Back to index

lightning-sunbird  0.9+nobinonly
Functions
smime.h File Reference
#include "cms.h"
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions

SEC_BEGIN_PROTOS SECStatus NSS_SMIMEUtil_EnableCipher (long which, int on)
SECStatus NSS_SMIMEUtils_AllowCipher (long which, int on)
PRBool NSS_SMIMEUtil_DecryptionAllowed (SECAlgorithmID *algid, PK11SymKey *key)
PRBool NSS_SMIMEUtil_EncryptionPossible (void)
SECStatus NSS_SMIMEUtil_CreateSMIMECapabilities (PLArenaPool *poolp, SECItem *dest, PRBool includeFortezzaCiphers)
SECStatus NSS_SMIMEUtil_CreateSMIMEEncKeyPrefs (PLArenaPool *poolp, SECItem *dest, CERTCertificate *cert)
SECStatus NSS_SMIMEUtil_CreateMSSMIMEEncKeyPrefs (PLArenaPool *poolp, SECItem *dest, CERTCertificate *cert)
CERTCertificate * NSS_SMIMEUtil_GetCertFromEncryptionKeyPreference (CERTCertDBHandle *certdb, SECItem *DERekp)
SECStatus NSS_SMIMEUtil_FindBulkAlgForRecipients (CERTCertificate **rcerts, SECOidTag *bulkalgtag, int *keysize)

Function Documentation

SECStatus NSS_SMIMEUtil_CreateMSSMIMEEncKeyPrefs ( PLArenaPool poolp,
SECItem *  dest,
CERTCertificate *  cert 
)

Definition at line 700 of file smimeutil.c.

{
    SECItem *dummy = NULL;
    PLArenaPool *tmppoolp = NULL;
    CERTIssuerAndSN *isn;

    if (cert == NULL)
       goto loser;

    tmppoolp = PORT_NewArena(1024);
    if (tmppoolp == NULL)
       goto loser;

    isn = CERT_GetCertIssuerAndSN(tmppoolp, cert);
    if (isn == NULL)
       goto loser;

    dummy = SEC_ASN1EncodeItem(poolp, dest, isn, SEC_ASN1_GET(CERT_IssuerAndSNTemplate));

loser:
    if (tmppoolp) PORT_FreeArena(tmppoolp, PR_FALSE);

    return (dummy == NULL) ? SECFailure : SECSuccess;
}

Here is the call graph for this function:

SECStatus NSS_SMIMEUtil_CreateSMIMECapabilities ( PLArenaPool poolp,
SECItem *  dest,
PRBool  includeFortezzaCiphers 
)

Definition at line 589 of file smimeutil.c.

{
    NSSSMIMECapability *cap;
    NSSSMIMECapability **smime_capabilities;
    smime_cipher_map_entry *map;
    SECOidData *oiddata;
    SECItem *dummy;
    int i, capIndex;

    /* if we have an old NSSSMIMECapability array, we'll reuse it (has the right size) */
    /* smime_cipher_map_count + 1 is an upper bound - we might end up with less */
    smime_capabilities = (NSSSMIMECapability **)PORT_ZAlloc((smime_cipher_map_count + 1)
                                  * sizeof(NSSSMIMECapability *));
    if (smime_capabilities == NULL)
       return SECFailure;

    capIndex = 0;

    /* Add all the symmetric ciphers
     * We walk the cipher list backwards, as it is ordered by increasing strength,
     * we prefer the stronger cipher over a weaker one, and we have to list the
     * preferred algorithm first */
    for (i = smime_cipher_map_count - 1; i >= 0; i--) {
       /* Find the corresponding entry in the cipher map. */
       map = &(smime_cipher_map[i]);
       if (!map->enabled)
           continue;

       /* If we're using a non-Fortezza cert, only advertise non-Fortezza
          capabilities. (We advertise all capabilities if we have a 
          Fortezza cert.) */
       if ((!includeFortezzaCiphers) && (map->cipher == SMIME_FORTEZZA))
           continue;

       /* get next SMIME capability */
       cap = (NSSSMIMECapability *)PORT_ZAlloc(sizeof(NSSSMIMECapability));
       if (cap == NULL)
           break;
       smime_capabilities[capIndex++] = cap;

       oiddata = SECOID_FindOIDByTag(map->algtag);
       if (oiddata == NULL)
           break;

       cap->capabilityID.data = oiddata->oid.data;
       cap->capabilityID.len = oiddata->oid.len;
       cap->parameters.data = map->parms ? map->parms->data : NULL;
       cap->parameters.len = map->parms ? map->parms->len : 0;
       cap->cipher = smime_cipher_map[i].cipher;
    }

    /* XXX add signature algorithms */
    /* XXX add key encipherment algorithms */

    smime_capabilities[capIndex] = NULL;  /* last one - now encode */
    dummy = SEC_ASN1EncodeItem(poolp, dest, &smime_capabilities, NSSSMIMECapabilitiesTemplate);

    /* now that we have the proper encoded SMIMECapabilities (or not),
     * free the work data */
    for (i = 0; smime_capabilities[i] != NULL; i++)
       PORT_Free(smime_capabilities[i]);
    PORT_Free(smime_capabilities);

    return (dummy == NULL) ? SECFailure : SECSuccess;
}

Here is the call graph for this function:

SECStatus NSS_SMIMEUtil_CreateSMIMEEncKeyPrefs ( PLArenaPool poolp,
SECItem *  dest,
CERTCertificate *  cert 
)

Definition at line 664 of file smimeutil.c.

{
    NSSSMIMEEncryptionKeyPreference ekp;
    SECItem *dummy = NULL;
    PLArenaPool *tmppoolp = NULL;

    if (cert == NULL)
       goto loser;

    tmppoolp = PORT_NewArena(1024);
    if (tmppoolp == NULL)
       goto loser;

    /* XXX hardcoded IssuerSN choice for now */
    ekp.selector = NSSSMIMEEncryptionKeyPref_IssuerSN;
    ekp.id.issuerAndSN = CERT_GetCertIssuerAndSN(tmppoolp, cert);
    if (ekp.id.issuerAndSN == NULL)
       goto loser;

    dummy = SEC_ASN1EncodeItem(poolp, dest, &ekp, smime_encryptionkeypref_template);

loser:
    if (tmppoolp) PORT_FreeArena(tmppoolp, PR_FALSE);

    return (dummy == NULL) ? SECFailure : SECSuccess;
}

Here is the call graph for this function:

PRBool NSS_SMIMEUtil_DecryptionAllowed ( SECAlgorithmID *  algid,
PK11SymKey *  key 
)

Definition at line 294 of file smimeutil.c.

{
    unsigned long which;

    if (nss_smime_get_cipher_for_alg_and_key(algid, key, &which) != SECSuccess)
       return PR_FALSE;

    return nss_smime_cipher_allowed(which);
}

Here is the call graph for this function:

Definition at line 324 of file smimeutil.c.

{
    int i;

    for (i = 0; i < smime_cipher_map_count; i++) {
       if (smime_cipher_map[i].allowed)
           return PR_TRUE;
    }
    return PR_FALSE;
}
SECStatus NSS_SMIMEUtil_FindBulkAlgForRecipients ( CERTCertificate **  rcerts,
SECOidTag bulkalgtag,
int keysize 
)

Definition at line 561 of file smimeutil.c.

{
    unsigned long cipher;
    int mapi;

    cipher = smime_choose_cipher(NULL, rcerts);
    mapi = smime_mapi_by_cipher(cipher);

    *bulkalgtag = smime_cipher_map[mapi].algtag;
    *keysize = smime_keysize_by_cipher(smime_cipher_map[mapi].cipher);

    return SECSuccess;
}

Here is the call graph for this function:

CERTCertificate* NSS_SMIMEUtil_GetCertFromEncryptionKeyPreference ( CERTCertDBHandle *  certdb,
SECItem *  DERekp 
)

Definition at line 736 of file smimeutil.c.

{
    PLArenaPool *tmppoolp = NULL;
    CERTCertificate *cert = NULL;
    NSSSMIMEEncryptionKeyPreference ekp;

    tmppoolp = PORT_NewArena(1024);
    if (tmppoolp == NULL)
       return NULL;

    /* decode DERekp */
    if (SEC_QuickDERDecodeItem(tmppoolp, &ekp, smime_encryptionkeypref_template,
                               DERekp) != SECSuccess)
       goto loser;

    /* find cert */
    switch (ekp.selector) {
    case NSSSMIMEEncryptionKeyPref_IssuerSN:
       cert = CERT_FindCertByIssuerAndSN(certdb, ekp.id.issuerAndSN);
       break;
    case NSSSMIMEEncryptionKeyPref_RKeyID:
    case NSSSMIMEEncryptionKeyPref_SubjectKeyID:
       /* XXX not supported yet - we need to be able to look up certs by SubjectKeyID */
       break;
    default:
       PORT_Assert(0);
    }
loser:
    if (tmppoolp) PORT_FreeArena(tmppoolp, PR_FALSE);

    return cert;
}

Here is the call graph for this function: