security/nss/lib/smime/cmslocal.h@6474c204b198
security/nss/lib/smime/cmslocal.h
Wed, 31 Dec 2014 06:09:35 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 31 Dec 2014 06:09:35 +0100
- changeset 0
- 6474c204b198
- permissions
- -rw-r--r--
Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.
1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
5 /*
6 * Support routines for CMS implementation, none of which are exported.
7 *
8 * Do not export this file! If something in here is really needed outside
9 * of smime code, first try to add a CMS interface which will do it for
10 * you. If that has a problem, then just move out what you need, changing
11 * its name as appropriate!
12 */
14 #ifndef _CMSLOCAL_H_
15 #define _CMSLOCAL_H_
17 #include "cms.h"
18 #include "cmsreclist.h"
19 #include "secasn1t.h"
21 extern const SEC_ASN1Template NSSCMSContentInfoTemplate[];
23 struct NSSCMSContentInfoPrivateStr {
24 NSSCMSCipherContext *ciphcx;
25 NSSCMSDigestContext *digcx;
26 PRBool dontStream;
27 };
29 /************************************************************************/
30 SEC_BEGIN_PROTOS
32 /*
33 * private content Info stuff
34 */
36 /* initialize the private content info field. If this returns
37 * SECSuccess, the cinfo->private field is safe to dereference.
38 */
39 SECStatus NSS_CMSContentInfo_Private_Init(NSSCMSContentInfo *cinfo);
42 /***********************************************************************
43 * cmscipher.c - en/decryption routines
44 ***********************************************************************/
46 /*
47 * NSS_CMSCipherContext_StartDecrypt - create a cipher context to do decryption
48 * based on the given bulk * encryption key and algorithm identifier (which may include an iv).
49 */
50 extern NSSCMSCipherContext *
51 NSS_CMSCipherContext_StartDecrypt(PK11SymKey *key, SECAlgorithmID *algid);
53 /*
54 * NSS_CMSCipherContext_StartEncrypt - create a cipher object to do encryption,
55 * based on the given bulk encryption key and algorithm tag. Fill in the algorithm
56 * identifier (which may include an iv) appropriately.
57 */
58 extern NSSCMSCipherContext *
59 NSS_CMSCipherContext_StartEncrypt(PLArenaPool *poolp, PK11SymKey *key, SECAlgorithmID *algid);
61 extern void
62 NSS_CMSCipherContext_Destroy(NSSCMSCipherContext *cc);
64 /*
65 * NSS_CMSCipherContext_DecryptLength - find the output length of the next call to decrypt.
66 *
67 * cc - the cipher context
68 * input_len - number of bytes used as input
69 * final - true if this is the final chunk of data
70 *
71 * Result can be used to perform memory allocations. Note that the amount
72 * is exactly accurate only when not doing a block cipher or when final
73 * is false, otherwise it is an upper bound on the amount because until
74 * we see the data we do not know how many padding bytes there are
75 * (always between 1 and bsize).
76 */
77 extern unsigned int
78 NSS_CMSCipherContext_DecryptLength(NSSCMSCipherContext *cc, unsigned int input_len, PRBool final);
80 /*
81 * NSS_CMSCipherContext_EncryptLength - find the output length of the next call to encrypt.
82 *
83 * cc - the cipher context
84 * input_len - number of bytes used as input
85 * final - true if this is the final chunk of data
86 *
87 * Result can be used to perform memory allocations.
88 */
89 extern unsigned int
90 NSS_CMSCipherContext_EncryptLength(NSSCMSCipherContext *cc, unsigned int input_len, PRBool final);
92 /*
93 * NSS_CMSCipherContext_Decrypt - do the decryption
94 *
95 * cc - the cipher context
96 * output - buffer for decrypted result bytes
97 * output_len_p - number of bytes in output
98 * max_output_len - upper bound on bytes to put into output
99 * input - pointer to input bytes
100 * input_len - number of input bytes
101 * final - true if this is the final chunk of data
102 *
103 * Decrypts a given length of input buffer (starting at "input" and
104 * containing "input_len" bytes), placing the decrypted bytes in
105 * "output" and storing the output length in "*output_len_p".
106 * "cc" is the return value from NSS_CMSCipher_StartDecrypt.
107 * When "final" is true, this is the last of the data to be decrypted.
108 */
109 extern SECStatus
110 NSS_CMSCipherContext_Decrypt(NSSCMSCipherContext *cc, unsigned char *output,
111 unsigned int *output_len_p, unsigned int max_output_len,
112 const unsigned char *input, unsigned int input_len,
113 PRBool final);
115 /*
116 * NSS_CMSCipherContext_Encrypt - do the encryption
117 *
118 * cc - the cipher context
119 * output - buffer for decrypted result bytes
120 * output_len_p - number of bytes in output
121 * max_output_len - upper bound on bytes to put into output
122 * input - pointer to input bytes
123 * input_len - number of input bytes
124 * final - true if this is the final chunk of data
125 *
126 * Encrypts a given length of input buffer (starting at "input" and
127 * containing "input_len" bytes), placing the encrypted bytes in
128 * "output" and storing the output length in "*output_len_p".
129 * "cc" is the return value from NSS_CMSCipher_StartEncrypt.
130 * When "final" is true, this is the last of the data to be encrypted.
131 */
132 extern SECStatus
133 NSS_CMSCipherContext_Encrypt(NSSCMSCipherContext *cc, unsigned char *output,
134 unsigned int *output_len_p, unsigned int max_output_len,
135 const unsigned char *input, unsigned int input_len,
136 PRBool final);
138 /************************************************************************
139 * cmspubkey.c - public key operations
140 ************************************************************************/
142 /*
143 * NSS_CMSUtil_EncryptSymKey_RSA - wrap a symmetric key with RSA
144 *
145 * this function takes a symmetric key and encrypts it using an RSA public key
146 * according to PKCS#1 and RFC2633 (S/MIME)
147 */
148 extern SECStatus
149 NSS_CMSUtil_EncryptSymKey_RSA(PLArenaPool *poolp, CERTCertificate *cert,
150 PK11SymKey *key,
151 SECItem *encKey);
153 extern SECStatus
154 NSS_CMSUtil_EncryptSymKey_RSAPubKey(PLArenaPool *poolp,
155 SECKEYPublicKey *publickey,
156 PK11SymKey *bulkkey, SECItem *encKey);
158 /*
159 * NSS_CMSUtil_DecryptSymKey_RSA - unwrap a RSA-wrapped symmetric key
160 *
161 * this function takes an RSA-wrapped symmetric key and unwraps it, returning a symmetric
162 * key handle. Please note that the actual unwrapped key data may not be allowed to leave
163 * a hardware token...
164 */
165 extern PK11SymKey *
166 NSS_CMSUtil_DecryptSymKey_RSA(SECKEYPrivateKey *privkey, SECItem *encKey, SECOidTag bulkalgtag);
168 extern SECStatus
169 NSS_CMSUtil_EncryptSymKey_ESDH(PLArenaPool *poolp, CERTCertificate *cert, PK11SymKey *key,
170 SECItem *encKey, SECItem **ukm, SECAlgorithmID *keyEncAlg,
171 SECItem *originatorPubKey);
173 extern PK11SymKey *
174 NSS_CMSUtil_DecryptSymKey_ESDH(SECKEYPrivateKey *privkey, SECItem *encKey,
175 SECAlgorithmID *keyEncAlg, SECOidTag bulkalgtag, void *pwfn_arg);
177 /************************************************************************
178 * cmsreclist.c - recipient list stuff
179 ************************************************************************/
180 extern NSSCMSRecipient **nss_cms_recipient_list_create(NSSCMSRecipientInfo **recipientinfos);
181 extern void nss_cms_recipient_list_destroy(NSSCMSRecipient **recipient_list);
182 extern NSSCMSRecipientEncryptedKey *NSS_CMSRecipientEncryptedKey_Create(PLArenaPool *poolp);
184 /************************************************************************
185 * cmsarray.c - misc array functions
186 ************************************************************************/
187 /*
188 * NSS_CMSArray_Alloc - allocate an array in an arena
189 */
190 extern void **
191 NSS_CMSArray_Alloc(PLArenaPool *poolp, int n);
193 /*
194 * NSS_CMSArray_Add - add an element to the end of an array
195 */
196 extern SECStatus
197 NSS_CMSArray_Add(PLArenaPool *poolp, void ***array, void *obj);
199 /*
200 * NSS_CMSArray_IsEmpty - check if array is empty
201 */
202 extern PRBool
203 NSS_CMSArray_IsEmpty(void **array);
205 /*
206 * NSS_CMSArray_Count - count number of elements in array
207 */
208 extern int
209 NSS_CMSArray_Count(void **array);
211 /*
212 * NSS_CMSArray_Sort - sort an array ascending, in place
213 *
214 * If "secondary" is not NULL, the same reordering gets applied to it.
215 * If "tertiary" is not NULL, the same reordering gets applied to it.
216 * "compare" is a function that returns
217 * < 0 when the first element is less than the second
218 * = 0 when the first element is equal to the second
219 * > 0 when the first element is greater than the second
220 */
221 extern void
222 NSS_CMSArray_Sort(void **primary, int (*compare)(void *,void *), void **secondary, void **tertiary);
224 /************************************************************************
225 * cmsattr.c - misc attribute functions
226 ************************************************************************/
227 /*
228 * NSS_CMSAttribute_Create - create an attribute
229 *
230 * if value is NULL, the attribute won't have a value. It can be added later
231 * with NSS_CMSAttribute_AddValue.
232 */
233 extern NSSCMSAttribute *
234 NSS_CMSAttribute_Create(PLArenaPool *poolp, SECOidTag oidtag, SECItem *value, PRBool encoded);
236 /*
237 * NSS_CMSAttribute_AddValue - add another value to an attribute
238 */
239 extern SECStatus
240 NSS_CMSAttribute_AddValue(PLArenaPool *poolp, NSSCMSAttribute *attr, SECItem *value);
242 /*
243 * NSS_CMSAttribute_GetType - return the OID tag
244 */
245 extern SECOidTag
246 NSS_CMSAttribute_GetType(NSSCMSAttribute *attr);
248 /*
249 * NSS_CMSAttribute_GetValue - return the first attribute value
250 *
251 * We do some sanity checking first:
252 * - Multiple values are *not* expected.
253 * - Empty values are *not* expected.
254 */
255 extern SECItem *
256 NSS_CMSAttribute_GetValue(NSSCMSAttribute *attr);
258 /*
259 * NSS_CMSAttribute_CompareValue - compare the attribute's first value against data
260 */
261 extern PRBool
262 NSS_CMSAttribute_CompareValue(NSSCMSAttribute *attr, SECItem *av);
264 /*
265 * NSS_CMSAttributeArray_Encode - encode an Attribute array as SET OF Attributes
266 *
267 * If you are wondering why this routine does not reorder the attributes
268 * first, and might be tempted to make it do so, see the comment by the
269 * call to ReorderAttributes in cmsencode.c. (Or, see who else calls this
270 * and think long and hard about the implications of making it always
271 * do the reordering.)
272 */
273 extern SECItem *
274 NSS_CMSAttributeArray_Encode(PLArenaPool *poolp, NSSCMSAttribute ***attrs, SECItem *dest);
276 /*
277 * NSS_CMSAttributeArray_Reorder - sort attribute array by attribute's DER encoding
278 *
279 * make sure that the order of the attributes guarantees valid DER (which must be
280 * in lexigraphically ascending order for a SET OF); if reordering is necessary it
281 * will be done in place (in attrs).
282 */
283 extern SECStatus
284 NSS_CMSAttributeArray_Reorder(NSSCMSAttribute **attrs);
286 /*
287 * NSS_CMSAttributeArray_FindAttrByOidTag - look through a set of attributes and
288 * find one that matches the specified object ID.
289 *
290 * If "only" is true, then make sure that there is not more than one attribute
291 * of the same type. Otherwise, just return the first one found. (XXX Does
292 * anybody really want that first-found behavior? It was like that when I found it...)
293 */
294 extern NSSCMSAttribute *
295 NSS_CMSAttributeArray_FindAttrByOidTag(NSSCMSAttribute **attrs, SECOidTag oidtag, PRBool only);
297 /*
298 * NSS_CMSAttributeArray_AddAttr - add an attribute to an
299 * array of attributes.
300 */
301 extern SECStatus
302 NSS_CMSAttributeArray_AddAttr(PLArenaPool *poolp, NSSCMSAttribute ***attrs, NSSCMSAttribute *attr);
304 /*
305 * NSS_CMSAttributeArray_SetAttr - set an attribute's value in a set of attributes
306 */
307 extern SECStatus
308 NSS_CMSAttributeArray_SetAttr(PLArenaPool *poolp, NSSCMSAttribute ***attrs, SECOidTag type, SECItem *value, PRBool encoded);
310 /*
311 * NSS_CMSSignedData_AddTempCertificate - add temporary certificate references.
312 * They may be needed for signature verification on the data, for example.
313 */
314 extern SECStatus
315 NSS_CMSSignedData_AddTempCertificate(NSSCMSSignedData *sigd, CERTCertificate *cert);
317 /*
318 * local function to handle compatibility issues
319 * by mapping a signature algorithm back to a digest.
320 */
321 SECOidTag NSS_CMSUtil_MapSignAlgs(SECOidTag signAlg);
324 /************************************************************************/
326 /*
327 * local functions to handle user defined S/MIME content types
328 */
331 PRBool NSS_CMSType_IsWrapper(SECOidTag type);
332 PRBool NSS_CMSType_IsData(SECOidTag type);
333 size_t NSS_CMSType_GetContentSize(SECOidTag type);
334 const SEC_ASN1Template * NSS_CMSType_GetTemplate(SECOidTag type);
336 void NSS_CMSGenericWrapperData_Destroy(SECOidTag type,
337 NSSCMSGenericWrapperData *gd);
338 SECStatus NSS_CMSGenericWrapperData_Decode_BeforeData(SECOidTag type,
339 NSSCMSGenericWrapperData *gd);
340 SECStatus NSS_CMSGenericWrapperData_Decode_AfterData(SECOidTag type,
341 NSSCMSGenericWrapperData *gd);
342 SECStatus NSS_CMSGenericWrapperData_Decode_AfterEnd(SECOidTag type,
343 NSSCMSGenericWrapperData *gd);
344 SECStatus NSS_CMSGenericWrapperData_Encode_BeforeStart(SECOidTag type,
345 NSSCMSGenericWrapperData *gd);
346 SECStatus NSS_CMSGenericWrapperData_Encode_BeforeData(SECOidTag type,
347 NSSCMSGenericWrapperData *gd);
348 SECStatus NSS_CMSGenericWrapperData_Encode_AfterData(SECOidTag type,
349 NSSCMSGenericWrapperData *gd);
351 SEC_END_PROTOS
353 #endif /* _CMSLOCAL_H_ */
