1 PACKAGE dbms_crypto_toolkit AS
2
3 SUBTYPE Crypto_Engine_Function IS
4 dbms_crypto_toolkit_types.Crypto_Engine_Function;
5
6 DETACHEDSIGNATURE CONSTANT Crypto_Engine_Function := 1;
7 -- Signature, detached from content
8 SIGNATURE CONSTANT Crypto_Engine_Function := 2;
9 -- Signature combined with content
10 ENVELOPING CONSTANT Crypto_Engine_Function := 3;
11 -- Signature and encryption with content
12 PKENCRYPTION CONSTANT Crypto_Engine_Function := 4;
13 -- Encryption for one or more recipients
14 ENCRYPTION CONSTANT Crypto_Engine_Function := 5;
15 -- Symmetric encryption
16 KEYEDHASH_CHECKSUM CONSTANT Crypto_Engine_Function := 6;
17 -- Keyed hash/checksum
18 HASH_CHECKSUM CONSTANT Crypto_Engine_Function := 7; -- Hash/checksum
19 RANDOM CONSTANT Crypto_Engine_Function := 8;
20 -- Random byte generation
21
22 SUBTYPE Crypto_Engine_State IS
23 dbms_crypto_toolkit_types.Crypto_Engine_State;
24
25 CONTINUE_PROCESSING CONSTANT Crypto_Engine_State := 1;
26 -- Continue processing input
27 END_PROCESSING CONSTANT Crypto_Engine_State := 2;
28 -- End processing input
29 RESET_PROCESSING CONSTANT Crypto_Engine_State := 3;
30 -- Reset processing and skip generating output
31
32 SUBTYPE Identity_Type IS dbms_crypto_toolkit_types.Identity_Type;
33
34 X509V1 CONSTANT Identity_Type := 1; -- X.509v1
35 SYMMETRIC CONSTANT Identity_Type := 2; -- Symmetric
36
37 SUBTYPE Cipher IS dbms_crypto_toolkit_types.Cipher;
38
39 RSA CONSTANT Cipher := 1; -- RSA public key
40 DES CONSTANT Cipher := 2; -- DES
41 RC4 CONSTANT Cipher := 3; -- RC4
42 MD5DES CONSTANT Cipher := 4; -- DES encrypted MD5 with salt (PBE)
43 MD5RC2 CONSTANT Cipher := 5; -- RC2 encrypted MD5 with salt (PBE)
44 MD5 CONSTANT Cipher := 6; -- MD5
45 SHA CONSTANT Cipher := 7; -- SHA
46
47 SUBTYPE Data_Unit_Format IS dbms_crypto_toolkit_types.Data_Unit_Format;
48
49 PKCS7 CONSTANT Data_Unit_Format := 1; -- PKCS7 format
50 RSAPAD CONSTANT Data_Unit_Format := 2; -- RSA padded format
51 ORACLEv1 CONSTANT Data_Unit_Format := 3; -- Oracle v1 format
52
53 package_wallet_is_not_open EXCEPTION;
54 PRAGMA EXCEPTION_INIT(package_wallet_is_not_open, -28836);
55
56 package_wallet_is_open EXCEPTION;
57 PRAGMA EXCEPTION_INIT(package_wallet_is_open, -28840);
58
59 -- Aliases to reduce typing.
60 SUBTYPE Wallet IS dbms_crypto_toolkit_types.Wallet;
61 SUBTYPE Persona IS dbms_crypto_toolkit_types.Persona;
62 SUBTYPE Identity IS dbms_crypto_toolkit_types.Identity;
63 SUBTYPE Identity_Array IS dbms_crypto_toolkit_types.Identity_Array;
64
65 SUBTYPE Alias_String IS dbms_crypto_toolkit_types.Alias_String;
66 SUBTYPE Comment_String IS dbms_crypto_toolkit_types.Comment_String;
67 SUBTYPE Identity_Description IS
68 dbms_crypto_toolkit_types.Identity_Description;
69 SUBTYPE Identity_Description_List IS
70 dbms_crypto_toolkit_types.Identity_Description_List;
71 SUBTYPE Persona_Description IS
72 dbms_crypto_toolkit_types.Persona_Description;
73 SUBTYPE Persona_List IS dbms_crypto_toolkit_types.Persona_List;
74 SUBTYPE Private_Persona_Information IS
75 dbms_crypto_toolkit_types.Private_Persona_Information;
76
77 ---------------------- FUNCTIONS AND PROCEDURES ---------------------------
78 PROCEDURE Initialize;
79
80 PROCEDURE Terminate;
81
82 PROCEDURE OpenWallet(password IN VARCHAR2,
83 wallet IN OUT Wallet,
84 persona_list OUT Persona_List,
85 wallet_resource_locator IN VARCHAR2 DEFAULT NULL);
86
87 -- Used by applications which want to use the wallet kept by the package.
88 PROCEDURE OpenWallet(password IN VARCHAR2,
89 persona_list OUT Persona_List,
90 wallet_resource_locator IN VARCHAR2 DEFAULT NULL);
91
92 PROCEDURE CloseWallet(wallet IN OUT Wallet);
93
94 -- Used by applications which want to use the wallet kept by the package.
95 PROCEDURE CloseWallet;
96
97 PROCEDURE CreateWallet(password IN VARCHAR2,
98 wallet IN OUT Wallet,
99 wallet_resource_locator IN VARCHAR2 DEFAULT NULL);
100
101 -- Used by applications which want to use the wallet kept by the package.
102 PROCEDURE CreateWallet(password IN VARCHAR2,
103 wallet_resource_locator IN VARCHAR2 DEFAULT NULL);
104
105
106 PROCEDURE DestroyWallet(password IN VARCHAR2,
107 wallet_resource_locator IN VARCHAR2 DEFAULT NULL);
108
109 PROCEDURE StorePersona(persona IN OUT Persona,
110 wallet IN OUT Wallet);
111
112 -- Used by applications which want to use the wallet kept by the package.
113 PROCEDURE StorePersona(persona IN OUT Persona);
114
115 PROCEDURE OpenPersona(persona IN OUT Persona);
116
117 PROCEDURE ClosePersona(persona IN OUT Persona);
118
119 PROCEDURE RemovePersona(persona IN OUT Persona);
120
121 PROCEDURE CreatePersona(cipher_type IN Cipher,
122 private_information IN Private_Persona_Information,
123 prl IN VARCHAR2,
124 alias IN VARCHAR2,
125 longer_description IN VARCHAR2,
126 persona OUT Persona);
127
128 PROCEDURE RemoveIdentity(identity OUT Identity);
129
130 PROCEDURE CreateIdentity(identitytype IN Identity_Type,
131 public_identity IN VARCHAR2,
132 alias IN VARCHAR2,
133 longer_description IN VARCHAR2,
134 trust_qualifier IN VARCHAR2,
135 identity OUT Identity);
136
137 PROCEDURE AbortIdentity(identity IN OUT Identity);
138
139 PROCEDURE StoreTrustedIdentity(identity IN OUT Identity,
140 persona IN Persona);
141
142 FUNCTION Validate(persona IN Persona,
143 identity IN Identity)
144 RETURN BOOLEAN;
145
146 --------------------------- DIGITAL SIGNATURE -----------------------------
147 -- The following routines create and verify digital signatures.
148 -- There are two versions of each procedure: one for raw data and the
149 -- other for strings.
150 ---------------------------------------------------------------------------
151
152 PROCEDURE Sign(persona IN Persona,
153 input IN RAW,
154 signature OUT RAW,
155 signature_state IN Crypto_Engine_State
156 DEFAULT END_PROCESSING);
157
158 FUNCTION Sign(persona IN Persona,
159 input IN RAW,
160 signature_state IN Crypto_Engine_State
161 DEFAULT END_PROCESSING)
162 RETURN RAW;
163
164 PROCEDURE Sign(persona IN Persona,
165 input_string IN VARCHAR2,
166 signature OUT RAW,
167 signature_state IN Crypto_Engine_State
168 DEFAULT END_PROCESSING);
169
170 FUNCTION Sign(persona IN Persona,
171 input_string IN VARCHAR2,
172 signature_state IN Crypto_Engine_State
173 DEFAULT END_PROCESSING)
174 RETURN RAW;
175
176 PROCEDURE Verify(persona IN Persona,
177 signature IN RAW,
178 extracted_message OUT RAW,
179 verified OUT BOOLEAN,
180 validated OUT BOOLEAN,
181 signing_party_identity OUT Identity,
182 signature_state IN Crypto_Engine_State
183 DEFAULT END_PROCESSING);
184
185 FUNCTION Verify(persona IN Persona,
186 signature IN RAW,
187 verified OUT BOOLEAN,
188 validated OUT BOOLEAN,
189 signing_party_identity OUT Identity,
190 signature_state IN Crypto_Engine_State
191 DEFAULT END_PROCESSING)
192 RETURN RAW;
193
194 PROCEDURE Verify(persona IN Persona,
195 signature IN RAW,
196 extracted_message_string OUT VARCHAR2,
197 verified OUT BOOLEAN,
198 validated OUT BOOLEAN,
199 signing_party_identity OUT Identity,
200 signature_state IN Crypto_Engine_State
201 DEFAULT END_PROCESSING);
202
203 FUNCTION Verify(persona IN Persona,
204 signature IN RAW,
205 verified OUT BOOLEAN,
206 validated OUT BOOLEAN,
207 signing_party_identity OUT Identity,
208 signature_state IN Crypto_Engine_State
209 DEFAULT END_PROCESSING)
210 RETURN VARCHAR2;
211
212 PROCEDURE SignDetached(persona IN Persona,
213 input IN RAW,
214 signature OUT RAW,
215 signature_state IN Crypto_Engine_State
216 DEFAULT END_PROCESSING);
217
218 FUNCTION SignDetached(persona IN Persona,
219 input IN RAW,
220 signature_state IN Crypto_Engine_State
221 DEFAULT END_PROCESSING)
222 RETURN RAW;
223
224 PROCEDURE SignDetached(persona IN Persona,
225 input_string IN VARCHAR2,
226 signature OUT RAW,
227 signature_state IN Crypto_Engine_State
228 DEFAULT END_PROCESSING);
229
230 FUNCTION SignDetached(persona IN Persona,
231 input_string IN VARCHAR2,
232 signature_state IN Crypto_Engine_State
233 DEFAULT END_PROCESSING)
234 RETURN RAW;
235
236 PROCEDURE VerifyDetached(persona IN Persona,
237 data IN RAW,
238 signature IN RAW,
239 verified OUT BOOLEAN,
240 validated OUT BOOLEAN,
241 signing_party_identity OUT Identity,
242 signature_state IN Crypto_Engine_State
243 DEFAULT END_PROCESSING);
244
245 PROCEDURE VerifyDetached(persona IN Persona,
246 data_string IN VARCHAR2,
247 signature IN RAW,
248 verified OUT BOOLEAN,
249 validated OUT BOOLEAN,
250 signing_party_identity OUT Identity,
251 signature_state IN Crypto_Engine_State
252 DEFAULT END_PROCESSING);
253
254 ---------------------------- DATA ENCRYPTION ------------------------------
255 -- The following routines encrypt and decrypt data.
256 -- There are two versions of each procedure: one for raw data and the
257 -- other for strings.
258 ---------------------------------------------------------------------------
259
260 -- Encrypt for one recipient
261 PROCEDURE PKEncrypt(persona IN Persona,
262 recipient IN Identity,
263 input IN RAW,
264 encrypted_data OUT RAW,
265 encryption_state IN Crypto_Engine_State
266 DEFAULT END_PROCESSING);
267
268 FUNCTION PKEncrypt(persona IN Persona,
269 recipient IN Identity,
270 input IN RAW,
271 encryption_state IN Crypto_Engine_State
272 DEFAULT END_PROCESSING)
273 RETURN RAW;
274
275 PROCEDURE PKEncrypt(persona IN Persona,
276 recipient IN Identity,
277 input_string IN VARCHAR2,
278 encrypted_string OUT VARCHAR2,
279 encryption_state IN Crypto_Engine_State
280 DEFAULT END_PROCESSING);
281
282 FUNCTION PKEncrypt(persona IN Persona,
283 recipient IN Identity,
284 input_string IN VARCHAR2,
285 encryption_state IN Crypto_Engine_State
286 DEFAULT END_PROCESSING)
287 RETURN VARCHAR2;
288
289 PROCEDURE PKEncrypt(persona IN Persona,
290 number_of_recipients IN POSITIVE,
291 recipient_list IN Identity_Array,
292 input IN RAW,
293 encrypted_data OUT RAW,
294 encryption_state IN Crypto_Engine_State
295 DEFAULT END_PROCESSING);
296
297 FUNCTION PKEncrypt(persona IN Persona,
298 number_of_recipients IN POSITIVE,
299 recipient_list IN Identity_Array,
300 input IN RAW,
301 encryption_state IN Crypto_Engine_State
302 DEFAULT END_PROCESSING)
303 RETURN RAW;
304
305 PROCEDURE PKEncrypt(persona IN Persona,
306 number_of_recipients IN POSITIVE,
307 recipient_list IN Identity_Array,
308 input_string IN VARCHAR2,
309 encrypted_string OUT VARCHAR2,
310 encryption_state IN Crypto_Engine_State
311 DEFAULT END_PROCESSING);
312
313 FUNCTION PKEncrypt(persona IN Persona,
314 number_of_recipients IN POSITIVE,
315 recipient_list IN Identity_Array,
316 input_string IN VARCHAR2,
317 encryption_state IN Crypto_Engine_State
318 DEFAULT END_PROCESSING)
319 RETURN VARCHAR2;
320
321 PROCEDURE PKDecrypt(persona IN Persona,
322 input IN RAW,
323 decrypted_data OUT RAW,
324 decryption_state IN Crypto_Engine_State
325 DEFAULT END_PROCESSING);
326
327 FUNCTION PKDecrypt(persona IN Persona,
328 input IN RAW,
329 decryption_state IN Crypto_Engine_State
333 PROCEDURE PKDecrypt(persona IN Persona,
330 DEFAULT END_PROCESSING)
331 RETURN RAW;
332
334 input_string IN VARCHAR2,
335 decrypted_string OUT VARCHAR2,
336 decryption_state IN Crypto_Engine_State
337 DEFAULT END_PROCESSING);
338
339 FUNCTION PKDecrypt(persona IN Persona,
340 input_string IN VARCHAR2,
341 decryption_state IN Crypto_Engine_State
342 DEFAULT END_PROCESSING)
343 RETURN VARCHAR2;
344
345 PROCEDURE Encrypt(persona IN Persona,
346 input IN RAW,
347 encrypted_data OUT RAW,
348 encryption_state IN Crypto_Engine_State
349 DEFAULT END_PROCESSING);
350
351 FUNCTION Encrypt(persona IN Persona,
352 input IN RAW,
353 encryption_state IN Crypto_Engine_State
354 DEFAULT END_PROCESSING)
355 RETURN RAW;
356
357 FUNCTION Encrypt(persona IN Persona,
358 input_string IN VARCHAR2,
359 encryption_state IN Crypto_Engine_State
360 DEFAULT END_PROCESSING)
361 RETURN VARCHAR2;
362
363 PROCEDURE Decrypt(persona IN Persona,
364 encrypted_data IN RAW,
365 decrypted_data OUT RAW,
366 decryption_state IN Crypto_Engine_State
367 DEFAULT END_PROCESSING);
368
369 FUNCTION Decrypt(persona IN Persona,
370 encrypted_data IN RAW,
371 decryption_state IN Crypto_Engine_State
372 DEFAULT END_PROCESSING)
373 RETURN RAW;
374
375 PROCEDURE Decrypt(persona IN Persona,
376 encrypted_string IN VARCHAR2,
377 decrypted_string OUT VARCHAR2,
378 decryption_state IN Crypto_Engine_State
379 DEFAULT END_PROCESSING);
380
381 FUNCTION Decrypt(persona IN Persona,
382 encrypted_string IN VARCHAR2,
383 decryption_state IN Crypto_Engine_State
384 DEFAULT END_PROCESSING)
385 RETURN VARCHAR2;
386
387 -- Envelope data for one recipient
388 PROCEDURE Envelope(persona IN Persona,
389 recipient IN Identity,
390 input IN RAW,
391 enveloped_data OUT RAW,
392 encryption_state IN Crypto_Engine_State
393 DEFAULT END_PROCESSING);
394
395 FUNCTION Envelope(persona IN Persona,
396 recipient IN Identity,
397 input IN RAW,
398 encryption_state IN Crypto_Engine_State
399 DEFAULT END_PROCESSING)
400 RETURN RAW;
401
402 PROCEDURE Envelope(persona IN Persona,
403 recipient IN Identity,
404 input_string IN VARCHAR2,
405 enveloped_string OUT VARCHAR2,
406 encryption_state IN Crypto_Engine_State
407 DEFAULT END_PROCESSING);
408
409 FUNCTION Envelope(persona IN Persona,
410 recipient IN Identity,
411 input_string IN VARCHAR2,
412 encryption_state IN Crypto_Engine_State
413 DEFAULT END_PROCESSING)
414 RETURN VARCHAR2;
415
416 PROCEDURE Envelope(persona IN Persona,
417 number_of_recipients IN POSITIVE,
418 recipient_list IN Identity_Array,
419 input IN RAW,
420 enveloped_data OUT RAW,
421 encryption_state IN Crypto_Engine_State
422 DEFAULT END_PROCESSING);
423
424 FUNCTION Envelope(persona IN Persona,
425 number_of_recipients IN POSITIVE,
426 recipient_list IN Identity_Array,
427 input IN RAW,
428 encryption_state IN Crypto_Engine_State
429 DEFAULT END_PROCESSING)
430 RETURN RAW;
431
432 PROCEDURE Envelope(persona IN Persona,
433 number_of_recipients IN POSITIVE,
434 recipient_list IN Identity_Array,
435 input_string IN VARCHAR2,
436 enveloped_string OUT VARCHAR2,
437 encryption_state IN Crypto_Engine_State
438 DEFAULT END_PROCESSING);
439
440 FUNCTION Envelope(persona IN Persona,
444 encryption_state IN Crypto_Engine_State
441 number_of_recipients IN POSITIVE,
442 recipient_list IN Identity_Array,
443 input_string IN VARCHAR2,
445 DEFAULT END_PROCESSING)
446 RETURN VARCHAR2;
447
448 PROCEDURE DeEnvelope(persona IN Persona,
449 enveloped_data IN RAW,
450 output_data OUT RAW,
451 verified OUT BOOLEAN,
452 validated OUT BOOLEAN,
453 sender_identity OUT Identity,
454 decryption_state IN Crypto_Engine_State
455 DEFAULT END_PROCESSING);
456
457 FUNCTION DeEnvelope(persona IN Persona,
458 enveloped_data IN RAW,
459 verified OUT BOOLEAN,
460 validated OUT BOOLEAN,
461 sender_identity OUT Identity,
462 decryption_state IN Crypto_Engine_State
463 DEFAULT END_PROCESSING)
464 RETURN RAW;
465
466 PROCEDURE DeEnvelope(persona IN Persona,
467 enveloped_string IN VARCHAR2,
468 output_string OUT VARCHAR2,
469 verified OUT BOOLEAN,
470 validated OUT BOOLEAN,
471 sender_identity OUT Identity,
472 decryption_state IN Crypto_Engine_State
473 DEFAULT END_PROCESSING);
474
475 FUNCTION DeEnvelope(persona IN Persona,
476 enveloped_string IN VARCHAR2,
477 verified OUT BOOLEAN,
478 validated OUT BOOLEAN,
479 sender_identity OUT Identity,
480 decryption_state IN Crypto_Engine_State
481 DEFAULT END_PROCESSING)
482 RETURN VARCHAR2;
483
484 --------------------------------- HASH ------------------------------------
485 -- The following routines generate checksums.
486 -- There are two versions of each procedure: one for raw data and the
487 -- other for strings.
488 ---------------------------------------------------------------------------
489 PROCEDURE KeyedHash(persona IN Persona,
490 input IN RAW,
491 keyed_hash OUT RAW,
492 hash_state IN Crypto_Engine_State
493 DEFAULT END_PROCESSING);
494
495 FUNCTION KeyedHash(persona IN Persona,
496 input IN RAW,
497 hash_state IN Crypto_Engine_State
498 DEFAULT END_PROCESSING)
499 RETURN RAW;
500
501 PROCEDURE KeyedHash(persona IN Persona,
502 input_string IN VARCHAR2,
503 keyed_hash OUT RAW,
504 hash_state IN Crypto_Engine_State
505 DEFAULT END_PROCESSING);
506
507 FUNCTION KeyedHash(persona IN Persona,
508 input_string IN VARCHAR2,
509 hash_state IN Crypto_Engine_State
510 DEFAULT END_PROCESSING)
511 RETURN RAW;
512
513 PROCEDURE Hash(persona IN Persona,
514 input IN RAW,
515 hash OUT RAW,
516 hash_state IN Crypto_Engine_State
517 DEFAULT END_PROCESSING);
518
519 FUNCTION Hash(persona IN Persona,
520 input IN RAW,
521 hash_state IN Crypto_Engine_State
522 DEFAULT END_PROCESSING)
523 RETURN RAW;
524
525 PROCEDURE Hash(persona IN Persona,
526 input_string IN VARCHAR2,
527 hash OUT RAW,
528 hash_state IN Crypto_Engine_State
529 DEFAULT END_PROCESSING);
530
531 FUNCTION Hash(persona IN Persona,
532 input_string IN VARCHAR2,
533 hash_state IN Crypto_Engine_State
534 DEFAULT END_PROCESSING)
535 RETURN RAW;
536
537 ----------------------------- RANDOM NUMBER -------------------------------
538 PROCEDURE SeedRandom(persona IN Persona,
539 seed IN RAW);
540
541 PROCEDURE SeedRandom(persona IN Persona,
542 seed IN VARCHAR2);
543
544 PROCEDURE SeedRandom(persona IN Persona,
545 seed IN BINARY_INTEGER);
546
547 PROCEDURE RandomBytes(persona IN Persona,
548 number_of_bytes_desired IN POSITIVE,
549 random_bytes OUT RAW);
550
551 FUNCTION RandomBytes(persona IN Persona,
552 number_of_bytes_desired IN POSITIVE)
553 RETURN RAW;
554
558 FUNCTION RandomNumber(persona IN Persona)
555 PROCEDURE RandomNumber(persona IN Persona,
556 random_number OUT BINARY_INTEGER);
557
559 RETURN BINARY_INTEGER;
560
561 PRAGMA RESTRICT_REFERENCES(DEFAULT, WNDS, RNDS);
562
563 END dbms_crypto_toolkit;