mirror of
https://gitlab.winehq.org/wine/wine-gecko.git
synced 2024-09-13 09:24:08 -07:00
354 lines
12 KiB
C
354 lines
12 KiB
C
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
/*
|
|
* Support routines for CMS implementation, none of which are exported.
|
|
*
|
|
* Do not export this file! If something in here is really needed outside
|
|
* of smime code, first try to add a CMS interface which will do it for
|
|
* you. If that has a problem, then just move out what you need, changing
|
|
* its name as appropriate!
|
|
*/
|
|
|
|
#ifndef _CMSLOCAL_H_
|
|
#define _CMSLOCAL_H_
|
|
|
|
#include "cms.h"
|
|
#include "cmsreclist.h"
|
|
#include "secasn1t.h"
|
|
|
|
extern const SEC_ASN1Template NSSCMSContentInfoTemplate[];
|
|
|
|
struct NSSCMSContentInfoPrivateStr {
|
|
NSSCMSCipherContext *ciphcx;
|
|
NSSCMSDigestContext *digcx;
|
|
PRBool dontStream;
|
|
};
|
|
|
|
/************************************************************************/
|
|
SEC_BEGIN_PROTOS
|
|
|
|
/*
|
|
* private content Info stuff
|
|
*/
|
|
|
|
/* initialize the private content info field. If this returns
|
|
* SECSuccess, the cinfo->private field is safe to dereference.
|
|
*/
|
|
SECStatus NSS_CMSContentInfo_Private_Init(NSSCMSContentInfo *cinfo);
|
|
|
|
|
|
/***********************************************************************
|
|
* cmscipher.c - en/decryption routines
|
|
***********************************************************************/
|
|
|
|
/*
|
|
* NSS_CMSCipherContext_StartDecrypt - create a cipher context to do decryption
|
|
* based on the given bulk * encryption key and algorithm identifier (which may include an iv).
|
|
*/
|
|
extern NSSCMSCipherContext *
|
|
NSS_CMSCipherContext_StartDecrypt(PK11SymKey *key, SECAlgorithmID *algid);
|
|
|
|
/*
|
|
* NSS_CMSCipherContext_StartEncrypt - create a cipher object to do encryption,
|
|
* based on the given bulk encryption key and algorithm tag. Fill in the algorithm
|
|
* identifier (which may include an iv) appropriately.
|
|
*/
|
|
extern NSSCMSCipherContext *
|
|
NSS_CMSCipherContext_StartEncrypt(PLArenaPool *poolp, PK11SymKey *key, SECAlgorithmID *algid);
|
|
|
|
extern void
|
|
NSS_CMSCipherContext_Destroy(NSSCMSCipherContext *cc);
|
|
|
|
/*
|
|
* NSS_CMSCipherContext_DecryptLength - find the output length of the next call to decrypt.
|
|
*
|
|
* cc - the cipher context
|
|
* input_len - number of bytes used as input
|
|
* final - true if this is the final chunk of data
|
|
*
|
|
* Result can be used to perform memory allocations. Note that the amount
|
|
* is exactly accurate only when not doing a block cipher or when final
|
|
* is false, otherwise it is an upper bound on the amount because until
|
|
* we see the data we do not know how many padding bytes there are
|
|
* (always between 1 and bsize).
|
|
*/
|
|
extern unsigned int
|
|
NSS_CMSCipherContext_DecryptLength(NSSCMSCipherContext *cc, unsigned int input_len, PRBool final);
|
|
|
|
/*
|
|
* NSS_CMSCipherContext_EncryptLength - find the output length of the next call to encrypt.
|
|
*
|
|
* cc - the cipher context
|
|
* input_len - number of bytes used as input
|
|
* final - true if this is the final chunk of data
|
|
*
|
|
* Result can be used to perform memory allocations.
|
|
*/
|
|
extern unsigned int
|
|
NSS_CMSCipherContext_EncryptLength(NSSCMSCipherContext *cc, unsigned int input_len, PRBool final);
|
|
|
|
/*
|
|
* NSS_CMSCipherContext_Decrypt - do the decryption
|
|
*
|
|
* cc - the cipher context
|
|
* output - buffer for decrypted result bytes
|
|
* output_len_p - number of bytes in output
|
|
* max_output_len - upper bound on bytes to put into output
|
|
* input - pointer to input bytes
|
|
* input_len - number of input bytes
|
|
* final - true if this is the final chunk of data
|
|
*
|
|
* Decrypts a given length of input buffer (starting at "input" and
|
|
* containing "input_len" bytes), placing the decrypted bytes in
|
|
* "output" and storing the output length in "*output_len_p".
|
|
* "cc" is the return value from NSS_CMSCipher_StartDecrypt.
|
|
* When "final" is true, this is the last of the data to be decrypted.
|
|
*/
|
|
extern SECStatus
|
|
NSS_CMSCipherContext_Decrypt(NSSCMSCipherContext *cc, unsigned char *output,
|
|
unsigned int *output_len_p, unsigned int max_output_len,
|
|
const unsigned char *input, unsigned int input_len,
|
|
PRBool final);
|
|
|
|
/*
|
|
* NSS_CMSCipherContext_Encrypt - do the encryption
|
|
*
|
|
* cc - the cipher context
|
|
* output - buffer for decrypted result bytes
|
|
* output_len_p - number of bytes in output
|
|
* max_output_len - upper bound on bytes to put into output
|
|
* input - pointer to input bytes
|
|
* input_len - number of input bytes
|
|
* final - true if this is the final chunk of data
|
|
*
|
|
* Encrypts a given length of input buffer (starting at "input" and
|
|
* containing "input_len" bytes), placing the encrypted bytes in
|
|
* "output" and storing the output length in "*output_len_p".
|
|
* "cc" is the return value from NSS_CMSCipher_StartEncrypt.
|
|
* When "final" is true, this is the last of the data to be encrypted.
|
|
*/
|
|
extern SECStatus
|
|
NSS_CMSCipherContext_Encrypt(NSSCMSCipherContext *cc, unsigned char *output,
|
|
unsigned int *output_len_p, unsigned int max_output_len,
|
|
const unsigned char *input, unsigned int input_len,
|
|
PRBool final);
|
|
|
|
/************************************************************************
|
|
* cmspubkey.c - public key operations
|
|
************************************************************************/
|
|
|
|
/*
|
|
* NSS_CMSUtil_EncryptSymKey_RSA - wrap a symmetric key with RSA
|
|
*
|
|
* this function takes a symmetric key and encrypts it using an RSA public key
|
|
* according to PKCS#1 and RFC2633 (S/MIME)
|
|
*/
|
|
extern SECStatus
|
|
NSS_CMSUtil_EncryptSymKey_RSA(PLArenaPool *poolp, CERTCertificate *cert,
|
|
PK11SymKey *key,
|
|
SECItem *encKey);
|
|
|
|
extern SECStatus
|
|
NSS_CMSUtil_EncryptSymKey_RSAPubKey(PLArenaPool *poolp,
|
|
SECKEYPublicKey *publickey,
|
|
PK11SymKey *bulkkey, SECItem *encKey);
|
|
|
|
/*
|
|
* NSS_CMSUtil_DecryptSymKey_RSA - unwrap a RSA-wrapped symmetric key
|
|
*
|
|
* this function takes an RSA-wrapped symmetric key and unwraps it, returning a symmetric
|
|
* key handle. Please note that the actual unwrapped key data may not be allowed to leave
|
|
* a hardware token...
|
|
*/
|
|
extern PK11SymKey *
|
|
NSS_CMSUtil_DecryptSymKey_RSA(SECKEYPrivateKey *privkey, SECItem *encKey, SECOidTag bulkalgtag);
|
|
|
|
extern SECStatus
|
|
NSS_CMSUtil_EncryptSymKey_ESDH(PLArenaPool *poolp, CERTCertificate *cert, PK11SymKey *key,
|
|
SECItem *encKey, SECItem **ukm, SECAlgorithmID *keyEncAlg,
|
|
SECItem *originatorPubKey);
|
|
|
|
extern PK11SymKey *
|
|
NSS_CMSUtil_DecryptSymKey_ESDH(SECKEYPrivateKey *privkey, SECItem *encKey,
|
|
SECAlgorithmID *keyEncAlg, SECOidTag bulkalgtag, void *pwfn_arg);
|
|
|
|
/************************************************************************
|
|
* cmsreclist.c - recipient list stuff
|
|
************************************************************************/
|
|
extern NSSCMSRecipient **nss_cms_recipient_list_create(NSSCMSRecipientInfo **recipientinfos);
|
|
extern void nss_cms_recipient_list_destroy(NSSCMSRecipient **recipient_list);
|
|
extern NSSCMSRecipientEncryptedKey *NSS_CMSRecipientEncryptedKey_Create(PLArenaPool *poolp);
|
|
|
|
/************************************************************************
|
|
* cmsarray.c - misc array functions
|
|
************************************************************************/
|
|
/*
|
|
* NSS_CMSArray_Alloc - allocate an array in an arena
|
|
*/
|
|
extern void **
|
|
NSS_CMSArray_Alloc(PLArenaPool *poolp, int n);
|
|
|
|
/*
|
|
* NSS_CMSArray_Add - add an element to the end of an array
|
|
*/
|
|
extern SECStatus
|
|
NSS_CMSArray_Add(PLArenaPool *poolp, void ***array, void *obj);
|
|
|
|
/*
|
|
* NSS_CMSArray_IsEmpty - check if array is empty
|
|
*/
|
|
extern PRBool
|
|
NSS_CMSArray_IsEmpty(void **array);
|
|
|
|
/*
|
|
* NSS_CMSArray_Count - count number of elements in array
|
|
*/
|
|
extern int
|
|
NSS_CMSArray_Count(void **array);
|
|
|
|
/*
|
|
* NSS_CMSArray_Sort - sort an array ascending, in place
|
|
*
|
|
* If "secondary" is not NULL, the same reordering gets applied to it.
|
|
* If "tertiary" is not NULL, the same reordering gets applied to it.
|
|
* "compare" is a function that returns
|
|
* < 0 when the first element is less than the second
|
|
* = 0 when the first element is equal to the second
|
|
* > 0 when the first element is greater than the second
|
|
*/
|
|
extern void
|
|
NSS_CMSArray_Sort(void **primary, int (*compare)(void *,void *), void **secondary, void **tertiary);
|
|
|
|
/************************************************************************
|
|
* cmsattr.c - misc attribute functions
|
|
************************************************************************/
|
|
/*
|
|
* NSS_CMSAttribute_Create - create an attribute
|
|
*
|
|
* if value is NULL, the attribute won't have a value. It can be added later
|
|
* with NSS_CMSAttribute_AddValue.
|
|
*/
|
|
extern NSSCMSAttribute *
|
|
NSS_CMSAttribute_Create(PLArenaPool *poolp, SECOidTag oidtag, SECItem *value, PRBool encoded);
|
|
|
|
/*
|
|
* NSS_CMSAttribute_AddValue - add another value to an attribute
|
|
*/
|
|
extern SECStatus
|
|
NSS_CMSAttribute_AddValue(PLArenaPool *poolp, NSSCMSAttribute *attr, SECItem *value);
|
|
|
|
/*
|
|
* NSS_CMSAttribute_GetType - return the OID tag
|
|
*/
|
|
extern SECOidTag
|
|
NSS_CMSAttribute_GetType(NSSCMSAttribute *attr);
|
|
|
|
/*
|
|
* NSS_CMSAttribute_GetValue - return the first attribute value
|
|
*
|
|
* We do some sanity checking first:
|
|
* - Multiple values are *not* expected.
|
|
* - Empty values are *not* expected.
|
|
*/
|
|
extern SECItem *
|
|
NSS_CMSAttribute_GetValue(NSSCMSAttribute *attr);
|
|
|
|
/*
|
|
* NSS_CMSAttribute_CompareValue - compare the attribute's first value against data
|
|
*/
|
|
extern PRBool
|
|
NSS_CMSAttribute_CompareValue(NSSCMSAttribute *attr, SECItem *av);
|
|
|
|
/*
|
|
* NSS_CMSAttributeArray_Encode - encode an Attribute array as SET OF Attributes
|
|
*
|
|
* If you are wondering why this routine does not reorder the attributes
|
|
* first, and might be tempted to make it do so, see the comment by the
|
|
* call to ReorderAttributes in cmsencode.c. (Or, see who else calls this
|
|
* and think long and hard about the implications of making it always
|
|
* do the reordering.)
|
|
*/
|
|
extern SECItem *
|
|
NSS_CMSAttributeArray_Encode(PLArenaPool *poolp, NSSCMSAttribute ***attrs, SECItem *dest);
|
|
|
|
/*
|
|
* NSS_CMSAttributeArray_Reorder - sort attribute array by attribute's DER encoding
|
|
*
|
|
* make sure that the order of the attributes guarantees valid DER (which must be
|
|
* in lexigraphically ascending order for a SET OF); if reordering is necessary it
|
|
* will be done in place (in attrs).
|
|
*/
|
|
extern SECStatus
|
|
NSS_CMSAttributeArray_Reorder(NSSCMSAttribute **attrs);
|
|
|
|
/*
|
|
* NSS_CMSAttributeArray_FindAttrByOidTag - look through a set of attributes and
|
|
* find one that matches the specified object ID.
|
|
*
|
|
* If "only" is true, then make sure that there is not more than one attribute
|
|
* of the same type. Otherwise, just return the first one found. (XXX Does
|
|
* anybody really want that first-found behavior? It was like that when I found it...)
|
|
*/
|
|
extern NSSCMSAttribute *
|
|
NSS_CMSAttributeArray_FindAttrByOidTag(NSSCMSAttribute **attrs, SECOidTag oidtag, PRBool only);
|
|
|
|
/*
|
|
* NSS_CMSAttributeArray_AddAttr - add an attribute to an
|
|
* array of attributes.
|
|
*/
|
|
extern SECStatus
|
|
NSS_CMSAttributeArray_AddAttr(PLArenaPool *poolp, NSSCMSAttribute ***attrs, NSSCMSAttribute *attr);
|
|
|
|
/*
|
|
* NSS_CMSAttributeArray_SetAttr - set an attribute's value in a set of attributes
|
|
*/
|
|
extern SECStatus
|
|
NSS_CMSAttributeArray_SetAttr(PLArenaPool *poolp, NSSCMSAttribute ***attrs, SECOidTag type, SECItem *value, PRBool encoded);
|
|
|
|
/*
|
|
* NSS_CMSSignedData_AddTempCertificate - add temporary certificate references.
|
|
* They may be needed for signature verification on the data, for example.
|
|
*/
|
|
extern SECStatus
|
|
NSS_CMSSignedData_AddTempCertificate(NSSCMSSignedData *sigd, CERTCertificate *cert);
|
|
|
|
/*
|
|
* local function to handle compatibility issues
|
|
* by mapping a signature algorithm back to a digest.
|
|
*/
|
|
SECOidTag NSS_CMSUtil_MapSignAlgs(SECOidTag signAlg);
|
|
|
|
|
|
/************************************************************************/
|
|
|
|
/*
|
|
* local functions to handle user defined S/MIME content types
|
|
*/
|
|
|
|
|
|
PRBool NSS_CMSType_IsWrapper(SECOidTag type);
|
|
PRBool NSS_CMSType_IsData(SECOidTag type);
|
|
size_t NSS_CMSType_GetContentSize(SECOidTag type);
|
|
const SEC_ASN1Template * NSS_CMSType_GetTemplate(SECOidTag type);
|
|
|
|
void NSS_CMSGenericWrapperData_Destroy(SECOidTag type,
|
|
NSSCMSGenericWrapperData *gd);
|
|
SECStatus NSS_CMSGenericWrapperData_Decode_BeforeData(SECOidTag type,
|
|
NSSCMSGenericWrapperData *gd);
|
|
SECStatus NSS_CMSGenericWrapperData_Decode_AfterData(SECOidTag type,
|
|
NSSCMSGenericWrapperData *gd);
|
|
SECStatus NSS_CMSGenericWrapperData_Decode_AfterEnd(SECOidTag type,
|
|
NSSCMSGenericWrapperData *gd);
|
|
SECStatus NSS_CMSGenericWrapperData_Encode_BeforeStart(SECOidTag type,
|
|
NSSCMSGenericWrapperData *gd);
|
|
SECStatus NSS_CMSGenericWrapperData_Encode_BeforeData(SECOidTag type,
|
|
NSSCMSGenericWrapperData *gd);
|
|
SECStatus NSS_CMSGenericWrapperData_Encode_AfterData(SECOidTag type,
|
|
NSSCMSGenericWrapperData *gd);
|
|
|
|
SEC_END_PROTOS
|
|
|
|
#endif /* _CMSLOCAL_H_ */
|