diff options
author | Rob Crittenden <rcritten@redhat.com> | 2009-05-22 17:56:11 -0400 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2009-05-22 17:56:11 -0400 |
commit | 5409801c7195dc38665ec4e29c233bf1e9ea53e7 (patch) | |
tree | 38476d28439a07c4a47bd3e7ba84a9a188e404cb /ckpem.h | |
download | pemnss-5409801c7195dc38665ec4e29c233bf1e9ea53e7.tar.gz pemnss-5409801c7195dc38665ec4e29c233bf1e9ea53e7.tar.xz pemnss-5409801c7195dc38665ec4e29c233bf1e9ea53e7.zip |
Initial import of code. This is equivalent to the 20080124 tarball in
the Fedora nss package tree.
Diffstat (limited to 'ckpem.h')
-rw-r--r-- | ckpem.h | 239 |
1 files changed, 239 insertions, 0 deletions
@@ -0,0 +1,239 @@ +#include "nssckmdt.h" +#include "nssckfw.h" +#include "ckfwtm.h" +#include "ckfw.h" +#include "secder.h" +#include "secoid.h" +#include "secasn1.h" +#include "blapit.h" +#include "softoken.h" + +/* + * I'm including this for access to the arena functions. + * Looks like we should publish that API. + */ +#ifndef BASE_H +#include "base.h" +#endif /* BASE_H */ + +/* + * This is where the Netscape extensions live, at least for now. + */ +#ifndef CKT_H +#include "ckt.h" +#endif /* CKT_H */ + +#define NUM_SLOTS 8 + +/* + * statically defined raw objects. Allows us to data description objects + * to this PKCS #11 module. + */ +struct pemRawObjectStr { + CK_ULONG n; + const CK_ATTRIBUTE_TYPE *types; + const NSSItem *items; +}; +typedef struct pemRawObjectStr pemRawObject; + +/* + * common values needed for both bare keys and cert referenced keys. + */ +struct pemKeyParamsStr { + NSSItem modulus; + NSSItem exponent; + NSSItem privateExponent; + NSSItem prime1; + NSSItem prime2; + NSSItem exponent1; + NSSItem exponent2; + NSSItem coefficient; + unsigned char publicExponentData[sizeof(CK_ULONG)]; + SECItem *privateKey; + void *pubKey; +}; +typedef struct pemKeyParamsStr pemKeyParams; +/* + * Key objects. Handles bare keys which do not yet have certs associated + * with them. These are usually short lived, but may exist for several days + * while the CA is issuing the certificate. + */ +struct pemKeyObjectStr { + char *provName; + char *containerName; + pemKeyParams key; + char *ivstring; + int cipher; +}; +typedef struct pemKeyObjectStr pemKeyObject; + +/* + * Certificate and certificate referenced keys. + */ +struct pemCertObjectStr { + const char *certStore; + NSSItem label; + NSSItem subject; + NSSItem issuer; + NSSItem serial; + NSSItem derCert; + unsigned char sha1_hash[SHA1_LENGTH]; + unsigned char md5_hash[MD5_LENGTH]; + pemKeyParams key; + unsigned char *labelData; + /* static data: to do, make this dynamic like labelData */ + unsigned char derSerial[128]; +}; +typedef struct pemCertObjectStr pemCertObject; + +/* + * Trust + */ +struct pemTrustObjectStr { + char *nickname; +}; +typedef struct pemTrustObjectStr pemTrustObject; + +typedef enum { + pemRaw, + pemCert, + pemBareKey, + pemTrust +} pemObjectType; + +/* + * all the various types of objects are abstracted away in cobject and + * cfind as pemInternalObjects. + */ +struct pemInternalObjectStr { + pemObjectType type; + union { + pemRawObject raw; + pemCertObject cert; + pemKeyObject key; + pemTrustObject trust; + } u; + CK_OBJECT_CLASS objClass; + NSSItem hashKey; + NSSItem id; + void *idData; + unsigned char hashKeyData[128]; + SECItem *derCert; + char *nickname; + NSSCKMDObject mdObject; + CK_SLOT_ID slotID; +}; +typedef struct pemInternalObjectStr pemInternalObject; + +struct pemTokenStr { + PRBool logged_in; +}; +typedef struct pemTokenStr pemToken; + +/* our raw object data array */ +NSS_EXTERN_DATA pemInternalObject nss_pem_data[]; +NSS_EXTERN_DATA const PRUint32 nss_pem_nObjects; + + PRBool logged_in; + +/* our raw object data array */ +NSS_EXTERN_DATA pemInternalObject nss_pem_data[]; +NSS_EXTERN_DATA const PRUint32 nss_pem_nObjects; + +NSS_EXTERN_DATA pemInternalObject pem_data[]; +NSS_EXTERN_DATA const PRUint32 pem_nObjects; + +NSS_EXTERN_DATA const CK_VERSION pem_CryptokiVersion; +NSS_EXTERN_DATA const NSSUTF8 * pem_ManufacturerID; +NSS_EXTERN_DATA const NSSUTF8 * pem_LibraryDescription; +NSS_EXTERN_DATA const CK_VERSION pem_LibraryVersion; +NSS_EXTERN_DATA const NSSUTF8 * pem_SlotDescription; +NSS_EXTERN_DATA const CK_VERSION pem_HardwareVersion; +NSS_EXTERN_DATA const CK_VERSION pem_FirmwareVersion; +NSS_EXTERN_DATA const NSSUTF8 * pem_TokenLabel; +NSS_EXTERN_DATA const NSSUTF8 * pem_TokenModel; +NSS_EXTERN_DATA const NSSUTF8 * pem_TokenSerialNumber; + +NSS_EXTERN_DATA const NSSCKMDInstance pem_mdInstance; +NSS_EXTERN_DATA const NSSCKMDSlot pem_mdSlot; +NSS_EXTERN_DATA const NSSCKMDToken pem_mdToken; +NSS_EXTERN_DATA const NSSCKMDMechanism pem_mdMechanismRSA; + +NSS_EXTERN NSSCKMDSession * +pem_CreateSession +( + NSSCKFWSession *fwSession, + CK_RV *pError +); + +NSS_EXTERN NSSCKMDFindObjects * +pem_FindObjectsInit +( + NSSCKFWSession *fwSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError +); + +NSS_EXTERN NSSCKMDObject * +pem_CreateMDObject +( + NSSArena *arena, + pemInternalObject *io, + CK_RV *pError +); + +#define NSS_PEM_ARRAY_SIZE(x) ((sizeof (x))/(sizeof ((x)[0]))) + +typedef enum { + pemLOWKEYNullKey = 0, + pemLOWKEYRSAKey = 1, + pemLOWKEYDSAKey = 2, + pemLOWKEYDHKey = 4, + pemLOWKEYECKey = 5 +} pemLOWKEYType; + +/* +** Low Level private key object +** This is only used by the raw Crypto engines (crypto), keydb (keydb), +** and PKCS #11. Everyone else uses the high level key structure. +*/ +struct pemLOWKEYPrivateKeyStr { + PLArenaPool *arena; + pemLOWKEYType keyType; + union { + RSAPrivateKey rsa; + DSAPrivateKey dsa; + DHPrivateKey dh; + ECPrivateKey ec; + } u; +}; +typedef struct pemLOWKEYPrivateKeyStr pemLOWKEYPrivateKey; + +SECStatus ReadDERFromFile(SECItem ***derlist, char *filename, PRBool ascii, int *cipher, char **ivstring, PRBool certsonly); +const NSSItem * pem_FetchAttribute ( pemInternalObject *io, CK_ATTRIBUTE_TYPE type); +void pem_PopulateModulusExponent(pemInternalObject *io); +NSSCKMDObject * pem_CreateObject(NSSCKFWInstance *fwInstance, NSSCKFWSession *fwSession, NSSCKMDToken *mdToken, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount, CK_RV *pError); +NSSCKMDSlot *pem_NewSlot( NSSCKFWInstance *fwInstance, CK_RV *pError); + + +PRBool pem_ParseString(const char* inputstring, const char delimiter, + PRInt32* numStrings, char*** returnedstrings); +PRBool pem_FreeParsedStrings(PRInt32 numStrings, char** instrings); + +pemInternalObject * +CreateObject(CK_OBJECT_CLASS objClass, pemObjectType type, SECItem *certDER, + SECItem *keyDER, char *filename, int objid, CK_SLOT_ID slotID); + + +/* prsa.c */ +unsigned int pem_PrivateModulusLen(pemLOWKEYPrivateKey *privk); + +/* ptoken.c */ +NSSCKMDToken * pem_NewToken(NSSCKFWInstance *fwInstance, CK_RV *pError); + +void open_log(); +void close_log(); +void plog(const char *fmt, ...); + +#define PEM_H 1 |