The Tor Browser: security/nss/lib/smime/cmslocal.h@b8a032363ba2 (annotated)

security/nss/lib/smime/cmslocal.h@b8a032363ba2 (annotated)

security/nss/lib/smime/cmslocal.h

Thu, 22 Jan 2015 13:21:57 +0100

author: Michael Schloh von Bennewitz <michael@schloh.com>
date: Thu, 22 Jan 2015 13:21:57 +0100
branch: TOR_BUG_9701
changeset 15: b8a032363ba2
permissions: -rw-r--r--

Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6

 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 /*
  * Support routines for CMS implementation, none of which are exported.
  *
  * Do not export this file!  If something in here is really needed outside
  * of smime code, first try to add a CMS interface which will do it for
  * you.  If that has a problem, then just move out what you need, changing
  * its name as appropriate!
  */
 #ifndef _CMSLOCAL_H_
 #define _CMSLOCAL_H_
 #include "cms.h"
 #include "cmsreclist.h"
 #include "secasn1t.h"
 extern const SEC_ASN1Template NSSCMSContentInfoTemplate[];
 struct NSSCMSContentInfoPrivateStr {
     NSSCMSCipherContext *ciphcx;
     NSSCMSDigestContext *digcx;
     PRBool  dontStream;
 };
 /************************************************************************/
 SEC_BEGIN_PROTOS
 /*
  * private content Info stuff
  */
 /* initialize the private content info field. If this returns
  * SECSuccess, the cinfo->private field is safe to dereference.
  */
 SECStatus NSS_CMSContentInfo_Private_Init(NSSCMSContentInfo *cinfo);
 /***********************************************************************
  * cmscipher.c - en/decryption routines
  ***********************************************************************/
 /*
  * NSS_CMSCipherContext_StartDecrypt - create a cipher context to do decryption
  * based on the given bulk * encryption key and algorithm identifier (which may include an iv).
  */
 extern NSSCMSCipherContext *
 NSS_CMSCipherContext_StartDecrypt(PK11SymKey *key, SECAlgorithmID *algid);
 /*
  * NSS_CMSCipherContext_StartEncrypt - create a cipher object to do encryption,
  * based on the given bulk encryption key and algorithm tag.  Fill in the algorithm
  * identifier (which may include an iv) appropriately.
  */
 extern NSSCMSCipherContext *
 NSS_CMSCipherContext_StartEncrypt(PLArenaPool *poolp, PK11SymKey *key, SECAlgorithmID *algid);
 extern void
 NSS_CMSCipherContext_Destroy(NSSCMSCipherContext *cc);
 /*
  * NSS_CMSCipherContext_DecryptLength - find the output length of the next call to decrypt.
  *
  * cc - the cipher context
  * input_len - number of bytes used as input
  * final - true if this is the final chunk of data
  *
  * Result can be used to perform memory allocations.  Note that the amount
  * is exactly accurate only when not doing a block cipher or when final
  * is false, otherwise it is an upper bound on the amount because until
  * we see the data we do not know how many padding bytes there are
  * (always between 1 and bsize).
  */
 extern unsigned int
 NSS_CMSCipherContext_DecryptLength(NSSCMSCipherContext *cc, unsigned int input_len, PRBool final);
 /*
  * NSS_CMSCipherContext_EncryptLength - find the output length of the next call to encrypt.
  *
  * cc - the cipher context
  * input_len - number of bytes used as input
  * final - true if this is the final chunk of data
  *
  * Result can be used to perform memory allocations.
  */
 extern unsigned int
 NSS_CMSCipherContext_EncryptLength(NSSCMSCipherContext *cc, unsigned int input_len, PRBool final);
 /*
  * NSS_CMSCipherContext_Decrypt - do the decryption
  *
  * cc - the cipher context
  * output - buffer for decrypted result bytes
  * output_len_p - number of bytes in output
  * max_output_len - upper bound on bytes to put into output
  * input - pointer to input bytes
  * input_len - number of input bytes
  * final - true if this is the final chunk of data
  *
  * Decrypts a given length of input buffer (starting at "input" and
  * containing "input_len" bytes), placing the decrypted bytes in
  * "output" and storing the output length in "*output_len_p".
  * "cc" is the return value from NSS_CMSCipher_StartDecrypt.
  * When "final" is true, this is the last of the data to be decrypted.
  */
 extern SECStatus
 NSS_CMSCipherContext_Decrypt(NSSCMSCipherContext *cc, unsigned char *output,
 		  unsigned int *output_len_p, unsigned int max_output_len,
 		  const unsigned char *input, unsigned int input_len,
 		  PRBool final);
 /*
  * NSS_CMSCipherContext_Encrypt - do the encryption
  *
  * cc - the cipher context
  * output - buffer for decrypted result bytes
  * output_len_p - number of bytes in output
  * max_output_len - upper bound on bytes to put into output
  * input - pointer to input bytes
  * input_len - number of input bytes
  * final - true if this is the final chunk of data
  *
  * Encrypts a given length of input buffer (starting at "input" and
  * containing "input_len" bytes), placing the encrypted bytes in
  * "output" and storing the output length in "*output_len_p".
  * "cc" is the return value from NSS_CMSCipher_StartEncrypt.
  * When "final" is true, this is the last of the data to be encrypted.
  */
 extern SECStatus
 NSS_CMSCipherContext_Encrypt(NSSCMSCipherContext *cc, unsigned char *output,
 		  unsigned int *output_len_p, unsigned int max_output_len,
 		  const unsigned char *input, unsigned int input_len,
 		  PRBool final);
 /************************************************************************
  * cmspubkey.c - public key operations
  ************************************************************************/
 /*
  * NSS_CMSUtil_EncryptSymKey_RSA - wrap a symmetric key with RSA
  *
  * this function takes a symmetric key and encrypts it using an RSA public key
  * according to PKCS#1 and RFC2633 (S/MIME)
  */
 extern SECStatus
 NSS_CMSUtil_EncryptSymKey_RSA(PLArenaPool *poolp, CERTCertificate *cert,
                               PK11SymKey *key,
                               SECItem *encKey);
 extern SECStatus
 NSS_CMSUtil_EncryptSymKey_RSAPubKey(PLArenaPool *poolp,
                                     SECKEYPublicKey *publickey,
                                     PK11SymKey *bulkkey, SECItem *encKey);
 /*
  * NSS_CMSUtil_DecryptSymKey_RSA - unwrap a RSA-wrapped symmetric key
  *
  * this function takes an RSA-wrapped symmetric key and unwraps it, returning a symmetric
  * key handle. Please note that the actual unwrapped key data may not be allowed to leave
  * a hardware token...
  */
 extern PK11SymKey *
 NSS_CMSUtil_DecryptSymKey_RSA(SECKEYPrivateKey *privkey, SECItem *encKey, SECOidTag bulkalgtag);
 extern SECStatus
 NSS_CMSUtil_EncryptSymKey_ESDH(PLArenaPool *poolp, CERTCertificate *cert, PK11SymKey *key,
 			SECItem *encKey, SECItem **ukm, SECAlgorithmID *keyEncAlg,
 			SECItem *originatorPubKey);
 extern PK11SymKey *
 NSS_CMSUtil_DecryptSymKey_ESDH(SECKEYPrivateKey *privkey, SECItem *encKey,
 			SECAlgorithmID *keyEncAlg, SECOidTag bulkalgtag, void *pwfn_arg);
 /************************************************************************
  * cmsreclist.c - recipient list stuff
  ************************************************************************/
 extern NSSCMSRecipient **nss_cms_recipient_list_create(NSSCMSRecipientInfo **recipientinfos);
 extern void nss_cms_recipient_list_destroy(NSSCMSRecipient **recipient_list);
 extern NSSCMSRecipientEncryptedKey *NSS_CMSRecipientEncryptedKey_Create(PLArenaPool *poolp);
 /************************************************************************
  * cmsarray.c - misc array functions
  ************************************************************************/
 /*
  * NSS_CMSArray_Alloc - allocate an array in an arena
  */
 extern void **
 NSS_CMSArray_Alloc(PLArenaPool *poolp, int n);
 /*
  * NSS_CMSArray_Add - add an element to the end of an array
  */
 extern SECStatus
 NSS_CMSArray_Add(PLArenaPool *poolp, void ***array, void *obj);
 /*
  * NSS_CMSArray_IsEmpty - check if array is empty
  */
 extern PRBool
 NSS_CMSArray_IsEmpty(void **array);
 /*
  * NSS_CMSArray_Count - count number of elements in array
  */
 extern int
 NSS_CMSArray_Count(void **array);
 /*
  * NSS_CMSArray_Sort - sort an array ascending, in place
  *
  * If "secondary" is not NULL, the same reordering gets applied to it.
  * If "tertiary" is not NULL, the same reordering gets applied to it.
  * "compare" is a function that returns
  *  < 0 when the first element is less than the second
  *  = 0 when the first element is equal to the second
  *  > 0 when the first element is greater than the second
  */
 extern void
 NSS_CMSArray_Sort(void **primary, int (*compare)(void *,void *), void **secondary, void **tertiary);
 /************************************************************************
  * cmsattr.c - misc attribute functions
  ************************************************************************/
 /*
  * NSS_CMSAttribute_Create - create an attribute
  *
  * if value is NULL, the attribute won't have a value. It can be added later
  * with NSS_CMSAttribute_AddValue.
  */
 extern NSSCMSAttribute *
 NSS_CMSAttribute_Create(PLArenaPool *poolp, SECOidTag oidtag, SECItem *value, PRBool encoded);
 /*
  * NSS_CMSAttribute_AddValue - add another value to an attribute
  */
 extern SECStatus
 NSS_CMSAttribute_AddValue(PLArenaPool *poolp, NSSCMSAttribute *attr, SECItem *value);
 /*
  * NSS_CMSAttribute_GetType - return the OID tag
  */
 extern SECOidTag
 NSS_CMSAttribute_GetType(NSSCMSAttribute *attr);
 /*
  * NSS_CMSAttribute_GetValue - return the first attribute value
  *
  * We do some sanity checking first:
  * - Multiple values are *not* expected.
  * - Empty values are *not* expected.
  */
 extern SECItem *
 NSS_CMSAttribute_GetValue(NSSCMSAttribute *attr);
 /*
  * NSS_CMSAttribute_CompareValue - compare the attribute's first value against data
  */
 extern PRBool
 NSS_CMSAttribute_CompareValue(NSSCMSAttribute *attr, SECItem *av);
 /*
  * NSS_CMSAttributeArray_Encode - encode an Attribute array as SET OF Attributes
  *
  * If you are wondering why this routine does not reorder the attributes
  * first, and might be tempted to make it do so, see the comment by the
  * call to ReorderAttributes in cmsencode.c.  (Or, see who else calls this
  * and think long and hard about the implications of making it always
  * do the reordering.)
  */
 extern SECItem *
 NSS_CMSAttributeArray_Encode(PLArenaPool *poolp, NSSCMSAttribute ***attrs, SECItem *dest);
 /*
  * NSS_CMSAttributeArray_Reorder - sort attribute array by attribute's DER encoding
  *
  * make sure that the order of the attributes guarantees valid DER (which must be
  * in lexigraphically ascending order for a SET OF); if reordering is necessary it
  * will be done in place (in attrs).
  */
 extern SECStatus
 NSS_CMSAttributeArray_Reorder(NSSCMSAttribute **attrs);
 /*
  * NSS_CMSAttributeArray_FindAttrByOidTag - look through a set of attributes and
  * find one that matches the specified object ID.
  *
  * If "only" is true, then make sure that there is not more than one attribute
  * of the same type.  Otherwise, just return the first one found. (XXX Does
  * anybody really want that first-found behavior?  It was like that when I found it...)
  */
 extern NSSCMSAttribute *
 NSS_CMSAttributeArray_FindAttrByOidTag(NSSCMSAttribute **attrs, SECOidTag oidtag, PRBool only);
 /*
  * NSS_CMSAttributeArray_AddAttr - add an attribute to an
  * array of attributes.
  */
 extern SECStatus
 NSS_CMSAttributeArray_AddAttr(PLArenaPool *poolp, NSSCMSAttribute ***attrs, NSSCMSAttribute *attr);
 /*
  * NSS_CMSAttributeArray_SetAttr - set an attribute's value in a set of attributes
  */
 extern SECStatus
 NSS_CMSAttributeArray_SetAttr(PLArenaPool *poolp, NSSCMSAttribute ***attrs, SECOidTag type, SECItem *value, PRBool encoded);
 /*
  * NSS_CMSSignedData_AddTempCertificate - add temporary certificate references.
  * They may be needed for signature verification on the data, for example.
  */
 extern SECStatus
 NSS_CMSSignedData_AddTempCertificate(NSSCMSSignedData *sigd, CERTCertificate *cert);
 /*
  * local function to handle compatibility issues
  * by mapping a signature algorithm back to a digest.
  */
 SECOidTag NSS_CMSUtil_MapSignAlgs(SECOidTag signAlg);
 /************************************************************************/
 /*
  * local functions to handle user defined S/MIME content types
  */
 PRBool NSS_CMSType_IsWrapper(SECOidTag type);
 PRBool NSS_CMSType_IsData(SECOidTag type);
 size_t NSS_CMSType_GetContentSize(SECOidTag type);
 const SEC_ASN1Template * NSS_CMSType_GetTemplate(SECOidTag type);
 void NSS_CMSGenericWrapperData_Destroy(SECOidTag type,
 					NSSCMSGenericWrapperData *gd);
 SECStatus NSS_CMSGenericWrapperData_Decode_BeforeData(SECOidTag type,
 					NSSCMSGenericWrapperData *gd);
 SECStatus NSS_CMSGenericWrapperData_Decode_AfterData(SECOidTag type,
 					NSSCMSGenericWrapperData *gd);
 SECStatus NSS_CMSGenericWrapperData_Decode_AfterEnd(SECOidTag type,
 					NSSCMSGenericWrapperData *gd);
 SECStatus NSS_CMSGenericWrapperData_Encode_BeforeStart(SECOidTag type,
 					NSSCMSGenericWrapperData *gd);
 SECStatus NSS_CMSGenericWrapperData_Encode_BeforeData(SECOidTag type,
 					NSSCMSGenericWrapperData *gd);
 SECStatus NSS_CMSGenericWrapperData_Encode_AfterData(SECOidTag type,
 					NSSCMSGenericWrapperData *gd);
 SEC_END_PROTOS
 #endif /* _CMSLOCAL_H_ */

The Tor Browser / annotate

security/nss/lib/smime/cmslocal.h@b8a032363ba2 (annotated)

security/nss/lib/smime/cmslocal.h