The Tor Browser / annotate

security/nss/lib/smime/smime.h@b8a032363ba2 (annotated)

security/nss/lib/smime/smime.h

Thu, 22 Jan 2015 13:21:57 +0100

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Thu, 22 Jan 2015 13:21:57 +0100
branch
TOR_BUG_9701
changeset 15
b8a032363ba2
permissions
-rw-r--r--

Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6

michael@0 1 /* This Source Code Form is subject to the terms of the Mozilla Public
michael@0 2 * License, v. 2.0. If a copy of the MPL was not distributed with this
michael@0 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
michael@0 4
michael@0 5 /*
michael@0 6 * Header file for routines specific to S/MIME. Keep things that are pure
michael@0 7 * pkcs7 out of here; this is for S/MIME policy, S/MIME interoperability, etc.
michael@0 8 */
michael@0 9
michael@0 10 #ifndef _SMIME_H_
michael@0 11 #define _SMIME_H_ 1
michael@0 12
michael@0 13 #include "cms.h"
michael@0 14
michael@0 15
michael@0 16 /************************************************************************/
michael@0 17 SEC_BEGIN_PROTOS
michael@0 18
michael@0 19 /*
michael@0 20 * Initialize the local recording of the user S/MIME cipher preferences.
michael@0 21 * This function is called once for each cipher, the order being
michael@0 22 * important (first call records greatest preference, and so on).
michael@0 23 * When finished, it is called with a "which" of CIPHER_FAMILID_MASK.
michael@0 24 * If the function is called again after that, it is assumed that
michael@0 25 * the preferences are being reset, and the old preferences are
michael@0 26 * discarded.
michael@0 27 *
michael@0 28 * XXX This is for a particular user, and right now the storage is
michael@0 29 * XXX local, static. The preference should be stored elsewhere to allow
michael@0 30 * XXX for multiple uses of one library? How does SSL handle this;
michael@0 31 * XXX it has something similar?
michael@0 32 *
michael@0 33 * - The "which" values are defined in ciferfam.h (the SMIME_* values,
michael@0 34 * for example SMIME_DES_CBC_56).
michael@0 35 * - If "on" is non-zero then the named cipher is enabled, otherwise
michael@0 36 * it is disabled. (It is not necessary to call the function for
michael@0 37 * ciphers that are disabled, however, as that is the default.)
michael@0 38 *
michael@0 39 * If the cipher preference is successfully recorded, SECSuccess
michael@0 40 * is returned. Otherwise SECFailure is returned. The only errors
michael@0 41 * are due to failure allocating memory or bad parameters/calls:
michael@0 42 * SEC_ERROR_XXX ("which" is not in the S/MIME cipher family)
michael@0 43 * SEC_ERROR_XXX (function is being called more times than there
michael@0 44 * are known/expected ciphers)
michael@0 45 */
michael@0 46 extern SECStatus NSS_SMIMEUtil_EnableCipher(long which, int on);
michael@0 47
michael@0 48 /*
michael@0 49 * Initialize the local recording of the S/MIME policy.
michael@0 50 * This function is called to allow/disallow a particular cipher.
michael@0 51 *
michael@0 52 * XXX This is for the current module, I think, so local, static storage
michael@0 53 * XXX is okay. Is that correct, or could multiple uses of the same
michael@0 54 * XXX library expect to operate under different policies?
michael@0 55 *
michael@0 56 * - The "which" values are defined in ciferfam.h (the SMIME_* values,
michael@0 57 * for example SMIME_DES_CBC_56).
michael@0 58 * - If "on" is non-zero then the named cipher is enabled, otherwise
michael@0 59 * it is disabled.
michael@0 60 */
michael@0 61 extern SECStatus NSS_SMIMEUtils_AllowCipher(long which, int on);
michael@0 62
michael@0 63 /*
michael@0 64 * Does the current policy allow S/MIME decryption of this particular
michael@0 65 * algorithm and keysize?
michael@0 66 */
michael@0 67 extern PRBool NSS_SMIMEUtil_DecryptionAllowed(SECAlgorithmID *algid, PK11SymKey *key);
michael@0 68
michael@0 69 /*
michael@0 70 * Does the current policy allow *any* S/MIME encryption (or decryption)?
michael@0 71 *
michael@0 72 * This tells whether or not *any* S/MIME encryption can be done,
michael@0 73 * according to policy. Callers may use this to do nicer user interface
michael@0 74 * (say, greying out a checkbox so a user does not even try to encrypt
michael@0 75 * a message when they are not allowed to) or for any reason they want
michael@0 76 * to check whether S/MIME encryption (or decryption, for that matter)
michael@0 77 * may be done.
michael@0 78 *
michael@0 79 * It takes no arguments. The return value is a simple boolean:
michael@0 80 * PR_TRUE means encryption (or decryption) is *possible*
michael@0 81 * (but may still fail due to other reasons, like because we cannot
michael@0 82 * find all the necessary certs, etc.; PR_TRUE is *not* a guarantee)
michael@0 83 * PR_FALSE means encryption (or decryption) is not permitted
michael@0 84 *
michael@0 85 * There are no errors from this routine.
michael@0 86 */
michael@0 87 extern PRBool NSS_SMIMEUtil_EncryptionPossible(void);
michael@0 88
michael@0 89 /*
michael@0 90 * NSS_SMIMEUtil_CreateSMIMECapabilities - get S/MIME capabilities attr value
michael@0 91 *
michael@0 92 * scans the list of allowed and enabled ciphers and construct a PKCS9-compliant
michael@0 93 * S/MIME capabilities attribute value.
michael@0 94 */
michael@0 95 extern SECStatus NSS_SMIMEUtil_CreateSMIMECapabilities(PLArenaPool *poolp, SECItem *dest);
michael@0 96
michael@0 97 /*
michael@0 98 * NSS_SMIMEUtil_CreateSMIMEEncKeyPrefs - create S/MIME encryption key preferences attr value
michael@0 99 */
michael@0 100 extern SECStatus NSS_SMIMEUtil_CreateSMIMEEncKeyPrefs(PLArenaPool *poolp, SECItem *dest, CERTCertificate *cert);
michael@0 101
michael@0 102 /*
michael@0 103 * NSS_SMIMEUtil_CreateMSSMIMEEncKeyPrefs - create S/MIME encryption key preferences attr value using MS oid
michael@0 104 */
michael@0 105 extern SECStatus NSS_SMIMEUtil_CreateMSSMIMEEncKeyPrefs(PLArenaPool *poolp, SECItem *dest, CERTCertificate *cert);
michael@0 106
michael@0 107 /*
michael@0 108 * NSS_SMIMEUtil_GetCertFromEncryptionKeyPreference - find cert marked by EncryptionKeyPreference
michael@0 109 * attribute
michael@0 110 */
michael@0 111 extern CERTCertificate *NSS_SMIMEUtil_GetCertFromEncryptionKeyPreference(CERTCertDBHandle *certdb, SECItem *DERekp);
michael@0 112
michael@0 113 /*
michael@0 114 * NSS_SMIMEUtil_FindBulkAlgForRecipients - find bulk algorithm suitable for all recipients
michael@0 115 */
michael@0 116 extern SECStatus
michael@0 117 NSS_SMIMEUtil_FindBulkAlgForRecipients(CERTCertificate **rcerts, SECOidTag *bulkalgtag, int *keysize);
michael@0 118
michael@0 119 /*
michael@0 120 * Return a boolean that indicates whether the underlying library
michael@0 121 * will perform as the caller expects.
michael@0 122 *
michael@0 123 * The only argument is a string, which should be the version
michael@0 124 * identifier of the NSS library. That string will be compared
michael@0 125 * against a string that represents the actual build version of
michael@0 126 * the S/MIME library.
michael@0 127 */
michael@0 128 extern PRBool NSSSMIME_VersionCheck(const char *importedVersion);
michael@0 129
michael@0 130 /*
michael@0 131 * Returns a const string of the S/MIME library version.
michael@0 132 */
michael@0 133 extern const char *NSSSMIME_GetVersion(void);
michael@0 134
michael@0 135 /************************************************************************/
michael@0 136 SEC_END_PROTOS
michael@0 137
michael@0 138 #endif /* _SECMIME_H_ */

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial