1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/nss/lib/smime/cmslocal.h Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,353 @@
1.4 +/* This Source Code Form is subject to the terms of the Mozilla Public
1.5 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.6 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.7 +
1.8 +/*
1.9 + * Support routines for CMS implementation, none of which are exported.
1.10 + *
1.11 + * Do not export this file! If something in here is really needed outside
1.12 + * of smime code, first try to add a CMS interface which will do it for
1.13 + * you. If that has a problem, then just move out what you need, changing
1.14 + * its name as appropriate!
1.15 + */
1.16 +
1.17 +#ifndef _CMSLOCAL_H_
1.18 +#define _CMSLOCAL_H_
1.19 +
1.20 +#include "cms.h"
1.21 +#include "cmsreclist.h"
1.22 +#include "secasn1t.h"
1.23 +
1.24 +extern const SEC_ASN1Template NSSCMSContentInfoTemplate[];
1.25 +
1.26 +struct NSSCMSContentInfoPrivateStr {
1.27 + NSSCMSCipherContext *ciphcx;
1.28 + NSSCMSDigestContext *digcx;
1.29 + PRBool dontStream;
1.30 +};
1.31 +
1.32 +/************************************************************************/
1.33 +SEC_BEGIN_PROTOS
1.34 +
1.35 +/*
1.36 + * private content Info stuff
1.37 + */
1.38 +
1.39 +/* initialize the private content info field. If this returns
1.40 + * SECSuccess, the cinfo->private field is safe to dereference.
1.41 + */
1.42 +SECStatus NSS_CMSContentInfo_Private_Init(NSSCMSContentInfo *cinfo);
1.43 +
1.44 +
1.45 +/***********************************************************************
1.46 + * cmscipher.c - en/decryption routines
1.47 + ***********************************************************************/
1.48 +
1.49 +/*
1.50 + * NSS_CMSCipherContext_StartDecrypt - create a cipher context to do decryption
1.51 + * based on the given bulk * encryption key and algorithm identifier (which may include an iv).
1.52 + */
1.53 +extern NSSCMSCipherContext *
1.54 +NSS_CMSCipherContext_StartDecrypt(PK11SymKey *key, SECAlgorithmID *algid);
1.55 +
1.56 +/*
1.57 + * NSS_CMSCipherContext_StartEncrypt - create a cipher object to do encryption,
1.58 + * based on the given bulk encryption key and algorithm tag. Fill in the algorithm
1.59 + * identifier (which may include an iv) appropriately.
1.60 + */
1.61 +extern NSSCMSCipherContext *
1.62 +NSS_CMSCipherContext_StartEncrypt(PLArenaPool *poolp, PK11SymKey *key, SECAlgorithmID *algid);
1.63 +
1.64 +extern void
1.65 +NSS_CMSCipherContext_Destroy(NSSCMSCipherContext *cc);
1.66 +
1.67 +/*
1.68 + * NSS_CMSCipherContext_DecryptLength - find the output length of the next call to decrypt.
1.69 + *
1.70 + * cc - the cipher context
1.71 + * input_len - number of bytes used as input
1.72 + * final - true if this is the final chunk of data
1.73 + *
1.74 + * Result can be used to perform memory allocations. Note that the amount
1.75 + * is exactly accurate only when not doing a block cipher or when final
1.76 + * is false, otherwise it is an upper bound on the amount because until
1.77 + * we see the data we do not know how many padding bytes there are
1.78 + * (always between 1 and bsize).
1.79 + */
1.80 +extern unsigned int
1.81 +NSS_CMSCipherContext_DecryptLength(NSSCMSCipherContext *cc, unsigned int input_len, PRBool final);
1.82 +
1.83 +/*
1.84 + * NSS_CMSCipherContext_EncryptLength - find the output length of the next call to encrypt.
1.85 + *
1.86 + * cc - the cipher context
1.87 + * input_len - number of bytes used as input
1.88 + * final - true if this is the final chunk of data
1.89 + *
1.90 + * Result can be used to perform memory allocations.
1.91 + */
1.92 +extern unsigned int
1.93 +NSS_CMSCipherContext_EncryptLength(NSSCMSCipherContext *cc, unsigned int input_len, PRBool final);
1.94 +
1.95 +/*
1.96 + * NSS_CMSCipherContext_Decrypt - do the decryption
1.97 + *
1.98 + * cc - the cipher context
1.99 + * output - buffer for decrypted result bytes
1.100 + * output_len_p - number of bytes in output
1.101 + * max_output_len - upper bound on bytes to put into output
1.102 + * input - pointer to input bytes
1.103 + * input_len - number of input bytes
1.104 + * final - true if this is the final chunk of data
1.105 + *
1.106 + * Decrypts a given length of input buffer (starting at "input" and
1.107 + * containing "input_len" bytes), placing the decrypted bytes in
1.108 + * "output" and storing the output length in "*output_len_p".
1.109 + * "cc" is the return value from NSS_CMSCipher_StartDecrypt.
1.110 + * When "final" is true, this is the last of the data to be decrypted.
1.111 + */
1.112 +extern SECStatus
1.113 +NSS_CMSCipherContext_Decrypt(NSSCMSCipherContext *cc, unsigned char *output,
1.114 + unsigned int *output_len_p, unsigned int max_output_len,
1.115 + const unsigned char *input, unsigned int input_len,
1.116 + PRBool final);
1.117 +
1.118 +/*
1.119 + * NSS_CMSCipherContext_Encrypt - do the encryption
1.120 + *
1.121 + * cc - the cipher context
1.122 + * output - buffer for decrypted result bytes
1.123 + * output_len_p - number of bytes in output
1.124 + * max_output_len - upper bound on bytes to put into output
1.125 + * input - pointer to input bytes
1.126 + * input_len - number of input bytes
1.127 + * final - true if this is the final chunk of data
1.128 + *
1.129 + * Encrypts a given length of input buffer (starting at "input" and
1.130 + * containing "input_len" bytes), placing the encrypted bytes in
1.131 + * "output" and storing the output length in "*output_len_p".
1.132 + * "cc" is the return value from NSS_CMSCipher_StartEncrypt.
1.133 + * When "final" is true, this is the last of the data to be encrypted.
1.134 + */
1.135 +extern SECStatus
1.136 +NSS_CMSCipherContext_Encrypt(NSSCMSCipherContext *cc, unsigned char *output,
1.137 + unsigned int *output_len_p, unsigned int max_output_len,
1.138 + const unsigned char *input, unsigned int input_len,
1.139 + PRBool final);
1.140 +
1.141 +/************************************************************************
1.142 + * cmspubkey.c - public key operations
1.143 + ************************************************************************/
1.144 +
1.145 +/*
1.146 + * NSS_CMSUtil_EncryptSymKey_RSA - wrap a symmetric key with RSA
1.147 + *
1.148 + * this function takes a symmetric key and encrypts it using an RSA public key
1.149 + * according to PKCS#1 and RFC2633 (S/MIME)
1.150 + */
1.151 +extern SECStatus
1.152 +NSS_CMSUtil_EncryptSymKey_RSA(PLArenaPool *poolp, CERTCertificate *cert,
1.153 + PK11SymKey *key,
1.154 + SECItem *encKey);
1.155 +
1.156 +extern SECStatus
1.157 +NSS_CMSUtil_EncryptSymKey_RSAPubKey(PLArenaPool *poolp,
1.158 + SECKEYPublicKey *publickey,
1.159 + PK11SymKey *bulkkey, SECItem *encKey);
1.160 +
1.161 +/*
1.162 + * NSS_CMSUtil_DecryptSymKey_RSA - unwrap a RSA-wrapped symmetric key
1.163 + *
1.164 + * this function takes an RSA-wrapped symmetric key and unwraps it, returning a symmetric
1.165 + * key handle. Please note that the actual unwrapped key data may not be allowed to leave
1.166 + * a hardware token...
1.167 + */
1.168 +extern PK11SymKey *
1.169 +NSS_CMSUtil_DecryptSymKey_RSA(SECKEYPrivateKey *privkey, SECItem *encKey, SECOidTag bulkalgtag);
1.170 +
1.171 +extern SECStatus
1.172 +NSS_CMSUtil_EncryptSymKey_ESDH(PLArenaPool *poolp, CERTCertificate *cert, PK11SymKey *key,
1.173 + SECItem *encKey, SECItem **ukm, SECAlgorithmID *keyEncAlg,
1.174 + SECItem *originatorPubKey);
1.175 +
1.176 +extern PK11SymKey *
1.177 +NSS_CMSUtil_DecryptSymKey_ESDH(SECKEYPrivateKey *privkey, SECItem *encKey,
1.178 + SECAlgorithmID *keyEncAlg, SECOidTag bulkalgtag, void *pwfn_arg);
1.179 +
1.180 +/************************************************************************
1.181 + * cmsreclist.c - recipient list stuff
1.182 + ************************************************************************/
1.183 +extern NSSCMSRecipient **nss_cms_recipient_list_create(NSSCMSRecipientInfo **recipientinfos);
1.184 +extern void nss_cms_recipient_list_destroy(NSSCMSRecipient **recipient_list);
1.185 +extern NSSCMSRecipientEncryptedKey *NSS_CMSRecipientEncryptedKey_Create(PLArenaPool *poolp);
1.186 +
1.187 +/************************************************************************
1.188 + * cmsarray.c - misc array functions
1.189 + ************************************************************************/
1.190 +/*
1.191 + * NSS_CMSArray_Alloc - allocate an array in an arena
1.192 + */
1.193 +extern void **
1.194 +NSS_CMSArray_Alloc(PLArenaPool *poolp, int n);
1.195 +
1.196 +/*
1.197 + * NSS_CMSArray_Add - add an element to the end of an array
1.198 + */
1.199 +extern SECStatus
1.200 +NSS_CMSArray_Add(PLArenaPool *poolp, void ***array, void *obj);
1.201 +
1.202 +/*
1.203 + * NSS_CMSArray_IsEmpty - check if array is empty
1.204 + */
1.205 +extern PRBool
1.206 +NSS_CMSArray_IsEmpty(void **array);
1.207 +
1.208 +/*
1.209 + * NSS_CMSArray_Count - count number of elements in array
1.210 + */
1.211 +extern int
1.212 +NSS_CMSArray_Count(void **array);
1.213 +
1.214 +/*
1.215 + * NSS_CMSArray_Sort - sort an array ascending, in place
1.216 + *
1.217 + * If "secondary" is not NULL, the same reordering gets applied to it.
1.218 + * If "tertiary" is not NULL, the same reordering gets applied to it.
1.219 + * "compare" is a function that returns
1.220 + * < 0 when the first element is less than the second
1.221 + * = 0 when the first element is equal to the second
1.222 + * > 0 when the first element is greater than the second
1.223 + */
1.224 +extern void
1.225 +NSS_CMSArray_Sort(void **primary, int (*compare)(void *,void *), void **secondary, void **tertiary);
1.226 +
1.227 +/************************************************************************
1.228 + * cmsattr.c - misc attribute functions
1.229 + ************************************************************************/
1.230 +/*
1.231 + * NSS_CMSAttribute_Create - create an attribute
1.232 + *
1.233 + * if value is NULL, the attribute won't have a value. It can be added later
1.234 + * with NSS_CMSAttribute_AddValue.
1.235 + */
1.236 +extern NSSCMSAttribute *
1.237 +NSS_CMSAttribute_Create(PLArenaPool *poolp, SECOidTag oidtag, SECItem *value, PRBool encoded);
1.238 +
1.239 +/*
1.240 + * NSS_CMSAttribute_AddValue - add another value to an attribute
1.241 + */
1.242 +extern SECStatus
1.243 +NSS_CMSAttribute_AddValue(PLArenaPool *poolp, NSSCMSAttribute *attr, SECItem *value);
1.244 +
1.245 +/*
1.246 + * NSS_CMSAttribute_GetType - return the OID tag
1.247 + */
1.248 +extern SECOidTag
1.249 +NSS_CMSAttribute_GetType(NSSCMSAttribute *attr);
1.250 +
1.251 +/*
1.252 + * NSS_CMSAttribute_GetValue - return the first attribute value
1.253 + *
1.254 + * We do some sanity checking first:
1.255 + * - Multiple values are *not* expected.
1.256 + * - Empty values are *not* expected.
1.257 + */
1.258 +extern SECItem *
1.259 +NSS_CMSAttribute_GetValue(NSSCMSAttribute *attr);
1.260 +
1.261 +/*
1.262 + * NSS_CMSAttribute_CompareValue - compare the attribute's first value against data
1.263 + */
1.264 +extern PRBool
1.265 +NSS_CMSAttribute_CompareValue(NSSCMSAttribute *attr, SECItem *av);
1.266 +
1.267 +/*
1.268 + * NSS_CMSAttributeArray_Encode - encode an Attribute array as SET OF Attributes
1.269 + *
1.270 + * If you are wondering why this routine does not reorder the attributes
1.271 + * first, and might be tempted to make it do so, see the comment by the
1.272 + * call to ReorderAttributes in cmsencode.c. (Or, see who else calls this
1.273 + * and think long and hard about the implications of making it always
1.274 + * do the reordering.)
1.275 + */
1.276 +extern SECItem *
1.277 +NSS_CMSAttributeArray_Encode(PLArenaPool *poolp, NSSCMSAttribute ***attrs, SECItem *dest);
1.278 +
1.279 +/*
1.280 + * NSS_CMSAttributeArray_Reorder - sort attribute array by attribute's DER encoding
1.281 + *
1.282 + * make sure that the order of the attributes guarantees valid DER (which must be
1.283 + * in lexigraphically ascending order for a SET OF); if reordering is necessary it
1.284 + * will be done in place (in attrs).
1.285 + */
1.286 +extern SECStatus
1.287 +NSS_CMSAttributeArray_Reorder(NSSCMSAttribute **attrs);
1.288 +
1.289 +/*
1.290 + * NSS_CMSAttributeArray_FindAttrByOidTag - look through a set of attributes and
1.291 + * find one that matches the specified object ID.
1.292 + *
1.293 + * If "only" is true, then make sure that there is not more than one attribute
1.294 + * of the same type. Otherwise, just return the first one found. (XXX Does
1.295 + * anybody really want that first-found behavior? It was like that when I found it...)
1.296 + */
1.297 +extern NSSCMSAttribute *
1.298 +NSS_CMSAttributeArray_FindAttrByOidTag(NSSCMSAttribute **attrs, SECOidTag oidtag, PRBool only);
1.299 +
1.300 +/*
1.301 + * NSS_CMSAttributeArray_AddAttr - add an attribute to an
1.302 + * array of attributes.
1.303 + */
1.304 +extern SECStatus
1.305 +NSS_CMSAttributeArray_AddAttr(PLArenaPool *poolp, NSSCMSAttribute ***attrs, NSSCMSAttribute *attr);
1.306 +
1.307 +/*
1.308 + * NSS_CMSAttributeArray_SetAttr - set an attribute's value in a set of attributes
1.309 + */
1.310 +extern SECStatus
1.311 +NSS_CMSAttributeArray_SetAttr(PLArenaPool *poolp, NSSCMSAttribute ***attrs, SECOidTag type, SECItem *value, PRBool encoded);
1.312 +
1.313 +/*
1.314 + * NSS_CMSSignedData_AddTempCertificate - add temporary certificate references.
1.315 + * They may be needed for signature verification on the data, for example.
1.316 + */
1.317 +extern SECStatus
1.318 +NSS_CMSSignedData_AddTempCertificate(NSSCMSSignedData *sigd, CERTCertificate *cert);
1.319 +
1.320 +/*
1.321 + * local function to handle compatibility issues
1.322 + * by mapping a signature algorithm back to a digest.
1.323 + */
1.324 +SECOidTag NSS_CMSUtil_MapSignAlgs(SECOidTag signAlg);
1.325 +
1.326 +
1.327 +/************************************************************************/
1.328 +
1.329 +/*
1.330 + * local functions to handle user defined S/MIME content types
1.331 + */
1.332 +
1.333 +
1.334 +PRBool NSS_CMSType_IsWrapper(SECOidTag type);
1.335 +PRBool NSS_CMSType_IsData(SECOidTag type);
1.336 +size_t NSS_CMSType_GetContentSize(SECOidTag type);
1.337 +const SEC_ASN1Template * NSS_CMSType_GetTemplate(SECOidTag type);
1.338 +
1.339 +void NSS_CMSGenericWrapperData_Destroy(SECOidTag type,
1.340 + NSSCMSGenericWrapperData *gd);
1.341 +SECStatus NSS_CMSGenericWrapperData_Decode_BeforeData(SECOidTag type,
1.342 + NSSCMSGenericWrapperData *gd);
1.343 +SECStatus NSS_CMSGenericWrapperData_Decode_AfterData(SECOidTag type,
1.344 + NSSCMSGenericWrapperData *gd);
1.345 +SECStatus NSS_CMSGenericWrapperData_Decode_AfterEnd(SECOidTag type,
1.346 + NSSCMSGenericWrapperData *gd);
1.347 +SECStatus NSS_CMSGenericWrapperData_Encode_BeforeStart(SECOidTag type,
1.348 + NSSCMSGenericWrapperData *gd);
1.349 +SECStatus NSS_CMSGenericWrapperData_Encode_BeforeData(SECOidTag type,
1.350 + NSSCMSGenericWrapperData *gd);
1.351 +SECStatus NSS_CMSGenericWrapperData_Encode_AfterData(SECOidTag type,
1.352 + NSSCMSGenericWrapperData *gd);
1.353 +
1.354 +SEC_END_PROTOS
1.355 +
1.356 +#endif /* _CMSLOCAL_H_ */
