1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/nss/lib/softoken/lowpbe.h Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,108 @@
1.4 +/* This Source Code Form is subject to the terms of the Mozilla Public
1.5 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.6 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.7 +
1.8 +#ifndef _SECPKCS5_H_
1.9 +#define _SECPKCS5_H_
1.10 +
1.11 +#include "plarena.h"
1.12 +#include "secitem.h"
1.13 +#include "seccomon.h"
1.14 +#include "secoidt.h"
1.15 +#include "hasht.h"
1.16 +
1.17 +typedef SECItem * (* SEC_PKCS5GetPBEPassword)(void *arg);
1.18 +
1.19 +/* used for V2 PKCS 12 Draft Spec */
1.20 +typedef enum {
1.21 + pbeBitGenIDNull = 0,
1.22 + pbeBitGenCipherKey = 0x01,
1.23 + pbeBitGenCipherIV = 0x02,
1.24 + pbeBitGenIntegrityKey = 0x03
1.25 +} PBEBitGenID;
1.26 +
1.27 +typedef enum {
1.28 + NSSPKCS5_PBKDF1 = 0,
1.29 + NSSPKCS5_PBKDF2 = 1,
1.30 + NSSPKCS5_PKCS12_V2 = 2
1.31 +} NSSPKCS5PBEType;
1.32 +
1.33 +typedef struct NSSPKCS5PBEParameterStr NSSPKCS5PBEParameter;
1.34 +
1.35 +struct NSSPKCS5PBEParameterStr {
1.36 + PLArenaPool *poolp;
1.37 + SECItem salt; /* octet string */
1.38 + SECItem iteration; /* integer */
1.39 + SECItem keyLength; /* integer */
1.40 +
1.41 + /* used locally */
1.42 + int iter;
1.43 + int keyLen;
1.44 + int ivLen;
1.45 + unsigned char *ivData;
1.46 + HASH_HashType hashType;
1.47 + NSSPKCS5PBEType pbeType;
1.48 + SECAlgorithmID prfAlg;
1.49 + PBEBitGenID keyID;
1.50 + SECOidTag encAlg;
1.51 + PRBool is2KeyDES;
1.52 +};
1.53 +
1.54 +
1.55 +SEC_BEGIN_PROTOS
1.56 +/* Create a PKCS5 Algorithm ID
1.57 + * The algorithm ID is set up using the PKCS #5 parameter structure
1.58 + * algorithm is the PBE algorithm ID for the desired algorithm
1.59 + * pbe is a pbe param block with all the info needed to create the
1.60 + * algorithm id.
1.61 + * If an error occurs or the algorithm specified is not supported
1.62 + * or is not a password based encryption algorithm, NULL is returned.
1.63 + * Otherwise, a pointer to the algorithm id is returned.
1.64 + */
1.65 +extern SECAlgorithmID *
1.66 +nsspkcs5_CreateAlgorithmID(PLArenaPool *arena, SECOidTag algorithm,
1.67 + NSSPKCS5PBEParameter *pbe);
1.68 +
1.69 +/*
1.70 + * Convert an Algorithm ID to a PBE Param.
1.71 + * NOTE: this does not suppport PKCS 5 v2 because it's only used for the
1.72 + * keyDB which only support PKCS 5 v1, PFX, and PKCS 12.
1.73 + */
1.74 +NSSPKCS5PBEParameter *
1.75 +nsspkcs5_AlgidToParam(SECAlgorithmID *algid);
1.76 +
1.77 +/*
1.78 + * Convert an Algorithm ID to a PBE Param.
1.79 + * NOTE: this does not suppport PKCS 5 v2 because it's only used for the
1.80 + * keyDB which only support PKCS 5 v1, PFX, and PKCS 12.
1.81 + */
1.82 +NSSPKCS5PBEParameter *
1.83 +nsspkcs5_NewParam(SECOidTag alg, SECItem *salt, int iterator);
1.84 +
1.85 +
1.86 +/* Encrypt/Decrypt data using password based encryption.
1.87 + * algid is the PBE algorithm identifier,
1.88 + * pwitem is the password,
1.89 + * src is the source for encryption/decryption,
1.90 + * encrypt is PR_TRUE for encryption, PR_FALSE for decryption.
1.91 + * The key and iv are generated based upon PKCS #5 then the src
1.92 + * is either encrypted or decrypted. If an error occurs, NULL
1.93 + * is returned, otherwise the ciphered contents is returned.
1.94 + */
1.95 +extern SECItem *
1.96 +nsspkcs5_CipherData(NSSPKCS5PBEParameter *, SECItem *pwitem,
1.97 + SECItem *src, PRBool encrypt, PRBool *update);
1.98 +
1.99 +extern SECItem *
1.100 +nsspkcs5_ComputeKeyAndIV(NSSPKCS5PBEParameter *, SECItem *pwitem,
1.101 + SECItem *iv, PRBool faulty3DES);
1.102 +
1.103 +/* Destroys PBE parameter */
1.104 +extern void
1.105 +nsspkcs5_DestroyPBEParameter(NSSPKCS5PBEParameter *param);
1.106 +
1.107 +HASH_HashType HASH_FromHMACOid(SECOidTag oid);
1.108 +
1.109 +SEC_END_PROTOS
1.110 +
1.111 +#endif
