Back to index

lightning-sunbird  0.9+nobinonly
cms.h
Go to the documentation of this file.
00001 /* ***** BEGIN LICENSE BLOCK *****
00002  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
00003  *
00004  * The contents of this file are subject to the Mozilla Public License Version
00005  * 1.1 (the "License"); you may not use this file except in compliance with
00006  * the License. You may obtain a copy of the License at
00007  * http://www.mozilla.org/MPL/
00008  *
00009  * Software distributed under the License is distributed on an "AS IS" basis,
00010  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
00011  * for the specific language governing rights and limitations under the
00012  * License.
00013  *
00014  * The Original Code is the Netscape security libraries.
00015  *
00016  * The Initial Developer of the Original Code is
00017  * Netscape Communications Corporation.
00018  * Portions created by the Initial Developer are Copyright (C) 1994-2000
00019  * the Initial Developer. All Rights Reserved.
00020  *
00021  * Contributor(s):
00022  *
00023  * Alternatively, the contents of this file may be used under the terms of
00024  * either the GNU General Public License Version 2 or later (the "GPL"), or
00025  * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
00026  * in which case the provisions of the GPL or the LGPL are applicable instead
00027  * of those above. If you wish to allow use of your version of this file only
00028  * under the terms of either the GPL or the LGPL, and not to allow others to
00029  * use your version of this file under the terms of the MPL, indicate your
00030  * decision by deleting the provisions above and replace them with the notice
00031  * and other provisions required by the GPL or the LGPL. If you do not delete
00032  * the provisions above, a recipient may use your version of this file under
00033  * the terms of any one of the MPL, the GPL or the LGPL.
00034  *
00035  * ***** END LICENSE BLOCK ***** */
00036 
00037 /*
00038  * Interfaces of the CMS implementation.
00039  *
00040  * $Id: cms.h,v 1.20 2004/04/25 15:03:15 gerv%gerv.net Exp $
00041  */
00042 
00043 #ifndef _CMS_H_
00044 #define _CMS_H_
00045 
00046 #include "seccomon.h"
00047 
00048 #include "secoidt.h"
00049 #include "certt.h"
00050 #include "keyt.h"
00051 #include "hasht.h"
00052 #include "cmst.h"
00053 
00054 /************************************************************************/
00055 SEC_BEGIN_PROTOS
00056 
00057 /************************************************************************
00058  * cmsdecode.c - CMS decoding
00059  ************************************************************************/
00060 
00061 /*
00062  * NSS_CMSDecoder_Start - set up decoding of a DER-encoded CMS message
00063  *
00064  * "poolp" - pointer to arena for message, or NULL if new pool should be created
00065  * "cb", "cb_arg" - callback function and argument for delivery of inner content
00066  *                  inner content will be stored in the message if cb is NULL.
00067  * "pwfn", pwfn_arg" - callback function for getting token password
00068  * "decrypt_key_cb", "decrypt_key_cb_arg" - callback function for getting bulk key for encryptedData
00069  */
00070 extern NSSCMSDecoderContext *
00071 NSS_CMSDecoder_Start(PRArenaPool *poolp,
00072                     NSSCMSContentCallback cb, void *cb_arg,
00073                     PK11PasswordFunc pwfn, void *pwfn_arg,
00074                     NSSCMSGetDecryptKeyCallback decrypt_key_cb, void *decrypt_key_cb_arg);
00075 
00076 /*
00077  * NSS_CMSDecoder_Update - feed DER-encoded data to decoder
00078  */
00079 extern SECStatus
00080 NSS_CMSDecoder_Update(NSSCMSDecoderContext *p7dcx, const char *buf, unsigned long len);
00081 
00082 /*
00083  * NSS_CMSDecoder_Cancel - cancel a decoding process
00084  */
00085 extern void
00086 NSS_CMSDecoder_Cancel(NSSCMSDecoderContext *p7dcx);
00087 
00088 /*
00089  * NSS_CMSDecoder_Finish - mark the end of inner content and finish decoding
00090  */
00091 extern NSSCMSMessage *
00092 NSS_CMSDecoder_Finish(NSSCMSDecoderContext *p7dcx);
00093 
00094 /*
00095  * NSS_CMSMessage_CreateFromDER - decode a CMS message from DER encoded data
00096  */
00097 extern NSSCMSMessage *
00098 NSS_CMSMessage_CreateFromDER(SECItem *DERmessage,
00099                   NSSCMSContentCallback cb, void *cb_arg,
00100                   PK11PasswordFunc pwfn, void *pwfn_arg,
00101                   NSSCMSGetDecryptKeyCallback decrypt_key_cb, void *decrypt_key_cb_arg);
00102 
00103 /************************************************************************
00104  * cmsencode.c - CMS encoding
00105  ************************************************************************/
00106 
00107 /*
00108  * NSS_CMSEncoder_Start - set up encoding of a CMS message
00109  *
00110  * "cmsg" - message to encode
00111  * "outputfn", "outputarg" - callback function for delivery of DER-encoded output
00112  *                           will not be called if NULL.
00113  * "dest" - if non-NULL, pointer to SECItem that will hold the DER-encoded output
00114  * "destpoolp" - pool to allocate DER-encoded output in
00115  * "pwfn", pwfn_arg" - callback function for getting token password
00116  * "decrypt_key_cb", "decrypt_key_cb_arg" - callback function for getting bulk key for encryptedData
00117  * "detached_digestalgs", "detached_digests" - digests from detached content
00118  */
00119 extern NSSCMSEncoderContext *
00120 NSS_CMSEncoder_Start(NSSCMSMessage *cmsg,
00121                      NSSCMSContentCallback outputfn, void *outputarg,
00122                      SECItem *dest, PLArenaPool *destpoolp,
00123                      PK11PasswordFunc pwfn, void *pwfn_arg,
00124                      NSSCMSGetDecryptKeyCallback decrypt_key_cb, void *decrypt_key_cb_arg,
00125                      SECAlgorithmID **detached_digestalgs, SECItem **detached_digests);
00126 
00127 /*
00128  * NSS_CMSEncoder_Update - take content data delivery from the user
00129  *
00130  * "p7ecx" - encoder context
00131  * "data" - content data
00132  * "len" - length of content data
00133  */
00134 extern SECStatus
00135 NSS_CMSEncoder_Update(NSSCMSEncoderContext *p7ecx, const char *data, unsigned long len);
00136 
00137 /*
00138  * NSS_CMSEncoder_Cancel - stop all encoding
00139  */
00140 extern SECStatus
00141 NSS_CMSEncoder_Cancel(NSSCMSEncoderContext *p7ecx);
00142 
00143 /*
00144  * NSS_CMSEncoder_Finish - signal the end of data
00145  *
00146  * we need to walk down the chain of encoders and the finish them from the innermost out
00147  */
00148 extern SECStatus
00149 NSS_CMSEncoder_Finish(NSSCMSEncoderContext *p7ecx);
00150 
00151 /************************************************************************
00152  * cmsmessage.c - CMS message object
00153  ************************************************************************/
00154 
00155 /*
00156  * NSS_CMSMessage_Create - create a CMS message object
00157  *
00158  * "poolp" - arena to allocate memory from, or NULL if new arena should be created
00159  */
00160 extern NSSCMSMessage *
00161 NSS_CMSMessage_Create(PLArenaPool *poolp);
00162 
00163 /*
00164  * NSS_CMSMessage_SetEncodingParams - set up a CMS message object for encoding or decoding
00165  *
00166  * "cmsg" - message object
00167  * "pwfn", pwfn_arg" - callback function for getting token password
00168  * "decrypt_key_cb", "decrypt_key_cb_arg" - callback function for getting bulk key for encryptedData
00169  * "detached_digestalgs", "detached_digests" - digests from detached content
00170  *
00171  * used internally.
00172  */
00173 extern void
00174 NSS_CMSMessage_SetEncodingParams(NSSCMSMessage *cmsg,
00175                      PK11PasswordFunc pwfn, void *pwfn_arg,
00176                      NSSCMSGetDecryptKeyCallback decrypt_key_cb, void *decrypt_key_cb_arg,
00177                      SECAlgorithmID **detached_digestalgs, SECItem **detached_digests);
00178 
00179 /*
00180  * NSS_CMSMessage_Destroy - destroy a CMS message and all of its sub-pieces.
00181  */
00182 extern void
00183 NSS_CMSMessage_Destroy(NSSCMSMessage *cmsg);
00184 
00185 /*
00186  * NSS_CMSMessage_Copy - return a copy of the given message. 
00187  *
00188  * The copy may be virtual or may be real -- either way, the result needs
00189  * to be passed to NSS_CMSMessage_Destroy later (as does the original).
00190  */
00191 extern NSSCMSMessage *
00192 NSS_CMSMessage_Copy(NSSCMSMessage *cmsg);
00193 
00194 /*
00195  * NSS_CMSMessage_GetArena - return a pointer to the message's arena pool
00196  */
00197 extern PLArenaPool *
00198 NSS_CMSMessage_GetArena(NSSCMSMessage *cmsg);
00199 
00200 /*
00201  * NSS_CMSMessage_GetContentInfo - return a pointer to the top level contentInfo
00202  */
00203 extern NSSCMSContentInfo *
00204 NSS_CMSMessage_GetContentInfo(NSSCMSMessage *cmsg);
00205 
00206 /*
00207  * Return a pointer to the actual content. 
00208  * In the case of those types which are encrypted, this returns the *plain* content.
00209  * In case of nested contentInfos, this descends and retrieves the innermost content.
00210  */
00211 extern SECItem *
00212 NSS_CMSMessage_GetContent(NSSCMSMessage *cmsg);
00213 
00214 /*
00215  * NSS_CMSMessage_ContentLevelCount - count number of levels of CMS content objects in this message
00216  *
00217  * CMS data content objects do not count.
00218  */
00219 extern int
00220 NSS_CMSMessage_ContentLevelCount(NSSCMSMessage *cmsg);
00221 
00222 /*
00223  * NSS_CMSMessage_ContentLevel - find content level #n
00224  *
00225  * CMS data content objects do not count.
00226  */
00227 extern NSSCMSContentInfo *
00228 NSS_CMSMessage_ContentLevel(NSSCMSMessage *cmsg, int n);
00229 
00230 /*
00231  * NSS_CMSMessage_ContainsCertsOrCrls - see if message contains certs along the way
00232  */
00233 extern PRBool
00234 NSS_CMSMessage_ContainsCertsOrCrls(NSSCMSMessage *cmsg);
00235 
00236 /*
00237  * NSS_CMSMessage_IsEncrypted - see if message contains a encrypted submessage
00238  */
00239 extern PRBool
00240 NSS_CMSMessage_IsEncrypted(NSSCMSMessage *cmsg);
00241 
00242 /*
00243  * NSS_CMSMessage_IsSigned - see if message contains a signed submessage
00244  *
00245  * If the CMS message has a SignedData with a signature (not just a SignedData)
00246  * return true; false otherwise.  This can/should be called before calling
00247  * VerifySignature, which will always indicate failure if no signature is
00248  * present, but that does not mean there even was a signature!
00249  * Note that the content itself can be empty (detached content was sent
00250  * another way); it is the presence of the signature that matters.
00251  */
00252 extern PRBool
00253 NSS_CMSMessage_IsSigned(NSSCMSMessage *cmsg);
00254 
00255 /*
00256  * NSS_CMSMessage_IsContentEmpty - see if content is empty
00257  *
00258  * returns PR_TRUE is innermost content length is < minLen
00259  * XXX need the encrypted content length (why?)
00260  */
00261 extern PRBool
00262 NSS_CMSMessage_IsContentEmpty(NSSCMSMessage *cmsg, unsigned int minLen);
00263 
00264 /************************************************************************
00265  * cmscinfo.c - CMS contentInfo methods
00266  ************************************************************************/
00267 
00268 /*
00269  * NSS_CMSContentInfo_Destroy - destroy a CMS contentInfo and all of its sub-pieces.
00270  */
00271 extern void
00272 NSS_CMSContentInfo_Destroy(NSSCMSContentInfo *cinfo);
00273 
00274 /*
00275  * NSS_CMSContentInfo_GetChildContentInfo - get content's contentInfo (if it exists)
00276  */
00277 extern NSSCMSContentInfo *
00278 NSS_CMSContentInfo_GetChildContentInfo(NSSCMSContentInfo *cinfo);
00279 
00280 /*
00281  * NSS_CMSContentInfo_SetContent - set cinfo's content type & content to CMS object
00282  */
00283 extern SECStatus
00284 NSS_CMSContentInfo_SetContent(NSSCMSMessage *cmsg, NSSCMSContentInfo *cinfo, SECOidTag type, void *ptr);
00285 
00286 /*
00287  * NSS_CMSContentInfo_SetContent_XXXX - typesafe wrappers for NSS_CMSContentInfo_SetType
00288  *   set cinfo's content type & content to CMS object
00289  */
00290 extern SECStatus
00291 NSS_CMSContentInfo_SetContent_Data(NSSCMSMessage *cmsg, NSSCMSContentInfo *cinfo, SECItem *data, PRBool detached);
00292 
00293 extern SECStatus
00294 NSS_CMSContentInfo_SetContent_SignedData(NSSCMSMessage *cmsg, NSSCMSContentInfo *cinfo, NSSCMSSignedData *sigd);
00295 
00296 extern SECStatus
00297 NSS_CMSContentInfo_SetContent_EnvelopedData(NSSCMSMessage *cmsg, NSSCMSContentInfo *cinfo, NSSCMSEnvelopedData *envd);
00298 
00299 extern SECStatus
00300 NSS_CMSContentInfo_SetContent_DigestedData(NSSCMSMessage *cmsg, NSSCMSContentInfo *cinfo, NSSCMSDigestedData *digd);
00301 
00302 extern SECStatus
00303 NSS_CMSContentInfo_SetContent_EncryptedData(NSSCMSMessage *cmsg, NSSCMSContentInfo *cinfo, NSSCMSEncryptedData *encd);
00304 
00305 /*
00306  * NSS_CMSContentInfo_GetContent - get pointer to inner content
00307  *
00308  * needs to be casted...
00309  */
00310 extern void *
00311 NSS_CMSContentInfo_GetContent(NSSCMSContentInfo *cinfo);
00312 
00313 /* 
00314  * NSS_CMSContentInfo_GetInnerContent - get pointer to innermost content
00315  *
00316  * this is typically only called by NSS_CMSMessage_GetContent()
00317  */
00318 extern SECItem *
00319 NSS_CMSContentInfo_GetInnerContent(NSSCMSContentInfo *cinfo);
00320 
00321 /*
00322  * NSS_CMSContentInfo_GetContentType{Tag,OID} - find out (saving pointer to lookup result
00323  * for future reference) and return the inner content type.
00324  */
00325 extern SECOidTag
00326 NSS_CMSContentInfo_GetContentTypeTag(NSSCMSContentInfo *cinfo);
00327 
00328 extern SECItem *
00329 NSS_CMSContentInfo_GetContentTypeOID(NSSCMSContentInfo *cinfo);
00330 
00331 /*
00332  * NSS_CMSContentInfo_GetContentEncAlgTag - find out (saving pointer to lookup result
00333  * for future reference) and return the content encryption algorithm tag.
00334  */
00335 extern SECOidTag
00336 NSS_CMSContentInfo_GetContentEncAlgTag(NSSCMSContentInfo *cinfo);
00337 
00338 /*
00339  * NSS_CMSContentInfo_GetContentEncAlg - find out and return the content encryption algorithm tag.
00340  */
00341 extern SECAlgorithmID *
00342 NSS_CMSContentInfo_GetContentEncAlg(NSSCMSContentInfo *cinfo);
00343 
00344 extern SECStatus
00345 NSS_CMSContentInfo_SetContentEncAlg(PLArenaPool *poolp, NSSCMSContentInfo *cinfo,
00346                                 SECOidTag bulkalgtag, SECItem *parameters, int keysize);
00347 
00348 extern SECStatus
00349 NSS_CMSContentInfo_SetContentEncAlgID(PLArenaPool *poolp, NSSCMSContentInfo *cinfo,
00350                                 SECAlgorithmID *algid, int keysize);
00351 
00352 extern void
00353 NSS_CMSContentInfo_SetBulkKey(NSSCMSContentInfo *cinfo, PK11SymKey *bulkkey);
00354 
00355 extern PK11SymKey *
00356 NSS_CMSContentInfo_GetBulkKey(NSSCMSContentInfo *cinfo);
00357 
00358 extern int
00359 NSS_CMSContentInfo_GetBulkKeySize(NSSCMSContentInfo *cinfo);
00360 
00361 /************************************************************************
00362  * cmsutil.c - CMS misc utility functions
00363  ************************************************************************/
00364 
00365 /*
00366  * NSS_CMSArray_SortByDER - sort array of objects by objects' DER encoding
00367  *
00368  * make sure that the order of the objects guarantees valid DER (which must be
00369  * in lexigraphically ascending order for a SET OF); if reordering is necessary it
00370  * will be done in place (in objs).
00371  */
00372 extern SECStatus
00373 NSS_CMSArray_SortByDER(void **objs, const SEC_ASN1Template *objtemplate, void **objs2);
00374 
00375 /*
00376  * NSS_CMSUtil_DERCompare - for use with NSS_CMSArray_Sort to
00377  *  sort arrays of SECItems containing DER
00378  */
00379 extern int
00380 NSS_CMSUtil_DERCompare(void *a, void *b);
00381 
00382 /*
00383  * NSS_CMSAlgArray_GetIndexByAlgID - find a specific algorithm in an array of 
00384  * algorithms.
00385  *
00386  * algorithmArray - array of algorithm IDs
00387  * algid - algorithmid of algorithm to pick
00388  *
00389  * Returns:
00390  *  An integer containing the index of the algorithm in the array or -1 if 
00391  *  algorithm was not found.
00392  */
00393 extern int
00394 NSS_CMSAlgArray_GetIndexByAlgID(SECAlgorithmID **algorithmArray, SECAlgorithmID *algid);
00395 
00396 /*
00397  * NSS_CMSAlgArray_GetIndexByAlgID - find a specific algorithm in an array of 
00398  * algorithms.
00399  *
00400  * algorithmArray - array of algorithm IDs
00401  * algiddata - id of algorithm to pick
00402  *
00403  * Returns:
00404  *  An integer containing the index of the algorithm in the array or -1 if 
00405  *  algorithm was not found.
00406  */
00407 extern int
00408 NSS_CMSAlgArray_GetIndexByAlgTag(SECAlgorithmID **algorithmArray, SECOidTag algtag);
00409 
00410 extern const SECHashObject *
00411 NSS_CMSUtil_GetHashObjByAlgID(SECAlgorithmID *algid);
00412 
00413 /*
00414  * XXX I would *really* like to not have to do this, but the current
00415  * signing interface gives me little choice.
00416  */
00417 extern SECOidTag
00418 NSS_CMSUtil_MakeSignatureAlgorithm(SECOidTag hashalg, SECOidTag encalg);
00419 
00420 extern const SEC_ASN1Template *
00421 NSS_CMSUtil_GetTemplateByTypeTag(SECOidTag type);
00422 
00423 extern size_t
00424 NSS_CMSUtil_GetSizeByTypeTag(SECOidTag type);
00425 
00426 extern NSSCMSContentInfo *
00427 NSS_CMSContent_GetContentInfo(void *msg, SECOidTag type);
00428 
00429 extern const char *
00430 NSS_CMSUtil_VerificationStatusToString(NSSCMSVerificationStatus vs);
00431 
00432 /************************************************************************
00433  * cmssigdata.c - CMS signedData methods
00434  ************************************************************************/
00435 
00436 extern NSSCMSSignedData *
00437 NSS_CMSSignedData_Create(NSSCMSMessage *cmsg);
00438 
00439 extern void
00440 NSS_CMSSignedData_Destroy(NSSCMSSignedData *sigd);
00441 
00442 /*
00443  * NSS_CMSSignedData_Encode_BeforeStart - do all the necessary things to a SignedData
00444  *     before start of encoding.
00445  *
00446  * In detail:
00447  *  - find out about the right value to put into sigd->version
00448  *  - come up with a list of digestAlgorithms (which should be the union of the algorithms
00449  *         in the signerinfos).
00450  *         If we happen to have a pre-set list of algorithms (and digest values!), we
00451  *         check if we have all the signerinfos' algorithms. If not, this is an error.
00452  */
00453 extern SECStatus
00454 NSS_CMSSignedData_Encode_BeforeStart(NSSCMSSignedData *sigd);
00455 
00456 extern SECStatus
00457 NSS_CMSSignedData_Encode_BeforeData(NSSCMSSignedData *sigd);
00458 
00459 /*
00460  * NSS_CMSSignedData_Encode_AfterData - do all the necessary things to a SignedData
00461  *     after all the encapsulated data was passed through the encoder.
00462  *
00463  * In detail:
00464  *  - create the signatures in all the SignerInfos
00465  *
00466  * Please note that nothing is done to the Certificates and CRLs in the message - this
00467  * is entirely the responsibility of our callers.
00468  */
00469 extern SECStatus
00470 NSS_CMSSignedData_Encode_AfterData(NSSCMSSignedData *sigd);
00471 
00472 extern SECStatus
00473 NSS_CMSSignedData_Decode_BeforeData(NSSCMSSignedData *sigd);
00474 
00475 /*
00476  * NSS_CMSSignedData_Decode_AfterData - do all the necessary things to a SignedData
00477  *     after all the encapsulated data was passed through the decoder.
00478  */
00479 extern SECStatus
00480 NSS_CMSSignedData_Decode_AfterData(NSSCMSSignedData *sigd);
00481 
00482 /*
00483  * NSS_CMSSignedData_Decode_AfterEnd - do all the necessary things to a SignedData
00484  *     after all decoding is finished.
00485  */
00486 extern SECStatus
00487 NSS_CMSSignedData_Decode_AfterEnd(NSSCMSSignedData *sigd);
00488 
00489 /* 
00490  * NSS_CMSSignedData_GetSignerInfos - retrieve the SignedData's signer list
00491  */
00492 extern NSSCMSSignerInfo **
00493 NSS_CMSSignedData_GetSignerInfos(NSSCMSSignedData *sigd);
00494 
00495 extern int
00496 NSS_CMSSignedData_SignerInfoCount(NSSCMSSignedData *sigd);
00497 
00498 extern NSSCMSSignerInfo *
00499 NSS_CMSSignedData_GetSignerInfo(NSSCMSSignedData *sigd, int i);
00500 
00501 /* 
00502  * NSS_CMSSignedData_GetDigestAlgs - retrieve the SignedData's digest algorithm list
00503  */
00504 extern SECAlgorithmID **
00505 NSS_CMSSignedData_GetDigestAlgs(NSSCMSSignedData *sigd);
00506 
00507 /*
00508  * NSS_CMSSignedData_GetContentInfo - return pointer to this signedData's contentinfo
00509  */
00510 extern NSSCMSContentInfo *
00511 NSS_CMSSignedData_GetContentInfo(NSSCMSSignedData *sigd);
00512 
00513 /* 
00514  * NSS_CMSSignedData_GetCertificateList - retrieve the SignedData's certificate list
00515  */
00516 extern SECItem **
00517 NSS_CMSSignedData_GetCertificateList(NSSCMSSignedData *sigd);
00518 
00519 extern SECStatus
00520 NSS_CMSSignedData_ImportCerts(NSSCMSSignedData *sigd, CERTCertDBHandle *certdb,
00521                             SECCertUsage certusage, PRBool keepcerts);
00522 
00523 /*
00524  * NSS_CMSSignedData_HasDigests - see if we have digests in place
00525  */
00526 extern PRBool
00527 NSS_CMSSignedData_HasDigests(NSSCMSSignedData *sigd);
00528 
00529 /*
00530  * NSS_CMSSignedData_VerifySignerInfo - check a signature.
00531  *
00532  * The digests were either calculated during decoding (and are stored in the
00533  * signedData itself) or set after decoding using NSS_CMSSignedData_SetDigests.
00534  *
00535  * The verification checks if the signing cert is valid and has a trusted chain
00536  * for the purpose specified by "certusage".
00537  */
00538 extern SECStatus
00539 NSS_CMSSignedData_VerifySignerInfo(NSSCMSSignedData *sigd, int i, CERTCertDBHandle *certdb,
00540                                 SECCertUsage certusage);
00541 
00542 /*
00543  * NSS_CMSSignedData_VerifyCertsOnly - verify the certs in a certs-only message
00544 */
00545 extern SECStatus
00546 NSS_CMSSignedData_VerifyCertsOnly(NSSCMSSignedData *sigd, 
00547                                   CERTCertDBHandle *certdb, 
00548                                   SECCertUsage usage);
00549 
00550 extern SECStatus
00551 NSS_CMSSignedData_AddCertList(NSSCMSSignedData *sigd, CERTCertificateList *certlist);
00552 
00553 /*
00554  * NSS_CMSSignedData_AddCertChain - add cert and its entire chain to the set of certs 
00555  */
00556 extern SECStatus
00557 NSS_CMSSignedData_AddCertChain(NSSCMSSignedData *sigd, CERTCertificate *cert);
00558 
00559 extern SECStatus
00560 NSS_CMSSignedData_AddCertificate(NSSCMSSignedData *sigd, CERTCertificate *cert);
00561 
00562 extern PRBool
00563 NSS_CMSSignedData_ContainsCertsOrCrls(NSSCMSSignedData *sigd);
00564 
00565 extern SECStatus
00566 NSS_CMSSignedData_AddSignerInfo(NSSCMSSignedData *sigd,
00567                             NSSCMSSignerInfo *signerinfo);
00568 
00569 extern SECStatus
00570 NSS_CMSSignedData_SetDigests(NSSCMSSignedData *sigd,
00571                             SECAlgorithmID **digestalgs,
00572                             SECItem **digests);
00573 
00574 extern SECStatus
00575 NSS_CMSSignedData_SetDigestValue(NSSCMSSignedData *sigd,
00576                             SECOidTag digestalgtag,
00577                             SECItem *digestdata);
00578 
00579 extern SECStatus
00580 NSS_CMSSignedData_AddDigest(PRArenaPool *poolp,
00581                             NSSCMSSignedData *sigd,
00582                             SECOidTag digestalgtag,
00583                             SECItem *digest);
00584 
00585 extern SECItem *
00586 NSS_CMSSignedData_GetDigestValue(NSSCMSSignedData *sigd, SECOidTag digestalgtag);
00587 
00588 /*
00589  * NSS_CMSSignedData_CreateCertsOnly - create a certs-only SignedData.
00590  *
00591  * cert          - base certificates that will be included
00592  * include_chain - if true, include the complete cert chain for cert
00593  *
00594  * More certs and chains can be added via AddCertificate and AddCertChain.
00595  *
00596  * An error results in a return value of NULL and an error set.
00597  */
00598 extern NSSCMSSignedData *
00599 NSS_CMSSignedData_CreateCertsOnly(NSSCMSMessage *cmsg, CERTCertificate *cert, PRBool include_chain);
00600 
00601 /************************************************************************
00602  * cmssiginfo.c - signerinfo methods
00603  ************************************************************************/
00604 
00605 extern NSSCMSSignerInfo *
00606 NSS_CMSSignerInfo_Create(NSSCMSMessage *cmsg, CERTCertificate *cert, SECOidTag digestalgtag);
00607 extern NSSCMSSignerInfo *
00608 NSS_CMSSignerInfo_CreateWithSubjKeyID(NSSCMSMessage *cmsg, SECItem *subjKeyID, SECKEYPublicKey *pubKey, SECKEYPrivateKey *signingKey, SECOidTag digestalgtag);
00609 
00610 /*
00611  * NSS_CMSSignerInfo_Destroy - destroy a SignerInfo data structure
00612  */
00613 extern void
00614 NSS_CMSSignerInfo_Destroy(NSSCMSSignerInfo *si);
00615 
00616 /*
00617  * NSS_CMSSignerInfo_Sign - sign something
00618  *
00619  */
00620 extern SECStatus
00621 NSS_CMSSignerInfo_Sign(NSSCMSSignerInfo *signerinfo, SECItem *digest, SECItem *contentType);
00622 
00623 extern SECStatus
00624 NSS_CMSSignerInfo_VerifyCertificate(NSSCMSSignerInfo *signerinfo, CERTCertDBHandle *certdb,
00625                          SECCertUsage certusage);
00626 
00627 /*
00628  * NSS_CMSSignerInfo_Verify - verify the signature of a single SignerInfo
00629  *
00630  * Just verifies the signature. The assumption is that verification of the certificate
00631  * is done already.
00632  */
00633 extern SECStatus
00634 NSS_CMSSignerInfo_Verify(NSSCMSSignerInfo *signerinfo, SECItem *digest, SECItem *contentType);
00635 
00636 extern NSSCMSVerificationStatus
00637 NSS_CMSSignerInfo_GetVerificationStatus(NSSCMSSignerInfo *signerinfo);
00638 
00639 extern SECOidData *
00640 NSS_CMSSignerInfo_GetDigestAlg(NSSCMSSignerInfo *signerinfo);
00641 
00642 extern SECOidTag
00643 NSS_CMSSignerInfo_GetDigestAlgTag(NSSCMSSignerInfo *signerinfo);
00644 
00645 extern int
00646 NSS_CMSSignerInfo_GetVersion(NSSCMSSignerInfo *signerinfo);
00647 
00648 extern CERTCertificateList *
00649 NSS_CMSSignerInfo_GetCertList(NSSCMSSignerInfo *signerinfo);
00650 
00651 /*
00652  * NSS_CMSSignerInfo_GetSigningTime - return the signing time,
00653  *                                in UTCTime format, of a CMS signerInfo.
00654  *
00655  * sinfo - signerInfo data for this signer
00656  *
00657  * Returns a pointer to XXXX (what?)
00658  * A return value of NULL is an error.
00659  */
00660 extern SECStatus
00661 NSS_CMSSignerInfo_GetSigningTime(NSSCMSSignerInfo *sinfo, PRTime *stime);
00662 
00663 /*
00664  * Return the signing cert of a CMS signerInfo.
00665  *
00666  * the certs in the enclosing SignedData must have been imported already
00667  */
00668 extern CERTCertificate *
00669 NSS_CMSSignerInfo_GetSigningCertificate(NSSCMSSignerInfo *signerinfo, CERTCertDBHandle *certdb);
00670 
00671 /*
00672  * NSS_CMSSignerInfo_GetSignerCommonName - return the common name of the signer
00673  *
00674  * sinfo - signerInfo data for this signer
00675  *
00676  * Returns a pointer to allocated memory, which must be freed with PORT_Free.
00677  * A return value of NULL is an error.
00678  */
00679 extern char *
00680 NSS_CMSSignerInfo_GetSignerCommonName(NSSCMSSignerInfo *sinfo);
00681 
00682 /*
00683  * NSS_CMSSignerInfo_GetSignerEmailAddress - return the common name of the signer
00684  *
00685  * sinfo - signerInfo data for this signer
00686  *
00687  * Returns a pointer to allocated memory, which must be freed.
00688  * A return value of NULL is an error.
00689  */
00690 extern char *
00691 NSS_CMSSignerInfo_GetSignerEmailAddress(NSSCMSSignerInfo *sinfo);
00692 
00693 /*
00694  * NSS_CMSSignerInfo_AddAuthAttr - add an attribute to the
00695  * authenticated (i.e. signed) attributes of "signerinfo". 
00696  */
00697 extern SECStatus
00698 NSS_CMSSignerInfo_AddAuthAttr(NSSCMSSignerInfo *signerinfo, NSSCMSAttribute *attr);
00699 
00700 /*
00701  * NSS_CMSSignerInfo_AddUnauthAttr - add an attribute to the
00702  * unauthenticated attributes of "signerinfo". 
00703  */
00704 extern SECStatus
00705 NSS_CMSSignerInfo_AddUnauthAttr(NSSCMSSignerInfo *signerinfo, NSSCMSAttribute *attr);
00706 
00707 /* 
00708  * NSS_CMSSignerInfo_AddSigningTime - add the signing time to the
00709  * authenticated (i.e. signed) attributes of "signerinfo". 
00710  *
00711  * This is expected to be included in outgoing signed
00712  * messages for email (S/MIME) but is likely useful in other situations.
00713  *
00714  * This should only be added once; a second call will do nothing.
00715  *
00716  * XXX This will probably just shove the current time into "signerinfo"
00717  * but it will not actually get signed until the entire item is
00718  * processed for encoding.  Is this (expected to be small) delay okay?
00719  */
00720 extern SECStatus
00721 NSS_CMSSignerInfo_AddSigningTime(NSSCMSSignerInfo *signerinfo, PRTime t);
00722 
00723 /*
00724  * NSS_CMSSignerInfo_AddSMIMECaps - add a SMIMECapabilities attribute to the
00725  * authenticated (i.e. signed) attributes of "signerinfo".
00726  *
00727  * This is expected to be included in outgoing signed
00728  * messages for email (S/MIME).
00729  */
00730 extern SECStatus
00731 NSS_CMSSignerInfo_AddSMIMECaps(NSSCMSSignerInfo *signerinfo);
00732 
00733 /*
00734  * NSS_CMSSignerInfo_AddSMIMEEncKeyPrefs - add a SMIMEEncryptionKeyPreferences attribute to the
00735  * authenticated (i.e. signed) attributes of "signerinfo".
00736  *
00737  * This is expected to be included in outgoing signed messages for email (S/MIME).
00738  */
00739 SECStatus
00740 NSS_CMSSignerInfo_AddSMIMEEncKeyPrefs(NSSCMSSignerInfo *signerinfo, CERTCertificate *cert, CERTCertDBHandle *certdb);
00741 
00742 /*
00743  * NSS_CMSSignerInfo_AddMSSMIMEEncKeyPrefs - add a SMIMEEncryptionKeyPreferences attribute to the
00744  * authenticated (i.e. signed) attributes of "signerinfo", using the OID prefered by Microsoft.
00745  *
00746  * This is expected to be included in outgoing signed messages for email (S/MIME),
00747  * if compatibility with Microsoft mail clients is wanted.
00748  */
00749 SECStatus
00750 NSS_CMSSignerInfo_AddMSSMIMEEncKeyPrefs(NSSCMSSignerInfo *signerinfo, CERTCertificate *cert, CERTCertDBHandle *certdb);
00751 
00752 /* 
00753  * NSS_CMSSignerInfo_AddCounterSignature - countersign a signerinfo
00754  */
00755 extern SECStatus
00756 NSS_CMSSignerInfo_AddCounterSignature(NSSCMSSignerInfo *signerinfo,
00757                                 SECOidTag digestalg, CERTCertificate signingcert);
00758 
00759 /*
00760  * XXXX the following needs to be done in the S/MIME layer code
00761  * after signature of a signerinfo is verified
00762  */
00763 extern SECStatus
00764 NSS_SMIMESignerInfo_SaveSMIMEProfile(NSSCMSSignerInfo *signerinfo);
00765 
00766 /*
00767  * NSS_CMSSignerInfo_IncludeCerts - set cert chain inclusion mode for this signer
00768  */
00769 extern SECStatus
00770 NSS_CMSSignerInfo_IncludeCerts(NSSCMSSignerInfo *signerinfo, NSSCMSCertChainMode cm, SECCertUsage usage);
00771 
00772 /************************************************************************
00773  * cmsenvdata.c - CMS envelopedData methods
00774  ************************************************************************/
00775 
00776 /*
00777  * NSS_CMSEnvelopedData_Create - create an enveloped data message
00778  */
00779 extern NSSCMSEnvelopedData *
00780 NSS_CMSEnvelopedData_Create(NSSCMSMessage *cmsg, SECOidTag algorithm, int keysize);
00781 
00782 /*
00783  * NSS_CMSEnvelopedData_Destroy - destroy an enveloped data message
00784  */
00785 extern void
00786 NSS_CMSEnvelopedData_Destroy(NSSCMSEnvelopedData *edp);
00787 
00788 /*
00789  * NSS_CMSEnvelopedData_GetContentInfo - return pointer to this envelopedData's contentinfo
00790  */
00791 extern NSSCMSContentInfo *
00792 NSS_CMSEnvelopedData_GetContentInfo(NSSCMSEnvelopedData *envd);
00793 
00794 /*
00795  * NSS_CMSEnvelopedData_AddRecipient - add a recipientinfo to the enveloped data msg
00796  *
00797  * rip must be created on the same pool as edp - this is not enforced, though.
00798  */
00799 extern SECStatus
00800 NSS_CMSEnvelopedData_AddRecipient(NSSCMSEnvelopedData *edp, NSSCMSRecipientInfo *rip);
00801 
00802 /*
00803  * NSS_CMSEnvelopedData_Encode_BeforeStart - prepare this envelopedData for encoding
00804  *
00805  * at this point, we need
00806  * - recipientinfos set up with recipient's certificates
00807  * - a content encryption algorithm (if none, 3DES will be used)
00808  *
00809  * this function will generate a random content encryption key (aka bulk key),
00810  * initialize the recipientinfos with certificate identification and wrap the bulk key
00811  * using the proper algorithm for every certificiate.
00812  * it will finally set the bulk algorithm and key so that the encode step can find it.
00813  */
00814 extern SECStatus
00815 NSS_CMSEnvelopedData_Encode_BeforeStart(NSSCMSEnvelopedData *envd);
00816 
00817 /*
00818  * NSS_CMSEnvelopedData_Encode_BeforeData - set up encryption
00819  */
00820 extern SECStatus
00821 NSS_CMSEnvelopedData_Encode_BeforeData(NSSCMSEnvelopedData *envd);
00822 
00823 /*
00824  * NSS_CMSEnvelopedData_Encode_AfterData - finalize this envelopedData for encoding
00825  */
00826 extern SECStatus
00827 NSS_CMSEnvelopedData_Encode_AfterData(NSSCMSEnvelopedData *envd);
00828 
00829 /*
00830  * NSS_CMSEnvelopedData_Decode_BeforeData - find our recipientinfo, 
00831  * derive bulk key & set up our contentinfo
00832  */
00833 extern SECStatus
00834 NSS_CMSEnvelopedData_Decode_BeforeData(NSSCMSEnvelopedData *envd);
00835 
00836 /*
00837  * NSS_CMSEnvelopedData_Decode_AfterData - finish decrypting this envelopedData's content
00838  */
00839 extern SECStatus
00840 NSS_CMSEnvelopedData_Decode_AfterData(NSSCMSEnvelopedData *envd);
00841 
00842 /*
00843  * NSS_CMSEnvelopedData_Decode_AfterEnd - finish decoding this envelopedData
00844  */
00845 extern SECStatus
00846 NSS_CMSEnvelopedData_Decode_AfterEnd(NSSCMSEnvelopedData *envd);
00847 
00848 
00849 /************************************************************************
00850  * cmsrecinfo.c - CMS recipientInfo methods
00851  ************************************************************************/
00852 
00853 /*
00854  * NSS_CMSRecipientInfo_Create - create a recipientinfo
00855  *
00856  * we currently do not create KeyAgreement recipientinfos with multiple recipientEncryptedKeys
00857  * the certificate is supposed to have been verified by the caller
00858  */
00859 extern NSSCMSRecipientInfo *
00860 NSS_CMSRecipientInfo_Create(NSSCMSMessage *cmsg, CERTCertificate *cert);
00861 
00862 extern NSSCMSRecipientInfo *
00863 NSS_CMSRecipientInfo_CreateWithSubjKeyID(NSSCMSMessage   *cmsg, 
00864                                          SECItem         *subjKeyID,
00865                                          SECKEYPublicKey *pubKey);
00866 
00867 extern NSSCMSRecipientInfo *
00868 NSS_CMSRecipientInfo_CreateWithSubjKeyIDFromCert(NSSCMSMessage *cmsg, 
00869                                                  CERTCertificate *cert);
00870 
00871 /*
00872  * NSS_CMSRecipientInfo_CreateNew - create a blank recipientinfo for 
00873  * applications which want to encode their own CMS structures and
00874  * key exchange types.
00875  */
00876 extern NSSCMSRecipientInfo *
00877 NSS_CMSRecipientInfo_CreateNew(void* pwfn_arg);
00878 
00879 /*
00880  * NSS_CMSRecipientInfo_CreateFromDER - create a recipientinfo  from partially
00881  * decoded DER data for applications which want to encode their own CMS 
00882  * structures and key exchange types.
00883  */
00884 extern NSSCMSRecipientInfo *
00885 NSS_CMSRecipientInfo_CreateFromDER(SECItem* input, void* pwfn_arg);
00886 
00887 extern void
00888 NSS_CMSRecipientInfo_Destroy(NSSCMSRecipientInfo *ri);
00889 
00890 /*
00891  * NSS_CMSRecipientInfo_GetCertAndKey - retrieve the cert and key from the
00892  * recipientInfo struct. If retcert or retkey are NULL, the cert or 
00893  * key (respectively) would not be returned). This function is a no-op if both 
00894  * retcert and retkey are NULL. Caller inherits ownership of the cert and key
00895  * he requested (and is responsible to free them).
00896  */
00897 SECStatus NSS_CMSRecipientInfo_GetCertAndKey(NSSCMSRecipientInfo *ri,
00898    CERTCertificate** retcert, SECKEYPrivateKey** retkey);
00899 
00900 extern int
00901 NSS_CMSRecipientInfo_GetVersion(NSSCMSRecipientInfo *ri);
00902 
00903 extern SECItem *
00904 NSS_CMSRecipientInfo_GetEncryptedKey(NSSCMSRecipientInfo *ri, int subIndex);
00905 
00906 /*
00907  * NSS_CMSRecipientInfo_Encode - encode an NSS_CMSRecipientInfo as ASN.1
00908  */
00909 SECStatus NSS_CMSRecipientInfo_Encode(PRArenaPool* poolp,
00910                                       const NSSCMSRecipientInfo *src,
00911                                       SECItem* returned);
00912 
00913 extern SECOidTag
00914 NSS_CMSRecipientInfo_GetKeyEncryptionAlgorithmTag(NSSCMSRecipientInfo *ri);
00915 
00916 extern SECStatus
00917 NSS_CMSRecipientInfo_WrapBulkKey(NSSCMSRecipientInfo *ri, PK11SymKey *bulkkey, SECOidTag bulkalgtag);
00918 
00919 extern PK11SymKey *
00920 NSS_CMSRecipientInfo_UnwrapBulkKey(NSSCMSRecipientInfo *ri, int subIndex,
00921               CERTCertificate *cert, SECKEYPrivateKey *privkey, SECOidTag bulkalgtag);
00922 
00923 /************************************************************************
00924  * cmsencdata.c - CMS encryptedData methods
00925  ************************************************************************/
00926 /*
00927  * NSS_CMSEncryptedData_Create - create an empty encryptedData object.
00928  *
00929  * "algorithm" specifies the bulk encryption algorithm to use.
00930  * "keysize" is the key size.
00931  * 
00932  * An error results in a return value of NULL and an error set.
00933  * (Retrieve specific errors via PORT_GetError()/XP_GetError().)
00934  */
00935 extern NSSCMSEncryptedData *
00936 NSS_CMSEncryptedData_Create(NSSCMSMessage *cmsg, SECOidTag algorithm, int keysize);
00937 
00938 /*
00939  * NSS_CMSEncryptedData_Destroy - destroy an encryptedData object
00940  */
00941 extern void
00942 NSS_CMSEncryptedData_Destroy(NSSCMSEncryptedData *encd);
00943 
00944 /*
00945  * NSS_CMSEncryptedData_GetContentInfo - return pointer to encryptedData object's contentInfo
00946  */
00947 extern NSSCMSContentInfo *
00948 NSS_CMSEncryptedData_GetContentInfo(NSSCMSEncryptedData *encd);
00949 
00950 /*
00951  * NSS_CMSEncryptedData_Encode_BeforeStart - do all the necessary things to a EncryptedData
00952  *     before encoding begins.
00953  *
00954  * In particular:
00955  *  - set the correct version value.
00956  *  - get the encryption key
00957  */
00958 extern SECStatus
00959 NSS_CMSEncryptedData_Encode_BeforeStart(NSSCMSEncryptedData *encd);
00960 
00961 /*
00962  * NSS_CMSEncryptedData_Encode_BeforeData - set up encryption
00963  */
00964 extern SECStatus
00965 NSS_CMSEncryptedData_Encode_BeforeData(NSSCMSEncryptedData *encd);
00966 
00967 /*
00968  * NSS_CMSEncryptedData_Encode_AfterData - finalize this encryptedData for encoding
00969  */
00970 extern SECStatus
00971 NSS_CMSEncryptedData_Encode_AfterData(NSSCMSEncryptedData *encd);
00972 
00973 /*
00974  * NSS_CMSEncryptedData_Decode_BeforeData - find bulk key & set up decryption
00975  */
00976 extern SECStatus
00977 NSS_CMSEncryptedData_Decode_BeforeData(NSSCMSEncryptedData *encd);
00978 
00979 /*
00980  * NSS_CMSEncryptedData_Decode_AfterData - finish decrypting this encryptedData's content
00981  */
00982 extern SECStatus
00983 NSS_CMSEncryptedData_Decode_AfterData(NSSCMSEncryptedData *encd);
00984 
00985 /*
00986  * NSS_CMSEncryptedData_Decode_AfterEnd - finish decoding this encryptedData
00987  */
00988 extern SECStatus
00989 NSS_CMSEncryptedData_Decode_AfterEnd(NSSCMSEncryptedData *encd);
00990 
00991 /************************************************************************
00992  * cmsdigdata.c - CMS encryptedData methods
00993  ************************************************************************/
00994 /*
00995  * NSS_CMSDigestedData_Create - create a digestedData object (presumably for encoding)
00996  *
00997  * version will be set by NSS_CMSDigestedData_Encode_BeforeStart
00998  * digestAlg is passed as parameter
00999  * contentInfo must be filled by the user
01000  * digest will be calculated while encoding
01001  */
01002 extern NSSCMSDigestedData *
01003 NSS_CMSDigestedData_Create(NSSCMSMessage *cmsg, SECAlgorithmID *digestalg);
01004 
01005 /*
01006  * NSS_CMSDigestedData_Destroy - destroy a digestedData object
01007  */
01008 extern void
01009 NSS_CMSDigestedData_Destroy(NSSCMSDigestedData *digd);
01010 
01011 /*
01012  * NSS_CMSDigestedData_GetContentInfo - return pointer to digestedData object's contentInfo
01013  */
01014 extern NSSCMSContentInfo *
01015 NSS_CMSDigestedData_GetContentInfo(NSSCMSDigestedData *digd);
01016 
01017 /*
01018  * NSS_CMSDigestedData_Encode_BeforeStart - do all the necessary things to a DigestedData
01019  *     before encoding begins.
01020  *
01021  * In particular:
01022  *  - set the right version number. The contentInfo's content type must be set up already.
01023  */
01024 extern SECStatus
01025 NSS_CMSDigestedData_Encode_BeforeStart(NSSCMSDigestedData *digd);
01026 
01027 /*
01028  * NSS_CMSDigestedData_Encode_BeforeData - do all the necessary things to a DigestedData
01029  *     before the encapsulated data is passed through the encoder.
01030  *
01031  * In detail:
01032  *  - set up the digests if necessary
01033  */
01034 extern SECStatus
01035 NSS_CMSDigestedData_Encode_BeforeData(NSSCMSDigestedData *digd);
01036 
01037 /*
01038  * NSS_CMSDigestedData_Encode_AfterData - do all the necessary things to a DigestedData
01039  *     after all the encapsulated data was passed through the encoder.
01040  *
01041  * In detail:
01042  *  - finish the digests
01043  */
01044 extern SECStatus
01045 NSS_CMSDigestedData_Encode_AfterData(NSSCMSDigestedData *digd);
01046 
01047 /*
01048  * NSS_CMSDigestedData_Decode_BeforeData - do all the necessary things to a DigestedData
01049  *     before the encapsulated data is passed through the encoder.
01050  *
01051  * In detail:
01052  *  - set up the digests if necessary
01053  */
01054 extern SECStatus
01055 NSS_CMSDigestedData_Decode_BeforeData(NSSCMSDigestedData *digd);
01056 
01057 /*
01058  * NSS_CMSDigestedData_Decode_AfterData - do all the necessary things to a DigestedData
01059  *     after all the encapsulated data was passed through the encoder.
01060  *
01061  * In detail:
01062  *  - finish the digests
01063  */
01064 extern SECStatus
01065 NSS_CMSDigestedData_Decode_AfterData(NSSCMSDigestedData *digd);
01066 
01067 /*
01068  * NSS_CMSDigestedData_Decode_AfterEnd - finalize a digestedData.
01069  *
01070  * In detail:
01071  *  - check the digests for equality
01072  */
01073 extern SECStatus
01074 NSS_CMSDigestedData_Decode_AfterEnd(NSSCMSDigestedData *digd);
01075 
01076 /************************************************************************
01077  * cmsdigest.c - digestion routines
01078  ************************************************************************/
01079 
01080 /*
01081  * NSS_CMSDigestContext_StartMultiple - start digest calculation using all the
01082  *  digest algorithms in "digestalgs" in parallel.
01083  */
01084 extern NSSCMSDigestContext *
01085 NSS_CMSDigestContext_StartMultiple(SECAlgorithmID **digestalgs);
01086 
01087 /*
01088  * NSS_CMSDigestContext_StartSingle - same as NSS_CMSDigestContext_StartMultiple, but
01089  *  only one algorithm.
01090  */
01091 extern NSSCMSDigestContext *
01092 NSS_CMSDigestContext_StartSingle(SECAlgorithmID *digestalg);
01093 
01094 /*
01095  * NSS_CMSDigestContext_Update - feed more data into the digest machine
01096  */
01097 extern void
01098 NSS_CMSDigestContext_Update(NSSCMSDigestContext *cmsdigcx, const unsigned char *data, int len);
01099 
01100 /*
01101  * NSS_CMSDigestContext_Cancel - cancel digesting operation
01102  */
01103 extern void
01104 NSS_CMSDigestContext_Cancel(NSSCMSDigestContext *cmsdigcx);
01105 
01106 /*
01107  * NSS_CMSDigestContext_FinishMultiple - finish the digests and put them
01108  *  into an array of SECItems (allocated on poolp)
01109  */
01110 extern SECStatus
01111 NSS_CMSDigestContext_FinishMultiple(NSSCMSDigestContext *cmsdigcx, PLArenaPool *poolp,
01112                          SECItem ***digestsp);
01113 
01114 /*
01115  * NSS_CMSDigestContext_FinishSingle - same as NSS_CMSDigestContext_FinishMultiple,
01116  *  but for one digest.
01117  */
01118 extern SECStatus
01119 NSS_CMSDigestContext_FinishSingle(NSSCMSDigestContext *cmsdigcx, PLArenaPool *poolp,
01120                          SECItem *digest);
01121 
01122 /************************************************************************
01123  * 
01124  ************************************************************************/
01125 
01126 /* shortcuts for basic use */
01127 
01128 /*
01129  * NSS_CMSDEREncode - DER Encode a CMS message, with input being
01130  *                    the plaintext message and derOut being the output,
01131  *                    stored in arena's pool.
01132  */
01133 extern SECStatus
01134 NSS_CMSDEREncode(NSSCMSMessage *cmsg, SECItem *input, SECItem *derOut, 
01135                  PLArenaPool *arena);
01136 
01137 
01138 /************************************************************************/
01139 SEC_END_PROTOS
01140 
01141 #endif /* _CMS_H_ */