1 | /* This Source Code Form is subject to the terms of the Mozilla Public |
2 | * License, v. 2.0. If a copy of the MPL was not distributed with this |
3 | * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
4 | |
5 | /* |
6 | * Header for pkcs7 types. |
7 | */ |
8 | |
9 | #ifndef _PKCS7T_H_ |
10 | #define _PKCS7T_H_ |
11 | |
12 | #include "plarena.h" |
13 | |
14 | #include "seccomon.h" |
15 | #include "secoidt.h" |
16 | #include "certt.h" |
17 | #include "secmodt.h" |
18 | |
19 | /* Opaque objects */ |
20 | typedef struct SEC_PKCS7DecoderContextStr SEC_PKCS7DecoderContext; |
21 | typedef struct SEC_PKCS7EncoderContextStr SEC_PKCS7EncoderContext; |
22 | |
23 | /* legacy defines that haven't been active for years */ |
24 | typedef void *(*SECKEYGetPasswordKey)(void *arg, void *handle); |
25 | |
26 | /* Non-opaque objects. NOTE, though: I want them to be treated as |
27 | * opaque as much as possible. If I could hide them completely, |
28 | * I would. (I tried, but ran into trouble that was taking me too |
29 | * much time to get out of.) I still intend to try to do so. |
30 | * In fact, the only type that "outsiders" should even *name* is |
31 | * SEC_PKCS7ContentInfo, and they should not reference its fields. |
32 | */ |
33 | /* rjr: PKCS #11 cert handling (pk11cert.c) does use SEC_PKCS7RecipientInfo's. |
34 | * This is because when we search the recipient list for the cert and key we |
35 | * want, we need to invert the order of the loops we used to have. The old |
36 | * loops were: |
37 | * |
38 | * For each recipient { |
39 | * find_cert = PK11_Find_AllCert(recipient->issuerSN); |
40 | * [which unrolls to... ] |
41 | * For each slot { |
42 | * Log into slot; |
43 | * search slot for cert; |
44 | * } |
45 | * } |
46 | * |
47 | * the new loop searchs all the recipients at once on a slot. this allows |
48 | * PKCS #11 to order slots in such a way that logout slots don't get checked |
49 | * if we can find the cert on a logged in slot. This eliminates lots of |
50 | * spurious password prompts when smart cards are installed... so why this |
51 | * comment? If you make SEC_PKCS7RecipientInfo completely opaque, you need |
52 | * to provide a non-opaque list of issuerSN's (the only field PKCS#11 needs |
53 | * and fix up pk11cert.c first. NOTE: Only S/MIME calls this special PKCS #11 |
54 | * function. |
55 | */ |
56 | typedef struct SEC_PKCS7ContentInfoStr SEC_PKCS7ContentInfo; |
57 | typedef struct SEC_PKCS7SignedDataStr SEC_PKCS7SignedData; |
58 | typedef struct SEC_PKCS7EncryptedContentInfoStr SEC_PKCS7EncryptedContentInfo; |
59 | typedef struct SEC_PKCS7EnvelopedDataStr SEC_PKCS7EnvelopedData; |
60 | typedef struct SEC_PKCS7SignedAndEnvelopedDataStr |
61 | SEC_PKCS7SignedAndEnvelopedData; |
62 | typedef struct SEC_PKCS7SignerInfoStr SEC_PKCS7SignerInfo; |
63 | typedef struct SEC_PKCS7RecipientInfoStr SEC_PKCS7RecipientInfo; |
64 | typedef struct SEC_PKCS7DigestedDataStr SEC_PKCS7DigestedData; |
65 | typedef struct SEC_PKCS7EncryptedDataStr SEC_PKCS7EncryptedData; |
66 | /* |
67 | * The following is not actually a PKCS7 type, but for now it is only |
68 | * used by PKCS7, so we have adopted it. If someone else *ever* needs |
69 | * it, its name should be changed and it should be moved out of here. |
70 | * Do not dare to use it without doing so! |
71 | */ |
72 | typedef struct SEC_PKCS7AttributeStr SEC_PKCS7Attribute; |
73 | |
74 | struct SEC_PKCS7ContentInfoStr { |
75 | PLArenaPool *poolp; /* local; not part of encoding */ |
76 | PRBool created; /* local; not part of encoding */ |
77 | int refCount; /* local; not part of encoding */ |
78 | SECOidData *contentTypeTag; /* local; not part of encoding */ |
79 | SECKEYGetPasswordKey pwfn; /* local; not part of encoding */ |
80 | void *pwfn_arg; /* local; not part of encoding */ |
81 | SECItem contentType; |
82 | union { |
83 | SECItem *data; |
84 | SEC_PKCS7DigestedData *digestedData; |
85 | SEC_PKCS7EncryptedData *encryptedData; |
86 | SEC_PKCS7EnvelopedData *envelopedData; |
87 | SEC_PKCS7SignedData *signedData; |
88 | SEC_PKCS7SignedAndEnvelopedData *signedAndEnvelopedData; |
89 | } content; |
90 | }; |
91 | |
92 | struct SEC_PKCS7SignedDataStr { |
93 | SECItem version; |
94 | SECAlgorithmID **digestAlgorithms; |
95 | SEC_PKCS7ContentInfo contentInfo; |
96 | SECItem **rawCerts; |
97 | CERTSignedCrl **crls; |
98 | SEC_PKCS7SignerInfo **signerInfos; |
99 | SECItem **digests; /* local; not part of encoding */ |
100 | CERTCertificate **certs; /* local; not part of encoding */ |
101 | CERTCertificateList **certLists; /* local; not part of encoding */ |
102 | }; |
103 | #define SEC_PKCS7_SIGNED_DATA_VERSION 1 /* what we *create* */ |
104 | |
105 | struct SEC_PKCS7EncryptedContentInfoStr { |
106 | SECOidData *contentTypeTag; /* local; not part of encoding */ |
107 | SECItem contentType; |
108 | SECAlgorithmID contentEncAlg; |
109 | SECItem encContent; |
110 | SECItem plainContent; /* local; not part of encoding */ |
111 | /* bytes not encrypted, but encoded */ |
112 | int keysize; /* local; not part of encoding */ |
113 | /* size of bulk encryption key |
114 | * (only used by creation code) */ |
115 | SECOidTag encalg; /* local; not part of encoding */ |
116 | /* oid tag of encryption algorithm |
117 | * (only used by creation code) */ |
118 | }; |
119 | |
120 | struct SEC_PKCS7EnvelopedDataStr { |
121 | SECItem version; |
122 | SEC_PKCS7RecipientInfo **recipientInfos; |
123 | SEC_PKCS7EncryptedContentInfo encContentInfo; |
124 | }; |
125 | #define SEC_PKCS7_ENVELOPED_DATA_VERSION 0 /* what we *create* */ |
126 | |
127 | struct SEC_PKCS7SignedAndEnvelopedDataStr { |
128 | SECItem version; |
129 | SEC_PKCS7RecipientInfo **recipientInfos; |
130 | SECAlgorithmID **digestAlgorithms; |
131 | SEC_PKCS7EncryptedContentInfo encContentInfo; |
132 | SECItem **rawCerts; |
133 | CERTSignedCrl **crls; |
134 | SEC_PKCS7SignerInfo **signerInfos; |
135 | SECItem **digests; /* local; not part of encoding */ |
136 | CERTCertificate **certs; /* local; not part of encoding */ |
137 | CERTCertificateList **certLists; /* local; not part of encoding */ |
138 | PK11SymKey *sigKey; /* local; not part of encoding */ |
139 | }; |
140 | #define SEC_PKCS7_SIGNED_AND_ENVELOPED_DATA_VERSION 1 /* what we *create* */ |
141 | |
142 | struct SEC_PKCS7SignerInfoStr { |
143 | SECItem version; |
144 | CERTIssuerAndSN *issuerAndSN; |
145 | SECAlgorithmID digestAlg; |
146 | SEC_PKCS7Attribute **authAttr; |
147 | SECAlgorithmID digestEncAlg; |
148 | SECItem encDigest; |
149 | SEC_PKCS7Attribute **unAuthAttr; |
150 | CERTCertificate *cert; /* local; not part of encoding */ |
151 | CERTCertificateList *certList; /* local; not part of encoding */ |
152 | }; |
153 | #define SEC_PKCS7_SIGNER_INFO_VERSION 1 /* what we *create* */ |
154 | |
155 | struct SEC_PKCS7RecipientInfoStr { |
156 | SECItem version; |
157 | CERTIssuerAndSN *issuerAndSN; |
158 | SECAlgorithmID keyEncAlg; |
159 | SECItem encKey; |
160 | CERTCertificate *cert; /* local; not part of encoding */ |
161 | }; |
162 | #define SEC_PKCS7_RECIPIENT_INFO_VERSION 0 /* what we *create* */ |
163 | |
164 | struct SEC_PKCS7DigestedDataStr { |
165 | SECItem version; |
166 | SECAlgorithmID digestAlg; |
167 | SEC_PKCS7ContentInfo contentInfo; |
168 | SECItem digest; |
169 | }; |
170 | #define SEC_PKCS7_DIGESTED_DATA_VERSION 0 /* what we *create* */ |
171 | |
172 | struct SEC_PKCS7EncryptedDataStr { |
173 | SECItem version; |
174 | SEC_PKCS7EncryptedContentInfo encContentInfo; |
175 | }; |
176 | #define SEC_PKCS7_ENCRYPTED_DATA_VERSION 0 /* what we *create* */ |
177 | |
178 | /* |
179 | * See comment above about this type not really belonging to PKCS7. |
180 | */ |
181 | struct SEC_PKCS7AttributeStr { |
182 | /* The following fields make up an encoded Attribute: */ |
183 | SECItem type; |
184 | SECItem **values; /* data may or may not be encoded */ |
185 | /* The following fields are not part of an encoded Attribute: */ |
186 | SECOidData *typeTag; |
187 | PRBool encoded; /* when true, values are encoded */ |
188 | }; |
189 | |
190 | /* |
191 | * Type of function passed to SEC_PKCS7Decode or SEC_PKCS7DecoderStart. |
192 | * If specified, this is where the content bytes (only) will be "sent" |
193 | * as they are recovered during the decoding. |
194 | * |
195 | * XXX Should just combine this with SEC_PKCS7EncoderContentCallback type |
196 | * and use a simpler, common name. |
197 | */ |
198 | typedef void (*SEC_PKCS7DecoderContentCallback)(void *arg, |
199 | const char *buf, |
200 | unsigned long len); |
201 | |
202 | /* |
203 | * Type of function passed to SEC_PKCS7Encode or SEC_PKCS7EncoderStart. |
204 | * This is where the encoded bytes will be "sent". |
205 | * |
206 | * XXX Should just combine this with SEC_PKCS7DecoderContentCallback type |
207 | * and use a simpler, common name. |
208 | */ |
209 | typedef void (*SEC_PKCS7EncoderOutputCallback)(void *arg, |
210 | const char *buf, |
211 | unsigned long len); |
212 | |
213 | /* |
214 | * Type of function passed to SEC_PKCS7Decode or SEC_PKCS7DecoderStart |
215 | * to retrieve the decryption key. This function is inteded to be |
216 | * used for EncryptedData content info's which do not have a key available |
217 | * in a certificate, etc. |
218 | */ |
219 | typedef PK11SymKey *(*SEC_PKCS7GetDecryptKeyCallback)(void *arg, |
220 | SECAlgorithmID *algid); |
221 | |
222 | /* |
223 | * Type of function passed to SEC_PKCS7Decode or SEC_PKCS7DecoderStart. |
224 | * This function in intended to be used to verify that decrypting a |
225 | * particular crypto algorithm is allowed. Content types which do not |
226 | * require decryption will not need the callback. If the callback |
227 | * is not specified for content types which require decryption, the |
228 | * decryption will be disallowed. |
229 | */ |
230 | typedef PRBool (*SEC_PKCS7DecryptionAllowedCallback)(SECAlgorithmID *algid, |
231 | PK11SymKey *bulkkey); |
232 | |
233 | #endif /* _PKCS7T_H_ */ |
234 | |