diff options
Diffstat (limited to 'security/nss/lib/smime/cmslocal.h')
-rw-r--r-- | security/nss/lib/smime/cmslocal.h | 351 |
1 files changed, 351 insertions, 0 deletions
diff --git a/security/nss/lib/smime/cmslocal.h b/security/nss/lib/smime/cmslocal.h new file mode 100644 index 0000000000..ef7d500280 --- /dev/null +++ b/security/nss/lib/smime/cmslocal.h @@ -0,0 +1,351 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* + * Support routines for CMS implementation, none of which are exported. + * + * Do not export this file! If something in here is really needed outside + * of smime code, first try to add a CMS interface which will do it for + * you. If that has a problem, then just move out what you need, changing + * its name as appropriate! + */ + +#ifndef _CMSLOCAL_H_ +#define _CMSLOCAL_H_ + +#include "cms.h" +#include "cmsreclist.h" +#include "secasn1t.h" + +extern const SEC_ASN1Template NSSCMSContentInfoTemplate[]; + +struct NSSCMSContentInfoPrivateStr { + NSSCMSCipherContext *ciphcx; + NSSCMSDigestContext *digcx; + PRBool dontStream; +}; + +/************************************************************************/ +SEC_BEGIN_PROTOS + +/* + * private content Info stuff + */ + +/* initialize the private content info field. If this returns + * SECSuccess, the cinfo->private field is safe to dereference. + */ +SECStatus NSS_CMSContentInfo_Private_Init(NSSCMSContentInfo *cinfo); + +/*********************************************************************** + * cmscipher.c - en/decryption routines + ***********************************************************************/ + +/* + * NSS_CMSCipherContext_StartDecrypt - create a cipher context to do decryption + * based on the given bulk * encryption key and algorithm identifier (which may include an iv). + */ +extern NSSCMSCipherContext * +NSS_CMSCipherContext_StartDecrypt(PK11SymKey *key, SECAlgorithmID *algid); + +/* + * NSS_CMSCipherContext_StartEncrypt - create a cipher object to do encryption, + * based on the given bulk encryption key and algorithm tag. Fill in the algorithm + * identifier (which may include an iv) appropriately. + */ +extern NSSCMSCipherContext * +NSS_CMSCipherContext_StartEncrypt(PLArenaPool *poolp, PK11SymKey *key, SECAlgorithmID *algid); + +extern void +NSS_CMSCipherContext_Destroy(NSSCMSCipherContext *cc); + +/* + * NSS_CMSCipherContext_DecryptLength - find the output length of the next call to decrypt. + * + * cc - the cipher context + * input_len - number of bytes used as input + * final - true if this is the final chunk of data + * + * Result can be used to perform memory allocations. Note that the amount + * is exactly accurate only when not doing a block cipher or when final + * is false, otherwise it is an upper bound on the amount because until + * we see the data we do not know how many padding bytes there are + * (always between 1 and bsize). + */ +extern unsigned int +NSS_CMSCipherContext_DecryptLength(NSSCMSCipherContext *cc, unsigned int input_len, PRBool final); + +/* + * NSS_CMSCipherContext_EncryptLength - find the output length of the next call to encrypt. + * + * cc - the cipher context + * input_len - number of bytes used as input + * final - true if this is the final chunk of data + * + * Result can be used to perform memory allocations. + */ +extern unsigned int +NSS_CMSCipherContext_EncryptLength(NSSCMSCipherContext *cc, unsigned int input_len, PRBool final); + +/* + * NSS_CMSCipherContext_Decrypt - do the decryption + * + * cc - the cipher context + * output - buffer for decrypted result bytes + * output_len_p - number of bytes in output + * max_output_len - upper bound on bytes to put into output + * input - pointer to input bytes + * input_len - number of input bytes + * final - true if this is the final chunk of data + * + * Decrypts a given length of input buffer (starting at "input" and + * containing "input_len" bytes), placing the decrypted bytes in + * "output" and storing the output length in "*output_len_p". + * "cc" is the return value from NSS_CMSCipher_StartDecrypt. + * When "final" is true, this is the last of the data to be decrypted. + */ +extern SECStatus +NSS_CMSCipherContext_Decrypt(NSSCMSCipherContext *cc, unsigned char *output, + unsigned int *output_len_p, unsigned int max_output_len, + const unsigned char *input, unsigned int input_len, + PRBool final); + +/* + * NSS_CMSCipherContext_Encrypt - do the encryption + * + * cc - the cipher context + * output - buffer for decrypted result bytes + * output_len_p - number of bytes in output + * max_output_len - upper bound on bytes to put into output + * input - pointer to input bytes + * input_len - number of input bytes + * final - true if this is the final chunk of data + * + * Encrypts a given length of input buffer (starting at "input" and + * containing "input_len" bytes), placing the encrypted bytes in + * "output" and storing the output length in "*output_len_p". + * "cc" is the return value from NSS_CMSCipher_StartEncrypt. + * When "final" is true, this is the last of the data to be encrypted. + */ +extern SECStatus +NSS_CMSCipherContext_Encrypt(NSSCMSCipherContext *cc, unsigned char *output, + unsigned int *output_len_p, unsigned int max_output_len, + const unsigned char *input, unsigned int input_len, + PRBool final); + +/************************************************************************ + * cmspubkey.c - public key operations + ************************************************************************/ + +/* + * NSS_CMSUtil_EncryptSymKey_RSA - wrap a symmetric key with RSA + * + * this function takes a symmetric key and encrypts it using an RSA public key + * according to PKCS#1 and RFC2633 (S/MIME) + */ +extern SECStatus +NSS_CMSUtil_EncryptSymKey_RSA(PLArenaPool *poolp, CERTCertificate *cert, + PK11SymKey *key, + SECItem *encKey); + +extern SECStatus +NSS_CMSUtil_EncryptSymKey_RSAPubKey(PLArenaPool *poolp, + SECKEYPublicKey *publickey, + PK11SymKey *bulkkey, SECItem *encKey); + +/* + * NSS_CMSUtil_DecryptSymKey_RSA - unwrap a RSA-wrapped symmetric key + * + * this function takes an RSA-wrapped symmetric key and unwraps it, returning a symmetric + * key handle. Please note that the actual unwrapped key data may not be allowed to leave + * a hardware token... + */ +extern PK11SymKey * +NSS_CMSUtil_DecryptSymKey_RSA(SECKEYPrivateKey *privkey, SECItem *encKey, SECOidTag bulkalgtag); + +extern SECStatus +NSS_CMSUtil_EncryptSymKey_ESDH(PLArenaPool *poolp, CERTCertificate *cert, PK11SymKey *key, + SECItem *encKey, SECItem **ukm, SECAlgorithmID *keyEncAlg, + SECItem *originatorPubKey); + +extern PK11SymKey * +NSS_CMSUtil_DecryptSymKey_ESDH(SECKEYPrivateKey *privkey, SECItem *encKey, + SECAlgorithmID *keyEncAlg, SECOidTag bulkalgtag, void *pwfn_arg); + +/************************************************************************ + * cmsreclist.c - recipient list stuff + ************************************************************************/ +extern NSSCMSRecipient **nss_cms_recipient_list_create(NSSCMSRecipientInfo **recipientinfos); +extern void nss_cms_recipient_list_destroy(NSSCMSRecipient **recipient_list); +extern NSSCMSRecipientEncryptedKey *NSS_CMSRecipientEncryptedKey_Create(PLArenaPool *poolp); + +/************************************************************************ + * cmsarray.c - misc array functions + ************************************************************************/ +/* + * NSS_CMSArray_Alloc - allocate an array in an arena + */ +extern void ** +NSS_CMSArray_Alloc(PLArenaPool *poolp, int n); + +/* + * NSS_CMSArray_Add - add an element to the end of an array + */ +extern SECStatus +NSS_CMSArray_Add(PLArenaPool *poolp, void ***array, void *obj); + +/* + * NSS_CMSArray_IsEmpty - check if array is empty + */ +extern PRBool +NSS_CMSArray_IsEmpty(void **array); + +/* + * NSS_CMSArray_Count - count number of elements in array + */ +extern int +NSS_CMSArray_Count(void **array); + +/* + * NSS_CMSArray_Sort - sort an array ascending, in place + * + * If "secondary" is not NULL, the same reordering gets applied to it. + * If "tertiary" is not NULL, the same reordering gets applied to it. + * "compare" is a function that returns + * < 0 when the first element is less than the second + * = 0 when the first element is equal to the second + * > 0 when the first element is greater than the second + */ +extern void +NSS_CMSArray_Sort(void **primary, int (*compare)(void *, void *), void **secondary, void **tertiary); + +/************************************************************************ + * cmsattr.c - misc attribute functions + ************************************************************************/ +/* + * NSS_CMSAttribute_Create - create an attribute + * + * if value is NULL, the attribute won't have a value. It can be added later + * with NSS_CMSAttribute_AddValue. + */ +extern NSSCMSAttribute * +NSS_CMSAttribute_Create(PLArenaPool *poolp, SECOidTag oidtag, SECItem *value, PRBool encoded); + +/* + * NSS_CMSAttribute_AddValue - add another value to an attribute + */ +extern SECStatus +NSS_CMSAttribute_AddValue(PLArenaPool *poolp, NSSCMSAttribute *attr, SECItem *value); + +/* + * NSS_CMSAttribute_GetType - return the OID tag + */ +extern SECOidTag +NSS_CMSAttribute_GetType(NSSCMSAttribute *attr); + +/* + * NSS_CMSAttribute_GetValue - return the first attribute value + * + * We do some sanity checking first: + * - Multiple values are *not* expected. + * - Empty values are *not* expected. + */ +extern SECItem * +NSS_CMSAttribute_GetValue(NSSCMSAttribute *attr); + +/* + * NSS_CMSAttribute_CompareValue - compare the attribute's first value against data + */ +extern PRBool +NSS_CMSAttribute_CompareValue(NSSCMSAttribute *attr, SECItem *av); + +/* + * NSS_CMSAttributeArray_Encode - encode an Attribute array as SET OF Attributes + * + * If you are wondering why this routine does not reorder the attributes + * first, and might be tempted to make it do so, see the comment by the + * call to ReorderAttributes in cmsencode.c. (Or, see who else calls this + * and think long and hard about the implications of making it always + * do the reordering.) + */ +extern SECItem * +NSS_CMSAttributeArray_Encode(PLArenaPool *poolp, NSSCMSAttribute ***attrs, SECItem *dest); + +/* + * NSS_CMSAttributeArray_Reorder - sort attribute array by attribute's DER encoding + * + * make sure that the order of the attributes guarantees valid DER (which must be + * in lexigraphically ascending order for a SET OF); if reordering is necessary it + * will be done in place (in attrs). + */ +extern SECStatus +NSS_CMSAttributeArray_Reorder(NSSCMSAttribute **attrs); + +/* + * NSS_CMSAttributeArray_FindAttrByOidTag - look through a set of attributes and + * find one that matches the specified object ID. + * + * If "only" is true, then make sure that there is not more than one attribute + * of the same type. Otherwise, just return the first one found. (XXX Does + * anybody really want that first-found behavior? It was like that when I found it...) + */ +extern NSSCMSAttribute * +NSS_CMSAttributeArray_FindAttrByOidTag(NSSCMSAttribute **attrs, SECOidTag oidtag, PRBool only); + +/* + * NSS_CMSAttributeArray_AddAttr - add an attribute to an + * array of attributes. + */ +extern SECStatus +NSS_CMSAttributeArray_AddAttr(PLArenaPool *poolp, NSSCMSAttribute ***attrs, NSSCMSAttribute *attr); + +/* + * NSS_CMSAttributeArray_SetAttr - set an attribute's value in a set of attributes + */ +extern SECStatus +NSS_CMSAttributeArray_SetAttr(PLArenaPool *poolp, NSSCMSAttribute ***attrs, + SECOidTag type, SECItem *value, PRBool encoded); + +/* + * NSS_CMSSignedData_AddTempCertificate - add temporary certificate references. + * They may be needed for signature verification on the data, for example. + */ +extern SECStatus +NSS_CMSSignedData_AddTempCertificate(NSSCMSSignedData *sigd, CERTCertificate *cert); + +/* + * local function to handle compatibility issues + * by mapping a signature algorithm back to a digest. + */ +SECOidTag NSS_CMSUtil_MapSignAlgs(SECOidTag signAlg); + +/************************************************************************/ + +/* + * local functions to handle user defined S/MIME content types + */ + +PRBool NSS_CMSType_IsWrapper(SECOidTag type); +PRBool NSS_CMSType_IsData(SECOidTag type); +size_t NSS_CMSType_GetContentSize(SECOidTag type); +const SEC_ASN1Template *NSS_CMSType_GetTemplate(SECOidTag type); + +void NSS_CMSGenericWrapperData_Destroy(SECOidTag type, + NSSCMSGenericWrapperData *gd); +SECStatus NSS_CMSGenericWrapperData_Decode_BeforeData(SECOidTag type, + NSSCMSGenericWrapperData *gd); +SECStatus NSS_CMSGenericWrapperData_Decode_AfterData(SECOidTag type, + NSSCMSGenericWrapperData *gd); +SECStatus NSS_CMSGenericWrapperData_Decode_AfterEnd(SECOidTag type, + NSSCMSGenericWrapperData *gd); +SECStatus NSS_CMSGenericWrapperData_Encode_BeforeStart(SECOidTag type, + NSSCMSGenericWrapperData *gd); +SECStatus NSS_CMSGenericWrapperData_Encode_BeforeData(SECOidTag type, + NSSCMSGenericWrapperData *gd); +SECStatus NSS_CMSGenericWrapperData_Encode_AfterData(SECOidTag type, + NSSCMSGenericWrapperData *gd); + +SEC_END_PROTOS + +#endif /* _CMSLOCAL_H_ */ |