1 /* This Source Code Form is subject to the terms of the Mozilla Public 2 * License, v. 2.0. If a copy of the MPL was not distributed with this 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 4 5 #ifndef CKCAPI_H 6 #define CKCAPI_H 1 7 8 #include "nssckmdt.h" 9 #include "nssckfw.h" 10 11 /* 12 * I'm including this for access to the arena functions. 13 * Looks like we should publish that API. 14 */ 15 #ifndef BASE_H 16 #include "base.h" 17 #endif /* BASE_H */ 18 19 /* 20 * This is where the Netscape extensions live, at least for now. 21 */ 22 #ifndef CKT_H 23 #include "ckt.h" 24 #endif /* CKT_H */ 25 26 #include "wtypes.h" 27 #include "wincrypt.h" 28 29 /* 30 * statically defined raw objects. Allows us to data description objects 31 * to this PKCS #11 module. 32 */ 33 struct ckcapiRawObjectStr { 34 CK_ULONG n; 35 const CK_ATTRIBUTE_TYPE *types; 36 const NSSItem *items; 37 }; 38 typedef struct ckcapiRawObjectStr ckcapiRawObject; 39 40 /* 41 * common values needed for both bare keys and cert referenced keys. 42 */ 43 struct ckcapiKeyParamsStr { 44 NSSItem modulus; 45 NSSItem exponent; 46 NSSItem privateExponent; 47 NSSItem prime1; 48 NSSItem prime2; 49 NSSItem exponent1; 50 NSSItem exponent2; 51 NSSItem coefficient; 52 unsigned char publicExponentData[sizeof(CK_ULONG)]; 53 void *privateKey; 54 void *pubKey; 55 }; 56 typedef struct ckcapiKeyParamsStr ckcapiKeyParams; 57 58 /* 59 * Key objects. Handles bare keys which do not yet have certs associated 60 * with them. These are usually short lived, but may exist for several days 61 * while the CA is issuing the certificate. 62 */ 63 struct ckcapiKeyObjectStr { 64 CRYPT_KEY_PROV_INFO provInfo; 65 char *provName; 66 char *containerName; 67 HCRYPTPROV hProv; 68 ckcapiKeyParams key; 69 }; 70 typedef struct ckcapiKeyObjectStr ckcapiKeyObject; 71 72 /* 73 * Certificate and certificate referenced keys. 74 */ 75 struct ckcapiCertObjectStr { 76 PCCERT_CONTEXT certContext; 77 PRBool hasID; 78 const char *certStore; 79 NSSItem label; 80 NSSItem subject; 81 NSSItem issuer; 82 NSSItem serial; 83 NSSItem derCert; 84 ckcapiKeyParams key; 85 unsigned char *labelData; 86 /* static data: to do, make this dynamic like labelData */ 87 unsigned char derSerial[128]; 88 }; 89 typedef struct ckcapiCertObjectStr ckcapiCertObject; 90 91 typedef enum { 92 ckcapiRaw, 93 ckcapiCert, 94 ckcapiBareKey 95 } ckcapiObjectType; 96 97 /* 98 * all the various types of objects are abstracted away in cobject and 99 * cfind as ckcapiInternalObjects. 100 */ 101 struct ckcapiInternalObjectStr { 102 ckcapiObjectType type; 103 union { 104 ckcapiRawObject raw; 105 ckcapiCertObject cert; 106 ckcapiKeyObject key; 107 } u; 108 CK_OBJECT_CLASS objClass; 109 NSSItem hashKey; 110 NSSItem id; 111 void *idData; 112 unsigned char hashKeyData[128]; 113 NSSCKMDObject mdObject; 114 }; 115 typedef struct ckcapiInternalObjectStr ckcapiInternalObject; 116 117 /* our raw object data array */ 118 NSS_EXTERN_DATA ckcapiInternalObject nss_ckcapi_data[]; 119 NSS_EXTERN_DATA const PRUint32 nss_ckcapi_nObjects; 120 121 NSS_EXTERN_DATA const CK_VERSION nss_ckcapi_CryptokiVersion; 122 NSS_EXTERN_DATA const NSSUTF8 *nss_ckcapi_ManufacturerID; 123 NSS_EXTERN_DATA const NSSUTF8 *nss_ckcapi_LibraryDescription; 124 NSS_EXTERN_DATA const CK_VERSION nss_ckcapi_LibraryVersion; 125 NSS_EXTERN_DATA const NSSUTF8 *nss_ckcapi_SlotDescription; 126 NSS_EXTERN_DATA const CK_VERSION nss_ckcapi_HardwareVersion; 127 NSS_EXTERN_DATA const CK_VERSION nss_ckcapi_FirmwareVersion; 128 NSS_EXTERN_DATA const NSSUTF8 *nss_ckcapi_TokenLabel; 129 NSS_EXTERN_DATA const NSSUTF8 *nss_ckcapi_TokenModel; 130 NSS_EXTERN_DATA const NSSUTF8 *nss_ckcapi_TokenSerialNumber; 131 132 NSS_EXTERN_DATA const NSSCKMDInstance nss_ckcapi_mdInstance; 133 NSS_EXTERN_DATA const NSSCKMDSlot nss_ckcapi_mdSlot; 134 NSS_EXTERN_DATA const NSSCKMDToken nss_ckcapi_mdToken; 135 NSS_EXTERN_DATA const NSSCKMDMechanism nss_ckcapi_mdMechanismRSA; 136 137 NSS_EXTERN NSSCKMDSession * 138 nss_ckcapi_CreateSession( 139 NSSCKFWSession *fwSession, 140 CK_RV *pError); 141 142 NSS_EXTERN NSSCKMDFindObjects * 143 nss_ckcapi_FindObjectsInit( 144 NSSCKFWSession *fwSession, 145 CK_ATTRIBUTE_PTR pTemplate, 146 CK_ULONG ulAttributeCount, 147 CK_RV *pError); 148 149 /* 150 * Object Utilities 151 */ 152 NSS_EXTERN NSSCKMDObject * 153 nss_ckcapi_CreateMDObject( 154 NSSArena *arena, 155 ckcapiInternalObject *io, 156 CK_RV *pError); 157 158 NSS_EXTERN NSSCKMDObject * 159 nss_ckcapi_CreateObject( 160 NSSCKFWSession *fwSession, 161 CK_ATTRIBUTE_PTR pTemplate, 162 CK_ULONG ulAttributeCount, 163 CK_RV *pError); 164 165 NSS_EXTERN const NSSItem * 166 nss_ckcapi_FetchAttribute( 167 ckcapiInternalObject *io, 168 CK_ATTRIBUTE_TYPE type); 169 170 NSS_EXTERN void 171 nss_ckcapi_DestroyInternalObject( 172 ckcapiInternalObject *io); 173 174 NSS_EXTERN CK_RV 175 nss_ckcapi_FetchKeyContainer( 176 ckcapiInternalObject *iKey, 177 HCRYPTPROV *hProv, 178 DWORD *keySpec, 179 HCRYPTKEY *hKey); 180 181 /* 182 * generic utilities 183 */ 184 185 /* 186 * So everyone else in the worlds stores their bignum data MSB first, but not 187 * Microsoft, we need to byte swap everything coming into and out of CAPI. 188 */ 189 void 190 ckcapi_ReverseData( 191 NSSItem *item); 192 193 /* 194 * unwrap a single DER value 195 */ 196 unsigned char * 197 nss_ckcapi_DERUnwrap( 198 unsigned char *src, 199 unsigned int size, 200 unsigned int *outSize, 201 unsigned char **next); 202 203 /* 204 * Return the size in bytes of a wide string 205 */ 206 int 207 nss_ckcapi_WideSize( 208 LPCWSTR wide); 209 210 /* 211 * Covert a Unicode wide character string to a UTF8 string 212 */ 213 char * 214 nss_ckcapi_WideToUTF8( 215 LPCWSTR wide); 216 217 /* 218 * Return a Wide String duplicated with nss allocated memory. 219 */ 220 LPWSTR 221 nss_ckcapi_WideDup( 222 LPCWSTR wide); 223 224 /* 225 * Covert a UTF8 string to Unicode wide character 226 */ 227 LPWSTR 228 nss_ckcapi_UTF8ToWide( 229 char *buf); 230 231 NSS_EXTERN PRUint32 232 nss_ckcapi_collect_all_certs( 233 CK_ATTRIBUTE_PTR pTemplate, 234 CK_ULONG ulAttributeCount, 235 ckcapiInternalObject ***listp, 236 PRUint32 *sizep, 237 PRUint32 count, 238 CK_RV *pError); 239 240 #define NSS_CKCAPI_ARRAY_SIZE(x) ((sizeof(x)) / (sizeof((x)[0]))) 241 242 #endif 243