#include "cmslocal.h"
#include "secoid.h"
-#include "secitem.h"
+#include "SecAsn1Item.h"
#include "cert.h"
#include "SecSMIMEPriv.h"
static unsigned char asn1_int128[] = { SEC_ASN1_INTEGER, 0x02, 0x00, 0x80 };
/* RC2 algorithm parameters (used in smime_cipher_map) */
-static CSSM_DATA param_int40 = { sizeof(asn1_int40), asn1_int40 };
-static CSSM_DATA param_int64 = { sizeof(asn1_int64), asn1_int64 };
-static CSSM_DATA param_int128 = { sizeof(asn1_int128), asn1_int128 };
+static SecAsn1Item param_int40 = { sizeof(asn1_int40), asn1_int40 };
+static SecAsn1Item param_int64 = { sizeof(asn1_int64), asn1_int64 };
+static SecAsn1Item param_int128 = { sizeof(asn1_int128), asn1_int128 };
/*
- * XXX Would like the "parameters" field to be a CSSM_DATA_PTR , but the
+ * XXX Would like the "parameters" field to be a SecAsn1Item * , but the
* encoder is having trouble with optional pointers to an ANY. Maybe
* once that is fixed, can change this back...
*/
typedef struct {
- CSSM_DATA capabilityID;
- CSSM_DATA parameters;
+ SecAsn1Item capabilityID;
+ SecAsn1Item parameters;
long cipher; /* optimization */
} NSSSMIMECapability;
union {
SecCmsIssuerAndSN *issuerAndSN;
SecCmsRecipientKeyIdentifier *recipientKeyID;
- CSSM_DATA_PTR subjectKeyID;
+ SecAsn1Item *subjectKeyID;
} id;
} NSSSMIMEEncryptionKeyPreference;
typedef struct {
unsigned long cipher;
SECOidTag algtag;
- CSSM_DATA_PTR parms;
+ SecAsn1Item *parms;
Boolean enabled; /* in the user's preferences */
Boolean allowed; /* per export policy */
} smime_cipher_map_entry;
static smime_cipher_map_entry smime_cipher_map[] = {
/* cipher algtag parms enabled allowed */
/* ---------------------------------------------------------------------------------- */
- { SMIME_RC2_CBC_40, SEC_OID_RC2_CBC, ¶m_int40, PR_TRUE, PR_TRUE },
- { SMIME_DES_CBC_56, SEC_OID_DES_CBC, NULL, PR_TRUE, PR_TRUE },
- { SMIME_RC2_CBC_64, SEC_OID_RC2_CBC, ¶m_int64, PR_TRUE, PR_TRUE },
- { SMIME_RC2_CBC_128, SEC_OID_RC2_CBC, ¶m_int128, PR_TRUE, PR_TRUE },
+ { SMIME_RC2_CBC_40, SEC_OID_RC2_CBC, ¶m_int40, PR_FALSE, PR_FALSE },
+ { SMIME_DES_CBC_56, SEC_OID_DES_CBC, NULL, PR_TRUE, PR_FALSE },
+ { SMIME_RC2_CBC_64, SEC_OID_RC2_CBC, ¶m_int64, PR_FALSE, PR_FALSE },
+ { SMIME_RC2_CBC_128, SEC_OID_RC2_CBC, ¶m_int128, PR_FALSE, PR_FALSE },
{ SMIME_DES_EDE3_168, SEC_OID_DES_EDE3_CBC, NULL, PR_TRUE, PR_TRUE },
- { SMIME_AES_CBC_128, SEC_OID_AES_128_CBC, NULL, PR_TRUE, PR_TRUE },
+ { SMIME_AES_CBC_128, SEC_OID_AES_128_CBC, NULL, PR_TRUE, PR_TRUE },
+ { SMIME_AES_CBC_192, SEC_OID_AES_192_CBC, NULL, PR_TRUE, PR_TRUE },
+ { SMIME_AES_CBC_256, SEC_OID_AES_256_CBC, NULL, PR_TRUE, PR_TRUE },
{ SMIME_FORTEZZA, SEC_OID_FORTEZZA_SKIPJACK, NULL, PR_TRUE, PR_TRUE }
};
static const int smime_cipher_map_count = sizeof(smime_cipher_map) / sizeof(smime_cipher_map_entry);
* NSS_SMIME_EnableCipher - this function locally records the user's preference
*/
OSStatus
-SecSMIMEEnableCipher(uint32 which, Boolean on)
+SecSMIMEEnableCipher(unsigned long which, Boolean on)
{
unsigned long mask;
int mapi;
* this function locally records the export policy
*/
OSStatus
-SecSMIMEAllowCipher(uint32 which, Boolean on)
+SecSMIMEAllowCipher(unsigned long which, Boolean on)
{
unsigned long mask;
int mapi;
nss_smime_get_cipher_for_alg_and_key(SECAlgorithmID *algid, SecSymmetricKeyRef key, unsigned long *cipher)
{
SECOidTag algtag;
- unsigned int keylen_bits;
+ CFIndex keylen_bits;
unsigned long c;
algtag = SECOID_GetAlgorithmTag(algid);
switch (algtag) {
case SEC_OID_RC2_CBC:
+#if USE_CDSA_CRYPTO
if (SecKeyGetStrengthInBits(key, algid, &keylen_bits))
return SECFailure;
+#else
+ keylen_bits = CFDataGetLength((CFDataRef)key) * 8;
+#endif
switch (keylen_bits) {
case 40:
c = SMIME_RC2_CBC_40;
case SEC_OID_DES_CBC:
c = SMIME_DES_CBC_56;
break;
+ case SEC_OID_FORTEZZA_SKIPJACK:
+ c = SMIME_FORTEZZA;
+ break;
case SEC_OID_DES_EDE3_CBC:
c = SMIME_DES_EDE3_168;
break;
case SEC_OID_AES_128_CBC:
c = SMIME_AES_CBC_128;
break;
- case SEC_OID_FORTEZZA_SKIPJACK:
- c = SMIME_FORTEZZA;
+ case SEC_OID_AES_192_CBC:
+ c = SMIME_AES_CBC_192;
+ break;
+ case SEC_OID_AES_256_CBC:
+ c = SMIME_AES_CBC_256;
break;
default:
return SECFailure;
Boolean scert_is_fortezza = (scert == NULL) ? PR_FALSE : PK11_FortezzaHasKEA(scert);
#endif
- chosen_cipher = SMIME_RC2_CBC_40; /* the default, LCD */
+ chosen_cipher = SMIME_DES_CBC_56; /* the default, LCD */
weak_mapi = smime_mapi_by_cipher(chosen_cipher);
poolp = PORT_NewArena (1024); /* XXX what is right value? */
/* walk all the recipient's certs */
for (rcount = 0; rcerts[rcount] != NULL; rcount++) {
- CSSM_DATA_PTR profile;
+ SecAsn1Item *profile;
NSSSMIMECapability **caps;
int pref;
/* no profile found - so we can only assume that the user can do
* the mandatory algorithms which is RC2-40 (weak crypto) and 3DES (strong crypto) */
SecPublicKeyRef key;
- unsigned int pklen_bits;
+ size_t pklen_bits;
/*
* if recipient's public key length is > 512, vote for a strong cipher
key = CERT_ExtractPublicKey(rcerts[rcount]);
pklen_bits = 0;
if (key != NULL) {
+#if USE_CDSA_CRYPTO
SecKeyGetStrengthInBits(key, NULL, &pklen_bits);
+#else
+ pklen_bits = SecKeyGetSize(key, kSecKeyKeySizeInBits);
+#endif
SECKEY_DestroyPublicKey (key);
}
keysize = 64;
break;
case SMIME_RC2_CBC_128:
- case SMIME_AES_CBC_128:
keysize = 128;
break;
case SMIME_DES_CBC_56:
* symmetric ciphers, NO signature algorithms or key encipherment algorithms.
*
* "poolp" - arena pool to create the S/MIME capabilities data on
- * "dest" - CSSM_DATA to put the data in
+ * "dest" - SecAsn1Item to put the data in
* "includeFortezzaCiphers" - PR_TRUE if fortezza ciphers should be included
*/
OSStatus
-SecSMIMECreateSMIMECapabilities(SecArenaPoolRef pool, CSSM_DATA_PTR dest, Boolean includeFortezzaCiphers)
+SecSMIMECreateSMIMECapabilities(PLArenaPool *poolp, SecAsn1Item *dest, Boolean includeFortezzaCiphers)
{
- PLArenaPool *poolp = (PLArenaPool *)pool;
NSSSMIMECapability *cap;
NSSSMIMECapability **smime_capabilities;
smime_cipher_map_entry *map;
SECOidData *oiddata;
- CSSM_DATA_PTR dummy;
+ SecAsn1Item *dummy;
int i, capIndex;
/* if we have an old NSSSMIMECapability array, we'll reuse it (has the right size) */
* SecSMIMECreateSMIMEEncKeyPrefs - create S/MIME encryption key preferences attr value
*
* "poolp" - arena pool to create the attr value on
- * "dest" - CSSM_DATA to put the data in
+ * "dest" - SecAsn1Item to put the data in
* "cert" - certificate that should be marked as preferred encryption key
* cert is expected to have been verified for EmailRecipient usage.
*/
OSStatus
-SecSMIMECreateSMIMEEncKeyPrefs(SecArenaPoolRef pool, CSSM_DATA_PTR dest, SecCertificateRef cert)
+SecSMIMECreateSMIMEEncKeyPrefs(PLArenaPool *poolp, SecAsn1Item *dest, SecCertificateRef cert)
{
- PLArenaPool *poolp = (PLArenaPool *)pool;
NSSSMIMEEncryptionKeyPreference ekp;
- CSSM_DATA_PTR dummy = NULL;
+ SecAsn1Item *dummy = NULL;
PLArenaPool *tmppoolp = NULL;
if (cert == NULL)
* SecSMIMECreateSMIMEEncKeyPrefs - create S/MIME encryption key preferences attr value using MS oid
*
* "poolp" - arena pool to create the attr value on
- * "dest" - CSSM_DATA to put the data in
+ * "dest" - SecAsn1Item to put the data in
* "cert" - certificate that should be marked as preferred encryption key
* cert is expected to have been verified for EmailRecipient usage.
*/
OSStatus
-SecSMIMECreateMSSMIMEEncKeyPrefs(SecArenaPoolRef pool, CSSM_DATA_PTR dest, SecCertificateRef cert)
+SecSMIMECreateMSSMIMEEncKeyPrefs(PLArenaPool *poolp, SecAsn1Item *dest, SecCertificateRef cert)
{
- PLArenaPool *poolp = (PLArenaPool *)pool;
- CSSM_DATA_PTR dummy = NULL;
+ SecAsn1Item *dummy = NULL;
PLArenaPool *tmppoolp = NULL;
SecCmsIssuerAndSN *isn;
return (dummy == NULL) ? SECFailure : SECSuccess;
}
+#if 0
/*
* SecSMIMEGetCertFromEncryptionKeyPreference -
* find cert marked by EncryptionKeyPreference attribute
* they are assumed to have been imported already.
*/
SecCertificateRef
-SecSMIMEGetCertFromEncryptionKeyPreference(SecKeychainRef keychainOrArray, CSSM_DATA_PTR DERekp)
+SecSMIMEGetCertFromEncryptionKeyPreference(SecKeychainRef keychainOrArray, SecAsn1Item *DERekp)
{
PLArenaPool *tmppoolp = NULL;
SecCertificateRef cert = NULL;
/* find cert */
switch (ekp.selector) {
case NSSSMIMEEncryptionKeyPref_IssuerSN:
- cert = CERT_FindCertByIssuerAndSN(keychainOrArray, NULL, NULL, ekp.id.issuerAndSN);
+ cert = CERT_FindCertByIssuerAndSN(keychainOrArray, ekp.id.issuerAndSN);
break;
case NSSSMIMEEncryptionKeyPref_RKeyID:
case NSSSMIMEEncryptionKeyPref_SubjectKeyID:
return cert;
}
+#endif
#if 0
extern const char __nss_smime_rcsid[];
extern const char __nss_smime_sccsid[];
-#endif
-#if 0 /* -- unused */
Boolean
NSSSMIME_VersionCheck(const char *importedVersion)
{
return NSS_VersionCheck(importedVersion);
#endif
}
-#endif
+#endif /* 0 */
+
projects / apple / security.git / blobdiff