lib/pkcs7/secmime.c
author Franziskus Kiefer <franziskuskiefer@gmail.com>
Mon, 02 Oct 2017 14:45:49 +0200
changeset 13617 ffe09c48221c90d66411834e7da1f852fd2af24a
parent 12779 b11a63cc651e65d6452bcf679b4fec8c79e49c05
child 14490 fe738aae0bcc2400fdc90d9847262a06cb5bfeb4
permissions -rw-r--r--
Bug 1404911 - make AEAD destructor virtual, r=mt Differential Revision: https://phabricator.services.mozilla.com/D90

/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

/*
 * Stuff specific to S/MIME policy and interoperability.
 * Depends on PKCS7, but there should be no dependency the other way around.
 */

#include "secmime.h"
#include "secoid.h"
#include "pk11func.h"
#include "ciferfam.h" /* for CIPHER_FAMILY symbols */
#include "secasn1.h"
#include "secitem.h"
#include "cert.h"
#include "key.h"
#include "secerr.h"

typedef struct smime_cipher_map_struct {
    unsigned long cipher;
    SECOidTag algtag;
    SECItem *parms;
} smime_cipher_map;

/*
 * These are macros because I think some subsequent parameters,
 * like those for RC5, will want to use them, too, separately.
 */
#define SMIME_DER_INTVAL_16 SEC_ASN1_INTEGER, 0x01, 0x10
#define SMIME_DER_INTVAL_40 SEC_ASN1_INTEGER, 0x01, 0x28
#define SMIME_DER_INTVAL_64 SEC_ASN1_INTEGER, 0x01, 0x40
#define SMIME_DER_INTVAL_128 SEC_ASN1_INTEGER, 0x02, 0x00, 0x80

#ifdef SMIME_DOES_RC5 /* will be needed; quiet unused warning for now */
static unsigned char smime_int16[] = { SMIME_DER_INTVAL_16 };
#endif
static unsigned char smime_int40[] = { SMIME_DER_INTVAL_40 };
static unsigned char smime_int64[] = { SMIME_DER_INTVAL_64 };
static unsigned char smime_int128[] = { SMIME_DER_INTVAL_128 };

static SECItem smime_rc2p40 = { siBuffer, smime_int40, sizeof(smime_int40) };
static SECItem smime_rc2p64 = { siBuffer, smime_int64, sizeof(smime_int64) };
static SECItem smime_rc2p128 = { siBuffer, smime_int128, sizeof(smime_int128) };

static smime_cipher_map smime_cipher_maps[] = {
    { SMIME_RC2_CBC_40, SEC_OID_RC2_CBC, &smime_rc2p40 },
    { SMIME_RC2_CBC_64, SEC_OID_RC2_CBC, &smime_rc2p64 },
    { SMIME_RC2_CBC_128, SEC_OID_RC2_CBC, &smime_rc2p128 },
#ifdef SMIME_DOES_RC5
    { SMIME_RC5PAD_64_16_40, SEC_OID_RC5_CBC_PAD, &smime_rc5p40 },
    { SMIME_RC5PAD_64_16_64, SEC_OID_RC5_CBC_PAD, &smime_rc5p64 },
    { SMIME_RC5PAD_64_16_128, SEC_OID_RC5_CBC_PAD, &smime_rc5p128 },
#endif
    { SMIME_DES_CBC_56, SEC_OID_DES_CBC, NULL },
    { SMIME_DES_EDE3_168, SEC_OID_DES_EDE3_CBC, NULL }
};

/*
 * Note, the following value really just needs to be an upper bound
 * on the ciphers.
 */
static const int smime_symmetric_count = sizeof(smime_cipher_maps) / sizeof(smime_cipher_map);

static unsigned long *smime_prefs, *smime_newprefs;
static int smime_current_pref_index = 0;
static PRBool smime_prefs_complete = PR_FALSE;
static PRBool smime_prefs_changed = PR_TRUE;

static unsigned long smime_policy_bits = 0;

static int
smime_mapi_by_cipher(unsigned long cipher)
{
    int i;

    for (i = 0; i < smime_symmetric_count; i++) {
        if (smime_cipher_maps[i].cipher == cipher)
            break;
    }

    if (i == smime_symmetric_count)
        return -1;

    return i;
}

/*
 * this function locally records the user's preference
 */
SECStatus
SECMIME_EnableCipher(long which, int on)
{
    unsigned long mask;

    if (smime_newprefs == NULL || smime_prefs_complete) {
        /*
         * This is either the very first time, or we are starting over.
         */
        smime_newprefs = (unsigned long *)PORT_ZAlloc(smime_symmetric_count * sizeof(*smime_newprefs));
        if (smime_newprefs == NULL)
            return SECFailure;
        smime_current_pref_index = 0;
        smime_prefs_complete = PR_FALSE;
    }

    mask = which & CIPHER_FAMILYID_MASK;
    if (mask == CIPHER_FAMILYID_MASK) {
        /*
         * This call signifies that all preferences have been set.
         * Move "newprefs" over, after checking first whether or
         * not the new ones are different from the old ones.
         */
        if (smime_prefs != NULL) {
            if (PORT_Memcmp(smime_prefs, smime_newprefs,
                            smime_symmetric_count * sizeof(*smime_prefs)) == 0)
                smime_prefs_changed = PR_FALSE;
            else
                smime_prefs_changed = PR_TRUE;
            PORT_Free(smime_prefs);
        }

        smime_prefs = smime_newprefs;
        smime_prefs_complete = PR_TRUE;
        return SECSuccess;
    }

    PORT_Assert(mask == CIPHER_FAMILYID_SMIME);
    if (mask != CIPHER_FAMILYID_SMIME) {
        /* XXX set an error! */
        return SECFailure;
    }

    if (on) {
        PORT_Assert(smime_current_pref_index < smime_symmetric_count);
        if (smime_current_pref_index >= smime_symmetric_count) {
            /* XXX set an error! */
            return SECFailure;
        }

        smime_newprefs[smime_current_pref_index++] = which;
    }

    return SECSuccess;
}

/*
 * this function locally records the export policy
 */
SECStatus
SECMIME_SetPolicy(long which, int on)
{
    unsigned long mask;

    PORT_Assert((which & CIPHER_FAMILYID_MASK) == CIPHER_FAMILYID_SMIME);
    if ((which & CIPHER_FAMILYID_MASK) != CIPHER_FAMILYID_SMIME) {
        /* XXX set an error! */
        return SECFailure;
    }

    which &= ~CIPHER_FAMILYID_MASK;

    PORT_Assert(which < 32); /* bits in the long */
    if (which >= 32) {
        /* XXX set an error! */
        return SECFailure;
    }

    mask = 1UL << which;

    if (on) {
        smime_policy_bits |= mask;
    } else {
        smime_policy_bits &= ~mask;
    }

    return SECSuccess;
}

/*
 * Based on the given algorithm (including its parameters, in some cases!)
 * and the given key (may or may not be inspected, depending on the
 * algorithm), find the appropriate policy algorithm specification
 * and return it.  If no match can be made, -1 is returned.
 */
static long
smime_policy_algorithm(SECAlgorithmID *algid, PK11SymKey *key)
{
    SECOidTag algtag;

    algtag = SECOID_GetAlgorithmTag(algid);
    switch (algtag) {
        case SEC_OID_RC2_CBC: {
            unsigned int keylen_bits;

            keylen_bits = PK11_GetKeyStrength(key, algid);
            switch (keylen_bits) {
                case 40:
                    return SMIME_RC2_CBC_40;
                case 64:
                    return SMIME_RC2_CBC_64;
                case 128:
                    return SMIME_RC2_CBC_128;
                default:
                    break;
            }
        } break;
        case SEC_OID_DES_CBC:
            return SMIME_DES_CBC_56;
        case SEC_OID_DES_EDE3_CBC:
            return SMIME_DES_EDE3_168;
#ifdef SMIME_DOES_RC5
        case SEC_OID_RC5_CBC_PAD:
            PORT_Assert(0); /* XXX need to pull out parameters and match */
            break;
#endif
        default:
            break;
    }

    return -1;
}

static PRBool
smime_cipher_allowed(unsigned long which)
{
    unsigned long mask;

    which &= ~CIPHER_FAMILYID_MASK;
    PORT_Assert(which < 32); /* bits per long (min) */
    if (which >= 32)
        return PR_FALSE;

    mask = 1UL << which;
    if ((mask & smime_policy_bits) == 0)
        return PR_FALSE;

    return PR_TRUE;
}

PRBool
SECMIME_DecryptionAllowed(SECAlgorithmID *algid, PK11SymKey *key)
{
    long which;

    which = smime_policy_algorithm(algid, key);
    if (which < 0)
        return PR_FALSE;

    return smime_cipher_allowed((unsigned long)which);
}

/*
 * Does the current policy allow *any* S/MIME encryption (or decryption)?
 *
 * This tells whether or not *any* S/MIME encryption can be done,
 * according to policy.  Callers may use this to do nicer user interface
 * (say, greying out a checkbox so a user does not even try to encrypt
 * a message when they are not allowed to) or for any reason they want
 * to check whether S/MIME encryption (or decryption, for that matter)
 * may be done.
 *
 * It takes no arguments.  The return value is a simple boolean:
 *   PR_TRUE means encryption (or decryption) is *possible*
 *      (but may still fail due to other reasons, like because we cannot
 *      find all the necessary certs, etc.; PR_TRUE is *not* a guarantee)
 *   PR_FALSE means encryption (or decryption) is not permitted
 *
 * There are no errors from this routine.
 */
PRBool
SECMIME_EncryptionPossible(void)
{
    if (smime_policy_bits != 0)
        return PR_TRUE;

    return PR_FALSE;
}

/*
 * XXX Would like the "parameters" field to be a SECItem *, but the
 * encoder is having trouble with optional pointers to an ANY.  Maybe
 * once that is fixed, can change this back...
 */
typedef struct smime_capability_struct {
    unsigned long cipher; /* local; not part of encoding */
    SECOidTag capIDTag;   /* local; not part of encoding */
    SECItem capabilityID;
    SECItem parameters;
} smime_capability;

static const SEC_ASN1Template smime_capability_template[] = {
    { SEC_ASN1_SEQUENCE,
      0, NULL, sizeof(smime_capability) },
    { SEC_ASN1_OBJECT_ID,
      offsetof(smime_capability, capabilityID) },
    { SEC_ASN1_OPTIONAL | SEC_ASN1_ANY,
      offsetof(smime_capability, parameters) },
    { 0 }
};

static const SEC_ASN1Template smime_capabilities_template[] = {
    { SEC_ASN1_SEQUENCE_OF, 0, smime_capability_template }
};

static void
smime_fill_capability(smime_capability *cap)
{
    unsigned long cipher;
    SECOidTag algtag;
    int i;

    algtag = SECOID_FindOIDTag(&(cap->capabilityID));

    for (i = 0; i < smime_symmetric_count; i++) {
        if (smime_cipher_maps[i].algtag != algtag)
            continue;
        /*
         * XXX If SECITEM_CompareItem allowed NULLs as arguments (comparing
         * 2 NULLs as equal and NULL and non-NULL as not equal), we could
         * use that here instead of all of the following comparison code.
         */
        if (cap->parameters.data != NULL) {
            if (smime_cipher_maps[i].parms == NULL)
                continue;
            if (cap->parameters.len != smime_cipher_maps[i].parms->len)
                continue;
            if (PORT_Memcmp(cap->parameters.data,
                            smime_cipher_maps[i].parms->data,
                            cap->parameters.len) == 0)
                break;
        } else if (smime_cipher_maps[i].parms == NULL) {
            break;
        }
    }

    if (i == smime_symmetric_count)
        cipher = 0;
    else
        cipher = smime_cipher_maps[i].cipher;

    cap->cipher = cipher;
    cap->capIDTag = algtag;
}

static long
smime_choose_cipher(CERTCertificate *scert, CERTCertificate **rcerts)
{
    PLArenaPool *poolp;
    long chosen_cipher;
    int *cipher_abilities;
    int *cipher_votes;
    int strong_mapi;
    int rcount, mapi, max;

    if (smime_policy_bits == 0) {
        PORT_SetError(SEC_ERROR_BAD_EXPORT_ALGORITHM);
        return -1;
    }

    chosen_cipher = SMIME_RC2_CBC_40; /* the default, LCD */

    poolp = PORT_NewArena(1024); /* XXX what is right value? */
    if (poolp == NULL)
        goto done;

    cipher_abilities = (int *)PORT_ArenaZAlloc(poolp,
                                               smime_symmetric_count * sizeof(int));
    if (cipher_abilities == NULL)
        goto done;

    cipher_votes = (int *)PORT_ArenaZAlloc(poolp,
                                           smime_symmetric_count * sizeof(int));
    if (cipher_votes == NULL)
        goto done;

    /*
     * XXX Should have a #define somewhere which specifies default
     * strong cipher.  (Or better, a way to configure.)
     */

    /* Make triple-DES the strong cipher. */
    strong_mapi = smime_mapi_by_cipher(SMIME_DES_EDE3_168);

    PORT_Assert(strong_mapi >= 0);

    for (rcount = 0; rcerts[rcount] != NULL; rcount++) {
        SECItem *profile;
        smime_capability **caps;
        int capi, pref;
        SECStatus dstat;

        pref = smime_symmetric_count;
        profile = CERT_FindSMimeProfile(rcerts[rcount]);
        if (profile != NULL && profile->data != NULL && profile->len > 0) {
            caps = NULL;
            dstat = SEC_QuickDERDecodeItem(poolp, &caps,
                                           smime_capabilities_template,
                                           profile);
            if (dstat == SECSuccess && caps != NULL) {
                for (capi = 0; caps[capi] != NULL; capi++) {
                    smime_fill_capability(caps[capi]);
                    mapi = smime_mapi_by_cipher(caps[capi]->cipher);
                    if (mapi >= 0) {
                        cipher_abilities[mapi]++;
                        cipher_votes[mapi] += pref;
                        --pref;
                    }
                }
            }
        } else {
            SECKEYPublicKey *key;
            unsigned int pklen_bits;

            /*
             * XXX This is probably only good for RSA keys.  What I would
             * really like is a function to just say;  Is the public key in
             * this cert an export-length key?  Then I would not have to
             * know things like the value 512, or the kind of key, or what
             * a subjectPublicKeyInfo is, etc.
             */
            key = CERT_ExtractPublicKey(rcerts[rcount]);
            if (key != NULL) {
                pklen_bits = SECKEY_PublicKeyStrength(key) * 8;
                SECKEY_DestroyPublicKey(key);

                if (pklen_bits > 512) {
                    cipher_abilities[strong_mapi]++;
                    cipher_votes[strong_mapi] += pref;
                }
            }
        }
        if (profile != NULL)
            SECITEM_FreeItem(profile, PR_TRUE);
    }

    max = 0;
    for (mapi = 0; mapi < smime_symmetric_count; mapi++) {
        if (cipher_abilities[mapi] != rcount)
            continue;
        if (!smime_cipher_allowed(smime_cipher_maps[mapi].cipher))
            continue;
        if (cipher_votes[mapi] > max) {
            chosen_cipher = smime_cipher_maps[mapi].cipher;
            max = cipher_votes[mapi];
        } /* XXX else if a tie, let scert break it? */
    }

done:
    if (poolp != NULL)
        PORT_FreeArena(poolp, PR_FALSE);

    return chosen_cipher;
}

/*
 * XXX This is a hack for now to satisfy our current interface.
 * Eventually, with more parameters needing to be specified, just
 * looking up the keysize is not going to be sufficient.
 */
static int
smime_keysize_by_cipher(unsigned long which)
{
    int keysize;

    switch (which) {
        case SMIME_RC2_CBC_40:
            keysize = 40;
            break;
        case SMIME_RC2_CBC_64:
            keysize = 64;
            break;
        case SMIME_RC2_CBC_128:
            keysize = 128;
            break;
#ifdef SMIME_DOES_RC5
        case SMIME_RC5PAD_64_16_40:
        case SMIME_RC5PAD_64_16_64:
        case SMIME_RC5PAD_64_16_128:
            /* XXX See comment above; keysize is not enough... */
            PORT_Assert(0);
            PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
            keysize = -1;
            break;
#endif
        case SMIME_DES_CBC_56:
        case SMIME_DES_EDE3_168:
            /*
             * These are special; since the key size is fixed, we actually
             * want to *avoid* specifying a key size.
             */
            keysize = 0;
            break;
        default:
            keysize = -1;
            break;
    }

    return keysize;
}

/*
 * Start an S/MIME encrypting context.
 *
 * "scert" is the cert for the sender.  It will be checked for validity.
 * "rcerts" are the certs for the recipients.  They will also be checked.
 *
 * "certdb" is the cert database to use for verifying the certs.
 * It can be NULL if a default database is available (like in the client).
 *
 * This function already does all of the stuff specific to S/MIME protocol
 * and local policy; the return value just needs to be passed to
 * SEC_PKCS7Encode() or to SEC_PKCS7EncoderStart() to create the encoded data,
 * and finally to SEC_PKCS7DestroyContentInfo().
 *
 * An error results in a return value of NULL and an error set.
 * (Retrieve specific errors via PORT_GetError()/XP_GetError().)
 */
SEC_PKCS7ContentInfo *
SECMIME_CreateEncrypted(CERTCertificate *scert,
                        CERTCertificate **rcerts,
                        CERTCertDBHandle *certdb,
                        SECKEYGetPasswordKey pwfn,
                        void *pwfn_arg)
{
    SEC_PKCS7ContentInfo *cinfo;
    long cipher;
    SECOidTag encalg;
    int keysize;
    int mapi, rci;

    cipher = smime_choose_cipher(scert, rcerts);
    if (cipher < 0)
        return NULL;

    mapi = smime_mapi_by_cipher(cipher);
    if (mapi < 0)
        return NULL;

    /*
     * XXX This is stretching it -- CreateEnvelopedData should probably
     * take a cipher itself of some sort, because we cannot know what the
     * future will bring in terms of parameters for each type of algorithm.
     * For example, just an algorithm and keysize is *not* sufficient to
     * fully specify the usage of RC5 (which also needs to know rounds and
     * block size).  Work this out into a better API!
     */
    encalg = smime_cipher_maps[mapi].algtag;
    keysize = smime_keysize_by_cipher(cipher);
    if (keysize < 0)
        return NULL;

    cinfo = SEC_PKCS7CreateEnvelopedData(scert, certUsageEmailRecipient,
                                         certdb, encalg, keysize,
                                         pwfn, pwfn_arg);
    if (cinfo == NULL)
        return NULL;

    for (rci = 0; rcerts[rci] != NULL; rci++) {
        if (rcerts[rci] == scert)
            continue;
        if (SEC_PKCS7AddRecipient(cinfo, rcerts[rci], certUsageEmailRecipient,
                                  NULL) != SECSuccess) {
            SEC_PKCS7DestroyContentInfo(cinfo);
            return NULL;
        }
    }

    return cinfo;
}

static smime_capability **smime_capabilities;
static SECItem *smime_encoded_caps;

static SECStatus
smime_init_caps(void)
{
    smime_capability *cap;
    smime_cipher_map *map;
    SECOidData *oiddata;
    SECStatus rv;
    int i;

    if (smime_encoded_caps != NULL && (!smime_prefs_changed))
        return SECSuccess;

    if (smime_encoded_caps != NULL) {
        SECITEM_FreeItem(smime_encoded_caps, PR_TRUE);
        smime_encoded_caps = NULL;
    }

    if (smime_capabilities == NULL) {
        smime_capabilities = (smime_capability **)PORT_ZAlloc(
            (smime_symmetric_count + 1) * sizeof(smime_capability *));
        if (smime_capabilities == NULL)
            return SECFailure;
    }

    rv = SECFailure;

    /*
       The process of creating the encoded PKCS7 cipher capability list
       involves two basic steps:

       (a) Convert our internal representation of cipher preferences
           (smime_prefs) into an array containing cipher OIDs and
           parameter data (smime_capabilities). This step is
           performed here.

       (b) Encode, using ASN.1, the cipher information in
           smime_capabilities, leaving the encoded result in
           smime_encoded_caps.

       (In the process of performing (a), Lisa put in some optimizations
       which allow us to avoid needlessly re-populating elements in
       smime_capabilities as we walk through smime_prefs.)
    */
    for (i = 0; i < smime_current_pref_index; i++) {
        int mapi;

        /* Get the next cipher preference in smime_prefs. */
        mapi = smime_mapi_by_cipher(smime_prefs[i]);
        if (mapi < 0)
            break;

        /* Find the corresponding entry in the cipher map. */
        PORT_Assert(mapi < smime_symmetric_count);
        map = &(smime_cipher_maps[mapi]);

        /*
         * Convert the next preference found in smime_prefs into an
         * smime_capability.
         */

        cap = smime_capabilities[i];
        if (cap == NULL) {
            cap = (smime_capability *)PORT_ZAlloc(sizeof(smime_capability));
            if (cap == NULL)
                break;
            smime_capabilities[i] = cap;
        } else if (cap->cipher == smime_prefs[i]) {
            continue; /* no change to this one */
        }

        cap->capIDTag = map->algtag;
        oiddata = SECOID_FindOIDByTag(map->algtag);
        if (oiddata == NULL)
            break;

        if (cap->capabilityID.data != NULL) {
            SECITEM_FreeItem(&(cap->capabilityID), PR_FALSE);
            cap->capabilityID.data = NULL;
            cap->capabilityID.len = 0;
        }

        rv = SECITEM_CopyItem(NULL, &(cap->capabilityID), &(oiddata->oid));
        if (rv != SECSuccess)
            break;

        if (map->parms == NULL) {
            cap->parameters.data = NULL;
            cap->parameters.len = 0;
        } else {
            cap->parameters.data = map->parms->data;
            cap->parameters.len = map->parms->len;
        }

        cap->cipher = smime_prefs[i];
    }

    if (i != smime_current_pref_index)
        return rv;

    while (i < smime_symmetric_count) {
        cap = smime_capabilities[i];
        if (cap != NULL) {
            SECITEM_FreeItem(&(cap->capabilityID), PR_FALSE);
            PORT_Free(cap);
        }
        smime_capabilities[i] = NULL;
        i++;
    }
    smime_capabilities[i] = NULL;

    smime_encoded_caps = SEC_ASN1EncodeItem(NULL, NULL, &smime_capabilities,
                                            smime_capabilities_template);
    if (smime_encoded_caps == NULL)
        return SECFailure;

    return SECSuccess;
}

static SECStatus
smime_add_profile(CERTCertificate *cert, SEC_PKCS7ContentInfo *cinfo)
{
    PORT_Assert(smime_prefs_complete);
    if (!smime_prefs_complete)
        return SECFailure;

    /* For that matter, if capabilities haven't been initialized yet,
       do so now. */
    if (smime_encoded_caps == NULL || smime_prefs_changed) {
        SECStatus rv;

        rv = smime_init_caps();
        if (rv != SECSuccess)
            return rv;

        PORT_Assert(smime_encoded_caps != NULL);
    }

    return SEC_PKCS7AddSignedAttribute(cinfo, SEC_OID_PKCS9_SMIME_CAPABILITIES,
                                       smime_encoded_caps);
}

/*
 * Start an S/MIME signing context.
 *
 * "scert" is the cert that will be used to sign the data.  It will be
 * checked for validity.
 *
 * "ecert" is the signer's encryption cert.  If it is different from
 * scert, then it will be included in the signed message so that the
 * recipient can save it for future encryptions.
 *
 * "certdb" is the cert database to use for verifying the cert.
 * It can be NULL if a default database is available (like in the client).
 *
 * "digestalg" names the digest algorithm (e.g. SEC_OID_SHA1).
 * XXX There should be SECMIME functions for hashing, or the hashing should
 * be built into this interface, which we would like because we would
 * support more smartcards that way, and then this argument should go away.)
 *
 * "digest" is the actual digest of the data.  It must be provided in
 * the case of detached data or NULL if the content will be included.
 *
 * This function already does all of the stuff specific to S/MIME protocol
 * and local policy; the return value just needs to be passed to
 * SEC_PKCS7Encode() or to SEC_PKCS7EncoderStart() to create the encoded data,
 * and finally to SEC_PKCS7DestroyContentInfo().
 *
 * An error results in a return value of NULL and an error set.
 * (Retrieve specific errors via PORT_GetError()/XP_GetError().)
 */

SEC_PKCS7ContentInfo *
SECMIME_CreateSigned(CERTCertificate *scert,
                     CERTCertificate *ecert,
                     CERTCertDBHandle *certdb,
                     SECOidTag digestalg,
                     SECItem *digest,
                     SECKEYGetPasswordKey pwfn,
                     void *pwfn_arg)
{
    SEC_PKCS7ContentInfo *cinfo;
    SECStatus rv;

    /* See note in header comment above about digestalg. */
    /* Doesn't explain this. PORT_Assert (digestalg == SEC_OID_SHA1); */

    cinfo = SEC_PKCS7CreateSignedData(scert, certUsageEmailSigner,
                                      certdb, digestalg, digest,
                                      pwfn, pwfn_arg);
    if (cinfo == NULL)
        return NULL;

    if (SEC_PKCS7IncludeCertChain(cinfo, NULL) != SECSuccess) {
        SEC_PKCS7DestroyContentInfo(cinfo);
        return NULL;
    }

    /* if the encryption cert and the signing cert differ, then include
     * the encryption cert too.
     */
    /* it is ok to compare the pointers since we ref count, and the same
     * cert will always have the same pointer
     */
    if ((ecert != NULL) && (ecert != scert)) {
        rv = SEC_PKCS7AddCertificate(cinfo, ecert);
        if (rv != SECSuccess) {
            SEC_PKCS7DestroyContentInfo(cinfo);
            return NULL;
        }
    }
    /*
     * Add the signing time.  But if it fails for some reason,
     * may as well not give up altogether -- just assert.
     */
    rv = SEC_PKCS7AddSigningTime(cinfo);
    PORT_Assert(rv == SECSuccess);

    /*
     * Add the email profile.  Again, if it fails for some reason,
     * may as well not give up altogether -- just assert.
     */
    rv = smime_add_profile(ecert, cinfo);
    PORT_Assert(rv == SECSuccess);

    return cinfo;
}