tor-browser

secoid.h (6109B)

---

/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#ifndef _SECOID_H_
#define _SECOID_H_

#include "utilrename.h"

/*
* secoid.h - public data structures and prototypes for ASN.1 OID functions
*/

#include "plarena.h"

#include "seccomon.h"
#include "secoidt.h"
#include "secasn1t.h"

SEC_BEGIN_PROTOS

extern const SEC_ASN1Template SECOID_AlgorithmIDTemplate[];

/* This functions simply returns the address of the above-declared template. */
SEC_ASN1_CHOOSER_DECLARE(SECOID_AlgorithmIDTemplate)

/*
* OID handling routines
*/
extern SECOidData *SECOID_FindOID(const SECItem *oid);
extern SECOidTag SECOID_FindOIDTag(const SECItem *oid);
extern SECOidData *SECOID_FindOIDByTag(SECOidTag tagnum);
extern SECOidData *SECOID_FindOIDByMechanism(unsigned long mechanism);
extern SECOidTag SECOID_FindOIDTagFromDescripton(const char *string,
                                                size_t len,
                                                PRBool isCipher);

/****************************************/
/*
** Algorithm id handling operations
*/

/*
** Fill in an algorithm-ID object given a tag and some parameters.
**      "aid" where the DER encoded algorithm info is stored (memory
**         is allocated)
**      "tag" the tag number defining the algorithm
**      "params" if not NULL, the parameters to go with the algorithm
*/
extern SECStatus SECOID_SetAlgorithmID(PLArenaPool *arena, SECAlgorithmID *aid,
                                      SECOidTag tag, SECItem *params);

/*
** Copy the "src" object to "dest". Memory is allocated in "dest" for
** each of the appropriate sub-objects. Memory in "dest" is not freed
** before memory is allocated (use SECOID_DestroyAlgorithmID(dest, PR_FALSE)
** to do that).
*/
extern SECStatus SECOID_CopyAlgorithmID(PLArenaPool *arena, SECAlgorithmID *dest,
                                       const SECAlgorithmID *src);

/*
** Get the tag number for the given algorithm-id object.
*/
extern SECOidTag SECOID_GetAlgorithmTag(const SECAlgorithmID *aid);

/*
** Get the number of valid tags in the current system. This includes dynamic
** tags. This value can grow but never shrink. This is more reliable than using
** SEC_OID_TOTAL because 1) it includes dynamic tags, and 2) it includes any
** new tags the nss library has added since the last time the application
** was compilied.
*/
extern SECOidTag SECOID_GetTotalTags(void);

/*
** Destroy an algorithm-id object.
**      "aid" the certificate-request to destroy
**      "freeit" if PR_TRUE then free the object as well as its sub-objects
*/
extern void SECOID_DestroyAlgorithmID(SECAlgorithmID *aid, PRBool freeit);

/*
** Compare two algorithm-id objects, returning the difference between
** them.
*/
extern SECComparison SECOID_CompareAlgorithmID(SECAlgorithmID *a,
                                              SECAlgorithmID *b);

extern PRBool SECOID_KnownCertExtenOID(SECItem *extenOid);

/* Given a tag number, return a string describing it.
*/
extern const char *SECOID_FindOIDTagDescription(SECOidTag tagnum);

/* Add a dynamic SECOidData to the dynamic OID table.
** Routine copies the src entry, and returns the new SECOidTag.
** Returns SEC_OID_INVALID if failed to add for some reason.
*/
extern SECOidTag SECOID_AddEntry(const SECOidData *src);

/*
* initialize the oid data structures.
*/
extern SECStatus SECOID_Init(void);

/*
* free up the oid data structures.
*/
extern SECStatus SECOID_Shutdown(void);

/* if to->data is not NULL, and to->len is large enough to hold the result,
* then the resultant OID will be copyed into to->data, and to->len will be
* changed to show the actual OID length.
* Otherwise, memory for the OID will be allocated (from the caller's
* PLArenaPool, if pool is non-NULL) and to->data will receive the address
* of the allocated data, and to->len will receive the OID length.
* The original value of to->data is not freed when a new buffer is allocated.
*
* The input string may begin with "OID." and this still be ignored.
* The length of the input string is given in len.  If len == 0, then
* len will be computed as strlen(from), meaning it must be NUL terminated.
* It is an error if from == NULL, or if *from == '\0'.
*/
extern SECStatus SEC_StringToOID(PLArenaPool *pool, SECItem *to,
                                const char *from, PRUint32 len);

extern void UTIL_SetForkState(PRBool forked);

/*
* Accessor functions for new opaque extended SECOID table.
* Any of these functions may return SECSuccess or SECFailure with the error
* code set to SEC_ERROR_UNKNOWN_OBJECT_TYPE if the SECOidTag is out of range.
*/

/* The Get function outputs the 32-bit value associated with the SECOidTag.
* Flags bits are the NSS_USE_ALG_ #defines in "secoidt.h".
* Default value for any algorithm is 0xffffffff (enabled for all purposes).
* No value is output if function returns SECFailure.
*/
extern SECStatus NSS_GetAlgorithmPolicy(SECOidTag tag, PRUint32 *pValue);

/* The Set function modifies the stored value according to the following
* algorithm:
*   policy[tag] = (policy[tag] & ~clearBits) | setBits;
*/
extern SECStatus
NSS_SetAlgorithmPolicy(SECOidTag tag, PRUint32 setBits, PRUint32 clearBits);

/* Set all the tags to a particular policy (like to clear all S/MIME bits */
extern SECStatus
NSS_SetAlgorithmPolicyAll(PRUint32 setBits, PRUint32 clearBits);

/* Get all the tags with a particular policy. The policy must match the exact
* value after applying the mask. Caller is responsible for
* freeing the tag array with PORT_Free() */
extern SECStatus
NSS_GetAlgorithmPolicyAll(PRUint32 maskBits, PRUint32 valueBits,
                         SECOidTag **outTags, int *outTagCount);

/* Lock the policy so NSS_SetAlgorithmPolicy (and other policy functions)
* No longer function */
void
NSS_LockPolicy(void);

/* return true if policy changes are now locked out */
PRBool
NSS_IsPolicyLocked(void);

SEC_END_PROTOS

#endif /* _SECOID_H_ */