security/nss/lib/softoken/lowpbe.h@b8a032363ba2 (annotated)
security/nss/lib/softoken/lowpbe.h
Thu, 22 Jan 2015 13:21:57 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Thu, 22 Jan 2015 13:21:57 +0100
- branch
- TOR_BUG_9701
- changeset 15
- b8a032363ba2
- permissions
- -rw-r--r--
Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6
| michael@0 | 1 | /* This Source Code Form is subject to the terms of the Mozilla Public |
| michael@0 | 2 | * License, v. 2.0. If a copy of the MPL was not distributed with this |
| michael@0 | 3 | * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| michael@0 | 4 | |
| michael@0 | 5 | #ifndef _SECPKCS5_H_ |
| michael@0 | 6 | #define _SECPKCS5_H_ |
| michael@0 | 7 | |
| michael@0 | 8 | #include "plarena.h" |
| michael@0 | 9 | #include "secitem.h" |
| michael@0 | 10 | #include "seccomon.h" |
| michael@0 | 11 | #include "secoidt.h" |
| michael@0 | 12 | #include "hasht.h" |
| michael@0 | 13 | |
| michael@0 | 14 | typedef SECItem * (* SEC_PKCS5GetPBEPassword)(void *arg); |
| michael@0 | 15 | |
| michael@0 | 16 | /* used for V2 PKCS 12 Draft Spec */ |
| michael@0 | 17 | typedef enum { |
| michael@0 | 18 | pbeBitGenIDNull = 0, |
| michael@0 | 19 | pbeBitGenCipherKey = 0x01, |
| michael@0 | 20 | pbeBitGenCipherIV = 0x02, |
| michael@0 | 21 | pbeBitGenIntegrityKey = 0x03 |
| michael@0 | 22 | } PBEBitGenID; |
| michael@0 | 23 | |
| michael@0 | 24 | typedef enum { |
| michael@0 | 25 | NSSPKCS5_PBKDF1 = 0, |
| michael@0 | 26 | NSSPKCS5_PBKDF2 = 1, |
| michael@0 | 27 | NSSPKCS5_PKCS12_V2 = 2 |
| michael@0 | 28 | } NSSPKCS5PBEType; |
| michael@0 | 29 | |
| michael@0 | 30 | typedef struct NSSPKCS5PBEParameterStr NSSPKCS5PBEParameter; |
| michael@0 | 31 | |
| michael@0 | 32 | struct NSSPKCS5PBEParameterStr { |
| michael@0 | 33 | PLArenaPool *poolp; |
| michael@0 | 34 | SECItem salt; /* octet string */ |
| michael@0 | 35 | SECItem iteration; /* integer */ |
| michael@0 | 36 | SECItem keyLength; /* integer */ |
| michael@0 | 37 | |
| michael@0 | 38 | /* used locally */ |
| michael@0 | 39 | int iter; |
| michael@0 | 40 | int keyLen; |
| michael@0 | 41 | int ivLen; |
| michael@0 | 42 | unsigned char *ivData; |
| michael@0 | 43 | HASH_HashType hashType; |
| michael@0 | 44 | NSSPKCS5PBEType pbeType; |
| michael@0 | 45 | SECAlgorithmID prfAlg; |
| michael@0 | 46 | PBEBitGenID keyID; |
| michael@0 | 47 | SECOidTag encAlg; |
| michael@0 | 48 | PRBool is2KeyDES; |
| michael@0 | 49 | }; |
| michael@0 | 50 | |
| michael@0 | 51 | |
| michael@0 | 52 | SEC_BEGIN_PROTOS |
| michael@0 | 53 | /* Create a PKCS5 Algorithm ID |
| michael@0 | 54 | * The algorithm ID is set up using the PKCS #5 parameter structure |
| michael@0 | 55 | * algorithm is the PBE algorithm ID for the desired algorithm |
| michael@0 | 56 | * pbe is a pbe param block with all the info needed to create the |
| michael@0 | 57 | * algorithm id. |
| michael@0 | 58 | * If an error occurs or the algorithm specified is not supported |
| michael@0 | 59 | * or is not a password based encryption algorithm, NULL is returned. |
| michael@0 | 60 | * Otherwise, a pointer to the algorithm id is returned. |
| michael@0 | 61 | */ |
| michael@0 | 62 | extern SECAlgorithmID * |
| michael@0 | 63 | nsspkcs5_CreateAlgorithmID(PLArenaPool *arena, SECOidTag algorithm, |
| michael@0 | 64 | NSSPKCS5PBEParameter *pbe); |
| michael@0 | 65 | |
| michael@0 | 66 | /* |
| michael@0 | 67 | * Convert an Algorithm ID to a PBE Param. |
| michael@0 | 68 | * NOTE: this does not suppport PKCS 5 v2 because it's only used for the |
| michael@0 | 69 | * keyDB which only support PKCS 5 v1, PFX, and PKCS 12. |
| michael@0 | 70 | */ |
| michael@0 | 71 | NSSPKCS5PBEParameter * |
| michael@0 | 72 | nsspkcs5_AlgidToParam(SECAlgorithmID *algid); |
| michael@0 | 73 | |
| michael@0 | 74 | /* |
| michael@0 | 75 | * Convert an Algorithm ID to a PBE Param. |
| michael@0 | 76 | * NOTE: this does not suppport PKCS 5 v2 because it's only used for the |
| michael@0 | 77 | * keyDB which only support PKCS 5 v1, PFX, and PKCS 12. |
| michael@0 | 78 | */ |
| michael@0 | 79 | NSSPKCS5PBEParameter * |
| michael@0 | 80 | nsspkcs5_NewParam(SECOidTag alg, SECItem *salt, int iterator); |
| michael@0 | 81 | |
| michael@0 | 82 | |
| michael@0 | 83 | /* Encrypt/Decrypt data using password based encryption. |
| michael@0 | 84 | * algid is the PBE algorithm identifier, |
| michael@0 | 85 | * pwitem is the password, |
| michael@0 | 86 | * src is the source for encryption/decryption, |
| michael@0 | 87 | * encrypt is PR_TRUE for encryption, PR_FALSE for decryption. |
| michael@0 | 88 | * The key and iv are generated based upon PKCS #5 then the src |
| michael@0 | 89 | * is either encrypted or decrypted. If an error occurs, NULL |
| michael@0 | 90 | * is returned, otherwise the ciphered contents is returned. |
| michael@0 | 91 | */ |
| michael@0 | 92 | extern SECItem * |
| michael@0 | 93 | nsspkcs5_CipherData(NSSPKCS5PBEParameter *, SECItem *pwitem, |
| michael@0 | 94 | SECItem *src, PRBool encrypt, PRBool *update); |
| michael@0 | 95 | |
| michael@0 | 96 | extern SECItem * |
| michael@0 | 97 | nsspkcs5_ComputeKeyAndIV(NSSPKCS5PBEParameter *, SECItem *pwitem, |
| michael@0 | 98 | SECItem *iv, PRBool faulty3DES); |
| michael@0 | 99 | |
| michael@0 | 100 | /* Destroys PBE parameter */ |
| michael@0 | 101 | extern void |
| michael@0 | 102 | nsspkcs5_DestroyPBEParameter(NSSPKCS5PBEParameter *param); |
| michael@0 | 103 | |
| michael@0 | 104 | HASH_HashType HASH_FromHMACOid(SECOidTag oid); |
| michael@0 | 105 | |
| michael@0 | 106 | SEC_END_PROTOS |
| michael@0 | 107 | |
| michael@0 | 108 | #endif |
