1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/nss/lib/pkcs7/p7local.h Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,139 @@
1.4 +/* This Source Code Form is subject to the terms of the Mozilla Public
1.5 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.6 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.7 +
1.8 +/*
1.9 + * Support routines for PKCS7 implementation, none of which are exported.
1.10 + * This file should only contain things that are needed by both the
1.11 + * encoding/creation side *and* the decoding/decryption side. Anything
1.12 + * else should just be static routines in the appropriate file.
1.13 + *
1.14 + * Do not export this file! If something in here is really needed outside
1.15 + * of pkcs7 code, first try to add a PKCS7 interface which will do it for
1.16 + * you. If that has a problem, then just move out what you need, changing
1.17 + * its name as appropriate!
1.18 + */
1.19 +
1.20 +#ifndef _P7LOCAL_H_
1.21 +#define _P7LOCAL_H_
1.22 +
1.23 +#include "secpkcs7.h"
1.24 +#include "secasn1t.h"
1.25 +
1.26 +extern const SEC_ASN1Template sec_PKCS7ContentInfoTemplate[];
1.27 +
1.28 +/* opaque objects */
1.29 +typedef struct sec_pkcs7_cipher_object sec_PKCS7CipherObject;
1.30 +
1.31 +
1.32 +/************************************************************************/
1.33 +SEC_BEGIN_PROTOS
1.34 +
1.35 +/*
1.36 + * Look through a set of attributes and find one that matches the
1.37 + * specified object ID. If "only" is true, then make sure that
1.38 + * there is not more than one attribute of the same type. Otherwise,
1.39 + * just return the first one found. (XXX Does anybody really want
1.40 + * that first-found behavior? It was like that when I found it...)
1.41 + */
1.42 +extern SEC_PKCS7Attribute *sec_PKCS7FindAttribute (SEC_PKCS7Attribute **attrs,
1.43 + SECOidTag oidtag,
1.44 + PRBool only);
1.45 +/*
1.46 + * Return the single attribute value, doing some sanity checking first:
1.47 + * - Multiple values are *not* expected.
1.48 + * - Empty values are *not* expected.
1.49 + */
1.50 +extern SECItem *sec_PKCS7AttributeValue (SEC_PKCS7Attribute *attr);
1.51 +
1.52 +/*
1.53 + * Encode a set of attributes (found in "src").
1.54 + */
1.55 +extern SECItem *sec_PKCS7EncodeAttributes (PLArenaPool *poolp,
1.56 + SECItem *dest, void *src);
1.57 +
1.58 +/*
1.59 + * Make sure that the order of the attributes guarantees valid DER
1.60 + * (which must be in lexigraphically ascending order for a SET OF);
1.61 + * if reordering is necessary it will be done in place (in attrs).
1.62 + */
1.63 +extern SECStatus sec_PKCS7ReorderAttributes (SEC_PKCS7Attribute **attrs);
1.64 +
1.65 +
1.66 +/*
1.67 + * Create a context for decrypting, based on the given key and algorithm.
1.68 + */
1.69 +extern sec_PKCS7CipherObject *
1.70 +sec_PKCS7CreateDecryptObject (PK11SymKey *key, SECAlgorithmID *algid);
1.71 +
1.72 +/*
1.73 + * Create a context for encrypting, based on the given key and algorithm,
1.74 + * and fill in the algorithm id.
1.75 + */
1.76 +extern sec_PKCS7CipherObject *
1.77 +sec_PKCS7CreateEncryptObject (PLArenaPool *poolp, PK11SymKey *key,
1.78 + SECOidTag algtag, SECAlgorithmID *algid);
1.79 +
1.80 +/*
1.81 + * Destroy the given decryption or encryption object.
1.82 + */
1.83 +extern void sec_PKCS7DestroyDecryptObject (sec_PKCS7CipherObject *obj);
1.84 +extern void sec_PKCS7DestroyEncryptObject (sec_PKCS7CipherObject *obj);
1.85 +
1.86 +/*
1.87 + * What will be the output length of the next call to encrypt/decrypt?
1.88 + * Result can be used to perform memory allocations. Note that the amount
1.89 + * is exactly accurate only when not doing a block cipher or when final
1.90 + * is false, otherwise it is an upper bound on the amount because until
1.91 + * we see the data we do not know how many padding bytes there are
1.92 + * (always between 1 and the cipher block size).
1.93 + *
1.94 + * Note that this can return zero, which does not mean that the cipher
1.95 + * operation can be skipped! (It simply means that there are not enough
1.96 + * bytes to make up an entire block; the bytes will be reserved until
1.97 + * there are enough to encrypt/decrypt at least one block.) However,
1.98 + * if zero is returned it *does* mean that no output buffer need be
1.99 + * passed in to the subsequent cipher operation, as no output bytes
1.100 + * will be stored.
1.101 + */
1.102 +extern unsigned int sec_PKCS7DecryptLength (sec_PKCS7CipherObject *obj,
1.103 + unsigned int input_len,
1.104 + PRBool final);
1.105 +extern unsigned int sec_PKCS7EncryptLength (sec_PKCS7CipherObject *obj,
1.106 + unsigned int input_len,
1.107 + PRBool final);
1.108 +
1.109 +/*
1.110 + * Decrypt a given length of input buffer (starting at "input" and
1.111 + * containing "input_len" bytes), placing the decrypted bytes in
1.112 + * "output" and storing the output length in "*output_len_p".
1.113 + * "obj" is the return value from sec_PKCS7CreateDecryptObject.
1.114 + * When "final" is true, this is the last of the data to be decrypted.
1.115 + */
1.116 +extern SECStatus sec_PKCS7Decrypt (sec_PKCS7CipherObject *obj,
1.117 + unsigned char *output,
1.118 + unsigned int *output_len_p,
1.119 + unsigned int max_output_len,
1.120 + const unsigned char *input,
1.121 + unsigned int input_len,
1.122 + PRBool final);
1.123 +
1.124 +/*
1.125 + * Encrypt a given length of input buffer (starting at "input" and
1.126 + * containing "input_len" bytes), placing the encrypted bytes in
1.127 + * "output" and storing the output length in "*output_len_p".
1.128 + * "obj" is the return value from sec_PKCS7CreateEncryptObject.
1.129 + * When "final" is true, this is the last of the data to be encrypted.
1.130 + */
1.131 +extern SECStatus sec_PKCS7Encrypt (sec_PKCS7CipherObject *obj,
1.132 + unsigned char *output,
1.133 + unsigned int *output_len_p,
1.134 + unsigned int max_output_len,
1.135 + const unsigned char *input,
1.136 + unsigned int input_len,
1.137 + PRBool final);
1.138 +
1.139 +/************************************************************************/
1.140 +SEC_END_PROTOS
1.141 +
1.142 +#endif /* _P7LOCAL_H_ */
