/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

/*
 * Support routines for PKCS7 implementation, none of which are exported.
 * This file should only contain things that are needed by both the
 * encoding/creation side *and* the decoding/decryption side.  Anything
 * else should just be static routines in the appropriate file.
 *
 * Do not export this file!  If something in here is really needed outside
 * of pkcs7 code, first try to add a PKCS7 interface which will do it for
 * you.  If that has a problem, then just move out what you need, changing
 * its name as appropriate!
 */

#ifndef _P7LOCAL_H_
#define _P7LOCAL_H_

#include "secpkcs7.h"
#include "secasn1t.h"

extern const SEC_ASN1Template sec_PKCS7ContentInfoTemplate[];

/* opaque objects */
typedef struct sec_pkcs7_cipher_object sec_PKCS7CipherObject;

/************************************************************************/
SEC_BEGIN_PROTOS

/*
 * Look through a set of attributes and find one that matches the
 * specified object ID.  If "only" is true, then make sure that
 * there is not more than one attribute of the same type.  Otherwise,
 * just return the first one found. (XXX Does anybody really want
 * that first-found behavior?  It was like that when I found it...)
 */
extern SEC_PKCS7Attribute *sec_PKCS7FindAttribute(SEC_PKCS7Attribute **attrs,
                                                  SECOidTag oidtag,
                                                  PRBool only);
/*
 * Return the single attribute value, doing some sanity checking first:
 * - Multiple values are *not* expected.
 * - Empty values are *not* expected.
 */
extern SECItem *sec_PKCS7AttributeValue(SEC_PKCS7Attribute *attr);

/*
 * Encode a set of attributes (found in "src").
 */
extern SECItem *sec_PKCS7EncodeAttributes(PLArenaPool *poolp,
                                          SECItem *dest, void *src);

/*
 * Make sure that the order of the attributes guarantees valid DER
 * (which must be in lexigraphically ascending order for a SET OF);
 * if reordering is necessary it will be done in place (in attrs).
 */
extern SECStatus sec_PKCS7ReorderAttributes(SEC_PKCS7Attribute **attrs);

/*
 * Create a context for decrypting, based on the given key and algorithm.
 */
extern sec_PKCS7CipherObject *
sec_PKCS7CreateDecryptObject(PK11SymKey *key, SECAlgorithmID *algid);

/*
 * Create a context for encrypting, based on the given key and algorithm,
 * and fill in the algorithm id.
 */
extern sec_PKCS7CipherObject *
sec_PKCS7CreateEncryptObject(PLArenaPool *poolp, PK11SymKey *key,
                             SECOidTag algtag, SECAlgorithmID *algid);

/*
 * Destroy the given decryption or encryption object.
 */
extern void sec_PKCS7DestroyDecryptObject(sec_PKCS7CipherObject *obj);
extern void sec_PKCS7DestroyEncryptObject(sec_PKCS7CipherObject *obj);

/*
 * What will be the output length of the next call to encrypt/decrypt?
 * Result can be used to perform memory allocations.  Note that the amount
 * is exactly accurate only when not doing a block cipher or when final
 * is false, otherwise it is an upper bound on the amount because until
 * we see the data we do not know how many padding bytes there are
 * (always between 1 and the cipher block size).
 *
 * Note that this can return zero, which does not mean that the cipher
 * operation can be skipped!  (It simply means that there are not enough
 * bytes to make up an entire block; the bytes will be reserved until
 * there are enough to encrypt/decrypt at least one block.)  However,
 * if zero is returned it *does* mean that no output buffer need be
 * passed in to the subsequent cipher operation, as no output bytes
 * will be stored.
 */
extern unsigned int sec_PKCS7DecryptLength(sec_PKCS7CipherObject *obj,
                                           unsigned int input_len,
                                           PRBool final);
extern unsigned int sec_PKCS7EncryptLength(sec_PKCS7CipherObject *obj,
                                           unsigned int input_len,
                                           PRBool final);

/*
 * Decrypt a given length of input buffer (starting at "input" and
 * containing "input_len" bytes), placing the decrypted bytes in
 * "output" and storing the output length in "*output_len_p".
 * "obj" is the return value from sec_PKCS7CreateDecryptObject.
 * When "final" is true, this is the last of the data to be decrypted.
 */
extern SECStatus sec_PKCS7Decrypt(sec_PKCS7CipherObject *obj,
                                  unsigned char *output,
                                  unsigned int *output_len_p,
                                  unsigned int max_output_len,
                                  const unsigned char *input,
                                  unsigned int input_len,
                                  PRBool final);

/*
 * Encrypt a given length of input buffer (starting at "input" and
 * containing "input_len" bytes), placing the encrypted bytes in
 * "output" and storing the output length in "*output_len_p".
 * "obj" is the return value from sec_PKCS7CreateEncryptObject.
 * When "final" is true, this is the last of the data to be encrypted.
 */
extern SECStatus sec_PKCS7Encrypt(sec_PKCS7CipherObject *obj,
                                  unsigned char *output,
                                  unsigned int *output_len_p,
                                  unsigned int max_output_len,
                                  const unsigned char *input,
                                  unsigned int input_len,
                                  PRBool final);

/************************************************************************/
SEC_END_PROTOS

#endif /* _P7LOCAL_H_ */