зеркало из https://github.com/mozilla/pjs.git
1780 строки
64 KiB
C
1780 строки
64 KiB
C
/* -*- Mode: C; tab-width: 8 -*-*/
|
|
/*
|
|
* The contents of this file are subject to the Mozilla Public
|
|
* License Version 1.1 (the "License"); you may not use this file
|
|
* except in compliance with the License. You may obtain a copy of
|
|
* the License at http://www.mozilla.org/MPL/
|
|
*
|
|
* Software distributed under the License is distributed on an "AS
|
|
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
|
|
* implied. See the License for the specific language governing
|
|
* rights and limitations under the License.
|
|
*
|
|
* The Original Code is the Netscape security libraries.
|
|
*
|
|
* The Initial Developer of the Original Code is Netscape
|
|
* Communications Corporation. Portions created by Netscape are
|
|
* Copyright (C) 1994-2000 Netscape Communications Corporation. All
|
|
* Rights Reserved.
|
|
*
|
|
* Contributor(s):
|
|
*
|
|
* Alternatively, the contents of this file may be used under the
|
|
* terms of the GNU General Public License Version 2 or later (the
|
|
* "GPL"), in which case the provisions of the GPL are applicable
|
|
* instead of those above. If you wish to allow use of your
|
|
* version of this file only under the terms of the GPL and not to
|
|
* allow others to use your version of this file under the MPL,
|
|
* indicate your decision by deleting the provisions above and
|
|
* replace them with the notice and other provisions required by
|
|
* the GPL. If you do not delete the provisions above, a recipient
|
|
* may use your version of this file under either the MPL or the
|
|
* GPL.
|
|
*/
|
|
|
|
|
|
#ifndef _CRMF_H_
|
|
#define _CRMF_H_
|
|
|
|
#include "seccomon.h"
|
|
#include "cert.h"
|
|
#include "crmft.h"
|
|
#include "secoid.h"
|
|
#include "secpkcs7.h"
|
|
|
|
SEC_BEGIN_PROTOS
|
|
|
|
/*
|
|
* FUNCTION: CRMF_EncodeCertReqMsg
|
|
* INPUTS:
|
|
* inCertReqMsg
|
|
* The Certificate Request Message to be encoded.
|
|
* fn
|
|
* A Callback function that the ASN1 encoder calls whenever
|
|
* the encoder wants to write out some DER encoded bytes.
|
|
* arg
|
|
* An opaque pointer that gets passed to the function fn
|
|
* OUTPUT:
|
|
* The function fn will be called multiple times. Look at the
|
|
* comments in crmft.h where the CRMFEncoderOutputCallback type is
|
|
* defined for information on proper behavior of the function fn.
|
|
* RETURN:
|
|
* SECSuccess if encoding was successful. Any other return value
|
|
* indicates an error occurred during encoding.
|
|
*/
|
|
extern SECStatus
|
|
CRMF_EncodeCertReqMsg (CRMFCertReqMsg *inCertReqMsg,
|
|
CRMFEncoderOutputCallback fn,
|
|
void *arg);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_EncoderCertRequest
|
|
* INPUTS:
|
|
* inCertReq
|
|
* The Certificate Request to be encoded.
|
|
* fn
|
|
* A Callback function that the ASN1 encoder calls whenever
|
|
* the encoder wants to write out some DER encoded bytes.
|
|
* arg
|
|
* An opaque pointer that gets passed to the function fn.
|
|
* OUTPUT:
|
|
* The function fn will be called, probably multiple times whenever
|
|
* the ASN1 encoder wants to write out DER-encoded bytes. Look at the
|
|
* comments in crmft.h where the CRMFEncoderOuputCallback type is
|
|
* defined for information on proper behavior of the funciton fn.
|
|
* RETURN:
|
|
* SECSuccess if encoding was successful. Any other return value
|
|
* indicates an error occured during encoding.
|
|
*/
|
|
extern SECStatus CRMF_EncodeCertRequest (CRMFCertRequest *inCertReq,
|
|
CRMFEncoderOutputCallback fn,
|
|
void *arg);
|
|
/*
|
|
* FUNCTION: CRMF_EncodeCertReqMessages
|
|
* INPUTS:
|
|
* inCertReqMsgs
|
|
* An array of pointers to the Certificate Request Messages
|
|
* to encode. The user must place a NULL pointer in the index
|
|
* after the last message to be encoded. When the library runs
|
|
* into the NULL pointer, the library assumes there are no more
|
|
* messages to encode.
|
|
* fn
|
|
* A Callback function that the ASN1 encoder calls whenever
|
|
* the encoder wants to write out some DER encoded byts.
|
|
* arg
|
|
* An opaque pointer that gets passed to the function fn.
|
|
*
|
|
* NOTES:
|
|
* The parameter inCertReqMsgs needs to be an array with a NULL pointer
|
|
* to signal the end of messages. An array in the form of
|
|
* {m1, m2, m3, NULL, m4, ...} will only encode the messages m1, m2, and
|
|
* m3. All messages from m4 on will not be looked at by the library.
|
|
*
|
|
* OUTPUT:
|
|
* The function fn will be called, probably multiple times. Look at the
|
|
* comments in crmft.h where the CRMFEncoderOuputCallback type is
|
|
* defined for information on proper behavior of the funciton fn.
|
|
*
|
|
* RETURN:
|
|
* SECSuccess if encoding the Certificate Request Messages was successful.
|
|
* Any other return value indicates an error occurred while encoding the
|
|
* certificate request messages.
|
|
*/
|
|
extern SECStatus
|
|
CRMF_EncodeCertReqMessages(CRMFCertReqMsg **inCertReqMsgs,
|
|
CRMFEncoderOutputCallback fn,
|
|
void *arg);
|
|
|
|
|
|
/*
|
|
* FUNCTION: CRMF_CreateCertReqMsg
|
|
* INPUTS:
|
|
* NONE
|
|
* OUTPUT:
|
|
* An empty CRMF Certificate Request Message.
|
|
* Before encoding this message, the user must set
|
|
* the ProofOfPossession field and the certificate
|
|
* request which are necessary for the full message.
|
|
* After the user no longer needs this CertReqMsg,
|
|
* the user must call CRMF_DestroyCertReqMsg to free
|
|
* all memory associated with the Certificate Request
|
|
* Message.
|
|
* RETURN:
|
|
* A pointer to a Certificate Request Message. The user
|
|
* must pass the return value of this function to
|
|
* CRMF_DestroyCertReqMsg after the Certificate Request
|
|
* Message is no longer necessary.
|
|
*/
|
|
extern CRMFCertReqMsg* CRMF_CreateCertReqMsg(void);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_DestroyCertReqMsg
|
|
* INPUTS:
|
|
* inCertReqMsg
|
|
* The Certificate Request Message to destroy.
|
|
* NOTES:
|
|
* This function frees all the memory used for the Certificate
|
|
* Request Message and all the memory used in making copies of
|
|
* fields of elelments of the message, eg. the Proof Of Possession
|
|
* filed and the Cetificate Request.
|
|
* RETURN:
|
|
* SECSuccess if destruction was successful. Any other return value
|
|
* indicates an error while trying to free the memory associated
|
|
* with inCertReqMsg.
|
|
*
|
|
*/
|
|
extern SECStatus CRMF_DestroyCertReqMsg(CRMFCertReqMsg *inCertReqMsg);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_CertReqMsgSetCertRequest
|
|
* INPUTS:
|
|
* inCertReqMsg
|
|
* The Certificate Request Message that the function will set
|
|
* the certificate request for.
|
|
* inCertReq
|
|
* The Certificate Request that will be added to the Certificate
|
|
* Request Message.
|
|
* NOTES:
|
|
* This function will make a copy of the Certificate Request passed in
|
|
* and store it as part of the Certificate Request Message. Therefore,
|
|
* the user must not call this function until the Certificate Request
|
|
* has been fully built and is ready to be encoded.
|
|
* RETURN:
|
|
* SECSuccess
|
|
* If copying the Certificate as a member of the Certificate
|
|
* request message was successful.
|
|
* Any other return value indicates a failure to copy the Certificate
|
|
* Request and make it a part of the Certificate Request Message.
|
|
*/
|
|
extern SECStatus CRMF_CertReqMsgSetCertRequest(CRMFCertReqMsg *inCertReqMsg,
|
|
CRMFCertRequest *inCertReq);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_CreateCertRequest
|
|
* INPUTS:
|
|
* inRequestID
|
|
* The ID that will be associated with this certificate request.
|
|
* OUTPUTS:
|
|
* A certificate request which only has the requestID set.
|
|
* NOTES:
|
|
* The user must call the function CRMF_DestroyCertRequest when
|
|
* the returned value is no longer needed. This is usually the
|
|
* case after fully constructing the Certificate Request and then
|
|
* calling the function CRMF_CertReqMsgSetCertRequest.
|
|
* RETURN:
|
|
* A pointer to the new Certificate Request. A NULL return value
|
|
* indicates an error in creating the Certificate Request.
|
|
*/
|
|
extern CRMFCertRequest *CRMF_CreateCertRequest (long inRequestID);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_DestroyCertRequest
|
|
* INPUTS:
|
|
* inCertReq
|
|
* The Certificate Request that will be destroyed.
|
|
* RETURN:
|
|
* SECSuccess
|
|
* If freeing the memory associated with the certificate request
|
|
* was successful.
|
|
* Any other return value indicates an error while trying to free the
|
|
* memory.
|
|
*/
|
|
extern SECStatus CRMF_DestroyCertRequest (CRMFCertRequest *inCertReq);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_CreateCertExtension
|
|
* INPUTS:
|
|
* id
|
|
* The SECOidTag to associate with this CertExtension. This must
|
|
* correspond to a valid Certificate Extension, if not the function
|
|
* will fail.
|
|
* isCritical
|
|
* A boolean value stating if the extension value is crtical. PR_TRUE
|
|
* means the value is crtical. PR_FALSE indicates the value is not
|
|
* critical.
|
|
* data
|
|
* This is the data associated with the extension. The user of the
|
|
* library is responsible for making sure the value passed in is a
|
|
* valid interpretation of the certificate extension.
|
|
* NOTES:
|
|
* Use this function to create CRMFCertExtension Structures which will
|
|
* then be passed to CRMF_AddFieldToCertTemplate as part of the
|
|
* CRMFCertCreationInfo.extensions The user must call
|
|
* CRMF_DestroyCertExtension after the extension has been added to a certifcate
|
|
* and the extension is no longer needed.
|
|
*
|
|
* RETURN:
|
|
* A pointer to a newly created CertExtension. A return value of NULL
|
|
* indicates the id passed in was an invalid certificate extension.
|
|
*/
|
|
extern CRMFCertExtension *CRMF_CreateCertExtension(SECOidTag id,
|
|
PRBool isCritical,
|
|
SECItem *data);
|
|
|
|
/*
|
|
* FUNCTION: CMRF_DestroyCertExtension
|
|
* INPUTS:
|
|
* inExtension
|
|
* The Cert Extension to destroy
|
|
* NOTES:
|
|
* Destroy a structure allocated by CRMF_CreateCertExtension.
|
|
*
|
|
* RETURN:
|
|
* SECSuccess if freeing the memory associated with the certificate extension
|
|
* was successful. Any other error indicates an error while freeing the
|
|
* memory.
|
|
*/
|
|
extern SECStatus CRMF_DestroyCertExtension(CRMFCertExtension *inExtension);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_CertRequestSetTemplateField
|
|
* INPUTS:
|
|
* inCertReq
|
|
* The Certificate Request to operate on.
|
|
* inTemplateField
|
|
* An enumeration that indicates which field of the Certificate
|
|
* template to add.
|
|
* data
|
|
* A generic pointer that will be type cast according to the
|
|
* table under NOTES and used as the key for adding to the
|
|
* certificate template;
|
|
* NOTES:
|
|
*
|
|
* Below is a table that tells what type to pass in as data
|
|
* depending on the template field one wants to set.
|
|
*
|
|
* Look in crmft.h for the definition of CRMFCertTemplateField.
|
|
*
|
|
* In all cases, the library makes copies of the data passed in.
|
|
*
|
|
* CRMFCertTemplateField Type of data What data means
|
|
* --------------------- ------------ ---------------
|
|
* crmfVersion long * The version of
|
|
* the certificate
|
|
* to be created.
|
|
*
|
|
* crmfSerialNumber long * The serial number
|
|
* for the cert to be
|
|
* created.
|
|
*
|
|
* crmfSigningAlg SECAlgorithm * The ASN.1 object ID for
|
|
* the algorithm used in encoding
|
|
* the certificate.
|
|
*
|
|
* crmfIssuer CERTName * Certificate Library
|
|
* representation of the ASN1 type
|
|
* Name from X.509
|
|
*
|
|
* crmfValidity CRMFValidityCreationInfo * At least one of the two
|
|
* fields in the structure must
|
|
* be present. A NULL pointer
|
|
* in the structure indicates
|
|
* that member should not be
|
|
* added.
|
|
*
|
|
* crmfSubject CERTName * Certificate Library
|
|
* representation of the ASN1 type
|
|
* Name from X.509
|
|
*
|
|
* crmfPublicKey CERTSubjectPublicKeyInfo * The public key info for the
|
|
* certificate being requested.
|
|
*
|
|
* crmfIssuerUID SECItem * A bit string representation
|
|
* of the issuer UID. NOTE: The
|
|
* length is the number of bits
|
|
* and not the number of bytes.
|
|
*
|
|
* crmfSubjectUID SECItem* A bit string representation
|
|
* of the subject UID. NOTE: The
|
|
* length is the number of bits
|
|
* and not the number of bytes.
|
|
*
|
|
* crmfExtension CRMFCertExtCreationInfo * A pointer to the structure
|
|
* populated with an array of
|
|
* of certificate extensions
|
|
* and an integer that tells
|
|
* how many elements are in the
|
|
* array. Look in crmft.h for
|
|
* the definition of
|
|
* CRMFCertExtCreationInfo
|
|
* RETURN:
|
|
* SECSuccess if adding the desired field to the template was successful.
|
|
* Any other return value indicates failure when trying to add the field
|
|
* to the template.
|
|
*
|
|
*/
|
|
extern SECStatus
|
|
CRMF_CertRequestSetTemplateField(CRMFCertRequest *inCertReq,
|
|
CRMFCertTemplateField inTemplateField,
|
|
void *data);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_CertRequestIsFieldPresent
|
|
* INPUTS:
|
|
* inCertReq
|
|
* The certificate request to operate on.
|
|
* inTemplateField
|
|
* The enumeration for the template field the user wants to query
|
|
* about.
|
|
* NOTES:
|
|
* This function checks to see if the the field associated with inTemplateField
|
|
* enumeration is already present in the certificate request passed in.
|
|
*
|
|
* RETURN:
|
|
* The function returns PR_TRUE if the field associated with inTemplateField
|
|
* is already present in the certificate request. If the field is not present
|
|
* the function returns PR_FALSE.
|
|
*/
|
|
extern PRBool
|
|
CRMF_CertRequestIsFieldPresent(CRMFCertRequest *inCertReq,
|
|
CRMFCertTemplateField inTemplateField);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_CertRequestIsControlPresent
|
|
* INPUTS:
|
|
* inCertReq
|
|
* The certificate request to operate on.
|
|
* inControlType
|
|
* The type of control to look for.
|
|
* NOTES:
|
|
* This function looks at the control present in the certificate request
|
|
* and returns PR_TRUE iff a control of type inControlType already exists.
|
|
* The CRMF draft does not explicitly state that two controls of the same
|
|
* type can not exist within the same request. So the library will not
|
|
* cause an error if you try to add a control and one of the same type
|
|
* already exists. It is up to the application to ensure that multiple
|
|
* controls of the same type do not exist, if that is the desired behavior
|
|
* by the application.
|
|
*
|
|
* RETURN:
|
|
* The function returns PR_TRUE if a control of type inControlType already
|
|
* exists in the certificate request. If a control of type inControlType
|
|
* does not exist, the function will return PR_FALSE.
|
|
*/
|
|
extern PRBool
|
|
CRMF_CertRequestIsControlPresent(CRMFCertRequest *inCertReq,
|
|
CRMFControlType inControlType);
|
|
|
|
|
|
/*
|
|
* FUNCTION: CRMF_CertRequestSetRegTokenControl
|
|
* INPUTS:
|
|
* inCertReq
|
|
* The Certificate Request to operate on.
|
|
* value
|
|
* The UTF8 value which will be the Registration Token Control
|
|
* for this Certificate Request.
|
|
* NOTES:
|
|
* The library does no verification that the value passed in is
|
|
* a valid UTF8 value. The caller must make sure of this in order
|
|
* to get an encoding that is valid. The library will ultimately
|
|
* encode this value as it was passed in.
|
|
* RETURN:
|
|
* SECSucces on successful addition of the Registration Token Control.
|
|
* Any other return value indicates an unsuccessful attempt to add the
|
|
* control.
|
|
*
|
|
*/
|
|
extern SECStatus CRMF_CertRequestSetRegTokenControl(CRMFCertRequest *inCertReq,
|
|
SECItem *value);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_CertRequestSetAuthenticatorControl
|
|
* INPUTS:
|
|
* inCertReq
|
|
* The Certificate Request to operate on.
|
|
* value
|
|
* The UTF8 value that will become the Authenticator Control
|
|
* for the passed in Certificate Request.
|
|
* NOTES:
|
|
* The library does no verification that the value passed in is
|
|
* a valid UTF8 value. The caller must make sure of this in order
|
|
* to get an encoding that is valid. The library will ultimately
|
|
* encode this value as it was passed in.
|
|
* RETURN:
|
|
* SECSucces on successful addition of the Authenticator Control.
|
|
* Any other return value indicates an unsuccessful attempt to add the
|
|
* control.
|
|
*/
|
|
extern SECStatus
|
|
CRMF_CertRequestSetAuthenticatorControl (CRMFCertRequest *inCertReq,
|
|
SECItem *value);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_CreateEncryptedKeyWithencryptedValue
|
|
* INPUTS:
|
|
* inPrivKey
|
|
* This is the private key associated with a certificate that is
|
|
* being requested. This structure will eventually wind up as
|
|
* a part of the PKIArchiveOptions Control.
|
|
* inCACert
|
|
* This is the certificate for the CA that will be receiving the
|
|
* certificate request for the private key passed in.
|
|
* OUTPUT:
|
|
* A CRMFEncryptedKey that can ultimately be used as part of the
|
|
* PKIArchiveOptions Control.
|
|
*
|
|
* RETURN:
|
|
* A pointer to a CRMFEncyptedKey. A NULL return value indicates an erro
|
|
* during the creation of the encrypted key.
|
|
*/
|
|
extern CRMFEncryptedKey*
|
|
CRMF_CreateEncryptedKeyWithEncryptedValue(SECKEYPrivateKey *inPrivKey,
|
|
CERTCertificate *inCACert);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_DestroyEncryptedKey
|
|
* INPUTS:
|
|
* inEncrKey
|
|
* The CRMFEncryptedKey to be destroyed.
|
|
* NOTES:
|
|
* Frees all memory associated with the CRMFEncryptedKey passed in.
|
|
* RETURN:
|
|
* SECSuccess if freeing the memory was successful. Any other return
|
|
* value indicates an error while freeig the memroy.
|
|
*/
|
|
extern SECStatus CRMF_DestroyEncryptedKey(CRMFEncryptedKey *inEncrKey);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_CreatePKIArchiveOptions
|
|
* INPUTS:
|
|
* inType
|
|
* An enumeration value indicating which option for
|
|
* PKIArchiveOptions to use.
|
|
* data
|
|
* A pointer that will be type-cast and de-referenced according
|
|
* to the table under NOTES.
|
|
* NOTES:
|
|
* A table listing what should be passed in as data
|
|
* ------------------------------------------------
|
|
*
|
|
* inType data
|
|
* ------ ----
|
|
* crmfEncryptedPrivateKey CRMFEncryptedKey*
|
|
* crmfKeyGenParameters SECItem*(This needs to be an octet string)
|
|
* crmfArchiveRemGenPrivKey PRBool*
|
|
*
|
|
* RETURN:
|
|
* A pointer the a CRMFPKIArchiveOptions that can be added to a Certificate
|
|
* Request. A NULL pointer indicates an error occurred while creating
|
|
* the CRMFPKIArchiveOptions Structure.
|
|
*/
|
|
extern CRMFPKIArchiveOptions*
|
|
CRMF_CreatePKIArchiveOptions(CRMFPKIArchiveOptionsType inType,
|
|
void *data);
|
|
/*
|
|
* FUNCTION: CRMF_DestroyPKIArchiveOptions
|
|
* INPUTS:
|
|
* inArchOpt
|
|
* A pointer to the CRMFPKIArchiveOptions structure to free.
|
|
* NOTES:
|
|
* Will free all memory associated with 'inArchOpt'.
|
|
* RETURN:
|
|
* SECSuccess if successful in freeing the memory used by 'inArchOpt'
|
|
* Any other return value indicates an error while freeing the memory.
|
|
*/
|
|
extern SECStatus
|
|
CRMF_DestroyPKIArchiveOptions(CRMFPKIArchiveOptions *inArchOpt);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_CertRequestSetPKIArchiveOptions
|
|
* INPUTS:
|
|
* inCertReq
|
|
* The Certificate Request to add the the options to.
|
|
* inOptions
|
|
* The Archive Options to add to the Certificate Request.
|
|
* NOTES:
|
|
* Adds the PKIArchiveOption to the Certificate Request. This is what
|
|
* enables Key Escrow to take place through CRMF. The library makes
|
|
* its own copy of the information.
|
|
* RETURN:
|
|
* SECSuccess if successful in adding the ArchiveOptions to the Certificate
|
|
* request. Any other return value indicates an error when trying to add
|
|
* the Archive Options to the Certificate Request.
|
|
*/
|
|
extern SECStatus
|
|
CRMF_CertRequestSetPKIArchiveOptions(CRMFCertRequest *inCertReq,
|
|
CRMFPKIArchiveOptions *inOptions);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_CertReqMsgGetPOPType
|
|
* INPUTS:
|
|
* inCertReqMsg
|
|
* The Certificate Request Message to operate on.
|
|
* NOTES:
|
|
* Returns an enumeration value indicating the method of Proof
|
|
* of Possession that was used for the passed in Certificate Request
|
|
* Message.
|
|
* RETURN:
|
|
* An enumeration indicating what method for Proof Of Possession is
|
|
* being used in this Certificate Request Message. Look in the file
|
|
* crmft.h for the definition of CRMFPOPChoice for the possible return
|
|
* values.
|
|
*/
|
|
extern CRMFPOPChoice CRMF_CertReqMsgGetPOPType(CRMFCertReqMsg *inCertReqMsg);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_CertReqMsgSetRAVerifiedPOP
|
|
* INPUT:
|
|
* InCertReqMsg
|
|
* The Certificate Request Message to operate on.
|
|
* NOTES:
|
|
* This function will set the method of Proof Of Possession to
|
|
* crmfRAVerified which means the RA has already verified the
|
|
* requester does possess the private key.
|
|
* RETURN:
|
|
* SECSuccess if adding RAVerified to the message is successful.
|
|
* Any other message indicates an error while trying to add RAVerified
|
|
* as the Proof of Possession.
|
|
*/
|
|
extern SECStatus CRMF_CertReqMsgSetRAVerifiedPOP(CRMFCertReqMsg *inCertReqMsg);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_CertReqMsgSetSignaturePOP
|
|
* INPUT:
|
|
* inCertReqMsg
|
|
* The Certificate Request Message to add the SignaturePOP to.
|
|
* inPrivKey
|
|
* The Private Key which corresponds to the the Certificate Request
|
|
* Message.
|
|
* inPubKey
|
|
* The Public Key which corresponds to the Private Key passed in.
|
|
* inCertForInput
|
|
* A Certificate that in the future may be used to create
|
|
* POPOSigningKeyInput.
|
|
* fn
|
|
* A callback for retrieving a password which may be used in the
|
|
* future to generate POPOSigningKeyInput.
|
|
* arg
|
|
* An opaque pointer that would be passed to fn whenever it is
|
|
* called.
|
|
* NOTES:
|
|
* Adds Proof Of Possession to the CertRequest using the signature field
|
|
* of the ProofOfPossession field. NOTE: In order to use this option,
|
|
* the certificate template must contain the publicKey at the very minimum.
|
|
*
|
|
* If you don't want the function to generate POPOSigningKeyInput, then
|
|
* make sure the cert template already contains the subject and public key
|
|
* values. Currently creating POPOSigningKeyInput is not supported, so
|
|
* a Message passed to this function must have the publicKey and the subject
|
|
* as part of the template
|
|
*
|
|
* This will take care of creating the entire POPOSigningKey structure
|
|
* that will become part of the message.
|
|
*
|
|
* inPrivKey is the key to be used in the signing operation when creating
|
|
* POPOSigningKey structure. This should be the key corresponding to
|
|
* the certificate being requested.
|
|
*
|
|
* inCertForInput will be used if POPOSigningKeyInput needs to be generated.
|
|
* It will be used in generating the authInfo.sender field. If the parameter
|
|
* is not passed in then authInfo.publicKeyMAC will be generated instead.
|
|
* If passed in, this certificate needs to be a valid certificate.
|
|
*
|
|
* The last 3 arguments are for future compatibility in case we ever want to
|
|
* support generating POPOSigningKeyInput. Pass in NULL for all 3 if you
|
|
* definitely don't want the funciton to even try to generate
|
|
* POPOSigningKeyInput. If you try to use POPOSigningKeyInput, the function
|
|
* will fail.
|
|
*
|
|
* RETURN:
|
|
* SECSuccess if adding the Signature Proof Of Possession worked.
|
|
* Any other return value indicates an error in trying to add
|
|
* the Signature Proof Of Possession.
|
|
*/
|
|
extern SECStatus
|
|
CRMF_CertReqMsgSetSignaturePOP(CRMFCertReqMsg *inCertReqMsg,
|
|
SECKEYPrivateKey *inPrivKey,
|
|
SECKEYPublicKey *inPubKey,
|
|
CERTCertificate *inCertForInput,
|
|
CRMFMACPasswordCallback fn,
|
|
void *arg);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_CertReqMsgSetKeyEnciphermentPOP
|
|
* INPUTS:
|
|
* inCertReqMsg
|
|
* The Certificate Request Message to operate on.
|
|
* inKeyChoice
|
|
* An enumeration indicating which POPOPrivKey Choice to use
|
|
* in constructing the KeyEnciphermentPOP.
|
|
* subseqMess
|
|
* This parameter must be provided iff inKeyChoice is
|
|
* crmfSubsequentMessage. This details how the RA is to respond
|
|
* in order to perform Proof Of Possession. Look in crmft.h under
|
|
* the definition of CRMFSubseqMessOptions for possible values.
|
|
* encPrivKey
|
|
* This parameter only needs to be provided if inKeyChoice is
|
|
* crmfThisMessage. The item should contain the encrypted private
|
|
* key.
|
|
*
|
|
* NOTES:
|
|
* Adds Proof Of Possession using the keyEncipherment field of
|
|
* ProofOfPossession.
|
|
*
|
|
* The funciton looks at the the inKeyChoice parameter and interprets it in
|
|
* in the following manner.
|
|
*
|
|
* If a parameter is not mentioned under interpretation, the funciton will not
|
|
* look at its value when implementing that case.
|
|
*
|
|
* inKeyChoice Interpretation
|
|
* ----------- --------------
|
|
* crmfThisMessage This options requires that the encrypted private key
|
|
* be included in the thisMessage field of POPOPrivKey.
|
|
* We don't support this yet, so any clients who want
|
|
* to use this feature have to implement a wrapping
|
|
* function and agree with the server on how to properly
|
|
* wrap the key. That encrypted key must be passed in
|
|
* as the encPrivKey parameter.
|
|
*
|
|
* crmfSubequentMessage Must pass in a value for subseqMess. The value must
|
|
* be either CRMFEncrCert or CRMFChallengeResp. The
|
|
* parameter encPrivKey will not be looked at in this
|
|
* case.
|
|
*
|
|
* crmfDHMAC This is not a valid option for this function. Passing
|
|
* in this value will result in the function returning
|
|
* SECFailure.
|
|
* RETURN:
|
|
* SECSuccess if adding KeyEnciphermentPOP was successful. Any other return
|
|
* value indicates an error in adding KeyEnciphermentPOP.
|
|
*/
|
|
extern SECStatus
|
|
CRMF_CertReqMsgSetKeyEnciphermentPOP(CRMFCertReqMsg *inCertReqMsg,
|
|
CRMFPOPOPrivKeyChoice inKeyChoice,
|
|
CRMFSubseqMessOptions subseqMess,
|
|
SECItem *encPrivKey);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_CertReqMsgSetKeyAgreementPOP
|
|
* INPUTS:
|
|
* inCertReqMsg
|
|
* The Certificate Request Message to operate on.
|
|
* inKeyChoice
|
|
* An enumeration indicating which POPOPrivKey Choice to use
|
|
* in constructing the KeyAgreementPOP.
|
|
* subseqMess
|
|
* This parameter must be provided iff inKeyChoice is
|
|
* crmfSubsequentMessage. This details how the RA is to respond
|
|
* in order to perform Proof Of Possession. Look in crmft.h under
|
|
* the definition of CRMFSubseqMessOptions for possible values.
|
|
* encPrivKey
|
|
* This parameter only needs to be provided if inKeyChoice is
|
|
* crmfThisMessage. The item should contain the encrypted private
|
|
* key.
|
|
* Adds Proof Of Possession using the keyAgreement field of
|
|
* ProofOfPossession.
|
|
*
|
|
* The funciton looks at the the inKeyChoice parameter and interprets it in
|
|
* in the following manner.
|
|
*
|
|
* If a parameter is not mentioned under interpretation, the funciton will not
|
|
* look at its value when implementing that case.
|
|
*
|
|
* inKeyChoice Interpretation
|
|
* ----------- --------------
|
|
* crmfThisMessage This options requires that the encrypted private key
|
|
* be included in the thisMessage field of POPOPrivKey.
|
|
* We don't support this yet, so any clients who want
|
|
* to use this feature have to implement a wrapping
|
|
* function and agree with the server on how to properly
|
|
* wrap the key. That encrypted key must be passed in
|
|
* as the encPrivKey parameter.
|
|
*
|
|
* crmfSubequentMessage Must pass in a value for subseqMess. The value must
|
|
* be either crmfEncrCert or crmfChallengeResp. The
|
|
* parameter encPrivKey will not be looked at in this
|
|
* case.
|
|
*
|
|
* crmfDHMAC This option is not supported.
|
|
*/
|
|
extern SECStatus
|
|
CRMF_CertReqMsgSetKeyAgreementPOP(CRMFCertReqMsg *inCertReqMsg,
|
|
CRMFPOPOPrivKeyChoice inKeyChoice,
|
|
CRMFSubseqMessOptions subseqMess,
|
|
SECItem *encPrivKey);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_CreateCertReqMsgFromDER
|
|
* INPUTS:
|
|
* buf
|
|
* A buffer to the DER-encoded Certificate Request Message.
|
|
* len
|
|
* The length in bytes of the buffer 'buf'
|
|
* NOTES:
|
|
* This function passes the buffer to the ASN1 decoder and creates a
|
|
* CRMFCertReqMsg structure. Do not try adding any fields to a message
|
|
* returned from this function. Specifically adding more Controls or
|
|
* Extensions may cause your program to crash.
|
|
*
|
|
* RETURN:
|
|
* A pointer to the Certificate Request Message structure. A NULL return
|
|
* value indicates the library was unable to parse the DER.
|
|
*/
|
|
extern CRMFCertReqMsg* CRMF_CreateCertReqMsgFromDER(const char *buf, long len);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_CreateCertReqMessagesFromDER
|
|
* INPUTS:
|
|
* buf
|
|
* A buffer to the DER-encoded Certificate Request Messages.
|
|
* len
|
|
* The length in bytes of buf
|
|
* NOTES:
|
|
* This function passes the buffer to the ASN1 decoder and creates a
|
|
* CRMFCertReqMessages structure. Do not try adding any fields to a message
|
|
* derived from this function. Specifically adding more Controls or
|
|
* Extensions may cause your program to crash.
|
|
* The user must call CRMF_DestroyCertReqMessages after the return value is
|
|
* no longer needed, ie when all individual messages have been extracted.
|
|
*
|
|
* RETURN:
|
|
* A pointer to the Certificate Request Messages structure. A NULL return
|
|
* value indicates the library was unable to parse the DER.
|
|
*/
|
|
extern CRMFCertReqMessages*
|
|
CRMF_CreateCertReqMessagesFromDER(const char *buf, long len);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_DestroyCertReqMessages
|
|
* INPUTS
|
|
* inCertReqMsgs
|
|
* The Messages to destroy.
|
|
* RETURN:
|
|
* SECSuccess if freeing the memory was done successfully. Any other
|
|
* return value indicates an error in freeing up memory.
|
|
*/
|
|
extern SECStatus
|
|
CRMF_DestroyCertReqMessages(CRMFCertReqMessages *inCertReqMsgs);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_CertReqMessagesGetNumMessages
|
|
* INPUTS:
|
|
* inCertReqMsgs
|
|
* The Request Messages to operate on.
|
|
* RETURN:
|
|
* The number of messages contained in the in the Request Messages
|
|
* strucure.
|
|
*/
|
|
extern int
|
|
CRMF_CertReqMessagesGetNumMessages(CRMFCertReqMessages *inCertReqMsgs);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_CertReqMessagesGetCertReqMsgAtIndex
|
|
* INPUTS:
|
|
* inReqMsgs
|
|
* The Certificate Request Messages to operate on.
|
|
* index
|
|
* The index of the single message the user wants a copy of.
|
|
* NOTES:
|
|
* This function returns a copy of the request messages stored at the
|
|
* index corresponding to the parameter 'index'. Indexing of the messages
|
|
* is done in the same manner as a C array. Meaning the valid index are
|
|
* 0...numMessages-1. User must call CRMF_DestroyCertReqMsg when done using
|
|
* the return value of this function.
|
|
*
|
|
* RETURN:
|
|
* SECSuccess if copying the message at the requested index was successful.
|
|
* Any other return value indicates an invalid index or error while copying
|
|
* the single request message.
|
|
*/
|
|
extern CRMFCertReqMsg*
|
|
CRMF_CertReqMessagesGetCertReqMsgAtIndex(CRMFCertReqMessages *inReqMsgs,
|
|
int index);
|
|
|
|
|
|
/*
|
|
* FUNCTION: CRMF_CertReqMsgGetID
|
|
* INPUTS:
|
|
* inCertReqMsg
|
|
* The Certificate Request Message to get the ID from.
|
|
* destID
|
|
* A pointer to where the library can place the ID of the Message.
|
|
* RETURN:
|
|
* SECSuccess if the function was able to retrieve the ID and place it
|
|
* at *destID. Any other return value indicates an error meaning the value
|
|
* in *destId is un-reliable and should not be used by the caller of this
|
|
* function.
|
|
*
|
|
*/
|
|
extern SECStatus CRMF_CertReqMsgGetID(CRMFCertReqMsg *inCertReqMsg,
|
|
long *destID);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_DoesRequestHaveField
|
|
* INPUTS:
|
|
* inCertReq
|
|
* The Certificate Request to operate on.
|
|
* inField
|
|
* An enumeration indicating which filed of the certificate template
|
|
* to look for.
|
|
* NOTES:
|
|
* All the fields in a certificate template are optional. This function
|
|
* checks to see if the requested field is present. Look in crmft.h at the
|
|
* definition of CRMFCertTemplateField for possible values for possible
|
|
* querying.
|
|
*
|
|
* RETURN:
|
|
* PR_TRUE iff the field corresponding to 'inField' has been specified as part
|
|
* of 'inCertReq'
|
|
* PR_FALSE iff the field corresponding to 'inField' has not been speicified
|
|
* as part of 'inCertReq'
|
|
*
|
|
*/
|
|
extern PRBool CRMF_DoesRequestHaveField(CRMFCertRequest *inCertReq,
|
|
CRMFCertTemplateField inField);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_CertReqMsgGetCertRequest
|
|
* INPUTS:
|
|
* inCertReqMsg
|
|
* The Certificate Request Message to operate on.
|
|
* NOTES:
|
|
* This function returns a copy of the Certificate Request to the user.
|
|
* The user can keep adding to this request and then making it a part
|
|
* of another message. After the user no longer wants to use the
|
|
* returned request, the user must call CRMF_DestroyCertRequest and
|
|
* pass it the request returned by this function.
|
|
* RETURN:
|
|
* A pointer to a copy of the certificate request contained by the message.
|
|
* A NULL return value indicates an error occurred while copying the
|
|
* certificate request.
|
|
*/
|
|
extern CRMFCertRequest *
|
|
CRMF_CertReqMsgGetCertRequest(CRMFCertReqMsg *inCertReqMsg);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_CertRequestGetCertTemplateVersion
|
|
* INPUTS:
|
|
* inCertReq
|
|
* The Certificate Request to operate on.
|
|
* version
|
|
* A pointer to where the library can store the version contatined
|
|
* in the certificate template within the certifcate request.
|
|
* RETURN:
|
|
* SECSuccess if the Certificate template contains the version field. In
|
|
* this case, *version will hold the value of the certificate template
|
|
* version.
|
|
* SECFailure indicates that version field was not present as part of
|
|
* of the certificate template.
|
|
*/
|
|
extern SECStatus
|
|
CRMF_CertRequestGetCertTemplateVersion(CRMFCertRequest *inCertReq,
|
|
long *version);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_CertRequestGetCertTemplateSerialNumber
|
|
* INPUTS:
|
|
* inCertReq
|
|
* The certificate request to operate on.
|
|
* serialNumber
|
|
* A pointer where the library can put the serial number contained
|
|
* in the certificate request's certificate template.
|
|
* RETURN:
|
|
* If a serial number exists in the CertTemplate of the request, the function
|
|
* returns SECSuccess and the value at *serialNumber contains the serial
|
|
* number.
|
|
* If no serial number is present, then the function returns SECFailure and
|
|
* the value at *serialNumber is un-changed.
|
|
*/
|
|
extern SECStatus
|
|
CRMF_CertRequestGetCertTemplateSerialNumber(CRMFCertRequest *inCertReq,
|
|
long *serialNumber);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_CertRequestGetCertTemplateSigningAlg
|
|
* INPUT:
|
|
* inCertReq
|
|
* The Certificate Request to operate on.
|
|
* destAlg
|
|
* A Pointer to where the library can place a copy of the signing alg
|
|
* used in the cert request's cert template.
|
|
* RETURN:
|
|
* If the signingAlg is present in the CertRequest's CertTemplate, then
|
|
* the function returns SECSuccess and places a copy of sigingAlg in
|
|
* *destAlg.
|
|
* If no signingAlg is present, then the function returns SECFailure and
|
|
* the value at *destAlg is un-changed
|
|
*/
|
|
extern SECStatus
|
|
CRMF_CertRequestGetCertTemplateSigningAlg(CRMFCertRequest *inCertReq,
|
|
SECAlgorithmID *destAlg);
|
|
/*
|
|
* FUNCTION: CRMF_CertRequestGetCertTemplateIssuer
|
|
* INPUTS:
|
|
* inCertReq
|
|
* The Certificate Request to operate on.
|
|
* destIssuer
|
|
* A pointer to where the library can place a copy of the cert
|
|
* request's cert template issuer field.
|
|
* RETURN:
|
|
* If the issuer is present in the cert request cert template, the function
|
|
* returns SECSuccess and places a copy of the issuer in *destIssuer.
|
|
* If there is no issuer present, the funciton returns SECFailure and the
|
|
* value at *destIssuer is unchanged.
|
|
*/
|
|
extern SECStatus
|
|
CRMF_CertRequestGetCertTemplateIssuer(CRMFCertRequest *inCertReq,
|
|
CERTName *destIssuer);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_CertRequestGetCertTemplateValidity
|
|
* INPUTS:
|
|
* inCertReq
|
|
* The Certificate Request to operate on.
|
|
* destValdity
|
|
* A pointer to where the library can place a copy of the validity
|
|
* info in the cert request cert template.
|
|
* NOTES:
|
|
* Pass the pointer to
|
|
* RETURN:
|
|
* If there is an OptionalValidity field, the function will return SECSuccess
|
|
* and place the appropriate values in *destValidity->notBefore and
|
|
* *destValidity->notAfter. (Each field is optional, but at least one will
|
|
* be present if the function returns SECSuccess)
|
|
*
|
|
* If there is no OptionalValidity field, the function will return SECFailure
|
|
* and the values at *destValidity will be un-changed.
|
|
*/
|
|
extern SECStatus
|
|
CRMF_CertRequestGetCertTemplateValidity(CRMFCertRequest *inCertReq,
|
|
CRMFGetValidity *destValidity);
|
|
/*
|
|
* FUNCTION: CRMF_DestroyGetValidity
|
|
* INPUTS:
|
|
* inValidity
|
|
* A pointer to the memroy to be freed.
|
|
* NOTES:
|
|
* The function will free the memory allocated by the function
|
|
* CRMF_CertRequestGetCertTemplateValidity. That means only memory pointed
|
|
* to within the CRMFGetValidity structure. Since
|
|
* CRMF_CertRequestGetCertTemplateValidity does not allocate memory for the
|
|
* structure passed into it, it will not free it. Meaning this function will
|
|
* free the memory at inValidity->notBefore and inValidity->notAfter, but not
|
|
* the memory directly at inValdity.
|
|
*
|
|
* RETURN:
|
|
* SECSuccess if freeing the memory was successful. Any other return value
|
|
* indicates an error while freeing the memory.
|
|
*/
|
|
extern SECStatus
|
|
CRMF_DestroyGetValidity(CRMFGetValidity *inValidity);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_CertRequestGetCertTemplateSubject
|
|
* INPUTS:
|
|
* inCertReq
|
|
* The Certificate Request to operate on.
|
|
* destSubject
|
|
* A pointer to where the library can place a copy of the subject
|
|
* contained in the request's cert template.
|
|
* RETURN:
|
|
* If there is a subject in the CertTemplate, then the function returns
|
|
* SECSuccess and a copy of the subject is placed in *destSubject.
|
|
*
|
|
* If there is no subject, the function returns SECFailure and the values at
|
|
* *destSubject is unchanged.
|
|
*/
|
|
extern SECStatus
|
|
CRMF_CertRequestGetCertTemplateSubject (CRMFCertRequest *inCertReq,
|
|
CERTName *destSubject);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_CertRequestGetCertTemplatePublicKey
|
|
* INPUTS:
|
|
* inCertReq
|
|
* The Cert request to operate on.
|
|
* destPublicKey
|
|
* A pointer to where the library can place a copy of the request's
|
|
* cert template public key.
|
|
* RETURN:
|
|
* If there is a publicKey parameter in the CertRequest, the function returns
|
|
* SECSuccess, and places a copy of the publicKey in *destPublicKey.
|
|
*
|
|
* If there is no publicKey, the function returns SECFailure and the value
|
|
* at *destPublicKey is un-changed.
|
|
*/
|
|
extern SECStatus
|
|
CRMF_CertRequestGetCertTemplatePublicKey(CRMFCertRequest *inCertReq,
|
|
CERTSubjectPublicKeyInfo *destPublicKey);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_CertRequestGetCertTemplateIssuerUID
|
|
* INPUTS:
|
|
* inCertReq
|
|
* The Cert request to operate on.
|
|
* destIssuerUID
|
|
* A pointer to where the library can store a copy of the request's
|
|
* cert template destIssuerUID.
|
|
*
|
|
* NOTES:
|
|
* destIssuerUID is a bit string and will be returned in a SECItem as
|
|
* a bit string. Meaning the len field contains the number of valid bits as
|
|
* opposed to the number of bytes allocated.
|
|
*
|
|
* RETURN:
|
|
* If the CertTemplate has an issuerUID, the function returns SECSuccess and
|
|
* places a copy of the issuerUID in *destIssuerUID.
|
|
*
|
|
* If there is no issuerUID, the function returns SECFailure and the value
|
|
* *destIssuerUID is unchanged.
|
|
*/
|
|
extern SECStatus
|
|
CRMF_CertRequestGetCertTemplateIssuerUID(CRMFCertRequest *inCertReq,
|
|
SECItem *destIssuerUID);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_CertRequestGetCertTemplateSubjectUID
|
|
* inCertReq
|
|
* The Cert request to operate on.
|
|
* destSubjectUID
|
|
* A pointer to where the library can store a copy of the request's
|
|
* cert template destIssuerUID.
|
|
*
|
|
* NOTES:
|
|
* destSubjectUID is a bit string and will be returned in a SECItem as
|
|
* a bit string. Meaning the len field contains the number of valid bits as
|
|
* opposed to the number of bytes allocated.
|
|
*
|
|
* RETURN:
|
|
* If the CertTemplate has an issuerUID, the function returns SECSuccess and
|
|
* places a copy of the issuerUID in *destIssuerUID.
|
|
*
|
|
* If there is no issuerUID, the function returns SECSuccess and the value
|
|
* *destIssuerUID is unchanged.
|
|
*/
|
|
extern SECStatus CRMF_GetCertTemplateSubjectUID(CRMFCertRequest *inCertReq,
|
|
SECItem *destSubjectUID);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_CertRequestGetNumberOfExtensions
|
|
* INPUTS:
|
|
* inCertReq
|
|
* The cert request to operate on.
|
|
* RETURN:
|
|
* Returns the number of extensions contained by the Cert Request.
|
|
*/
|
|
extern int CRMF_CertRequestGetNumberOfExtensions(CRMFCertRequest *inCertReq);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_CertRequestGetExtensionAtIndex
|
|
* INPUTS:
|
|
* inCertReq
|
|
* The Certificate request to operate on.
|
|
* index
|
|
* The index of the extension array whihc the user wants to access.
|
|
* NOTES:
|
|
* This function retrieves the extension at the index corresponding to the
|
|
* parameter "index" indicates. Indexing is done like a C array.
|
|
* (0 ... numElements-1)
|
|
*
|
|
* Call CRMF_DestroyCertExtension when done using the return value.
|
|
*
|
|
* RETURN:
|
|
* A pointer to a copy of the extension at the desired index. A NULL
|
|
* return value indicates an invalid index or an error while copying
|
|
* the extension.
|
|
*/
|
|
extern CRMFCertExtension *
|
|
CRMF_CertRequestGetExtensionAtIndex(CRMFCertRequest *inCertReq,
|
|
int index);
|
|
/*
|
|
* FUNCTION: CRMF_CertExtensionGetOidTag
|
|
* INPUTS:
|
|
* inExtension
|
|
|
|
* The extension to operate on.
|
|
* RETURN:
|
|
* Returns the SECOidTag associated with the cert extension passed in.
|
|
*/
|
|
extern SECOidTag CRMF_CertExtensionGetOidTag(CRMFCertExtension *inExtension);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_CertExtensionGetIsCritical
|
|
* INPUT:
|
|
* inExt
|
|
* The cert extension to operate on.
|
|
*
|
|
* RETURN:
|
|
* PR_TRUE if the extension is critical.
|
|
* PR_FALSE if the extension is not critical.
|
|
*/
|
|
extern PRBool CRMF_CertExtensionGetIsCritical(CRMFCertExtension *inExt);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_CertExtensionGetValue
|
|
* INPUT:
|
|
* inExtension
|
|
* The extension to operate on.
|
|
* NOTES:
|
|
* Caller is responsible for freeing the memory associated with the return
|
|
* value. Call SECITEM_FreeItem(retVal, PR_TRUE) when done using the return
|
|
* value.
|
|
*
|
|
* RETURN:
|
|
* A pointer to an item containig the value for the certificate extension.
|
|
* A NULL return value indicates an error in copying the information.
|
|
*/
|
|
extern SECItem* CRMF_CertExtensionGetValue(CRMFCertExtension *inExtension);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_CertReqMsgGetPOPOSigningKey
|
|
* INPUTS:
|
|
* inCertReqMsg
|
|
* The certificate request message to operate on.
|
|
* destKey
|
|
* A pointer to where the library can place a pointer to
|
|
* a copy of the Proof Of Possession Signing Key used
|
|
* by the message.
|
|
*
|
|
* RETURN:
|
|
* Get the POPOSigningKey associated with this CRMFCertReqMsg.
|
|
* If the CertReqMsg does not have a pop, the function returns
|
|
* SECFailure and the value at *destKey is un-changed..
|
|
*
|
|
* If the CertReqMsg does have a pop, then the CertReqMsg's
|
|
* POPOSigningKey will be placed at *destKey.
|
|
*/
|
|
extern SECStatus
|
|
CRMF_CertReqMsgGetPOPOSigningKey(CRMFCertReqMsg *inCertReqMsg,
|
|
CRMFPOPOSigningKey **destKey);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_DestroyPOPOSigningKey
|
|
* INPUTS:
|
|
* inKey
|
|
* The signing key to free.
|
|
*
|
|
* RETURN:
|
|
* SECSuccess if freeing the memory was successful. Any other return value
|
|
* indicates an error while freeing memory.
|
|
*/
|
|
extern SECStatus CRMF_DestroyPOPOSigningKey (CRMFPOPOSigningKey *inKey);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_POPOSigningKeyGetAlgID
|
|
* INPUTS:
|
|
* inSignKey
|
|
* The Signing Key to operate on.
|
|
* RETURN:
|
|
* Return the algorithmID used by the CRMFPOPOSigningKey. User must
|
|
* call SECOID_DestroyAlgorithmID(destID, PR_TRUE) when done using the
|
|
* return value.
|
|
*/
|
|
extern SECAlgorithmID*
|
|
CRMF_POPOSigningKeyGetAlgID(CRMFPOPOSigningKey *inSignKey);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_POPOSigningKeyGetSignature
|
|
* INPUTS:
|
|
* inSignKey
|
|
* The Signing Key to operate on.
|
|
*
|
|
* RETURN:
|
|
* Get the actual signature stored away in the CRMFPOPOSigningKey. SECItem
|
|
* returned is a BIT STRING, so the len field is the number of bits as opposed
|
|
* to the total number of bytes allocatd. User must call
|
|
* SECITEM_FreeItem(retVal,PR_TRUE) when done using the return value.
|
|
*/
|
|
extern SECItem* CRMF_POPOSigningKeyGetSignature(CRMFPOPOSigningKey *inSignKey);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_POPOSigningKeyGetInput
|
|
* INPUTS:
|
|
* inSignKey
|
|
* The Signing Key to operate on.
|
|
* NOTES:
|
|
* This function will return the der encoded input that was read in while
|
|
* decoding. The API does not support this option when creating, so you
|
|
* cannot add this field.
|
|
*
|
|
* RETURN:
|
|
* Get the poposkInput that is part of the of the POPOSigningKey. If the
|
|
* optional field is not part of the POPOSigningKey, the function returns
|
|
* NULL.
|
|
*
|
|
* If the optional field is part of the POPOSingingKey, the function will
|
|
* return a copy of the der encoded poposkInput.
|
|
*/
|
|
extern SECItem* CRMF_POPOSigningKeyGetInput(CRMFPOPOSigningKey *inSignKey);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_CertReqMsgGetPOPKeyEncipherment
|
|
* INPUTS:
|
|
* inCertReqMsg
|
|
* The certificate request message to operate on.
|
|
* destKey
|
|
* A pointer to where the library can place a pointer to a
|
|
* copy of the POPOPrivKey representing Key Encipherment
|
|
* Proof of Possession.
|
|
*NOTES:
|
|
* This function gets the POPOPrivKey associated with this CRMFCertReqMsg
|
|
* for Key Encipherment.
|
|
*
|
|
* RETURN:
|
|
* If the CertReqMsg did not use Key Encipherment for Proof Of Possession, the
|
|
* function returns SECFailure and the value at *destKey is un-changed.
|
|
*
|
|
* If the CertReqMsg did use Key Encipherment for ProofOfPossession, the
|
|
* function returns SECSuccess and places the POPOPrivKey representing the
|
|
* Key Encipherment Proof Of Possessin at *destKey.
|
|
*/
|
|
extern SECStatus
|
|
CRMF_CertReqMsgGetPOPKeyEncipherment(CRMFCertReqMsg *inCertReqMsg,
|
|
CRMFPOPOPrivKey **destKey);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_CertReqMsgGetPOPKeyAgreement
|
|
* INPUTS:
|
|
* inCertReqMsg
|
|
* The certificate request message to operate on.
|
|
* destKey
|
|
* A pointer to where the library can place a pointer to a
|
|
* copy of the POPOPrivKey representing Key Agreement
|
|
* Proof of Possession.
|
|
* NOTES:
|
|
* This function gets the POPOPrivKey associated with this CRMFCertReqMsg for
|
|
* Key Agreement.
|
|
*
|
|
* RETURN:
|
|
* If the CertReqMsg used Key Agreement for Proof Of Possession, the
|
|
* function returns SECSuccess and the POPOPrivKey for Key Agreement
|
|
* is placed at *destKey.
|
|
*
|
|
* If the CertReqMsg did not use Key Agreement for Proof Of Possession, the
|
|
* function return SECFailure and the value at *destKey is unchanged.
|
|
*/
|
|
extern SECStatus
|
|
CRMF_CertReqMsgGetPOPKeyAgreement(CRMFCertReqMsg *inCertReqMsg,
|
|
CRMFPOPOPrivKey **destKey);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_DestroyPOPOPrivKey
|
|
* INPUTS:
|
|
* inPrivKey
|
|
* The POPOPrivKey to destroy.
|
|
* NOTES:
|
|
* Destroy a structure allocated by CRMF_GetPOPKeyEncipherment or
|
|
* CRMF_GetPOPKeyAgreement.
|
|
*
|
|
* RETURN:
|
|
* SECSuccess on successful destruction of the POPOPrivKey.
|
|
* Any other return value indicates an error in freeing the
|
|
* memory.
|
|
*/
|
|
extern SECStatus CRMF_DestroyPOPOPrivKey(CRMFPOPOPrivKey *inPrivKey);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_POPOPrivKeyGetChoice
|
|
* INPUT:
|
|
* inKey
|
|
* The POPOPrivKey to operate on.
|
|
* RETURN:
|
|
* Returns which choice was used in constructing the POPPOPrivKey. Look at
|
|
* the definition of CRMFPOPOPrivKeyChoice in crmft.h for the possible return
|
|
* values.
|
|
*/
|
|
extern CRMFPOPOPrivKeyChoice CRMF_POPOPrivKeyGetChoice(CRMFPOPOPrivKey *inKey);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_POPOPrivKeyGetThisMessage
|
|
* INPUTS:
|
|
* inKey
|
|
* The POPOPrivKey to operate on.
|
|
* destString
|
|
* A pointer to where the library can place a copy of the This Message
|
|
* field stored in the POPOPrivKey
|
|
*
|
|
* RETURN:
|
|
* Returns the field thisMessage from the POPOPrivKey.
|
|
* If the POPOPrivKey did not use the field thisMessage, the function
|
|
* returns SECFailure and the value at *destString is unchanged.
|
|
*
|
|
* If the POPOPrivKey did use the field thisMessage, the function returns
|
|
* SECSuccess and the BIT STRING representing thisMessage is placed
|
|
* at *destString. BIT STRING representation means the len field is the
|
|
* number of valid bits as opposed to the total number of bytes.
|
|
*/
|
|
extern SECStatus CRMF_POPOPrivKeyGetThisMessage(CRMFPOPOPrivKey *inKey,
|
|
SECItem *destString);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_POPOPrivKeyGetSubseqMess
|
|
* INPUTS:
|
|
* inKey
|
|
* The POPOPrivKey to operate on.
|
|
* destOpt
|
|
* A pointer to where the library can place the value of the
|
|
* Subsequent Message option used by POPOPrivKey.
|
|
*
|
|
* RETURN:
|
|
* Retrieves the field subsequentMessage from the POPOPrivKey.
|
|
* If the POPOPrivKey used the subsequentMessage option, the function
|
|
* returns SECSuccess and places the appropriate enumerated value at
|
|
* *destMessageOption.
|
|
*
|
|
* If the POPOPrivKey did not use the subsequenMessage option, the function
|
|
* returns SECFailure and the value at *destOpt is un-changed.
|
|
*/
|
|
extern SECStatus CRMF_POPOPrivKeyGetSubseqMess(CRMFPOPOPrivKey *inKey,
|
|
CRMFSubseqMessOptions *destOpt);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_POPOPrivKeyGetDHMAC
|
|
* INPUTS:
|
|
* inKey
|
|
* The POPOPrivKey to operate on.
|
|
* destMAC
|
|
* A pointer to where the library can place a copy of the dhMAC
|
|
* field of the POPOPrivKey.
|
|
*
|
|
* NOTES:
|
|
* Returns the field dhMAC from the POPOPrivKey. The populated SECItem
|
|
* is in BIT STRING format.
|
|
*
|
|
* RETURN:
|
|
* If the POPOPrivKey used the dhMAC option, the function returns SECSuccess
|
|
* and the BIT STRING for dhMAC will be placed at *destMAC. The len field in
|
|
* destMAC (ie destMAC->len) will be the valid number of bits as opposed to
|
|
* the number of allocated bytes.
|
|
*
|
|
* If the POPOPrivKey did not use the dhMAC option, the function returns
|
|
* SECFailure and the value at *destMAC is unchanged.
|
|
*
|
|
*/
|
|
extern SECStatus CRMF_POPOPrivKeyGetDHMAC(CRMFPOPOPrivKey *inKey,
|
|
SECItem *destMAC);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_CertRequestGetNumControls
|
|
* INPUTS:
|
|
* inCertReq
|
|
* The Certificate Request to operate on.
|
|
* RETURN:
|
|
* Returns the number of Controls registered with this CertRequest.
|
|
*/
|
|
extern int CRMF_CertRequestGetNumControls (CRMFCertRequest *inCertReq);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_CertRequestGetControlAtIndex
|
|
* INPUTS:
|
|
* inCertReq
|
|
* The certificate request to operate on.
|
|
* index
|
|
* The index of the control the user wants a copy of.
|
|
* NOTES:
|
|
* Function retrieves the Control at located at index. The Controls
|
|
* are numbered like a traditional C array (0 ... numElements-1)
|
|
*
|
|
* RETURN:
|
|
* Returns a copy of the control at the index specified. This is a copy
|
|
* so the user must call CRMF_DestroyControl after the return value is no
|
|
* longer needed. A return value of NULL indicates an error while copying
|
|
* the control or that the index was invalid.
|
|
*/
|
|
extern CRMFControl*
|
|
CRMF_CertRequestGetControlAtIndex(CRMFCertRequest *inCertReq,
|
|
int index);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_DestroyControl
|
|
* INPUTS:
|
|
* inControl
|
|
* The Control to destroy.
|
|
* NOTES:
|
|
* Destroy a CRMFControl allocated by CRMF_GetControlAtIndex.
|
|
*
|
|
* RETURN:
|
|
* SECSuccess if freeing the memory was successful. Any other return
|
|
* value indicates an error while freeing the memory.
|
|
*/
|
|
extern SECStatus CRMF_DestroyControl(CRMFControl *inControl);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_ControlGetControlType
|
|
* INPUTS:
|
|
* inControl
|
|
* The control to operate on.
|
|
* NOTES:
|
|
* The function returns an enumertion which indicates the type of control
|
|
* 'inControl'.
|
|
*
|
|
* RETURN:
|
|
* Look in crmft.h at the definition of the enumerated type CRMFControlType
|
|
* for the possible return values.
|
|
*/
|
|
extern CRMFControlType CRMF_ControlGetControlType(CRMFControl *inControl);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_ControlGetRegTokenControlValue
|
|
* INPUTS:
|
|
* inControl
|
|
* The Control to operate on.
|
|
* NOTES:
|
|
* The user must call SECITEM_FreeItem passing in the return value
|
|
* after the returnvalue is no longer needed.
|
|
|
|
* RETURN:
|
|
* Return the value for a Registration Token Control.
|
|
* The SECItem returned should be in UTF8 format. A NULL
|
|
* return value indicates there was no Registration Control associated
|
|
* with the Control.
|
|
* (This library will not verify format. It assumes the client properly
|
|
* formatted the strings when adding it or the message decoded was properly
|
|
* formatted. The library will just give back the bytes it was given.)
|
|
*/
|
|
extern SECItem* CRMF_ControlGetRegTokenControlValue(CRMFControl *inControl);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_ControlGetAuthenticatorControlValue
|
|
* INPUTS:
|
|
* inControl
|
|
* The Control to operate on.
|
|
* NOTES:
|
|
* The user must call SECITEM_FreeItem passing in the return value
|
|
* after the returnvalue is no longer needed.
|
|
*
|
|
* RETURN:
|
|
* Return the value for the Authenticator Control.
|
|
* The SECItem returned should be in UTF8 format. A NULL
|
|
* return value indicates there was no Authenticator Control associated
|
|
* with the CRMFControl..
|
|
* (This library will not verify format. It assumes the client properly
|
|
* formatted the strings when adding it or the message decoded was properly
|
|
* formatted. The library will just give back the bytes it was given.)
|
|
*/
|
|
extern SECItem* CRMF_ControlGetAuthicatorControlValue(CRMFControl *inControl);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_ControlGetPKIArchiveOptions
|
|
* INPUTS:inControl
|
|
* The Control tooperate on.
|
|
* NOTES:
|
|
* This function returns a copy of the PKIArchiveOptions. The user must call
|
|
* the function CRMF_DestroyPKIArchiveOptions when the return value is no
|
|
* longer needed.
|
|
*
|
|
* RETURN:
|
|
* Get the PKIArchiveOptions associated with the Control. A return
|
|
* value of NULL indicates the Control was not a PKIArchiveOptions
|
|
* Control.
|
|
*/
|
|
extern CRMFPKIArchiveOptions*
|
|
CRMF_ControlGetPKIArchiveOptions(CRMFControl *inControl);
|
|
|
|
/*
|
|
* FUNCTION: CMRF_DestroyPKIArchiveOptions
|
|
* INPUTS:
|
|
* inOptions
|
|
* The ArchiveOptions to destroy.
|
|
* NOTE:
|
|
* Destroy the CRMFPKIArchiveOptions structure.
|
|
*
|
|
* RETURN:
|
|
* SECSuccess if successful in freeing all the memory associated with
|
|
* the PKIArchiveOptions. Any other return value indicates an error while
|
|
* freeing the PKIArchiveOptions.
|
|
*/
|
|
extern SECStatus
|
|
CRMF_DestroyPKIArchiveOptions(CRMFPKIArchiveOptions *inOptions);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_PKIArchiveOptionsGetOptionType
|
|
* INPUTS:
|
|
* inOptions
|
|
* The PKIArchiveOptions to operate on.
|
|
* RETURN:
|
|
* Returns the choice used for the PKIArchiveOptions. Look at the definition
|
|
* of CRMFPKIArchiveOptionsType in crmft.h for possible return values.
|
|
*/
|
|
extern CRMFPKIArchiveOptionsType
|
|
CRMF_PKIArchiveOptionsGetOptionType(CRMFPKIArchiveOptions *inOptions);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_PKIArchiveOptionsGetEncryptedPrivKey
|
|
* INPUTS:
|
|
* inOpts
|
|
* The PKIArchiveOptions to operate on.
|
|
*
|
|
* NOTES:
|
|
* The user must call CRMF_DestroyEncryptedKey when done using this return
|
|
* value.
|
|
*
|
|
* RETURN:
|
|
* Get the encryptedPrivKey field of the PKIArchiveOptions structure.
|
|
* A return value of NULL indicates that encryptedPrivKey was not used as
|
|
* the choice for this PKIArchiveOptions.
|
|
*/
|
|
extern CRMFEncryptedKey*
|
|
CRMF_PKIArchiveOptionsGetEncryptedPrivKey(CRMFPKIArchiveOptions *inOpts);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_EncryptedKeyGetChoice
|
|
* INPUTS:
|
|
* inEncrKey
|
|
* The EncryptedKey to operate on.
|
|
*
|
|
* NOTES:
|
|
* Get the choice used for representing the EncryptedKey.
|
|
*
|
|
* RETURN:
|
|
* Returns the Choice used in representing the EncryptedKey. Look in
|
|
* crmft.h at the definition of CRMFEncryptedKeyChoice for possible return
|
|
* values.
|
|
*/
|
|
extern CRMFEncryptedKeyChoice
|
|
CRMF_EncryptedKeyGetChoice(CRMFEncryptedKey *inEncrKey);
|
|
|
|
|
|
/*
|
|
* FUNCTION: CRMF_EncryptedKeyGetEncryptedValue
|
|
* INPUTS:
|
|
* inKey
|
|
* The EncryptedKey to operate on.
|
|
*
|
|
* NOTES:
|
|
* The user must call CRMF_DestroyEncryptedValue passing in
|
|
* CRMF_GetEncryptedValue's return value.
|
|
*
|
|
* RETURN:
|
|
* A pointer to a copy of the EncryptedValue contained as a member of
|
|
* the EncryptedKey.
|
|
*/
|
|
extern CRMFEncryptedValue*
|
|
CRMF_EncryptedKeyGetEncryptedValue(CRMFEncryptedKey *inKey);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_DestroyEncryptedValue
|
|
* INPUTS:
|
|
* inEncrValue
|
|
* The EncryptedValue to destroy.
|
|
*
|
|
* NOTES:
|
|
* Free up all memory associated with 'inEncrValue'.
|
|
*
|
|
* RETURN:
|
|
* SECSuccess if freeing up the memory associated with the EncryptedValue
|
|
* is successful. Any other return value indicates an error while freeing the
|
|
* memory.
|
|
*/
|
|
extern SECStatus CRMF_DestroyEncryptedValue(CRMFEncryptedValue *inEncrValue);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_EncryptedValueGetEncValue
|
|
* INPUTS:
|
|
* inEncValue
|
|
* The EncryptedValue to operate on.
|
|
* NOTES:
|
|
* Function retrieves the encValue from an EncryptedValue structure.
|
|
*
|
|
* RETURN:
|
|
* A poiner to a SECItem containing the encValue of the EncryptedValue
|
|
* structure. The return value is in BIT STRING format, meaning the
|
|
* len field of the return structure represents the number of valid bits
|
|
* as opposed to the allocated number of bytes.
|
|
* ANULL return value indicates an error in copying the encValue field.
|
|
*/
|
|
extern SECItem* CRMF_EncryptedValueGetEncValue(CRMFEncryptedValue *inEncValue);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_EncryptedValueGetIntendedAlg
|
|
* INPUTS
|
|
* inEncValue
|
|
* The EncryptedValue to operate on.
|
|
* NOTES:
|
|
* Retrieve the IntendedAlg field from the EncryptedValue structure.
|
|
* Call SECOID_DestroyAlgorithmID (destAlgID, PR_TRUE) after done using
|
|
* the return value. When present, this alogorithm is the alogrithm for
|
|
* which the private key will be used.
|
|
*
|
|
* RETURN:
|
|
* A Copy of the intendedAlg field. A NULL return value indicates the
|
|
* optional field was not present in the structure.
|
|
*/
|
|
extern SECAlgorithmID*
|
|
CRMF_EncryptedValueGetIntendedAlg(CRMFEncryptedValue *inEncValue);
|
|
|
|
|
|
/*
|
|
* FUNCTION: CRMF_EncryptedValueGetSymmAlg
|
|
* INPUTS
|
|
* inEncValue
|
|
* The EncryptedValue to operate on.
|
|
* NOTES:
|
|
* Retrieve the symmAlg field from the EncryptedValue structure.
|
|
* Call SECOID_DestroyAlgorithmID (destAlgID, PR_TRUE) after done using
|
|
* the return value. When present, this is algorithm used to
|
|
* encrypt the encValue of the EncryptedValue.
|
|
*
|
|
* RETURN:
|
|
* A Copy of the symmAlg field. A NULL return value indicates the
|
|
* optional field was not present in the structure.
|
|
*/
|
|
extern SECAlgorithmID*
|
|
CRMF_EncryptedValueGetSymmAlg(CRMFEncryptedValue *inEncValue);
|
|
|
|
|
|
/*
|
|
* FUNCTION: CRMF_EncryptedValueGetKeyAlg
|
|
* INPUTS
|
|
* inEncValue
|
|
* The EncryptedValue to operate on.
|
|
* NOTES:
|
|
* Retrieve the keyAlg field from the EncryptedValue structure.
|
|
* Call SECOID_DestroyAlgorithmID (destAlgID, PR_TRUE) after done using
|
|
* the return value. When present, this is the algorithm used to encrypt
|
|
* the symmetric key in the encSymmKey field of the EncryptedValue structure.
|
|
*
|
|
* RETURN:
|
|
* A Copy of the keyAlg field. A NULL return value indicates the
|
|
* optional field was not present in the structure.
|
|
*/
|
|
extern SECAlgorithmID*
|
|
CRMF_EncryptedValueGetKeyAlg(CRMFEncryptedValue *inEncValue);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_EncryptedValueGetValueHint
|
|
* INPUTS:
|
|
* inEncValue
|
|
* The EncryptedValue to operate on.
|
|
*
|
|
* NOTES:
|
|
* Return a copy of the der-encoded value hint.
|
|
* User must call SECITEM_FreeItem(retVal, PR_TRUE) when done using the
|
|
* return value. When, present, this is a value that the client which
|
|
* originally issued a certificate request can use to reproduce any data
|
|
* it wants. The RA does not know how to interpret this data.
|
|
*
|
|
* RETURN:
|
|
* A copy of the valueHint field of the EncryptedValue. A NULL return
|
|
* value indicates the optional valueHint field is not present in the
|
|
* EncryptedValue.
|
|
*/
|
|
extern SECItem*
|
|
CRMF_EncryptedValueGetValueHint(CRMFEncryptedValue *inEncValue);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_EncrypteValueGetEncSymmKey
|
|
* INPUTS:
|
|
* inEncValue
|
|
* The EncryptedValue to operate on.
|
|
*
|
|
* NOTES:
|
|
* Return a copy of the encSymmKey field. This field is the encrypted
|
|
* symmetric key that the client uses in doing Public Key wrap of a private
|
|
* key. When present, this is the symmetric key that was used to wrap the
|
|
* private key. (The encrypted private key will be stored in encValue
|
|
* of the same EncryptedValue structure.) The user must call
|
|
* SECITEM_FreeItem(retVal, PR_TRUE) when the return value is no longer
|
|
* needed.
|
|
*
|
|
* RETURN:
|
|
* A copy of the optional encSymmKey field of the EncryptedValue structure.
|
|
* The return value will be in BIT STRING format, meaning the len field will
|
|
* be the number of valid bits as opposed to the number of bytes. A return
|
|
* value of NULL means the optional encSymmKey field was not present in
|
|
* the EncryptedValue structure.
|
|
*/
|
|
extern SECItem*
|
|
CRMF_EncryptedValueGetEncSymmKey(CRMFEncryptedValue *inEncValue);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_PKIArchiveOptionsGetKeyGenParameters
|
|
* INPUTS:
|
|
* inOptions
|
|
* The PKiArchiveOptions to operate on.
|
|
*
|
|
* NOTES:
|
|
* User must call SECITEM_FreeItem(retVal, PR_TRUE) after the return
|
|
* value is no longer needed.
|
|
*
|
|
* RETURN:
|
|
* Get the keyGenParameters field of the PKIArchiveOptions.
|
|
* A NULL return value indicates that keyGenParameters was not
|
|
* used as the choice for this PKIArchiveOptions.
|
|
*
|
|
* The SECItem returned is in BIT STRING format (ie, the len field indicates
|
|
* number of valid bits as opposed to allocated number of bytes.)
|
|
*/
|
|
extern SECItem*
|
|
CRMF_PKIArchiveOptionsGetKeyGenParameters(CRMFPKIArchiveOptions *inOptions);
|
|
|
|
/*
|
|
* FUNCTION: CRMF_PKIArchiveOptionsGetArchiveRemGenPrivKey
|
|
* INPUTS:
|
|
* inOpt
|
|
* The PKIArchiveOptions to operate on.
|
|
* destVal
|
|
* A pointer to where the library can place the value for
|
|
* arciveRemGenPrivKey
|
|
* RETURN:
|
|
* If the PKIArchiveOptions used the archiveRemGenPrivKey field, the
|
|
* function returns SECSuccess and fills the value at *destValue with either
|
|
* PR_TRUE or PR_FALSE, depending on what the PKIArchiveOptions has as a
|
|
* value.
|
|
*
|
|
* If the PKIArchiveOptions does not use the archiveRemGenPrivKey field, the
|
|
* function returns SECFailure and the value at *destValue is unchanged.
|
|
*/
|
|
extern SECStatus
|
|
CRMF_PKIArchiveOptionsGetArchiveRemGenPrivKey(CRMFPKIArchiveOptions *inOpt,
|
|
PRBool *destVal);
|
|
|
|
/* Helper functions that can be used by other libraries. */
|
|
/*
|
|
* A quick helper funciton to get the best wrap mechanism.
|
|
*/
|
|
extern CK_MECHANISM_TYPE CRMF_GetBestWrapPadMechanism(PK11SlotInfo *slot);
|
|
|
|
/*
|
|
* A helper function to get a randomly generated IV from a mechanism
|
|
* type.
|
|
*/
|
|
extern SECItem* CRMF_GetIVFromMechanism(CK_MECHANISM_TYPE mechType);
|
|
|
|
SEC_END_PROTOS
|
|
#endif /*_CRMF_H_*/
|
|
|
|
|