Back to index

lightning-sunbird  0.9+nobinonly
pkcs7t.h
Go to the documentation of this file.
00001 /* ***** BEGIN LICENSE BLOCK *****
00002  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
00003  *
00004  * The contents of this file are subject to the Mozilla Public License Version
00005  * 1.1 (the "License"); you may not use this file except in compliance with
00006  * the License. You may obtain a copy of the License at
00007  * http://www.mozilla.org/MPL/
00008  *
00009  * Software distributed under the License is distributed on an "AS IS" basis,
00010  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
00011  * for the specific language governing rights and limitations under the
00012  * License.
00013  *
00014  * The Original Code is the Netscape security libraries.
00015  *
00016  * The Initial Developer of the Original Code is
00017  * Netscape Communications Corporation.
00018  * Portions created by the Initial Developer are Copyright (C) 1994-2000
00019  * the Initial Developer. All Rights Reserved.
00020  *
00021  * Contributor(s):
00022  *
00023  * Alternatively, the contents of this file may be used under the terms of
00024  * either the GNU General Public License Version 2 or later (the "GPL"), or
00025  * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
00026  * in which case the provisions of the GPL or the LGPL are applicable instead
00027  * of those above. If you wish to allow use of your version of this file only
00028  * under the terms of either the GPL or the LGPL, and not to allow others to
00029  * use your version of this file under the terms of the MPL, indicate your
00030  * decision by deleting the provisions above and replace them with the notice
00031  * and other provisions required by the GPL or the LGPL. If you do not delete
00032  * the provisions above, a recipient may use your version of this file under
00033  * the terms of any one of the MPL, the GPL or the LGPL.
00034  *
00035  * ***** END LICENSE BLOCK ***** */
00036 
00037 /*
00038  * Header for pkcs7 types.
00039  *
00040  * $Id: pkcs7t.h,v 1.5 2004/04/25 15:03:13 gerv%gerv.net Exp $
00041  */
00042 
00043 #ifndef _PKCS7T_H_
00044 #define _PKCS7T_H_
00045 
00046 #include "plarena.h"
00047 
00048 #include "seccomon.h"
00049 #include "secoidt.h"
00050 #include "certt.h"
00051 #include "secmodt.h"
00052 
00053 /* Opaque objects */
00054 typedef struct SEC_PKCS7DecoderContextStr SEC_PKCS7DecoderContext;
00055 typedef struct SEC_PKCS7EncoderContextStr SEC_PKCS7EncoderContext;
00056 
00057 /* legacy defines that haven't been active for years */
00058 typedef void *(*SECKEYGetPasswordKey)(void *arg, void *handle);
00059 
00060 
00061 /* Non-opaque objects.  NOTE, though: I want them to be treated as
00062  * opaque as much as possible.  If I could hide them completely,
00063  * I would.  (I tried, but ran into trouble that was taking me too
00064  * much time to get out of.)  I still intend to try to do so.
00065  * In fact, the only type that "outsiders" should even *name* is
00066  * SEC_PKCS7ContentInfo, and they should not reference its fields.
00067  */
00068 /* rjr: PKCS #11 cert handling (pk11cert.c) does use SEC_PKCS7RecipientInfo's.
00069  * This is because when we search the recipient list for the cert and key we
00070  * want, we need to invert the order of the loops we used to have. The old
00071  * loops were:
00072  *
00073  *  For each recipient {
00074  *       find_cert = PK11_Find_AllCert(recipient->issuerSN);
00075  *       [which unrolls to... ]
00076  *       For each slot {
00077  *            Log into slot;
00078  *            search slot for cert;
00079  *      }
00080  *  }
00081  *
00082  *  the new loop searchs all the recipients at once on a slot. this allows
00083  *  PKCS #11 to order slots in such a way that logout slots don't get checked
00084  *  if we can find the cert on a logged in slot. This eliminates lots of
00085  *  spurious password prompts when smart cards are installed... so why this
00086  *  comment? If you make SEC_PKCS7RecipientInfo completely opaque, you need
00087  *  to provide a non-opaque list of issuerSN's (the only field PKCS#11 needs
00088  *  and fix up pk11cert.c first. NOTE: Only S/MIME calls this special PKCS #11
00089  *  function.
00090  */
00091 typedef struct SEC_PKCS7ContentInfoStr SEC_PKCS7ContentInfo;
00092 typedef struct SEC_PKCS7SignedDataStr SEC_PKCS7SignedData;
00093 typedef struct SEC_PKCS7EncryptedContentInfoStr SEC_PKCS7EncryptedContentInfo;
00094 typedef struct SEC_PKCS7EnvelopedDataStr SEC_PKCS7EnvelopedData;
00095 typedef struct SEC_PKCS7SignedAndEnvelopedDataStr
00096               SEC_PKCS7SignedAndEnvelopedData;
00097 typedef struct SEC_PKCS7SignerInfoStr SEC_PKCS7SignerInfo;
00098 typedef struct SEC_PKCS7RecipientInfoStr SEC_PKCS7RecipientInfo;
00099 typedef struct SEC_PKCS7DigestedDataStr SEC_PKCS7DigestedData;
00100 typedef struct SEC_PKCS7EncryptedDataStr SEC_PKCS7EncryptedData;
00101 typedef struct SEC_PKCS7SMIMEKEAParametersStr SEC_PKCS7SMIMEKEAParameters;
00102 /*
00103  * The following is not actually a PKCS7 type, but for now it is only
00104  * used by PKCS7, so we have adopted it.  If someone else *ever* needs
00105  * it, its name should be changed and it should be moved out of here.
00106  * Do not dare to use it without doing so!
00107  */
00108 typedef struct SEC_PKCS7AttributeStr SEC_PKCS7Attribute;
00109 
00110 struct SEC_PKCS7ContentInfoStr {
00111     PRArenaPool *poolp;                   /* local; not part of encoding */
00112     PRBool created;                /* local; not part of encoding */
00113     int refCount;                  /* local; not part of encoding */
00114     SECOidData *contentTypeTag;           /* local; not part of encoding */
00115     SECKEYGetPasswordKey pwfn;            /* local; not part of encoding */
00116     void *pwfn_arg;                /* local; not part of encoding */
00117     SECItem contentType;
00118     union {
00119        SECItem                            *data;
00120        SEC_PKCS7DigestedData              *digestedData;
00121        SEC_PKCS7EncryptedData             *encryptedData;
00122        SEC_PKCS7EnvelopedData             *envelopedData;
00123        SEC_PKCS7SignedData         *signedData;
00124        SEC_PKCS7SignedAndEnvelopedData    *signedAndEnvelopedData;
00125     } content;
00126 };
00127 
00128 struct SEC_PKCS7SignedDataStr {
00129     SECItem version;
00130     SECAlgorithmID **digestAlgorithms;
00131     SEC_PKCS7ContentInfo contentInfo;
00132     SECItem **rawCerts;
00133     CERTSignedCrl **crls;
00134     SEC_PKCS7SignerInfo **signerInfos;
00135     SECItem **digests;                    /* local; not part of encoding */
00136     CERTCertificate **certs;              /* local; not part of encoding */
00137     CERTCertificateList **certLists;      /* local; not part of encoding */
00138 };
00139 #define SEC_PKCS7_SIGNED_DATA_VERSION            1      /* what we *create* */
00140 
00141 struct SEC_PKCS7EncryptedContentInfoStr {
00142     SECOidData *contentTypeTag;           /* local; not part of encoding */
00143     SECItem contentType;
00144     SECAlgorithmID contentEncAlg;
00145     SECItem encContent;
00146     SECItem plainContent;          /* local; not part of encoding */
00147                                    /* bytes not encrypted, but encoded */
00148     int keysize;                   /* local; not part of encoding */
00149                                    /* size of bulk encryption key
00150                                     * (only used by creation code) */
00151     SECOidTag encalg;                     /* local; not part of encoding */
00152                                    /* oid tag of encryption algorithm
00153                                     * (only used by creation code) */
00154 };
00155 
00156 struct SEC_PKCS7EnvelopedDataStr {
00157     SECItem version;
00158     SEC_PKCS7RecipientInfo **recipientInfos;
00159     SEC_PKCS7EncryptedContentInfo encContentInfo;
00160 };
00161 #define SEC_PKCS7_ENVELOPED_DATA_VERSION  0      /* what we *create* */
00162 
00163 struct SEC_PKCS7SignedAndEnvelopedDataStr {
00164     SECItem version;
00165     SEC_PKCS7RecipientInfo **recipientInfos;
00166     SECAlgorithmID **digestAlgorithms;
00167     SEC_PKCS7EncryptedContentInfo encContentInfo;
00168     SECItem **rawCerts;
00169     CERTSignedCrl **crls;
00170     SEC_PKCS7SignerInfo **signerInfos;
00171     SECItem **digests;                    /* local; not part of encoding */
00172     CERTCertificate **certs;              /* local; not part of encoding */
00173     CERTCertificateList **certLists;      /* local; not part of encoding */
00174     PK11SymKey *sigKey;                   /* local; not part of encoding */
00175 };
00176 #define SEC_PKCS7_SIGNED_AND_ENVELOPED_DATA_VERSION 1   /* what we *create* */
00177 
00178 struct SEC_PKCS7SignerInfoStr {
00179     SECItem version;
00180     CERTIssuerAndSN *issuerAndSN;
00181     SECAlgorithmID digestAlg;
00182     SEC_PKCS7Attribute **authAttr;
00183     SECAlgorithmID digestEncAlg;
00184     SECItem encDigest;
00185     SEC_PKCS7Attribute **unAuthAttr;
00186     CERTCertificate *cert;         /* local; not part of encoding */
00187     CERTCertificateList *certList; /* local; not part of encoding */
00188 };
00189 #define SEC_PKCS7_SIGNER_INFO_VERSION            1      /* what we *create* */
00190 
00191 struct SEC_PKCS7RecipientInfoStr {
00192     SECItem version;
00193     CERTIssuerAndSN *issuerAndSN;
00194     SECAlgorithmID keyEncAlg;
00195     SECItem encKey;
00196     CERTCertificate *cert;         /* local; not part of encoding */
00197 };
00198 #define SEC_PKCS7_RECIPIENT_INFO_VERSION  0      /* what we *create* */
00199 
00200 struct SEC_PKCS7DigestedDataStr {
00201     SECItem version;
00202     SECAlgorithmID digestAlg;
00203     SEC_PKCS7ContentInfo contentInfo;
00204     SECItem digest;
00205 };
00206 #define SEC_PKCS7_DIGESTED_DATA_VERSION          0      /* what we *create* */
00207 
00208 struct SEC_PKCS7EncryptedDataStr {
00209     SECItem version;
00210     SEC_PKCS7EncryptedContentInfo encContentInfo;
00211 };
00212 #define SEC_PKCS7_ENCRYPTED_DATA_VERSION  0      /* what we *create* */
00213 
00214 /*
00215  * See comment above about this type not really belonging to PKCS7.
00216  */
00217 struct SEC_PKCS7AttributeStr {
00218     /* The following fields make up an encoded Attribute: */
00219     SECItem type;
00220     SECItem **values;       /* data may or may not be encoded */
00221     /* The following fields are not part of an encoded Attribute: */
00222     SECOidData *typeTag;
00223     PRBool encoded;  /* when true, values are encoded */
00224 };
00225 
00226 /* An enumerated type used to select templates based on the encryption
00227    scenario and data specifics. */
00228 typedef enum
00229 {
00230        SECKEAInvalid = -1,
00231        SECKEAUsesSkipjack = 0,
00232        SECKEAUsesNonSkipjack = 1,
00233        SECKEAUsesNonSkipjackWithPaddedEncKey = 2
00234 } SECKEATemplateSelector;
00235 
00236 /* ### mwelch - S/MIME KEA parameters. These don't really fit here,
00237                 but I cannot think of a more appropriate place at this time. */
00238 struct SEC_PKCS7SMIMEKEAParametersStr {
00239        SECItem originatorKEAKey;   /* sender KEA key (encrypted?) */
00240        SECItem originatorRA;              /* random number generated by sender */
00241        SECItem nonSkipjackIV;             /* init'n vector for SkipjackCBC64
00242                                       decryption of KEA key if Skipjack
00243                                       is not the bulk algorithm used on
00244                                       the message */
00245        SECItem bulkKeySize;        /* if Skipjack is not the bulk
00246                                       algorithm used on the message,
00247                                       and the size of the bulk encryption
00248                                       key is not the same as that of
00249                                       originatorKEAKey (due to padding
00250                                       perhaps), this field will contain
00251                                       the real size of the bulk encryption
00252                                       key. */
00253 };
00254 
00255 /*
00256  * Type of function passed to SEC_PKCS7Decode or SEC_PKCS7DecoderStart.
00257  * If specified, this is where the content bytes (only) will be "sent"
00258  * as they are recovered during the decoding.
00259  *
00260  * XXX Should just combine this with SEC_PKCS7EncoderContentCallback type
00261  * and use a simpler, common name.
00262  */
00263 typedef void (* SEC_PKCS7DecoderContentCallback)(void *arg,
00264                                            const char *buf,
00265                                            unsigned long len);
00266 
00267 /*
00268  * Type of function passed to SEC_PKCS7Encode or SEC_PKCS7EncoderStart.
00269  * This is where the encoded bytes will be "sent".
00270  *
00271  * XXX Should just combine this with SEC_PKCS7DecoderContentCallback type
00272  * and use a simpler, common name.
00273  */
00274 typedef void (* SEC_PKCS7EncoderOutputCallback)(void *arg,
00275                                           const char *buf,
00276                                           unsigned long len);
00277 
00278 
00279 /*
00280  * Type of function passed to SEC_PKCS7Decode or SEC_PKCS7DecoderStart
00281  * to retrieve the decryption key.  This function is inteded to be
00282  * used for EncryptedData content info's which do not have a key available
00283  * in a certificate, etc.
00284  */
00285 typedef PK11SymKey * (* SEC_PKCS7GetDecryptKeyCallback)(void *arg, 
00286                                                  SECAlgorithmID *algid);
00287 
00288 /* 
00289  * Type of function passed to SEC_PKCS7Decode or SEC_PKCS7DecoderStart.
00290  * This function in intended to be used to verify that decrypting a
00291  * particular crypto algorithm is allowed.  Content types which do not
00292  * require decryption will not need the callback.  If the callback
00293  * is not specified for content types which require decryption, the
00294  * decryption will be disallowed.
00295  */
00296 typedef PRBool (* SEC_PKCS7DecryptionAllowedCallback)(SECAlgorithmID *algid,  
00297                                                 PK11SymKey *bulkkey);
00298 
00299 #endif /* _PKCS7T_H_ */