1/* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4
5/*
6 * Header for pkcs7 types.
7 */
8
9#ifndef _PKCS7T_H_
10#define _PKCS7T_H_
11
12#include "plarena.h"
13
14#include "seccomon.h"
15#include "secoidt.h"
16#include "certt.h"
17#include "secmodt.h"
18
19/* Opaque objects */
20typedef struct SEC_PKCS7DecoderContextStr SEC_PKCS7DecoderContext;
21typedef struct SEC_PKCS7EncoderContextStr SEC_PKCS7EncoderContext;
22
23/* legacy defines that haven't been active for years */
24typedef void *(*SECKEYGetPasswordKey)(void *arg, void *handle);
25
26/* Non-opaque objects. NOTE, though: I want them to be treated as
27 * opaque as much as possible. If I could hide them completely,
28 * I would. (I tried, but ran into trouble that was taking me too
29 * much time to get out of.) I still intend to try to do so.
30 * In fact, the only type that "outsiders" should even *name* is
31 * SEC_PKCS7ContentInfo, and they should not reference its fields.
32 */
33/* rjr: PKCS #11 cert handling (pk11cert.c) does use SEC_PKCS7RecipientInfo's.
34 * This is because when we search the recipient list for the cert and key we
35 * want, we need to invert the order of the loops we used to have. The old
36 * loops were:
37 *
38 * For each recipient {
39 * find_cert = PK11_Find_AllCert(recipient->issuerSN);
40 * [which unrolls to... ]
41 * For each slot {
42 * Log into slot;
43 * search slot for cert;
44 * }
45 * }
46 *
47 * the new loop searchs all the recipients at once on a slot. this allows
48 * PKCS #11 to order slots in such a way that logout slots don't get checked
49 * if we can find the cert on a logged in slot. This eliminates lots of
50 * spurious password prompts when smart cards are installed... so why this
51 * comment? If you make SEC_PKCS7RecipientInfo completely opaque, you need
52 * to provide a non-opaque list of issuerSN's (the only field PKCS#11 needs
53 * and fix up pk11cert.c first. NOTE: Only S/MIME calls this special PKCS #11
54 * function.
55 */
56typedef struct SEC_PKCS7ContentInfoStr SEC_PKCS7ContentInfo;
57typedef struct SEC_PKCS7SignedDataStr SEC_PKCS7SignedData;
58typedef struct SEC_PKCS7EncryptedContentInfoStr SEC_PKCS7EncryptedContentInfo;
59typedef struct SEC_PKCS7EnvelopedDataStr SEC_PKCS7EnvelopedData;
60typedef struct SEC_PKCS7SignedAndEnvelopedDataStr
61 SEC_PKCS7SignedAndEnvelopedData;
62typedef struct SEC_PKCS7SignerInfoStr SEC_PKCS7SignerInfo;
63typedef struct SEC_PKCS7RecipientInfoStr SEC_PKCS7RecipientInfo;
64typedef struct SEC_PKCS7DigestedDataStr SEC_PKCS7DigestedData;
65typedef struct SEC_PKCS7EncryptedDataStr SEC_PKCS7EncryptedData;
66/*
67 * The following is not actually a PKCS7 type, but for now it is only
68 * used by PKCS7, so we have adopted it. If someone else *ever* needs
69 * it, its name should be changed and it should be moved out of here.
70 * Do not dare to use it without doing so!
71 */
72typedef struct SEC_PKCS7AttributeStr SEC_PKCS7Attribute;
73
74struct SEC_PKCS7ContentInfoStr {
75 PLArenaPool *poolp; /* local; not part of encoding */
76 PRBool created; /* local; not part of encoding */
77 int refCount; /* local; not part of encoding */
78 SECOidData *contentTypeTag; /* local; not part of encoding */
79 SECKEYGetPasswordKey pwfn; /* local; not part of encoding */
80 void *pwfn_arg; /* local; not part of encoding */
81 SECItem contentType;
82 union {
83 SECItem *data;
84 SEC_PKCS7DigestedData *digestedData;
85 SEC_PKCS7EncryptedData *encryptedData;
86 SEC_PKCS7EnvelopedData *envelopedData;
87 SEC_PKCS7SignedData *signedData;
88 SEC_PKCS7SignedAndEnvelopedData *signedAndEnvelopedData;
89 } content;
90};
91
92struct SEC_PKCS7SignedDataStr {
93 SECItem version;
94 SECAlgorithmID **digestAlgorithms;
95 SEC_PKCS7ContentInfo contentInfo;
96 SECItem **rawCerts;
97 CERTSignedCrl **crls;
98 SEC_PKCS7SignerInfo **signerInfos;
99 SECItem **digests; /* local; not part of encoding */
100 CERTCertificate **certs; /* local; not part of encoding */
101 CERTCertificateList **certLists; /* local; not part of encoding */
102};
103#define SEC_PKCS7_SIGNED_DATA_VERSION 1 /* what we *create* */
104
105struct SEC_PKCS7EncryptedContentInfoStr {
106 SECOidData *contentTypeTag; /* local; not part of encoding */
107 SECItem contentType;
108 SECAlgorithmID contentEncAlg;
109 SECItem encContent;
110 SECItem plainContent; /* local; not part of encoding */
111 /* bytes not encrypted, but encoded */
112 int keysize; /* local; not part of encoding */
113 /* size of bulk encryption key
114 * (only used by creation code) */
115 SECOidTag encalg; /* local; not part of encoding */
116 /* oid tag of encryption algorithm
117 * (only used by creation code) */
118};
119
120struct SEC_PKCS7EnvelopedDataStr {
121 SECItem version;
122 SEC_PKCS7RecipientInfo **recipientInfos;
123 SEC_PKCS7EncryptedContentInfo encContentInfo;
124};
125#define SEC_PKCS7_ENVELOPED_DATA_VERSION 0 /* what we *create* */
126
127struct SEC_PKCS7SignedAndEnvelopedDataStr {
128 SECItem version;
129 SEC_PKCS7RecipientInfo **recipientInfos;
130 SECAlgorithmID **digestAlgorithms;
131 SEC_PKCS7EncryptedContentInfo encContentInfo;
132 SECItem **rawCerts;
133 CERTSignedCrl **crls;
134 SEC_PKCS7SignerInfo **signerInfos;
135 SECItem **digests; /* local; not part of encoding */
136 CERTCertificate **certs; /* local; not part of encoding */
137 CERTCertificateList **certLists; /* local; not part of encoding */
138 PK11SymKey *sigKey; /* local; not part of encoding */
139};
140#define SEC_PKCS7_SIGNED_AND_ENVELOPED_DATA_VERSION 1 /* what we *create* */
141
142struct SEC_PKCS7SignerInfoStr {
143 SECItem version;
144 CERTIssuerAndSN *issuerAndSN;
145 SECAlgorithmID digestAlg;
146 SEC_PKCS7Attribute **authAttr;
147 SECAlgorithmID digestEncAlg;
148 SECItem encDigest;
149 SEC_PKCS7Attribute **unAuthAttr;
150 CERTCertificate *cert; /* local; not part of encoding */
151 CERTCertificateList *certList; /* local; not part of encoding */
152};
153#define SEC_PKCS7_SIGNER_INFO_VERSION 1 /* what we *create* */
154
155struct SEC_PKCS7RecipientInfoStr {
156 SECItem version;
157 CERTIssuerAndSN *issuerAndSN;
158 SECAlgorithmID keyEncAlg;
159 SECItem encKey;
160 CERTCertificate *cert; /* local; not part of encoding */
161};
162#define SEC_PKCS7_RECIPIENT_INFO_VERSION 0 /* what we *create* */
163
164struct SEC_PKCS7DigestedDataStr {
165 SECItem version;
166 SECAlgorithmID digestAlg;
167 SEC_PKCS7ContentInfo contentInfo;
168 SECItem digest;
169};
170#define SEC_PKCS7_DIGESTED_DATA_VERSION 0 /* what we *create* */
171
172struct SEC_PKCS7EncryptedDataStr {
173 SECItem version;
174 SEC_PKCS7EncryptedContentInfo encContentInfo;
175};
176#define SEC_PKCS7_ENCRYPTED_DATA_VERSION 0 /* what we *create* */
177
178/*
179 * See comment above about this type not really belonging to PKCS7.
180 */
181struct SEC_PKCS7AttributeStr {
182 /* The following fields make up an encoded Attribute: */
183 SECItem type;
184 SECItem **values; /* data may or may not be encoded */
185 /* The following fields are not part of an encoded Attribute: */
186 SECOidData *typeTag;
187 PRBool encoded; /* when true, values are encoded */
188};
189
190/*
191 * Type of function passed to SEC_PKCS7Decode or SEC_PKCS7DecoderStart.
192 * If specified, this is where the content bytes (only) will be "sent"
193 * as they are recovered during the decoding.
194 *
195 * XXX Should just combine this with SEC_PKCS7EncoderContentCallback type
196 * and use a simpler, common name.
197 */
198typedef void (*SEC_PKCS7DecoderContentCallback)(void *arg,
199 const char *buf,
200 unsigned long len);
201
202/*
203 * Type of function passed to SEC_PKCS7Encode or SEC_PKCS7EncoderStart.
204 * This is where the encoded bytes will be "sent".
205 *
206 * XXX Should just combine this with SEC_PKCS7DecoderContentCallback type
207 * and use a simpler, common name.
208 */
209typedef void (*SEC_PKCS7EncoderOutputCallback)(void *arg,
210 const char *buf,
211 unsigned long len);
212
213/*
214 * Type of function passed to SEC_PKCS7Decode or SEC_PKCS7DecoderStart
215 * to retrieve the decryption key. This function is inteded to be
216 * used for EncryptedData content info's which do not have a key available
217 * in a certificate, etc.
218 */
219typedef PK11SymKey *(*SEC_PKCS7GetDecryptKeyCallback)(void *arg,
220 SECAlgorithmID *algid);
221
222/*
223 * Type of function passed to SEC_PKCS7Decode or SEC_PKCS7DecoderStart.
224 * This function in intended to be used to verify that decrypting a
225 * particular crypto algorithm is allowed. Content types which do not
226 * require decryption will not need the callback. If the callback
227 * is not specified for content types which require decryption, the
228 * decryption will be disallowed.
229 */
230typedef PRBool (*SEC_PKCS7DecryptionAllowedCallback)(SECAlgorithmID *algid,
231 PK11SymKey *bulkkey);
232
233#endif /* _PKCS7T_H_ */
234

source code of include/nss/pkcs7t.h