Back to index

lightning-sunbird  0.9+nobinonly
Classes | Defines | Typedefs | Functions | Variables
secmime.c File Reference
#include "secmime.h"
#include "secoid.h"
#include "pk11func.h"
#include "ciferfam.h"
#include "secasn1.h"
#include "secitem.h"
#include "cert.h"
#include "key.h"
#include "secerr.h"

Go to the source code of this file.

Classes

struct  smime_cipher_map_struct
struct  smime_capability_struct

Defines

#define SMIME_DER_INTVAL_16   SEC_ASN1_INTEGER, 0x01, 0x10
#define SMIME_DER_INTVAL_40   SEC_ASN1_INTEGER, 0x01, 0x28
#define SMIME_DER_INTVAL_64   SEC_ASN1_INTEGER, 0x01, 0x40
#define SMIME_DER_INTVAL_128   SEC_ASN1_INTEGER, 0x02, 0x00, 0x80

Typedefs

typedef struct
smime_cipher_map_struct 
smime_cipher_map
typedef struct
smime_capability_struct 
smime_capability

Functions

static int smime_mapi_by_cipher (unsigned long cipher)
SECStatus SECMIME_EnableCipher (long which, int on)
SECStatus SECMIME_SetPolicy (long which, int on)
static long smime_policy_algorithm (SECAlgorithmID *algid, PK11SymKey *key)
static PRBool smime_cipher_allowed (unsigned long which)
PRBool SECMIME_DecryptionAllowed (SECAlgorithmID *algid, PK11SymKey *key)
PRBool SECMIME_EncryptionPossible (void)
static void smime_fill_capability (smime_capability *cap)
static long smime_choose_cipher (CERTCertificate *scert, CERTCertificate **rcerts)
static int smime_keysize_by_cipher (unsigned long which)
SEC_PKCS7ContentInfo * SECMIME_CreateEncrypted (CERTCertificate *scert, CERTCertificate **rcerts, CERTCertDBHandle *certdb, SECKEYGetPasswordKey pwfn, void *pwfn_arg)
static SECStatus smime_init_caps (PRBool isFortezza)
static SECStatus smime_add_profile (CERTCertificate *cert, SEC_PKCS7ContentInfo *cinfo)
SEC_PKCS7ContentInfo * SECMIME_CreateSigned (CERTCertificate *scert, CERTCertificate *ecert, CERTCertDBHandle *certdb, SECOidTag digestalg, SECItem *digest, SECKEYGetPasswordKey pwfn, void *pwfn_arg)

Variables

static unsigned char smime_int40 [] = { SMIME_DER_INTVAL_40 }
static unsigned char smime_int64 [] = { SMIME_DER_INTVAL_64 }
static unsigned char smime_int128 [] = { SMIME_DER_INTVAL_128 }
static SECItem smime_rc2p40 = { siBuffer, smime_int40, sizeof(smime_int40) }
static SECItem smime_rc2p64 = { siBuffer, smime_int64, sizeof(smime_int64) }
static SECItem smime_rc2p128 = { siBuffer, smime_int128, sizeof(smime_int128) }
static smime_cipher_map smime_cipher_maps []
static const int smime_symmetric_count
static unsigned longsmime_prefs
static unsigned longsmime_newprefs
static int smime_current_pref_index = 0
static PRBool smime_prefs_complete = PR_FALSE
static PRBool smime_prefs_changed = PR_TRUE
static unsigned long smime_policy_bits = 0
static const SEC_ASN1Template smime_capability_template []
static const SEC_ASN1Template smime_capabilities_template []
static smime_capability ** smime_capabilities
static SECItem * smime_encoded_caps
static PRBool lastUsedFortezza

Class Documentation

struct smime_cipher_map_struct

Definition at line 54 of file secmime.c.

Class Members
SECOidTag algtag
unsigned long cipher
SECItem * parms
struct smime_capability_struct

Definition at line 334 of file secmime.c.

Class Members
SECItem capabilityID
SECOidTag capIDTag
unsigned long cipher
SECItem parameters

Define Documentation

#define SMIME_DER_INTVAL_128   SEC_ASN1_INTEGER, 0x02, 0x00, 0x80

Definition at line 67 of file secmime.c.

Definition at line 64 of file secmime.c.

Definition at line 65 of file secmime.c.

Definition at line 66 of file secmime.c.


Typedef Documentation


Function Documentation

SEC_PKCS7ContentInfo* SECMIME_CreateEncrypted ( CERTCertificate *  scert,
CERTCertificate **  rcerts,
CERTCertDBHandle *  certdb,
SECKEYGetPasswordKey  pwfn,
void pwfn_arg 
)

Definition at line 590 of file secmime.c.

{
    SEC_PKCS7ContentInfo *cinfo;
    long cipher;
    SECOidTag encalg;
    int keysize;
    int mapi, rci;

    cipher = smime_choose_cipher (scert, rcerts);
    if (cipher < 0)
       return NULL;

    mapi = smime_mapi_by_cipher (cipher);
    if (mapi < 0)
       return NULL;

    /*
     * XXX This is stretching it -- CreateEnvelopedData should probably
     * take a cipher itself of some sort, because we cannot know what the
     * future will bring in terms of parameters for each type of algorithm.
     * For example, just an algorithm and keysize is *not* sufficient to
     * fully specify the usage of RC5 (which also needs to know rounds and
     * block size).  Work this out into a better API!
     */
    encalg = smime_cipher_maps[mapi].algtag;
    keysize = smime_keysize_by_cipher (cipher);
    if (keysize < 0)
       return NULL;

    cinfo = SEC_PKCS7CreateEnvelopedData (scert, certUsageEmailRecipient,
                                     certdb, encalg, keysize,
                                     pwfn, pwfn_arg);
    if (cinfo == NULL)
       return NULL;

    for (rci = 0; rcerts[rci] != NULL; rci++) {
       if (rcerts[rci] == scert)
           continue;
       if (SEC_PKCS7AddRecipient (cinfo, rcerts[rci], certUsageEmailRecipient,
                               NULL) != SECSuccess) {
           SEC_PKCS7DestroyContentInfo (cinfo);
           return NULL;
       }
    }

    return cinfo;
}

Here is the call graph for this function:

SEC_PKCS7ContentInfo* SECMIME_CreateSigned ( CERTCertificate *  scert,
CERTCertificate *  ecert,
CERTCertDBHandle *  certdb,
SECOidTag  digestalg,
SECItem *  digest,
SECKEYGetPasswordKey  pwfn,
void pwfn_arg 
)

Definition at line 851 of file secmime.c.

{
    SEC_PKCS7ContentInfo *cinfo;
    SECStatus rv;

    /* See note in header comment above about digestalg. */
    /* Doesn't explain this. PORT_Assert (digestalg == SEC_OID_SHA1); */

    cinfo = SEC_PKCS7CreateSignedData (scert, certUsageEmailSigner,
                                   certdb, digestalg, digest,
                                   pwfn, pwfn_arg);
    if (cinfo == NULL)
       return NULL;

    if (SEC_PKCS7IncludeCertChain (cinfo, NULL) != SECSuccess) {
       SEC_PKCS7DestroyContentInfo (cinfo);
       return NULL;
    }

    /* if the encryption cert and the signing cert differ, then include
     * the encryption cert too.
     */
    /* it is ok to compare the pointers since we ref count, and the same
     * cert will always have the same pointer
     */
    if ( ( ecert != NULL ) && ( ecert != scert ) ) {
       rv = SEC_PKCS7AddCertificate(cinfo, ecert);
       if ( rv != SECSuccess ) {
           SEC_PKCS7DestroyContentInfo (cinfo);
           return NULL;
       }
    }
    /*
     * Add the signing time.  But if it fails for some reason,
     * may as well not give up altogether -- just assert.
     */
    rv = SEC_PKCS7AddSigningTime (cinfo);
    PORT_Assert (rv == SECSuccess);

    /*
     * Add the email profile.  Again, if it fails for some reason,
     * may as well not give up altogether -- just assert.
     */
    rv = smime_add_profile (ecert, cinfo);
    PORT_Assert (rv == SECSuccess);

    return cinfo;
}

Here is the call graph for this function:

PRBool SECMIME_DecryptionAllowed ( SECAlgorithmID *  algid,
PK11SymKey *  key 
)

Definition at line 289 of file secmime.c.

{
    long which;

    which = smime_policy_algorithm (algid, key);
    if (which < 0)
       return PR_FALSE;

    return smime_cipher_allowed ((unsigned long)which);
}

Here is the call graph for this function:

SECStatus SECMIME_EnableCipher ( long  which,
int  on 
)

Definition at line 130 of file secmime.c.

{
    unsigned long mask;

    if (smime_newprefs == NULL || smime_prefs_complete) {
       /*
        * This is either the very first time, or we are starting over.
        */
       smime_newprefs = (unsigned long*)PORT_ZAlloc (smime_symmetric_count
                                  * sizeof(*smime_newprefs));
       if (smime_newprefs == NULL)
           return SECFailure;
       smime_current_pref_index = 0;
       smime_prefs_complete = PR_FALSE;
    }

    mask = which & CIPHER_FAMILYID_MASK;
    if (mask == CIPHER_FAMILYID_MASK) {
       /*
        * This call signifies that all preferences have been set.
        * Move "newprefs" over, after checking first whether or
        * not the new ones are different from the old ones.
        */
       if (smime_prefs != NULL) {
           if (PORT_Memcmp (smime_prefs, smime_newprefs,
                          smime_symmetric_count * sizeof(*smime_prefs)) == 0)
              smime_prefs_changed = PR_FALSE;
           else
              smime_prefs_changed = PR_TRUE;
           PORT_Free (smime_prefs);
       }

       smime_prefs = smime_newprefs;
       smime_prefs_complete = PR_TRUE;
       return SECSuccess;
    }

    PORT_Assert (mask == CIPHER_FAMILYID_SMIME);
    if (mask != CIPHER_FAMILYID_SMIME) {
       /* XXX set an error! */
       return SECFailure;
    }

    if (on) {
       PORT_Assert (smime_current_pref_index < smime_symmetric_count);
       if (smime_current_pref_index >= smime_symmetric_count) {
           /* XXX set an error! */
           return SECFailure;
       }

       smime_newprefs[smime_current_pref_index++] = which;
    }

    return SECSuccess;
}

Here is the call graph for this function:

Definition at line 320 of file secmime.c.

{
    if (smime_policy_bits != 0)
       return PR_TRUE;

    return PR_FALSE;
}
SECStatus SECMIME_SetPolicy ( long  which,
int  on 
)

Definition at line 191 of file secmime.c.

{
    unsigned long mask;

    PORT_Assert ((which & CIPHER_FAMILYID_MASK) == CIPHER_FAMILYID_SMIME);
    if ((which & CIPHER_FAMILYID_MASK) != CIPHER_FAMILYID_SMIME) {
       /* XXX set an error! */
       return SECFailure;
    }

    which &= ~CIPHER_FAMILYID_MASK;

    PORT_Assert (which < 32);      /* bits in the long */
    if (which >= 32) {
       /* XXX set an error! */
       return SECFailure;
    }

    mask = 1UL << which;

    if (on) {
       smime_policy_bits |= mask;
    } else {
       smime_policy_bits &= ~mask;
    }

    return SECSuccess;
}
static SECStatus smime_add_profile ( CERTCertificate *  cert,
SEC_PKCS7ContentInfo *  cinfo 
) [static]

Definition at line 791 of file secmime.c.

{
    PRBool isFortezza = PR_FALSE;

    PORT_Assert (smime_prefs_complete);
    if (! smime_prefs_complete)
       return SECFailure;

    /* See if the sender's cert specifies Fortezza key exchange. */
    if (cert != NULL)
       isFortezza = PK11_FortezzaHasKEA(cert);

    /* For that matter, if capabilities haven't been initialized yet,
       do so now. */
    if (isFortezza != lastUsedFortezza || smime_encoded_caps == NULL || smime_prefs_changed) {
       SECStatus rv;

       rv = smime_init_caps(isFortezza);
       if (rv != SECSuccess)
           return rv;

       PORT_Assert (smime_encoded_caps != NULL);
    }

    return SEC_PKCS7AddSignedAttribute (cinfo, SEC_OID_PKCS9_SMIME_CAPABILITIES,
                                   smime_encoded_caps);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static long smime_choose_cipher ( CERTCertificate *  scert,
CERTCertificate **  rcerts 
) [static]

Definition at line 399 of file secmime.c.

{
    PRArenaPool *poolp;
    long chosen_cipher;
    int *cipher_abilities;
    int *cipher_votes;
    int strong_mapi;
    int rcount, mapi, max, i;
       PRBool isFortezza = PK11_FortezzaHasKEA(scert);

    if (smime_policy_bits == 0) {
       PORT_SetError (SEC_ERROR_BAD_EXPORT_ALGORITHM);
       return -1;
    }

    chosen_cipher = SMIME_RC2_CBC_40;            /* the default, LCD */

    poolp = PORT_NewArena (1024);         /* XXX what is right value? */
    if (poolp == NULL)
       goto done;

    cipher_abilities = (int*)PORT_ArenaZAlloc (poolp,
                                    smime_symmetric_count * sizeof(int));
    if (cipher_abilities == NULL)
       goto done;

    cipher_votes = (int*)PORT_ArenaZAlloc (poolp,
                                 smime_symmetric_count * sizeof(int));
    if (cipher_votes == NULL)
       goto done;

    /*
     * XXX Should have a #define somewhere which specifies default
     * strong cipher.  (Or better, a way to configure, which would
     * take Fortezza into account as well.)
     */

    /* If the user has the Fortezza preference turned on, make
     *  that the strong cipher. Otherwise, use triple-DES. */
    strong_mapi = -1;
    if (isFortezza) {
       for(i=0;i < smime_current_pref_index && strong_mapi < 0;i++)
       {
           if (smime_prefs[i] == SMIME_FORTEZZA)
              strong_mapi = smime_mapi_by_cipher(SMIME_FORTEZZA);
       }
    }

    if (strong_mapi == -1)
       strong_mapi = smime_mapi_by_cipher (SMIME_DES_EDE3_168);

    PORT_Assert (strong_mapi >= 0);

    for (rcount = 0; rcerts[rcount] != NULL; rcount++) {
       SECItem *profile;
       smime_capability **caps;
       int capi, pref;
       SECStatus dstat;

       pref = smime_symmetric_count;
       profile = CERT_FindSMimeProfile (rcerts[rcount]);
       if (profile != NULL && profile->data != NULL && profile->len > 0) {
           caps = NULL;
           dstat = SEC_QuickDERDecodeItem (poolp, &caps,
                                   smime_capabilities_template,
                                   profile);
           if (dstat == SECSuccess && caps != NULL) {
              for (capi = 0; caps[capi] != NULL; capi++) {
                  smime_fill_capability (caps[capi]);
                  mapi = smime_mapi_by_cipher (caps[capi]->cipher);
                  if (mapi >= 0) {
                     cipher_abilities[mapi]++;
                     cipher_votes[mapi] += pref;
                     --pref;
                  }
              }
           }
       } else {
           SECKEYPublicKey *key;
           unsigned int pklen_bits;

           /*
            * XXX This is probably only good for RSA keys.  What I would
            * really like is a function to just say;  Is the public key in
            * this cert an export-length key?  Then I would not have to
            * know things like the value 512, or the kind of key, or what
            * a subjectPublicKeyInfo is, etc.
            */
           key = CERT_ExtractPublicKey (rcerts[rcount]);
           if (key != NULL) {
              pklen_bits = SECKEY_PublicKeyStrength (key) * 8;
              SECKEY_DestroyPublicKey (key);

              if (pklen_bits > 512) {
                  cipher_abilities[strong_mapi]++;
                  cipher_votes[strong_mapi] += pref;
              }
           }
       }
       if (profile != NULL)
           SECITEM_FreeItem (profile, PR_TRUE);
    }

    max = 0;
    for (mapi = 0; mapi < smime_symmetric_count; mapi++) {
       if (cipher_abilities[mapi] != rcount)
           continue;
       if (! smime_cipher_allowed (smime_cipher_maps[mapi].cipher))
           continue;
       if (!isFortezza  && (smime_cipher_maps[mapi].cipher == SMIME_FORTEZZA))
              continue;
       if (cipher_votes[mapi] > max) {
           chosen_cipher = smime_cipher_maps[mapi].cipher;
           max = cipher_votes[mapi];
       } /* XXX else if a tie, let scert break it? */
    }

done:
    if (poolp != NULL)
       PORT_FreeArena (poolp, PR_FALSE);

    return chosen_cipher;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static PRBool smime_cipher_allowed ( unsigned long  which) [static]

Definition at line 271 of file secmime.c.

{
    unsigned long mask;

    which &= ~CIPHER_FAMILYID_MASK;
    PORT_Assert (which < 32);      /* bits per long (min) */
    if (which >= 32)
       return PR_FALSE;

    mask = 1UL << which;
    if ((mask & smime_policy_bits) == 0)
       return PR_FALSE;

    return PR_TRUE;
}

Here is the caller graph for this function:

static void smime_fill_capability ( smime_capability cap) [static]

Definition at line 358 of file secmime.c.

{
    unsigned long cipher;
    SECOidTag algtag;
    int i;

    algtag = SECOID_FindOIDTag (&(cap->capabilityID));

    for (i = 0; i < smime_symmetric_count; i++) {
       if (smime_cipher_maps[i].algtag != algtag)
           continue;
       /*
        * XXX If SECITEM_CompareItem allowed NULLs as arguments (comparing
        * 2 NULLs as equal and NULL and non-NULL as not equal), we could
        * use that here instead of all of the following comparison code.
        */
       if (cap->parameters.data != NULL) {
           if (smime_cipher_maps[i].parms == NULL)
              continue;
           if (cap->parameters.len != smime_cipher_maps[i].parms->len)
              continue;
           if (PORT_Memcmp (cap->parameters.data,
                          smime_cipher_maps[i].parms->data,
                          cap->parameters.len) == 0)
              break;
       } else if (smime_cipher_maps[i].parms == NULL) {
           break;
       }
    }

    if (i == smime_symmetric_count)
       cipher = 0;
    else
       cipher = smime_cipher_maps[i].cipher;

    cap->cipher = cipher;
    cap->capIDTag = algtag;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECStatus smime_init_caps ( PRBool  isFortezza) [static]

Definition at line 649 of file secmime.c.

{
    smime_capability *cap;
    smime_cipher_map *map;
    SECOidData *oiddata;
    SECStatus rv;
    int i, capIndex;

    if (smime_encoded_caps != NULL 
       && (! smime_prefs_changed) 
       && lastUsedFortezza == isFortezza)
       return SECSuccess;

    if (smime_encoded_caps != NULL) {
       SECITEM_FreeItem (smime_encoded_caps, PR_TRUE);
       smime_encoded_caps = NULL;
    }

    if (smime_capabilities == NULL) {
       smime_capabilities = (smime_capability**)PORT_ZAlloc (
                                     (smime_symmetric_count + 1)
                                     * sizeof(smime_capability *));
       if (smime_capabilities == NULL)
           return SECFailure;
    }

    rv = SECFailure;

    /* 
       The process of creating the encoded PKCS7 cipher capability list
       involves two basic steps: 

       (a) Convert our internal representation of cipher preferences 
           (smime_prefs) into an array containing cipher OIDs and 
          parameter data (smime_capabilities). This step is
          performed here.

       (b) Encode, using ASN.1, the cipher information in 
           smime_capabilities, leaving the encoded result in 
          smime_encoded_caps.

       (In the process of performing (a), Lisa put in some optimizations
       which allow us to avoid needlessly re-populating elements in 
       smime_capabilities as we walk through smime_prefs.)

       We want to use separate loop variables for smime_prefs and
       smime_capabilities because in the case where the Skipjack cipher 
       is turned on in the prefs, but where we don't want to include 
       Skipjack in the encoded capabilities (presumably due to using a 
       non-fortezza cert when sending a message), we want to avoid creating
       an empty element in smime_capabilities. This would otherwise cause 
       the encoding step to produce an empty set, since Skipjack happens 
       to be the first cipher in smime_prefs, if it is turned on.
    */
    for (i = 0, capIndex = 0; i < smime_current_pref_index; i++, capIndex++) {
       int mapi;

       /* Get the next cipher preference in smime_prefs. */
       mapi = smime_mapi_by_cipher (smime_prefs[i]);
       if (mapi < 0)
           break;

       /* Find the corresponding entry in the cipher map. */
       PORT_Assert (mapi < smime_symmetric_count);
       map = &(smime_cipher_maps[mapi]);

       /* If we're using a non-Fortezza cert, only advertise non-Fortezza
          capabilities. (We advertise all capabilities if we have a 
          Fortezza cert.) */
       if ((!isFortezza) && (map->cipher == SMIME_FORTEZZA))
       {
           capIndex--; /* we want to visit the same caps index entry next time */
           continue;
       }

       /*
        * Convert the next preference found in smime_prefs into an
        * smime_capability.
        */

       cap = smime_capabilities[capIndex];
       if (cap == NULL) {
           cap = (smime_capability*)PORT_ZAlloc (sizeof(smime_capability));
           if (cap == NULL)
              break;
           smime_capabilities[capIndex] = cap;
       } else if (cap->cipher == smime_prefs[i]) {
           continue;        /* no change to this one */
       }

       cap->capIDTag = map->algtag;
       oiddata = SECOID_FindOIDByTag (map->algtag);
       if (oiddata == NULL)
           break;

       if (cap->capabilityID.data != NULL) {
           SECITEM_FreeItem (&(cap->capabilityID), PR_FALSE);
           cap->capabilityID.data = NULL;
           cap->capabilityID.len = 0;
       }

       rv = SECITEM_CopyItem (NULL, &(cap->capabilityID), &(oiddata->oid));
       if (rv != SECSuccess)
           break;

       if (map->parms == NULL) {
           cap->parameters.data = NULL;
           cap->parameters.len = 0;
       } else {
           cap->parameters.data = map->parms->data;
           cap->parameters.len = map->parms->len;
       }

       cap->cipher = smime_prefs[i];
    }

    if (i != smime_current_pref_index)
       return rv;

    while (capIndex < smime_symmetric_count) {
       cap = smime_capabilities[capIndex];
       if (cap != NULL) {
           SECITEM_FreeItem (&(cap->capabilityID), PR_FALSE);
           PORT_Free (cap);
       }
       smime_capabilities[capIndex] = NULL;
       capIndex++;
    }
    smime_capabilities[capIndex] = NULL;

    smime_encoded_caps = SEC_ASN1EncodeItem (NULL, NULL, &smime_capabilities,
                                        smime_capabilities_template);
    if (smime_encoded_caps == NULL)
       return SECFailure;

    lastUsedFortezza = isFortezza;

    return SECSuccess;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static int smime_keysize_by_cipher ( unsigned long  which) [static]

Definition at line 530 of file secmime.c.

{
    int keysize;

    switch (which) {
      case SMIME_RC2_CBC_40:
       keysize = 40;
       break;
      case SMIME_RC2_CBC_64:
       keysize = 64;
       break;
      case SMIME_RC2_CBC_128:
       keysize = 128;
       break;
#ifdef SMIME_DOES_RC5
      case SMIME_RC5PAD_64_16_40:
      case SMIME_RC5PAD_64_16_64:
      case SMIME_RC5PAD_64_16_128:
       /* XXX See comment above; keysize is not enough... */
       PORT_Assert (0);
       PORT_SetError (SEC_ERROR_INVALID_ALGORITHM);
       keysize = -1;
       break;
#endif
      case SMIME_DES_CBC_56:
      case SMIME_DES_EDE3_168:
      case SMIME_FORTEZZA:
       /*
        * These are special; since the key size is fixed, we actually
        * want to *avoid* specifying a key size.
        */
       keysize = 0;
       break;
      default:
       keysize = -1;
       break;
    }

    return keysize;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static int smime_mapi_by_cipher ( unsigned long  cipher) [static]

Definition at line 110 of file secmime.c.

{
    int i;

    for (i = 0; i < smime_symmetric_count; i++) {
       if (smime_cipher_maps[i].cipher == cipher)
           break;
    }

    if (i == smime_symmetric_count)
       return -1;

    return i;
}

Here is the caller graph for this function:

static long smime_policy_algorithm ( SECAlgorithmID *  algid,
PK11SymKey *  key 
) [static]

Definition at line 228 of file secmime.c.

{
    SECOidTag algtag;

    algtag = SECOID_GetAlgorithmTag (algid);
    switch (algtag) {
      case SEC_OID_RC2_CBC:
       {
           unsigned int keylen_bits;

           keylen_bits = PK11_GetKeyStrength (key, algid);
           switch (keylen_bits) {
             case 40:
              return SMIME_RC2_CBC_40;
             case 64:
              return SMIME_RC2_CBC_64;
             case 128:
              return SMIME_RC2_CBC_128;
             default:
              break;
           }
       }
       break;
      case SEC_OID_DES_CBC:
       return SMIME_DES_CBC_56;
      case SEC_OID_DES_EDE3_CBC:
       return SMIME_DES_EDE3_168;
      case SEC_OID_FORTEZZA_SKIPJACK:
       return SMIME_FORTEZZA;
#ifdef SMIME_DOES_RC5
      case SEC_OID_RC5_CBC_PAD:
       PORT_Assert (0);     /* XXX need to pull out parameters and match */
       break;
#endif
      default:
       break;
    }

    return -1;
}

Here is the call graph for this function:

Here is the caller graph for this function:


Variable Documentation

Definition at line 645 of file secmime.c.

Definition at line 643 of file secmime.c.

Initial value:

Definition at line 351 of file secmime.c.

Initial value:

Definition at line 341 of file secmime.c.

Definition at line 102 of file secmime.c.

SECItem* smime_encoded_caps [static]

Definition at line 644 of file secmime.c.

unsigned char smime_int128[] = { SMIME_DER_INTVAL_128 } [static]

Definition at line 74 of file secmime.c.

unsigned char smime_int40[] = { SMIME_DER_INTVAL_40 } [static]

Definition at line 72 of file secmime.c.

unsigned char smime_int64[] = { SMIME_DER_INTVAL_64 } [static]

Definition at line 73 of file secmime.c.

unsigned long * smime_newprefs [static]

Definition at line 101 of file secmime.c.

unsigned long smime_policy_bits = 0 [static]

Definition at line 106 of file secmime.c.

unsigned long* smime_prefs [static]

Definition at line 101 of file secmime.c.

Definition at line 104 of file secmime.c.

Definition at line 103 of file secmime.c.

SECItem smime_rc2p128 = { siBuffer, smime_int128, sizeof(smime_int128) } [static]

Definition at line 78 of file secmime.c.

SECItem smime_rc2p40 = { siBuffer, smime_int40, sizeof(smime_int40) } [static]

Definition at line 76 of file secmime.c.

SECItem smime_rc2p64 = { siBuffer, smime_int64, sizeof(smime_int64) } [static]

Definition at line 77 of file secmime.c.

Initial value:

Definition at line 98 of file secmime.c.