| OLD | NEW |
| (Empty) |
| 1 /* This Source Code Form is subject to the terms of the Mozilla Public | |
| 2 * License, v. 2.0. If a copy of the MPL was not distributed with this | |
| 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | |
| 4 | |
| 5 /* | |
| 6 * Interfaces of the CMS implementation. | |
| 7 * | |
| 8 * $Id: cms.h,v 1.27 2012/04/25 14:50:08 gerv%gerv.net Exp $ | |
| 9 */ | |
| 10 | |
| 11 #ifndef _CMS_H_ | |
| 12 #define _CMS_H_ | |
| 13 | |
| 14 #include "seccomon.h" | |
| 15 | |
| 16 #include "secoidt.h" | |
| 17 #include "certt.h" | |
| 18 #include "keyt.h" | |
| 19 #include "hasht.h" | |
| 20 #include "cmst.h" | |
| 21 | |
| 22 /************************************************************************/ | |
| 23 SEC_BEGIN_PROTOS | |
| 24 | |
| 25 /************************************************************************ | |
| 26 * cmsdecode.c - CMS decoding | |
| 27 ************************************************************************/ | |
| 28 | |
| 29 /* | |
| 30 * NSS_CMSDecoder_Start - set up decoding of a DER-encoded CMS message | |
| 31 * | |
| 32 * "poolp" - pointer to arena for message, or NULL if new pool should be created | |
| 33 * "cb", "cb_arg" - callback function and argument for delivery of inner content | |
| 34 * inner content will be stored in the message if cb is NULL. | |
| 35 * "pwfn", pwfn_arg" - callback function for getting token password | |
| 36 * "decrypt_key_cb", "decrypt_key_cb_arg" - callback function for getting bulk k
ey for encryptedData | |
| 37 */ | |
| 38 extern NSSCMSDecoderContext * | |
| 39 NSS_CMSDecoder_Start(PLArenaPool *poolp, | |
| 40 NSSCMSContentCallback cb, void *cb_arg, | |
| 41 PK11PasswordFunc pwfn, void *pwfn_arg, | |
| 42 NSSCMSGetDecryptKeyCallback decrypt_key_cb, void *decrypt_
key_cb_arg); | |
| 43 | |
| 44 /* | |
| 45 * NSS_CMSDecoder_Update - feed DER-encoded data to decoder | |
| 46 */ | |
| 47 extern SECStatus | |
| 48 NSS_CMSDecoder_Update(NSSCMSDecoderContext *p7dcx, const char *buf, unsigned lon
g len); | |
| 49 | |
| 50 /* | |
| 51 * NSS_CMSDecoder_Cancel - cancel a decoding process | |
| 52 */ | |
| 53 extern void | |
| 54 NSS_CMSDecoder_Cancel(NSSCMSDecoderContext *p7dcx); | |
| 55 | |
| 56 /* | |
| 57 * NSS_CMSDecoder_Finish - mark the end of inner content and finish decoding | |
| 58 */ | |
| 59 extern NSSCMSMessage * | |
| 60 NSS_CMSDecoder_Finish(NSSCMSDecoderContext *p7dcx); | |
| 61 | |
| 62 /* | |
| 63 * NSS_CMSMessage_CreateFromDER - decode a CMS message from DER encoded data | |
| 64 */ | |
| 65 extern NSSCMSMessage * | |
| 66 NSS_CMSMessage_CreateFromDER(SECItem *DERmessage, | |
| 67 NSSCMSContentCallback cb, void *cb_arg, | |
| 68 PK11PasswordFunc pwfn, void *pwfn_arg, | |
| 69 NSSCMSGetDecryptKeyCallback decrypt_key_cb, void *decrypt_ke
y_cb_arg); | |
| 70 | |
| 71 /************************************************************************ | |
| 72 * cmsencode.c - CMS encoding | |
| 73 ************************************************************************/ | |
| 74 | |
| 75 /* | |
| 76 * NSS_CMSEncoder_Start - set up encoding of a CMS message | |
| 77 * | |
| 78 * "cmsg" - message to encode | |
| 79 * "outputfn", "outputarg" - callback function for delivery of DER-encoded outpu
t | |
| 80 * will not be called if NULL. | |
| 81 * "dest" - if non-NULL, pointer to SECItem that will hold the DER-encoded outpu
t | |
| 82 * "destpoolp" - pool to allocate DER-encoded output in | |
| 83 * "pwfn", pwfn_arg" - callback function for getting token password | |
| 84 * "decrypt_key_cb", "decrypt_key_cb_arg" - callback function for getting bulk k
ey for encryptedData | |
| 85 * "detached_digestalgs", "detached_digests" - digests from detached content | |
| 86 */ | |
| 87 extern NSSCMSEncoderContext * | |
| 88 NSS_CMSEncoder_Start(NSSCMSMessage *cmsg, | |
| 89 NSSCMSContentCallback outputfn, void *outputarg, | |
| 90 SECItem *dest, PLArenaPool *destpoolp, | |
| 91 PK11PasswordFunc pwfn, void *pwfn_arg, | |
| 92 NSSCMSGetDecryptKeyCallback decrypt_key_cb, void *decryp
t_key_cb_arg, | |
| 93 SECAlgorithmID **detached_digestalgs, SECItem **detached
_digests); | |
| 94 | |
| 95 /* | |
| 96 * NSS_CMSEncoder_Update - take content data delivery from the user | |
| 97 * | |
| 98 * "p7ecx" - encoder context | |
| 99 * "data" - content data | |
| 100 * "len" - length of content data | |
| 101 */ | |
| 102 extern SECStatus | |
| 103 NSS_CMSEncoder_Update(NSSCMSEncoderContext *p7ecx, const char *data, unsigned lo
ng len); | |
| 104 | |
| 105 /* | |
| 106 * NSS_CMSEncoder_Cancel - stop all encoding | |
| 107 */ | |
| 108 extern SECStatus | |
| 109 NSS_CMSEncoder_Cancel(NSSCMSEncoderContext *p7ecx); | |
| 110 | |
| 111 /* | |
| 112 * NSS_CMSEncoder_Finish - signal the end of data | |
| 113 * | |
| 114 * we need to walk down the chain of encoders and the finish them from the inner
most out | |
| 115 */ | |
| 116 extern SECStatus | |
| 117 NSS_CMSEncoder_Finish(NSSCMSEncoderContext *p7ecx); | |
| 118 | |
| 119 /************************************************************************ | |
| 120 * cmsmessage.c - CMS message object | |
| 121 ************************************************************************/ | |
| 122 | |
| 123 /* | |
| 124 * NSS_CMSMessage_Create - create a CMS message object | |
| 125 * | |
| 126 * "poolp" - arena to allocate memory from, or NULL if new arena should be creat
ed | |
| 127 */ | |
| 128 extern NSSCMSMessage * | |
| 129 NSS_CMSMessage_Create(PLArenaPool *poolp); | |
| 130 | |
| 131 /* | |
| 132 * NSS_CMSMessage_SetEncodingParams - set up a CMS message object for encoding o
r decoding | |
| 133 * | |
| 134 * "cmsg" - message object | |
| 135 * "pwfn", pwfn_arg" - callback function for getting token password | |
| 136 * "decrypt_key_cb", "decrypt_key_cb_arg" - callback function for getting bulk k
ey for encryptedData | |
| 137 * "detached_digestalgs", "detached_digests" - digests from detached content | |
| 138 * | |
| 139 * used internally. | |
| 140 */ | |
| 141 extern void | |
| 142 NSS_CMSMessage_SetEncodingParams(NSSCMSMessage *cmsg, | |
| 143 PK11PasswordFunc pwfn, void *pwfn_arg, | |
| 144 NSSCMSGetDecryptKeyCallback decrypt_key_cb, void *decryp
t_key_cb_arg, | |
| 145 SECAlgorithmID **detached_digestalgs, SECItem **detached
_digests); | |
| 146 | |
| 147 /* | |
| 148 * NSS_CMSMessage_Destroy - destroy a CMS message and all of its sub-pieces. | |
| 149 */ | |
| 150 extern void | |
| 151 NSS_CMSMessage_Destroy(NSSCMSMessage *cmsg); | |
| 152 | |
| 153 /* | |
| 154 * NSS_CMSMessage_Copy - return a copy of the given message. | |
| 155 * | |
| 156 * The copy may be virtual or may be real -- either way, the result needs | |
| 157 * to be passed to NSS_CMSMessage_Destroy later (as does the original). | |
| 158 */ | |
| 159 extern NSSCMSMessage * | |
| 160 NSS_CMSMessage_Copy(NSSCMSMessage *cmsg); | |
| 161 | |
| 162 /* | |
| 163 * NSS_CMSMessage_GetArena - return a pointer to the message's arena pool | |
| 164 */ | |
| 165 extern PLArenaPool * | |
| 166 NSS_CMSMessage_GetArena(NSSCMSMessage *cmsg); | |
| 167 | |
| 168 /* | |
| 169 * NSS_CMSMessage_GetContentInfo - return a pointer to the top level contentInfo | |
| 170 */ | |
| 171 extern NSSCMSContentInfo * | |
| 172 NSS_CMSMessage_GetContentInfo(NSSCMSMessage *cmsg); | |
| 173 | |
| 174 /* | |
| 175 * Return a pointer to the actual content. | |
| 176 * In the case of those types which are encrypted, this returns the *plain* cont
ent. | |
| 177 * In case of nested contentInfos, this descends and retrieves the innermost con
tent. | |
| 178 */ | |
| 179 extern SECItem * | |
| 180 NSS_CMSMessage_GetContent(NSSCMSMessage *cmsg); | |
| 181 | |
| 182 /* | |
| 183 * NSS_CMSMessage_ContentLevelCount - count number of levels of CMS content obje
cts in this message | |
| 184 * | |
| 185 * CMS data content objects do not count. | |
| 186 */ | |
| 187 extern int | |
| 188 NSS_CMSMessage_ContentLevelCount(NSSCMSMessage *cmsg); | |
| 189 | |
| 190 /* | |
| 191 * NSS_CMSMessage_ContentLevel - find content level #n | |
| 192 * | |
| 193 * CMS data content objects do not count. | |
| 194 */ | |
| 195 extern NSSCMSContentInfo * | |
| 196 NSS_CMSMessage_ContentLevel(NSSCMSMessage *cmsg, int n); | |
| 197 | |
| 198 /* | |
| 199 * NSS_CMSMessage_ContainsCertsOrCrls - see if message contains certs along the
way | |
| 200 */ | |
| 201 extern PRBool | |
| 202 NSS_CMSMessage_ContainsCertsOrCrls(NSSCMSMessage *cmsg); | |
| 203 | |
| 204 /* | |
| 205 * NSS_CMSMessage_IsEncrypted - see if message contains a encrypted submessage | |
| 206 */ | |
| 207 extern PRBool | |
| 208 NSS_CMSMessage_IsEncrypted(NSSCMSMessage *cmsg); | |
| 209 | |
| 210 /* | |
| 211 * NSS_CMSMessage_IsSigned - see if message contains a signed submessage | |
| 212 * | |
| 213 * If the CMS message has a SignedData with a signature (not just a SignedData) | |
| 214 * return true; false otherwise. This can/should be called before calling | |
| 215 * VerifySignature, which will always indicate failure if no signature is | |
| 216 * present, but that does not mean there even was a signature! | |
| 217 * Note that the content itself can be empty (detached content was sent | |
| 218 * another way); it is the presence of the signature that matters. | |
| 219 */ | |
| 220 extern PRBool | |
| 221 NSS_CMSMessage_IsSigned(NSSCMSMessage *cmsg); | |
| 222 | |
| 223 /* | |
| 224 * NSS_CMSMessage_IsContentEmpty - see if content is empty | |
| 225 * | |
| 226 * returns PR_TRUE is innermost content length is < minLen | |
| 227 * XXX need the encrypted content length (why?) | |
| 228 */ | |
| 229 extern PRBool | |
| 230 NSS_CMSMessage_IsContentEmpty(NSSCMSMessage *cmsg, unsigned int minLen); | |
| 231 | |
| 232 /************************************************************************ | |
| 233 * cmscinfo.c - CMS contentInfo methods | |
| 234 ************************************************************************/ | |
| 235 | |
| 236 /* | |
| 237 * NSS_CMSContentInfo_Destroy - destroy a CMS contentInfo and all of its sub-pie
ces. | |
| 238 */ | |
| 239 extern void | |
| 240 NSS_CMSContentInfo_Destroy(NSSCMSContentInfo *cinfo); | |
| 241 | |
| 242 /* | |
| 243 * NSS_CMSContentInfo_GetChildContentInfo - get content's contentInfo (if it exi
sts) | |
| 244 */ | |
| 245 extern NSSCMSContentInfo * | |
| 246 NSS_CMSContentInfo_GetChildContentInfo(NSSCMSContentInfo *cinfo); | |
| 247 | |
| 248 /* | |
| 249 * NSS_CMSContentInfo_SetContent - set cinfo's content type & content to CMS obj
ect | |
| 250 */ | |
| 251 extern SECStatus | |
| 252 NSS_CMSContentInfo_SetContent(NSSCMSMessage *cmsg, NSSCMSContentInfo *cinfo, SEC
OidTag type, void *ptr); | |
| 253 | |
| 254 /* | |
| 255 * NSS_CMSContentInfo_SetContent_XXXX - typesafe wrappers for NSS_CMSContentInfo
_SetType | |
| 256 * set cinfo's content type & content to CMS object | |
| 257 */ | |
| 258 extern SECStatus | |
| 259 NSS_CMSContentInfo_SetContent_Data(NSSCMSMessage *cmsg, NSSCMSContentInfo *cinfo
, SECItem *data, PRBool detached); | |
| 260 | |
| 261 extern SECStatus | |
| 262 NSS_CMSContentInfo_SetContent_SignedData(NSSCMSMessage *cmsg, NSSCMSContentInfo
*cinfo, NSSCMSSignedData *sigd); | |
| 263 | |
| 264 extern SECStatus | |
| 265 NSS_CMSContentInfo_SetContent_EnvelopedData(NSSCMSMessage *cmsg, NSSCMSContentIn
fo *cinfo, NSSCMSEnvelopedData *envd); | |
| 266 | |
| 267 extern SECStatus | |
| 268 NSS_CMSContentInfo_SetContent_DigestedData(NSSCMSMessage *cmsg, NSSCMSContentInf
o *cinfo, NSSCMSDigestedData *digd); | |
| 269 | |
| 270 extern SECStatus | |
| 271 NSS_CMSContentInfo_SetContent_EncryptedData(NSSCMSMessage *cmsg, NSSCMSContentIn
fo *cinfo, NSSCMSEncryptedData *encd); | |
| 272 | |
| 273 /* | |
| 274 * turn off streaming for this content type. | |
| 275 * This could fail with SEC_ERROR_NO_MEMORY in memory constrained conditions. | |
| 276 */ | |
| 277 extern SECStatus | |
| 278 NSS_CMSContentInfo_SetDontStream(NSSCMSContentInfo *cinfo, PRBool dontStream); | |
| 279 | |
| 280 | |
| 281 /* | |
| 282 * NSS_CMSContentInfo_GetContent - get pointer to inner content | |
| 283 * | |
| 284 * needs to be casted... | |
| 285 */ | |
| 286 extern void * | |
| 287 NSS_CMSContentInfo_GetContent(NSSCMSContentInfo *cinfo); | |
| 288 | |
| 289 /* | |
| 290 * NSS_CMSContentInfo_GetInnerContent - get pointer to innermost content | |
| 291 * | |
| 292 * this is typically only called by NSS_CMSMessage_GetContent() | |
| 293 */ | |
| 294 extern SECItem * | |
| 295 NSS_CMSContentInfo_GetInnerContent(NSSCMSContentInfo *cinfo); | |
| 296 | |
| 297 /* | |
| 298 * NSS_CMSContentInfo_GetContentType{Tag,OID} - find out (saving pointer to look
up result | |
| 299 * for future reference) and return the inner content type. | |
| 300 */ | |
| 301 extern SECOidTag | |
| 302 NSS_CMSContentInfo_GetContentTypeTag(NSSCMSContentInfo *cinfo); | |
| 303 | |
| 304 extern SECItem * | |
| 305 NSS_CMSContentInfo_GetContentTypeOID(NSSCMSContentInfo *cinfo); | |
| 306 | |
| 307 /* | |
| 308 * NSS_CMSContentInfo_GetContentEncAlgTag - find out (saving pointer to lookup r
esult | |
| 309 * for future reference) and return the content encryption algorithm tag. | |
| 310 */ | |
| 311 extern SECOidTag | |
| 312 NSS_CMSContentInfo_GetContentEncAlgTag(NSSCMSContentInfo *cinfo); | |
| 313 | |
| 314 /* | |
| 315 * NSS_CMSContentInfo_GetContentEncAlg - find out and return the content encrypt
ion algorithm tag. | |
| 316 */ | |
| 317 extern SECAlgorithmID * | |
| 318 NSS_CMSContentInfo_GetContentEncAlg(NSSCMSContentInfo *cinfo); | |
| 319 | |
| 320 extern SECStatus | |
| 321 NSS_CMSContentInfo_SetContentEncAlg(PLArenaPool *poolp, NSSCMSContentInfo *cinfo
, | |
| 322 SECOidTag bulkalgtag, SECItem *parameters, i
nt keysize); | |
| 323 | |
| 324 extern SECStatus | |
| 325 NSS_CMSContentInfo_SetContentEncAlgID(PLArenaPool *poolp, NSSCMSContentInfo *cin
fo, | |
| 326 SECAlgorithmID *algid, int keysize); | |
| 327 | |
| 328 extern void | |
| 329 NSS_CMSContentInfo_SetBulkKey(NSSCMSContentInfo *cinfo, PK11SymKey *bulkkey); | |
| 330 | |
| 331 extern PK11SymKey * | |
| 332 NSS_CMSContentInfo_GetBulkKey(NSSCMSContentInfo *cinfo); | |
| 333 | |
| 334 extern int | |
| 335 NSS_CMSContentInfo_GetBulkKeySize(NSSCMSContentInfo *cinfo); | |
| 336 | |
| 337 /************************************************************************ | |
| 338 * cmsutil.c - CMS misc utility functions | |
| 339 ************************************************************************/ | |
| 340 | |
| 341 /* | |
| 342 * NSS_CMSArray_SortByDER - sort array of objects by objects' DER encoding | |
| 343 * | |
| 344 * make sure that the order of the objects guarantees valid DER (which must be | |
| 345 * in lexigraphically ascending order for a SET OF); if reordering is necessary
it | |
| 346 * will be done in place (in objs). | |
| 347 */ | |
| 348 extern SECStatus | |
| 349 NSS_CMSArray_SortByDER(void **objs, const SEC_ASN1Template *objtemplate, void **
objs2); | |
| 350 | |
| 351 /* | |
| 352 * NSS_CMSUtil_DERCompare - for use with NSS_CMSArray_Sort to | |
| 353 * sort arrays of SECItems containing DER | |
| 354 */ | |
| 355 extern int | |
| 356 NSS_CMSUtil_DERCompare(void *a, void *b); | |
| 357 | |
| 358 /* | |
| 359 * NSS_CMSAlgArray_GetIndexByAlgID - find a specific algorithm in an array of | |
| 360 * algorithms. | |
| 361 * | |
| 362 * algorithmArray - array of algorithm IDs | |
| 363 * algid - algorithmid of algorithm to pick | |
| 364 * | |
| 365 * Returns: | |
| 366 * An integer containing the index of the algorithm in the array or -1 if | |
| 367 * algorithm was not found. | |
| 368 */ | |
| 369 extern int | |
| 370 NSS_CMSAlgArray_GetIndexByAlgID(SECAlgorithmID **algorithmArray, SECAlgorithmID
*algid); | |
| 371 | |
| 372 /* | |
| 373 * NSS_CMSAlgArray_GetIndexByAlgID - find a specific algorithm in an array of | |
| 374 * algorithms. | |
| 375 * | |
| 376 * algorithmArray - array of algorithm IDs | |
| 377 * algiddata - id of algorithm to pick | |
| 378 * | |
| 379 * Returns: | |
| 380 * An integer containing the index of the algorithm in the array or -1 if | |
| 381 * algorithm was not found. | |
| 382 */ | |
| 383 extern int | |
| 384 NSS_CMSAlgArray_GetIndexByAlgTag(SECAlgorithmID **algorithmArray, SECOidTag algt
ag); | |
| 385 | |
| 386 extern const SECHashObject * | |
| 387 NSS_CMSUtil_GetHashObjByAlgID(SECAlgorithmID *algid); | |
| 388 | |
| 389 extern const SEC_ASN1Template * | |
| 390 NSS_CMSUtil_GetTemplateByTypeTag(SECOidTag type); | |
| 391 | |
| 392 extern size_t | |
| 393 NSS_CMSUtil_GetSizeByTypeTag(SECOidTag type); | |
| 394 | |
| 395 extern NSSCMSContentInfo * | |
| 396 NSS_CMSContent_GetContentInfo(void *msg, SECOidTag type); | |
| 397 | |
| 398 extern const char * | |
| 399 NSS_CMSUtil_VerificationStatusToString(NSSCMSVerificationStatus vs); | |
| 400 | |
| 401 /************************************************************************ | |
| 402 * cmssigdata.c - CMS signedData methods | |
| 403 ************************************************************************/ | |
| 404 | |
| 405 extern NSSCMSSignedData * | |
| 406 NSS_CMSSignedData_Create(NSSCMSMessage *cmsg); | |
| 407 | |
| 408 extern void | |
| 409 NSS_CMSSignedData_Destroy(NSSCMSSignedData *sigd); | |
| 410 | |
| 411 /* | |
| 412 * NSS_CMSSignedData_Encode_BeforeStart - do all the necessary things to a Signe
dData | |
| 413 * before start of encoding. | |
| 414 * | |
| 415 * In detail: | |
| 416 * - find out about the right value to put into sigd->version | |
| 417 * - come up with a list of digestAlgorithms (which should be the union of the
algorithms | |
| 418 * in the signerinfos). | |
| 419 * If we happen to have a pre-set list of algorithms (and digest values!
), we | |
| 420 * check if we have all the signerinfos' algorithms. If not, this is an
error. | |
| 421 */ | |
| 422 extern SECStatus | |
| 423 NSS_CMSSignedData_Encode_BeforeStart(NSSCMSSignedData *sigd); | |
| 424 | |
| 425 extern SECStatus | |
| 426 NSS_CMSSignedData_Encode_BeforeData(NSSCMSSignedData *sigd); | |
| 427 | |
| 428 /* | |
| 429 * NSS_CMSSignedData_Encode_AfterData - do all the necessary things to a SignedD
ata | |
| 430 * after all the encapsulated data was passed through the encoder. | |
| 431 * | |
| 432 * In detail: | |
| 433 * - create the signatures in all the SignerInfos | |
| 434 * | |
| 435 * Please note that nothing is done to the Certificates and CRLs in the message
- this | |
| 436 * is entirely the responsibility of our callers. | |
| 437 */ | |
| 438 extern SECStatus | |
| 439 NSS_CMSSignedData_Encode_AfterData(NSSCMSSignedData *sigd); | |
| 440 | |
| 441 extern SECStatus | |
| 442 NSS_CMSSignedData_Decode_BeforeData(NSSCMSSignedData *sigd); | |
| 443 | |
| 444 /* | |
| 445 * NSS_CMSSignedData_Decode_AfterData - do all the necessary things to a SignedD
ata | |
| 446 * after all the encapsulated data was passed through the decoder. | |
| 447 */ | |
| 448 extern SECStatus | |
| 449 NSS_CMSSignedData_Decode_AfterData(NSSCMSSignedData *sigd); | |
| 450 | |
| 451 /* | |
| 452 * NSS_CMSSignedData_Decode_AfterEnd - do all the necessary things to a SignedDa
ta | |
| 453 * after all decoding is finished. | |
| 454 */ | |
| 455 extern SECStatus | |
| 456 NSS_CMSSignedData_Decode_AfterEnd(NSSCMSSignedData *sigd); | |
| 457 | |
| 458 /* | |
| 459 * NSS_CMSSignedData_GetSignerInfos - retrieve the SignedData's signer list | |
| 460 */ | |
| 461 extern NSSCMSSignerInfo ** | |
| 462 NSS_CMSSignedData_GetSignerInfos(NSSCMSSignedData *sigd); | |
| 463 | |
| 464 extern int | |
| 465 NSS_CMSSignedData_SignerInfoCount(NSSCMSSignedData *sigd); | |
| 466 | |
| 467 extern NSSCMSSignerInfo * | |
| 468 NSS_CMSSignedData_GetSignerInfo(NSSCMSSignedData *sigd, int i); | |
| 469 | |
| 470 /* | |
| 471 * NSS_CMSSignedData_GetDigestAlgs - retrieve the SignedData's digest algorithm
list | |
| 472 */ | |
| 473 extern SECAlgorithmID ** | |
| 474 NSS_CMSSignedData_GetDigestAlgs(NSSCMSSignedData *sigd); | |
| 475 | |
| 476 /* | |
| 477 * NSS_CMSSignedData_GetContentInfo - return pointer to this signedData's conten
tinfo | |
| 478 */ | |
| 479 extern NSSCMSContentInfo * | |
| 480 NSS_CMSSignedData_GetContentInfo(NSSCMSSignedData *sigd); | |
| 481 | |
| 482 /* | |
| 483 * NSS_CMSSignedData_GetCertificateList - retrieve the SignedData's certificate
list | |
| 484 */ | |
| 485 extern SECItem ** | |
| 486 NSS_CMSSignedData_GetCertificateList(NSSCMSSignedData *sigd); | |
| 487 | |
| 488 extern SECStatus | |
| 489 NSS_CMSSignedData_ImportCerts(NSSCMSSignedData *sigd, CERTCertDBHandle *certdb, | |
| 490 SECCertUsage certusage, PRBool keepcerts); | |
| 491 | |
| 492 /* | |
| 493 * NSS_CMSSignedData_HasDigests - see if we have digests in place | |
| 494 */ | |
| 495 extern PRBool | |
| 496 NSS_CMSSignedData_HasDigests(NSSCMSSignedData *sigd); | |
| 497 | |
| 498 /* | |
| 499 * NSS_CMSSignedData_VerifySignerInfo - check a signature. | |
| 500 * | |
| 501 * The digests were either calculated during decoding (and are stored in the | |
| 502 * signedData itself) or set after decoding using NSS_CMSSignedData_SetDigests. | |
| 503 * | |
| 504 * The verification checks if the signing cert is valid and has a trusted chain | |
| 505 * for the purpose specified by "certusage". | |
| 506 */ | |
| 507 extern SECStatus | |
| 508 NSS_CMSSignedData_VerifySignerInfo(NSSCMSSignedData *sigd, int i, CERTCertDBHand
le *certdb, | |
| 509 SECCertUsage certusage); | |
| 510 | |
| 511 /* | |
| 512 * NSS_CMSSignedData_VerifyCertsOnly - verify the certs in a certs-only message | |
| 513 */ | |
| 514 extern SECStatus | |
| 515 NSS_CMSSignedData_VerifyCertsOnly(NSSCMSSignedData *sigd, | |
| 516 CERTCertDBHandle *certdb, | |
| 517 SECCertUsage usage); | |
| 518 | |
| 519 extern SECStatus | |
| 520 NSS_CMSSignedData_AddCertList(NSSCMSSignedData *sigd, CERTCertificateList *certl
ist); | |
| 521 | |
| 522 /* | |
| 523 * NSS_CMSSignedData_AddCertChain - add cert and its entire chain to the set of
certs | |
| 524 */ | |
| 525 extern SECStatus | |
| 526 NSS_CMSSignedData_AddCertChain(NSSCMSSignedData *sigd, CERTCertificate *cert); | |
| 527 | |
| 528 extern SECStatus | |
| 529 NSS_CMSSignedData_AddCertificate(NSSCMSSignedData *sigd, CERTCertificate *cert); | |
| 530 | |
| 531 extern PRBool | |
| 532 NSS_CMSSignedData_ContainsCertsOrCrls(NSSCMSSignedData *sigd); | |
| 533 | |
| 534 extern SECStatus | |
| 535 NSS_CMSSignedData_AddSignerInfo(NSSCMSSignedData *sigd, | |
| 536 NSSCMSSignerInfo *signerinfo); | |
| 537 | |
| 538 extern SECStatus | |
| 539 NSS_CMSSignedData_SetDigests(NSSCMSSignedData *sigd, | |
| 540 SECAlgorithmID **digestalgs, | |
| 541 SECItem **digests); | |
| 542 | |
| 543 extern SECStatus | |
| 544 NSS_CMSSignedData_SetDigestValue(NSSCMSSignedData *sigd, | |
| 545 SECOidTag digestalgtag, | |
| 546 SECItem *digestdata); | |
| 547 | |
| 548 extern SECStatus | |
| 549 NSS_CMSSignedData_AddDigest(PLArenaPool *poolp, | |
| 550 NSSCMSSignedData *sigd, | |
| 551 SECOidTag digestalgtag, | |
| 552 SECItem *digest); | |
| 553 | |
| 554 extern SECItem * | |
| 555 NSS_CMSSignedData_GetDigestValue(NSSCMSSignedData *sigd, SECOidTag digestalgtag)
; | |
| 556 | |
| 557 /* | |
| 558 * NSS_CMSSignedData_CreateCertsOnly - create a certs-only SignedData. | |
| 559 * | |
| 560 * cert - base certificates that will be included | |
| 561 * include_chain - if true, include the complete cert chain for cert | |
| 562 * | |
| 563 * More certs and chains can be added via AddCertificate and AddCertChain. | |
| 564 * | |
| 565 * An error results in a return value of NULL and an error set. | |
| 566 */ | |
| 567 extern NSSCMSSignedData * | |
| 568 NSS_CMSSignedData_CreateCertsOnly(NSSCMSMessage *cmsg, CERTCertificate *cert, PR
Bool include_chain); | |
| 569 | |
| 570 /************************************************************************ | |
| 571 * cmssiginfo.c - signerinfo methods | |
| 572 ************************************************************************/ | |
| 573 | |
| 574 extern NSSCMSSignerInfo * | |
| 575 NSS_CMSSignerInfo_Create(NSSCMSMessage *cmsg, CERTCertificate *cert, SECOidTag d
igestalgtag); | |
| 576 extern NSSCMSSignerInfo * | |
| 577 NSS_CMSSignerInfo_CreateWithSubjKeyID(NSSCMSMessage *cmsg, SECItem *subjKeyID, S
ECKEYPublicKey *pubKey, SECKEYPrivateKey *signingKey, SECOidTag digestalgtag); | |
| 578 | |
| 579 /* | |
| 580 * NSS_CMSSignerInfo_Destroy - destroy a SignerInfo data structure | |
| 581 */ | |
| 582 extern void | |
| 583 NSS_CMSSignerInfo_Destroy(NSSCMSSignerInfo *si); | |
| 584 | |
| 585 /* | |
| 586 * NSS_CMSSignerInfo_Sign - sign something | |
| 587 * | |
| 588 */ | |
| 589 extern SECStatus | |
| 590 NSS_CMSSignerInfo_Sign(NSSCMSSignerInfo *signerinfo, SECItem *digest, SECItem *c
ontentType); | |
| 591 | |
| 592 extern SECStatus | |
| 593 NSS_CMSSignerInfo_VerifyCertificate(NSSCMSSignerInfo *signerinfo, CERTCertDBHand
le *certdb, | |
| 594 SECCertUsage certusage); | |
| 595 | |
| 596 /* | |
| 597 * NSS_CMSSignerInfo_Verify - verify the signature of a single SignerInfo | |
| 598 * | |
| 599 * Just verifies the signature. The assumption is that verification of the certi
ficate | |
| 600 * is done already. | |
| 601 */ | |
| 602 extern SECStatus | |
| 603 NSS_CMSSignerInfo_Verify(NSSCMSSignerInfo *signerinfo, SECItem *digest, SECItem
*contentType); | |
| 604 | |
| 605 extern NSSCMSVerificationStatus | |
| 606 NSS_CMSSignerInfo_GetVerificationStatus(NSSCMSSignerInfo *signerinfo); | |
| 607 | |
| 608 extern SECOidData * | |
| 609 NSS_CMSSignerInfo_GetDigestAlg(NSSCMSSignerInfo *signerinfo); | |
| 610 | |
| 611 extern SECOidTag | |
| 612 NSS_CMSSignerInfo_GetDigestAlgTag(NSSCMSSignerInfo *signerinfo); | |
| 613 | |
| 614 extern int | |
| 615 NSS_CMSSignerInfo_GetVersion(NSSCMSSignerInfo *signerinfo); | |
| 616 | |
| 617 extern CERTCertificateList * | |
| 618 NSS_CMSSignerInfo_GetCertList(NSSCMSSignerInfo *signerinfo); | |
| 619 | |
| 620 /* | |
| 621 * NSS_CMSSignerInfo_GetSigningTime - return the signing time, | |
| 622 * in UTCTime format, of a CMS signerInfo. | |
| 623 * | |
| 624 * sinfo - signerInfo data for this signer | |
| 625 * | |
| 626 * Returns a pointer to XXXX (what?) | |
| 627 * A return value of NULL is an error. | |
| 628 */ | |
| 629 extern SECStatus | |
| 630 NSS_CMSSignerInfo_GetSigningTime(NSSCMSSignerInfo *sinfo, PRTime *stime); | |
| 631 | |
| 632 /* | |
| 633 * Return the signing cert of a CMS signerInfo. | |
| 634 * | |
| 635 * the certs in the enclosing SignedData must have been imported already | |
| 636 */ | |
| 637 extern CERTCertificate * | |
| 638 NSS_CMSSignerInfo_GetSigningCertificate(NSSCMSSignerInfo *signerinfo, CERTCertDB
Handle *certdb); | |
| 639 | |
| 640 /* | |
| 641 * NSS_CMSSignerInfo_GetSignerCommonName - return the common name of the signer | |
| 642 * | |
| 643 * sinfo - signerInfo data for this signer | |
| 644 * | |
| 645 * Returns a pointer to allocated memory, which must be freed with PORT_Free. | |
| 646 * A return value of NULL is an error. | |
| 647 */ | |
| 648 extern char * | |
| 649 NSS_CMSSignerInfo_GetSignerCommonName(NSSCMSSignerInfo *sinfo); | |
| 650 | |
| 651 /* | |
| 652 * NSS_CMSSignerInfo_GetSignerEmailAddress - return the common name of the signe
r | |
| 653 * | |
| 654 * sinfo - signerInfo data for this signer | |
| 655 * | |
| 656 * Returns a pointer to allocated memory, which must be freed. | |
| 657 * A return value of NULL is an error. | |
| 658 */ | |
| 659 extern char * | |
| 660 NSS_CMSSignerInfo_GetSignerEmailAddress(NSSCMSSignerInfo *sinfo); | |
| 661 | |
| 662 /* | |
| 663 * NSS_CMSSignerInfo_AddAuthAttr - add an attribute to the | |
| 664 * authenticated (i.e. signed) attributes of "signerinfo". | |
| 665 */ | |
| 666 extern SECStatus | |
| 667 NSS_CMSSignerInfo_AddAuthAttr(NSSCMSSignerInfo *signerinfo, NSSCMSAttribute *att
r); | |
| 668 | |
| 669 /* | |
| 670 * NSS_CMSSignerInfo_AddUnauthAttr - add an attribute to the | |
| 671 * unauthenticated attributes of "signerinfo". | |
| 672 */ | |
| 673 extern SECStatus | |
| 674 NSS_CMSSignerInfo_AddUnauthAttr(NSSCMSSignerInfo *signerinfo, NSSCMSAttribute *a
ttr); | |
| 675 | |
| 676 /* | |
| 677 * NSS_CMSSignerInfo_AddSigningTime - add the signing time to the | |
| 678 * authenticated (i.e. signed) attributes of "signerinfo". | |
| 679 * | |
| 680 * This is expected to be included in outgoing signed | |
| 681 * messages for email (S/MIME) but is likely useful in other situations. | |
| 682 * | |
| 683 * This should only be added once; a second call will do nothing. | |
| 684 * | |
| 685 * XXX This will probably just shove the current time into "signerinfo" | |
| 686 * but it will not actually get signed until the entire item is | |
| 687 * processed for encoding. Is this (expected to be small) delay okay? | |
| 688 */ | |
| 689 extern SECStatus | |
| 690 NSS_CMSSignerInfo_AddSigningTime(NSSCMSSignerInfo *signerinfo, PRTime t); | |
| 691 | |
| 692 /* | |
| 693 * NSS_CMSSignerInfo_AddSMIMECaps - add a SMIMECapabilities attribute to the | |
| 694 * authenticated (i.e. signed) attributes of "signerinfo". | |
| 695 * | |
| 696 * This is expected to be included in outgoing signed | |
| 697 * messages for email (S/MIME). | |
| 698 */ | |
| 699 extern SECStatus | |
| 700 NSS_CMSSignerInfo_AddSMIMECaps(NSSCMSSignerInfo *signerinfo); | |
| 701 | |
| 702 /* | |
| 703 * NSS_CMSSignerInfo_AddSMIMEEncKeyPrefs - add a SMIMEEncryptionKeyPreferences a
ttribute to the | |
| 704 * authenticated (i.e. signed) attributes of "signerinfo". | |
| 705 * | |
| 706 * This is expected to be included in outgoing signed messages for email (S/MIME
). | |
| 707 */ | |
| 708 SECStatus | |
| 709 NSS_CMSSignerInfo_AddSMIMEEncKeyPrefs(NSSCMSSignerInfo *signerinfo, CERTCertific
ate *cert, CERTCertDBHandle *certdb); | |
| 710 | |
| 711 /* | |
| 712 * NSS_CMSSignerInfo_AddMSSMIMEEncKeyPrefs - add a SMIMEEncryptionKeyPreferences
attribute to the | |
| 713 * authenticated (i.e. signed) attributes of "signerinfo", using the OID preferr
ed by Microsoft. | |
| 714 * | |
| 715 * This is expected to be included in outgoing signed messages for email (S/MIME
), | |
| 716 * if compatibility with Microsoft mail clients is wanted. | |
| 717 */ | |
| 718 SECStatus | |
| 719 NSS_CMSSignerInfo_AddMSSMIMEEncKeyPrefs(NSSCMSSignerInfo *signerinfo, CERTCertif
icate *cert, CERTCertDBHandle *certdb); | |
| 720 | |
| 721 /* | |
| 722 * NSS_CMSSignerInfo_AddCounterSignature - countersign a signerinfo | |
| 723 */ | |
| 724 extern SECStatus | |
| 725 NSS_CMSSignerInfo_AddCounterSignature(NSSCMSSignerInfo *signerinfo, | |
| 726 SECOidTag digestalg, CERTCertificate signing
cert); | |
| 727 | |
| 728 /* | |
| 729 * XXXX the following needs to be done in the S/MIME layer code | |
| 730 * after signature of a signerinfo is verified | |
| 731 */ | |
| 732 extern SECStatus | |
| 733 NSS_SMIMESignerInfo_SaveSMIMEProfile(NSSCMSSignerInfo *signerinfo); | |
| 734 | |
| 735 /* | |
| 736 * NSS_CMSSignerInfo_IncludeCerts - set cert chain inclusion mode for this signe
r | |
| 737 */ | |
| 738 extern SECStatus | |
| 739 NSS_CMSSignerInfo_IncludeCerts(NSSCMSSignerInfo *signerinfo, NSSCMSCertChainMode
cm, SECCertUsage usage); | |
| 740 | |
| 741 /************************************************************************ | |
| 742 * cmsenvdata.c - CMS envelopedData methods | |
| 743 ************************************************************************/ | |
| 744 | |
| 745 /* | |
| 746 * NSS_CMSEnvelopedData_Create - create an enveloped data message | |
| 747 */ | |
| 748 extern NSSCMSEnvelopedData * | |
| 749 NSS_CMSEnvelopedData_Create(NSSCMSMessage *cmsg, SECOidTag algorithm, int keysiz
e); | |
| 750 | |
| 751 /* | |
| 752 * NSS_CMSEnvelopedData_Destroy - destroy an enveloped data message | |
| 753 */ | |
| 754 extern void | |
| 755 NSS_CMSEnvelopedData_Destroy(NSSCMSEnvelopedData *edp); | |
| 756 | |
| 757 /* | |
| 758 * NSS_CMSEnvelopedData_GetContentInfo - return pointer to this envelopedData's
contentinfo | |
| 759 */ | |
| 760 extern NSSCMSContentInfo * | |
| 761 NSS_CMSEnvelopedData_GetContentInfo(NSSCMSEnvelopedData *envd); | |
| 762 | |
| 763 /* | |
| 764 * NSS_CMSEnvelopedData_AddRecipient - add a recipientinfo to the enveloped data
msg | |
| 765 * | |
| 766 * rip must be created on the same pool as edp - this is not enforced, though. | |
| 767 */ | |
| 768 extern SECStatus | |
| 769 NSS_CMSEnvelopedData_AddRecipient(NSSCMSEnvelopedData *edp, NSSCMSRecipientInfo
*rip); | |
| 770 | |
| 771 /* | |
| 772 * NSS_CMSEnvelopedData_Encode_BeforeStart - prepare this envelopedData for enco
ding | |
| 773 * | |
| 774 * at this point, we need | |
| 775 * - recipientinfos set up with recipient's certificates | |
| 776 * - a content encryption algorithm (if none, 3DES will be used) | |
| 777 * | |
| 778 * this function will generate a random content encryption key (aka bulk key), | |
| 779 * initialize the recipientinfos with certificate identification and wrap the bu
lk key | |
| 780 * using the proper algorithm for every certificiate. | |
| 781 * it will finally set the bulk algorithm and key so that the encode step can fi
nd it. | |
| 782 */ | |
| 783 extern SECStatus | |
| 784 NSS_CMSEnvelopedData_Encode_BeforeStart(NSSCMSEnvelopedData *envd); | |
| 785 | |
| 786 /* | |
| 787 * NSS_CMSEnvelopedData_Encode_BeforeData - set up encryption | |
| 788 */ | |
| 789 extern SECStatus | |
| 790 NSS_CMSEnvelopedData_Encode_BeforeData(NSSCMSEnvelopedData *envd); | |
| 791 | |
| 792 /* | |
| 793 * NSS_CMSEnvelopedData_Encode_AfterData - finalize this envelopedData for encod
ing | |
| 794 */ | |
| 795 extern SECStatus | |
| 796 NSS_CMSEnvelopedData_Encode_AfterData(NSSCMSEnvelopedData *envd); | |
| 797 | |
| 798 /* | |
| 799 * NSS_CMSEnvelopedData_Decode_BeforeData - find our recipientinfo, | |
| 800 * derive bulk key & set up our contentinfo | |
| 801 */ | |
| 802 extern SECStatus | |
| 803 NSS_CMSEnvelopedData_Decode_BeforeData(NSSCMSEnvelopedData *envd); | |
| 804 | |
| 805 /* | |
| 806 * NSS_CMSEnvelopedData_Decode_AfterData - finish decrypting this envelopedData'
s content | |
| 807 */ | |
| 808 extern SECStatus | |
| 809 NSS_CMSEnvelopedData_Decode_AfterData(NSSCMSEnvelopedData *envd); | |
| 810 | |
| 811 /* | |
| 812 * NSS_CMSEnvelopedData_Decode_AfterEnd - finish decoding this envelopedData | |
| 813 */ | |
| 814 extern SECStatus | |
| 815 NSS_CMSEnvelopedData_Decode_AfterEnd(NSSCMSEnvelopedData *envd); | |
| 816 | |
| 817 | |
| 818 /************************************************************************ | |
| 819 * cmsrecinfo.c - CMS recipientInfo methods | |
| 820 ************************************************************************/ | |
| 821 | |
| 822 /* | |
| 823 * NSS_CMSRecipientInfo_Create - create a recipientinfo | |
| 824 * | |
| 825 * we currently do not create KeyAgreement recipientinfos with multiple recipien
tEncryptedKeys | |
| 826 * the certificate is supposed to have been verified by the caller | |
| 827 */ | |
| 828 extern NSSCMSRecipientInfo * | |
| 829 NSS_CMSRecipientInfo_Create(NSSCMSMessage *cmsg, CERTCertificate *cert); | |
| 830 | |
| 831 extern NSSCMSRecipientInfo * | |
| 832 NSS_CMSRecipientInfo_CreateWithSubjKeyID(NSSCMSMessage *cmsg, | |
| 833 SECItem *subjKeyID, | |
| 834 SECKEYPublicKey *pubKey); | |
| 835 | |
| 836 extern NSSCMSRecipientInfo * | |
| 837 NSS_CMSRecipientInfo_CreateWithSubjKeyIDFromCert(NSSCMSMessage *cmsg, | |
| 838 CERTCertificate *cert); | |
| 839 | |
| 840 /* | |
| 841 * NSS_CMSRecipientInfo_CreateNew - create a blank recipientinfo for | |
| 842 * applications which want to encode their own CMS structures and | |
| 843 * key exchange types. | |
| 844 */ | |
| 845 extern NSSCMSRecipientInfo * | |
| 846 NSS_CMSRecipientInfo_CreateNew(void* pwfn_arg); | |
| 847 | |
| 848 /* | |
| 849 * NSS_CMSRecipientInfo_CreateFromDER - create a recipientinfo from partially | |
| 850 * decoded DER data for applications which want to encode their own CMS | |
| 851 * structures and key exchange types. | |
| 852 */ | |
| 853 extern NSSCMSRecipientInfo * | |
| 854 NSS_CMSRecipientInfo_CreateFromDER(SECItem* input, void* pwfn_arg); | |
| 855 | |
| 856 extern void | |
| 857 NSS_CMSRecipientInfo_Destroy(NSSCMSRecipientInfo *ri); | |
| 858 | |
| 859 /* | |
| 860 * NSS_CMSRecipientInfo_GetCertAndKey - retrieve the cert and key from the | |
| 861 * recipientInfo struct. If retcert or retkey are NULL, the cert or | |
| 862 * key (respectively) would not be returned). This function is a no-op if both | |
| 863 * retcert and retkey are NULL. Caller inherits ownership of the cert and key | |
| 864 * he requested (and is responsible to free them). | |
| 865 */ | |
| 866 SECStatus NSS_CMSRecipientInfo_GetCertAndKey(NSSCMSRecipientInfo *ri, | |
| 867 CERTCertificate** retcert, SECKEYPrivateKey** retkey); | |
| 868 | |
| 869 extern int | |
| 870 NSS_CMSRecipientInfo_GetVersion(NSSCMSRecipientInfo *ri); | |
| 871 | |
| 872 extern SECItem * | |
| 873 NSS_CMSRecipientInfo_GetEncryptedKey(NSSCMSRecipientInfo *ri, int subIndex); | |
| 874 | |
| 875 /* | |
| 876 * NSS_CMSRecipientInfo_Encode - encode an NSS_CMSRecipientInfo as ASN.1 | |
| 877 */ | |
| 878 SECStatus NSS_CMSRecipientInfo_Encode(PLArenaPool* poolp, | |
| 879 const NSSCMSRecipientInfo *src, | |
| 880 SECItem* returned); | |
| 881 | |
| 882 extern SECOidTag | |
| 883 NSS_CMSRecipientInfo_GetKeyEncryptionAlgorithmTag(NSSCMSRecipientInfo *ri); | |
| 884 | |
| 885 extern SECStatus | |
| 886 NSS_CMSRecipientInfo_WrapBulkKey(NSSCMSRecipientInfo *ri, PK11SymKey *bulkkey, S
ECOidTag bulkalgtag); | |
| 887 | |
| 888 extern PK11SymKey * | |
| 889 NSS_CMSRecipientInfo_UnwrapBulkKey(NSSCMSRecipientInfo *ri, int subIndex, | |
| 890 CERTCertificate *cert, SECKEYPrivateKey *privkey, SECOidTag bulk
algtag); | |
| 891 | |
| 892 /************************************************************************ | |
| 893 * cmsencdata.c - CMS encryptedData methods | |
| 894 ************************************************************************/ | |
| 895 /* | |
| 896 * NSS_CMSEncryptedData_Create - create an empty encryptedData object. | |
| 897 * | |
| 898 * "algorithm" specifies the bulk encryption algorithm to use. | |
| 899 * "keysize" is the key size. | |
| 900 * | |
| 901 * An error results in a return value of NULL and an error set. | |
| 902 * (Retrieve specific errors via PORT_GetError()/XP_GetError().) | |
| 903 */ | |
| 904 extern NSSCMSEncryptedData * | |
| 905 NSS_CMSEncryptedData_Create(NSSCMSMessage *cmsg, SECOidTag algorithm, int keysiz
e); | |
| 906 | |
| 907 /* | |
| 908 * NSS_CMSEncryptedData_Destroy - destroy an encryptedData object | |
| 909 */ | |
| 910 extern void | |
| 911 NSS_CMSEncryptedData_Destroy(NSSCMSEncryptedData *encd); | |
| 912 | |
| 913 /* | |
| 914 * NSS_CMSEncryptedData_GetContentInfo - return pointer to encryptedData object'
s contentInfo | |
| 915 */ | |
| 916 extern NSSCMSContentInfo * | |
| 917 NSS_CMSEncryptedData_GetContentInfo(NSSCMSEncryptedData *encd); | |
| 918 | |
| 919 /* | |
| 920 * NSS_CMSEncryptedData_Encode_BeforeStart - do all the necessary things to a En
cryptedData | |
| 921 * before encoding begins. | |
| 922 * | |
| 923 * In particular: | |
| 924 * - set the correct version value. | |
| 925 * - get the encryption key | |
| 926 */ | |
| 927 extern SECStatus | |
| 928 NSS_CMSEncryptedData_Encode_BeforeStart(NSSCMSEncryptedData *encd); | |
| 929 | |
| 930 /* | |
| 931 * NSS_CMSEncryptedData_Encode_BeforeData - set up encryption | |
| 932 */ | |
| 933 extern SECStatus | |
| 934 NSS_CMSEncryptedData_Encode_BeforeData(NSSCMSEncryptedData *encd); | |
| 935 | |
| 936 /* | |
| 937 * NSS_CMSEncryptedData_Encode_AfterData - finalize this encryptedData for encod
ing | |
| 938 */ | |
| 939 extern SECStatus | |
| 940 NSS_CMSEncryptedData_Encode_AfterData(NSSCMSEncryptedData *encd); | |
| 941 | |
| 942 /* | |
| 943 * NSS_CMSEncryptedData_Decode_BeforeData - find bulk key & set up decryption | |
| 944 */ | |
| 945 extern SECStatus | |
| 946 NSS_CMSEncryptedData_Decode_BeforeData(NSSCMSEncryptedData *encd); | |
| 947 | |
| 948 /* | |
| 949 * NSS_CMSEncryptedData_Decode_AfterData - finish decrypting this encryptedData'
s content | |
| 950 */ | |
| 951 extern SECStatus | |
| 952 NSS_CMSEncryptedData_Decode_AfterData(NSSCMSEncryptedData *encd); | |
| 953 | |
| 954 /* | |
| 955 * NSS_CMSEncryptedData_Decode_AfterEnd - finish decoding this encryptedData | |
| 956 */ | |
| 957 extern SECStatus | |
| 958 NSS_CMSEncryptedData_Decode_AfterEnd(NSSCMSEncryptedData *encd); | |
| 959 | |
| 960 /************************************************************************ | |
| 961 * cmsdigdata.c - CMS encryptedData methods | |
| 962 ************************************************************************/ | |
| 963 /* | |
| 964 * NSS_CMSDigestedData_Create - create a digestedData object (presumably for enc
oding) | |
| 965 * | |
| 966 * version will be set by NSS_CMSDigestedData_Encode_BeforeStart | |
| 967 * digestAlg is passed as parameter | |
| 968 * contentInfo must be filled by the user | |
| 969 * digest will be calculated while encoding | |
| 970 */ | |
| 971 extern NSSCMSDigestedData * | |
| 972 NSS_CMSDigestedData_Create(NSSCMSMessage *cmsg, SECAlgorithmID *digestalg); | |
| 973 | |
| 974 /* | |
| 975 * NSS_CMSDigestedData_Destroy - destroy a digestedData object | |
| 976 */ | |
| 977 extern void | |
| 978 NSS_CMSDigestedData_Destroy(NSSCMSDigestedData *digd); | |
| 979 | |
| 980 /* | |
| 981 * NSS_CMSDigestedData_GetContentInfo - return pointer to digestedData object's
contentInfo | |
| 982 */ | |
| 983 extern NSSCMSContentInfo * | |
| 984 NSS_CMSDigestedData_GetContentInfo(NSSCMSDigestedData *digd); | |
| 985 | |
| 986 /* | |
| 987 * NSS_CMSDigestedData_Encode_BeforeStart - do all the necessary things to a Dig
estedData | |
| 988 * before encoding begins. | |
| 989 * | |
| 990 * In particular: | |
| 991 * - set the right version number. The contentInfo's content type must be set u
p already. | |
| 992 */ | |
| 993 extern SECStatus | |
| 994 NSS_CMSDigestedData_Encode_BeforeStart(NSSCMSDigestedData *digd); | |
| 995 | |
| 996 /* | |
| 997 * NSS_CMSDigestedData_Encode_BeforeData - do all the necessary things to a Dige
stedData | |
| 998 * before the encapsulated data is passed through the encoder. | |
| 999 * | |
| 1000 * In detail: | |
| 1001 * - set up the digests if necessary | |
| 1002 */ | |
| 1003 extern SECStatus | |
| 1004 NSS_CMSDigestedData_Encode_BeforeData(NSSCMSDigestedData *digd); | |
| 1005 | |
| 1006 /* | |
| 1007 * NSS_CMSDigestedData_Encode_AfterData - do all the necessary things to a Diges
tedData | |
| 1008 * after all the encapsulated data was passed through the encoder. | |
| 1009 * | |
| 1010 * In detail: | |
| 1011 * - finish the digests | |
| 1012 */ | |
| 1013 extern SECStatus | |
| 1014 NSS_CMSDigestedData_Encode_AfterData(NSSCMSDigestedData *digd); | |
| 1015 | |
| 1016 /* | |
| 1017 * NSS_CMSDigestedData_Decode_BeforeData - do all the necessary things to a Dige
stedData | |
| 1018 * before the encapsulated data is passed through the encoder. | |
| 1019 * | |
| 1020 * In detail: | |
| 1021 * - set up the digests if necessary | |
| 1022 */ | |
| 1023 extern SECStatus | |
| 1024 NSS_CMSDigestedData_Decode_BeforeData(NSSCMSDigestedData *digd); | |
| 1025 | |
| 1026 /* | |
| 1027 * NSS_CMSDigestedData_Decode_AfterData - do all the necessary things to a Diges
tedData | |
| 1028 * after all the encapsulated data was passed through the encoder. | |
| 1029 * | |
| 1030 * In detail: | |
| 1031 * - finish the digests | |
| 1032 */ | |
| 1033 extern SECStatus | |
| 1034 NSS_CMSDigestedData_Decode_AfterData(NSSCMSDigestedData *digd); | |
| 1035 | |
| 1036 /* | |
| 1037 * NSS_CMSDigestedData_Decode_AfterEnd - finalize a digestedData. | |
| 1038 * | |
| 1039 * In detail: | |
| 1040 * - check the digests for equality | |
| 1041 */ | |
| 1042 extern SECStatus | |
| 1043 NSS_CMSDigestedData_Decode_AfterEnd(NSSCMSDigestedData *digd); | |
| 1044 | |
| 1045 /************************************************************************ | |
| 1046 * cmsdigest.c - digestion routines | |
| 1047 ************************************************************************/ | |
| 1048 | |
| 1049 /* | |
| 1050 * NSS_CMSDigestContext_StartMultiple - start digest calculation using all the | |
| 1051 * digest algorithms in "digestalgs" in parallel. | |
| 1052 */ | |
| 1053 extern NSSCMSDigestContext * | |
| 1054 NSS_CMSDigestContext_StartMultiple(SECAlgorithmID **digestalgs); | |
| 1055 | |
| 1056 /* | |
| 1057 * NSS_CMSDigestContext_StartSingle - same as NSS_CMSDigestContext_StartMultiple
, but | |
| 1058 * only one algorithm. | |
| 1059 */ | |
| 1060 extern NSSCMSDigestContext * | |
| 1061 NSS_CMSDigestContext_StartSingle(SECAlgorithmID *digestalg); | |
| 1062 | |
| 1063 /* | |
| 1064 * NSS_CMSDigestContext_Update - feed more data into the digest machine | |
| 1065 */ | |
| 1066 extern void | |
| 1067 NSS_CMSDigestContext_Update(NSSCMSDigestContext *cmsdigcx, const unsigned char *
data, int len); | |
| 1068 | |
| 1069 /* | |
| 1070 * NSS_CMSDigestContext_Cancel - cancel digesting operation | |
| 1071 */ | |
| 1072 extern void | |
| 1073 NSS_CMSDigestContext_Cancel(NSSCMSDigestContext *cmsdigcx); | |
| 1074 | |
| 1075 /* | |
| 1076 * NSS_CMSDigestContext_FinishMultiple - finish the digests and put them | |
| 1077 * into an array of SECItems (allocated on poolp) | |
| 1078 */ | |
| 1079 extern SECStatus | |
| 1080 NSS_CMSDigestContext_FinishMultiple(NSSCMSDigestContext *cmsdigcx, PLArenaPool *
poolp, | |
| 1081 SECItem ***digestsp); | |
| 1082 | |
| 1083 /* | |
| 1084 * NSS_CMSDigestContext_FinishSingle - same as NSS_CMSDigestContext_FinishMultip
le, | |
| 1085 * but for one digest. | |
| 1086 */ | |
| 1087 extern SECStatus | |
| 1088 NSS_CMSDigestContext_FinishSingle(NSSCMSDigestContext *cmsdigcx, PLArenaPool *po
olp, | |
| 1089 SECItem *digest); | |
| 1090 | |
| 1091 /************************************************************************ | |
| 1092 * | |
| 1093 ************************************************************************/ | |
| 1094 | |
| 1095 /* shortcuts for basic use */ | |
| 1096 | |
| 1097 /* | |
| 1098 * NSS_CMSDEREncode - DER Encode a CMS message, with input being | |
| 1099 * the plaintext message and derOut being the output, | |
| 1100 * stored in arena's pool. | |
| 1101 */ | |
| 1102 extern SECStatus | |
| 1103 NSS_CMSDEREncode(NSSCMSMessage *cmsg, SECItem *input, SECItem *derOut, | |
| 1104 PLArenaPool *arena); | |
| 1105 | |
| 1106 | |
| 1107 /************************************************************************ | |
| 1108 * | |
| 1109 ************************************************************************/ | |
| 1110 | |
| 1111 /* | |
| 1112 * define new S/MIME content type entries | |
| 1113 * | |
| 1114 * S/MIME uses the builtin PKCS7 oid types for encoding and decoding the | |
| 1115 * various S/MIME content. Some applications have their own content type | |
| 1116 * which is different from the standard content type defined by S/MIME. | |
| 1117 * | |
| 1118 * This function allows you to register new content types. There are basically | |
| 1119 * Two different types of content, Wrappping content, and Data. | |
| 1120 * | |
| 1121 * For data types, All the functions below can be zero or NULL excext | |
| 1122 * type and is isData, which should be your oid tag and PR_FALSE respectively | |
| 1123 * | |
| 1124 * For wrapping types, everything must be provided, or you will get encoder | |
| 1125 * failures. | |
| 1126 * | |
| 1127 * If NSS doesn't already define the OID that you need, you can register | |
| 1128 * your own with SECOID_AddEntry. | |
| 1129 * | |
| 1130 * Once you have defined your new content type, you can pass your new content | |
| 1131 * type to NSS_CMSContentInfo_SetContent(). | |
| 1132 * | |
| 1133 * If you are using a wrapping type you can pass your own data structure in | |
| 1134 * the ptr field, but it must contain and embedded NSSCMSGenericWrappingData | |
| 1135 * structure as the first element. The size you pass to | |
| 1136 * NSS_CMSType_RegisterContentType is the total size of your self defined | |
| 1137 * data structure. NSS_CMSContentInfo_GetContent will return that data | |
| 1138 * structure from the content info. Your ASN1Template will be evaluated | |
| 1139 * against that data structure. | |
| 1140 */ | |
| 1141 SECStatus NSS_CMSType_RegisterContentType(SECOidTag type, | |
| 1142 SEC_ASN1Template *asn1Template, size_t size, | |
| 1143 NSSCMSGenericWrapperDataDestroy destroy, | |
| 1144 NSSCMSGenericWrapperDataCallback decode_before, | |
| 1145 NSSCMSGenericWrapperDataCallback decode_after, | |
| 1146 NSSCMSGenericWrapperDataCallback decode_end, | |
| 1147 NSSCMSGenericWrapperDataCallback encode_start, | |
| 1148 NSSCMSGenericWrapperDataCallback encode_before, | |
| 1149 NSSCMSGenericWrapperDataCallback encode_after, | |
| 1150 PRBool isData); | |
| 1151 | |
| 1152 /************************************************************************/ | |
| 1153 SEC_END_PROTOS | |
| 1154 | |
| 1155 #endif /* _CMS_H_ */ | |
| OLD | NEW |