Back to index

lightning-sunbird  0.9+nobinonly
Functions | Variables
secpkcs7.h File Reference
#include "seccomon.h"
#include "secoidt.h"
#include "certt.h"
#include "keyt.h"
#include "hasht.h"
#include "pkcs7t.h"

Go to the source code of this file.

Functions

SEC_BEGIN_PROTOS SECOidTag SEC_PKCS7ContentType (SEC_PKCS7ContentInfo *cinfo)
void SEC_PKCS7DestroyContentInfo (SEC_PKCS7ContentInfo *contentInfo)
SEC_PKCS7ContentInfo * SEC_PKCS7CopyContentInfo (SEC_PKCS7ContentInfo *contentInfo)
SECItem * SEC_PKCS7GetContent (SEC_PKCS7ContentInfo *cinfo)
SEC_PKCS7DecoderContext * SEC_PKCS7DecoderStart (SEC_PKCS7DecoderContentCallback callback, void *callback_arg, SECKEYGetPasswordKey pwfn, void *pwfn_arg, SEC_PKCS7GetDecryptKeyCallback decrypt_key_cb, void *decrypt_key_cb_arg, SEC_PKCS7DecryptionAllowedCallback decrypt_allowed_cb)
SECStatus SEC_PKCS7DecoderUpdate (SEC_PKCS7DecoderContext *p7dcx, const char *buf, unsigned long len)
SEC_PKCS7ContentInfo * SEC_PKCS7DecoderFinish (SEC_PKCS7DecoderContext *p7dcx)
void SEC_PKCS7DecoderAbort (SEC_PKCS7DecoderContext *p7dcx, int error)
SEC_PKCS7ContentInfo * SEC_PKCS7DecodeItem (SECItem *p7item, SEC_PKCS7DecoderContentCallback cb, void *cb_arg, SECKEYGetPasswordKey pwfn, void *pwfn_arg, SEC_PKCS7GetDecryptKeyCallback decrypt_key_cb, void *decrypt_key_cb_arg, SEC_PKCS7DecryptionAllowedCallback decrypt_allowed_cb)
PRBool SEC_PKCS7ContainsCertsOrCrls (SEC_PKCS7ContentInfo *cinfo)
PRBool SEC_PKCS7IsContentEmpty (SEC_PKCS7ContentInfo *cinfo, unsigned int minLen)
PRBool SEC_PKCS7ContentIsEncrypted (SEC_PKCS7ContentInfo *cinfo)
PRBool SEC_PKCS7ContentIsSigned (SEC_PKCS7ContentInfo *cinfo)
PRBool SEC_PKCS7VerifySignature (SEC_PKCS7ContentInfo *cinfo, SECCertUsage certusage, PRBool keepcerts)
PRBool SEC_PKCS7VerifyDetachedSignature (SEC_PKCS7ContentInfo *cinfo, SECCertUsage certusage, SECItem *detached_digest, HASH_HashType digest_type, PRBool keepcerts)
char * SEC_PKCS7GetSignerCommonName (SEC_PKCS7ContentInfo *cinfo)
char * SEC_PKCS7GetSignerEmailAddress (SEC_PKCS7ContentInfo *cinfo)
SECItem * SEC_PKCS7GetSigningTime (SEC_PKCS7ContentInfo *cinfo)
SEC_PKCS7ContentInfo * SEC_PKCS7CreateSignedData (CERTCertificate *cert, SECCertUsage certusage, CERTCertDBHandle *certdb, SECOidTag digestalg, SECItem *digest, SECKEYGetPasswordKey pwfn, void *pwfn_arg)
SEC_PKCS7ContentInfo * SEC_PKCS7CreateCertsOnly (CERTCertificate *cert, PRBool include_chain, CERTCertDBHandle *certdb)
SEC_PKCS7ContentInfo * SEC_PKCS7CreateEnvelopedData (CERTCertificate *cert, SECCertUsage certusage, CERTCertDBHandle *certdb, SECOidTag encalg, int keysize, SECKEYGetPasswordKey pwfn, void *pwfn_arg)
SEC_PKCS7ContentInfo * SEC_PKCS7CreateData (void)
SEC_PKCS7ContentInfo * SEC_PKCS7CreateEncryptedData (SECOidTag algorithm, int keysize, SECKEYGetPasswordKey pwfn, void *pwfn_arg)
SECStatus SEC_PKCS7AddSignedAttribute (SEC_PKCS7ContentInfo *cinfo, SECOidTag oidtag, SECItem *value)
SECStatus SEC_PKCS7AddCertChain (SEC_PKCS7ContentInfo *cinfo, CERTCertificate *cert, CERTCertDBHandle *certdb)
SECStatus SEC_PKCS7AddCertificate (SEC_PKCS7ContentInfo *cinfo, CERTCertificate *cert)
SECStatus SEC_PKCS7AddRecipient (SEC_PKCS7ContentInfo *cinfo, CERTCertificate *cert, SECCertUsage certusage, CERTCertDBHandle *certdb)
SECStatus SEC_PKCS7AddSigningTime (SEC_PKCS7ContentInfo *cinfo)
SECStatus SEC_PKCS7AddSymmetricCapabilities (SEC_PKCS7ContentInfo *cinfo)
SECStatus SEC_PKCS7IncludeCertChain (SEC_PKCS7ContentInfo *cinfo, CERTCertDBHandle *certdb)
SECStatus SEC_PKCS7SetContent (SEC_PKCS7ContentInfo *cinfo, const char *buf, unsigned long len)
SECStatus SEC_PKCS7Encode (SEC_PKCS7ContentInfo *cinfo, SEC_PKCS7EncoderOutputCallback outputfn, void *outputarg, PK11SymKey *bulkkey, SECKEYGetPasswordKey pwfn, void *pwfnarg)
SECItem * SEC_PKCS7EncodeItem (PRArenaPool *pool, SECItem *dest, SEC_PKCS7ContentInfo *cinfo, PK11SymKey *bulkkey, SECKEYGetPasswordKey pwfn, void *pwfnarg)
SECStatus SEC_PKCS7PrepareForEncode (SEC_PKCS7ContentInfo *cinfo, PK11SymKey *bulkkey, SECKEYGetPasswordKey pwfn, void *pwfnarg)
SEC_PKCS7EncoderContext * SEC_PKCS7EncoderStart (SEC_PKCS7ContentInfo *cinfo, SEC_PKCS7EncoderOutputCallback outputfn, void *outputarg, PK11SymKey *bulkkey)
SECStatus SEC_PKCS7EncoderUpdate (SEC_PKCS7EncoderContext *p7ecx, const char *buf, unsigned long len)
SECStatus SEC_PKCS7EncoderFinish (SEC_PKCS7EncoderContext *p7ecx, SECKEYGetPasswordKey pwfn, void *pwfnarg)
void SEC_PKCS7EncoderAbort (SEC_PKCS7EncoderContext *p7dcx, int error)
SECAlgorithmID * SEC_PKCS7GetEncryptionAlgorithm (SEC_PKCS7ContentInfo *cinfo)
SECStatus SEC_PKCS7EncryptContents (PRArenaPool *poolp, SEC_PKCS7ContentInfo *cinfo, SECItem *key, void *wincx)
SECStatus SEC_PKCS7DecryptContents (PRArenaPool *poolp, SEC_PKCS7ContentInfo *cinfo, SECItem *key, void *wincx)
SECItem ** SEC_PKCS7GetCertificateList (SEC_PKCS7ContentInfo *cinfo)
int SEC_PKCS7GetKeyLength (SEC_PKCS7ContentInfo *cinfo)

Variables

const SEC_ASN1Template sec_PKCS7ContentInfoTemplate []

Function Documentation

SECStatus SEC_PKCS7AddCertChain ( SEC_PKCS7ContentInfo *  cinfo,
CERTCertificate *  cert,
CERTCertDBHandle *  certdb 
)

Definition at line 952 of file p7create.c.

{
    SECOidTag kind;

    kind = SEC_PKCS7ContentType (cinfo);
    if (kind != SEC_OID_PKCS7_SIGNED_DATA
       && kind != SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA)
       return SECFailure;          /* XXX set an error? */

    return sec_pkcs7_add_cert_chain (cinfo, cert, certdb);
}

Here is the call graph for this function:

SECStatus SEC_PKCS7AddCertificate ( SEC_PKCS7ContentInfo *  cinfo,
CERTCertificate *  cert 
)

Definition at line 974 of file p7create.c.

{
    SECOidTag kind;

    kind = SEC_PKCS7ContentType (cinfo);
    if (kind != SEC_OID_PKCS7_SIGNED_DATA
       && kind != SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA)
       return SECFailure;          /* XXX set an error? */

    return sec_pkcs7_add_certificate (cinfo, cert);
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus SEC_PKCS7AddRecipient ( SEC_PKCS7ContentInfo *  cinfo,
CERTCertificate *  cert,
SECCertUsage  certusage,
CERTCertDBHandle *  certdb 
)

Definition at line 1236 of file p7create.c.

{
    return sec_pkcs7_add_recipient (cinfo, cert, certusage, certdb);
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus SEC_PKCS7AddSignedAttribute ( SEC_PKCS7ContentInfo *  cinfo,
SECOidTag  oidtag,
SECItem *  value 
)

Definition at line 674 of file p7create.c.

{
    SEC_PKCS7SignerInfo **signerinfos;
    SEC_PKCS7Attribute *attr;

    PORT_Assert (SEC_PKCS7ContentType (cinfo) == SEC_OID_PKCS7_SIGNED_DATA);
    if (SEC_PKCS7ContentType (cinfo) != SEC_OID_PKCS7_SIGNED_DATA)
       return SECFailure;

    signerinfos = cinfo->content.signedData->signerInfos;

    /*
     * No signature or more than one means no deal.
     */
    if (signerinfos == NULL || signerinfos[0] == NULL || signerinfos[1] != NULL)
       return SECFailure;

    attr = sec_pkcs7_create_attribute (cinfo->poolp, oidtag, value, PR_TRUE);
    if (attr == NULL)
       return SECFailure;

    return sec_pkcs7_add_attribute (cinfo, &(signerinfos[0]->authAttr), attr);
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus SEC_PKCS7AddSigningTime ( SEC_PKCS7ContentInfo *  cinfo)

Definition at line 605 of file p7create.c.

{
    SEC_PKCS7SignerInfo **signerinfos;
    SEC_PKCS7Attribute *attr;
    SECItem stime;
    SECStatus rv;
    int si;

    PORT_Assert (SEC_PKCS7ContentType (cinfo) == SEC_OID_PKCS7_SIGNED_DATA);
    if (SEC_PKCS7ContentType (cinfo) != SEC_OID_PKCS7_SIGNED_DATA)
       return SECFailure;

    signerinfos = cinfo->content.signedData->signerInfos;

    /* There has to be a signer, or it makes no sense. */
    if (signerinfos == NULL || signerinfos[0] == NULL)
       return SECFailure;

    rv = DER_EncodeTimeChoice(NULL, &stime, PR_Now());
    if (rv != SECSuccess)
       return rv;

    attr = sec_pkcs7_create_attribute (cinfo->poolp,
                                   SEC_OID_PKCS9_SIGNING_TIME,
                                   &stime, PR_FALSE);
    SECITEM_FreeItem (&stime, PR_FALSE);

    if (attr == NULL)
       return SECFailure;

    rv = SECSuccess;
    for (si = 0; signerinfos[si] != NULL; si++) {
       SEC_PKCS7Attribute *oattr;

       oattr = sec_PKCS7FindAttribute (signerinfos[si]->authAttr,
                                   SEC_OID_PKCS9_SIGNING_TIME, PR_FALSE);
       PORT_Assert (oattr == NULL);
       if (oattr != NULL)
           continue; /* XXX or would it be better to replace it? */

       rv = sec_pkcs7_add_attribute (cinfo, &(signerinfos[si]->authAttr),
                                  attr);
       if (rv != SECSuccess)
           break;    /* could try to continue, but may as well give up now */
    }

    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus SEC_PKCS7AddSymmetricCapabilities ( SEC_PKCS7ContentInfo *  cinfo)
PRBool SEC_PKCS7ContainsCertsOrCrls ( SEC_PKCS7ContentInfo *  cinfo)

Definition at line 1261 of file p7decode.c.

{
    SECOidTag kind;
    SECItem **certs;
    CERTSignedCrl **crls;

    kind = SEC_PKCS7ContentType (cinfo);
    switch (kind) {
      default:
      case SEC_OID_PKCS7_DATA:
      case SEC_OID_PKCS7_DIGESTED_DATA:
      case SEC_OID_PKCS7_ENVELOPED_DATA:
      case SEC_OID_PKCS7_ENCRYPTED_DATA:
       return PR_FALSE;
      case SEC_OID_PKCS7_SIGNED_DATA:
       certs = cinfo->content.signedData->rawCerts;
       crls = cinfo->content.signedData->crls;
       break;
      case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA:
       certs = cinfo->content.signedAndEnvelopedData->rawCerts;
       crls = cinfo->content.signedAndEnvelopedData->crls;
       break;
    }

    /*
     * I know this could be collapsed, but I was in a mood to be explicit.
     */
    if (certs != NULL && certs[0] != NULL)
       return PR_TRUE;
    else if (crls != NULL && crls[0] != NULL)
       return PR_TRUE;
    else
       return PR_FALSE;
}

Here is the call graph for this function:

Here is the caller graph for this function:

PRBool SEC_PKCS7ContentIsEncrypted ( SEC_PKCS7ContentInfo *  cinfo)

Definition at line 1332 of file p7decode.c.

Here is the call graph for this function:

Here is the caller graph for this function:

PRBool SEC_PKCS7ContentIsSigned ( SEC_PKCS7ContentInfo *  cinfo)

Definition at line 1360 of file p7decode.c.

{
    SECOidTag kind;
    SEC_PKCS7SignerInfo **signerinfos;

    kind = SEC_PKCS7ContentType (cinfo);
    switch (kind) {
      default:
      case SEC_OID_PKCS7_DATA:
      case SEC_OID_PKCS7_DIGESTED_DATA:
      case SEC_OID_PKCS7_ENVELOPED_DATA:
      case SEC_OID_PKCS7_ENCRYPTED_DATA:
       return PR_FALSE;
      case SEC_OID_PKCS7_SIGNED_DATA:
       signerinfos = cinfo->content.signedData->signerInfos;
       break;
      case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA:
       signerinfos = cinfo->content.signedAndEnvelopedData->signerInfos;
       break;
    }

    /*
     * I know this could be collapsed; but I kind of think it will get
     * more complicated before I am finished, so...
     */
    if (signerinfos != NULL && signerinfos[0] != NULL)
       return PR_TRUE;
    else
       return PR_FALSE;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SEC_BEGIN_PROTOS SECOidTag SEC_PKCS7ContentType ( SEC_PKCS7ContentInfo *  cinfo)

Definition at line 56 of file p7common.c.

{
    if (cinfo->contentTypeTag == NULL)
       cinfo->contentTypeTag = SECOID_FindOID(&(cinfo->contentType));

    if (cinfo->contentTypeTag == NULL)
       return SEC_OID_UNKNOWN;

    return cinfo->contentTypeTag->offset;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SEC_PKCS7ContentInfo* SEC_PKCS7CopyContentInfo ( SEC_PKCS7ContentInfo *  contentInfo)

Definition at line 185 of file p7common.c.

{
    if (cinfo == NULL)
       return NULL;

    PORT_Assert (cinfo->refCount > 0);

    if (cinfo->created) {
       /*
        * Want to do a real copy of these; otherwise subsequent
        * changes made to either copy are likely to be a surprise.
        * XXX I suspect that this will not actually be called for yet,
        * which is why the assert, so to notice if it is...
        */
       PORT_Assert (0);
       /*
        * XXX Create a new pool here, and copy everything from
        * within.  For cert stuff, need to call the appropriate
        * copy functions, etc.
        */
    }

    cinfo->refCount++;
    return cinfo;
}

Here is the caller graph for this function:

SEC_PKCS7ContentInfo* SEC_PKCS7CreateCertsOnly ( CERTCertificate *  cert,
PRBool  include_chain,
CERTCertDBHandle *  certdb 
)

Definition at line 917 of file p7create.c.

{
    SEC_PKCS7ContentInfo *cinfo;
    SECStatus rv;

    cinfo = sec_pkcs7_create_signed_data (NULL, NULL);
    if (cinfo == NULL)
       return NULL;

    if (include_chain)
       rv = sec_pkcs7_add_cert_chain (cinfo, cert, certdb);
    else
       rv = sec_pkcs7_add_certificate (cinfo, cert);

    if (rv != SECSuccess) {
       SEC_PKCS7DestroyContentInfo (cinfo);
       return NULL;
    }

    return cinfo;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SEC_PKCS7ContentInfo* SEC_PKCS7CreateData ( void  )

Definition at line 1252 of file p7create.c.

Here is the call graph for this function:

Here is the caller graph for this function:

SEC_PKCS7ContentInfo* SEC_PKCS7CreateEncryptedData ( SECOidTag  algorithm,
int  keysize,
SECKEYGetPasswordKey  pwfn,
void pwfn_arg 
)

Definition at line 1268 of file p7create.c.

{
    SEC_PKCS7ContentInfo *cinfo;
    SECAlgorithmID *algid;
    SEC_PKCS7EncryptedData *enc_data;
    SECStatus rv;

    cinfo = sec_pkcs7_create_content_info (SEC_OID_PKCS7_ENCRYPTED_DATA, 
                                      PR_FALSE, pwfn, pwfn_arg);
    if (cinfo == NULL)
       return NULL;

    enc_data = cinfo->content.encryptedData;
    algid = &(enc_data->encContentInfo.contentEncAlg);

    switch (algorithm) {
      case SEC_OID_RC2_CBC:
      case SEC_OID_DES_EDE3_CBC:
      case SEC_OID_DES_CBC:
       rv = SECOID_SetAlgorithmID (cinfo->poolp, algid, algorithm, NULL);
       break;
      default:
       {
           /*
            * Assume password-based-encryption.  At least, try that.
            */
           SECAlgorithmID *pbe_algid;
           pbe_algid = PK11_CreatePBEAlgorithmID (algorithm, 1, NULL);
           if (pbe_algid == NULL) {
              rv = SECFailure;
           } else {
              rv = SECOID_CopyAlgorithmID (cinfo->poolp, algid, pbe_algid);
              SECOID_DestroyAlgorithmID (pbe_algid, PR_TRUE);
           }
       }
       break;
    }

    if (rv != SECSuccess) {
       SEC_PKCS7DestroyContentInfo (cinfo);
       return NULL;
    }

    rv = sec_pkcs7_init_encrypted_content_info (&(enc_data->encContentInfo),
                                          cinfo->poolp,
                                          SEC_OID_PKCS7_DATA, PR_FALSE,
                                          algorithm, keysize);
    if (rv != SECSuccess) {
       SEC_PKCS7DestroyContentInfo (cinfo);
       return NULL;
    }

    return cinfo;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SEC_PKCS7ContentInfo* SEC_PKCS7CreateEnvelopedData ( CERTCertificate *  cert,
SECCertUsage  certusage,
CERTCertDBHandle *  certdb,
SECOidTag  encalg,
int  keysize,
SECKEYGetPasswordKey  pwfn,
void pwfn_arg 
)

Definition at line 1174 of file p7create.c.

{
    SEC_PKCS7ContentInfo *cinfo;
    SEC_PKCS7EnvelopedData *envd;
    SECStatus rv;

    cinfo = sec_pkcs7_create_content_info (SEC_OID_PKCS7_ENVELOPED_DATA,
                                      PR_FALSE, pwfn, pwfn_arg);
    if (cinfo == NULL)
       return NULL;

    rv = sec_pkcs7_add_recipient (cinfo, cert, certusage, certdb);
    if (rv != SECSuccess) {
       SEC_PKCS7DestroyContentInfo (cinfo);
       return NULL;
    }

    envd = cinfo->content.envelopedData;
    PORT_Assert (envd != NULL);

    /*
     * XXX Might we want to allow content types other than data?
     * If so, via what interface?
     */
    rv = sec_pkcs7_init_encrypted_content_info (&(envd->encContentInfo),
                                          cinfo->poolp,
                                          SEC_OID_PKCS7_DATA, PR_FALSE,
                                          encalg, keysize);
    if (rv != SECSuccess) {
       SEC_PKCS7DestroyContentInfo (cinfo);
       return NULL;
    }

    /* XXX Anything more to do here? */

    return cinfo;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SEC_PKCS7ContentInfo* SEC_PKCS7CreateSignedData ( CERTCertificate *  cert,
SECCertUsage  certusage,
CERTCertDBHandle *  certdb,
SECOidTag  digestalg,
SECItem *  digest,
SECKEYGetPasswordKey  pwfn,
void pwfn_arg 
)

Definition at line 412 of file p7create.c.

{
    SEC_PKCS7ContentInfo *cinfo;
    SECStatus rv;

    cinfo = sec_pkcs7_create_signed_data (pwfn, pwfn_arg);
    if (cinfo == NULL)
       return NULL;

    rv = sec_pkcs7_add_signer (cinfo, cert, certusage, certdb,
                            digestalg, digest);
    if (rv != SECSuccess) {
       SEC_PKCS7DestroyContentInfo (cinfo);
       return NULL;
    }

    return cinfo;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SEC_PKCS7ContentInfo* SEC_PKCS7DecodeItem ( SECItem *  p7item,
SEC_PKCS7DecoderContentCallback  cb,
void cb_arg,
SECKEYGetPasswordKey  pwfn,
void pwfn_arg,
SEC_PKCS7GetDecryptKeyCallback  decrypt_key_cb,
void decrypt_key_cb_arg,
SEC_PKCS7DecryptionAllowedCallback  decrypt_allowed_cb 
)

Definition at line 1231 of file p7decode.c.

{
    SEC_PKCS7DecoderContext *p7dcx;

    p7dcx = SEC_PKCS7DecoderStart(cb, cb_arg, pwfn, pwfn_arg, decrypt_key_cb,
                              decrypt_key_cb_arg, decrypt_allowed_cb);
    (void) SEC_PKCS7DecoderUpdate(p7dcx, (char *) p7item->data, p7item->len);
    return SEC_PKCS7DecoderFinish(p7dcx);
}

Here is the call graph for this function:

Here is the caller graph for this function:

void SEC_PKCS7DecoderAbort ( SEC_PKCS7DecoderContext *  p7dcx,
int  error 
)

Definition at line 1250 of file p7decode.c.

{
    PORT_Assert(p7dcx);
    SEC_ASN1DecoderAbort(p7dcx->dcx, error);
}

Here is the call graph for this function:

Here is the caller graph for this function:

SEC_PKCS7ContentInfo* SEC_PKCS7DecoderFinish ( SEC_PKCS7DecoderContext *  p7dcx)

Definition at line 1209 of file p7decode.c.

{
    SEC_PKCS7ContentInfo *cinfo;

    cinfo = p7dcx->cinfo;
    if (p7dcx->dcx != NULL) {
       if (SEC_ASN1DecoderFinish (p7dcx->dcx) != SECSuccess) {
           SEC_PKCS7DestroyContentInfo (cinfo);
           cinfo = NULL;
       }
    }
    /* free any NSS data structures */
    if (p7dcx->worker.decryptobj) {
        sec_PKCS7DestroyDecryptObject (p7dcx->worker.decryptobj);
    }
    PORT_FreeArena (p7dcx->tmp_poolp, PR_FALSE);
    PORT_Free (p7dcx);
    return cinfo;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SEC_PKCS7DecoderContext* SEC_PKCS7DecoderStart ( SEC_PKCS7DecoderContentCallback  callback,
void callback_arg,
SECKEYGetPasswordKey  pwfn,
void pwfn_arg,
SEC_PKCS7GetDecryptKeyCallback  decrypt_key_cb,
void decrypt_key_cb_arg,
SEC_PKCS7DecryptionAllowedCallback  decrypt_allowed_cb 
)

Definition at line 1102 of file p7decode.c.

{
    SEC_PKCS7DecoderContext *p7dcx;
    SEC_ASN1DecoderContext *dcx;
    SEC_PKCS7ContentInfo *cinfo;
    PRArenaPool *poolp;

    poolp = PORT_NewArena (1024);         /* XXX what is right value? */
    if (poolp == NULL)
       return NULL;

    cinfo = (SEC_PKCS7ContentInfo*)PORT_ArenaZAlloc (poolp, sizeof(*cinfo));
    if (cinfo == NULL) {
       PORT_FreeArena (poolp, PR_FALSE);
       return NULL;
    }

    cinfo->poolp = poolp;
    cinfo->pwfn = pwfn;
    cinfo->pwfn_arg = pwfn_arg;
    cinfo->created = PR_FALSE;
    cinfo->refCount = 1;

    p7dcx = 
      (SEC_PKCS7DecoderContext*)PORT_ZAlloc (sizeof(SEC_PKCS7DecoderContext));
    if (p7dcx == NULL) {
       PORT_FreeArena (poolp, PR_FALSE);
       return NULL;
    }

    p7dcx->tmp_poolp = PORT_NewArena (1024);     /* XXX what is right value? */
    if (p7dcx->tmp_poolp == NULL) {
       PORT_Free (p7dcx);
       PORT_FreeArena (poolp, PR_FALSE);
       return NULL;
    }

    dcx = SEC_ASN1DecoderStart (poolp, cinfo, sec_PKCS7ContentInfoTemplate);
    if (dcx == NULL) {
       PORT_FreeArena (p7dcx->tmp_poolp, PR_FALSE);
       PORT_Free (p7dcx);
       PORT_FreeArena (poolp, PR_FALSE);
       return NULL;
    }

    SEC_ASN1DecoderSetNotifyProc (dcx, sec_pkcs7_decoder_notify, p7dcx);

    p7dcx->dcx = dcx;
    p7dcx->cinfo = cinfo;
    p7dcx->cb = cb;
    p7dcx->cb_arg = cb_arg;
    p7dcx->pwfn = pwfn;
    p7dcx->pwfn_arg = pwfn_arg;
    p7dcx->dkcb = decrypt_key_cb;
    p7dcx->dkcb_arg = decrypt_key_cb_arg;
    p7dcx->decrypt_allowed_cb = decrypt_allowed_cb;

    return p7dcx;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus SEC_PKCS7DecoderUpdate ( SEC_PKCS7DecoderContext *  p7dcx,
const char *  buf,
unsigned long  len 
)

Definition at line 1176 of file p7decode.c.

{
    if (p7dcx->cinfo != NULL && p7dcx->dcx != NULL) { 
       PORT_Assert (p7dcx->error == 0);
       if (p7dcx->error == 0) {
           if (SEC_ASN1DecoderUpdate (p7dcx->dcx, buf, len) != SECSuccess) {
              p7dcx->error = PORT_GetError();
              PORT_Assert (p7dcx->error);
              if (p7dcx->error == 0)
                  p7dcx->error = -1;
           }
       }
    }

    if (p7dcx->error) {
       if (p7dcx->dcx != NULL) {
           (void) SEC_ASN1DecoderFinish (p7dcx->dcx);
           p7dcx->dcx = NULL;
       }
       if (p7dcx->cinfo != NULL) {
           SEC_PKCS7DestroyContentInfo (p7dcx->cinfo);
           p7dcx->cinfo = NULL;
       }
       PORT_SetError (p7dcx->error);
       return SECFailure;
    }

    return SECSuccess;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus SEC_PKCS7DecryptContents ( PRArenaPool poolp,
SEC_PKCS7ContentInfo *  cinfo,
SECItem *  key,
void wincx 
)

Definition at line 609 of file p7common.c.

{
    SECAlgorithmID *algid = NULL;
    SECOidTag algtag;
    SECStatus rv = SECFailure;
    SECItem *result = NULL, *dest, *src;
    void *mark;

    PK11SymKey *eKey = NULL;
    PK11SlotInfo *slot = NULL;
    CK_MECHANISM pbeMech, cryptoMech;
    void *cx;
    SECItem c_param;
    int bs;

    if((cinfo == NULL) || (key == NULL))
       return SECFailure;

    if(SEC_PKCS7ContentType(cinfo) != SEC_OID_PKCS7_ENCRYPTED_DATA)
       return SECFailure;

    algid = SEC_PKCS7GetEncryptionAlgorithm(cinfo);     
    if(algid == NULL)
       return SECFailure;

    if(poolp == NULL)
       poolp = cinfo->poolp;

    mark = PORT_ArenaMark(poolp);
    
    src = &cinfo->content.encryptedData->encContentInfo.encContent;
    dest = &cinfo->content.encryptedData->encContentInfo.plainContent;
    algtag = SECOID_GetAlgorithmTag(algid);
    c_param.data = NULL;
    dest->data = (unsigned char*)PORT_ArenaZAlloc(poolp, (src->len + 64));
    dest->len = (src->len + 64);
    if(dest->data == NULL) {
       rv = SECFailure;
       goto loser;
    }

    slot = PK11_GetInternalKeySlot();
    if(slot == NULL) {
       rv = SECFailure;
       goto loser;
    }
    pbeMech.mechanism = PK11_AlgtagToMechanism(algtag);
    result = PK11_ParamFromAlgid(algid);
    if (result == NULL) {
       rv = SECFailure;
       goto loser;
    }
    pbeMech.pParameter = result->data;
    pbeMech.ulParameterLen = result->len;
    eKey = PK11_RawPBEKeyGen(slot,pbeMech.mechanism,result,key,PR_FALSE,wincx);
    if(eKey == NULL) {
       rv = SECFailure;
       goto loser;
    }

    if(PK11_MapPBEMechanismToCryptoMechanism(&pbeMech, &cryptoMech, key,
                     PR_FALSE) != CKR_OK) {
       rv = SECFailure;
       goto loser;
    }
    c_param.data = (unsigned char *)cryptoMech.pParameter;
    c_param.len = cryptoMech.ulParameterLen;

    cx = PK11_CreateContextBySymKey(cryptoMech.mechanism, CKA_DECRYPT,
                                eKey, &c_param);
    if(cx == NULL) {
       rv = SECFailure;
       goto loser;
    }

    rv = PK11_CipherOp((PK11Context*)cx, dest->data, (int *)(&dest->len), 
                     (int)(src->len + 64), src->data, (int)src->len);
    PK11_DestroyContext((PK11Context *)cx, PR_TRUE);

    bs = PK11_GetBlockSize(cryptoMech.mechanism, &c_param);
    if(bs) {
       /* check for proper badding in block algorithms.  this assumes
        * RC2 cbc or a DES cbc variant.  and the padding is thus defined
        */
       if(((int)dest->data[dest->len-1] <= bs) && 
          ((int)dest->data[dest->len-1] > 0)) {
           dest->len -= (int)dest->data[dest->len-1];
       } else {
           rv = SECFailure;
           /* set an error ? */
       }
    } 

loser:
    /* let success fall through */
    if(result != NULL)
       SECITEM_ZfreeItem(result, PR_TRUE);

    if(rv == SECFailure)
       PORT_ArenaRelease(poolp, mark);
    else
       PORT_ArenaUnmark(poolp, mark);

    if(eKey != NULL)
       PK11_FreeSymKey(eKey);

    if(slot != NULL)
       PK11_FreeSlot(slot);

    if(c_param.data != NULL) 
       SECITEM_ZfreeItem(&c_param, PR_FALSE);
       
    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

void SEC_PKCS7DestroyContentInfo ( SEC_PKCS7ContentInfo *  contentInfo)

Definition at line 72 of file p7common.c.

{
    SECOidTag kind;
    CERTCertificate **certs;
    CERTCertificateList **certlists;
    SEC_PKCS7SignerInfo **signerinfos;
    SEC_PKCS7RecipientInfo **recipientinfos;

    PORT_Assert (cinfo->refCount > 0);
    if (cinfo->refCount <= 0)
       return;

    cinfo->refCount--;
    if (cinfo->refCount > 0)
       return;

    certs = NULL;
    certlists = NULL;
    recipientinfos = NULL;
    signerinfos = NULL;

    kind = SEC_PKCS7ContentType (cinfo);
    switch (kind) {
      case SEC_OID_PKCS7_ENVELOPED_DATA:
       {
           SEC_PKCS7EnvelopedData *edp;

           edp = cinfo->content.envelopedData;
           if (edp != NULL) {
              recipientinfos = edp->recipientInfos;
           }
       }
       break;
      case SEC_OID_PKCS7_SIGNED_DATA:
       {
           SEC_PKCS7SignedData *sdp;

           sdp = cinfo->content.signedData;
           if (sdp != NULL) {
              certs = sdp->certs;
              certlists = sdp->certLists;
              signerinfos = sdp->signerInfos;
           }
       }
       break;
      case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA:
       {
           SEC_PKCS7SignedAndEnvelopedData *saedp;

           saedp = cinfo->content.signedAndEnvelopedData;
           if (saedp != NULL) {
              certs = saedp->certs;
              certlists = saedp->certLists;
              recipientinfos = saedp->recipientInfos;
              signerinfos = saedp->signerInfos;
              if (saedp->sigKey != NULL)
                  PK11_FreeSymKey (saedp->sigKey);
           }
       }
       break;
      default:
       /* XXX Anything else that needs to be "manually" freed/destroyed? */
       break;
    }

    if (certs != NULL) {
       CERTCertificate *cert;

       while ((cert = *certs++) != NULL) {
           CERT_DestroyCertificate (cert);
       }
    }

    if (certlists != NULL) {
       CERTCertificateList *certlist;

       while ((certlist = *certlists++) != NULL) {
           CERT_DestroyCertificateList (certlist);
       }
    }

    if (recipientinfos != NULL) {
       SEC_PKCS7RecipientInfo *ri;

       while ((ri = *recipientinfos++) != NULL) {
           if (ri->cert != NULL)
              CERT_DestroyCertificate (ri->cert);
       }
    }

    if (signerinfos != NULL) {
       SEC_PKCS7SignerInfo *si;

       while ((si = *signerinfos++) != NULL) {
           if (si->cert != NULL)
              CERT_DestroyCertificate (si->cert);
           if (si->certList != NULL)
              CERT_DestroyCertificateList (si->certList);
       }
    }

    if (cinfo->poolp != NULL) {
       PORT_FreeArena (cinfo->poolp, PR_FALSE);  /* XXX clear it? */
    }
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus SEC_PKCS7Encode ( SEC_PKCS7ContentInfo *  cinfo,
SEC_PKCS7EncoderOutputCallback  outputfn,
void outputarg,
PK11SymKey *  bulkkey,
SECKEYGetPasswordKey  pwfn,
void pwfnarg 
)

Definition at line 1275 of file p7encode.c.

{
    SECStatus rv;

    rv = SEC_PKCS7PrepareForEncode (cinfo, bulkkey, pwfn, pwfnarg);
    if (rv == SECSuccess) {
       struct sec_pkcs7_encoder_output outputcx;

       outputcx.outputfn = outputfn;
       outputcx.outputarg = outputarg;

       rv = SEC_ASN1Encode (cinfo, sec_PKCS7ContentInfoTemplate,
                          sec_pkcs7_encoder_out, &outputcx);
    }

    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECItem* SEC_PKCS7EncodeItem ( PRArenaPool pool,
SECItem *  dest,
SEC_PKCS7ContentInfo *  cinfo,
PK11SymKey *  bulkkey,
SECKEYGetPasswordKey  pwfn,
void pwfnarg 
)

Definition at line 1327 of file p7encode.c.

{
    SECStatus rv;

    rv = SEC_PKCS7PrepareForEncode (cinfo, bulkkey, pwfn, pwfnarg);
    if (rv != SECSuccess)
       return NULL;

    return SEC_ASN1EncodeItem (pool, dest, cinfo, sec_PKCS7ContentInfoTemplate);
}

Here is the call graph for this function:

Here is the caller graph for this function:

void SEC_PKCS7EncoderAbort ( SEC_PKCS7EncoderContext *  p7dcx,
int  error 
)

Definition at line 1183 of file p7encode.c.

{
    PORT_Assert(p7ecx);
    SEC_ASN1EncoderAbort(p7ecx->ecx, error);
}

Here is the call graph for this function:

SECStatus SEC_PKCS7EncoderFinish ( SEC_PKCS7EncoderContext *  p7ecx,
SECKEYGetPasswordKey  pwfn,
void pwfnarg 
)

Definition at line 1148 of file p7encode.c.

{
    SECStatus rv;

    /*
     * Flush out any remaining data.
     */
    rv = sec_pkcs7_encoder_work_data (p7ecx, NULL, NULL, 0, PR_TRUE);

    /*
     * Turn off streaming stuff.
     */
    SEC_ASN1EncoderClearTakeFromBuf (p7ecx->ecx);
    SEC_ASN1EncoderClearStreaming (p7ecx->ecx);

    if (rv != SECSuccess)
       goto loser;

    rv = sec_pkcs7_encoder_sig_and_certs (p7ecx->cinfo, pwfn, pwfnarg);
    if (rv != SECSuccess)
       goto loser;

    rv = SEC_ASN1EncoderUpdate (p7ecx->ecx, NULL, 0);

loser:
    SEC_ASN1EncoderFinish (p7ecx->ecx);
    PORT_Free (p7ecx);
    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SEC_PKCS7EncoderContext* SEC_PKCS7EncoderStart ( SEC_PKCS7ContentInfo *  cinfo,
SEC_PKCS7EncoderOutputCallback  outputfn,
void outputarg,
PK11SymKey *  bulkkey 
)

Definition at line 620 of file p7encode.c.

{
    SEC_PKCS7EncoderContext *p7ecx;
    SECStatus rv;

    p7ecx = sec_pkcs7_encoder_start_contexts (cinfo, bulkkey);
    if (p7ecx == NULL)
       return NULL;

    p7ecx->output.outputfn = outputfn;
    p7ecx->output.outputarg = outputarg;

    /*
     * Initialize the BER encoder.
     */
    p7ecx->ecx = SEC_ASN1EncoderStart (cinfo, sec_PKCS7ContentInfoTemplate,
                                   sec_pkcs7_encoder_out, &(p7ecx->output));
    if (p7ecx->ecx == NULL) {
       PORT_Free (p7ecx);
       return NULL;
    }

    /*
     * Indicate that we are streaming.  We will be streaming until we
     * get past the contents bytes.
     */
    SEC_ASN1EncoderSetStreaming (p7ecx->ecx);

    /*
     * The notify function will watch for the contents field.
     */
    SEC_ASN1EncoderSetNotifyProc (p7ecx->ecx, sec_pkcs7_encoder_notify, p7ecx);

    /*
     * This will encode everything up to the content bytes.  (The notify
     * function will then cause the encoding to stop there.)  Then our
     * caller can start passing contents bytes to our Update, which we
     * will pass along.
     */
    rv = SEC_ASN1EncoderUpdate (p7ecx->ecx, NULL, 0);
    if (rv != SECSuccess) {
       PORT_Free (p7ecx);
       return NULL;
    }

    return p7ecx;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus SEC_PKCS7EncoderUpdate ( SEC_PKCS7EncoderContext *  p7ecx,
const char *  buf,
unsigned long  len 
)

Definition at line 829 of file p7encode.c.

{
    /* XXX Error handling needs help.  Return what?  Do "Finish" on failure? */
    return sec_pkcs7_encoder_work_data (p7ecx, NULL,
                                   (const unsigned char *)data, len,
                                   PR_FALSE);
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus SEC_PKCS7EncryptContents ( PRArenaPool poolp,
SEC_PKCS7ContentInfo *  cinfo,
SECItem *  key,
void wincx 
)

Definition at line 438 of file p7common.c.

{
    SECAlgorithmID *algid   = NULL;
    SECItem *       result  = NULL;
    SECItem *       src;
    SECItem *       dest;
    SECItem *       blocked_data = NULL;
    void *          mark;
    void *          cx;
    PK11SymKey *    eKey    = NULL;
    PK11SlotInfo *  slot    = NULL;

    CK_MECHANISM    pbeMech;
    CK_MECHANISM    cryptoMech;
    int             bs;
    SECOidTag       algtag;
    SECStatus       rv             = SECFailure;
    SECItem         c_param;

    if((cinfo == NULL) || (key == NULL))
       return SECFailure;

    if(SEC_PKCS7ContentType(cinfo) != SEC_OID_PKCS7_ENCRYPTED_DATA)
       return SECFailure;

    algid = SEC_PKCS7GetEncryptionAlgorithm(cinfo);     
    if(algid == NULL)
       return SECFailure;

    if(poolp == NULL)
       poolp = cinfo->poolp;

    mark = PORT_ArenaMark(poolp);
    
    src = &cinfo->content.encryptedData->encContentInfo.plainContent;
    dest = &cinfo->content.encryptedData->encContentInfo.encContent;
    algtag = SECOID_GetAlgorithmTag(algid);
    c_param.data = NULL;
    dest->data = (unsigned char*)PORT_ArenaZAlloc(poolp, (src->len + 64));
    dest->len = (src->len + 64);
    if(dest->data == NULL) {
       rv = SECFailure;
       goto loser;
    }

    slot = PK11_GetInternalKeySlot();
    if(slot == NULL) {
       rv = SECFailure;
       goto loser;
    }
    pbeMech.mechanism = PK11_AlgtagToMechanism(algtag);
    result = PK11_ParamFromAlgid(algid);
    if (result == NULL) {
       rv = SECFailure;
       goto loser;
    }
    pbeMech.pParameter = result->data;
    pbeMech.ulParameterLen = result->len;

    eKey = PK11_RawPBEKeyGen(slot, pbeMech.mechanism, result, key, PR_FALSE,
                                                         wincx);
    if(eKey == NULL) {
       rv = SECFailure;
       goto loser;
    }

    if(PK11_MapPBEMechanismToCryptoMechanism(&pbeMech, &cryptoMech, key, 
                     PR_FALSE) != CKR_OK) {
       rv = SECFailure;
       goto loser;
    }
    c_param.data = (unsigned char *)cryptoMech.pParameter;
    c_param.len = cryptoMech.ulParameterLen;

    /* block according to PKCS 8 */
    bs = PK11_GetBlockSize(cryptoMech.mechanism, &c_param);
    rv = SECSuccess;
    if(bs) {
       char pad_char;
       pad_char = (char)(bs - (src->len % bs));
       if(src->len % bs) {
           rv = SECSuccess;
           blocked_data = PK11_BlockData(src, bs);
           if(blocked_data) {
              PORT_Memset((blocked_data->data + blocked_data->len - (int)pad_char), 
                         pad_char, (int)pad_char);
           } else {
              rv = SECFailure;
              goto loser;
           }
       } else {
           blocked_data = SECITEM_DupItem(src);
           if(blocked_data) {
              blocked_data->data = (unsigned char*)PORT_Realloc(
                                            blocked_data->data,
                                            blocked_data->len + bs);
              if(blocked_data->data) {
                  blocked_data->len += bs;
                  PORT_Memset((blocked_data->data + src->len), (char)bs, bs);
              } else {
                  rv = SECFailure;
                  goto loser;
              }
           } else {
              rv = SECFailure;
              goto loser;
           }
        }
    } else {
       blocked_data = SECITEM_DupItem(src);
       if(!blocked_data) {
           rv = SECFailure;
           goto loser;
       }
    }

    cx = PK11_CreateContextBySymKey(cryptoMech.mechanism, CKA_ENCRYPT,
                                eKey, &c_param);
    if(cx == NULL) {
       rv = SECFailure;
       goto loser;
    }

    rv = PK11_CipherOp((PK11Context*)cx, dest->data, (int *)(&dest->len), 
                     (int)(src->len + 64), blocked_data->data, 
                     (int)blocked_data->len);
    PK11_DestroyContext((PK11Context*)cx, PR_TRUE);

loser:
    /* let success fall through */
    if(blocked_data != NULL)
       SECITEM_ZfreeItem(blocked_data, PR_TRUE);

    if(result != NULL)
       SECITEM_ZfreeItem(result, PR_TRUE);

    if(rv == SECFailure)
       PORT_ArenaRelease(poolp, mark);
    else 
       PORT_ArenaUnmark(poolp, mark);

    if(eKey != NULL)
       PK11_FreeSymKey(eKey);

    if(slot != NULL)
       PK11_FreeSlot(slot);

    if(c_param.data != NULL) 
       SECITEM_ZfreeItem(&c_param, PR_FALSE);
       
    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECItem** SEC_PKCS7GetCertificateList ( SEC_PKCS7ContentInfo *  cinfo)

Definition at line 728 of file p7common.c.

{
    switch(SEC_PKCS7ContentType(cinfo))
    {
       case SEC_OID_PKCS7_SIGNED_DATA:
           return cinfo->content.signedData->rawCerts;
           break;
       default:
           return NULL;
           break;
    }
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECItem* SEC_PKCS7GetContent ( SEC_PKCS7ContentInfo *  cinfo)

Definition at line 218 of file p7common.c.

{
    SECOidTag kind;

    kind = SEC_PKCS7ContentType (cinfo);
    switch (kind) {
      case SEC_OID_PKCS7_DATA:
       return cinfo->content.data;
      case SEC_OID_PKCS7_DIGESTED_DATA:
       {
           SEC_PKCS7DigestedData *digd;

           digd = cinfo->content.digestedData;
           if (digd == NULL)
              break;
           return SEC_PKCS7GetContent (&(digd->contentInfo));
       }
      case SEC_OID_PKCS7_ENCRYPTED_DATA:
       {
           SEC_PKCS7EncryptedData *encd;

           encd = cinfo->content.encryptedData;
           if (encd == NULL)
              break;
           return &(encd->encContentInfo.plainContent);
       }
      case SEC_OID_PKCS7_ENVELOPED_DATA:
       {
           SEC_PKCS7EnvelopedData *envd;

           envd = cinfo->content.envelopedData;
           if (envd == NULL)
              break;
           return &(envd->encContentInfo.plainContent);
       }
      case SEC_OID_PKCS7_SIGNED_DATA:
       {
           SEC_PKCS7SignedData *sigd;

           sigd = cinfo->content.signedData;
           if (sigd == NULL)
              break;
           return SEC_PKCS7GetContent (&(sigd->contentInfo));
       }
      case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA:
       {
           SEC_PKCS7SignedAndEnvelopedData *saed;

           saed = cinfo->content.signedAndEnvelopedData;
           if (saed == NULL)
              break;
           return &(saed->encContentInfo.plainContent);
       }
      default:
       PORT_Assert(0);
       break;
    }

    return NULL;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECAlgorithmID* SEC_PKCS7GetEncryptionAlgorithm ( SEC_PKCS7ContentInfo *  cinfo)

Definition at line 298 of file p7common.c.

{
  SECAlgorithmID *alg = 0;
  switch (SEC_PKCS7ContentType(cinfo))
    {
    case SEC_OID_PKCS7_ENCRYPTED_DATA:
      alg = &cinfo->content.encryptedData->encContentInfo.contentEncAlg;
      break;
    case SEC_OID_PKCS7_ENVELOPED_DATA:
      alg = &cinfo->content.envelopedData->encContentInfo.contentEncAlg;
      break;
    case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA:
      alg = &cinfo->content.signedAndEnvelopedData
       ->encContentInfo.contentEncAlg;
      break;
    default:
      alg = 0;
      break;
    }

    return alg;
}

Here is the call graph for this function:

Here is the caller graph for this function:

int SEC_PKCS7GetKeyLength ( SEC_PKCS7ContentInfo *  cinfo)

Definition at line 743 of file p7common.c.

{
  if (cinfo->contentTypeTag->offset == SEC_OID_PKCS7_ENVELOPED_DATA)
    return cinfo->content.envelopedData->encContentInfo.keysize;
  else
    return 0;
}
char* SEC_PKCS7GetSignerCommonName ( SEC_PKCS7ContentInfo *  cinfo)

Definition at line 2029 of file p7decode.c.

Here is the call graph for this function:

Here is the caller graph for this function:

char* SEC_PKCS7GetSignerEmailAddress ( SEC_PKCS7ContentInfo *  cinfo)

Definition at line 2035 of file p7decode.c.

Here is the call graph for this function:

Here is the caller graph for this function:

SECItem* SEC_PKCS7GetSigningTime ( SEC_PKCS7ContentInfo *  cinfo)

Definition at line 2045 of file p7decode.c.

{
    SEC_PKCS7SignerInfo **signerinfos;
    SEC_PKCS7Attribute *attr;

    if (SEC_PKCS7ContentType (cinfo) != SEC_OID_PKCS7_SIGNED_DATA)
       return NULL;

    signerinfos = cinfo->content.signedData->signerInfos;

    /*
     * No signature, or more than one, means no deal.
     */
    if (signerinfos == NULL || signerinfos[0] == NULL || signerinfos[1] != NULL)
       return NULL;

    attr = sec_PKCS7FindAttribute (signerinfos[0]->authAttr,
                               SEC_OID_PKCS9_SIGNING_TIME, PR_TRUE);
    return sec_PKCS7AttributeValue (attr);
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus SEC_PKCS7IncludeCertChain ( SEC_PKCS7ContentInfo *  cinfo,
CERTCertDBHandle *  certdb 
)

Definition at line 713 of file p7create.c.

{
    SECOidTag kind;
    SEC_PKCS7SignerInfo *signerinfo, **signerinfos;

    kind = SEC_PKCS7ContentType (cinfo);
    switch (kind) {
      case SEC_OID_PKCS7_SIGNED_DATA:
       signerinfos = cinfo->content.signedData->signerInfos;
       break;
      case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA:
       signerinfos = cinfo->content.signedAndEnvelopedData->signerInfos;
       break;
      default:
       return SECFailure;          /* XXX set an error? */
    }

    if (signerinfos == NULL)              /* no signer, no certs? */
       return SECFailure;          /* XXX set an error? */

    if (certdb == NULL) {
       certdb = CERT_GetDefaultCertDB();
       if (certdb == NULL) {
           PORT_SetError (SEC_ERROR_BAD_DATABASE);
           return SECFailure;
       }
    }

    /* XXX Should it be an error if we find no signerinfo or no certs? */
    while ((signerinfo = *signerinfos++) != NULL) {
       if (signerinfo->cert != NULL)
           /* get the cert chain.  don't send the root to avoid contamination
            * of old clients with a new root that they don't trust
            */
           signerinfo->certList = CERT_CertChainFromCert (signerinfo->cert,
                                                    certUsageEmailSigner,
                                                    PR_FALSE);
    }

    return SECSuccess;
}

Here is the call graph for this function:

Here is the caller graph for this function:

PRBool SEC_PKCS7IsContentEmpty ( SEC_PKCS7ContentInfo *  cinfo,
unsigned int  minLen 
)

Definition at line 1300 of file p7decode.c.

{
    SECItem *item = NULL;

    if(cinfo == NULL) {
       return PR_TRUE;
    }

    switch(SEC_PKCS7ContentType(cinfo)) 
    {
       case SEC_OID_PKCS7_DATA:
           item = cinfo->content.data;
           break;
       case SEC_OID_PKCS7_ENCRYPTED_DATA:
           item = &cinfo->content.encryptedData->encContentInfo.encContent;
           break;
       default:
           /* add other types */
           return PR_FALSE;
    }

    if(!item) {
       return PR_TRUE;
    } else if(item->len <= minLen) {
       return PR_TRUE;
    }

    return PR_FALSE;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus SEC_PKCS7PrepareForEncode ( SEC_PKCS7ContentInfo *  cinfo,
PK11SymKey *  bulkkey,
SECKEYGetPasswordKey  pwfn,
void pwfnarg 
)

Definition at line 1196 of file p7encode.c.

{
    SEC_PKCS7EncoderContext *p7ecx;
    SECItem *content, *enc_content;
    SECStatus rv;

    p7ecx = sec_pkcs7_encoder_start_contexts (cinfo, bulkkey);
    if (p7ecx == NULL)
       return SECFailure;

    content = SEC_PKCS7GetContent (cinfo);

    if (p7ecx->encryptobj != NULL) {
       SECOidTag kind;
       SEC_PKCS7EncryptedContentInfo *enccinfo;

       kind = SEC_PKCS7ContentType (p7ecx->cinfo);
       switch (kind) {
         default:
           PORT_Assert (0);
           rv = SECFailure;
           goto loser;
         case SEC_OID_PKCS7_ENCRYPTED_DATA:
           enccinfo = &(p7ecx->cinfo->content.encryptedData->encContentInfo);
           break;
         case SEC_OID_PKCS7_ENVELOPED_DATA:
           enccinfo = &(p7ecx->cinfo->content.envelopedData->encContentInfo);
           break;
         case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA:
           enccinfo = &(p7ecx->cinfo->content.signedAndEnvelopedData->encContentInfo);
           break;
       }
       enc_content = &(enccinfo->encContent);
    } else {
       enc_content = NULL;
    }

    if (content != NULL && content->data != NULL && content->len) {
       rv = sec_pkcs7_encoder_work_data (p7ecx, enc_content,
                                     content->data, content->len, PR_TRUE);
       if (rv != SECSuccess)
           goto loser;
    }

    rv = sec_pkcs7_encoder_sig_and_certs (cinfo, pwfn, pwfnarg);

loser:
    PORT_Free (p7ecx);
    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus SEC_PKCS7SetContent ( SEC_PKCS7ContentInfo *  cinfo,
const char *  buf,
unsigned long  len 
)

Definition at line 335 of file p7common.c.

{
    SECOidTag cinfo_type;
    SECStatus rv;
    SECItem content;
    SECOidData *contentTypeTag = NULL;

    content.data = (unsigned char *)buf;
    content.len = len;

    cinfo_type = SEC_PKCS7ContentType(cinfo);

    /* set inner content */
    switch(cinfo_type)
    {
       case SEC_OID_PKCS7_SIGNED_DATA:
           if(content.len > 0) {
              /* we "leak" the old content here, but as it's all in the pool */
              /* it does not really matter */

              /* create content item if necessary */
              if (cinfo->content.signedData->contentInfo.content.data == NULL)
                  cinfo->content.signedData->contentInfo.content.data = SECITEM_AllocItem(cinfo->poolp, NULL, 0);
              rv = SECITEM_CopyItem(cinfo->poolp, 
                     cinfo->content.signedData->contentInfo.content.data,
                     &content);
           } else {
              cinfo->content.signedData->contentInfo.content.data->data = NULL;
              cinfo->content.signedData->contentInfo.content.data->len = 0;
              rv = SECSuccess;
           }
           if(rv == SECFailure)
              goto loser;
           
           break;
       case SEC_OID_PKCS7_ENCRYPTED_DATA:
           /* XXX this forces the inner content type to be "data" */
           /* do we really want to override without asking or reason? */
           contentTypeTag = SECOID_FindOIDByTag(SEC_OID_PKCS7_DATA);
           if(contentTypeTag == NULL)
              goto loser;
           rv = SECITEM_CopyItem(cinfo->poolp, 
              &(cinfo->content.encryptedData->encContentInfo.contentType),
              &(contentTypeTag->oid));
           if(rv == SECFailure)
              goto loser;
           if(content.len > 0) {
              rv = SECITEM_CopyItem(cinfo->poolp, 
                     &(cinfo->content.encryptedData->encContentInfo.plainContent),
                     &content);
           } else {
              cinfo->content.encryptedData->encContentInfo.plainContent.data = NULL;
              cinfo->content.encryptedData->encContentInfo.encContent.data = NULL;
              cinfo->content.encryptedData->encContentInfo.plainContent.len = 0;
              cinfo->content.encryptedData->encContentInfo.encContent.len = 0;
              rv = SECSuccess;
           }
           if(rv == SECFailure)
              goto loser;
           break;
       case SEC_OID_PKCS7_DATA:
           cinfo->content.data = (SECItem *)PORT_ArenaZAlloc(cinfo->poolp,
              sizeof(SECItem));
           if(cinfo->content.data == NULL)
              goto loser;
           if(content.len > 0) {
              rv = SECITEM_CopyItem(cinfo->poolp,
                     cinfo->content.data, &content);
           } else {
              /* handle case with NULL content */
              rv = SECSuccess;
           }
           if(rv == SECFailure)
              goto loser;
           break;
       default:
           goto loser;
    }

    return SECSuccess;

loser:
       
    return SECFailure;
}

Here is the call graph for this function:

Here is the caller graph for this function:

PRBool SEC_PKCS7VerifyDetachedSignature ( SEC_PKCS7ContentInfo *  cinfo,
SECCertUsage  certusage,
SECItem *  detached_digest,
HASH_HashType  digest_type,
PRBool  keepcerts 
)

Definition at line 1929 of file p7decode.c.

{
    return sec_pkcs7_verify_signature (cinfo, certusage,
                                   detached_digest, digest_type,
                                   keepcerts);
}

Here is the call graph for this function:

Here is the caller graph for this function:

PRBool SEC_PKCS7VerifySignature ( SEC_PKCS7ContentInfo *  cinfo,
SECCertUsage  certusage,
PRBool  keepcerts 
)

Definition at line 1910 of file p7decode.c.

{
    return sec_pkcs7_verify_signature (cinfo, certusage,
                                   NULL, HASH_AlgNULL, keepcerts);
}

Here is the call graph for this function:

Here is the caller graph for this function:


Variable Documentation

Definition at line 1169 of file p7local.c.