Initial import of code. This is equivalent to the 20080124 tarball in

the Fedora nss package tree.
author: Rob Crittenden <rcritten@redhat.com> 2009-05-22 17:56:11 -0400
committer: Rob Crittenden <rcritten@redhat.com> 2009-05-22 17:56:11 -0400
commit: 5409801c7195dc38665ec4e29c233bf1e9ea53e7 (patch)
tree: 38476d28439a07c4a47bd3e7ba84a9a188e404cb /ckpem.h
download: pemnss-5409801c7195dc38665ec4e29c233bf1e9ea53e7.tar.gz
pemnss-5409801c7195dc38665ec4e29c233bf1e9ea53e7.tar.xz
pemnss-5409801c7195dc38665ec4e29c233bf1e9ea53e7.zip
1 files changed, 239 insertions, 0 deletions
diff --git a/ckpem.h b/ckpem.h
new file mode 100644
index 0000000..5587333
--- /dev/null
+++ b/ckpem.h
@@ -0,0 +1,239 @@
+#include "nssckmdt.h"
+#include "nssckfw.h"
+#include "ckfwtm.h"
+#include "ckfw.h"
+#include "secder.h"
+#include "secoid.h"
+#include "secasn1.h"
+#include "blapit.h"
+#include "softoken.h"
+
+/*
+ * I'm including this for access to the arena functions.
+ * Looks like we should publish that API.
+ */
+#ifndef BASE_H
+#include "base.h"
+#endif /* BASE_H */
+
+/*
+ * This is where the Netscape extensions live, at least for now.
+ */
+#ifndef CKT_H
+#include "ckt.h"
+#endif /* CKT_H */
+
+#define NUM_SLOTS 8
+
+/*
+ * statically defined raw objects. Allows us to data description objects
+ * to this PKCS #11 module.
+ */
+struct pemRawObjectStr {
+  CK_ULONG n;
+  const CK_ATTRIBUTE_TYPE *types;
+  const NSSItem *items;
+};
+typedef struct pemRawObjectStr pemRawObject;
+
+/*
+ * common values needed for both bare keys and cert referenced keys.
+ */
+struct pemKeyParamsStr {
+  NSSItem         modulus;
+  NSSItem         exponent;
+  NSSItem         privateExponent;
+  NSSItem         prime1;
+  NSSItem         prime2;
+  NSSItem         exponent1;
+  NSSItem         exponent2;
+  NSSItem         coefficient;
+  unsigned char   publicExponentData[sizeof(CK_ULONG)];
+  SECItem         *privateKey;
+  void            *pubKey;
+};
+typedef struct pemKeyParamsStr pemKeyParams;
+/*
+ * Key objects. Handles bare keys which do not yet have certs associated
+ * with them. These are usually short lived, but may exist for several days
+ * while the CA is issuing the certificate.
+ */
+struct pemKeyObjectStr {
+  char            *provName;
+  char            *containerName;
+  pemKeyParams    key;
+  char            *ivstring;
+  int             cipher;
+};
+typedef struct pemKeyObjectStr pemKeyObject;
+
+/*
+ * Certificate and certificate referenced keys.
+ */
+struct pemCertObjectStr {
+  const char      *certStore;
+  NSSItem         label;
+  NSSItem         subject;
+  NSSItem         issuer;
+  NSSItem         serial;
+  NSSItem         derCert;
+  unsigned char   sha1_hash[SHA1_LENGTH];
+  unsigned char   md5_hash[MD5_LENGTH];
+  pemKeyParams key;
+  unsigned char   *labelData;
+  /* static data: to do, make this dynamic like labelData */
+  unsigned char   derSerial[128];
+};
+typedef struct pemCertObjectStr pemCertObject;
+
+/*
+ * Trust
+ */
+struct pemTrustObjectStr {
+  char            *nickname;
+};
+typedef struct pemTrustObjectStr pemTrustObject;
+
+typedef enum {
+  pemRaw,
+  pemCert,
+  pemBareKey,
+  pemTrust
+} pemObjectType;
+
+/*
+ * all the various types of objects are abstracted away in cobject and
+ * cfind as pemInternalObjects.
+ */
+struct pemInternalObjectStr {
+  pemObjectType type;
+  union {
+    pemRawObject    raw;
+    pemCertObject   cert;
+    pemKeyObject    key;
+    pemTrustObject  trust;
+  } u;
+  CK_OBJECT_CLASS objClass;
+  NSSItem         hashKey;
+  NSSItem         id;
+  void            *idData;
+  unsigned char   hashKeyData[128];
+  SECItem         *derCert;
+  char            *nickname;
+  NSSCKMDObject   mdObject;
+  CK_SLOT_ID      slotID;
+};
+typedef struct pemInternalObjectStr pemInternalObject;
+
+struct pemTokenStr {
+  PRBool          logged_in;
+};
+typedef struct pemTokenStr pemToken;
+
+/* our raw object data array */
+NSS_EXTERN_DATA pemInternalObject nss_pem_data[];
+NSS_EXTERN_DATA const PRUint32               nss_pem_nObjects;
+
+  PRBool          logged_in;
+
+/* our raw object data array */
+NSS_EXTERN_DATA pemInternalObject nss_pem_data[];
+NSS_EXTERN_DATA const PRUint32               nss_pem_nObjects;
+
+NSS_EXTERN_DATA pemInternalObject pem_data[];
+NSS_EXTERN_DATA const PRUint32               pem_nObjects;
+
+NSS_EXTERN_DATA const CK_VERSION   pem_CryptokiVersion;
+NSS_EXTERN_DATA const NSSUTF8 *    pem_ManufacturerID;
+NSS_EXTERN_DATA const NSSUTF8 *    pem_LibraryDescription;
+NSS_EXTERN_DATA const CK_VERSION   pem_LibraryVersion;
+NSS_EXTERN_DATA const NSSUTF8 *    pem_SlotDescription;
+NSS_EXTERN_DATA const CK_VERSION   pem_HardwareVersion;
+NSS_EXTERN_DATA const CK_VERSION   pem_FirmwareVersion;
+NSS_EXTERN_DATA const NSSUTF8 *    pem_TokenLabel;
+NSS_EXTERN_DATA const NSSUTF8 *    pem_TokenModel;
+NSS_EXTERN_DATA const NSSUTF8 *    pem_TokenSerialNumber;
+
+NSS_EXTERN_DATA const NSSCKMDInstance pem_mdInstance;
+NSS_EXTERN_DATA const NSSCKMDSlot     pem_mdSlot;
+NSS_EXTERN_DATA const NSSCKMDToken    pem_mdToken;
+NSS_EXTERN_DATA const NSSCKMDMechanism pem_mdMechanismRSA;
+
+NSS_EXTERN NSSCKMDSession *
+pem_CreateSession
+(
+  NSSCKFWSession *fwSession,
+  CK_RV *pError
+);
+
+NSS_EXTERN NSSCKMDFindObjects *
+pem_FindObjectsInit
+(
+  NSSCKFWSession *fwSession,
+  CK_ATTRIBUTE_PTR pTemplate,
+  CK_ULONG ulAttributeCount,
+  CK_RV *pError
+);
+
+NSS_EXTERN NSSCKMDObject *
+pem_CreateMDObject
+(
+  NSSArena *arena,
+  pemInternalObject *io,
+  CK_RV *pError
+);
+
+#define NSS_PEM_ARRAY_SIZE(x) ((sizeof (x))/(sizeof ((x)[0])))
+
+typedef enum {
+    pemLOWKEYNullKey = 0,
+    pemLOWKEYRSAKey = 1,
+    pemLOWKEYDSAKey = 2,
+    pemLOWKEYDHKey = 4,
+    pemLOWKEYECKey = 5
+} pemLOWKEYType;
+
+/*
+** Low Level private key object
+** This is only used by the raw Crypto engines (crypto), keydb (keydb),
+** and PKCS #11. Everyone else uses the high level key structure.
+*/
+struct pemLOWKEYPrivateKeyStr {
+    PLArenaPool *arena;
+    pemLOWKEYType keyType;
+    union {
+        RSAPrivateKey rsa;
+        DSAPrivateKey dsa;
+        DHPrivateKey  dh;
+        ECPrivateKey  ec;
+    } u;
+};
+typedef struct pemLOWKEYPrivateKeyStr pemLOWKEYPrivateKey;
+
+SECStatus ReadDERFromFile(SECItem ***derlist, char *filename, PRBool ascii, int *cipher, char **ivstring, PRBool certsonly);
+const NSSItem * pem_FetchAttribute ( pemInternalObject *io, CK_ATTRIBUTE_TYPE type);
+void pem_PopulateModulusExponent(pemInternalObject *io);
+NSSCKMDObject * pem_CreateObject(NSSCKFWInstance *fwInstance, NSSCKFWSession *fwSession, NSSCKMDToken *mdToken, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount, CK_RV *pError);
+NSSCKMDSlot *pem_NewSlot( NSSCKFWInstance *fwInstance, CK_RV *pError);
+
+
+PRBool pem_ParseString(const char* inputstring, const char delimiter,
+                       PRInt32* numStrings, char*** returnedstrings);
+PRBool pem_FreeParsedStrings(PRInt32 numStrings, char** instrings);
+
+pemInternalObject *
+CreateObject(CK_OBJECT_CLASS objClass, pemObjectType type, SECItem *certDER,
+             SECItem *keyDER, char *filename, int objid, CK_SLOT_ID slotID);
+
+
+/* prsa.c */
+unsigned int pem_PrivateModulusLen(pemLOWKEYPrivateKey *privk);
+
+/* ptoken.c */
+NSSCKMDToken * pem_NewToken(NSSCKFWInstance *fwInstance, CK_RV *pError);
+
+void open_log();
+void close_log();
+void plog(const char *fmt, ...);
+
+#define PEM_H 1
author	Rob Crittenden <rcritten@redhat.com>	2009-05-22 17:56:11 -0400
committer	Rob Crittenden <rcritten@redhat.com>	2009-05-22 17:56:11 -0400
commit	5409801c7195dc38665ec4e29c233bf1e9ea53e7 (patch)
tree	38476d28439a07c4a47bd3e7ba84a9a188e404cb /ckpem.h
download	pemnss-5409801c7195dc38665ec4e29c233bf1e9ea53e7.tar.gz pemnss-5409801c7195dc38665ec4e29c233bf1e9ea53e7.tar.xz pemnss-5409801c7195dc38665ec4e29c233bf1e9ea53e7.zip