OLD | NEW |
1 /* This Source Code Form is subject to the terms of the Mozilla Public | 1 /* This Source Code Form is subject to the terms of the Mozilla Public |
2 * License, v. 2.0. If a copy of the MPL was not distributed with this | 2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
4 | 4 |
5 /* | 5 /* |
6 * Support routines for PKCS7 implementation, none of which are exported. | 6 * Support routines for PKCS7 implementation, none of which are exported. |
7 * This file should only contain things that are needed by both the | 7 * This file should only contain things that are needed by both the |
8 * encoding/creation side *and* the decoding/decryption side. Anything | 8 * encoding/creation side *and* the decoding/decryption side. Anything |
9 * else should just be static routines in the appropriate file. | 9 * else should just be static routines in the appropriate file. |
10 * | 10 * |
11 * Do not export this file! If something in here is really needed outside | 11 * Do not export this file! If something in here is really needed outside |
12 * of pkcs7 code, first try to add a PKCS7 interface which will do it for | 12 * of pkcs7 code, first try to add a PKCS7 interface which will do it for |
13 * you. If that has a problem, then just move out what you need, changing | 13 * you. If that has a problem, then just move out what you need, changing |
14 * its name as appropriate! | 14 * its name as appropriate! |
15 */ | 15 */ |
16 | 16 |
17 #ifndef _P7LOCAL_H_ | 17 #ifndef _P7LOCAL_H_ |
18 #define _P7LOCAL_H_ | 18 #define _P7LOCAL_H_ |
19 | 19 |
20 #include "secpkcs7.h" | 20 #include "secpkcs7.h" |
21 #include "secasn1t.h" | 21 #include "secasn1t.h" |
22 | 22 |
23 extern const SEC_ASN1Template sec_PKCS7ContentInfoTemplate[]; | 23 extern const SEC_ASN1Template sec_PKCS7ContentInfoTemplate[]; |
24 | 24 |
25 /* opaque objects */ | 25 /* opaque objects */ |
26 typedef struct sec_pkcs7_cipher_object sec_PKCS7CipherObject; | 26 typedef struct sec_pkcs7_cipher_object sec_PKCS7CipherObject; |
27 | 27 |
28 | |
29 /************************************************************************/ | 28 /************************************************************************/ |
30 SEC_BEGIN_PROTOS | 29 SEC_BEGIN_PROTOS |
31 | 30 |
32 /* | 31 /* |
33 * Look through a set of attributes and find one that matches the | 32 * Look through a set of attributes and find one that matches the |
34 * specified object ID. If "only" is true, then make sure that | 33 * specified object ID. If "only" is true, then make sure that |
35 * there is not more than one attribute of the same type. Otherwise, | 34 * there is not more than one attribute of the same type. Otherwise, |
36 * just return the first one found. (XXX Does anybody really want | 35 * just return the first one found. (XXX Does anybody really want |
37 * that first-found behavior? It was like that when I found it...) | 36 * that first-found behavior? It was like that when I found it...) |
38 */ | 37 */ |
39 extern SEC_PKCS7Attribute *sec_PKCS7FindAttribute (SEC_PKCS7Attribute **attrs, | 38 extern SEC_PKCS7Attribute *sec_PKCS7FindAttribute(SEC_PKCS7Attribute **attrs, |
40 » » » » » » SECOidTag oidtag, | 39 SECOidTag oidtag, |
41 » » » » » » PRBool only); | 40 PRBool only); |
42 /* | 41 /* |
43 * Return the single attribute value, doing some sanity checking first: | 42 * Return the single attribute value, doing some sanity checking first: |
44 * - Multiple values are *not* expected. | 43 * - Multiple values are *not* expected. |
45 * - Empty values are *not* expected. | 44 * - Empty values are *not* expected. |
46 */ | 45 */ |
47 extern SECItem *sec_PKCS7AttributeValue (SEC_PKCS7Attribute *attr); | 46 extern SECItem *sec_PKCS7AttributeValue(SEC_PKCS7Attribute *attr); |
48 | 47 |
49 /* | 48 /* |
50 * Encode a set of attributes (found in "src"). | 49 * Encode a set of attributes (found in "src"). |
51 */ | 50 */ |
52 extern SECItem *sec_PKCS7EncodeAttributes (PLArenaPool *poolp, | 51 extern SECItem *sec_PKCS7EncodeAttributes(PLArenaPool *poolp, SECItem *dest, |
53 » » » » » SECItem *dest, void *src); | 52 void *src); |
54 | 53 |
55 /* | 54 /* |
56 * Make sure that the order of the attributes guarantees valid DER | 55 * Make sure that the order of the attributes guarantees valid DER |
57 * (which must be in lexigraphically ascending order for a SET OF); | 56 * (which must be in lexigraphically ascending order for a SET OF); |
58 * if reordering is necessary it will be done in place (in attrs). | 57 * if reordering is necessary it will be done in place (in attrs). |
59 */ | 58 */ |
60 extern SECStatus sec_PKCS7ReorderAttributes (SEC_PKCS7Attribute **attrs); | 59 extern SECStatus sec_PKCS7ReorderAttributes(SEC_PKCS7Attribute **attrs); |
61 | |
62 | 60 |
63 /* | 61 /* |
64 * Create a context for decrypting, based on the given key and algorithm. | 62 * Create a context for decrypting, based on the given key and algorithm. |
65 */ | 63 */ |
66 extern sec_PKCS7CipherObject * | 64 extern sec_PKCS7CipherObject *sec_PKCS7CreateDecryptObject( |
67 sec_PKCS7CreateDecryptObject (PK11SymKey *key, SECAlgorithmID *algid); | 65 PK11SymKey *key, SECAlgorithmID *algid); |
68 | 66 |
69 /* | 67 /* |
70 * Create a context for encrypting, based on the given key and algorithm, | 68 * Create a context for encrypting, based on the given key and algorithm, |
71 * and fill in the algorithm id. | 69 * and fill in the algorithm id. |
72 */ | 70 */ |
73 extern sec_PKCS7CipherObject * | 71 extern sec_PKCS7CipherObject *sec_PKCS7CreateEncryptObject( |
74 sec_PKCS7CreateEncryptObject (PLArenaPool *poolp, PK11SymKey *key, | 72 PLArenaPool *poolp, PK11SymKey *key, SECOidTag algtag, |
75 » » » SECOidTag algtag, SECAlgorithmID *algid); | 73 SECAlgorithmID *algid); |
76 | 74 |
77 /* | 75 /* |
78 * Destroy the given decryption or encryption object. | 76 * Destroy the given decryption or encryption object. |
79 */ | 77 */ |
80 extern void sec_PKCS7DestroyDecryptObject (sec_PKCS7CipherObject *obj); | 78 extern void sec_PKCS7DestroyDecryptObject(sec_PKCS7CipherObject *obj); |
81 extern void sec_PKCS7DestroyEncryptObject (sec_PKCS7CipherObject *obj); | 79 extern void sec_PKCS7DestroyEncryptObject(sec_PKCS7CipherObject *obj); |
82 | 80 |
83 /* | 81 /* |
84 * What will be the output length of the next call to encrypt/decrypt? | 82 * What will be the output length of the next call to encrypt/decrypt? |
85 * Result can be used to perform memory allocations. Note that the amount | 83 * Result can be used to perform memory allocations. Note that the amount |
86 * is exactly accurate only when not doing a block cipher or when final | 84 * is exactly accurate only when not doing a block cipher or when final |
87 * is false, otherwise it is an upper bound on the amount because until | 85 * is false, otherwise it is an upper bound on the amount because until |
88 * we see the data we do not know how many padding bytes there are | 86 * we see the data we do not know how many padding bytes there are |
89 * (always between 1 and the cipher block size). | 87 * (always between 1 and the cipher block size). |
90 * | 88 * |
91 * Note that this can return zero, which does not mean that the cipher | 89 * Note that this can return zero, which does not mean that the cipher |
92 * operation can be skipped! (It simply means that there are not enough | 90 * operation can be skipped! (It simply means that there are not enough |
93 * bytes to make up an entire block; the bytes will be reserved until | 91 * bytes to make up an entire block; the bytes will be reserved until |
94 * there are enough to encrypt/decrypt at least one block.) However, | 92 * there are enough to encrypt/decrypt at least one block.) However, |
95 * if zero is returned it *does* mean that no output buffer need be | 93 * if zero is returned it *does* mean that no output buffer need be |
96 * passed in to the subsequent cipher operation, as no output bytes | 94 * passed in to the subsequent cipher operation, as no output bytes |
97 * will be stored. | 95 * will be stored. |
98 */ | 96 */ |
99 extern unsigned int sec_PKCS7DecryptLength (sec_PKCS7CipherObject *obj, | 97 extern unsigned int sec_PKCS7DecryptLength(sec_PKCS7CipherObject *obj, |
100 » » » » » unsigned int input_len, | 98 unsigned int input_len, |
101 » » » » » PRBool final); | 99 PRBool final); |
102 extern unsigned int sec_PKCS7EncryptLength (sec_PKCS7CipherObject *obj, | 100 extern unsigned int sec_PKCS7EncryptLength(sec_PKCS7CipherObject *obj, |
103 » » » » » unsigned int input_len, | 101 unsigned int input_len, |
104 » » » » » PRBool final); | 102 PRBool final); |
105 | 103 |
106 /* | 104 /* |
107 * Decrypt a given length of input buffer (starting at "input" and | 105 * Decrypt a given length of input buffer (starting at "input" and |
108 * containing "input_len" bytes), placing the decrypted bytes in | 106 * containing "input_len" bytes), placing the decrypted bytes in |
109 * "output" and storing the output length in "*output_len_p". | 107 * "output" and storing the output length in "*output_len_p". |
110 * "obj" is the return value from sec_PKCS7CreateDecryptObject. | 108 * "obj" is the return value from sec_PKCS7CreateDecryptObject. |
111 * When "final" is true, this is the last of the data to be decrypted. | 109 * When "final" is true, this is the last of the data to be decrypted. |
112 */· | 110 */ |
113 extern SECStatus sec_PKCS7Decrypt (sec_PKCS7CipherObject *obj, | 111 extern SECStatus sec_PKCS7Decrypt(sec_PKCS7CipherObject *obj, |
114 » » » » unsigned char *output, | 112 unsigned char *output, |
115 » » » » unsigned int *output_len_p, | 113 unsigned int *output_len_p, |
116 » » » » unsigned int max_output_len, | 114 unsigned int max_output_len, |
117 » » » » const unsigned char *input, | 115 const unsigned char *input, |
118 » » » » unsigned int input_len, | 116 unsigned int input_len, PRBool final); |
119 » » » » PRBool final); | |
120 | 117 |
121 /* | 118 /* |
122 * Encrypt a given length of input buffer (starting at "input" and | 119 * Encrypt a given length of input buffer (starting at "input" and |
123 * containing "input_len" bytes), placing the encrypted bytes in | 120 * containing "input_len" bytes), placing the encrypted bytes in |
124 * "output" and storing the output length in "*output_len_p". | 121 * "output" and storing the output length in "*output_len_p". |
125 * "obj" is the return value from sec_PKCS7CreateEncryptObject. | 122 * "obj" is the return value from sec_PKCS7CreateEncryptObject. |
126 * When "final" is true, this is the last of the data to be encrypted. | 123 * When "final" is true, this is the last of the data to be encrypted. |
127 */· | 124 */ |
128 extern SECStatus sec_PKCS7Encrypt (sec_PKCS7CipherObject *obj, | 125 extern SECStatus sec_PKCS7Encrypt(sec_PKCS7CipherObject *obj, |
129 » » » » unsigned char *output, | 126 unsigned char *output, |
130 » » » » unsigned int *output_len_p, | 127 unsigned int *output_len_p, |
131 » » » » unsigned int max_output_len, | 128 unsigned int max_output_len, |
132 » » » » const unsigned char *input, | 129 const unsigned char *input, |
133 » » » » unsigned int input_len, | 130 unsigned int input_len, PRBool final); |
134 » » » » PRBool final); | |
135 | 131 |
136 /************************************************************************/ | 132 /************************************************************************/ |
137 SEC_END_PROTOS | 133 SEC_END_PROTOS |
138 | 134 |
139 #endif /* _P7LOCAL_H_ */ | 135 #endif /* _P7LOCAL_H_ */ |
OLD | NEW |