey, 204 SECItem *nickname, 205 PK11SlotInfo *slot, 206 unsigned char keyUsage, 207 SECKEYPrivateKey **unWrappedKey, 208 void *wincx); 209 210extern SECItem* 211crmf_get_public_value(SECKEYPublicKey *pubKey, SECItem *dest); 212 213extern CRMFCertExtension* 214crmf_copy_cert_extension(PRArenaPool *poolp, CRMFCertExtension *inExtension); 215 216extern SECStatus 217crmf_create_prtime(SECItem *src, PRTime **dest); 218#endif /*_CRMFI_H_*/