1 /* This Source Code Form is subject to the terms of the Mozilla Public 2 * License, v. 2.0. If a copy of the MPL was not distributed with this 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 4 5 /* 6 * Support routines for PKCS7 implementation, none of which are exported. 7 * This file should only contain things that are needed by both the 8 * encoding/creation side *and* the decoding/decryption side. Anything 9 * else should just be static routines in the appropriate file. 10 * 11 * Do not export this file! If something in here is really needed outside 12 * of pkcs7 code, first try to add a PKCS7 interface which will do it for 13 * you. If that has a problem, then just move out what you need, changing 14 * its name as appropriate! 15 */ 16 17 #ifndef _P7LOCAL_H_ 18 #define _P7LOCAL_H_ 19 20 #include "secpkcs7.h" 21 #include "secasn1t.h" 22 23 extern const SEC_ASN1Template sec_PKCS7ContentInfoTemplate[]; 24 25 /* opaque objects */ 26 typedef struct sec_pkcs7_cipher_object sec_PKCS7CipherObject; 27 28 /************************************************************************/ 29 SEC_BEGIN_PROTOS 30 31 /* 32 * Look through a set of attributes and find one that matches the 33 * specified object ID. If "only" is true, then make sure that 34 * there is not more than one attribute of the same type. Otherwise, 35 * just return the first one found. (XXX Does anybody really want 36 * that first-found behavior? It was like that when I found it...) 37 */ 38 extern SEC_PKCS7Attribute *sec_PKCS7FindAttribute(SEC_PKCS7Attribute **attrs, 39 SECOidTag oidtag, 40 PRBool only); 41 /* 42 * Return the single attribute value, doing some sanity checking first: 43 * - Multiple values are *not* expected. 44 * - Empty values are *not* expected. 45 */ 46 extern SECItem *sec_PKCS7AttributeValue(SEC_PKCS7Attribute *attr); 47 48 /* 49 * Encode a set of attributes (found in "src"). 50 */ 51 extern SECItem *sec_PKCS7EncodeAttributes(PLArenaPool *poolp, 52 SECItem *dest, void *src); 53 54 /* 55 * Make sure that the order of the attributes guarantees valid DER 56 * (which must be in lexigraphically ascending order for a SET OF); 57 * if reordering is necessary it will be done in place (in attrs). 58 */ 59 extern SECStatus sec_PKCS7ReorderAttributes(SEC_PKCS7Attribute **attrs); 60 61 /* 62 * Create a context for decrypting, based on the given key and algorithm. 63 */ 64 extern sec_PKCS7CipherObject * 65 sec_PKCS7CreateDecryptObject(PK11SymKey *key, SECAlgorithmID *algid); 66 67 /* 68 * Create a context for encrypting, based on the given key and algorithm, 69 * and fill in the algorithm id. 70 */ 71 extern sec_PKCS7CipherObject * 72 sec_PKCS7CreateEncryptObject(PLArenaPool *poolp, PK11SymKey *key, 73 SECOidTag algtag, SECAlgorithmID *algid); 74 75 /* 76 * Destroy the given decryption or encryption object. 77 */ 78 extern void sec_PKCS7DestroyDecryptObject(sec_PKCS7CipherObject *obj); 79 extern void sec_PKCS7DestroyEncryptObject(sec_PKCS7CipherObject *obj); 80 81 /* 82 * What will be the output length of the next call to encrypt/decrypt? 83 * Result can be used to perform memory allocations. Note that the amount 84 * is exactly accurate only when not doing a block cipher or when final 85 * is false, otherwise it is an upper bound on the amount because until 86 * we see the data we do not know how many padding bytes there are 87 * (always between 1 and the cipher block size). 88 * 89 * Note that this can return zero, which does not mean that the cipher 90 * operation can be skipped! (It simply means that there are not enough 91 * bytes to make up an entire block; the bytes will be reserved until 92 * there are enough to encrypt/decrypt at least one block.) However, 93 * if zero is returned it *does* mean that no output buffer need be 94 * passed in to the subsequent cipher operation, as no output bytes 95 * will be stored. 96 */ 97 extern unsigned int sec_PKCS7DecryptLength(sec_PKCS7CipherObject *obj, 98 unsigned int input_len, 99 PRBool final); 100 extern unsigned int sec_PKCS7EncryptLength(sec_PKCS7CipherObject *obj, 101 unsigned int input_len, 102 PRBool final); 103 104 /* 105 * Decrypt a given length of input buffer (starting at "input" and 106 * containing "input_len" bytes), placing the decrypted bytes in 107 * "output" and storing the output length in "*output_len_p". 108 * "obj" is the return value from sec_PKCS7CreateDecryptObject. 109 * When "final" is true, this is the last of the data to be decrypted. 110 */ 111 extern SECStatus sec_PKCS7Decrypt(sec_PKCS7CipherObject *obj, 112 unsigned char *output, 113 unsigned int *output_len_p, 114 unsigned int max_output_len, 115 const unsigned char *input, 116 unsigned int input_len, 117 PRBool final); 118 119 /* 120 * Encrypt a given length of input buffer (starting at "input" and 121 * containing "input_len" bytes), placing the encrypted bytes in 122 * "output" and storing the output length in "*output_len_p". 123 * "obj" is the return value from sec_PKCS7CreateEncryptObject. 124 * When "final" is true, this is the last of the data to be encrypted. 125 */ 126 extern SECStatus sec_PKCS7Encrypt(sec_PKCS7CipherObject *obj, 127 unsigned char *output, 128 unsigned int *output_len_p, 129 unsigned int max_output_len, 130 const unsigned char *input, 131 unsigned int input_len, 132 PRBool final); 133 134 /************************************************************************/ 135 SEC_END_PROTOS 136 137 #endif /* _P7LOCAL_H_ */ 138