security/nss/lib/softoken/lowpbe.h@6474c204b198
security/nss/lib/softoken/lowpbe.h
Wed, 31 Dec 2014 06:09:35 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 31 Dec 2014 06:09:35 +0100
- changeset 0
- 6474c204b198
- permissions
- -rw-r--r--
Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.
1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
5 #ifndef _SECPKCS5_H_
6 #define _SECPKCS5_H_
8 #include "plarena.h"
9 #include "secitem.h"
10 #include "seccomon.h"
11 #include "secoidt.h"
12 #include "hasht.h"
14 typedef SECItem * (* SEC_PKCS5GetPBEPassword)(void *arg);
16 /* used for V2 PKCS 12 Draft Spec */
17 typedef enum {
18 pbeBitGenIDNull = 0,
19 pbeBitGenCipherKey = 0x01,
20 pbeBitGenCipherIV = 0x02,
21 pbeBitGenIntegrityKey = 0x03
22 } PBEBitGenID;
24 typedef enum {
25 NSSPKCS5_PBKDF1 = 0,
26 NSSPKCS5_PBKDF2 = 1,
27 NSSPKCS5_PKCS12_V2 = 2
28 } NSSPKCS5PBEType;
30 typedef struct NSSPKCS5PBEParameterStr NSSPKCS5PBEParameter;
32 struct NSSPKCS5PBEParameterStr {
33 PLArenaPool *poolp;
34 SECItem salt; /* octet string */
35 SECItem iteration; /* integer */
36 SECItem keyLength; /* integer */
38 /* used locally */
39 int iter;
40 int keyLen;
41 int ivLen;
42 unsigned char *ivData;
43 HASH_HashType hashType;
44 NSSPKCS5PBEType pbeType;
45 SECAlgorithmID prfAlg;
46 PBEBitGenID keyID;
47 SECOidTag encAlg;
48 PRBool is2KeyDES;
49 };
52 SEC_BEGIN_PROTOS
53 /* Create a PKCS5 Algorithm ID
54 * The algorithm ID is set up using the PKCS #5 parameter structure
55 * algorithm is the PBE algorithm ID for the desired algorithm
56 * pbe is a pbe param block with all the info needed to create the
57 * algorithm id.
58 * If an error occurs or the algorithm specified is not supported
59 * or is not a password based encryption algorithm, NULL is returned.
60 * Otherwise, a pointer to the algorithm id is returned.
61 */
62 extern SECAlgorithmID *
63 nsspkcs5_CreateAlgorithmID(PLArenaPool *arena, SECOidTag algorithm,
64 NSSPKCS5PBEParameter *pbe);
66 /*
67 * Convert an Algorithm ID to a PBE Param.
68 * NOTE: this does not suppport PKCS 5 v2 because it's only used for the
69 * keyDB which only support PKCS 5 v1, PFX, and PKCS 12.
70 */
71 NSSPKCS5PBEParameter *
72 nsspkcs5_AlgidToParam(SECAlgorithmID *algid);
74 /*
75 * Convert an Algorithm ID to a PBE Param.
76 * NOTE: this does not suppport PKCS 5 v2 because it's only used for the
77 * keyDB which only support PKCS 5 v1, PFX, and PKCS 12.
78 */
79 NSSPKCS5PBEParameter *
80 nsspkcs5_NewParam(SECOidTag alg, SECItem *salt, int iterator);
83 /* Encrypt/Decrypt data using password based encryption.
84 * algid is the PBE algorithm identifier,
85 * pwitem is the password,
86 * src is the source for encryption/decryption,
87 * encrypt is PR_TRUE for encryption, PR_FALSE for decryption.
88 * The key and iv are generated based upon PKCS #5 then the src
89 * is either encrypted or decrypted. If an error occurs, NULL
90 * is returned, otherwise the ciphered contents is returned.
91 */
92 extern SECItem *
93 nsspkcs5_CipherData(NSSPKCS5PBEParameter *, SECItem *pwitem,
94 SECItem *src, PRBool encrypt, PRBool *update);
96 extern SECItem *
97 nsspkcs5_ComputeKeyAndIV(NSSPKCS5PBEParameter *, SECItem *pwitem,
98 SECItem *iv, PRBool faulty3DES);
100 /* Destroys PBE parameter */
101 extern void
102 nsspkcs5_DestroyPBEParameter(NSSPKCS5PBEParameter *param);
104 HASH_HashType HASH_FromHMACOid(SECOidTag oid);
106 SEC_END_PROTOS
108 #endif
