1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/nss/lib/smime/cms.h Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,1153 @@
1.4 +/* This Source Code Form is subject to the terms of the Mozilla Public
1.5 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.6 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.7 +
1.8 +/*
1.9 + * Interfaces of the CMS implementation.
1.10 + */
1.11 +
1.12 +#ifndef _CMS_H_
1.13 +#define _CMS_H_
1.14 +
1.15 +#include "seccomon.h"
1.16 +
1.17 +#include "secoidt.h"
1.18 +#include "certt.h"
1.19 +#include "keyt.h"
1.20 +#include "hasht.h"
1.21 +#include "cmst.h"
1.22 +
1.23 +/************************************************************************/
1.24 +SEC_BEGIN_PROTOS
1.25 +
1.26 +/************************************************************************
1.27 + * cmsdecode.c - CMS decoding
1.28 + ************************************************************************/
1.29 +
1.30 +/*
1.31 + * NSS_CMSDecoder_Start - set up decoding of a DER-encoded CMS message
1.32 + *
1.33 + * "poolp" - pointer to arena for message, or NULL if new pool should be created
1.34 + * "cb", "cb_arg" - callback function and argument for delivery of inner content
1.35 + * inner content will be stored in the message if cb is NULL.
1.36 + * "pwfn", pwfn_arg" - callback function for getting token password
1.37 + * "decrypt_key_cb", "decrypt_key_cb_arg" - callback function for getting bulk key for encryptedData
1.38 + */
1.39 +extern NSSCMSDecoderContext *
1.40 +NSS_CMSDecoder_Start(PLArenaPool *poolp,
1.41 + NSSCMSContentCallback cb, void *cb_arg,
1.42 + PK11PasswordFunc pwfn, void *pwfn_arg,
1.43 + NSSCMSGetDecryptKeyCallback decrypt_key_cb, void *decrypt_key_cb_arg);
1.44 +
1.45 +/*
1.46 + * NSS_CMSDecoder_Update - feed DER-encoded data to decoder
1.47 + */
1.48 +extern SECStatus
1.49 +NSS_CMSDecoder_Update(NSSCMSDecoderContext *p7dcx, const char *buf, unsigned long len);
1.50 +
1.51 +/*
1.52 + * NSS_CMSDecoder_Cancel - cancel a decoding process
1.53 + */
1.54 +extern void
1.55 +NSS_CMSDecoder_Cancel(NSSCMSDecoderContext *p7dcx);
1.56 +
1.57 +/*
1.58 + * NSS_CMSDecoder_Finish - mark the end of inner content and finish decoding
1.59 + */
1.60 +extern NSSCMSMessage *
1.61 +NSS_CMSDecoder_Finish(NSSCMSDecoderContext *p7dcx);
1.62 +
1.63 +/*
1.64 + * NSS_CMSMessage_CreateFromDER - decode a CMS message from DER encoded data
1.65 + */
1.66 +extern NSSCMSMessage *
1.67 +NSS_CMSMessage_CreateFromDER(SECItem *DERmessage,
1.68 + NSSCMSContentCallback cb, void *cb_arg,
1.69 + PK11PasswordFunc pwfn, void *pwfn_arg,
1.70 + NSSCMSGetDecryptKeyCallback decrypt_key_cb, void *decrypt_key_cb_arg);
1.71 +
1.72 +/************************************************************************
1.73 + * cmsencode.c - CMS encoding
1.74 + ************************************************************************/
1.75 +
1.76 +/*
1.77 + * NSS_CMSEncoder_Start - set up encoding of a CMS message
1.78 + *
1.79 + * "cmsg" - message to encode
1.80 + * "outputfn", "outputarg" - callback function for delivery of DER-encoded output
1.81 + * will not be called if NULL.
1.82 + * "dest" - if non-NULL, pointer to SECItem that will hold the DER-encoded output
1.83 + * "destpoolp" - pool to allocate DER-encoded output in
1.84 + * "pwfn", pwfn_arg" - callback function for getting token password
1.85 + * "decrypt_key_cb", "decrypt_key_cb_arg" - callback function for getting bulk key for encryptedData
1.86 + * "detached_digestalgs", "detached_digests" - digests from detached content
1.87 + */
1.88 +extern NSSCMSEncoderContext *
1.89 +NSS_CMSEncoder_Start(NSSCMSMessage *cmsg,
1.90 + NSSCMSContentCallback outputfn, void *outputarg,
1.91 + SECItem *dest, PLArenaPool *destpoolp,
1.92 + PK11PasswordFunc pwfn, void *pwfn_arg,
1.93 + NSSCMSGetDecryptKeyCallback decrypt_key_cb, void *decrypt_key_cb_arg,
1.94 + SECAlgorithmID **detached_digestalgs, SECItem **detached_digests);
1.95 +
1.96 +/*
1.97 + * NSS_CMSEncoder_Update - take content data delivery from the user
1.98 + *
1.99 + * "p7ecx" - encoder context
1.100 + * "data" - content data
1.101 + * "len" - length of content data
1.102 + */
1.103 +extern SECStatus
1.104 +NSS_CMSEncoder_Update(NSSCMSEncoderContext *p7ecx, const char *data, unsigned long len);
1.105 +
1.106 +/*
1.107 + * NSS_CMSEncoder_Cancel - stop all encoding
1.108 + */
1.109 +extern SECStatus
1.110 +NSS_CMSEncoder_Cancel(NSSCMSEncoderContext *p7ecx);
1.111 +
1.112 +/*
1.113 + * NSS_CMSEncoder_Finish - signal the end of data
1.114 + *
1.115 + * we need to walk down the chain of encoders and the finish them from the innermost out
1.116 + */
1.117 +extern SECStatus
1.118 +NSS_CMSEncoder_Finish(NSSCMSEncoderContext *p7ecx);
1.119 +
1.120 +/************************************************************************
1.121 + * cmsmessage.c - CMS message object
1.122 + ************************************************************************/
1.123 +
1.124 +/*
1.125 + * NSS_CMSMessage_Create - create a CMS message object
1.126 + *
1.127 + * "poolp" - arena to allocate memory from, or NULL if new arena should be created
1.128 + */
1.129 +extern NSSCMSMessage *
1.130 +NSS_CMSMessage_Create(PLArenaPool *poolp);
1.131 +
1.132 +/*
1.133 + * NSS_CMSMessage_SetEncodingParams - set up a CMS message object for encoding or decoding
1.134 + *
1.135 + * "cmsg" - message object
1.136 + * "pwfn", pwfn_arg" - callback function for getting token password
1.137 + * "decrypt_key_cb", "decrypt_key_cb_arg" - callback function for getting bulk key for encryptedData
1.138 + * "detached_digestalgs", "detached_digests" - digests from detached content
1.139 + *
1.140 + * used internally.
1.141 + */
1.142 +extern void
1.143 +NSS_CMSMessage_SetEncodingParams(NSSCMSMessage *cmsg,
1.144 + PK11PasswordFunc pwfn, void *pwfn_arg,
1.145 + NSSCMSGetDecryptKeyCallback decrypt_key_cb, void *decrypt_key_cb_arg,
1.146 + SECAlgorithmID **detached_digestalgs, SECItem **detached_digests);
1.147 +
1.148 +/*
1.149 + * NSS_CMSMessage_Destroy - destroy a CMS message and all of its sub-pieces.
1.150 + */
1.151 +extern void
1.152 +NSS_CMSMessage_Destroy(NSSCMSMessage *cmsg);
1.153 +
1.154 +/*
1.155 + * NSS_CMSMessage_Copy - return a copy of the given message.
1.156 + *
1.157 + * The copy may be virtual or may be real -- either way, the result needs
1.158 + * to be passed to NSS_CMSMessage_Destroy later (as does the original).
1.159 + */
1.160 +extern NSSCMSMessage *
1.161 +NSS_CMSMessage_Copy(NSSCMSMessage *cmsg);
1.162 +
1.163 +/*
1.164 + * NSS_CMSMessage_GetArena - return a pointer to the message's arena pool
1.165 + */
1.166 +extern PLArenaPool *
1.167 +NSS_CMSMessage_GetArena(NSSCMSMessage *cmsg);
1.168 +
1.169 +/*
1.170 + * NSS_CMSMessage_GetContentInfo - return a pointer to the top level contentInfo
1.171 + */
1.172 +extern NSSCMSContentInfo *
1.173 +NSS_CMSMessage_GetContentInfo(NSSCMSMessage *cmsg);
1.174 +
1.175 +/*
1.176 + * Return a pointer to the actual content.
1.177 + * In the case of those types which are encrypted, this returns the *plain* content.
1.178 + * In case of nested contentInfos, this descends and retrieves the innermost content.
1.179 + */
1.180 +extern SECItem *
1.181 +NSS_CMSMessage_GetContent(NSSCMSMessage *cmsg);
1.182 +
1.183 +/*
1.184 + * NSS_CMSMessage_ContentLevelCount - count number of levels of CMS content objects in this message
1.185 + *
1.186 + * CMS data content objects do not count.
1.187 + */
1.188 +extern int
1.189 +NSS_CMSMessage_ContentLevelCount(NSSCMSMessage *cmsg);
1.190 +
1.191 +/*
1.192 + * NSS_CMSMessage_ContentLevel - find content level #n
1.193 + *
1.194 + * CMS data content objects do not count.
1.195 + */
1.196 +extern NSSCMSContentInfo *
1.197 +NSS_CMSMessage_ContentLevel(NSSCMSMessage *cmsg, int n);
1.198 +
1.199 +/*
1.200 + * NSS_CMSMessage_ContainsCertsOrCrls - see if message contains certs along the way
1.201 + */
1.202 +extern PRBool
1.203 +NSS_CMSMessage_ContainsCertsOrCrls(NSSCMSMessage *cmsg);
1.204 +
1.205 +/*
1.206 + * NSS_CMSMessage_IsEncrypted - see if message contains a encrypted submessage
1.207 + */
1.208 +extern PRBool
1.209 +NSS_CMSMessage_IsEncrypted(NSSCMSMessage *cmsg);
1.210 +
1.211 +/*
1.212 + * NSS_CMSMessage_IsSigned - see if message contains a signed submessage
1.213 + *
1.214 + * If the CMS message has a SignedData with a signature (not just a SignedData)
1.215 + * return true; false otherwise. This can/should be called before calling
1.216 + * VerifySignature, which will always indicate failure if no signature is
1.217 + * present, but that does not mean there even was a signature!
1.218 + * Note that the content itself can be empty (detached content was sent
1.219 + * another way); it is the presence of the signature that matters.
1.220 + */
1.221 +extern PRBool
1.222 +NSS_CMSMessage_IsSigned(NSSCMSMessage *cmsg);
1.223 +
1.224 +/*
1.225 + * NSS_CMSMessage_IsContentEmpty - see if content is empty
1.226 + *
1.227 + * returns PR_TRUE is innermost content length is < minLen
1.228 + * XXX need the encrypted content length (why?)
1.229 + */
1.230 +extern PRBool
1.231 +NSS_CMSMessage_IsContentEmpty(NSSCMSMessage *cmsg, unsigned int minLen);
1.232 +
1.233 +/************************************************************************
1.234 + * cmscinfo.c - CMS contentInfo methods
1.235 + ************************************************************************/
1.236 +
1.237 +/*
1.238 + * NSS_CMSContentInfo_Destroy - destroy a CMS contentInfo and all of its sub-pieces.
1.239 + */
1.240 +extern void
1.241 +NSS_CMSContentInfo_Destroy(NSSCMSContentInfo *cinfo);
1.242 +
1.243 +/*
1.244 + * NSS_CMSContentInfo_GetChildContentInfo - get content's contentInfo (if it exists)
1.245 + */
1.246 +extern NSSCMSContentInfo *
1.247 +NSS_CMSContentInfo_GetChildContentInfo(NSSCMSContentInfo *cinfo);
1.248 +
1.249 +/*
1.250 + * NSS_CMSContentInfo_SetContent - set cinfo's content type & content to CMS object
1.251 + */
1.252 +extern SECStatus
1.253 +NSS_CMSContentInfo_SetContent(NSSCMSMessage *cmsg, NSSCMSContentInfo *cinfo, SECOidTag type, void *ptr);
1.254 +
1.255 +/*
1.256 + * NSS_CMSContentInfo_SetContent_XXXX - typesafe wrappers for NSS_CMSContentInfo_SetType
1.257 + * set cinfo's content type & content to CMS object
1.258 + */
1.259 +extern SECStatus
1.260 +NSS_CMSContentInfo_SetContent_Data(NSSCMSMessage *cmsg, NSSCMSContentInfo *cinfo, SECItem *data, PRBool detached);
1.261 +
1.262 +extern SECStatus
1.263 +NSS_CMSContentInfo_SetContent_SignedData(NSSCMSMessage *cmsg, NSSCMSContentInfo *cinfo, NSSCMSSignedData *sigd);
1.264 +
1.265 +extern SECStatus
1.266 +NSS_CMSContentInfo_SetContent_EnvelopedData(NSSCMSMessage *cmsg, NSSCMSContentInfo *cinfo, NSSCMSEnvelopedData *envd);
1.267 +
1.268 +extern SECStatus
1.269 +NSS_CMSContentInfo_SetContent_DigestedData(NSSCMSMessage *cmsg, NSSCMSContentInfo *cinfo, NSSCMSDigestedData *digd);
1.270 +
1.271 +extern SECStatus
1.272 +NSS_CMSContentInfo_SetContent_EncryptedData(NSSCMSMessage *cmsg, NSSCMSContentInfo *cinfo, NSSCMSEncryptedData *encd);
1.273 +
1.274 +/*
1.275 + * turn off streaming for this content type.
1.276 + * This could fail with SEC_ERROR_NO_MEMORY in memory constrained conditions.
1.277 + */
1.278 +extern SECStatus
1.279 +NSS_CMSContentInfo_SetDontStream(NSSCMSContentInfo *cinfo, PRBool dontStream);
1.280 +
1.281 +
1.282 +/*
1.283 + * NSS_CMSContentInfo_GetContent - get pointer to inner content
1.284 + *
1.285 + * needs to be casted...
1.286 + */
1.287 +extern void *
1.288 +NSS_CMSContentInfo_GetContent(NSSCMSContentInfo *cinfo);
1.289 +
1.290 +/*
1.291 + * NSS_CMSContentInfo_GetInnerContent - get pointer to innermost content
1.292 + *
1.293 + * this is typically only called by NSS_CMSMessage_GetContent()
1.294 + */
1.295 +extern SECItem *
1.296 +NSS_CMSContentInfo_GetInnerContent(NSSCMSContentInfo *cinfo);
1.297 +
1.298 +/*
1.299 + * NSS_CMSContentInfo_GetContentType{Tag,OID} - find out (saving pointer to lookup result
1.300 + * for future reference) and return the inner content type.
1.301 + */
1.302 +extern SECOidTag
1.303 +NSS_CMSContentInfo_GetContentTypeTag(NSSCMSContentInfo *cinfo);
1.304 +
1.305 +extern SECItem *
1.306 +NSS_CMSContentInfo_GetContentTypeOID(NSSCMSContentInfo *cinfo);
1.307 +
1.308 +/*
1.309 + * NSS_CMSContentInfo_GetContentEncAlgTag - find out (saving pointer to lookup result
1.310 + * for future reference) and return the content encryption algorithm tag.
1.311 + */
1.312 +extern SECOidTag
1.313 +NSS_CMSContentInfo_GetContentEncAlgTag(NSSCMSContentInfo *cinfo);
1.314 +
1.315 +/*
1.316 + * NSS_CMSContentInfo_GetContentEncAlg - find out and return the content encryption algorithm tag.
1.317 + */
1.318 +extern SECAlgorithmID *
1.319 +NSS_CMSContentInfo_GetContentEncAlg(NSSCMSContentInfo *cinfo);
1.320 +
1.321 +extern SECStatus
1.322 +NSS_CMSContentInfo_SetContentEncAlg(PLArenaPool *poolp, NSSCMSContentInfo *cinfo,
1.323 + SECOidTag bulkalgtag, SECItem *parameters, int keysize);
1.324 +
1.325 +extern SECStatus
1.326 +NSS_CMSContentInfo_SetContentEncAlgID(PLArenaPool *poolp, NSSCMSContentInfo *cinfo,
1.327 + SECAlgorithmID *algid, int keysize);
1.328 +
1.329 +extern void
1.330 +NSS_CMSContentInfo_SetBulkKey(NSSCMSContentInfo *cinfo, PK11SymKey *bulkkey);
1.331 +
1.332 +extern PK11SymKey *
1.333 +NSS_CMSContentInfo_GetBulkKey(NSSCMSContentInfo *cinfo);
1.334 +
1.335 +extern int
1.336 +NSS_CMSContentInfo_GetBulkKeySize(NSSCMSContentInfo *cinfo);
1.337 +
1.338 +/************************************************************************
1.339 + * cmsutil.c - CMS misc utility functions
1.340 + ************************************************************************/
1.341 +
1.342 +/*
1.343 + * NSS_CMSArray_SortByDER - sort array of objects by objects' DER encoding
1.344 + *
1.345 + * make sure that the order of the objects guarantees valid DER (which must be
1.346 + * in lexigraphically ascending order for a SET OF); if reordering is necessary it
1.347 + * will be done in place (in objs).
1.348 + */
1.349 +extern SECStatus
1.350 +NSS_CMSArray_SortByDER(void **objs, const SEC_ASN1Template *objtemplate, void **objs2);
1.351 +
1.352 +/*
1.353 + * NSS_CMSUtil_DERCompare - for use with NSS_CMSArray_Sort to
1.354 + * sort arrays of SECItems containing DER
1.355 + */
1.356 +extern int
1.357 +NSS_CMSUtil_DERCompare(void *a, void *b);
1.358 +
1.359 +/*
1.360 + * NSS_CMSAlgArray_GetIndexByAlgID - find a specific algorithm in an array of
1.361 + * algorithms.
1.362 + *
1.363 + * algorithmArray - array of algorithm IDs
1.364 + * algid - algorithmid of algorithm to pick
1.365 + *
1.366 + * Returns:
1.367 + * An integer containing the index of the algorithm in the array or -1 if
1.368 + * algorithm was not found.
1.369 + */
1.370 +extern int
1.371 +NSS_CMSAlgArray_GetIndexByAlgID(SECAlgorithmID **algorithmArray, SECAlgorithmID *algid);
1.372 +
1.373 +/*
1.374 + * NSS_CMSAlgArray_GetIndexByAlgID - find a specific algorithm in an array of
1.375 + * algorithms.
1.376 + *
1.377 + * algorithmArray - array of algorithm IDs
1.378 + * algiddata - id of algorithm to pick
1.379 + *
1.380 + * Returns:
1.381 + * An integer containing the index of the algorithm in the array or -1 if
1.382 + * algorithm was not found.
1.383 + */
1.384 +extern int
1.385 +NSS_CMSAlgArray_GetIndexByAlgTag(SECAlgorithmID **algorithmArray, SECOidTag algtag);
1.386 +
1.387 +extern const SECHashObject *
1.388 +NSS_CMSUtil_GetHashObjByAlgID(SECAlgorithmID *algid);
1.389 +
1.390 +extern const SEC_ASN1Template *
1.391 +NSS_CMSUtil_GetTemplateByTypeTag(SECOidTag type);
1.392 +
1.393 +extern size_t
1.394 +NSS_CMSUtil_GetSizeByTypeTag(SECOidTag type);
1.395 +
1.396 +extern NSSCMSContentInfo *
1.397 +NSS_CMSContent_GetContentInfo(void *msg, SECOidTag type);
1.398 +
1.399 +extern const char *
1.400 +NSS_CMSUtil_VerificationStatusToString(NSSCMSVerificationStatus vs);
1.401 +
1.402 +/************************************************************************
1.403 + * cmssigdata.c - CMS signedData methods
1.404 + ************************************************************************/
1.405 +
1.406 +extern NSSCMSSignedData *
1.407 +NSS_CMSSignedData_Create(NSSCMSMessage *cmsg);
1.408 +
1.409 +extern void
1.410 +NSS_CMSSignedData_Destroy(NSSCMSSignedData *sigd);
1.411 +
1.412 +/*
1.413 + * NSS_CMSSignedData_Encode_BeforeStart - do all the necessary things to a SignedData
1.414 + * before start of encoding.
1.415 + *
1.416 + * In detail:
1.417 + * - find out about the right value to put into sigd->version
1.418 + * - come up with a list of digestAlgorithms (which should be the union of the algorithms
1.419 + * in the signerinfos).
1.420 + * If we happen to have a pre-set list of algorithms (and digest values!), we
1.421 + * check if we have all the signerinfos' algorithms. If not, this is an error.
1.422 + */
1.423 +extern SECStatus
1.424 +NSS_CMSSignedData_Encode_BeforeStart(NSSCMSSignedData *sigd);
1.425 +
1.426 +extern SECStatus
1.427 +NSS_CMSSignedData_Encode_BeforeData(NSSCMSSignedData *sigd);
1.428 +
1.429 +/*
1.430 + * NSS_CMSSignedData_Encode_AfterData - do all the necessary things to a SignedData
1.431 + * after all the encapsulated data was passed through the encoder.
1.432 + *
1.433 + * In detail:
1.434 + * - create the signatures in all the SignerInfos
1.435 + *
1.436 + * Please note that nothing is done to the Certificates and CRLs in the message - this
1.437 + * is entirely the responsibility of our callers.
1.438 + */
1.439 +extern SECStatus
1.440 +NSS_CMSSignedData_Encode_AfterData(NSSCMSSignedData *sigd);
1.441 +
1.442 +extern SECStatus
1.443 +NSS_CMSSignedData_Decode_BeforeData(NSSCMSSignedData *sigd);
1.444 +
1.445 +/*
1.446 + * NSS_CMSSignedData_Decode_AfterData - do all the necessary things to a SignedData
1.447 + * after all the encapsulated data was passed through the decoder.
1.448 + */
1.449 +extern SECStatus
1.450 +NSS_CMSSignedData_Decode_AfterData(NSSCMSSignedData *sigd);
1.451 +
1.452 +/*
1.453 + * NSS_CMSSignedData_Decode_AfterEnd - do all the necessary things to a SignedData
1.454 + * after all decoding is finished.
1.455 + */
1.456 +extern SECStatus
1.457 +NSS_CMSSignedData_Decode_AfterEnd(NSSCMSSignedData *sigd);
1.458 +
1.459 +/*
1.460 + * NSS_CMSSignedData_GetSignerInfos - retrieve the SignedData's signer list
1.461 + */
1.462 +extern NSSCMSSignerInfo **
1.463 +NSS_CMSSignedData_GetSignerInfos(NSSCMSSignedData *sigd);
1.464 +
1.465 +extern int
1.466 +NSS_CMSSignedData_SignerInfoCount(NSSCMSSignedData *sigd);
1.467 +
1.468 +extern NSSCMSSignerInfo *
1.469 +NSS_CMSSignedData_GetSignerInfo(NSSCMSSignedData *sigd, int i);
1.470 +
1.471 +/*
1.472 + * NSS_CMSSignedData_GetDigestAlgs - retrieve the SignedData's digest algorithm list
1.473 + */
1.474 +extern SECAlgorithmID **
1.475 +NSS_CMSSignedData_GetDigestAlgs(NSSCMSSignedData *sigd);
1.476 +
1.477 +/*
1.478 + * NSS_CMSSignedData_GetContentInfo - return pointer to this signedData's contentinfo
1.479 + */
1.480 +extern NSSCMSContentInfo *
1.481 +NSS_CMSSignedData_GetContentInfo(NSSCMSSignedData *sigd);
1.482 +
1.483 +/*
1.484 + * NSS_CMSSignedData_GetCertificateList - retrieve the SignedData's certificate list
1.485 + */
1.486 +extern SECItem **
1.487 +NSS_CMSSignedData_GetCertificateList(NSSCMSSignedData *sigd);
1.488 +
1.489 +extern SECStatus
1.490 +NSS_CMSSignedData_ImportCerts(NSSCMSSignedData *sigd, CERTCertDBHandle *certdb,
1.491 + SECCertUsage certusage, PRBool keepcerts);
1.492 +
1.493 +/*
1.494 + * NSS_CMSSignedData_HasDigests - see if we have digests in place
1.495 + */
1.496 +extern PRBool
1.497 +NSS_CMSSignedData_HasDigests(NSSCMSSignedData *sigd);
1.498 +
1.499 +/*
1.500 + * NSS_CMSSignedData_VerifySignerInfo - check a signature.
1.501 + *
1.502 + * The digests were either calculated during decoding (and are stored in the
1.503 + * signedData itself) or set after decoding using NSS_CMSSignedData_SetDigests.
1.504 + *
1.505 + * The verification checks if the signing cert is valid and has a trusted chain
1.506 + * for the purpose specified by "certusage".
1.507 + */
1.508 +extern SECStatus
1.509 +NSS_CMSSignedData_VerifySignerInfo(NSSCMSSignedData *sigd, int i, CERTCertDBHandle *certdb,
1.510 + SECCertUsage certusage);
1.511 +
1.512 +/*
1.513 + * NSS_CMSSignedData_VerifyCertsOnly - verify the certs in a certs-only message
1.514 +*/
1.515 +extern SECStatus
1.516 +NSS_CMSSignedData_VerifyCertsOnly(NSSCMSSignedData *sigd,
1.517 + CERTCertDBHandle *certdb,
1.518 + SECCertUsage usage);
1.519 +
1.520 +extern SECStatus
1.521 +NSS_CMSSignedData_AddCertList(NSSCMSSignedData *sigd, CERTCertificateList *certlist);
1.522 +
1.523 +/*
1.524 + * NSS_CMSSignedData_AddCertChain - add cert and its entire chain to the set of certs
1.525 + */
1.526 +extern SECStatus
1.527 +NSS_CMSSignedData_AddCertChain(NSSCMSSignedData *sigd, CERTCertificate *cert);
1.528 +
1.529 +extern SECStatus
1.530 +NSS_CMSSignedData_AddCertificate(NSSCMSSignedData *sigd, CERTCertificate *cert);
1.531 +
1.532 +extern PRBool
1.533 +NSS_CMSSignedData_ContainsCertsOrCrls(NSSCMSSignedData *sigd);
1.534 +
1.535 +extern SECStatus
1.536 +NSS_CMSSignedData_AddSignerInfo(NSSCMSSignedData *sigd,
1.537 + NSSCMSSignerInfo *signerinfo);
1.538 +
1.539 +extern SECStatus
1.540 +NSS_CMSSignedData_SetDigests(NSSCMSSignedData *sigd,
1.541 + SECAlgorithmID **digestalgs,
1.542 + SECItem **digests);
1.543 +
1.544 +extern SECStatus
1.545 +NSS_CMSSignedData_SetDigestValue(NSSCMSSignedData *sigd,
1.546 + SECOidTag digestalgtag,
1.547 + SECItem *digestdata);
1.548 +
1.549 +extern SECStatus
1.550 +NSS_CMSSignedData_AddDigest(PLArenaPool *poolp,
1.551 + NSSCMSSignedData *sigd,
1.552 + SECOidTag digestalgtag,
1.553 + SECItem *digest);
1.554 +
1.555 +extern SECItem *
1.556 +NSS_CMSSignedData_GetDigestValue(NSSCMSSignedData *sigd, SECOidTag digestalgtag);
1.557 +
1.558 +/*
1.559 + * NSS_CMSSignedData_CreateCertsOnly - create a certs-only SignedData.
1.560 + *
1.561 + * cert - base certificates that will be included
1.562 + * include_chain - if true, include the complete cert chain for cert
1.563 + *
1.564 + * More certs and chains can be added via AddCertificate and AddCertChain.
1.565 + *
1.566 + * An error results in a return value of NULL and an error set.
1.567 + */
1.568 +extern NSSCMSSignedData *
1.569 +NSS_CMSSignedData_CreateCertsOnly(NSSCMSMessage *cmsg, CERTCertificate *cert, PRBool include_chain);
1.570 +
1.571 +/************************************************************************
1.572 + * cmssiginfo.c - signerinfo methods
1.573 + ************************************************************************/
1.574 +
1.575 +extern NSSCMSSignerInfo *
1.576 +NSS_CMSSignerInfo_Create(NSSCMSMessage *cmsg, CERTCertificate *cert, SECOidTag digestalgtag);
1.577 +extern NSSCMSSignerInfo *
1.578 +NSS_CMSSignerInfo_CreateWithSubjKeyID(NSSCMSMessage *cmsg, SECItem *subjKeyID, SECKEYPublicKey *pubKey, SECKEYPrivateKey *signingKey, SECOidTag digestalgtag);
1.579 +
1.580 +/*
1.581 + * NSS_CMSSignerInfo_Destroy - destroy a SignerInfo data structure
1.582 + */
1.583 +extern void
1.584 +NSS_CMSSignerInfo_Destroy(NSSCMSSignerInfo *si);
1.585 +
1.586 +/*
1.587 + * NSS_CMSSignerInfo_Sign - sign something
1.588 + *
1.589 + */
1.590 +extern SECStatus
1.591 +NSS_CMSSignerInfo_Sign(NSSCMSSignerInfo *signerinfo, SECItem *digest, SECItem *contentType);
1.592 +
1.593 +extern SECStatus
1.594 +NSS_CMSSignerInfo_VerifyCertificate(NSSCMSSignerInfo *signerinfo, CERTCertDBHandle *certdb,
1.595 + SECCertUsage certusage);
1.596 +
1.597 +/*
1.598 + * NSS_CMSSignerInfo_Verify - verify the signature of a single SignerInfo
1.599 + *
1.600 + * Just verifies the signature. The assumption is that verification of the certificate
1.601 + * is done already.
1.602 + */
1.603 +extern SECStatus
1.604 +NSS_CMSSignerInfo_Verify(NSSCMSSignerInfo *signerinfo, SECItem *digest, SECItem *contentType);
1.605 +
1.606 +extern NSSCMSVerificationStatus
1.607 +NSS_CMSSignerInfo_GetVerificationStatus(NSSCMSSignerInfo *signerinfo);
1.608 +
1.609 +extern SECOidData *
1.610 +NSS_CMSSignerInfo_GetDigestAlg(NSSCMSSignerInfo *signerinfo);
1.611 +
1.612 +extern SECOidTag
1.613 +NSS_CMSSignerInfo_GetDigestAlgTag(NSSCMSSignerInfo *signerinfo);
1.614 +
1.615 +extern int
1.616 +NSS_CMSSignerInfo_GetVersion(NSSCMSSignerInfo *signerinfo);
1.617 +
1.618 +extern CERTCertificateList *
1.619 +NSS_CMSSignerInfo_GetCertList(NSSCMSSignerInfo *signerinfo);
1.620 +
1.621 +/*
1.622 + * NSS_CMSSignerInfo_GetSigningTime - return the signing time,
1.623 + * in UTCTime format, of a CMS signerInfo.
1.624 + *
1.625 + * sinfo - signerInfo data for this signer
1.626 + *
1.627 + * Returns a pointer to XXXX (what?)
1.628 + * A return value of NULL is an error.
1.629 + */
1.630 +extern SECStatus
1.631 +NSS_CMSSignerInfo_GetSigningTime(NSSCMSSignerInfo *sinfo, PRTime *stime);
1.632 +
1.633 +/*
1.634 + * Return the signing cert of a CMS signerInfo.
1.635 + *
1.636 + * the certs in the enclosing SignedData must have been imported already
1.637 + */
1.638 +extern CERTCertificate *
1.639 +NSS_CMSSignerInfo_GetSigningCertificate(NSSCMSSignerInfo *signerinfo, CERTCertDBHandle *certdb);
1.640 +
1.641 +/*
1.642 + * NSS_CMSSignerInfo_GetSignerCommonName - return the common name of the signer
1.643 + *
1.644 + * sinfo - signerInfo data for this signer
1.645 + *
1.646 + * Returns a pointer to allocated memory, which must be freed with PORT_Free.
1.647 + * A return value of NULL is an error.
1.648 + */
1.649 +extern char *
1.650 +NSS_CMSSignerInfo_GetSignerCommonName(NSSCMSSignerInfo *sinfo);
1.651 +
1.652 +/*
1.653 + * NSS_CMSSignerInfo_GetSignerEmailAddress - return the common name of the signer
1.654 + *
1.655 + * sinfo - signerInfo data for this signer
1.656 + *
1.657 + * Returns a pointer to allocated memory, which must be freed.
1.658 + * A return value of NULL is an error.
1.659 + */
1.660 +extern char *
1.661 +NSS_CMSSignerInfo_GetSignerEmailAddress(NSSCMSSignerInfo *sinfo);
1.662 +
1.663 +/*
1.664 + * NSS_CMSSignerInfo_AddAuthAttr - add an attribute to the
1.665 + * authenticated (i.e. signed) attributes of "signerinfo".
1.666 + */
1.667 +extern SECStatus
1.668 +NSS_CMSSignerInfo_AddAuthAttr(NSSCMSSignerInfo *signerinfo, NSSCMSAttribute *attr);
1.669 +
1.670 +/*
1.671 + * NSS_CMSSignerInfo_AddUnauthAttr - add an attribute to the
1.672 + * unauthenticated attributes of "signerinfo".
1.673 + */
1.674 +extern SECStatus
1.675 +NSS_CMSSignerInfo_AddUnauthAttr(NSSCMSSignerInfo *signerinfo, NSSCMSAttribute *attr);
1.676 +
1.677 +/*
1.678 + * NSS_CMSSignerInfo_AddSigningTime - add the signing time to the
1.679 + * authenticated (i.e. signed) attributes of "signerinfo".
1.680 + *
1.681 + * This is expected to be included in outgoing signed
1.682 + * messages for email (S/MIME) but is likely useful in other situations.
1.683 + *
1.684 + * This should only be added once; a second call will do nothing.
1.685 + *
1.686 + * XXX This will probably just shove the current time into "signerinfo"
1.687 + * but it will not actually get signed until the entire item is
1.688 + * processed for encoding. Is this (expected to be small) delay okay?
1.689 + */
1.690 +extern SECStatus
1.691 +NSS_CMSSignerInfo_AddSigningTime(NSSCMSSignerInfo *signerinfo, PRTime t);
1.692 +
1.693 +/*
1.694 + * NSS_CMSSignerInfo_AddSMIMECaps - add a SMIMECapabilities attribute to the
1.695 + * authenticated (i.e. signed) attributes of "signerinfo".
1.696 + *
1.697 + * This is expected to be included in outgoing signed
1.698 + * messages for email (S/MIME).
1.699 + */
1.700 +extern SECStatus
1.701 +NSS_CMSSignerInfo_AddSMIMECaps(NSSCMSSignerInfo *signerinfo);
1.702 +
1.703 +/*
1.704 + * NSS_CMSSignerInfo_AddSMIMEEncKeyPrefs - add a SMIMEEncryptionKeyPreferences attribute to the
1.705 + * authenticated (i.e. signed) attributes of "signerinfo".
1.706 + *
1.707 + * This is expected to be included in outgoing signed messages for email (S/MIME).
1.708 + */
1.709 +SECStatus
1.710 +NSS_CMSSignerInfo_AddSMIMEEncKeyPrefs(NSSCMSSignerInfo *signerinfo, CERTCertificate *cert, CERTCertDBHandle *certdb);
1.711 +
1.712 +/*
1.713 + * NSS_CMSSignerInfo_AddMSSMIMEEncKeyPrefs - add a SMIMEEncryptionKeyPreferences attribute to the
1.714 + * authenticated (i.e. signed) attributes of "signerinfo", using the OID preferred by Microsoft.
1.715 + *
1.716 + * This is expected to be included in outgoing signed messages for email (S/MIME),
1.717 + * if compatibility with Microsoft mail clients is wanted.
1.718 + */
1.719 +SECStatus
1.720 +NSS_CMSSignerInfo_AddMSSMIMEEncKeyPrefs(NSSCMSSignerInfo *signerinfo, CERTCertificate *cert, CERTCertDBHandle *certdb);
1.721 +
1.722 +/*
1.723 + * NSS_CMSSignerInfo_AddCounterSignature - countersign a signerinfo
1.724 + */
1.725 +extern SECStatus
1.726 +NSS_CMSSignerInfo_AddCounterSignature(NSSCMSSignerInfo *signerinfo,
1.727 + SECOidTag digestalg, CERTCertificate signingcert);
1.728 +
1.729 +/*
1.730 + * XXXX the following needs to be done in the S/MIME layer code
1.731 + * after signature of a signerinfo is verified
1.732 + */
1.733 +extern SECStatus
1.734 +NSS_SMIMESignerInfo_SaveSMIMEProfile(NSSCMSSignerInfo *signerinfo);
1.735 +
1.736 +/*
1.737 + * NSS_CMSSignerInfo_IncludeCerts - set cert chain inclusion mode for this signer
1.738 + */
1.739 +extern SECStatus
1.740 +NSS_CMSSignerInfo_IncludeCerts(NSSCMSSignerInfo *signerinfo, NSSCMSCertChainMode cm, SECCertUsage usage);
1.741 +
1.742 +/************************************************************************
1.743 + * cmsenvdata.c - CMS envelopedData methods
1.744 + ************************************************************************/
1.745 +
1.746 +/*
1.747 + * NSS_CMSEnvelopedData_Create - create an enveloped data message
1.748 + */
1.749 +extern NSSCMSEnvelopedData *
1.750 +NSS_CMSEnvelopedData_Create(NSSCMSMessage *cmsg, SECOidTag algorithm, int keysize);
1.751 +
1.752 +/*
1.753 + * NSS_CMSEnvelopedData_Destroy - destroy an enveloped data message
1.754 + */
1.755 +extern void
1.756 +NSS_CMSEnvelopedData_Destroy(NSSCMSEnvelopedData *edp);
1.757 +
1.758 +/*
1.759 + * NSS_CMSEnvelopedData_GetContentInfo - return pointer to this envelopedData's contentinfo
1.760 + */
1.761 +extern NSSCMSContentInfo *
1.762 +NSS_CMSEnvelopedData_GetContentInfo(NSSCMSEnvelopedData *envd);
1.763 +
1.764 +/*
1.765 + * NSS_CMSEnvelopedData_AddRecipient - add a recipientinfo to the enveloped data msg
1.766 + *
1.767 + * rip must be created on the same pool as edp - this is not enforced, though.
1.768 + */
1.769 +extern SECStatus
1.770 +NSS_CMSEnvelopedData_AddRecipient(NSSCMSEnvelopedData *edp, NSSCMSRecipientInfo *rip);
1.771 +
1.772 +/*
1.773 + * NSS_CMSEnvelopedData_Encode_BeforeStart - prepare this envelopedData for encoding
1.774 + *
1.775 + * at this point, we need
1.776 + * - recipientinfos set up with recipient's certificates
1.777 + * - a content encryption algorithm (if none, 3DES will be used)
1.778 + *
1.779 + * this function will generate a random content encryption key (aka bulk key),
1.780 + * initialize the recipientinfos with certificate identification and wrap the bulk key
1.781 + * using the proper algorithm for every certificiate.
1.782 + * it will finally set the bulk algorithm and key so that the encode step can find it.
1.783 + */
1.784 +extern SECStatus
1.785 +NSS_CMSEnvelopedData_Encode_BeforeStart(NSSCMSEnvelopedData *envd);
1.786 +
1.787 +/*
1.788 + * NSS_CMSEnvelopedData_Encode_BeforeData - set up encryption
1.789 + */
1.790 +extern SECStatus
1.791 +NSS_CMSEnvelopedData_Encode_BeforeData(NSSCMSEnvelopedData *envd);
1.792 +
1.793 +/*
1.794 + * NSS_CMSEnvelopedData_Encode_AfterData - finalize this envelopedData for encoding
1.795 + */
1.796 +extern SECStatus
1.797 +NSS_CMSEnvelopedData_Encode_AfterData(NSSCMSEnvelopedData *envd);
1.798 +
1.799 +/*
1.800 + * NSS_CMSEnvelopedData_Decode_BeforeData - find our recipientinfo,
1.801 + * derive bulk key & set up our contentinfo
1.802 + */
1.803 +extern SECStatus
1.804 +NSS_CMSEnvelopedData_Decode_BeforeData(NSSCMSEnvelopedData *envd);
1.805 +
1.806 +/*
1.807 + * NSS_CMSEnvelopedData_Decode_AfterData - finish decrypting this envelopedData's content
1.808 + */
1.809 +extern SECStatus
1.810 +NSS_CMSEnvelopedData_Decode_AfterData(NSSCMSEnvelopedData *envd);
1.811 +
1.812 +/*
1.813 + * NSS_CMSEnvelopedData_Decode_AfterEnd - finish decoding this envelopedData
1.814 + */
1.815 +extern SECStatus
1.816 +NSS_CMSEnvelopedData_Decode_AfterEnd(NSSCMSEnvelopedData *envd);
1.817 +
1.818 +
1.819 +/************************************************************************
1.820 + * cmsrecinfo.c - CMS recipientInfo methods
1.821 + ************************************************************************/
1.822 +
1.823 +/*
1.824 + * NSS_CMSRecipientInfo_Create - create a recipientinfo
1.825 + *
1.826 + * we currently do not create KeyAgreement recipientinfos with multiple recipientEncryptedKeys
1.827 + * the certificate is supposed to have been verified by the caller
1.828 + */
1.829 +extern NSSCMSRecipientInfo *
1.830 +NSS_CMSRecipientInfo_Create(NSSCMSMessage *cmsg, CERTCertificate *cert);
1.831 +
1.832 +extern NSSCMSRecipientInfo *
1.833 +NSS_CMSRecipientInfo_CreateWithSubjKeyID(NSSCMSMessage *cmsg,
1.834 + SECItem *subjKeyID,
1.835 + SECKEYPublicKey *pubKey);
1.836 +
1.837 +extern NSSCMSRecipientInfo *
1.838 +NSS_CMSRecipientInfo_CreateWithSubjKeyIDFromCert(NSSCMSMessage *cmsg,
1.839 + CERTCertificate *cert);
1.840 +
1.841 +/*
1.842 + * NSS_CMSRecipientInfo_CreateNew - create a blank recipientinfo for
1.843 + * applications which want to encode their own CMS structures and
1.844 + * key exchange types.
1.845 + */
1.846 +extern NSSCMSRecipientInfo *
1.847 +NSS_CMSRecipientInfo_CreateNew(void* pwfn_arg);
1.848 +
1.849 +/*
1.850 + * NSS_CMSRecipientInfo_CreateFromDER - create a recipientinfo from partially
1.851 + * decoded DER data for applications which want to encode their own CMS
1.852 + * structures and key exchange types.
1.853 + */
1.854 +extern NSSCMSRecipientInfo *
1.855 +NSS_CMSRecipientInfo_CreateFromDER(SECItem* input, void* pwfn_arg);
1.856 +
1.857 +extern void
1.858 +NSS_CMSRecipientInfo_Destroy(NSSCMSRecipientInfo *ri);
1.859 +
1.860 +/*
1.861 + * NSS_CMSRecipientInfo_GetCertAndKey - retrieve the cert and key from the
1.862 + * recipientInfo struct. If retcert or retkey are NULL, the cert or
1.863 + * key (respectively) would not be returned). This function is a no-op if both
1.864 + * retcert and retkey are NULL. Caller inherits ownership of the cert and key
1.865 + * he requested (and is responsible to free them).
1.866 + */
1.867 +SECStatus NSS_CMSRecipientInfo_GetCertAndKey(NSSCMSRecipientInfo *ri,
1.868 + CERTCertificate** retcert, SECKEYPrivateKey** retkey);
1.869 +
1.870 +extern int
1.871 +NSS_CMSRecipientInfo_GetVersion(NSSCMSRecipientInfo *ri);
1.872 +
1.873 +extern SECItem *
1.874 +NSS_CMSRecipientInfo_GetEncryptedKey(NSSCMSRecipientInfo *ri, int subIndex);
1.875 +
1.876 +/*
1.877 + * NSS_CMSRecipientInfo_Encode - encode an NSS_CMSRecipientInfo as ASN.1
1.878 + */
1.879 +SECStatus NSS_CMSRecipientInfo_Encode(PLArenaPool* poolp,
1.880 + const NSSCMSRecipientInfo *src,
1.881 + SECItem* returned);
1.882 +
1.883 +extern SECOidTag
1.884 +NSS_CMSRecipientInfo_GetKeyEncryptionAlgorithmTag(NSSCMSRecipientInfo *ri);
1.885 +
1.886 +extern SECStatus
1.887 +NSS_CMSRecipientInfo_WrapBulkKey(NSSCMSRecipientInfo *ri, PK11SymKey *bulkkey, SECOidTag bulkalgtag);
1.888 +
1.889 +extern PK11SymKey *
1.890 +NSS_CMSRecipientInfo_UnwrapBulkKey(NSSCMSRecipientInfo *ri, int subIndex,
1.891 + CERTCertificate *cert, SECKEYPrivateKey *privkey, SECOidTag bulkalgtag);
1.892 +
1.893 +/************************************************************************
1.894 + * cmsencdata.c - CMS encryptedData methods
1.895 + ************************************************************************/
1.896 +/*
1.897 + * NSS_CMSEncryptedData_Create - create an empty encryptedData object.
1.898 + *
1.899 + * "algorithm" specifies the bulk encryption algorithm to use.
1.900 + * "keysize" is the key size.
1.901 + *
1.902 + * An error results in a return value of NULL and an error set.
1.903 + * (Retrieve specific errors via PORT_GetError()/XP_GetError().)
1.904 + */
1.905 +extern NSSCMSEncryptedData *
1.906 +NSS_CMSEncryptedData_Create(NSSCMSMessage *cmsg, SECOidTag algorithm, int keysize);
1.907 +
1.908 +/*
1.909 + * NSS_CMSEncryptedData_Destroy - destroy an encryptedData object
1.910 + */
1.911 +extern void
1.912 +NSS_CMSEncryptedData_Destroy(NSSCMSEncryptedData *encd);
1.913 +
1.914 +/*
1.915 + * NSS_CMSEncryptedData_GetContentInfo - return pointer to encryptedData object's contentInfo
1.916 + */
1.917 +extern NSSCMSContentInfo *
1.918 +NSS_CMSEncryptedData_GetContentInfo(NSSCMSEncryptedData *encd);
1.919 +
1.920 +/*
1.921 + * NSS_CMSEncryptedData_Encode_BeforeStart - do all the necessary things to a EncryptedData
1.922 + * before encoding begins.
1.923 + *
1.924 + * In particular:
1.925 + * - set the correct version value.
1.926 + * - get the encryption key
1.927 + */
1.928 +extern SECStatus
1.929 +NSS_CMSEncryptedData_Encode_BeforeStart(NSSCMSEncryptedData *encd);
1.930 +
1.931 +/*
1.932 + * NSS_CMSEncryptedData_Encode_BeforeData - set up encryption
1.933 + */
1.934 +extern SECStatus
1.935 +NSS_CMSEncryptedData_Encode_BeforeData(NSSCMSEncryptedData *encd);
1.936 +
1.937 +/*
1.938 + * NSS_CMSEncryptedData_Encode_AfterData - finalize this encryptedData for encoding
1.939 + */
1.940 +extern SECStatus
1.941 +NSS_CMSEncryptedData_Encode_AfterData(NSSCMSEncryptedData *encd);
1.942 +
1.943 +/*
1.944 + * NSS_CMSEncryptedData_Decode_BeforeData - find bulk key & set up decryption
1.945 + */
1.946 +extern SECStatus
1.947 +NSS_CMSEncryptedData_Decode_BeforeData(NSSCMSEncryptedData *encd);
1.948 +
1.949 +/*
1.950 + * NSS_CMSEncryptedData_Decode_AfterData - finish decrypting this encryptedData's content
1.951 + */
1.952 +extern SECStatus
1.953 +NSS_CMSEncryptedData_Decode_AfterData(NSSCMSEncryptedData *encd);
1.954 +
1.955 +/*
1.956 + * NSS_CMSEncryptedData_Decode_AfterEnd - finish decoding this encryptedData
1.957 + */
1.958 +extern SECStatus
1.959 +NSS_CMSEncryptedData_Decode_AfterEnd(NSSCMSEncryptedData *encd);
1.960 +
1.961 +/************************************************************************
1.962 + * cmsdigdata.c - CMS encryptedData methods
1.963 + ************************************************************************/
1.964 +/*
1.965 + * NSS_CMSDigestedData_Create - create a digestedData object (presumably for encoding)
1.966 + *
1.967 + * version will be set by NSS_CMSDigestedData_Encode_BeforeStart
1.968 + * digestAlg is passed as parameter
1.969 + * contentInfo must be filled by the user
1.970 + * digest will be calculated while encoding
1.971 + */
1.972 +extern NSSCMSDigestedData *
1.973 +NSS_CMSDigestedData_Create(NSSCMSMessage *cmsg, SECAlgorithmID *digestalg);
1.974 +
1.975 +/*
1.976 + * NSS_CMSDigestedData_Destroy - destroy a digestedData object
1.977 + */
1.978 +extern void
1.979 +NSS_CMSDigestedData_Destroy(NSSCMSDigestedData *digd);
1.980 +
1.981 +/*
1.982 + * NSS_CMSDigestedData_GetContentInfo - return pointer to digestedData object's contentInfo
1.983 + */
1.984 +extern NSSCMSContentInfo *
1.985 +NSS_CMSDigestedData_GetContentInfo(NSSCMSDigestedData *digd);
1.986 +
1.987 +/*
1.988 + * NSS_CMSDigestedData_Encode_BeforeStart - do all the necessary things to a DigestedData
1.989 + * before encoding begins.
1.990 + *
1.991 + * In particular:
1.992 + * - set the right version number. The contentInfo's content type must be set up already.
1.993 + */
1.994 +extern SECStatus
1.995 +NSS_CMSDigestedData_Encode_BeforeStart(NSSCMSDigestedData *digd);
1.996 +
1.997 +/*
1.998 + * NSS_CMSDigestedData_Encode_BeforeData - do all the necessary things to a DigestedData
1.999 + * before the encapsulated data is passed through the encoder.
1.1000 + *
1.1001 + * In detail:
1.1002 + * - set up the digests if necessary
1.1003 + */
1.1004 +extern SECStatus
1.1005 +NSS_CMSDigestedData_Encode_BeforeData(NSSCMSDigestedData *digd);
1.1006 +
1.1007 +/*
1.1008 + * NSS_CMSDigestedData_Encode_AfterData - do all the necessary things to a DigestedData
1.1009 + * after all the encapsulated data was passed through the encoder.
1.1010 + *
1.1011 + * In detail:
1.1012 + * - finish the digests
1.1013 + */
1.1014 +extern SECStatus
1.1015 +NSS_CMSDigestedData_Encode_AfterData(NSSCMSDigestedData *digd);
1.1016 +
1.1017 +/*
1.1018 + * NSS_CMSDigestedData_Decode_BeforeData - do all the necessary things to a DigestedData
1.1019 + * before the encapsulated data is passed through the encoder.
1.1020 + *
1.1021 + * In detail:
1.1022 + * - set up the digests if necessary
1.1023 + */
1.1024 +extern SECStatus
1.1025 +NSS_CMSDigestedData_Decode_BeforeData(NSSCMSDigestedData *digd);
1.1026 +
1.1027 +/*
1.1028 + * NSS_CMSDigestedData_Decode_AfterData - do all the necessary things to a DigestedData
1.1029 + * after all the encapsulated data was passed through the encoder.
1.1030 + *
1.1031 + * In detail:
1.1032 + * - finish the digests
1.1033 + */
1.1034 +extern SECStatus
1.1035 +NSS_CMSDigestedData_Decode_AfterData(NSSCMSDigestedData *digd);
1.1036 +
1.1037 +/*
1.1038 + * NSS_CMSDigestedData_Decode_AfterEnd - finalize a digestedData.
1.1039 + *
1.1040 + * In detail:
1.1041 + * - check the digests for equality
1.1042 + */
1.1043 +extern SECStatus
1.1044 +NSS_CMSDigestedData_Decode_AfterEnd(NSSCMSDigestedData *digd);
1.1045 +
1.1046 +/************************************************************************
1.1047 + * cmsdigest.c - digestion routines
1.1048 + ************************************************************************/
1.1049 +
1.1050 +/*
1.1051 + * NSS_CMSDigestContext_StartMultiple - start digest calculation using all the
1.1052 + * digest algorithms in "digestalgs" in parallel.
1.1053 + */
1.1054 +extern NSSCMSDigestContext *
1.1055 +NSS_CMSDigestContext_StartMultiple(SECAlgorithmID **digestalgs);
1.1056 +
1.1057 +/*
1.1058 + * NSS_CMSDigestContext_StartSingle - same as NSS_CMSDigestContext_StartMultiple, but
1.1059 + * only one algorithm.
1.1060 + */
1.1061 +extern NSSCMSDigestContext *
1.1062 +NSS_CMSDigestContext_StartSingle(SECAlgorithmID *digestalg);
1.1063 +
1.1064 +/*
1.1065 + * NSS_CMSDigestContext_Update - feed more data into the digest machine
1.1066 + */
1.1067 +extern void
1.1068 +NSS_CMSDigestContext_Update(NSSCMSDigestContext *cmsdigcx, const unsigned char *data, int len);
1.1069 +
1.1070 +/*
1.1071 + * NSS_CMSDigestContext_Cancel - cancel digesting operation
1.1072 + */
1.1073 +extern void
1.1074 +NSS_CMSDigestContext_Cancel(NSSCMSDigestContext *cmsdigcx);
1.1075 +
1.1076 +/*
1.1077 + * NSS_CMSDigestContext_FinishMultiple - finish the digests and put them
1.1078 + * into an array of SECItems (allocated on poolp)
1.1079 + */
1.1080 +extern SECStatus
1.1081 +NSS_CMSDigestContext_FinishMultiple(NSSCMSDigestContext *cmsdigcx, PLArenaPool *poolp,
1.1082 + SECItem ***digestsp);
1.1083 +
1.1084 +/*
1.1085 + * NSS_CMSDigestContext_FinishSingle - same as NSS_CMSDigestContext_FinishMultiple,
1.1086 + * but for one digest.
1.1087 + */
1.1088 +extern SECStatus
1.1089 +NSS_CMSDigestContext_FinishSingle(NSSCMSDigestContext *cmsdigcx, PLArenaPool *poolp,
1.1090 + SECItem *digest);
1.1091 +
1.1092 +/************************************************************************
1.1093 + *
1.1094 + ************************************************************************/
1.1095 +
1.1096 +/* shortcuts for basic use */
1.1097 +
1.1098 +/*
1.1099 + * NSS_CMSDEREncode - DER Encode a CMS message, with input being
1.1100 + * the plaintext message and derOut being the output,
1.1101 + * stored in arena's pool.
1.1102 + */
1.1103 +extern SECStatus
1.1104 +NSS_CMSDEREncode(NSSCMSMessage *cmsg, SECItem *input, SECItem *derOut,
1.1105 + PLArenaPool *arena);
1.1106 +
1.1107 +
1.1108 +/************************************************************************
1.1109 + *
1.1110 + ************************************************************************/
1.1111 +
1.1112 +/*
1.1113 + * define new S/MIME content type entries
1.1114 + *
1.1115 + * S/MIME uses the builtin PKCS7 oid types for encoding and decoding the
1.1116 + * various S/MIME content. Some applications have their own content type
1.1117 + * which is different from the standard content type defined by S/MIME.
1.1118 + *
1.1119 + * This function allows you to register new content types. There are basically
1.1120 + * Two different types of content, Wrappping content, and Data.
1.1121 + *
1.1122 + * For data types, All the functions below can be zero or NULL excext
1.1123 + * type and is isData, which should be your oid tag and PR_FALSE respectively
1.1124 + *
1.1125 + * For wrapping types, everything must be provided, or you will get encoder
1.1126 + * failures.
1.1127 + *
1.1128 + * If NSS doesn't already define the OID that you need, you can register
1.1129 + * your own with SECOID_AddEntry.
1.1130 + *
1.1131 + * Once you have defined your new content type, you can pass your new content
1.1132 + * type to NSS_CMSContentInfo_SetContent().
1.1133 + *
1.1134 + * If you are using a wrapping type you can pass your own data structure in
1.1135 + * the ptr field, but it must contain and embedded NSSCMSGenericWrappingData
1.1136 + * structure as the first element. The size you pass to
1.1137 + * NSS_CMSType_RegisterContentType is the total size of your self defined
1.1138 + * data structure. NSS_CMSContentInfo_GetContent will return that data
1.1139 + * structure from the content info. Your ASN1Template will be evaluated
1.1140 + * against that data structure.
1.1141 + */
1.1142 +SECStatus NSS_CMSType_RegisterContentType(SECOidTag type,
1.1143 + SEC_ASN1Template *asn1Template, size_t size,
1.1144 + NSSCMSGenericWrapperDataDestroy destroy,
1.1145 + NSSCMSGenericWrapperDataCallback decode_before,
1.1146 + NSSCMSGenericWrapperDataCallback decode_after,
1.1147 + NSSCMSGenericWrapperDataCallback decode_end,
1.1148 + NSSCMSGenericWrapperDataCallback encode_start,
1.1149 + NSSCMSGenericWrapperDataCallback encode_before,
1.1150 + NSSCMSGenericWrapperDataCallback encode_after,
1.1151 + PRBool isData);
1.1152 +
1.1153 +/************************************************************************/
1.1154 +SEC_END_PROTOS
1.1155 +
1.1156 +#endif /* _CMS_H_ */
