gecko/security/nss/lib/crmf/crmfi.h
Kai Engert a37ca8f2ef Bug 669061, Upgrade to NSS 3.13, starting with NSS_3_13_BETA1, r=wtc
--HG--
rename : security/nss/cmd/lib/SSLerrs.h => security/nss/lib/ssl/SSLerrs.h
rename : security/nss/cmd/lib/SECerrs.h => security/nss/lib/util/SECerrs.h
2011-08-19 17:27:10 +02:00

219 lines
7.8 KiB
C

/* -*- Mode: C; tab-width: 8 -*-*/
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#ifndef _CRMFI_H_
#define _CRMFI_H_
/* This file will contain all declarations common to both
* encoding and decoding of CRMF Cert Requests. This header
* file should only be included internally by CRMF implementation
* files.
*/
#include "secasn1.h"
#include "crmfit.h"
#include "secerr.h"
#include "blapit.h"
#define CRMF_DEFAULT_ARENA_SIZE 1024
/*
* Explanation for the definition of MAX_WRAPPED_KEY_LEN:
*
* It's used for internal buffers to transport a wrapped private key.
* The value is in BYTES.
* We want to define a reasonable upper bound for this value.
* Ideally this could be calculated, but in order to simplify the code
* we want to estimate the maximum requires size.
* See also bug 655850 for the full explanation.
*
* We know the largest wrapped keys are RSA keys.
* We'll estimate the maximum size needed for wrapped RSA keys,
* and assume it's sufficient for wrapped keys of any type we support.
*
* The maximum size of RSA keys in bits is defined elsewhere as
* RSA_MAX_MODULUS_BITS
*
* The idea is to define MAX_WRAPPED_KEY_LEN based on the above.
*
* A wrapped RSA key requires about
* ( ( RSA_MAX_MODULUS_BITS / 8 ) * 5.5) + 65
* bytes.
*
* Therefore, a safe upper bound is:
* ( ( RSA_MAX_MODULUS_BITS / 8 ) *8 ) = RSA_MAX_MODULUS_BITS
*
*/
#define MAX_WRAPPED_KEY_LEN RSA_MAX_MODULUS_BITS
#define CRMF_BITS_TO_BYTES(bits) (((bits)+7)/8)
#define CRMF_BYTES_TO_BITS(bytes) ((bytes)*8)
struct crmfEncoderArg {
SECItem *buffer;
long allocatedLen;
};
struct crmfEncoderOutput {
CRMFEncoderOutputCallback fn;
void *outputArg;
};
/*
* This function is used by the API for encoding functions that are
* exposed through the API, ie all of the CMMF_Encode* and CRMF_Encode*
* functions.
*/
extern void
crmf_encoder_out(void *arg, const char *buf, unsigned long len,
int depth, SEC_ASN1EncodingPart data_kind);
/*
* This function is used when we want to encode something locally within
* the library, ie the CertRequest so that we can produce its signature.
*/
extern SECStatus
crmf_init_encoder_callback_arg (struct crmfEncoderArg *encoderArg,
SECItem *derDest);
/*
* This is the callback function we feed to the ASN1 encoder when doing
* internal DER-encodings. ie, encoding the cert request so we can
* produce a signature.
*/
extern void
crmf_generic_encoder_callback(void *arg, const char* buf, unsigned long len,
int depth, SEC_ASN1EncodingPart data_kind);
/* The ASN1 templates that need to be seen by internal files
* in order to implement CRMF.
*/
extern const SEC_ASN1Template CRMFCertReqMsgTemplate[];
extern const SEC_ASN1Template CRMFRAVerifiedTemplate[];
extern const SEC_ASN1Template CRMFPOPOSigningKeyTemplate[];
extern const SEC_ASN1Template CRMFPOPOKeyEnciphermentTemplate[];
extern const SEC_ASN1Template CRMFPOPOKeyAgreementTemplate[];
extern const SEC_ASN1Template CRMFThisMessageTemplate[];
extern const SEC_ASN1Template CRMFSubsequentMessageTemplate[];
extern const SEC_ASN1Template CRMFDHMACTemplate[];
extern const SEC_ASN1Template CRMFEncryptedKeyWithEncryptedValueTemplate[];
extern const SEC_ASN1Template CRMFEncryptedValueTemplate[];
/*
* Use these two values for encoding Boolean values.
*/
extern const unsigned char hexTrue;
extern const unsigned char hexFalse;
/*
* Prototypes for helper routines used internally by multiple files.
*/
extern SECStatus crmf_encode_integer(PRArenaPool *poolp, SECItem *dest,
long value);
extern SECStatus crmf_make_bitstring_copy(PRArenaPool *arena, SECItem *dest,
SECItem *src);
extern SECStatus crmf_copy_pkiarchiveoptions(PRArenaPool *poolp,
CRMFPKIArchiveOptions *destOpt,
CRMFPKIArchiveOptions *srcOpt);
extern SECStatus
crmf_destroy_pkiarchiveoptions(CRMFPKIArchiveOptions *inArchOptions,
PRBool freeit);
extern const SEC_ASN1Template*
crmf_get_pkiarchiveoptions_subtemplate(CRMFControl *inControl);
extern SECStatus crmf_copy_encryptedkey(PRArenaPool *poolp,
CRMFEncryptedKey *srcEncrKey,
CRMFEncryptedKey *destEncrKey);
extern SECStatus
crmf_copy_encryptedvalue(PRArenaPool *poolp,
CRMFEncryptedValue *srcValue,
CRMFEncryptedValue *destValue);
extern SECStatus
crmf_copy_encryptedvalue_secalg(PRArenaPool *poolp,
SECAlgorithmID *srcAlgId,
SECAlgorithmID **destAlgId);
extern SECStatus crmf_template_copy_secalg(PRArenaPool *poolp,
SECAlgorithmID **dest,
SECAlgorithmID *src);
extern SECStatus crmf_copy_cert_name(PRArenaPool *poolp, CERTName **dest,
CERTName *src);
extern SECStatus crmf_template_add_public_key(PRArenaPool *poolp,
CERTSubjectPublicKeyInfo **dest,
CERTSubjectPublicKeyInfo *pubKey);
extern CRMFCertExtension* crmf_create_cert_extension(PRArenaPool *poolp,
SECOidTag tag,
PRBool isCritical,
SECItem *data);
extern CRMFCertRequest*
crmf_copy_cert_request(PRArenaPool *poolp, CRMFCertRequest *srcReq);
extern SECStatus crmf_destroy_encrypted_value(CRMFEncryptedValue *inEncrValue,
PRBool freeit);
extern CRMFEncryptedValue *
crmf_create_encrypted_value_wrapped_privkey(SECKEYPrivateKey *inPrivKey,
SECKEYPublicKey *inPubKey,
CRMFEncryptedValue *destValue);
extern CK_MECHANISM_TYPE
crmf_get_mechanism_from_public_key(SECKEYPublicKey *inPubKey);
extern SECStatus
crmf_encrypted_value_unwrap_priv_key(PRArenaPool *poolp,
CRMFEncryptedValue *encValue,
SECKEYPrivateKey *privKey,
SECKEYPublicKey *newPubKey,
SECItem *nickname,
PK11SlotInfo *slot,
unsigned char keyUsage,
SECKEYPrivateKey **unWrappedKey,
void *wincx);
extern SECItem*
crmf_get_public_value(SECKEYPublicKey *pubKey, SECItem *dest);
extern CRMFCertExtension*
crmf_copy_cert_extension(PRArenaPool *poolp, CRMFCertExtension *inExtension);
extern SECStatus
crmf_create_prtime(SECItem *src, PRTime **dest);
#endif /*_CRMFI_H_*/