tor-browser

crmffut.h (13218B)

---

/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */

/*
* These functions to be implemented in the future if the features
* which these functions would implement wind up being needed.
*/

/*
* Use this function to create the CRMFSinglePubInfo* variables that will
* populate the inPubInfoArray parameter for the function
* CRMF_CreatePKIPublicationInfo.
*
* "inPubMethod" specifies which publication method will be used
* "pubLocation" is a representation of the location where
*/
extern CRMFSinglePubInfo *
CRMF_CreateSinglePubInfo(CRMFPublicationMethod inPubMethod,
                        CRMFGeneralName *pubLocation);

/*
* Create a PKIPublicationInfo that can later be passed to the function
* CRMFAddPubInfoControl.
*/
extern CRMFPKIPublicationInfo *
CRMF_CreatePKIPublicationInfo(CRMFPublicationAction inAction,
                             CRMFSinglePubInfo **inPubInfoArray,
                             int numPubInfo);

/*
* Only call this function on a CRMFPublicationInfo that was created by
* CRMF_CreatePKIPublicationInfo that was passed in NULL for arena.
*/

extern SECStatus
CRMF_DestroyPKIPublicationInfo(CRMFPKIPublicationInfo *inPubInfo);

extern SECStatus CRMF_AddPubInfoControl(CRMFCertRequest *inCertReq,
                                       CRMFPKIPublicationInfo *inPubInfo);

/*
* This is to create a Cert ID Control which can later be added to
* a certificate request.
*/
extern CRMFCertID *CRMF_CreateCertID(CRMFGeneralName *issuer,
                                    long serialNumber);

extern SECStatus CRMF_DestroyCertID(CRMFCertID *certID);

extern SECStatus CRMF_AddCertIDControl(CRMFCertRequest *inCertReq,
                                      CRMFCertID *certID);

extern SECStatus
CRMF_AddProtocolEncryptioKeyControl(CRMFCertRequest *inCertReq,
                                   CERTSubjectPublicKeyInfo *spki);

/*
* Add the ASCII Pairs Registration Info to the Certificate Request.
* The SECItem must be an OCTET string representation.
*/
extern SECStatus
CRMF_AddUTF8PairsRegInfo(CRMFCertRequest *inCertReq,
                        SECItem *asciiPairs);

/*
* This takes a CertRequest and adds it to another CertRequest.
*/
extern SECStatus
CRMF_AddCertReqToRegInfo(CRMFCertRequest *certReqToAddTo,
                        CRMFCertRequest *certReqBeingAdded);

/*
* Returns which option was used for the authInfo field of POPOSigningKeyInput
*/
extern CRMFPOPOSkiInputAuthChoice
CRMF_GetSignKeyInputAuthChoice(CRMFPOPOSigningKeyInput *inKeyInput);

/*
* Gets the PKMACValue associated with the POPOSigningKeyInput.
* If the POPOSigningKeyInput did not use authInfo.publicKeyMAC
* the function returns SECFailure and the value at *destValue is unchanged.
*
* If the POPOSigningKeyInput did use authInfo.publicKeyMAC, the function
* returns SECSuccess and places the PKMACValue at *destValue.
*/
extern SECStatus
CRMF_GetSignKeyInputPKMACValue(CRMFPOPOSigningKeyInput *inKeyInput,
                              CRMFPKMACValue **destValue);
/*
* Gets the SubjectPublicKeyInfo from the POPOSigningKeyInput
*/
extern CERTSubjectPublicKeyInfo *
CRMF_GetSignKeyInputPublicKey(CRMFPOPOSigningKeyInput *inKeyInput);

/*
* Return the value for the PKIPublicationInfo Control.
* A return value of NULL indicates that the Control was
* not a PKIPublicationInfo Control.  Call
* CRMF_DestroyPKIPublicationInfo on the return value when done
* using the pointer.
*/
extern CRMFPKIPublicationInfo *CRMF_GetPKIPubInfo(CRMFControl *inControl);

/*
* Free up a CRMFPKIPublicationInfo structure.
*/
extern SECStatus
CRMF_DestroyPKIPublicationInfo(CRMFPKIPublicationInfo *inPubInfo);

/*
* Get the choice used for action in this PKIPublicationInfo.
*/
extern CRMFPublicationAction
CRMF_GetPublicationAction(CRMFPKIPublicationInfo *inPubInfo);

/*
* Get the number of pubInfos are stored in the PKIPubicationInfo.
*/
extern int CRMF_GetNumPubInfos(CRMFPKIPublicationInfo *inPubInfo);

/*
* Get the pubInfo at index for the given PKIPubicationInfo.
* Indexing is done like a traditional C Array. (0 .. numElements-1)
*/
extern CRMFSinglePubInfo *
CRMF_GetPubInfoAtIndex(CRMFPKIPublicationInfo *inPubInfo,
                      int index);

/*
* Destroy the CRMFSinglePubInfo.
*/
extern SECStatus CRMF_DestroySinglePubInfo(CRMFSinglePubInfo *inPubInfo);

/*
* Get the pubMethod used by the SinglePubInfo.
*/
extern CRMFPublicationMethod
CRMF_GetPublicationMethod(CRMFSinglePubInfo *inPubInfo);

/*
* Get the pubLocation associated with the SinglePubInfo.
* A NULL return value indicates there was no pubLocation associated
* with the SinglePuInfo.
*/
extern CRMFGeneralName *CRMF_GetPubLocation(CRMFSinglePubInfo *inPubInfo);

/*
* Get the authInfo.sender field out of the POPOSigningKeyInput.
* If the POPOSigningKeyInput did not use the authInfo the function
* returns SECFailure and the value at *destName is unchanged.
*
* If the POPOSigningKeyInput did use authInfo.sender, the function returns
* SECSuccess and puts the authInfo.sender at *destName/
*/
extern SECStatus CRMF_GetSignKeyInputSender(CRMFPOPOSigningKeyInput *keyInput,
                                           CRMFGeneralName **destName);

/**************** CMMF Functions that need to be added. **********************/

/*
* FUNCTION: CMMF_POPODecKeyChallContentSetNextChallenge
* INPUTS:
*    inDecKeyChall
*        The CMMFPOPODecKeyChallContent to operate on.
*    inRandom
*        The random number to use when generating the challenge,
*    inSender
*        The GeneralName representation of the sender of the challenge.
*    inPubKey
*        The public key to use when encrypting the challenge.
* NOTES:
*    This function adds a challenge to the end of the list of challenges
*    contained by 'inDecKeyChall'.  Refer to the CMMF draft on how the
*    the random number passed in and the sender's GeneralName are used
*    to generate the challenge and witness fields of the challenge.  This
*    library will use SHA1 as the one-way function for generating the
*    witess field of the challenge.
*
* RETURN:
*    SECSuccess if generating the challenge and adding to the end of list
*    of challenges was successful.  Any other return value indicates an error
*    while trying to generate the challenge.
*/
extern SECStatus
CMMF_POPODecKeyChallContentSetNextChallenge(CMMFPOPODecKeyChallContent *inDecKeyChall,
                                           long inRandom,
                                           CERTGeneralName *inSender,
                                           SECKEYPublicKey *inPubKey);

/*
* FUNCTION: CMMF_POPODecKeyChallContentGetNumChallenges
* INPUTS:
*    inKeyChallCont
*        The CMMFPOPODecKeyChallContent to operate on.
* RETURN:
*    This function returns the number of CMMFChallenges are contained in
*    the CMMFPOPODecKeyChallContent structure.
*/
extern int CMMF_POPODecKeyChallContentGetNumChallenges(CMMFPOPODecKeyChallContent *inKeyChallCont);

/*
* FUNCTION: CMMF_ChallengeGetRandomNumber
* INPUTS:
*    inChallenge
*        The CMMFChallenge to operate on.
*    inDest
*        A pointer to a user supplied buffer where the library
*        can place a copy of the random integer contatained in the
*        challenge.
* NOTES:
*    This function returns the value held in the decrypted Rand structure
*    corresponding to the random integer.  The user must call
*    CMMF_ChallengeDecryptWitness before calling this function.  Call
*    CMMF_ChallengeIsDecrypted to find out if the challenge has been
*    decrypted.
*
* RETURN:
*    SECSuccess indicates the witness field has been previously decrypted
*    and the value for the random integer was successfully placed at *inDest.
*    Any other return value indicates an error and that the value at *inDest
*    is not a valid value.
*/
extern SECStatus CMMF_ChallengeGetRandomNumber(CMMFChallenge *inChallenge,
                                              long *inDest);

/*
* FUNCTION: CMMF_ChallengeGetSender
* INPUTS:
*    inChallenge
*        the CMMFChallenge to operate on.
* NOTES:
*    This function returns the value held in the decrypted Rand structure
*    corresponding to the sender.  The user must call
*    CMMF_ChallengeDecryptWitness before calling this function.  Call
*    CMMF_ChallengeIsDecrypted to find out if the witness field has been
*    decrypted.  The user must call CERT_DestroyGeneralName after the return
*    value is no longer needed.
*
* RETURN:
*    A pointer to a copy of the sender CERTGeneralName.  A return value of
*    NULL indicates an error in trying to copy the information or that the
*    witness field has not been decrypted.
*/
extern CERTGeneralName *CMMF_ChallengeGetSender(CMMFChallenge *inChallenge);

/*
* FUNCTION: CMMF_ChallengeGetAlgId
* INPUTS:
*    inChallenge
*        The CMMFChallenge to operate on.
*    inDestAlgId
*        A pointer to memory where a pointer to a copy of the algorithm
*        id can be placed.
* NOTES:
*    This function retrieves the one way function algorithm identifier
*    contained within the CMMFChallenge if the optional field is present.
*
* RETURN:
*    SECSucces indicates the function was able to place a pointer to a copy of
*    the alogrithm id at *inAlgId.  If the value at *inDestAlgId is NULL,
*    that means there was no algorithm identifier present in the
*    CMMFChallenge.  Any other return value indicates the function was not
*    able to make a copy of the algorithm identifier.  In this case the value
*    at *inDestAlgId is not valid.
*/
extern SECStatus CMMF_ChallengeGetAlgId(CMMFChallenge *inChallenge,
                                       SECAlgorithmID *inAlgId);

/*
* FUNCTION: CMMF_DestroyChallenge
* INPUTS:
*    inChallenge
*        The CMMFChallenge to free up.
* NOTES:
*    This function frees up all the memory associated with the CMMFChallenge
*    passed in.
* RETURN:
*    SECSuccess if freeing all the memory associated with the CMMFChallenge
*    passed in is successful.  Any other return value indicates an error
*    while freeing the memory.
*/
extern SECStatus CMMF_DestroyChallenge(CMMFChallenge *inChallenge);

/*
* FUNCTION: CMMF_DestroyPOPODecKeyRespContent
* INPUTS:
*    inDecKeyResp
*        The CMMFPOPODecKeyRespContent structure to free.
* NOTES:
*    This function frees up all the memory associate with the
*    CMMFPOPODecKeyRespContent.
*
* RETURN:
*    SECSuccess if freeint up all the memory associated with the
*    CMMFPOPODecKeyRespContent structure is successful.  Any other
*    return value indicates an error while freeing the memory.
*/
extern SECStatus
CMMF_DestroyPOPODecKeyRespContent(CMMFPOPODecKeyRespContent *inDecKeyResp);

/*
* FUNCTION: CMMF_ChallengeDecryptWitness
* INPUTS:
*    inChallenge
*        The CMMFChallenge to operate on.
*    inPrivKey
*        The private key to use to decrypt the witness field.
* NOTES:
*    This function uses the private key to decrypt the challenge field
*    contained in the CMMFChallenge.  Make sure the private key matches the
*    public key that was used to encrypt the witness.  The creator of
*    the challenge will most likely be an RA that has the public key
*    from a Cert request.  So the private key should be the private key
*    associated with public key in that request.  This function will also
*    verify the witness field of the challenge.
*
* RETURN:
*    SECSuccess if decrypting the witness field was successful.  This does
*    not indicate that the decrypted data is valid, since the private key
*    passed in may not be the actual key needed to properly decrypt the
*    witness field.  Meaning that there is a decrypted structure now, but
*    may be garbage because the private key was incorrect.
*    Any other return value indicates the function could not complete the
*    decryption process.
*/
extern SECStatus CMMF_ChallengeDecryptWitness(CMMFChallenge *inChallenge,
                                             SECKEYPrivateKey *inPrivKey);

/*
* FUNCTION: CMMF_ChallengeIsDecrypted
* INPUTS:
*    inChallenge
*        The CMMFChallenge to operate on.
* RETURN:
*    This is a predicate function that returns PR_TRUE if the decryption
*    process has already been performed.  The function return PR_FALSE if
*    the decryption process has not been performed yet.
*/
extern PRBool CMMF_ChallengeIsDecrypted(CMMFChallenge *inChallenge);

/*
* FUNCTION: CMMF_DestroyPOPODecKeyChallContent
* INPUTS:
*    inDecKeyCont
*        The CMMFPOPODecKeyChallContent to free
* NOTES:
*    This function frees up all the memory associated with the
*    CMMFPOPODecKeyChallContent
* RETURN:
*    SECSuccess if freeing up all the memory associatd with the
*    CMMFPOPODecKeyChallContent is successful.  Any other return value
*    indicates an error while freeing the memory.
*
*/
extern SECStatus
CMMF_DestroyPOPODecKeyChallContent(CMMFPOPODecKeyChallContent *inDecKeyCont);