Back to index

lightning-sunbird  0.9+nobinonly
Functions
secmime.h File Reference
#include "secpkcs7.h"
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions

SEC_BEGIN_PROTOS SECStatus SECMIME_EnableCipher (long which, int on)
SECStatus SECMIME_SetPolicy (long which, int on)
PRBool SECMIME_DecryptionAllowed (SECAlgorithmID *algid, PK11SymKey *key)
PRBool SECMIME_EncryptionPossible (void)
SEC_PKCS7ContentInfo * SECMIME_CreateEncrypted (CERTCertificate *scert, CERTCertificate **rcerts, CERTCertDBHandle *certdb, SECKEYGetPasswordKey pwfn, void *pwfn_arg)
SEC_PKCS7ContentInfo * SECMIME_CreateSigned (CERTCertificate *scert, CERTCertificate *ecert, CERTCertDBHandle *certdb, SECOidTag digestalg, SECItem *digest, SECKEYGetPasswordKey pwfn, void *pwfn_arg)

Function Documentation

SEC_PKCS7ContentInfo* SECMIME_CreateEncrypted ( CERTCertificate *  scert,
CERTCertificate **  rcerts,
CERTCertDBHandle *  certdb,
SECKEYGetPasswordKey  pwfn,
void pwfn_arg 
)

Definition at line 590 of file secmime.c.

{
    SEC_PKCS7ContentInfo *cinfo;
    long cipher;
    SECOidTag encalg;
    int keysize;
    int mapi, rci;

    cipher = smime_choose_cipher (scert, rcerts);
    if (cipher < 0)
       return NULL;

    mapi = smime_mapi_by_cipher (cipher);
    if (mapi < 0)
       return NULL;

    /*
     * XXX This is stretching it -- CreateEnvelopedData should probably
     * take a cipher itself of some sort, because we cannot know what the
     * future will bring in terms of parameters for each type of algorithm.
     * For example, just an algorithm and keysize is *not* sufficient to
     * fully specify the usage of RC5 (which also needs to know rounds and
     * block size).  Work this out into a better API!
     */
    encalg = smime_cipher_maps[mapi].algtag;
    keysize = smime_keysize_by_cipher (cipher);
    if (keysize < 0)
       return NULL;

    cinfo = SEC_PKCS7CreateEnvelopedData (scert, certUsageEmailRecipient,
                                     certdb, encalg, keysize,
                                     pwfn, pwfn_arg);
    if (cinfo == NULL)
       return NULL;

    for (rci = 0; rcerts[rci] != NULL; rci++) {
       if (rcerts[rci] == scert)
           continue;
       if (SEC_PKCS7AddRecipient (cinfo, rcerts[rci], certUsageEmailRecipient,
                               NULL) != SECSuccess) {
           SEC_PKCS7DestroyContentInfo (cinfo);
           return NULL;
       }
    }

    return cinfo;
}

Here is the call graph for this function:

SEC_PKCS7ContentInfo* SECMIME_CreateSigned ( CERTCertificate *  scert,
CERTCertificate *  ecert,
CERTCertDBHandle *  certdb,
SECOidTag  digestalg,
SECItem *  digest,
SECKEYGetPasswordKey  pwfn,
void pwfn_arg 
)

Definition at line 851 of file secmime.c.

{
    SEC_PKCS7ContentInfo *cinfo;
    SECStatus rv;

    /* See note in header comment above about digestalg. */
    /* Doesn't explain this. PORT_Assert (digestalg == SEC_OID_SHA1); */

    cinfo = SEC_PKCS7CreateSignedData (scert, certUsageEmailSigner,
                                   certdb, digestalg, digest,
                                   pwfn, pwfn_arg);
    if (cinfo == NULL)
       return NULL;

    if (SEC_PKCS7IncludeCertChain (cinfo, NULL) != SECSuccess) {
       SEC_PKCS7DestroyContentInfo (cinfo);
       return NULL;
    }

    /* if the encryption cert and the signing cert differ, then include
     * the encryption cert too.
     */
    /* it is ok to compare the pointers since we ref count, and the same
     * cert will always have the same pointer
     */
    if ( ( ecert != NULL ) && ( ecert != scert ) ) {
       rv = SEC_PKCS7AddCertificate(cinfo, ecert);
       if ( rv != SECSuccess ) {
           SEC_PKCS7DestroyContentInfo (cinfo);
           return NULL;
       }
    }
    /*
     * Add the signing time.  But if it fails for some reason,
     * may as well not give up altogether -- just assert.
     */
    rv = SEC_PKCS7AddSigningTime (cinfo);
    PORT_Assert (rv == SECSuccess);

    /*
     * Add the email profile.  Again, if it fails for some reason,
     * may as well not give up altogether -- just assert.
     */
    rv = smime_add_profile (ecert, cinfo);
    PORT_Assert (rv == SECSuccess);

    return cinfo;
}

Here is the call graph for this function:

PRBool SECMIME_DecryptionAllowed ( SECAlgorithmID *  algid,
PK11SymKey *  key 
)

Definition at line 289 of file secmime.c.

{
    long which;

    which = smime_policy_algorithm (algid, key);
    if (which < 0)
       return PR_FALSE;

    return smime_cipher_allowed ((unsigned long)which);
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 130 of file secmime.c.

{
    unsigned long mask;

    if (smime_newprefs == NULL || smime_prefs_complete) {
       /*
        * This is either the very first time, or we are starting over.
        */
       smime_newprefs = (unsigned long*)PORT_ZAlloc (smime_symmetric_count
                                  * sizeof(*smime_newprefs));
       if (smime_newprefs == NULL)
           return SECFailure;
       smime_current_pref_index = 0;
       smime_prefs_complete = PR_FALSE;
    }

    mask = which & CIPHER_FAMILYID_MASK;
    if (mask == CIPHER_FAMILYID_MASK) {
       /*
        * This call signifies that all preferences have been set.
        * Move "newprefs" over, after checking first whether or
        * not the new ones are different from the old ones.
        */
       if (smime_prefs != NULL) {
           if (PORT_Memcmp (smime_prefs, smime_newprefs,
                          smime_symmetric_count * sizeof(*smime_prefs)) == 0)
              smime_prefs_changed = PR_FALSE;
           else
              smime_prefs_changed = PR_TRUE;
           PORT_Free (smime_prefs);
       }

       smime_prefs = smime_newprefs;
       smime_prefs_complete = PR_TRUE;
       return SECSuccess;
    }

    PORT_Assert (mask == CIPHER_FAMILYID_SMIME);
    if (mask != CIPHER_FAMILYID_SMIME) {
       /* XXX set an error! */
       return SECFailure;
    }

    if (on) {
       PORT_Assert (smime_current_pref_index < smime_symmetric_count);
       if (smime_current_pref_index >= smime_symmetric_count) {
           /* XXX set an error! */
           return SECFailure;
       }

       smime_newprefs[smime_current_pref_index++] = which;
    }

    return SECSuccess;
}

Here is the call graph for this function:

Definition at line 320 of file secmime.c.

{
    if (smime_policy_bits != 0)
       return PR_TRUE;

    return PR_FALSE;
}
SECStatus SECMIME_SetPolicy ( long  which,
int  on 
)

Definition at line 191 of file secmime.c.

{
    unsigned long mask;

    PORT_Assert ((which & CIPHER_FAMILYID_MASK) == CIPHER_FAMILYID_SMIME);
    if ((which & CIPHER_FAMILYID_MASK) != CIPHER_FAMILYID_SMIME) {
       /* XXX set an error! */
       return SECFailure;
    }

    which &= ~CIPHER_FAMILYID_MASK;

    PORT_Assert (which < 32);      /* bits in the long */
    if (which >= 32) {
       /* XXX set an error! */
       return SECFailure;
    }

    mask = 1UL << which;

    if (on) {
       smime_policy_bits |= mask;
    } else {
       smime_policy_bits &= ~mask;
    }

    return SECSuccess;
}