/* -*- Mode: C; tab-width: 8 -*-*/ /* ***** BEGIN LICENSE BLOCK ***** * Version: MPL 1.1/GPL 2.0/LGPL 2.1 * * The contents of this file are subject to the Mozilla Public License Version * 1.1 (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * http://www.mozilla.org/MPL/ * * Software distributed under the License is distributed on an "AS IS" basis, * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License * for the specific language governing rights and limitations under the * License. * * The Original Code is the Netscape security libraries. * * The Initial Developer of the Original Code is * Netscape Communications Corporation. * Portions created by the Initial Developer are Copyright (C) 1994-2000 * the Initial Developer. All Rights Reserved. * * Contributor(s): * * Alternatively, the contents of this file may be used under the terms of * either the GNU General Public License Version 2 or later (the "GPL"), or * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), * in which case the provisions of the GPL or the LGPL are applicable instead * of those above. If you wish to allow use of your version of this file only * under the terms of either the GPL or the LGPL, and not to allow others to * use your version of this file under the terms of the MPL, indicate your * decision by deleting the provisions above and replace them with the notice * and other provisions required by the GPL or the LGPL. If you do not delete * the provisions above, a recipient may use your version of this file under * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ #ifndef _CRMFI_H_ #define _CRMFI_H_ /* This file will contain all declarations common to both * encoding and decoding of CRMF Cert Requests. This header * file should only be included internally by CRMF implementation * files. */ #include "secasn1.h" #include "crmfit.h" #include "secerr.h" #include "blapit.h" #define CRMF_DEFAULT_ARENA_SIZE 1024 /* * Explanation for the definition of MAX_WRAPPED_KEY_LEN: * * It's used for internal buffers to transport a wrapped private key. * The value is in BYTES. * We want to define a reasonable upper bound for this value. * Ideally this could be calculated, but in order to simplify the code * we want to estimate the maximum requires size. * See also bug 655850 for the full explanation. * * We know the largest wrapped keys are RSA keys. * We'll estimate the maximum size needed for wrapped RSA keys, * and assume it's sufficient for wrapped keys of any type we support. * * The maximum size of RSA keys in bits is defined elsewhere as * RSA_MAX_MODULUS_BITS * * The idea is to define MAX_WRAPPED_KEY_LEN based on the above. * * A wrapped RSA key requires about * ( ( RSA_MAX_MODULUS_BITS / 8 ) * 5.5) + 65 * bytes. * * Therefore, a safe upper bound is: * ( ( RSA_MAX_MODULUS_BITS / 8 ) *8 ) = RSA_MAX_MODULUS_BITS * */ #define MAX_WRAPPED_KEY_LEN RSA_MAX_MODULUS_BITS #define CRMF_BITS_TO_BYTES(bits) (((bits)+7)/8) #define CRMF_BYTES_TO_BITS(bytes) ((bytes)*8) struct crmfEncoderArg { SECItem *buffer; long allocatedLen; }; struct crmfEncoderOutput { CRMFEncoderOutputCallback fn; void *outputArg; }; /* * This function is used by the API for encoding functions that are * exposed through the API, ie all of the CMMF_Encode* and CRMF_Encode* * functions. */ extern void crmf_encoder_out(void *arg, const char *buf, unsigned long len, int depth, SEC_ASN1EncodingPart data_kind); /* * This function is used when we want to encode something locally within * the library, ie the CertRequest so that we can produce its signature. */ extern SECStatus crmf_init_encoder_callback_arg (struct crmfEncoderArg *encoderArg, SECItem *derDest); /* * This is the callback function we feed to the ASN1 encoder when doing * internal DER-encodings. ie, encoding the cert request so we can * produce a signature. */ extern void crmf_generic_encoder_callback(void *arg, const char* buf, unsigned long len, int depth, SEC_ASN1EncodingPart data_kind); /* The ASN1 templates that need to be seen by internal files * in order to implement CRMF. */ extern const SEC_ASN1Template CRMFCertReqMsgTemplate[]; extern const SEC_ASN1Template CRMFRAVerifiedTemplate[]; extern const SEC_ASN1Template CRMFPOPOSigningKeyTemplate[]; extern const SEC_ASN1Template CRMFPOPOKeyEnciphermentTemplate[]; extern const SEC_ASN1Template CRMFPOPOKeyAgreementTemplate[]; extern const SEC_ASN1Template CRMFThisMessageTemplate[]; extern const SEC_ASN1Template CRMFSubsequentMessageTemplate[]; extern const SEC_ASN1Template CRMFDHMACTemplate[]; extern const SEC_ASN1Template CRMFEncryptedKeyWithEncryptedValueTemplate[]; extern const SEC_ASN1Template CRMFEncryptedValueTemplate[]; /* * Use these two values for encoding Boolean values. */ extern const unsigned char hexTrue; extern const unsigned char hexFalse; /* * Prototypes for helper routines used internally by multiple files. */ extern SECStatus crmf_encode_integer(PRArenaPool *poolp, SECItem *dest, long value); extern SECStatus crmf_make_bitstring_copy(PRArenaPool *arena, SECItem *dest, SECItem *src); extern SECStatus crmf_copy_pkiarchiveoptions(PRArenaPool *poolp, CRMFPKIArchiveOptions *destOpt, CRMFPKIArchiveOptions *srcOpt); extern SECStatus crmf_destroy_pkiarchiveoptions(CRMFPKIArchiveOptions *inArchOptions, PRBool freeit); extern const SEC_ASN1Template* crmf_get_pkiarchiveoptions_subtemplate(CRMFControl *inControl); extern SECStatus crmf_copy_encryptedkey(PRArenaPool *poolp, CRMFEncryptedKey *srcEncrKey, CRMFEncryptedKey *destEncrKey); extern SECStatus crmf_copy_encryptedvalue(PRArenaPool *poolp, CRMFEncryptedValue *srcValue, CRMFEncryptedValue *destValue); extern SECStatus crmf_copy_encryptedvalue_secalg(PRArenaPool *poolp, SECAlgorithmID *srcAlgId, SECAlgorithmID **destAlgId); extern SECStatus crmf_template_copy_secalg(PRArenaPool *poolp, SECAlgorithmID **dest, SECAlgorithmID *src); extern SECStatus crmf_copy_cert_name(PRArenaPool *poolp, CERTName **dest, CERTName *src); extern SECStatus crmf_template_add_public_key(PRArenaPool *poolp, CERTSubjectPublicKeyInfo **dest, CERTSubjectPublicKeyInfo *pubKey); extern CRMFCertExtension* crmf_create_cert_extension(PRArenaPool *poolp, SECOidTag tag, PRBool isCritical, SECItem *data); extern CRMFCertRequest* crmf_copy_cert_request(PRArenaPool *poolp, CRMFCertRequest *srcReq); extern SECStatus crmf_destroy_encrypted_value(CRMFEncryptedValue *inEncrValue, PRBool freeit); extern CRMFEncryptedValue * crmf_create_encrypted_value_wrapped_privkey(SECKEYPrivateKey *inPrivKey, SECKEYPublicKey *inPubKey, CRMFEncryptedValue *destValue); extern CK_MECHANISM_TYPE crmf_get_mechanism_from_public_key(SECKEYPublicKey *inPubKey); extern SECStatus crmf_encrypted_value_unwrap_priv_key(PRArenaPool *poolp, CRMFEncryptedValue *encValue, SECKEYPrivateKey *privKey, SECKEYPublicKey *newPubKey, SECItem *nickname, PK11SlotInfo *slot, unsigned char keyUsage, SECKEYPrivateKey **unWrappedKey, void *wincx); extern SECItem* crmf_get_public_value(SECKEYPublicKey *pubKey, SECItem *dest); extern CRMFCertExtension* crmf_copy_cert_extension(PRArenaPool *poolp, CRMFCertExtension *inExtension); extern SECStatus crmf_create_prtime(SECItem *src, PRTime **dest); #endif /*_CRMFI_H_*/