Back to index

lightning-sunbird  0.9+nobinonly
lowpbe.h
Go to the documentation of this file.
00001 /* ***** BEGIN LICENSE BLOCK *****
00002  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
00003  *
00004  * The contents of this file are subject to the Mozilla Public License Version
00005  * 1.1 (the "License"); you may not use this file except in compliance with
00006  * the License. You may obtain a copy of the License at
00007  * http://www.mozilla.org/MPL/
00008  *
00009  * Software distributed under the License is distributed on an "AS IS" basis,
00010  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
00011  * for the specific language governing rights and limitations under the
00012  * License.
00013  *
00014  * The Original Code is the Netscape security libraries.
00015  *
00016  * The Initial Developer of the Original Code is
00017  * Netscape Communications Corporation.
00018  * Portions created by the Initial Developer are Copyright (C) 1994-2000
00019  * the Initial Developer. All Rights Reserved.
00020  *
00021  * Contributor(s):
00022  *
00023  * Alternatively, the contents of this file may be used under the terms of
00024  * either the GNU General Public License Version 2 or later (the "GPL"), or
00025  * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
00026  * in which case the provisions of the GPL or the LGPL are applicable instead
00027  * of those above. If you wish to allow use of your version of this file only
00028  * under the terms of either the GPL or the LGPL, and not to allow others to
00029  * use your version of this file under the terms of the MPL, indicate your
00030  * decision by deleting the provisions above and replace them with the notice
00031  * and other provisions required by the GPL or the LGPL. If you do not delete
00032  * the provisions above, a recipient may use your version of this file under
00033  * the terms of any one of the MPL, the GPL or the LGPL.
00034  *
00035  * ***** END LICENSE BLOCK ***** */
00036 
00037 #ifndef _SECPKCS5_H_
00038 #define _SECPKCS5_H_
00039 
00040 #include "plarena.h"
00041 #include "secitem.h"
00042 #include "seccomon.h"
00043 #include "secoidt.h"
00044 #include "hasht.h"
00045 
00046 typedef SECItem * (* SEC_PKCS5GetPBEPassword)(void *arg);
00047 
00048 /* used for V2 PKCS 12 Draft Spec */ 
00049 typedef enum {
00050     pbeBitGenIDNull = 0,
00051     pbeBitGenCipherKey = 0x01,
00052     pbeBitGenCipherIV = 0x02,
00053     pbeBitGenIntegrityKey = 0x03
00054 } PBEBitGenID;
00055 
00056 typedef enum {
00057     NSSPKCS5_PBKDF1 = 0,
00058     NSSPKCS5_PBKDF2 = 1,
00059     NSSPKCS5_PKCS12_V2 = 2
00060 } NSSPKCS5PBEType;
00061 
00062 typedef struct NSSPKCS5PBEParameterStr NSSPKCS5PBEParameter;
00063 
00064 struct NSSPKCS5PBEParameterStr {
00065     PRArenaPool *poolp;
00066     SECItem   salt;         /* octet string */
00067     SECItem   iteration;    /* integer */
00068 
00069     /* used locally */
00070     int              iter;
00071     int       keyLen;
00072     int              ivLen;
00073     HASH_HashType hashType;
00074     NSSPKCS5PBEType pbeType;
00075     PBEBitGenID      keyID;
00076     SECOidTag encAlg;
00077     PRBool    is2KeyDES;
00078 };
00079 
00080 
00081 SEC_BEGIN_PROTOS
00082 /* Create a PKCS5 Algorithm ID
00083  * The algorithm ID is set up using the PKCS #5 parameter structure
00084  *  algorithm is the PBE algorithm ID for the desired algorithm
00085  *  pbe is a pbe param block with all the info needed to create the 
00086  *   algorithm id.
00087  * If an error occurs or the algorithm specified is not supported 
00088  * or is not a password based encryption algorithm, NULL is returned.
00089  * Otherwise, a pointer to the algorithm id is returned.
00090  */
00091 extern SECAlgorithmID *
00092 nsspkcs5_CreateAlgorithmID(PRArenaPool *arena, SECOidTag algorithm, 
00093                                           NSSPKCS5PBEParameter *pbe);
00094 
00095 /*
00096  * Convert an Algorithm ID to a PBE Param.
00097  * NOTE: this does not suppport PKCS 5 v2 because it's only used for the
00098  * keyDB which only support PKCS 5 v1, PFX, and PKCS 12.
00099  */
00100 NSSPKCS5PBEParameter *
00101 nsspkcs5_AlgidToParam(SECAlgorithmID *algid);
00102 
00103 /*
00104  * Convert an Algorithm ID to a PBE Param.
00105  * NOTE: this does not suppport PKCS 5 v2 because it's only used for the
00106  * keyDB which only support PKCS 5 v1, PFX, and PKCS 12.
00107  */
00108 NSSPKCS5PBEParameter *
00109 nsspkcs5_NewParam(SECOidTag alg, SECItem *salt, int iterator);
00110 
00111 
00112 /* Encrypt/Decrypt data using password based encryption.  
00113  *  algid is the PBE algorithm identifier,
00114  *  pwitem is the password,
00115  *  src is the source for encryption/decryption,
00116  *  encrypt is PR_TRUE for encryption, PR_FALSE for decryption.
00117  * The key and iv are generated based upon PKCS #5 then the src
00118  * is either encrypted or decrypted.  If an error occurs, NULL
00119  * is returned, otherwise the ciphered contents is returned.
00120  */
00121 extern SECItem *
00122 nsspkcs5_CipherData(NSSPKCS5PBEParameter *, SECItem *pwitem,
00123                   SECItem *src, PRBool encrypt, PRBool *update);
00124 
00125 extern SECItem *
00126 nsspkcs5_ComputeKeyAndIV(NSSPKCS5PBEParameter *, SECItem *pwitem,
00127                                    SECItem *iv, PRBool faulty3DES);
00128 
00129 /* Destroys PBE parameter */
00130 extern void
00131 nsspkcs5_DestroyPBEParameter(NSSPKCS5PBEParameter *param);
00132 
00133 SEC_END_PROTOS
00134 
00135 #endif