PageRenderTime 33ms CodeModel.GetById 9ms RepoModel.GetById 0ms app.codeStats 0ms

/gecko_api/include/secpkcs7.h

http://firefox-mac-pdf.googlecode.com/
C Header | 626 lines | 137 code | 59 blank | 430 comment | 0 complexity | 356c813edc392d11464ce53d70ef699f MD5 | raw file
  1. /* ***** BEGIN LICENSE BLOCK *****
  2. * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  3. *
  4. * The contents of this file are subject to the Mozilla Public License Version
  5. * 1.1 (the "License"); you may not use this file except in compliance with
  6. * the License. You may obtain a copy of the License at
  7. * http://www.mozilla.org/MPL/
  8. *
  9. * Software distributed under the License is distributed on an "AS IS" basis,
  10. * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
  11. * for the specific language governing rights and limitations under the
  12. * License.
  13. *
  14. * The Original Code is the Netscape security libraries.
  15. *
  16. * The Initial Developer of the Original Code is
  17. * Netscape Communications Corporation.
  18. * Portions created by the Initial Developer are Copyright (C) 1994-2000
  19. * the Initial Developer. All Rights Reserved.
  20. *
  21. * Contributor(s):
  22. *
  23. * Alternatively, the contents of this file may be used under the terms of
  24. * either the GNU General Public License Version 2 or later (the "GPL"), or
  25. * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
  26. * in which case the provisions of the GPL or the LGPL are applicable instead
  27. * of those above. If you wish to allow use of your version of this file only
  28. * under the terms of either the GPL or the LGPL, and not to allow others to
  29. * use your version of this file under the terms of the MPL, indicate your
  30. * decision by deleting the provisions above and replace them with the notice
  31. * and other provisions required by the GPL or the LGPL. If you do not delete
  32. * the provisions above, a recipient may use your version of this file under
  33. * the terms of any one of the MPL, the GPL or the LGPL.
  34. *
  35. * ***** END LICENSE BLOCK ***** */
  36. /*
  37. * Interface to the PKCS7 implementation.
  38. *
  39. * $Id: secpkcs7.h,v 1.5 2004/04/25 15:03:13 gerv%gerv.net Exp $
  40. */
  41. #ifndef _SECPKCS7_H_
  42. #define _SECPKCS7_H_
  43. #include "seccomon.h"
  44. #include "secoidt.h"
  45. #include "certt.h"
  46. #include "keyt.h"
  47. #include "hasht.h"
  48. #include "pkcs7t.h"
  49. extern const SEC_ASN1Template sec_PKCS7ContentInfoTemplate[];
  50. /************************************************************************/
  51. SEC_BEGIN_PROTOS
  52. /************************************************************************
  53. * Miscellaneous
  54. ************************************************************************/
  55. /*
  56. * Returns the content type of the given contentInfo.
  57. */
  58. extern SECOidTag SEC_PKCS7ContentType (SEC_PKCS7ContentInfo *cinfo);
  59. /*
  60. * Destroy a PKCS7 contentInfo and all of its sub-pieces.
  61. */
  62. extern void SEC_PKCS7DestroyContentInfo(SEC_PKCS7ContentInfo *contentInfo);
  63. /*
  64. * Copy a PKCS7 contentInfo. A Destroy is needed on *each* copy.
  65. */
  66. extern SEC_PKCS7ContentInfo *
  67. SEC_PKCS7CopyContentInfo(SEC_PKCS7ContentInfo *contentInfo);
  68. /*
  69. * Return a pointer to the actual content. In the case of those types
  70. * which are encrypted, this returns the *plain* content.
  71. */
  72. extern SECItem *SEC_PKCS7GetContent(SEC_PKCS7ContentInfo *cinfo);
  73. /************************************************************************
  74. * PKCS7 Decoding, Verification, etc..
  75. ************************************************************************/
  76. extern SEC_PKCS7DecoderContext *
  77. SEC_PKCS7DecoderStart(SEC_PKCS7DecoderContentCallback callback,
  78. void *callback_arg,
  79. SECKEYGetPasswordKey pwfn, void *pwfn_arg,
  80. SEC_PKCS7GetDecryptKeyCallback decrypt_key_cb,
  81. void *decrypt_key_cb_arg,
  82. SEC_PKCS7DecryptionAllowedCallback decrypt_allowed_cb);
  83. extern SECStatus
  84. SEC_PKCS7DecoderUpdate(SEC_PKCS7DecoderContext *p7dcx,
  85. const char *buf, unsigned long len);
  86. extern SEC_PKCS7ContentInfo *
  87. SEC_PKCS7DecoderFinish(SEC_PKCS7DecoderContext *p7dcx);
  88. /* Abort the underlying ASN.1 stream & set an error */
  89. void SEC_PKCS7DecoderAbort(SEC_PKCS7DecoderContext *p7dcx, int error);
  90. extern SEC_PKCS7ContentInfo *
  91. SEC_PKCS7DecodeItem(SECItem *p7item,
  92. SEC_PKCS7DecoderContentCallback cb, void *cb_arg,
  93. SECKEYGetPasswordKey pwfn, void *pwfn_arg,
  94. SEC_PKCS7GetDecryptKeyCallback decrypt_key_cb,
  95. void *decrypt_key_cb_arg,
  96. SEC_PKCS7DecryptionAllowedCallback decrypt_allowed_cb);
  97. extern PRBool SEC_PKCS7ContainsCertsOrCrls(SEC_PKCS7ContentInfo *cinfo);
  98. /* checks to see if the contents of the content info is
  99. * empty. it so, PR_TRUE is returned. PR_FALSE, otherwise.
  100. *
  101. * minLen is used to specify a minimum size. if content size <= minLen,
  102. * content is assumed empty.
  103. */
  104. extern PRBool
  105. SEC_PKCS7IsContentEmpty(SEC_PKCS7ContentInfo *cinfo, unsigned int minLen);
  106. extern PRBool SEC_PKCS7ContentIsEncrypted(SEC_PKCS7ContentInfo *cinfo);
  107. /*
  108. * If the PKCS7 content has a signature (not just *could* have a signature)
  109. * return true; false otherwise. This can/should be called before calling
  110. * VerifySignature, which will always indicate failure if no signature is
  111. * present, but that does not mean there even was a signature!
  112. * Note that the content itself can be empty (detached content was sent
  113. * another way); it is the presence of the signature that matters.
  114. */
  115. extern PRBool SEC_PKCS7ContentIsSigned(SEC_PKCS7ContentInfo *cinfo);
  116. /*
  117. * SEC_PKCS7VerifySignature
  118. * Look at a PKCS7 contentInfo and check if the signature is good.
  119. * The verification checks that the signing cert is valid and trusted
  120. * for the purpose specified by "certusage".
  121. *
  122. * In addition, if "keepcerts" is true, add any new certificates found
  123. * into our local database.
  124. */
  125. extern PRBool SEC_PKCS7VerifySignature(SEC_PKCS7ContentInfo *cinfo,
  126. SECCertUsage certusage,
  127. PRBool keepcerts);
  128. /*
  129. * SEC_PKCS7VerifyDetachedSignature
  130. * Look at a PKCS7 contentInfo and check if the signature matches
  131. * a passed-in digest (calculated, supposedly, from detached contents).
  132. * The verification checks that the signing cert is valid and trusted
  133. * for the purpose specified by "certusage".
  134. *
  135. * In addition, if "keepcerts" is true, add any new certificates found
  136. * into our local database.
  137. */
  138. extern PRBool SEC_PKCS7VerifyDetachedSignature(SEC_PKCS7ContentInfo *cinfo,
  139. SECCertUsage certusage,
  140. SECItem *detached_digest,
  141. HASH_HashType digest_type,
  142. PRBool keepcerts);
  143. /*
  144. * SEC_PKCS7GetSignerCommonName, SEC_PKCS7GetSignerEmailAddress
  145. * The passed-in contentInfo is espected to be Signed, and these
  146. * functions return the specified portion of the full signer name.
  147. *
  148. * Returns a pointer to allocated memory, which must be freed.
  149. * A NULL return value is an error.
  150. */
  151. extern char *SEC_PKCS7GetSignerCommonName(SEC_PKCS7ContentInfo *cinfo);
  152. extern char *SEC_PKCS7GetSignerEmailAddress(SEC_PKCS7ContentInfo *cinfo);
  153. /*
  154. * Return the the signing time, in UTCTime format, of a PKCS7 contentInfo.
  155. */
  156. extern SECItem *SEC_PKCS7GetSigningTime(SEC_PKCS7ContentInfo *cinfo);
  157. /************************************************************************
  158. * PKCS7 Creation and Encoding.
  159. ************************************************************************/
  160. /*
  161. * Start a PKCS7 signing context.
  162. *
  163. * "cert" is the cert that will be used to sign the data. It will be
  164. * checked for validity.
  165. *
  166. * "certusage" describes the signing usage (e.g. certUsageEmailSigner)
  167. * XXX Maybe SECCertUsage should be split so that our caller just says
  168. * "email" and *we* add the "signing" part -- otherwise our caller
  169. * could be lying about the usage; we do not want to allow encryption
  170. * certs for signing or vice versa.
  171. *
  172. * "certdb" is the cert database to use for verifying the cert.
  173. * It can be NULL if a default database is available (like in the client).
  174. *
  175. * "digestalg" names the digest algorithm (e.g. SEC_OID_SHA1).
  176. *
  177. * "digest" is the actual digest of the data. It must be provided in
  178. * the case of detached data or NULL if the content will be included.
  179. *
  180. * The return value can be passed to functions which add things to
  181. * it like attributes, then eventually to SEC_PKCS7Encode() or to
  182. * SEC_PKCS7EncoderStart() to create the encoded data, and finally to
  183. * SEC_PKCS7DestroyContentInfo().
  184. *
  185. * An error results in a return value of NULL and an error set.
  186. * (Retrieve specific errors via PORT_GetError()/XP_GetError().)
  187. */
  188. extern SEC_PKCS7ContentInfo *
  189. SEC_PKCS7CreateSignedData (CERTCertificate *cert,
  190. SECCertUsage certusage,
  191. CERTCertDBHandle *certdb,
  192. SECOidTag digestalg,
  193. SECItem *digest,
  194. SECKEYGetPasswordKey pwfn, void *pwfn_arg);
  195. /*
  196. * Create a PKCS7 certs-only container.
  197. *
  198. * "cert" is the (first) cert that will be included.
  199. *
  200. * "include_chain" specifies whether the entire chain for "cert" should
  201. * be included.
  202. *
  203. * "certdb" is the cert database to use for finding the chain.
  204. * It can be NULL in when "include_chain" is false, or when meaning
  205. * use the default database.
  206. *
  207. * More certs and chains can be added via AddCertficate and AddCertChain.
  208. *
  209. * An error results in a return value of NULL and an error set.
  210. * (Retrieve specific errors via PORT_GetError()/XP_GetError().)
  211. */
  212. extern SEC_PKCS7ContentInfo *
  213. SEC_PKCS7CreateCertsOnly (CERTCertificate *cert,
  214. PRBool include_chain,
  215. CERTCertDBHandle *certdb);
  216. /*
  217. * Start a PKCS7 enveloping context.
  218. *
  219. * "cert" is the cert for the recipient. It will be checked for validity.
  220. *
  221. * "certusage" describes the encryption usage (e.g. certUsageEmailRecipient)
  222. * XXX Maybe SECCertUsage should be split so that our caller just says
  223. * "email" and *we* add the "recipient" part -- otherwise our caller
  224. * could be lying about the usage; we do not want to allow encryption
  225. * certs for signing or vice versa.
  226. *
  227. * "certdb" is the cert database to use for verifying the cert.
  228. * It can be NULL if a default database is available (like in the client).
  229. *
  230. * "encalg" specifies the bulk encryption algorithm to use (e.g. SEC_OID_RC2).
  231. *
  232. * "keysize" specifies the bulk encryption key size, in bits.
  233. *
  234. * The return value can be passed to functions which add things to
  235. * it like more recipients, then eventually to SEC_PKCS7Encode() or to
  236. * SEC_PKCS7EncoderStart() to create the encoded data, and finally to
  237. * SEC_PKCS7DestroyContentInfo().
  238. *
  239. * An error results in a return value of NULL and an error set.
  240. * (Retrieve specific errors via PORT_GetError()/XP_GetError().)
  241. */
  242. extern SEC_PKCS7ContentInfo *
  243. SEC_PKCS7CreateEnvelopedData (CERTCertificate *cert,
  244. SECCertUsage certusage,
  245. CERTCertDBHandle *certdb,
  246. SECOidTag encalg,
  247. int keysize,
  248. SECKEYGetPasswordKey pwfn, void *pwfn_arg);
  249. /*
  250. * XXX There will be a similar routine for creating signedAndEnvelopedData.
  251. * But its parameters will be different and I have no plans to implement
  252. * it any time soon because we have no current need for it.
  253. */
  254. /*
  255. * Create an empty PKCS7 data content info.
  256. *
  257. * An error results in a return value of NULL and an error set.
  258. * (Retrieve specific errors via PORT_GetError()/XP_GetError().)
  259. */
  260. extern SEC_PKCS7ContentInfo *SEC_PKCS7CreateData (void);
  261. /*
  262. * Create an empty PKCS7 encrypted content info.
  263. *
  264. * "algorithm" specifies the bulk encryption algorithm to use.
  265. *
  266. * An error results in a return value of NULL and an error set.
  267. * (Retrieve specific errors via PORT_GetError()/XP_GetError().)
  268. */
  269. extern SEC_PKCS7ContentInfo *
  270. SEC_PKCS7CreateEncryptedData (SECOidTag algorithm, int keysize,
  271. SECKEYGetPasswordKey pwfn, void *pwfn_arg);
  272. /*
  273. * All of the following things return SECStatus to signal success or failure.
  274. * Failure should have a more specific error status available via
  275. * PORT_GetError()/XP_GetError().
  276. */
  277. /*
  278. * Add the specified attribute to the authenticated (i.e. signed) attributes
  279. * of "cinfo" -- "oidtag" describes the attribute and "value" is the
  280. * value to be associated with it. NOTE! "value" must already be encoded;
  281. * no interpretation of "oidtag" is done. Also, it is assumed that this
  282. * signedData has only one signer -- if we ever need to add attributes
  283. * when there is more than one signature, we need a way to specify *which*
  284. * signature should get the attribute.
  285. *
  286. * XXX Technically, a signed attribute can have multiple values; if/when
  287. * we ever need to support an attribute which takes multiple values, we
  288. * either need to change this interface or create an AddSignedAttributeValue
  289. * which can be called subsequently, and would then append a value.
  290. *
  291. * "cinfo" should be of type signedData (the only kind of pkcs7 data
  292. * that is allowed authenticated attributes); SECFailure will be returned
  293. * if it is not.
  294. */
  295. extern SECStatus SEC_PKCS7AddSignedAttribute (SEC_PKCS7ContentInfo *cinfo,
  296. SECOidTag oidtag,
  297. SECItem *value);
  298. /*
  299. * Add "cert" and its entire chain to the set of certs included in "cinfo".
  300. *
  301. * "certdb" is the cert database to use for finding the chain.
  302. * It can be NULL, meaning use the default database.
  303. *
  304. * "cinfo" should be of type signedData or signedAndEnvelopedData;
  305. * SECFailure will be returned if it is not.
  306. */
  307. extern SECStatus SEC_PKCS7AddCertChain (SEC_PKCS7ContentInfo *cinfo,
  308. CERTCertificate *cert,
  309. CERTCertDBHandle *certdb);
  310. /*
  311. * Add "cert" to the set of certs included in "cinfo".
  312. *
  313. * "cinfo" should be of type signedData or signedAndEnvelopedData;
  314. * SECFailure will be returned if it is not.
  315. */
  316. extern SECStatus SEC_PKCS7AddCertificate (SEC_PKCS7ContentInfo *cinfo,
  317. CERTCertificate *cert);
  318. /*
  319. * Add another recipient to an encrypted message.
  320. *
  321. * "cinfo" should be of type envelopedData or signedAndEnvelopedData;
  322. * SECFailure will be returned if it is not.
  323. *
  324. * "cert" is the cert for the recipient. It will be checked for validity.
  325. *
  326. * "certusage" describes the encryption usage (e.g. certUsageEmailRecipient)
  327. * XXX Maybe SECCertUsage should be split so that our caller just says
  328. * "email" and *we* add the "recipient" part -- otherwise our caller
  329. * could be lying about the usage; we do not want to allow encryption
  330. * certs for signing or vice versa.
  331. *
  332. * "certdb" is the cert database to use for verifying the cert.
  333. * It can be NULL if a default database is available (like in the client).
  334. */
  335. extern SECStatus SEC_PKCS7AddRecipient (SEC_PKCS7ContentInfo *cinfo,
  336. CERTCertificate *cert,
  337. SECCertUsage certusage,
  338. CERTCertDBHandle *certdb);
  339. /*
  340. * Add the signing time to the authenticated (i.e. signed) attributes
  341. * of "cinfo". This is expected to be included in outgoing signed
  342. * messages for email (S/MIME) but is likely useful in other situations.
  343. *
  344. * This should only be added once; a second call will either do
  345. * nothing or replace an old signing time with a newer one.
  346. *
  347. * XXX This will probably just shove the current time into "cinfo"
  348. * but it will not actually get signed until the entire item is
  349. * processed for encoding. Is this (expected to be small) delay okay?
  350. *
  351. * "cinfo" should be of type signedData (the only kind of pkcs7 data
  352. * that is allowed authenticated attributes); SECFailure will be returned
  353. * if it is not.
  354. */
  355. extern SECStatus SEC_PKCS7AddSigningTime (SEC_PKCS7ContentInfo *cinfo);
  356. /*
  357. * Add the signer's symmetric capabilities to the authenticated
  358. * (i.e. signed) attributes of "cinfo". This is expected to be
  359. * included in outgoing signed messages for email (S/MIME).
  360. *
  361. * This can only be added once; a second call will return SECFailure.
  362. *
  363. * "cinfo" should be of type signedData or signedAndEnvelopedData;
  364. * SECFailure will be returned if it is not.
  365. */
  366. extern SECStatus SEC_PKCS7AddSymmetricCapabilities(SEC_PKCS7ContentInfo *cinfo);
  367. /*
  368. * Mark that the signer's certificate and its issuing chain should
  369. * be included in the encoded data. This is expected to be used
  370. * in outgoing signed messages for email (S/MIME).
  371. *
  372. * "certdb" is the cert database to use for finding the chain.
  373. * It can be NULL, meaning use the default database.
  374. *
  375. * "cinfo" should be of type signedData or signedAndEnvelopedData;
  376. * SECFailure will be returned if it is not.
  377. */
  378. extern SECStatus SEC_PKCS7IncludeCertChain (SEC_PKCS7ContentInfo *cinfo,
  379. CERTCertDBHandle *certdb);
  380. /*
  381. * Set the content; it will be included and also hashed and/or encrypted
  382. * as appropriate. This is for in-memory content (expected to be "small")
  383. * that will be included in the PKCS7 object. All others should stream the
  384. * content through when encoding (see SEC_PKCS7Encoder{Start,Update,Finish}).
  385. *
  386. * "buf" points to data of length "len"; it will be copied.
  387. */
  388. extern SECStatus SEC_PKCS7SetContent (SEC_PKCS7ContentInfo *cinfo,
  389. const char *buf, unsigned long len);
  390. /*
  391. * Encode a PKCS7 object, in one shot. All necessary components
  392. * of the object must already be specified. Either the data has
  393. * already been included (via SetContent), or the data is detached,
  394. * or there is no data at all (certs-only).
  395. *
  396. * "cinfo" specifies the object to be encoded.
  397. *
  398. * "outputfn" is where the encoded bytes will be passed.
  399. *
  400. * "outputarg" is an opaque argument to the above callback.
  401. *
  402. * "bulkkey" specifies the bulk encryption key to use. This argument
  403. * can be NULL if no encryption is being done, or if the bulk key should
  404. * be generated internally (usually the case for EnvelopedData but never
  405. * for EncryptedData, which *must* provide a bulk encryption key).
  406. *
  407. * "pwfn" is a callback for getting the password which protects the
  408. * private key of the signer. This argument can be NULL if it is known
  409. * that no signing is going to be done.
  410. *
  411. * "pwfnarg" is an opaque argument to the above callback.
  412. */
  413. extern SECStatus SEC_PKCS7Encode (SEC_PKCS7ContentInfo *cinfo,
  414. SEC_PKCS7EncoderOutputCallback outputfn,
  415. void *outputarg,
  416. PK11SymKey *bulkkey,
  417. SECKEYGetPasswordKey pwfn,
  418. void *pwfnarg);
  419. /*
  420. * Encode a PKCS7 object, in one shot. All necessary components
  421. * of the object must already be specified. Either the data has
  422. * already been included (via SetContent), or the data is detached,
  423. * or there is no data at all (certs-only). The output, rather than
  424. * being passed to an output function as is done above, is all put
  425. * into a SECItem.
  426. *
  427. * "pool" specifies a pool from which to allocate the result.
  428. * It can be NULL, in which case memory is allocated generically.
  429. *
  430. * "dest" specifies a SECItem in which to put the result data.
  431. * It can be NULL, in which case the entire item is allocated, too.
  432. *
  433. * "cinfo" specifies the object to be encoded.
  434. *
  435. * "bulkkey" specifies the bulk encryption key to use. This argument
  436. * can be NULL if no encryption is being done, or if the bulk key should
  437. * be generated internally (usually the case for EnvelopedData but never
  438. * for EncryptedData, which *must* provide a bulk encryption key).
  439. *
  440. * "pwfn" is a callback for getting the password which protects the
  441. * private key of the signer. This argument can be NULL if it is known
  442. * that no signing is going to be done.
  443. *
  444. * "pwfnarg" is an opaque argument to the above callback.
  445. */
  446. extern SECItem *SEC_PKCS7EncodeItem (PRArenaPool *pool,
  447. SECItem *dest,
  448. SEC_PKCS7ContentInfo *cinfo,
  449. PK11SymKey *bulkkey,
  450. SECKEYGetPasswordKey pwfn,
  451. void *pwfnarg);
  452. /*
  453. * For those who want to simply point to the pkcs7 contentInfo ASN.1
  454. * template, and *not* call the encoding functions directly, the
  455. * following function can be used -- after it is called, the entire
  456. * PKCS7 contentInfo is ready to be encoded.
  457. */
  458. extern SECStatus SEC_PKCS7PrepareForEncode (SEC_PKCS7ContentInfo *cinfo,
  459. PK11SymKey *bulkkey,
  460. SECKEYGetPasswordKey pwfn,
  461. void *pwfnarg);
  462. /*
  463. * Start the process of encoding a PKCS7 object. The first part of
  464. * the encoded object will be passed to the output function right away;
  465. * after that it is expected that SEC_PKCS7EncoderUpdate will be called,
  466. * streaming in the actual content that is getting included as well as
  467. * signed or encrypted (or both).
  468. *
  469. * "cinfo" specifies the object to be encoded.
  470. *
  471. * "outputfn" is where the encoded bytes will be passed.
  472. *
  473. * "outputarg" is an opaque argument to the above callback.
  474. *
  475. * "bulkkey" specifies the bulk encryption key to use. This argument
  476. * can be NULL if no encryption is being done, or if the bulk key should
  477. * be generated internally (usually the case for EnvelopedData but never
  478. * for EncryptedData, which *must* provide a bulk encryption key).
  479. *
  480. * Returns an object to be passed to EncoderUpdate and EncoderFinish.
  481. */
  482. extern SEC_PKCS7EncoderContext *
  483. SEC_PKCS7EncoderStart (SEC_PKCS7ContentInfo *cinfo,
  484. SEC_PKCS7EncoderOutputCallback outputfn,
  485. void *outputarg,
  486. PK11SymKey *bulkkey);
  487. /*
  488. * Encode more contents, hashing and/or encrypting along the way.
  489. */
  490. extern SECStatus SEC_PKCS7EncoderUpdate (SEC_PKCS7EncoderContext *p7ecx,
  491. const char *buf,
  492. unsigned long len);
  493. /*
  494. * No more contents; finish the signature creation, if appropriate,
  495. * and then the encoding.
  496. *
  497. * "pwfn" is a callback for getting the password which protects the
  498. * signer's private key. This argument can be NULL if it is known
  499. * that no signing is going to be done.
  500. *
  501. * "pwfnarg" is an opaque argument to the above callback.
  502. */
  503. extern SECStatus SEC_PKCS7EncoderFinish (SEC_PKCS7EncoderContext *p7ecx,
  504. SECKEYGetPasswordKey pwfn,
  505. void *pwfnarg);
  506. /* Abort the underlying ASN.1 stream & set an error */
  507. void SEC_PKCS7EncoderAbort(SEC_PKCS7EncoderContext *p7dcx, int error);
  508. /* retrieve the algorithm ID used to encrypt the content info
  509. * for encrypted and enveloped data. The SECAlgorithmID pointer
  510. * returned needs to be freed as it is a copy of the algorithm
  511. * id in the content info.
  512. */
  513. extern SECAlgorithmID *
  514. SEC_PKCS7GetEncryptionAlgorithm(SEC_PKCS7ContentInfo *cinfo);
  515. /* the content of an encrypted data content info is encrypted.
  516. * it is assumed that for encrypted data, that the data has already
  517. * been set and is in the "plainContent" field of the content info.
  518. *
  519. * cinfo is the content info to encrypt
  520. *
  521. * key is the key with which to perform the encryption. if the
  522. * algorithm is a password based encryption algorithm, the
  523. * key is actually a password which will be processed per
  524. * PKCS #5.
  525. *
  526. * in the event of an error, SECFailure is returned. SECSuccess
  527. * indicates a success.
  528. */
  529. extern SECStatus
  530. SEC_PKCS7EncryptContents(PRArenaPool *poolp,
  531. SEC_PKCS7ContentInfo *cinfo,
  532. SECItem *key,
  533. void *wincx);
  534. /* the content of an encrypted data content info is decrypted.
  535. * it is assumed that for encrypted data, that the data has already
  536. * been set and is in the "encContent" field of the content info.
  537. *
  538. * cinfo is the content info to decrypt
  539. *
  540. * key is the key with which to perform the decryption. if the
  541. * algorithm is a password based encryption algorithm, the
  542. * key is actually a password which will be processed per
  543. * PKCS #5.
  544. *
  545. * in the event of an error, SECFailure is returned. SECSuccess
  546. * indicates a success.
  547. */
  548. extern SECStatus
  549. SEC_PKCS7DecryptContents(PRArenaPool *poolp,
  550. SEC_PKCS7ContentInfo *cinfo,
  551. SECItem *key,
  552. void *wincx);
  553. /* retrieve the certificate list from the content info. the list
  554. * is a pointer to the list in the content info. this should not
  555. * be deleted or freed in any way short of calling
  556. * SEC_PKCS7DestroyContentInfo
  557. */
  558. extern SECItem **
  559. SEC_PKCS7GetCertificateList(SEC_PKCS7ContentInfo *cinfo);
  560. /* Returns the key length (in bits) of the algorithm used to encrypt
  561. this object. Returns 0 if it's not encrypted, or the key length is
  562. irrelevant. */
  563. extern int
  564. SEC_PKCS7GetKeyLength(SEC_PKCS7ContentInfo *cinfo);
  565. /************************************************************************/
  566. SEC_END_PROTOS
  567. #endif /* _SECPKCS7_H_ */