tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

crmfi.h (7213B)

      1 /* -*- Mode: C; tab-width: 8 -*-*/
      2 /* This Source Code Form is subject to the terms of the Mozilla Public
      3 * License, v. 2.0. If a copy of the MPL was not distributed with this
      4 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      5 
      6 #ifndef _CRMFI_H_
      7 #define _CRMFI_H_
      8 /* This file will contain all declarations common to both
      9 * encoding and decoding of CRMF Cert Requests.  This header
     10 * file should only be included internally by CRMF implementation
     11 * files.
     12 */
     13 #include "secasn1.h"
     14 #include "crmfit.h"
     15 #include "secerr.h"
     16 #include "blapit.h"
     17 
     18 #define CRMF_DEFAULT_ARENA_SIZE 1024
     19 
     20 /*
     21 * Explanation for the definition of MAX_WRAPPED_KEY_LEN:
     22 *
     23 * It's used for internal buffers to transport a wrapped private key.
     24 * The value is in BYTES.
     25 * We want to define a reasonable upper bound for this value.
     26 * Ideally this could be calculated, but in order to simplify the code
     27 * we want to estimate the maximum requires size.
     28 * See also bug 655850 for the full explanation.
     29 *
     30 * We know the largest wrapped keys are RSA keys.
     31 * We'll estimate the maximum size needed for wrapped RSA keys,
     32 * and assume it's sufficient for wrapped keys of any type we support.
     33 *
     34 * The maximum size of RSA keys in bits is defined elsewhere as
     35 *   RSA_MAX_MODULUS_BITS
     36 *
     37 * The idea is to define MAX_WRAPPED_KEY_LEN based on the above.
     38 *
     39 * A wrapped RSA key requires about
     40 *   ( ( RSA_MAX_MODULUS_BITS / 8 ) * 5.5) + 65
     41 * bytes.
     42 *
     43 * Therefore, a safe upper bound is:
     44 *   ( ( RSA_MAX_MODULUS_BITS / 8 ) *8 ) = RSA_MAX_MODULUS_BITS
     45 *
     46 */
     47 #define MAX_WRAPPED_KEY_LEN RSA_MAX_MODULUS_BITS
     48 
     49 #define CRMF_BITS_TO_BYTES(bits) (((bits) + 7) / 8)
     50 #define CRMF_BYTES_TO_BITS(bytes) ((bytes)*8)
     51 
     52 struct crmfEncoderArg {
     53    SECItem *buffer;
     54    unsigned long allocatedLen;
     55 };
     56 
     57 struct crmfEncoderOutput {
     58    CRMFEncoderOutputCallback fn;
     59    void *outputArg;
     60 };
     61 
     62 /*
     63 * This function is used by the API for encoding functions that are
     64 * exposed through the API, ie all of the CMMF_Encode* and CRMF_Encode*
     65 * functions.
     66 */
     67 extern void
     68 crmf_encoder_out(void *arg, const char *buf, unsigned long len,
     69                 int depth, SEC_ASN1EncodingPart data_kind);
     70 
     71 /*
     72 * This function is used when we want to encode something locally within
     73 * the library, ie the CertRequest so that we can produce its signature.
     74 */
     75 extern SECStatus
     76 crmf_init_encoder_callback_arg(struct crmfEncoderArg *encoderArg,
     77                               SECItem *derDest);
     78 
     79 /*
     80 * This is the callback function we feed to the ASN1 encoder when doing
     81 * internal DER-encodings.  ie, encoding the cert request so we can
     82 * produce a signature.
     83 */
     84 extern void
     85 crmf_generic_encoder_callback(void *arg, const char *buf, unsigned long len,
     86                              int depth, SEC_ASN1EncodingPart data_kind);
     87 
     88 /* The ASN1 templates that need to be seen by internal files
     89 * in order to implement CRMF.
     90 */
     91 extern const SEC_ASN1Template CRMFCertReqMsgTemplate[];
     92 extern const SEC_ASN1Template CRMFRAVerifiedTemplate[];
     93 extern const SEC_ASN1Template CRMFPOPOSigningKeyTemplate[];
     94 extern const SEC_ASN1Template CRMFPOPOKeyEnciphermentTemplate[];
     95 extern const SEC_ASN1Template CRMFPOPOKeyAgreementTemplate[];
     96 extern const SEC_ASN1Template CRMFThisMessageTemplate[];
     97 extern const SEC_ASN1Template CRMFSubsequentMessageTemplate[];
     98 extern const SEC_ASN1Template CRMFDHMACTemplate[];
     99 extern const SEC_ASN1Template CRMFEncryptedKeyWithEncryptedValueTemplate[];
    100 extern const SEC_ASN1Template CRMFEncryptedValueTemplate[];
    101 
    102 /*
    103 * Use these two values for encoding Boolean values.
    104 */
    105 extern const unsigned char hexTrue;
    106 extern const unsigned char hexFalse;
    107 /*
    108 * Prototypes for helper routines used internally by multiple files.
    109 */
    110 extern SECStatus crmf_encode_integer(PLArenaPool *poolp, SECItem *dest,
    111                                     long value);
    112 extern SECStatus crmf_make_bitstring_copy(PLArenaPool *arena, SECItem *dest,
    113                                          SECItem *src);
    114 
    115 extern SECStatus crmf_copy_pkiarchiveoptions(PLArenaPool *poolp,
    116                                             CRMFPKIArchiveOptions *destOpt,
    117                                             CRMFPKIArchiveOptions *srcOpt);
    118 extern SECStatus
    119 crmf_destroy_pkiarchiveoptions(CRMFPKIArchiveOptions *inArchOptions,
    120                               PRBool freeit);
    121 extern const SEC_ASN1Template *
    122 crmf_get_pkiarchiveoptions_subtemplate(CRMFControl *inControl);
    123 
    124 extern SECStatus crmf_copy_encryptedkey(PLArenaPool *poolp,
    125                                        CRMFEncryptedKey *srcEncrKey,
    126                                        CRMFEncryptedKey *destEncrKey);
    127 extern SECStatus
    128 crmf_copy_encryptedvalue(PLArenaPool *poolp,
    129                         CRMFEncryptedValue *srcValue,
    130                         CRMFEncryptedValue *destValue);
    131 
    132 extern SECStatus
    133 crmf_copy_encryptedvalue_secalg(PLArenaPool *poolp,
    134                                SECAlgorithmID *srcAlgId,
    135                                SECAlgorithmID **destAlgId);
    136 
    137 extern SECStatus crmf_template_copy_secalg(PLArenaPool *poolp,
    138                                           SECAlgorithmID **dest,
    139                                           SECAlgorithmID *src);
    140 
    141 extern SECStatus crmf_copy_cert_name(PLArenaPool *poolp, CERTName **dest,
    142                                     CERTName *src);
    143 
    144 extern SECStatus crmf_template_add_public_key(PLArenaPool *poolp,
    145                                              CERTSubjectPublicKeyInfo **dest,
    146                                              CERTSubjectPublicKeyInfo *pubKey);
    147 
    148 extern CRMFCertExtension *crmf_create_cert_extension(PLArenaPool *poolp,
    149                                                     SECOidTag tag,
    150                                                     PRBool isCritical,
    151                                                     SECItem *data);
    152 extern CRMFCertRequest *
    153 crmf_copy_cert_request(PLArenaPool *poolp, CRMFCertRequest *srcReq);
    154 
    155 extern SECStatus crmf_destroy_encrypted_value(CRMFEncryptedValue *inEncrValue,
    156                                              PRBool freeit);
    157 
    158 extern CRMFEncryptedValue *
    159 crmf_create_encrypted_value_wrapped_privkey(SECKEYPrivateKey *inPrivKey,
    160                                            SECKEYPublicKey *inPubKey,
    161                                            CRMFEncryptedValue *destValue);
    162 
    163 extern CK_MECHANISM_TYPE
    164 crmf_get_mechanism_from_public_key(SECKEYPublicKey *inPubKey);
    165 
    166 extern SECStatus
    167 crmf_encrypted_value_unwrap_priv_key(PLArenaPool *poolp,
    168                                     CRMFEncryptedValue *encValue,
    169                                     SECKEYPrivateKey *privKey,
    170                                     SECKEYPublicKey *newPubKey,
    171                                     SECItem *nickname,
    172                                     PK11SlotInfo *slot,
    173                                     unsigned char keyUsage,
    174                                     SECKEYPrivateKey **unWrappedKey,
    175                                     void *wincx);
    176 
    177 extern SECItem *
    178 crmf_get_public_value(SECKEYPublicKey *pubKey, SECItem *dest);
    179 
    180 extern CRMFCertExtension *
    181 crmf_copy_cert_extension(PLArenaPool *poolp, CRMFCertExtension *inExtension);
    182 
    183 extern SECStatus
    184 crmf_create_prtime(SECItem *src, PRTime **dest);
    185 #endif /*_CRMFI_H_*/