зеркало из https://github.com/mozilla/pjs.git
1123 строки
44 KiB
C
1123 строки
44 KiB
C
/* -*- Mode: C; tab-width: 8 -*-*/
|
|
/* ***** BEGIN LICENSE BLOCK *****
|
|
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
|
*
|
|
* The contents of this file are subject to the Mozilla Public License Version
|
|
* 1.1 (the "License"); you may not use this file except in compliance with
|
|
* the License. You may obtain a copy of the License at
|
|
* http://www.mozilla.org/MPL/
|
|
*
|
|
* Software distributed under the License is distributed on an "AS IS" basis,
|
|
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
|
* for the specific language governing rights and limitations under the
|
|
* License.
|
|
*
|
|
* The Original Code is the Netscape security libraries.
|
|
*
|
|
* The Initial Developer of the Original Code is
|
|
* Netscape Communications Corporation.
|
|
* Portions created by the Initial Developer are Copyright (C) 1994-2000
|
|
* the Initial Developer. All Rights Reserved.
|
|
*
|
|
* Contributor(s):
|
|
*
|
|
* Alternatively, the contents of this file may be used under the terms of
|
|
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
|
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
|
* in which case the provisions of the GPL or the LGPL are applicable instead
|
|
* of those above. If you wish to allow use of your version of this file only
|
|
* under the terms of either the GPL or the LGPL, and not to allow others to
|
|
* use your version of this file under the terms of the MPL, indicate your
|
|
* decision by deleting the provisions above and replace them with the notice
|
|
* and other provisions required by the GPL or the LGPL. If you do not delete
|
|
* the provisions above, a recipient may use your version of this file under
|
|
* the terms of any one of the MPL, the GPL or the LGPL.
|
|
*
|
|
* ***** END LICENSE BLOCK ***** */
|
|
|
|
#ifndef _CMMF_H_
|
|
#define _CMMF_H_
|
|
/*
|
|
* These are the functions exported by the security library for
|
|
* implementing Certificate Management Message Formats (CMMF).
|
|
*
|
|
* This API is designed against July 1998 CMMF draft. Please read this
|
|
* draft before trying to use this API in an application that use CMMF.
|
|
*/
|
|
#include "seccomon.h"
|
|
#include "cmmft.h"
|
|
#include "crmf.h"
|
|
|
|
SEC_BEGIN_PROTOS
|
|
|
|
/******************* Creation Functions *************************/
|
|
|
|
/*
|
|
* FUNCTION: CMMF_CreateCertRepContent
|
|
* INPUTS:
|
|
* NONE
|
|
* NOTES:
|
|
* This function will create an empty CMMFCertRepContent Structure.
|
|
* The client of the library must set the CMMFCertResponses.
|
|
* Call CMMF_CertRepContentSetCertResponse to accomplish this task.
|
|
* If the client of the library also wants to include the chain of
|
|
* CA certs required to make the certificates in CMMFCertResponse valid,
|
|
* then the user must also set the caPubs field of CMMFCertRepContent.
|
|
* Call CMMF_CertRepContentSetCAPubs to accomplish this. After setting
|
|
* the desired fields, the user can then call CMMF_EncodeCertRepContent
|
|
* to DER-encode the CertRepContent.
|
|
* RETURN:
|
|
* A pointer to the CMMFCertRepContent. A NULL return value indicates
|
|
* an error in allocating memory or failure to initialize the structure.
|
|
*/
|
|
extern CMMFCertRepContent* CMMF_CreateCertRepContent(void);
|
|
|
|
/*
|
|
* FUNCTION: CMMF_CreateCertRepContentFromDER
|
|
* INPUTS
|
|
* db
|
|
* The certificate database where the certificates will be placed.
|
|
* The certificates will be placed in the temporary database associated
|
|
* with the handle.
|
|
* buf
|
|
* A buffer to the DER-encoded CMMFCertRepContent
|
|
* len
|
|
* The length in bytes of the buffer 'buf'
|
|
* NOTES:
|
|
* This function passes the buffer to the ASN1 decoder and creates a
|
|
* CMMFCertRepContent structure. The user must call
|
|
* CMMF_DestroyCertRepContent after the return value is no longer needed.
|
|
*
|
|
* RETURN:
|
|
* A pointer to the CMMFCertRepContent structure. A NULL return
|
|
* value indicates the library was unable to parse the DER.
|
|
*/
|
|
extern CMMFCertRepContent*
|
|
CMMF_CreateCertRepContentFromDER(CERTCertDBHandle *db,
|
|
const char *buf,
|
|
long len);
|
|
|
|
/*
|
|
* FUNCTION: CMMF_CreateCertResponse
|
|
* INPUTS:
|
|
* inCertReqId
|
|
* The Certificate Request Id this response is for.
|
|
* NOTES:
|
|
* This creates a CMMFCertResponse. This response should correspond
|
|
* to a request that was received via CRMF. From the CRMF message you
|
|
* can get the Request Id to pass in as inCertReqId, in essence binding
|
|
* a CMRFCertRequest message to the CMMFCertResponse created by this
|
|
* function. If no requuest id is associated with the response to create
|
|
* then the user should pass in -1 for 'inCertReqId'.
|
|
*
|
|
* RETURN:
|
|
* A pointer to the new CMMFCertResponse corresponding to the request id
|
|
* passed in. A NULL return value indicates an error while trying to
|
|
* create the CMMFCertResponse.
|
|
*/
|
|
extern CMMFCertResponse* CMMF_CreateCertResponse(long inCertReqId);
|
|
|
|
/*
|
|
* FUNCTION: CMMF_CreateKeyRecRepContent
|
|
* INPUTS:
|
|
* NONE
|
|
* NOTES:
|
|
* This function creates a new empty CMMFKeyRecRepContent structure.
|
|
* At the very minimum, the user must call
|
|
* CMMF_KeyRecRepContentSetPKIStatusInfoStatus field to have an
|
|
* encodable structure. Depending on what the response is, the user may
|
|
* have to set other fields as well to properly build up the structure so
|
|
* that it can be encoded. Refer to the CMMF draft for how to properly
|
|
* set up a CMMFKeyRecRepContent. This is the structure that an RA returns
|
|
* to an end entity when doing key recovery.
|
|
|
|
* The user must call CMMF_DestroyKeyRecRepContent when the return value
|
|
* is no longer needed.
|
|
* RETURN:
|
|
* A pointer to the empty CMMFKeyRecRepContent. A return value of NULL
|
|
* indicates an error in allocating memory or initializing the structure.
|
|
*/
|
|
extern CMMFKeyRecRepContent *CMMF_CreateKeyRecRepContent(void);
|
|
|
|
/*
|
|
* FUNCTION: CMMF_CreateKeyRecRepContentFromDER
|
|
* INPUTS:
|
|
* db
|
|
* The handle for the certificate database where the decoded
|
|
* certificates will be placed. The decoded certificates will
|
|
* be placed in the temporary database associated with the
|
|
* handle.
|
|
* buf
|
|
* A buffer contatining the DER-encoded CMMFKeyRecRepContent
|
|
* len
|
|
* The length in bytes of the buffer 'buf'
|
|
* NOTES
|
|
* This function passes the buffer to the ASN1 decoder and creates a
|
|
* CMMFKeyRecRepContent structure.
|
|
*
|
|
* RETURN:
|
|
* A pointer to the CMMFKeyRecRepContent structure. A NULL return
|
|
* value indicates the library was unable to parse the DER.
|
|
*/
|
|
extern CMMFKeyRecRepContent*
|
|
CMMF_CreateKeyRecRepContentFromDER(CERTCertDBHandle *db,
|
|
const char *buf,
|
|
long len);
|
|
|
|
/*
|
|
* FUNCTION: CMMF_CreatePOPODecKeyChallContent
|
|
* INPUTS:
|
|
* NONE
|
|
* NOTES:
|
|
* This function creates an empty CMMFPOPODecKeyChallContent. The user
|
|
* must add the challenges individually specifying the random number to
|
|
* be used and the public key to be used when creating each individual
|
|
* challenge. User can accomplish this by calling the function
|
|
* CMMF_POPODecKeyChallContentSetNextChallenge.
|
|
* RETURN:
|
|
* A pointer to a CMMFPOPODecKeyChallContent structure. Ther user can
|
|
* then call CMMF_EncodePOPODecKeyChallContent passing in the return
|
|
* value from this function after setting all of the challenges. A
|
|
* return value of NULL indicates an error while creating the
|
|
* CMMFPOPODecKeyChallContent structure.
|
|
*/
|
|
extern CMMFPOPODecKeyChallContent*
|
|
CMMF_CreatePOPODecKeyChallContent(void);
|
|
|
|
/*
|
|
* FUNCTION: CMMF_CreatePOPODecKeyChallContentFromDER
|
|
* INPUTS
|
|
* buf
|
|
* A buffer containing the DER-encoded CMMFPOPODecKeyChallContent
|
|
* len
|
|
* The length in bytes of the buffer 'buf'
|
|
* NOTES:
|
|
* This function passes the buffer to the ASN1 decoder and creates a
|
|
* CMMFPOPODecKeyChallContent structure.
|
|
*
|
|
* RETURN:
|
|
* A pointer to the CMMFPOPODecKeyChallContent structure. A NULL return
|
|
* value indicates the library was unable to parse the DER.
|
|
*/
|
|
extern CMMFPOPODecKeyChallContent*
|
|
CMMF_CreatePOPODecKeyChallContentFromDER(const char *buf, long len);
|
|
|
|
/*
|
|
* FUNCTION: CMMF_CreatePOPODecKeyRespContentFromDER
|
|
* INPUTS:
|
|
* buf
|
|
* A buffer contatining the DER-encoded CMMFPOPODecKeyRespContent
|
|
* len
|
|
* The length in bytes of the buffer 'buf'
|
|
* NOTES
|
|
* This function passes the buffer to the ASN1 decoder and creates a
|
|
* CMMFPOPODecKeyRespContent structure.
|
|
*
|
|
* RETURN:
|
|
* A pointer to the CMMFPOPODecKeyRespContent structure. A NULL return
|
|
* value indicates the library was unable to parse the DER.
|
|
*/
|
|
extern CMMFPOPODecKeyRespContent*
|
|
CMMF_CreatePOPODecKeyRespContentFromDER(const char *buf, long len);
|
|
|
|
/************************** Set Functions *************************/
|
|
|
|
/*
|
|
* FUNCTION: CMMF_CertRepContentSetCertResponses
|
|
* INPUTS:
|
|
* inCertRepContent
|
|
* The CMMFCertRepContent to operate on.
|
|
* inCertResponses
|
|
* An array of pointers to CMMFCertResponse structures to
|
|
* add to the CMMFCertRepContent structure.
|
|
* inNumResponses
|
|
* The length of the array 'inCertResponses'
|
|
* NOTES:
|
|
* This function will add the CMMFCertResponse structure to the
|
|
* CMMFCertRepContent passed in. The CMMFCertResponse field of
|
|
* CMMFCertRepContent is required, so the client must call this function
|
|
* before calling CMMF_EncodeCertRepContent. If the user calls
|
|
* CMMF_EncodeCertRepContent before calling this function,
|
|
* CMMF_EncodeCertRepContent will fail.
|
|
*
|
|
* RETURN:
|
|
* SECSuccess if adding the CMMFCertResponses to the CMMFCertRepContent
|
|
* structure was successful. Any other return value indicates an error
|
|
* while trying to add the CMMFCertResponses.
|
|
*/
|
|
extern SECStatus
|
|
CMMF_CertRepContentSetCertResponses(CMMFCertRepContent *inCertRepContent,
|
|
CMMFCertResponse **inCertResponses,
|
|
int inNumResponses);
|
|
|
|
/*
|
|
* FUNCTION: CMMF_CertRepContentSetCAPubs
|
|
* INPUTS:
|
|
* inCertRepContent
|
|
* The CMMFCertRepContent to operate on.
|
|
* inCAPubs
|
|
* The certificate list which makes up the chain of CA certificates
|
|
* required to make the issued cert valid.
|
|
* NOTES:
|
|
* This function will set the the certificates in the CA chain as part
|
|
* of the CMMFCertRepContent. This field is an optional member of the
|
|
* CMMFCertRepContent structure, so the client is not required to call
|
|
* this function before calling CMMF_EncodeCertRepContent.
|
|
*
|
|
* RETURN:
|
|
* SECSuccess if adding the 'inCAPubs' to the CERTRepContent was successful.
|
|
* Any other return value indicates an error while adding 'inCAPubs' to the
|
|
* CMMFCertRepContent structure.
|
|
*
|
|
*/
|
|
extern SECStatus
|
|
CMMF_CertRepContentSetCAPubs (CMMFCertRepContent *inCertRepContent,
|
|
CERTCertList *inCAPubs);
|
|
|
|
/*
|
|
* FUNCTION: CMMF_CertResponseSetPKIStatusInfoStatus
|
|
* INPUTS:
|
|
* inCertResp
|
|
* The CMMFCertResponse to operate on.
|
|
* inPKIStatus
|
|
* The value to set for the PKIStatusInfo.status field.
|
|
* NOTES:
|
|
* This function will set the CertResponse.status.status field of
|
|
* the CMMFCertResponse structure. (View the definition of CertResponse
|
|
* in the CMMF draft to see exactly which value this talks about.) This
|
|
* field is a required member of the structure, so the user must call this
|
|
* function in order to have a CMMFCertResponse that can be encoded.
|
|
*
|
|
* RETURN:
|
|
* SECSuccess if setting the field with the passed in value was successful.
|
|
* Any other return value indicates an error while trying to set the field.
|
|
*/
|
|
extern SECStatus
|
|
CMMF_CertResponseSetPKIStatusInfoStatus (CMMFCertResponse *inCertResp,
|
|
CMMFPKIStatus inPKIStatus);
|
|
|
|
/*
|
|
* FUNCTION: CMMF_CertResponseSetCertificate
|
|
* INPUTS:
|
|
* inCertResp
|
|
* The CMMFCertResponse to operate on.
|
|
* inCertificate
|
|
* The certificate to add to the
|
|
* CertResponse.CertifiedKeyPair.certOrEncCert.certificate field.
|
|
* NOTES:
|
|
* This function will take the certificate and make it a member of the
|
|
* CMMFCertResponse. The certificate should be the actual certificate
|
|
* being issued via the response.
|
|
*
|
|
* RETURN:
|
|
* SECSuccess if adding the certificate to the response was successful.
|
|
* Any other return value indicates an error in adding the certificate to
|
|
* the CertResponse.
|
|
*/
|
|
extern SECStatus
|
|
CMMF_CertResponseSetCertificate (CMMFCertResponse *inCertResp,
|
|
CERTCertificate *inCertificate);
|
|
|
|
/*
|
|
* FUNCTION: CMMF_KeyRecRepContentSetPKIStatusInfoStatus
|
|
* INPUTS:
|
|
* inKeyRecRep
|
|
* The CMMFKeyRecRepContent to operate on.
|
|
* inPKIStatus
|
|
* The value to set the PKIStatusInfo.status field to.
|
|
* NOTES:
|
|
* This function sets the only required field for the KeyRecRepContent.
|
|
* In most cases, the user will set this field and other fields of the
|
|
* structure to properly create the CMMFKeyRecRepContent structure.
|
|
* Refer to the CMMF draft to see which fields need to be set in order
|
|
* to create the desired CMMFKeyRecRepContent.
|
|
*
|
|
* RETURN:
|
|
* SECSuccess if setting the PKIStatusInfo.status field was successful.
|
|
* Any other return value indicates an error in setting the field.
|
|
*/
|
|
extern SECStatus
|
|
CMMF_KeyRecRepContentSetPKIStatusInfoStatus(CMMFKeyRecRepContent *inKeyRecRep,
|
|
CMMFPKIStatus inPKIStatus);
|
|
|
|
/*
|
|
* FUNCTION: CMMF_KeyRecRepContentSetNewSignCert
|
|
* INPUTS:
|
|
* inKeyRecRep
|
|
* The CMMFKeyRecRepContent to operate on.
|
|
* inNewSignCert
|
|
* The new signing cert to add to the CMMFKeyRecRepContent structure.
|
|
* NOTES:
|
|
* This function sets the new signeing cert in the CMMFKeyRecRepContent
|
|
* structure.
|
|
*
|
|
* RETURN:
|
|
* SECSuccess if setting the new signing cert was successful. Any other
|
|
* return value indicates an error occurred while trying to add the
|
|
* new signing certificate.
|
|
*/
|
|
extern SECStatus
|
|
CMMF_KeyRecRepContentSetNewSignCert(CMMFKeyRecRepContent *inKeyRecRep,
|
|
CERTCertificate *inNewSignCert);
|
|
|
|
/*
|
|
* FUNCTION: CMMF_KeyRecRepContentSetCACerts
|
|
* INPUTS:
|
|
* inKeyRecRep
|
|
* The CMMFKeyRecRepContent to operate on.
|
|
* inCACerts
|
|
* The list of CA certificates required to construct a valid
|
|
* certificate chain with the certificates that will be returned
|
|
* to the end user via this KeyRecRepContent.
|
|
* NOTES:
|
|
* This function sets the caCerts that are required to form a chain with the
|
|
* end entity certificates that are being re-issued in this
|
|
* CMMFKeyRecRepContent structure.
|
|
*
|
|
* RETURN:
|
|
* SECSuccess if adding the caCerts was successful. Any other return value
|
|
* indicates an error while tring to add the caCerts.
|
|
*/
|
|
extern SECStatus
|
|
CMMF_KeyRecRepContentSetCACerts(CMMFKeyRecRepContent *inKeyRecRep,
|
|
CERTCertList *inCACerts);
|
|
|
|
/*
|
|
* FUNCTION: CMMF_KeyRecRepContentSetCertifiedKeyPair
|
|
* INPUTS:
|
|
* inKeyRecRep
|
|
* The CMMFKeyRecRepContent to operate on.
|
|
* inCert
|
|
* The certificate to add to the CMMFKeyRecRepContent structure.
|
|
* inPrivKey
|
|
* The private key associated with the certificate above passed in.
|
|
* inPubKey
|
|
* The public key to use for wrapping the private key.
|
|
* NOTES:
|
|
* This function adds another certificate-key pair to the
|
|
* CMMFKeyRecRepcontent structure. There may be more than one
|
|
* certificate-key pair in the structure, so the user must call this
|
|
* function multiple times to add more than one cert-key pair.
|
|
*
|
|
* RETURN:
|
|
* SECSuccess if adding the certified key pair was successful. Any other
|
|
* return value indicates an error in adding certified key pair to
|
|
* CMMFKeyRecRepContent structure.
|
|
*/
|
|
extern SECStatus
|
|
CMMF_KeyRecRepContentSetCertifiedKeyPair(CMMFKeyRecRepContent *inKeyRecRep,
|
|
CERTCertificate *inCert,
|
|
SECKEYPrivateKey *inPrivKey,
|
|
SECKEYPublicKey *inPubKey);
|
|
|
|
/*
|
|
* FUNCTION: CMMF_POPODecKeyChallContentSetNextChallenge
|
|
* INPUTS:
|
|
* inDecKeyChall
|
|
* The CMMFPOPODecKeyChallContent to operate on.
|
|
* inRandom
|
|
* The random number to use when generating the challenge,
|
|
* inSender
|
|
* The GeneralName representation of the sender of the challenge.
|
|
* inPubKey
|
|
* The public key to use when encrypting the challenge.
|
|
* passwdArg
|
|
* This value will be passed to the function used for getting a
|
|
* password. The password for getting a password should be registered
|
|
* by calling PK11_SetPasswordFunc before this function is called.
|
|
* If no password callback is registered and the library needs to
|
|
* authenticate to the slot for any reason, this function will fail.
|
|
* NOTES:
|
|
* This function adds a challenge to the end of the list of challenges
|
|
* contained by 'inDecKeyChall'. Refer to the CMMF draft on how the
|
|
* the random number passed in and the sender's GeneralName are used
|
|
* to generate the challenge and witness fields of the challenge. This
|
|
* library will use SHA1 as the one-way function for generating the
|
|
* witess field of the challenge.
|
|
*
|
|
* RETURN:
|
|
* SECSuccess if generating the challenge and adding to the end of list
|
|
* of challenges was successful. Any other return value indicates an error
|
|
* while trying to generate the challenge.
|
|
*/
|
|
extern SECStatus
|
|
CMMF_POPODecKeyChallContentSetNextChallenge
|
|
(CMMFPOPODecKeyChallContent *inDecKeyChall,
|
|
long inRandom,
|
|
CERTGeneralName *inSender,
|
|
SECKEYPublicKey *inPubKey,
|
|
void *passwdArg);
|
|
|
|
|
|
/************************** Encoding Functions *************************/
|
|
|
|
/*
|
|
* FUNCTION: CMMF_EncodeCertRepContent
|
|
* INPUTS:
|
|
* inCertRepContent
|
|
* The CMMFCertRepContent to DER-encode.
|
|
* inCallback
|
|
* A callback function that the ASN1 encoder will call whenever it
|
|
* wants to write out DER-encoded bytes. Look at the defintion of
|
|
* CRMFEncoderOutputCallback in crmft.h for a description of the
|
|
* parameters to the function.
|
|
* inArg
|
|
* An opaque pointer to a user-supplied argument that will be passed
|
|
* to the callback funtion whenever the function is called.
|
|
* NOTES:
|
|
* The CMMF library will use the same DER-encoding scheme as the CRMF
|
|
* library. In other words, when reading CRMF comments that pertain to
|
|
* encoding, those comments apply to the CMMF libray as well.
|
|
* The callback function will be called multiple times, each time supplying
|
|
* the next chunk of DER-encoded bytes. The user must concatenate the
|
|
* output of each successive call to the callback in order to get the
|
|
* entire DER-encoded CMMFCertRepContent structure.
|
|
*
|
|
* RETURN:
|
|
* SECSuccess if encoding the CMMFCertRepContent was successful. Any
|
|
* other return value indicates an error while decoding the structure.
|
|
*/
|
|
extern SECStatus
|
|
CMMF_EncodeCertRepContent (CMMFCertRepContent *inCertRepContent,
|
|
CRMFEncoderOutputCallback inCallback,
|
|
void *inArg);
|
|
|
|
/*
|
|
* FUNCTION: CMMF_EncodeKeyRecRepContent
|
|
* INPUTS:
|
|
* inKeyRecRep
|
|
* The CMMFKeyRepContent to DER-encode.
|
|
* inCallback
|
|
* A callback function that the ASN1 encoder will call whenever it
|
|
* wants to write out DER-encoded bytes. Look at the defintion of
|
|
* CRMFEncoderOutputCallback in crmft.h for a description of the
|
|
* parameters to the function.
|
|
* inArg
|
|
* An opaque pointer to a user-supplied argument that will be passed
|
|
* to the callback funtion whenever the function is called.
|
|
* NOTES:
|
|
* The CMMF library will use the same DER-encoding scheme as the CRMF
|
|
* library. In other words, when reading CRMF comments that pertain to
|
|
* encoding, those comments apply to the CMMF libray as well.
|
|
* The callback function will be called multiple times, each time supplying
|
|
* the next chunk of DER-encoded bytes. The user must concatenate the
|
|
* output of each successive call to the callback in order to get the
|
|
* entire DER-encoded CMMFCertRepContent structure.
|
|
*
|
|
* RETURN:
|
|
* SECSuccess if encoding the CMMFKeyRecRepContent was successful. Any
|
|
* other return value indicates an error while decoding the structure.
|
|
*/
|
|
extern SECStatus
|
|
CMMF_EncodeKeyRecRepContent(CMMFKeyRecRepContent *inKeyRecRep,
|
|
CRMFEncoderOutputCallback inCallback,
|
|
void *inArg);
|
|
|
|
/*
|
|
* FUNCTION: CMMF_EncodePOPODecKeyChallContent
|
|
* INPUTS:
|
|
* inDecKeyChall
|
|
* The CMMFDecKeyChallContent to operate on.
|
|
* inCallback
|
|
* A callback function that the ASN1 encoder will call whenever it
|
|
* wants to write out DER-encoded bytes. Look at the defintion of
|
|
* CRMFEncoderOutputCallback in crmft.h for a description of the
|
|
* parameters to the function.
|
|
* inArg
|
|
* An opaque pointer to a user-supplied argument that will be passed
|
|
* to the callback function whenever the function is called.
|
|
* NOTES:
|
|
* The CMMF library will use the same DER-encoding scheme as the CRMF
|
|
* library. In other words, when reading CRMF comments that pertain to
|
|
* encoding, those comments apply to the CMMF libray as well.
|
|
* The callback function will be called multiple times, each time supplying
|
|
* the next chunk of DER-encoded bytes. The user must concatenate the
|
|
* output of each successive call to the callback in order to get the
|
|
* entire DER-encoded CMMFCertRepContent structure.
|
|
* The DER will be an encoding of the type POPODecKeyChallContents, which
|
|
* is just a sequence of challenges.
|
|
*
|
|
* RETURN:
|
|
* SECSuccess if encoding was successful. Any other return value indicates
|
|
* an error in trying to encode the Challenges.
|
|
*/
|
|
extern SECStatus
|
|
CMMF_EncodePOPODecKeyChallContent(CMMFPOPODecKeyChallContent *inDecKeyChall,
|
|
CRMFEncoderOutputCallback inCallback,
|
|
void *inArg);
|
|
|
|
/*
|
|
* FUNCTION: CMMF_EncodePOPODecKeyRespContent
|
|
* INPUTS:
|
|
* inDecodedRand
|
|
* An array of integers to encode as the responses to
|
|
* CMMFPOPODecKeyChallContent. The integers must be in the same order
|
|
* as the challenges extracted from CMMFPOPODecKeyChallContent.
|
|
* inNumRand
|
|
* The number of random integers contained in the array 'inDecodedRand'
|
|
* inCallback
|
|
* A callback function that the ASN1 encoder will call whenever it
|
|
* wants to write out DER-encoded bytes. Look at the defintion of
|
|
* CRMFEncoderOutputCallback in crmft.h for a description of the
|
|
* parameters to the function.
|
|
* inArg
|
|
* An opaque pointer to a user-supplied argument that will be passed
|
|
* to the callback funtion whenever the function is called.
|
|
* NOTES:
|
|
* The CMMF library will use the same DER-encoding scheme as the CRMF
|
|
* library. In other words, when reading CRMF comments that pertain to
|
|
* encoding, those comments apply to the CMMF libray as well.
|
|
* The callback function will be called multiple times, each time supplying
|
|
* the next chunk of DER-encoded bytes. The user must concatenate the
|
|
* output of each successive call to the callback in order to get the
|
|
* entire DER-encoded POPODecKeyRespContent.
|
|
*
|
|
* RETURN:
|
|
* SECSuccess if encoding was successful. Any other return value indicates
|
|
* an error in trying to encode the Challenges.
|
|
*/
|
|
extern SECStatus
|
|
CMMF_EncodePOPODecKeyRespContent(long *inDecodedRand,
|
|
int inNumRand,
|
|
CRMFEncoderOutputCallback inCallback,
|
|
void *inArg);
|
|
|
|
/*************** Accessor function ***********************************/
|
|
|
|
/*
|
|
* FUNCTION: CMMF_CertRepContentGetCAPubs
|
|
* INPUTS:
|
|
* inCertRepContent
|
|
* The CMMFCertRepContent to extract the caPubs from.
|
|
* NOTES:
|
|
* This function will return a copy of the list of certificates that
|
|
* make up the chain of CA's required to make the cert issued valid.
|
|
* The user must call CERT_DestroyCertList on the return value when
|
|
* done using the return value.
|
|
*
|
|
* Only call this function on a CertRepContent that has been decoded.
|
|
* The client must call CERT_DestroyCertList when the certificate list
|
|
* is no longer needed.
|
|
*
|
|
* The certs in the list will not be in the temporary database. In order
|
|
* to make these certificates a part of the permanent CA internal database,
|
|
* the user must collect the der for all of these certs and call
|
|
* CERT_ImportCAChain. Afterwards the certs will be part of the permanent
|
|
* database.
|
|
*
|
|
* RETURN:
|
|
* A pointer to the CERTCertList representing the CA chain associated
|
|
* with the issued cert. A NULL return value indicates that no CA Pubs
|
|
* were available in the CMMFCertRepContent structure.
|
|
*/
|
|
extern CERTCertList*
|
|
CMMF_CertRepContentGetCAPubs (CMMFCertRepContent *inCertRepContent);
|
|
|
|
|
|
/*
|
|
* FUNCTION: CMMF_CertRepContentGetNumResponses
|
|
* INPUTS:
|
|
* inCertRepContent
|
|
* The CMMFCertRepContent to operate on.
|
|
* NOTES:
|
|
* This function will return the number of CertResponses that are contained
|
|
* by the CMMFCertRepContent passed in.
|
|
*
|
|
* RETURN:
|
|
* The number of CMMFCertResponses contained in the structure passed in.
|
|
*/
|
|
extern int
|
|
CMMF_CertRepContentGetNumResponses (CMMFCertRepContent *inCertRepContent);
|
|
|
|
/*
|
|
* FUNCTION: CMMF_CertRepContentGetResponseAtIndex
|
|
* INPUTS:
|
|
* inCertRepContent
|
|
* The CMMFCertRepContent to operate on.
|
|
* inIndex
|
|
* The index of the CMMFCertResponse the user wants a copy of.
|
|
* NOTES:
|
|
* This funciton creates a copy of the CMMFCertResponse at the index
|
|
* corresponding to the parameter 'inIndex'. Indexing is done like a
|
|
* traditional C array, ie the valid indexes are (0...numResponses-1).
|
|
* The user must call CMMF_DestroyCertResponse after the return value is
|
|
* no longer needed.
|
|
*
|
|
* RETURN:
|
|
* A pointer to the CMMFCertResponse at the index corresponding to
|
|
* 'inIndex'. A return value of NULL indicates an error in copying
|
|
* the CMMFCertResponse.
|
|
*/
|
|
extern CMMFCertResponse*
|
|
CMMF_CertRepContentGetResponseAtIndex (CMMFCertRepContent *inCertRepContent,
|
|
int inIndex);
|
|
|
|
/*
|
|
* FUNCTION: CMMF_CertResponseGetCertReqId
|
|
* INPUTS:
|
|
* inCertResp
|
|
* The CMMFCertResponse to operate on.
|
|
* NOTES:
|
|
* This function returns the CertResponse.certReqId from the
|
|
* CMMFCertResponse structure passed in. If the return value is -1, that
|
|
* means there is no associated certificate request with the CertResponse.
|
|
* RETURN:
|
|
* A long representing the id of the certificate request this
|
|
* CMMFCertResponse corresponds to. A return value of -1 indicates an
|
|
* error in extracting the value of the integer.
|
|
*/
|
|
extern long CMMF_CertResponseGetCertReqId(CMMFCertResponse *inCertResp);
|
|
|
|
/*
|
|
* FUNCTION: CMMF_CertResponseGetPKIStatusInfoStatus
|
|
* INPUTS:
|
|
* inCertResp
|
|
* The CMMFCertResponse to operate on.
|
|
* NOTES:
|
|
* This function returns the CertResponse.status.status field of the
|
|
* CMMFCertResponse structure.
|
|
*
|
|
* RETURN:
|
|
* The enumerated value corresponding to the PKIStatus defined in the CMMF
|
|
* draft. See the CMMF draft for the definition of PKIStatus. See crmft.h
|
|
* for the definition of CMMFPKIStatus.
|
|
*/
|
|
extern CMMFPKIStatus
|
|
CMMF_CertResponseGetPKIStatusInfoStatus(CMMFCertResponse *inCertResp);
|
|
|
|
/*
|
|
* FUNCTION: CMMF_CertResponseGetCertificate
|
|
* INPUTS:
|
|
* inCertResp
|
|
* The Certificate Response to operate on.
|
|
* inCertdb
|
|
* This is the certificate database where the function will place the
|
|
* newly issued certificate.
|
|
* NOTES:
|
|
* This function retrieves the CertResponse.certifiedKeyPair.certificate
|
|
* from the CMMFCertResponse. The user will get a copy of that certificate
|
|
* so the user must call CERT_DestroyCertificate when the return value is
|
|
* no longer needed. The certificate returned will be in the temporary
|
|
* certificate database.
|
|
*
|
|
* RETURN:
|
|
* A pointer to a copy of the certificate contained within the
|
|
* CMMFCertResponse. A return value of NULL indicates an error while trying
|
|
* to make a copy of the certificate.
|
|
*/
|
|
extern CERTCertificate*
|
|
CMMF_CertResponseGetCertificate(CMMFCertResponse *inCertResp,
|
|
CERTCertDBHandle *inCertdb);
|
|
|
|
/*
|
|
* FUNCTION: CMMF_KeyRecRepContentGetPKIStatusInfoStatus
|
|
* INPUTS:
|
|
* inKeyRecRep
|
|
* The CMMFKeyRecRepContent structure to operate on.
|
|
* NOTES:
|
|
* This function retrieves the KeyRecRepContent.status.status field of
|
|
* the CMMFKeyRecRepContent structure.
|
|
* RETURN:
|
|
* The CMMFPKIStatus corresponding to the value held in the
|
|
* CMMFKeyRecRepContent structure.
|
|
*/
|
|
extern CMMFPKIStatus
|
|
CMMF_KeyRecRepContentGetPKIStatusInfoStatus(CMMFKeyRecRepContent *inKeyRecRep);
|
|
|
|
/*
|
|
* FUNCTION: CMMF_KeyRecRepContentGetNewSignCert
|
|
* INPUTS:
|
|
* inKeyRecRep
|
|
* The CMMFKeyRecRepContent to operate on.
|
|
* NOTES:
|
|
* This function retrieves the KeyRecRepContent.newSignCert field of the
|
|
* CMMFKeyRecRepContent structure. The user must call
|
|
* CERT_DestroyCertificate when the return value is no longer needed. The
|
|
* returned certificate will be in the temporary database. The user
|
|
* must then place the certificate permanently in whatever token the
|
|
* user determines is the proper destination. A return value of NULL
|
|
* indicates the newSigCert field was not present.
|
|
*/
|
|
extern CERTCertificate*
|
|
CMMF_KeyRecRepContentGetNewSignCert(CMMFKeyRecRepContent *inKeyRecRep);
|
|
|
|
/*
|
|
* FUNCTION: CMMF_KeyRecRepContentGetCACerts
|
|
* INPUTS:
|
|
* inKeyRecRep
|
|
* The CMMFKeyRecRepContent to operate on.
|
|
* NOTES:
|
|
* This function returns a CERTCertList which contains all of the
|
|
* certficates that are in the sequence KeyRecRepContent.caCerts
|
|
* User must call CERT_DestroyCertList when the return value is no longer
|
|
* needed. All of these certificates will be placed in the tempoaray
|
|
* database.
|
|
*
|
|
* RETURN:
|
|
* A pointer to the list of caCerts contained in the CMMFKeyRecRepContent
|
|
* structure. A return value of NULL indicates the library was not able to
|
|
* make a copy of the certifcates. This may be because there are no caCerts
|
|
* included in the CMMFKeyRecRepContent strucure or an internal error. Call
|
|
* CMMF_KeyRecRepContentHasCACerts to find out if there are any caCerts
|
|
* included in 'inKeyRecRep'.
|
|
*/
|
|
extern CERTCertList*
|
|
CMMF_KeyRecRepContentGetCACerts(CMMFKeyRecRepContent *inKeyRecRep);
|
|
|
|
/*
|
|
* FUNCTION: CMMF_KeyRecRepContentGetNumKeyPairs
|
|
* INPUTS:
|
|
* inKeyRecRep
|
|
* The CMMFKeyRecRepContent to operate on.
|
|
* RETURN:
|
|
* This function returns the number of CMMFCertifiedKeyPair structures that
|
|
* that are stored in the KeyRecRepContent structure.
|
|
*/
|
|
extern int
|
|
CMMF_KeyRecRepContentGetNumKeyPairs(CMMFKeyRecRepContent *inKeyRecRep);
|
|
|
|
/*
|
|
* FUNCTION: CMMF_KeyRecRepContentGetCertKeyAtIndex
|
|
* INPUTS:
|
|
* inKeyRecRepContent
|
|
* The CMMFKeyRecRepContent to operate on.
|
|
* inIndex
|
|
* The index of the desired CMMFCertifiedKeyPair
|
|
* NOTES:
|
|
* This function retrieves the CMMFCertifiedKeyPair structure at the index
|
|
* 'inIndex'. Valid indexes are 0...(numKeyPairs-1) The user must call
|
|
* CMMF_DestroyCertifiedKeyPair when the return value is no longer needed.
|
|
*
|
|
* RETURN:
|
|
* A pointer to the Certified Key Pair at the desired index. A return value
|
|
* of NULL indicates an error in extracting the Certified Key Pair at the
|
|
* desired index.
|
|
*/
|
|
extern CMMFCertifiedKeyPair*
|
|
CMMF_KeyRecRepContentGetCertKeyAtIndex(CMMFKeyRecRepContent *inKeyRecRep,
|
|
int inIndex);
|
|
|
|
/*
|
|
* FUNCTION: CMMF_CertifiedKeyPairGetCertificate
|
|
* INPUTS:
|
|
* inCertKeyPair
|
|
* The CMMFCertifiedKeyPair to operate on.
|
|
* inCertdb
|
|
* The database handle for the database you want this certificate
|
|
* to wind up in.
|
|
* NOTES:
|
|
* This function retrieves the certificate at
|
|
* CertifiedKeyPair.certOrEncCert.certificate
|
|
* The user must call CERT_DestroyCertificate when the return value is no
|
|
* longer needed. The user must import this certificate as a token object
|
|
* onto PKCS#11 slot in order to make it a permanent object. The returned
|
|
* certificate will be in the temporary database.
|
|
*
|
|
* RETURN:
|
|
* A pointer to the certificate contained within the certified key pair.
|
|
* A return value of NULL indicates an error in creating the copy of the
|
|
* certificate.
|
|
*/
|
|
extern CERTCertificate*
|
|
CMMF_CertifiedKeyPairGetCertificate(CMMFCertifiedKeyPair *inCertKeyPair,
|
|
CERTCertDBHandle *inCertdb);
|
|
|
|
/*
|
|
* FUNCTION: CMMF_POPODecKeyChallContentGetNumChallenges
|
|
* INPUTS:
|
|
* inKeyChallCont
|
|
* The CMMFPOPODecKeyChallContent to operate on.
|
|
* RETURN:
|
|
* This function returns the number of CMMFChallenges are contained in
|
|
* the CMMFPOPODecKeyChallContent structure.
|
|
*/
|
|
extern int CMMF_POPODecKeyChallContentGetNumChallenges
|
|
(CMMFPOPODecKeyChallContent *inKeyChallCont);
|
|
|
|
/*
|
|
* FUNCTION: CMMF_POPODecKeyChallContentGetPublicValue
|
|
* ---------------------------------------------------
|
|
* INPUTS:
|
|
* inKeyChallCont
|
|
* The CMMFPOPODecKeyChallContent to operate on.
|
|
* inIndex
|
|
* The index of the Challenge within inKeyChallCont to operate on.
|
|
* Indexes start from 0, ie the Nth Challenge corresponds to index
|
|
* N-1.
|
|
* NOTES:
|
|
* This function retrieves the public value stored away in the Challenge at
|
|
* index inIndex of inKeyChallCont.
|
|
* RETURN:
|
|
* A pointer to a SECItem containing the public value. User must call
|
|
* SECITEM_FreeItem on the return value when the value is no longer necessary.
|
|
* A return value of NULL indicates an error while retrieving the public value.
|
|
*/
|
|
extern SECItem* CMMF_POPODecKeyChallContentGetPublicValue
|
|
(CMMFPOPODecKeyChallContent *inKeyChallCont,
|
|
int inIndex);
|
|
|
|
|
|
/*
|
|
* FUNCTION: CMMF_POPODecKeyChallContentGetRandomNumber
|
|
* INPUTS:
|
|
* inChallContent
|
|
* The CMMFPOPODecKeyChallContent to operate on.
|
|
* inIndex
|
|
* The index of the challenge to look at. Valid indexes are 0 through
|
|
* (CMMF_POPODecKeyChallContentGetNumChallenges(inChallContent) - 1).
|
|
* inDest
|
|
* A pointer to a user supplied buffer where the library
|
|
* can place a copy of the random integer contatained in the
|
|
* challenge.
|
|
* NOTES:
|
|
* This function returns the value held in the decrypted Rand structure
|
|
* corresponding to the random integer. The user must call
|
|
* CMMF_POPODecKeyChallContentDecryptChallenge before calling this function. Call
|
|
* CMMF_ChallengeIsDecrypted to find out if the challenge has been
|
|
* decrypted.
|
|
*
|
|
* RETURN:
|
|
* SECSuccess indicates the witness field has been previously decrypted
|
|
* and the value for the random integer was successfully placed at *inDest.
|
|
* Any other return value indicates an error and that the value at *inDest
|
|
* is not a valid value.
|
|
*/
|
|
extern SECStatus CMMF_POPODecKeyChallContentGetRandomNumber
|
|
(CMMFPOPODecKeyChallContent *inKeyChallCont,
|
|
int inIndex,
|
|
long *inDest);
|
|
|
|
/*
|
|
* FUNCTION: CMMF_POPODecKeyRespContentGetNumResponses
|
|
* INPUTS:
|
|
* inRespCont
|
|
* The POPODecKeyRespContent to operate on.
|
|
* RETURN:
|
|
* This function returns the number of responses contained in inRespContent.
|
|
*/
|
|
extern int
|
|
CMMF_POPODecKeyRespContentGetNumResponses(CMMFPOPODecKeyRespContent *inRespCont);
|
|
|
|
/*
|
|
* FUNCTION: CMMF_POPODecKeyRespContentGetResponse
|
|
* INPUTS:
|
|
* inRespCont
|
|
* The POPODecKeyRespContent to operate on.
|
|
* inIndex
|
|
* The index of the response to retrieve.
|
|
* The Nth response is at index N-1, ie the 1st response is at index 0,
|
|
* the 2nd response is at index 1, and so on.
|
|
* inDest
|
|
* A pointer to a pre-allocated buffer where the library can put the
|
|
* value of the response located at inIndex.
|
|
* NOTES:
|
|
* The function returns the response contained at index inIndex.
|
|
* CMMFPOPODecKeyRespContent is a structure that the server will generally
|
|
* get in response to a CMMFPOPODecKeyChallContent. The server will expect
|
|
* to see the responses in the same order as it constructed them in
|
|
* the CMMFPOPODecKeyChallContent structure.
|
|
* RETURN:
|
|
* SECSuccess if getting the response at the desired index was successful. Any
|
|
* other return value indicates an errror.
|
|
*/
|
|
extern SECStatus
|
|
CMMF_POPODecKeyRespContentGetResponse (CMMFPOPODecKeyRespContent *inRespCont,
|
|
int inIndex,
|
|
long *inDest);
|
|
|
|
/************************* Destructor Functions ******************************/
|
|
|
|
/*
|
|
* FUNCTION: CMMF_DestroyCertResponse
|
|
* INPUTS:
|
|
* inCertResp
|
|
* The CMMFCertResponse to destroy.
|
|
* NOTES:
|
|
* This function frees all the memory associated with the CMMFCertResponse
|
|
* passed in.
|
|
* RETURN:
|
|
* SECSuccess if freeing the memory was successful. Any other return value
|
|
* indicates an error while freeing the memory.
|
|
*/
|
|
extern SECStatus CMMF_DestroyCertResponse(CMMFCertResponse *inCertResp);
|
|
|
|
/*
|
|
* FUNCTION: CMMF_DestroyCertRepContent
|
|
* INPUTS:
|
|
* inCertRepContent
|
|
* The CMMFCertRepContent to destroy
|
|
* NOTES:
|
|
* This function frees the memory associated with the CMMFCertRepContent
|
|
* passed in.
|
|
* RETURN:
|
|
* SECSuccess if freeing all the memory associated with the
|
|
* CMMFCertRepContent passed in is successful. Any other return value
|
|
* indicates an error while freeing the memory.
|
|
*/
|
|
extern SECStatus
|
|
CMMF_DestroyCertRepContent (CMMFCertRepContent *inCertRepContent);
|
|
|
|
/*
|
|
* FUNCTION: CMMF_DestroyKeyRecRepContent
|
|
* INPUTS:
|
|
* inKeyRecRep
|
|
* The CMMFKeyRecRepContent to destroy.
|
|
* NOTES:
|
|
* This function destroys all the memory associated with the
|
|
* CMMFKeyRecRepContent passed in.
|
|
*
|
|
* RETURN:
|
|
* SECSuccess if freeing all the memory is successful. Any other return
|
|
* value indicates an error in freeing the memory.
|
|
*/
|
|
extern SECStatus
|
|
CMMF_DestroyKeyRecRepContent(CMMFKeyRecRepContent *inKeyRecRep);
|
|
|
|
/*
|
|
* FUNCTION: CMMF_DestroyCertifiedKeyPair
|
|
* INPUTS:
|
|
* inCertKeyPair
|
|
* The CMMFCertifiedKeyPair to operate on.
|
|
* NOTES:
|
|
* This function frees up all the memory associated with 'inCertKeyPair'
|
|
*
|
|
* RETURN:
|
|
* SECSuccess if freeing all the memory associated with 'inCertKeyPair'
|
|
* is successful. Any other return value indicates an error while trying
|
|
* to free the memory.
|
|
*/
|
|
extern SECStatus
|
|
CMMF_DestroyCertifiedKeyPair(CMMFCertifiedKeyPair *inCertKeyPair);
|
|
|
|
/*
|
|
* FUNCTION: CMMF_DestroyPOPODecKeyRespContent
|
|
* INPUTS:
|
|
* inDecKeyResp
|
|
* The CMMFPOPODecKeyRespContent structure to free.
|
|
* NOTES:
|
|
* This function frees up all the memory associate with the
|
|
* CMMFPOPODecKeyRespContent.
|
|
*
|
|
* RETURN:
|
|
* SECSuccess if freeing up all the memory associated with the
|
|
* CMMFPOPODecKeyRespContent structure is successful. Any other
|
|
* return value indicates an error while freeing the memory.
|
|
*/
|
|
extern SECStatus
|
|
CMMF_DestroyPOPODecKeyRespContent(CMMFPOPODecKeyRespContent *inDecKeyResp);
|
|
|
|
|
|
/************************** Miscellaneous Functions *************************/
|
|
|
|
/*
|
|
* FUNCTION: CMMF_CertifiedKeyPairUnwrapPrivKey
|
|
* INPUTS:
|
|
* inCertKeyPair
|
|
* The CMMFCertifiedKeyPair to operate on.
|
|
* inPrivKey
|
|
* The private key to use to un-wrap the private key
|
|
* inNickName
|
|
* This is the nickname that will be associated with the private key
|
|
* to be unwrapped.
|
|
* inSlot
|
|
* The PKCS11 slot where the unwrapped private key should end up.
|
|
* inCertdb
|
|
* The Certificate database with which the new key will be associated.
|
|
* destPrivKey
|
|
* A pointer to memory where the library can place a pointer to the
|
|
* private key after importing the key onto the specified slot.
|
|
* wincx
|
|
* An opaque pointer that the library will use in a callback function
|
|
* to get the password if necessary.
|
|
*
|
|
* NOTES:
|
|
* This function uses the private key passed in to unwrap the private key
|
|
* contained within the CMMFCertifiedKeyPair structure. After this
|
|
* function successfully returns, the private key has been unwrapped and
|
|
* placed in the specified slot.
|
|
*
|
|
* RETURN:
|
|
* SECSuccess if unwrapping the private key was successful. Any other
|
|
* return value indicates an error while trying to un-wrap the private key.
|
|
*/
|
|
extern SECStatus
|
|
CMMF_CertifiedKeyPairUnwrapPrivKey(CMMFCertifiedKeyPair *inKeyPair,
|
|
SECKEYPrivateKey *inPrivKey,
|
|
SECItem *inNickName,
|
|
PK11SlotInfo *inSlot,
|
|
CERTCertDBHandle *inCertdb,
|
|
SECKEYPrivateKey **destPrivKey,
|
|
void *wincx);
|
|
|
|
/*
|
|
* FUNCTION: CMMF_KeyRecRepContentHasCACerts
|
|
* INPUTS:
|
|
* inKeyRecRecp
|
|
* The CMMFKeyRecRepContent to operate on.
|
|
* RETURN:
|
|
* This function returns PR_TRUE if there are one or more certificates in
|
|
* the sequence KeyRecRepContent.caCerts within the CMMFKeyRecRepContent
|
|
* structure. The function will return PR_FALSE if there are 0 certificate
|
|
* in the above mentioned sequence.
|
|
*/
|
|
extern PRBool
|
|
CMMF_KeyRecRepContentHasCACerts(CMMFKeyRecRepContent *inKeyRecRep);
|
|
|
|
/*
|
|
* FUNCTION: CMMF_POPODecKeyChallContDecryptChallenge
|
|
* INPUTS:
|
|
* inChalCont
|
|
* The CMMFPOPODecKeyChallContent to operate on.
|
|
* inIndex
|
|
* The index of the Challenge to operate on. The 1st Challenge is
|
|
* at index 0, the second at index 1 and so forth.
|
|
* inPrivKey
|
|
* The private key to use to decrypt the witness field.
|
|
* NOTES:
|
|
* This function uses the private key to decrypt the challenge field
|
|
* contained in the appropriate challenge. Make sure the private key matches
|
|
* the public key that was used to encrypt the witness. Use
|
|
* CMMF_POPODecKeyChallContentGetPublicValue to get the public value of
|
|
* the key used to encrypt the witness and then use that to determine the
|
|
* appropriate private key. This can be done by calling PK11_MakeIDFromPubKey
|
|
* and then passing that return value to PK11_FindKeyByKeyID. The creator of
|
|
* the challenge will most likely be an RA that has the public key
|
|
* from a Cert request. So the private key should be the private key
|
|
* associated with public key in that request. This function will also
|
|
* verify the witness field of the challenge. This function also verifies
|
|
* that the sender and witness hashes match within the challenge.
|
|
*
|
|
* RETURN:
|
|
* SECSuccess if decrypting the witness field was successful. This does
|
|
* not indicate that the decrypted data is valid, since the private key
|
|
* passed in may not be the actual key needed to properly decrypt the
|
|
* witness field. Meaning that there is a decrypted structure now, but
|
|
* may be garbage because the private key was incorrect.
|
|
* Any other return value indicates the function could not complete the
|
|
* decryption process.
|
|
*/
|
|
extern SECStatus
|
|
CMMF_POPODecKeyChallContDecryptChallenge(CMMFPOPODecKeyChallContent *inChalCont,
|
|
int inIndex,
|
|
SECKEYPrivateKey *inPrivKey);
|
|
|
|
/*
|
|
* FUNCTION: CMMF_DestroyPOPODecKeyChallContent
|
|
* INPUTS:
|
|
* inDecKeyCont
|
|
* The CMMFPOPODecKeyChallContent to free
|
|
* NOTES:
|
|
* This function frees up all the memory associated with the
|
|
* CMMFPOPODecKeyChallContent
|
|
* RETURN:
|
|
* SECSuccess if freeing up all the memory associatd with the
|
|
* CMMFPOPODecKeyChallContent is successful. Any other return value
|
|
* indicates an error while freeing the memory.
|
|
*
|
|
*/
|
|
extern SECStatus
|
|
CMMF_DestroyPOPODecKeyChallContent (CMMFPOPODecKeyChallContent *inDecKeyCont);
|
|
|
|
SEC_END_PROTOS
|
|
#endif /* _CMMF_H_ */
|