1
/* ***** BEGIN LICENSE BLOCK *****
2
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
4
* The contents of this file are subject to the Mozilla Public License Version
5
* 1.1 (the "License"); you may not use this file except in compliance with
6
* the License. You may obtain a copy of the License at
7
* http://www.mozilla.org/MPL/
9
* Software distributed under the License is distributed on an "AS IS" basis,
10
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
11
* for the specific language governing rights and limitations under the
14
* The Original Code is the Netscape security libraries.
16
* The Initial Developer of the Original Code is
17
* Netscape Communications Corporation.
18
* Portions created by the Initial Developer are Copyright (C) 1994-2000
19
* the Initial Developer. All Rights Reserved.
23
* Alternatively, the contents of this file may be used under the terms of
24
* either the GNU General Public License Version 2 or later (the "GPL"), or
25
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
26
* in which case the provisions of the GPL or the LGPL are applicable instead
27
* of those above. If you wish to allow use of your version of this file only
28
* under the terms of either the GPL or the LGPL, and not to allow others to
29
* use your version of this file under the terms of the MPL, indicate your
30
* decision by deleting the provisions above and replace them with the notice
31
* and other provisions required by the GPL or the LGPL. If you do not delete
32
* the provisions above, a recipient may use your version of this file under
33
* the terms of any one of the MPL, the GPL or the LGPL.
35
* ***** END LICENSE BLOCK ***** */
38
* Support routines for PKCS7 implementation, none of which are exported.
39
* This file should only contain things that are needed by both the
40
* encoding/creation side *and* the decoding/decryption side. Anything
41
* else should just be static routines in the appropriate file.
43
* Do not export this file! If something in here is really needed outside
44
* of pkcs7 code, first try to add a PKCS7 interface which will do it for
45
* you. If that has a problem, then just move out what you need, changing
46
* its name as appropriate!
48
* $Id: p7local.h,v 1.2 2004/04/25 15:03:13 gerv%gerv.net Exp $
57
extern const SEC_ASN1Template sec_PKCS7ContentInfoTemplate[];
60
typedef struct sec_pkcs7_cipher_object sec_PKCS7CipherObject;
63
/************************************************************************/
67
* Look through a set of attributes and find one that matches the
68
* specified object ID. If "only" is true, then make sure that
69
* there is not more than one attribute of the same type. Otherwise,
70
* just return the first one found. (XXX Does anybody really want
71
* that first-found behavior? It was like that when I found it...)
73
extern SEC_PKCS7Attribute *sec_PKCS7FindAttribute (SEC_PKCS7Attribute **attrs,
77
* Return the single attribute value, doing some sanity checking first:
78
* - Multiple values are *not* expected.
79
* - Empty values are *not* expected.
81
extern SECItem *sec_PKCS7AttributeValue (SEC_PKCS7Attribute *attr);
84
* Encode a set of attributes (found in "src").
86
extern SECItem *sec_PKCS7EncodeAttributes (PRArenaPool *poolp,
87
SECItem *dest, void *src);
90
* Make sure that the order of the attributes guarantees valid DER
91
* (which must be in lexigraphically ascending order for a SET OF);
92
* if reordering is necessary it will be done in place (in attrs).
94
extern SECStatus sec_PKCS7ReorderAttributes (SEC_PKCS7Attribute **attrs);
98
* Create a context for decrypting, based on the given key and algorithm.
100
extern sec_PKCS7CipherObject *
101
sec_PKCS7CreateDecryptObject (PK11SymKey *key, SECAlgorithmID *algid);
104
* Create a context for encrypting, based on the given key and algorithm,
105
* and fill in the algorithm id.
107
extern sec_PKCS7CipherObject *
108
sec_PKCS7CreateEncryptObject (PRArenaPool *poolp, PK11SymKey *key,
109
SECOidTag algtag, SECAlgorithmID *algid);
112
* Destroy the given decryption or encryption object.
114
extern void sec_PKCS7DestroyDecryptObject (sec_PKCS7CipherObject *obj);
115
extern void sec_PKCS7DestroyEncryptObject (sec_PKCS7CipherObject *obj);
118
* What will be the output length of the next call to encrypt/decrypt?
119
* Result can be used to perform memory allocations. Note that the amount
120
* is exactly accurate only when not doing a block cipher or when final
121
* is false, otherwise it is an upper bound on the amount because until
122
* we see the data we do not know how many padding bytes there are
123
* (always between 1 and the cipher block size).
125
* Note that this can return zero, which does not mean that the cipher
126
* operation can be skipped! (It simply means that there are not enough
127
* bytes to make up an entire block; the bytes will be reserved until
128
* there are enough to encrypt/decrypt at least one block.) However,
129
* if zero is returned it *does* mean that no output buffer need be
130
* passed in to the subsequent cipher operation, as no output bytes
133
extern unsigned int sec_PKCS7DecryptLength (sec_PKCS7CipherObject *obj,
134
unsigned int input_len,
136
extern unsigned int sec_PKCS7EncryptLength (sec_PKCS7CipherObject *obj,
137
unsigned int input_len,
141
* Decrypt a given length of input buffer (starting at "input" and
142
* containing "input_len" bytes), placing the decrypted bytes in
143
* "output" and storing the output length in "*output_len_p".
144
* "obj" is the return value from sec_PKCS7CreateDecryptObject.
145
* When "final" is true, this is the last of the data to be decrypted.
147
extern SECStatus sec_PKCS7Decrypt (sec_PKCS7CipherObject *obj,
148
unsigned char *output,
149
unsigned int *output_len_p,
150
unsigned int max_output_len,
151
const unsigned char *input,
152
unsigned int input_len,
156
* Encrypt a given length of input buffer (starting at "input" and
157
* containing "input_len" bytes), placing the encrypted bytes in
158
* "output" and storing the output length in "*output_len_p".
159
* "obj" is the return value from sec_PKCS7CreateEncryptObject.
160
* When "final" is true, this is the last of the data to be encrypted.
162
extern SECStatus sec_PKCS7Encrypt (sec_PKCS7CipherObject *obj,
163
unsigned char *output,
164
unsigned int *output_len_p,
165
unsigned int max_output_len,
166
const unsigned char *input,
167
unsigned int input_len,
170
/* return the correct kea template based on the template selector. skipjack
171
* does not have the extra IV.
173
const SEC_ASN1Template *
174
sec_pkcs7_get_kea_template(SECKEATemplateSelector whichTemplate);
176
/************************************************************************/
179
#endif /* _P7LOCAL_H_ */