OLD | NEW |
1 /* -*- Mode: C; tab-width: 8 -*-*/ | 1 /* -*- Mode: C; tab-width: 8 -*-*/ |
2 /* This Source Code Form is subject to the terms of the Mozilla Public | 2 /* This Source Code Form is subject to the terms of the Mozilla Public |
3 * License, v. 2.0. If a copy of the MPL was not distributed with this | 3 * License, v. 2.0. If a copy of the MPL was not distributed with this |
4 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 4 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
5 | 5 |
6 | |
7 #ifndef _CRMFI_H_ | 6 #ifndef _CRMFI_H_ |
8 #define _CRMFI_H_ | 7 #define _CRMFI_H_ |
9 /* This file will contain all declarations common to both | 8 /* This file will contain all declarations common to both |
10 * encoding and decoding of CRMF Cert Requests. This header | 9 * encoding and decoding of CRMF Cert Requests. This header |
11 * file should only be included internally by CRMF implementation | 10 * file should only be included internally by CRMF implementation |
12 * files. | 11 * files. |
13 */ | 12 */ |
14 #include "secasn1.h" | 13 #include "secasn1.h" |
15 #include "crmfit.h" | 14 #include "crmfit.h" |
16 #include "secerr.h" | 15 #include "secerr.h" |
17 #include "blapit.h" | 16 #include "blapit.h" |
18 | 17 |
19 #define CRMF_DEFAULT_ARENA_SIZE 1024 | 18 #define CRMF_DEFAULT_ARENA_SIZE 1024 |
20 | 19 |
21 /* | 20 /* |
22 * Explanation for the definition of MAX_WRAPPED_KEY_LEN: | 21 * Explanation for the definition of MAX_WRAPPED_KEY_LEN: |
23 * | 22 * |
24 * It's used for internal buffers to transport a wrapped private key. | 23 * It's used for internal buffers to transport a wrapped private key. |
25 * The value is in BYTES. | 24 * The value is in BYTES. |
26 * We want to define a reasonable upper bound for this value. | 25 * We want to define a reasonable upper bound for this value. |
27 * Ideally this could be calculated, but in order to simplify the code | 26 * Ideally this could be calculated, but in order to simplify the code |
28 * we want to estimate the maximum requires size. | 27 * we want to estimate the maximum requires size. |
29 * See also bug 655850 for the full explanation. | 28 * See also bug 655850 for the full explanation. |
30 * | 29 * |
31 * We know the largest wrapped keys are RSA keys. | 30 * We know the largest wrapped keys are RSA keys. |
32 * We'll estimate the maximum size needed for wrapped RSA keys, | 31 * We'll estimate the maximum size needed for wrapped RSA keys, |
33 * and assume it's sufficient for wrapped keys of any type we support. | 32 * and assume it's sufficient for wrapped keys of any type we support. |
34 * | 33 * |
35 * The maximum size of RSA keys in bits is defined elsewhere as | 34 * The maximum size of RSA keys in bits is defined elsewhere as |
36 * RSA_MAX_MODULUS_BITS | 35 * RSA_MAX_MODULUS_BITS |
37 * | 36 * |
38 * The idea is to define MAX_WRAPPED_KEY_LEN based on the above. | 37 * The idea is to define MAX_WRAPPED_KEY_LEN based on the above. |
39 * | 38 * |
40 * A wrapped RSA key requires about | 39 * A wrapped RSA key requires about |
41 * ( ( RSA_MAX_MODULUS_BITS / 8 ) * 5.5) + 65 | 40 * ( ( RSA_MAX_MODULUS_BITS / 8 ) * 5.5) + 65 |
42 * bytes. | 41 * bytes. |
43 * | 42 * |
44 * Therefore, a safe upper bound is: | 43 * Therefore, a safe upper bound is: |
45 * ( ( RSA_MAX_MODULUS_BITS / 8 ) *8 ) = RSA_MAX_MODULUS_BITS | 44 * ( ( RSA_MAX_MODULUS_BITS / 8 ) *8 ) = RSA_MAX_MODULUS_BITS |
46 * | 45 * |
47 */ | 46 */ |
48 #define MAX_WRAPPED_KEY_LEN RSA_MAX_MODULUS_BITS | 47 #define MAX_WRAPPED_KEY_LEN RSA_MAX_MODULUS_BITS |
49 | 48 |
50 #define CRMF_BITS_TO_BYTES(bits) (((bits)+7)/8) | 49 #define CRMF_BITS_TO_BYTES(bits) (((bits) + 7) / 8) |
51 #define CRMF_BYTES_TO_BITS(bytes) ((bytes)*8) | 50 #define CRMF_BYTES_TO_BITS(bytes) ((bytes) * 8) |
52 | 51 |
53 struct crmfEncoderArg { | 52 struct crmfEncoderArg { |
54 SECItem *buffer; | 53 SECItem *buffer; |
55 long allocatedLen; | 54 long allocatedLen; |
56 }; | 55 }; |
57 | 56 |
58 struct crmfEncoderOutput { | 57 struct crmfEncoderOutput { |
59 CRMFEncoderOutputCallback fn; | 58 CRMFEncoderOutputCallback fn; |
60 void *outputArg; | 59 void *outputArg; |
61 }; | 60 }; |
62 | 61 |
63 /* | 62 /* |
64 * This function is used by the API for encoding functions that are | 63 * This function is used by the API for encoding functions that are |
65 * exposed through the API, ie all of the CMMF_Encode* and CRMF_Encode* | 64 * exposed through the API, ie all of the CMMF_Encode* and CRMF_Encode* |
66 * functions. | 65 * functions. |
67 */ | 66 */ |
68 extern void | 67 extern void crmf_encoder_out(void *arg, const char *buf, unsigned long len, |
69 crmf_encoder_out(void *arg, const char *buf, unsigned long len, | 68 int depth, SEC_ASN1EncodingPart data_kind); |
70 int depth, SEC_ASN1EncodingPart data_kind); | |
71 | 69 |
72 /* | 70 /* |
73 * This function is used when we want to encode something locally within | 71 * This function is used when we want to encode something locally within |
74 * the library, ie the CertRequest so that we can produce its signature. | 72 * the library, ie the CertRequest so that we can produce its signature. |
75 */ | 73 */ |
76 extern SECStatus· | 74 extern SECStatus crmf_init_encoder_callback_arg( |
77 crmf_init_encoder_callback_arg (struct crmfEncoderArg *encoderArg, | 75 struct crmfEncoderArg *encoderArg, SECItem *derDest); |
78 » » » » SECItem *derDest); | |
79 | 76 |
80 /* | 77 /* |
81 * This is the callback function we feed to the ASN1 encoder when doing | 78 * This is the callback function we feed to the ASN1 encoder when doing |
82 * internal DER-encodings. ie, encoding the cert request so we can | 79 * internal DER-encodings. ie, encoding the cert request so we can |
83 * produce a signature. | 80 * produce a signature. |
84 */ | 81 */ |
85 extern void | 82 extern void crmf_generic_encoder_callback(void *arg, const char *buf, |
86 crmf_generic_encoder_callback(void *arg, const char* buf, unsigned long len, | 83 unsigned long len, int depth, |
87 » » » int depth, SEC_ASN1EncodingPart data_kind); | 84 SEC_ASN1EncodingPart data_kind); |
88 | 85 |
89 /* The ASN1 templates that need to be seen by internal files | 86 /* The ASN1 templates that need to be seen by internal files |
90 * in order to implement CRMF. | 87 * in order to implement CRMF. |
91 */ | 88 */ |
92 extern const SEC_ASN1Template CRMFCertReqMsgTemplate[]; | 89 extern const SEC_ASN1Template CRMFCertReqMsgTemplate[]; |
93 extern const SEC_ASN1Template CRMFRAVerifiedTemplate[]; | 90 extern const SEC_ASN1Template CRMFRAVerifiedTemplate[]; |
94 extern const SEC_ASN1Template CRMFPOPOSigningKeyTemplate[]; | 91 extern const SEC_ASN1Template CRMFPOPOSigningKeyTemplate[]; |
95 extern const SEC_ASN1Template CRMFPOPOKeyEnciphermentTemplate[]; | 92 extern const SEC_ASN1Template CRMFPOPOKeyEnciphermentTemplate[]; |
96 extern const SEC_ASN1Template CRMFPOPOKeyAgreementTemplate[]; | 93 extern const SEC_ASN1Template CRMFPOPOKeyAgreementTemplate[]; |
97 extern const SEC_ASN1Template CRMFThisMessageTemplate[]; | 94 extern const SEC_ASN1Template CRMFThisMessageTemplate[]; |
98 extern const SEC_ASN1Template CRMFSubsequentMessageTemplate[]; | 95 extern const SEC_ASN1Template CRMFSubsequentMessageTemplate[]; |
99 extern const SEC_ASN1Template CRMFDHMACTemplate[]; | 96 extern const SEC_ASN1Template CRMFDHMACTemplate[]; |
100 extern const SEC_ASN1Template CRMFEncryptedKeyWithEncryptedValueTemplate[]; | 97 extern const SEC_ASN1Template CRMFEncryptedKeyWithEncryptedValueTemplate[]; |
101 extern const SEC_ASN1Template CRMFEncryptedValueTemplate[]; | 98 extern const SEC_ASN1Template CRMFEncryptedValueTemplate[]; |
102 | 99 |
103 /* | 100 /* |
104 * Use these two values for encoding Boolean values. | 101 * Use these two values for encoding Boolean values. |
105 */ | 102 */ |
106 extern const unsigned char hexTrue; | 103 extern const unsigned char hexTrue; |
107 extern const unsigned char hexFalse; | 104 extern const unsigned char hexFalse; |
108 /* | 105 /* |
109 * Prototypes for helper routines used internally by multiple files. | 106 * Prototypes for helper routines used internally by multiple files. |
110 */ | 107 */ |
111 extern SECStatus crmf_encode_integer(PLArenaPool *poolp, SECItem *dest, | 108 extern SECStatus crmf_encode_integer(PLArenaPool *poolp, SECItem *dest, |
112 » » » » long value); | 109 long value); |
113 extern SECStatus crmf_make_bitstring_copy(PLArenaPool *arena, SECItem *dest, | 110 extern SECStatus crmf_make_bitstring_copy(PLArenaPool *arena, SECItem *dest, |
114 » » » » » SECItem *src); | 111 SECItem *src); |
115 | 112 |
116 extern SECStatus crmf_copy_pkiarchiveoptions(PLArenaPool *poolp, | 113 extern SECStatus crmf_copy_pkiarchiveoptions(PLArenaPool *poolp, |
117 » » » » » CRMFPKIArchiveOptions *destOpt, | 114 CRMFPKIArchiveOptions *destOpt, |
118 » » » » » CRMFPKIArchiveOptions *srcOpt); | 115 CRMFPKIArchiveOptions *srcOpt); |
119 extern SECStatus·· | 116 extern SECStatus crmf_destroy_pkiarchiveoptions( |
120 crmf_destroy_pkiarchiveoptions(CRMFPKIArchiveOptions *inArchOptions, | 117 CRMFPKIArchiveOptions *inArchOptions, PRBool freeit); |
121 » » » » PRBool freeit); | 118 extern const SEC_ASN1Template *crmf_get_pkiarchiveoptions_subtemplate( |
122 extern const SEC_ASN1Template* | 119 CRMFControl *inControl); |
123 crmf_get_pkiarchiveoptions_subtemplate(CRMFControl *inControl); | |
124 | 120 |
125 extern SECStatus crmf_copy_encryptedkey(PLArenaPool *poolp, | 121 extern SECStatus crmf_copy_encryptedkey(PLArenaPool *poolp, |
126 » » » » » CRMFEncryptedKey *srcEncrKey, | 122 CRMFEncryptedKey *srcEncrKey, |
127 » » » » » CRMFEncryptedKey *destEncrKey); | 123 CRMFEncryptedKey *destEncrKey); |
128 extern SECStatus | 124 extern SECStatus crmf_copy_encryptedvalue(PLArenaPool *poolp, |
129 crmf_copy_encryptedvalue(PLArenaPool *poolp, | 125 CRMFEncryptedValue *srcValue, |
130 » » » CRMFEncryptedValue *srcValue, | 126 CRMFEncryptedValue *destValue); |
131 » » » CRMFEncryptedValue *destValue); | |
132 | 127 |
133 extern SECStatus | 128 extern SECStatus crmf_copy_encryptedvalue_secalg(PLArenaPool *poolp, |
134 crmf_copy_encryptedvalue_secalg(PLArenaPool *poolp, | 129 SECAlgorithmID *srcAlgId, |
135 » » » » SECAlgorithmID *srcAlgId, | 130 SECAlgorithmID **destAlgId); |
136 » » » » SECAlgorithmID **destAlgId); | |
137 | 131 |
138 extern SECStatus crmf_template_copy_secalg(PLArenaPool *poolp, | 132 extern SECStatus crmf_template_copy_secalg(PLArenaPool *poolp, |
139 » » » » » SECAlgorithmID **dest, | 133 SECAlgorithmID **dest, |
140 » » » » » SECAlgorithmID *src); | 134 SECAlgorithmID *src); |
141 | 135 |
142 extern SECStatus crmf_copy_cert_name(PLArenaPool *poolp, CERTName **dest, | 136 extern SECStatus crmf_copy_cert_name(PLArenaPool *poolp, CERTName **dest, |
143 » » » » CERTName *src); | 137 CERTName *src); |
144 | 138 |
145 extern SECStatus crmf_template_add_public_key(PLArenaPool *poolp, | 139 extern SECStatus crmf_template_add_public_key(PLArenaPool *poolp, |
146 » » » » » CERTSubjectPublicKeyInfo **dest, | 140 CERTSubjectPublicKeyInfo **dest, |
147 » » » » » CERTSubjectPublicKeyInfo *pubKey)
; | 141 CERTSubjectPublicKeyInfo *pubKey); |
148 | 142 |
149 extern CRMFCertExtension* crmf_create_cert_extension(PLArenaPool *poolp, | 143 extern CRMFCertExtension *crmf_create_cert_extension(PLArenaPool *poolp, |
150 » » » » » » SECOidTag tag,· | 144 SECOidTag tag, |
151 » » » » » » PRBool isCritical, | 145 PRBool isCritical, |
152 » » » » » » SECItem *data); | 146 SECItem *data); |
153 extern CRMFCertRequest* | 147 extern CRMFCertRequest *crmf_copy_cert_request(PLArenaPool *poolp, |
154 crmf_copy_cert_request(PLArenaPool *poolp, CRMFCertRequest *srcReq); | 148 CRMFCertRequest *srcReq); |
155 | 149 |
156 extern SECStatus crmf_destroy_encrypted_value(CRMFEncryptedValue *inEncrValue,· | 150 extern SECStatus crmf_destroy_encrypted_value(CRMFEncryptedValue *inEncrValue, |
157 » » » » » PRBool freeit); | 151 PRBool freeit); |
158 | 152 |
159 extern CRMFEncryptedValue * | 153 extern CRMFEncryptedValue *crmf_create_encrypted_value_wrapped_privkey( |
160 crmf_create_encrypted_value_wrapped_privkey(SECKEYPrivateKey *inPrivKey, | 154 SECKEYPrivateKey *inPrivKey, SECKEYPublicKey *inPubKey, |
161 » » » » » SECKEYPublicKey *inPubKey, | 155 CRMFEncryptedValue *destValue); |
162 » » » » » CRMFEncryptedValue *destValue); | |
163 | 156 |
164 extern CK_MECHANISM_TYPE· | 157 extern CK_MECHANISM_TYPE crmf_get_mechanism_from_public_key( |
165 crmf_get_mechanism_from_public_key(SECKEYPublicKey *inPubKey); | 158 SECKEYPublicKey *inPubKey); |
166 | 159 |
167 extern SECStatus | 160 extern SECStatus crmf_encrypted_value_unwrap_priv_key( |
168 crmf_encrypted_value_unwrap_priv_key(PLArenaPool *poolp, | 161 PLArenaPool *poolp, CRMFEncryptedValue *encValue, SECKEYPrivateKey *privKey, |
169 » » » » CRMFEncryptedValue *encValue, | 162 SECKEYPublicKey *newPubKey, SECItem *nickname, PK11SlotInfo *slot, |
170 » » » » SECKEYPrivateKey *privKey, | 163 unsigned char keyUsage, SECKEYPrivateKey **unWrappedKey, void *wincx); |
171 » » » » SECKEYPublicKey *newPubKey, | |
172 » » » » SECItem *nickname, | |
173 » » » » PK11SlotInfo *slot, | |
174 » » » » unsigned char keyUsage, | |
175 » » » » SECKEYPrivateKey **unWrappedKey, | |
176 » » » » void *wincx); | |
177 | 164 |
178 extern SECItem* | 165 extern SECItem *crmf_get_public_value(SECKEYPublicKey *pubKey, SECItem *dest); |
179 crmf_get_public_value(SECKEYPublicKey *pubKey, SECItem *dest); | |
180 | 166 |
181 extern CRMFCertExtension* | 167 extern CRMFCertExtension *crmf_copy_cert_extension( |
182 crmf_copy_cert_extension(PLArenaPool *poolp, CRMFCertExtension *inExtension); | 168 PLArenaPool *poolp, CRMFCertExtension *inExtension); |
183 | 169 |
184 extern SECStatus | 170 extern SECStatus crmf_create_prtime(SECItem *src, PRTime **dest); |
185 crmf_create_prtime(SECItem *src, PRTime **dest); | |
186 #endif /*_CRMFI_H_*/ | 171 #endif /*_CRMFI_H_*/ |
OLD | NEW |