Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1603)

Side by Side Diff: nss/lib/pkcs7/secpkcs7.h

Issue 2078763002: Delete bundled copy of NSS and replace with README. (Closed) Base URL: https://chromium.googlesource.com/chromium/deps/nss@master
Patch Set: Delete bundled copy of NSS and replace with README. Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « nss/lib/pkcs7/secmime.c ('k') | nss/lib/pki/asymmkey.c » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4
5 /*
6 * Interface to the PKCS7 implementation.
7 */
8
9 #ifndef _SECPKCS7_H_
10 #define _SECPKCS7_H_
11
12 #include "seccomon.h"
13
14 #include "secoidt.h"
15 #include "certt.h"
16 #include "keyt.h"
17 #include "hasht.h"
18 #include "pkcs7t.h"
19
20 extern const SEC_ASN1Template sec_PKCS7ContentInfoTemplate[];
21
22 /************************************************************************/
23 SEC_BEGIN_PROTOS
24
25 /************************************************************************
26 * Miscellaneous
27 ************************************************************************/
28
29 /*
30 * Returns the content type of the given contentInfo.
31 */
32 extern SECOidTag SEC_PKCS7ContentType (SEC_PKCS7ContentInfo *cinfo);
33
34 /*
35 * Destroy a PKCS7 contentInfo and all of its sub-pieces.
36 */
37 extern void SEC_PKCS7DestroyContentInfo(SEC_PKCS7ContentInfo *contentInfo);
38
39 /*
40 * Copy a PKCS7 contentInfo. A Destroy is needed on *each* copy.
41 */
42 extern SEC_PKCS7ContentInfo *
43 SEC_PKCS7CopyContentInfo(SEC_PKCS7ContentInfo *contentInfo);
44
45 /*
46 * Return a pointer to the actual content. In the case of those types
47 * which are encrypted, this returns the *plain* content.
48 */
49 extern SECItem *SEC_PKCS7GetContent(SEC_PKCS7ContentInfo *cinfo);
50
51 /************************************************************************
52 * PKCS7 Decoding, Verification, etc..
53 ************************************************************************/
54
55 extern SEC_PKCS7DecoderContext *
56 SEC_PKCS7DecoderStart(SEC_PKCS7DecoderContentCallback callback,
57 void *callback_arg,
58 SECKEYGetPasswordKey pwfn, void *pwfn_arg,
59 SEC_PKCS7GetDecryptKeyCallback decrypt_key_cb,
60 void *decrypt_key_cb_arg,
61 SEC_PKCS7DecryptionAllowedCallback decrypt_allowed_cb);
62
63 extern SECStatus
64 SEC_PKCS7DecoderUpdate(SEC_PKCS7DecoderContext *p7dcx,
65 const char *buf, unsigned long len);
66
67 extern SEC_PKCS7ContentInfo *
68 SEC_PKCS7DecoderFinish(SEC_PKCS7DecoderContext *p7dcx);
69
70
71 /* Abort the underlying ASN.1 stream & set an error */
72 void SEC_PKCS7DecoderAbort(SEC_PKCS7DecoderContext *p7dcx, int error);
73
74 extern SEC_PKCS7ContentInfo *
75 SEC_PKCS7DecodeItem(SECItem *p7item,
76 SEC_PKCS7DecoderContentCallback cb, void *cb_arg,
77 SECKEYGetPasswordKey pwfn, void *pwfn_arg,
78 SEC_PKCS7GetDecryptKeyCallback decrypt_key_cb,
79 void *decrypt_key_cb_arg,
80 SEC_PKCS7DecryptionAllowedCallback decrypt_allowed_cb);
81
82 extern PRBool SEC_PKCS7ContainsCertsOrCrls(SEC_PKCS7ContentInfo *cinfo);
83
84 /* checks to see if the contents of the content info is
85 * empty. it so, PR_TRUE is returned. PR_FALSE, otherwise.
86 *
87 * minLen is used to specify a minimum size. if content size <= minLen,
88 * content is assumed empty.
89 */
90 extern PRBool
91 SEC_PKCS7IsContentEmpty(SEC_PKCS7ContentInfo *cinfo, unsigned int minLen);
92
93 extern PRBool SEC_PKCS7ContentIsEncrypted(SEC_PKCS7ContentInfo *cinfo);
94
95 /*
96 * If the PKCS7 content has a signature (not just *could* have a signature)
97 * return true; false otherwise. This can/should be called before calling
98 * VerifySignature, which will always indicate failure if no signature is
99 * present, but that does not mean there even was a signature!
100 * Note that the content itself can be empty (detached content was sent
101 * another way); it is the presence of the signature that matters.
102 */
103 extern PRBool SEC_PKCS7ContentIsSigned(SEC_PKCS7ContentInfo *cinfo);
104
105 /*
106 * SEC_PKCS7VerifySignature
107 * Look at a PKCS7 contentInfo and check if the signature is good.
108 * The verification checks that the signing cert is valid and trusted
109 * for the purpose specified by "certusage".
110 *
111 * In addition, if "keepcerts" is true, add any new certificates found
112 * into our local database.
113 */
114 extern PRBool SEC_PKCS7VerifySignature(SEC_PKCS7ContentInfo *cinfo,
115 SECCertUsage certusage,
116 PRBool keepcerts);
117
118 /*
119 * SEC_PKCS7VerifyDetachedSignature
120 * Look at a PKCS7 contentInfo and check if the signature matches
121 * a passed-in digest (calculated, supposedly, from detached contents).
122 * The verification checks that the signing cert is valid and trusted
123 * for the purpose specified by "certusage".
124 *
125 * In addition, if "keepcerts" is true, add any new certificates found
126 * into our local database.
127 */
128 extern PRBool SEC_PKCS7VerifyDetachedSignature(SEC_PKCS7ContentInfo *cinfo,
129 SECCertUsage certusage,
130 const SECItem *detached_digest,
131 HASH_HashType digest_type,
132 PRBool keepcerts);
133
134 /*
135 * SEC_PKCS7VerifyDetachedSignatureAtTime
136 * Look at a PKCS7 contentInfo and check if the signature matches
137 * a passed-in digest (calculated, supposedly, from detached contents).
138 * The verification checks that the signing cert is valid and trusted
139 * for the purpose specified by "certusage" at time "atTime".
140 *
141 * In addition, if "keepcerts" is true, add any new certificates found
142 * into our local database.
143 */
144 extern PRBool
145 SEC_PKCS7VerifyDetachedSignatureAtTime(SEC_PKCS7ContentInfo *cinfo,
146 SECCertUsage certusage,
147 const SECItem *detached_digest,
148 HASH_HashType digest_type,
149 PRBool keepcerts,
150 PRTime atTime);
151
152 /*
153 * SEC_PKCS7GetSignerCommonName, SEC_PKCS7GetSignerEmailAddress
154 * The passed-in contentInfo is espected to be Signed, and these
155 * functions return the specified portion of the full signer name.
156 *
157 * Returns a pointer to allocated memory, which must be freed.
158 * A NULL return value is an error.
159 */
160 extern char *SEC_PKCS7GetSignerCommonName(SEC_PKCS7ContentInfo *cinfo);
161 extern char *SEC_PKCS7GetSignerEmailAddress(SEC_PKCS7ContentInfo *cinfo);
162
163 /*
164 * Return the the signing time, in UTCTime format, of a PKCS7 contentInfo.
165 */
166 extern SECItem *SEC_PKCS7GetSigningTime(SEC_PKCS7ContentInfo *cinfo);
167
168
169 /************************************************************************
170 * PKCS7 Creation and Encoding.
171 ************************************************************************/
172
173 /*
174 * Start a PKCS7 signing context.
175 *
176 * "cert" is the cert that will be used to sign the data. It will be
177 * checked for validity.
178 *
179 * "certusage" describes the signing usage (e.g. certUsageEmailSigner)
180 * XXX Maybe SECCertUsage should be split so that our caller just says
181 * "email" and *we* add the "signing" part -- otherwise our caller
182 * could be lying about the usage; we do not want to allow encryption
183 * certs for signing or vice versa.
184 *
185 * "certdb" is the cert database to use for verifying the cert.
186 * It can be NULL if a default database is available (like in the client).
187 *
188 * "digestalg" names the digest algorithm (e.g. SEC_OID_SHA1).
189 *
190 * "digest" is the actual digest of the data. It must be provided in
191 * the case of detached data or NULL if the content will be included.
192 *
193 * The return value can be passed to functions which add things to
194 * it like attributes, then eventually to SEC_PKCS7Encode() or to
195 * SEC_PKCS7EncoderStart() to create the encoded data, and finally to
196 * SEC_PKCS7DestroyContentInfo().
197 *
198 * An error results in a return value of NULL and an error set.
199 * (Retrieve specific errors via PORT_GetError()/XP_GetError().)
200 */
201 extern SEC_PKCS7ContentInfo *
202 SEC_PKCS7CreateSignedData (CERTCertificate *cert,
203 SECCertUsage certusage,
204 CERTCertDBHandle *certdb,
205 SECOidTag digestalg,
206 SECItem *digest,
207 SECKEYGetPasswordKey pwfn, void *pwfn_arg);
208
209 /*
210 * Create a PKCS7 certs-only container.
211 *
212 * "cert" is the (first) cert that will be included.
213 *
214 * "include_chain" specifies whether the entire chain for "cert" should
215 * be included.
216 *
217 * "certdb" is the cert database to use for finding the chain.
218 * It can be NULL in when "include_chain" is false, or when meaning
219 * use the default database.
220 *
221 * More certs and chains can be added via AddCertficate and AddCertChain.
222 *
223 * An error results in a return value of NULL and an error set.
224 * (Retrieve specific errors via PORT_GetError()/XP_GetError().)
225 */
226 extern SEC_PKCS7ContentInfo *
227 SEC_PKCS7CreateCertsOnly (CERTCertificate *cert,
228 PRBool include_chain,
229 CERTCertDBHandle *certdb);
230
231 /*
232 * Start a PKCS7 enveloping context.
233 *
234 * "cert" is the cert for the recipient. It will be checked for validity.
235 *
236 * "certusage" describes the encryption usage (e.g. certUsageEmailRecipient)
237 * XXX Maybe SECCertUsage should be split so that our caller just says
238 * "email" and *we* add the "recipient" part -- otherwise our caller
239 * could be lying about the usage; we do not want to allow encryption
240 * certs for signing or vice versa.
241 *
242 * "certdb" is the cert database to use for verifying the cert.
243 * It can be NULL if a default database is available (like in the client).
244 *
245 * "encalg" specifies the bulk encryption algorithm to use (e.g. SEC_OID_RC2).
246 *
247 * "keysize" specifies the bulk encryption key size, in bits.
248 *
249 * The return value can be passed to functions which add things to
250 * it like more recipients, then eventually to SEC_PKCS7Encode() or to
251 * SEC_PKCS7EncoderStart() to create the encoded data, and finally to
252 * SEC_PKCS7DestroyContentInfo().
253 *
254 * An error results in a return value of NULL and an error set.
255 * (Retrieve specific errors via PORT_GetError()/XP_GetError().)
256 */
257 extern SEC_PKCS7ContentInfo *
258 SEC_PKCS7CreateEnvelopedData (CERTCertificate *cert,
259 SECCertUsage certusage,
260 CERTCertDBHandle *certdb,
261 SECOidTag encalg,
262 int keysize,
263 SECKEYGetPasswordKey pwfn, void *pwfn_arg);
264
265 /*
266 * XXX There will be a similar routine for creating signedAndEnvelopedData.
267 * But its parameters will be different and I have no plans to implement
268 * it any time soon because we have no current need for it.
269 */
270
271 /*
272 * Create an empty PKCS7 data content info.
273 *
274 * An error results in a return value of NULL and an error set.
275 * (Retrieve specific errors via PORT_GetError()/XP_GetError().)
276 */
277 extern SEC_PKCS7ContentInfo *SEC_PKCS7CreateData (void);
278
279 /*
280 * Create an empty PKCS7 encrypted content info.
281 *
282 * "algorithm" specifies the bulk encryption algorithm to use.
283 *
284 * An error results in a return value of NULL and an error set.
285 * (Retrieve specific errors via PORT_GetError()/XP_GetError().)
286 */
287 extern SEC_PKCS7ContentInfo *
288 SEC_PKCS7CreateEncryptedData (SECOidTag algorithm, int keysize,
289 SECKEYGetPasswordKey pwfn, void *pwfn_arg);
290
291 /*
292 * All of the following things return SECStatus to signal success or failure.
293 * Failure should have a more specific error status available via
294 * PORT_GetError()/XP_GetError().
295 */
296
297 /*
298 * Add the specified attribute to the authenticated (i.e. signed) attributes
299 * of "cinfo" -- "oidtag" describes the attribute and "value" is the
300 * value to be associated with it. NOTE! "value" must already be encoded;
301 * no interpretation of "oidtag" is done. Also, it is assumed that this
302 * signedData has only one signer -- if we ever need to add attributes
303 * when there is more than one signature, we need a way to specify *which*
304 * signature should get the attribute.
305 *
306 * XXX Technically, a signed attribute can have multiple values; if/when
307 * we ever need to support an attribute which takes multiple values, we
308 * either need to change this interface or create an AddSignedAttributeValue
309 * which can be called subsequently, and would then append a value.
310 *
311 * "cinfo" should be of type signedData (the only kind of pkcs7 data
312 * that is allowed authenticated attributes); SECFailure will be returned
313 * if it is not.
314 */
315 extern SECStatus SEC_PKCS7AddSignedAttribute (SEC_PKCS7ContentInfo *cinfo,
316 SECOidTag oidtag,
317 SECItem *value);
318
319 /*
320 * Add "cert" and its entire chain to the set of certs included in "cinfo".
321 *
322 * "certdb" is the cert database to use for finding the chain.
323 * It can be NULL, meaning use the default database.
324 *
325 * "cinfo" should be of type signedData or signedAndEnvelopedData;
326 * SECFailure will be returned if it is not.
327 */
328 extern SECStatus SEC_PKCS7AddCertChain (SEC_PKCS7ContentInfo *cinfo,
329 CERTCertificate *cert,
330 CERTCertDBHandle *certdb);
331
332 /*
333 * Add "cert" to the set of certs included in "cinfo".
334 *
335 * "cinfo" should be of type signedData or signedAndEnvelopedData;
336 * SECFailure will be returned if it is not.
337 */
338 extern SECStatus SEC_PKCS7AddCertificate (SEC_PKCS7ContentInfo *cinfo,
339 CERTCertificate *cert);
340
341 /*
342 * Add another recipient to an encrypted message.
343 *
344 * "cinfo" should be of type envelopedData or signedAndEnvelopedData;
345 * SECFailure will be returned if it is not.
346 *
347 * "cert" is the cert for the recipient. It will be checked for validity.
348 *
349 * "certusage" describes the encryption usage (e.g. certUsageEmailRecipient)
350 * XXX Maybe SECCertUsage should be split so that our caller just says
351 * "email" and *we* add the "recipient" part -- otherwise our caller
352 * could be lying about the usage; we do not want to allow encryption
353 * certs for signing or vice versa.
354 *
355 * "certdb" is the cert database to use for verifying the cert.
356 * It can be NULL if a default database is available (like in the client).
357 */
358 extern SECStatus SEC_PKCS7AddRecipient (SEC_PKCS7ContentInfo *cinfo,
359 CERTCertificate *cert,
360 SECCertUsage certusage,
361 CERTCertDBHandle *certdb);
362
363 /*
364 * Add the signing time to the authenticated (i.e. signed) attributes
365 * of "cinfo". This is expected to be included in outgoing signed
366 * messages for email (S/MIME) but is likely useful in other situations.
367 *
368 * This should only be added once; a second call will either do
369 * nothing or replace an old signing time with a newer one.
370 *
371 * XXX This will probably just shove the current time into "cinfo"
372 * but it will not actually get signed until the entire item is
373 * processed for encoding. Is this (expected to be small) delay okay?
374 *
375 * "cinfo" should be of type signedData (the only kind of pkcs7 data
376 * that is allowed authenticated attributes); SECFailure will be returned
377 * if it is not.
378 */
379 extern SECStatus SEC_PKCS7AddSigningTime (SEC_PKCS7ContentInfo *cinfo);
380
381 /*
382 * Add the signer's symmetric capabilities to the authenticated
383 * (i.e. signed) attributes of "cinfo". This is expected to be
384 * included in outgoing signed messages for email (S/MIME).
385 *
386 * This can only be added once; a second call will return SECFailure.
387 *
388 * "cinfo" should be of type signedData or signedAndEnvelopedData;
389 * SECFailure will be returned if it is not.
390 */
391 extern SECStatus SEC_PKCS7AddSymmetricCapabilities(SEC_PKCS7ContentInfo *cinfo);
392
393 /*
394 * Mark that the signer's certificate and its issuing chain should
395 * be included in the encoded data. This is expected to be used
396 * in outgoing signed messages for email (S/MIME).
397 *
398 * "certdb" is the cert database to use for finding the chain.
399 * It can be NULL, meaning use the default database.
400 *
401 * "cinfo" should be of type signedData or signedAndEnvelopedData;
402 * SECFailure will be returned if it is not.
403 */
404 extern SECStatus SEC_PKCS7IncludeCertChain (SEC_PKCS7ContentInfo *cinfo,
405 CERTCertDBHandle *certdb);
406
407
408 /*
409 * Set the content; it will be included and also hashed and/or encrypted
410 * as appropriate. This is for in-memory content (expected to be "small")
411 * that will be included in the PKCS7 object. All others should stream the
412 * content through when encoding (see SEC_PKCS7Encoder{Start,Update,Finish}).
413 *
414 * "buf" points to data of length "len"; it will be copied.
415 */
416 extern SECStatus SEC_PKCS7SetContent (SEC_PKCS7ContentInfo *cinfo,
417 const char *buf, unsigned long len);
418
419 /*
420 * Encode a PKCS7 object, in one shot. All necessary components
421 * of the object must already be specified. Either the data has
422 * already been included (via SetContent), or the data is detached,
423 * or there is no data at all (certs-only).
424 *
425 * "cinfo" specifies the object to be encoded.
426 *
427 * "outputfn" is where the encoded bytes will be passed.
428 *
429 * "outputarg" is an opaque argument to the above callback.
430 *
431 * "bulkkey" specifies the bulk encryption key to use. This argument
432 * can be NULL if no encryption is being done, or if the bulk key should
433 * be generated internally (usually the case for EnvelopedData but never
434 * for EncryptedData, which *must* provide a bulk encryption key).
435 *
436 * "pwfn" is a callback for getting the password which protects the
437 * private key of the signer. This argument can be NULL if it is known
438 * that no signing is going to be done.
439 *
440 * "pwfnarg" is an opaque argument to the above callback.
441 */
442 extern SECStatus SEC_PKCS7Encode (SEC_PKCS7ContentInfo *cinfo,
443 SEC_PKCS7EncoderOutputCallback outputfn,
444 void *outputarg,
445 PK11SymKey *bulkkey,
446 SECKEYGetPasswordKey pwfn,
447 void *pwfnarg);
448
449 /*
450 * Encode a PKCS7 object, in one shot. All necessary components
451 * of the object must already be specified. Either the data has
452 * already been included (via SetContent), or the data is detached,
453 * or there is no data at all (certs-only). The output, rather than
454 * being passed to an output function as is done above, is all put
455 * into a SECItem.
456 *
457 * "pool" specifies a pool from which to allocate the result.
458 * It can be NULL, in which case memory is allocated generically.
459 *
460 * "dest" specifies a SECItem in which to put the result data.
461 * It can be NULL, in which case the entire item is allocated, too.
462 *
463 * "cinfo" specifies the object to be encoded.
464 *
465 * "bulkkey" specifies the bulk encryption key to use. This argument
466 * can be NULL if no encryption is being done, or if the bulk key should
467 * be generated internally (usually the case for EnvelopedData but never
468 * for EncryptedData, which *must* provide a bulk encryption key).
469 *
470 * "pwfn" is a callback for getting the password which protects the
471 * private key of the signer. This argument can be NULL if it is known
472 * that no signing is going to be done.
473 *
474 * "pwfnarg" is an opaque argument to the above callback.
475 */
476 extern SECItem *SEC_PKCS7EncodeItem (PLArenaPool *pool,
477 SECItem *dest,
478 SEC_PKCS7ContentInfo *cinfo,
479 PK11SymKey *bulkkey,
480 SECKEYGetPasswordKey pwfn,
481 void *pwfnarg);
482
483 /*
484 * For those who want to simply point to the pkcs7 contentInfo ASN.1
485 * template, and *not* call the encoding functions directly, the
486 * following function can be used -- after it is called, the entire
487 * PKCS7 contentInfo is ready to be encoded.
488 */
489 extern SECStatus SEC_PKCS7PrepareForEncode (SEC_PKCS7ContentInfo *cinfo,
490 PK11SymKey *bulkkey,
491 SECKEYGetPasswordKey pwfn,
492 void *pwfnarg);
493
494 /*
495 * Start the process of encoding a PKCS7 object. The first part of
496 * the encoded object will be passed to the output function right away;
497 * after that it is expected that SEC_PKCS7EncoderUpdate will be called,
498 * streaming in the actual content that is getting included as well as
499 * signed or encrypted (or both).
500 *
501 * "cinfo" specifies the object to be encoded.
502 *
503 * "outputfn" is where the encoded bytes will be passed.
504 *
505 * "outputarg" is an opaque argument to the above callback.
506 *
507 * "bulkkey" specifies the bulk encryption key to use. This argument
508 * can be NULL if no encryption is being done, or if the bulk key should
509 * be generated internally (usually the case for EnvelopedData but never
510 * for EncryptedData, which *must* provide a bulk encryption key).
511 *
512 * Returns an object to be passed to EncoderUpdate and EncoderFinish.
513 */
514 extern SEC_PKCS7EncoderContext *
515 SEC_PKCS7EncoderStart (SEC_PKCS7ContentInfo *cinfo,
516 SEC_PKCS7EncoderOutputCallback outputfn,
517 void *outputarg,
518 PK11SymKey *bulkkey);
519
520 /*
521 * Encode more contents, hashing and/or encrypting along the way.
522 */
523 extern SECStatus SEC_PKCS7EncoderUpdate (SEC_PKCS7EncoderContext *p7ecx,
524 const char *buf,
525 unsigned long len);
526
527 /*
528 * No more contents; finish the signature creation, if appropriate,
529 * and then the encoding.
530 *
531 * "pwfn" is a callback for getting the password which protects the
532 * signer's private key. This argument can be NULL if it is known
533 * that no signing is going to be done.
534 *
535 * "pwfnarg" is an opaque argument to the above callback.
536 */
537 extern SECStatus SEC_PKCS7EncoderFinish (SEC_PKCS7EncoderContext *p7ecx,
538 SECKEYGetPasswordKey pwfn,
539 void *pwfnarg);
540
541 /* Abort the underlying ASN.1 stream & set an error */
542 void SEC_PKCS7EncoderAbort(SEC_PKCS7EncoderContext *p7dcx, int error);
543
544 /* retrieve the algorithm ID used to encrypt the content info
545 * for encrypted and enveloped data. The SECAlgorithmID pointer
546 * returned needs to be freed as it is a copy of the algorithm
547 * id in the content info.
548 */
549 extern SECAlgorithmID *
550 SEC_PKCS7GetEncryptionAlgorithm(SEC_PKCS7ContentInfo *cinfo);
551
552 /* the content of an encrypted data content info is encrypted.
553 * it is assumed that for encrypted data, that the data has already
554 * been set and is in the "plainContent" field of the content info.
555 *
556 * cinfo is the content info to encrypt
557 *
558 * key is the key with which to perform the encryption. if the
559 * algorithm is a password based encryption algorithm, the
560 * key is actually a password which will be processed per
561 * PKCS #5.
562 *
563 * in the event of an error, SECFailure is returned. SECSuccess
564 * indicates a success.
565 */
566 extern SECStatus
567 SEC_PKCS7EncryptContents(PLArenaPool *poolp,
568 SEC_PKCS7ContentInfo *cinfo,
569 SECItem *key,
570 void *wincx);
571
572 /* the content of an encrypted data content info is decrypted.
573 * it is assumed that for encrypted data, that the data has already
574 * been set and is in the "encContent" field of the content info.
575 *
576 * cinfo is the content info to decrypt
577 *
578 * key is the key with which to perform the decryption. if the
579 * algorithm is a password based encryption algorithm, the
580 * key is actually a password which will be processed per
581 * PKCS #5.
582 *
583 * in the event of an error, SECFailure is returned. SECSuccess
584 * indicates a success.
585 */
586 extern SECStatus
587 SEC_PKCS7DecryptContents(PLArenaPool *poolp,
588 SEC_PKCS7ContentInfo *cinfo,
589 SECItem *key,
590 void *wincx);
591
592 /* retrieve the certificate list from the content info. the list
593 * is a pointer to the list in the content info. this should not
594 * be deleted or freed in any way short of calling
595 * SEC_PKCS7DestroyContentInfo
596 */
597 extern SECItem **
598 SEC_PKCS7GetCertificateList(SEC_PKCS7ContentInfo *cinfo);
599
600 /* Returns the key length (in bits) of the algorithm used to encrypt
601 this object. Returns 0 if it's not encrypted, or the key length is
602 irrelevant. */
603 extern int
604 SEC_PKCS7GetKeyLength(SEC_PKCS7ContentInfo *cinfo);
605
606
607 /************************************************************************/
608 SEC_END_PROTOS
609
610 #endif /* _SECPKCS7_H_ */
OLDNEW
« no previous file with comments | « nss/lib/pkcs7/secmime.c ('k') | nss/lib/pki/asymmkey.c » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698