Back to index

lightning-sunbird  0.9+nobinonly
p7local.h
Go to the documentation of this file.
00001 /* ***** BEGIN LICENSE BLOCK *****
00002  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
00003  *
00004  * The contents of this file are subject to the Mozilla Public License Version
00005  * 1.1 (the "License"); you may not use this file except in compliance with
00006  * the License. You may obtain a copy of the License at
00007  * http://www.mozilla.org/MPL/
00008  *
00009  * Software distributed under the License is distributed on an "AS IS" basis,
00010  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
00011  * for the specific language governing rights and limitations under the
00012  * License.
00013  *
00014  * The Original Code is the Netscape security libraries.
00015  *
00016  * The Initial Developer of the Original Code is
00017  * Netscape Communications Corporation.
00018  * Portions created by the Initial Developer are Copyright (C) 1994-2000
00019  * the Initial Developer. All Rights Reserved.
00020  *
00021  * Contributor(s):
00022  *
00023  * Alternatively, the contents of this file may be used under the terms of
00024  * either the GNU General Public License Version 2 or later (the "GPL"), or
00025  * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
00026  * in which case the provisions of the GPL or the LGPL are applicable instead
00027  * of those above. If you wish to allow use of your version of this file only
00028  * under the terms of either the GPL or the LGPL, and not to allow others to
00029  * use your version of this file under the terms of the MPL, indicate your
00030  * decision by deleting the provisions above and replace them with the notice
00031  * and other provisions required by the GPL or the LGPL. If you do not delete
00032  * the provisions above, a recipient may use your version of this file under
00033  * the terms of any one of the MPL, the GPL or the LGPL.
00034  *
00035  * ***** END LICENSE BLOCK ***** */
00036 
00037 /*
00038  * Support routines for PKCS7 implementation, none of which are exported.
00039  * This file should only contain things that are needed by both the
00040  * encoding/creation side *and* the decoding/decryption side.  Anything
00041  * else should just be static routines in the appropriate file.
00042  *
00043  * Do not export this file!  If something in here is really needed outside
00044  * of pkcs7 code, first try to add a PKCS7 interface which will do it for
00045  * you.  If that has a problem, then just move out what you need, changing
00046  * its name as appropriate!
00047  *
00048  * $Id: p7local.h,v 1.2 2004/04/25 15:03:13 gerv%gerv.net Exp $
00049  */
00050 
00051 #ifndef _P7LOCAL_H_
00052 #define _P7LOCAL_H_
00053 
00054 #include "secpkcs7.h"
00055 #include "secasn1t.h"
00056 
00057 extern const SEC_ASN1Template sec_PKCS7ContentInfoTemplate[];
00058 
00059 /* opaque objects */
00060 typedef struct sec_pkcs7_cipher_object sec_PKCS7CipherObject;
00061 
00062 
00063 /************************************************************************/
00064 SEC_BEGIN_PROTOS
00065 
00066 /*
00067  * Look through a set of attributes and find one that matches the
00068  * specified object ID.  If "only" is true, then make sure that
00069  * there is not more than one attribute of the same type.  Otherwise,
00070  * just return the first one found. (XXX Does anybody really want
00071  * that first-found behavior?  It was like that when I found it...)
00072  */
00073 extern SEC_PKCS7Attribute *sec_PKCS7FindAttribute (SEC_PKCS7Attribute **attrs,
00074                                              SECOidTag oidtag,
00075                                              PRBool only);
00076 /*
00077  * Return the single attribute value, doing some sanity checking first:
00078  * - Multiple values are *not* expected.
00079  * - Empty values are *not* expected.
00080  */
00081 extern SECItem *sec_PKCS7AttributeValue (SEC_PKCS7Attribute *attr);
00082 
00083 /*
00084  * Encode a set of attributes (found in "src").
00085  */
00086 extern SECItem *sec_PKCS7EncodeAttributes (PRArenaPool *poolp,
00087                                       SECItem *dest, void *src);
00088 
00089 /*
00090  * Make sure that the order of the attributes guarantees valid DER
00091  * (which must be in lexigraphically ascending order for a SET OF);
00092  * if reordering is necessary it will be done in place (in attrs).
00093  */
00094 extern SECStatus sec_PKCS7ReorderAttributes (SEC_PKCS7Attribute **attrs);
00095 
00096 
00097 /*
00098  * Create a context for decrypting, based on the given key and algorithm.
00099  */
00100 extern sec_PKCS7CipherObject *
00101 sec_PKCS7CreateDecryptObject (PK11SymKey *key, SECAlgorithmID *algid);
00102 
00103 /*
00104  * Create a context for encrypting, based on the given key and algorithm,
00105  * and fill in the algorithm id.
00106  */
00107 extern sec_PKCS7CipherObject *
00108 sec_PKCS7CreateEncryptObject (PRArenaPool *poolp, PK11SymKey *key,
00109                            SECOidTag algtag, SECAlgorithmID *algid);
00110 
00111 /*
00112  * Destroy the given decryption or encryption object.
00113  */
00114 extern void sec_PKCS7DestroyDecryptObject (sec_PKCS7CipherObject *obj);
00115 extern void sec_PKCS7DestroyEncryptObject (sec_PKCS7CipherObject *obj);
00116 
00117 /*
00118  * What will be the output length of the next call to encrypt/decrypt?
00119  * Result can be used to perform memory allocations.  Note that the amount
00120  * is exactly accurate only when not doing a block cipher or when final
00121  * is false, otherwise it is an upper bound on the amount because until
00122  * we see the data we do not know how many padding bytes there are
00123  * (always between 1 and the cipher block size).
00124  *
00125  * Note that this can return zero, which does not mean that the cipher
00126  * operation can be skipped!  (It simply means that there are not enough
00127  * bytes to make up an entire block; the bytes will be reserved until
00128  * there are enough to encrypt/decrypt at least one block.)  However,
00129  * if zero is returned it *does* mean that no output buffer need be
00130  * passed in to the subsequent cipher operation, as no output bytes
00131  * will be stored.
00132  */
00133 extern unsigned int sec_PKCS7DecryptLength (sec_PKCS7CipherObject *obj,
00134                                        unsigned int input_len,
00135                                        PRBool final);
00136 extern unsigned int sec_PKCS7EncryptLength (sec_PKCS7CipherObject *obj,
00137                                        unsigned int input_len,
00138                                        PRBool final);
00139 
00140 /*
00141  * Decrypt a given length of input buffer (starting at "input" and
00142  * containing "input_len" bytes), placing the decrypted bytes in
00143  * "output" and storing the output length in "*output_len_p".
00144  * "obj" is the return value from sec_PKCS7CreateDecryptObject.
00145  * When "final" is true, this is the last of the data to be decrypted.
00146  */ 
00147 extern SECStatus sec_PKCS7Decrypt (sec_PKCS7CipherObject *obj,
00148                                unsigned char *output,
00149                                unsigned int *output_len_p,
00150                                unsigned int max_output_len,
00151                                const unsigned char *input,
00152                                unsigned int input_len,
00153                                PRBool final);
00154 
00155 /*
00156  * Encrypt a given length of input buffer (starting at "input" and
00157  * containing "input_len" bytes), placing the encrypted bytes in
00158  * "output" and storing the output length in "*output_len_p".
00159  * "obj" is the return value from sec_PKCS7CreateEncryptObject.
00160  * When "final" is true, this is the last of the data to be encrypted.
00161  */ 
00162 extern SECStatus sec_PKCS7Encrypt (sec_PKCS7CipherObject *obj,
00163                                unsigned char *output,
00164                                unsigned int *output_len_p,
00165                                unsigned int max_output_len,
00166                                const unsigned char *input,
00167                                unsigned int input_len,
00168                                PRBool final);
00169 
00170 /* return the correct kea template based on the template selector. skipjack
00171  * does not have the extra IV.
00172  */
00173 const SEC_ASN1Template * 
00174 sec_pkcs7_get_kea_template(SECKEATemplateSelector whichTemplate);
00175 
00176 /************************************************************************/
00177 SEC_END_PROTOS
00178 
00179 #endif /* _P7LOCAL_H_ */