Mercurial > trustbridge > nss-cmake-static
view nss/lib/smime/cmst.h @ 3:150b72113545
Add DBM and legacydb support
author | Andre Heinecke <andre.heinecke@intevation.de> |
---|---|
date | Tue, 05 Aug 2014 18:32:02 +0200 |
parents | 1e5118fa0cb1 |
children |
line wrap: on
line source
/* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ /* * Header for CMS types. */ #ifndef _CMST_H_ #define _CMST_H_ #include "seccomon.h" #include "secoidt.h" #include "certt.h" #include "secmodt.h" #include "secmodt.h" #include "plarena.h" /* Non-opaque objects. NOTE, though: I want them to be treated as * opaque as much as possible. If I could hide them completely, * I would. (I tried, but ran into trouble that was taking me too * much time to get out of.) I still intend to try to do so. * In fact, the only type that "outsiders" should even *name* is * NSSCMSMessage, and they should not reference its fields. */ /* rjr: PKCS #11 cert handling (pk11cert.c) does use NSSCMSRecipientInfo's. * This is because when we search the recipient list for the cert and key we * want, we need to invert the order of the loops we used to have. The old * loops were: * * For each recipient { * find_cert = PK11_Find_AllCert(recipient->issuerSN); * [which unrolls to... ] * For each slot { * Log into slot; * search slot for cert; * } * } * * the new loop searchs all the recipients at once on a slot. this allows * PKCS #11 to order slots in such a way that logout slots don't get checked * if we can find the cert on a logged in slot. This eliminates lots of * spurious password prompts when smart cards are installed... so why this * comment? If you make NSSCMSRecipientInfo completely opaque, you need * to provide a non-opaque list of issuerSN's (the only field PKCS#11 needs * and fix up pk11cert.c first. NOTE: Only S/MIME calls this special PKCS #11 * function. */ typedef struct NSSCMSMessageStr NSSCMSMessage; typedef union NSSCMSContentUnion NSSCMSContent; typedef struct NSSCMSContentInfoStr NSSCMSContentInfo; typedef struct NSSCMSSignedDataStr NSSCMSSignedData; typedef struct NSSCMSSignerInfoStr NSSCMSSignerInfo; typedef struct NSSCMSSignerIdentifierStr NSSCMSSignerIdentifier; typedef struct NSSCMSEnvelopedDataStr NSSCMSEnvelopedData; typedef struct NSSCMSOriginatorInfoStr NSSCMSOriginatorInfo; typedef struct NSSCMSRecipientInfoStr NSSCMSRecipientInfo; typedef struct NSSCMSDigestedDataStr NSSCMSDigestedData; typedef struct NSSCMSEncryptedDataStr NSSCMSEncryptedData; typedef struct NSSCMSGenericWrapperDataStr NSSCMSGenericWrapperData; typedef struct NSSCMSAttributeStr NSSCMSAttribute; typedef struct NSSCMSDecoderContextStr NSSCMSDecoderContext; typedef struct NSSCMSEncoderContextStr NSSCMSEncoderContext; typedef struct NSSCMSCipherContextStr NSSCMSCipherContext; typedef struct NSSCMSDigestContextStr NSSCMSDigestContext; typedef struct NSSCMSContentInfoPrivateStr NSSCMSContentInfoPrivate; typedef SECStatus (*NSSCMSGenericWrapperDataCallback) (NSSCMSGenericWrapperData *); typedef void (*NSSCMSGenericWrapperDataDestroy) (NSSCMSGenericWrapperData *); extern const SEC_ASN1Template NSSCMSGenericWrapperDataTemplate[]; extern const SEC_ASN1Template NSS_PointerToCMSGenericWrapperDataTemplate[]; SEC_ASN1_CHOOSER_DECLARE(NSS_PointerToCMSGenericWrapperDataTemplate) SEC_ASN1_CHOOSER_DECLARE(NSSCMSGenericWrapperDataTemplate) /* * Type of function passed to NSSCMSDecode or NSSCMSDecoderStart. * If specified, this is where the content bytes (only) will be "sent" * as they are recovered during the decoding. * And: * Type of function passed to NSSCMSEncode or NSSCMSEncoderStart. * This is where the DER-encoded bytes will be "sent". * * XXX Should just combine this with NSSCMSEncoderContentCallback type * and use a simpler, common name. */ typedef void (*NSSCMSContentCallback)(void *arg, const char *buf, unsigned long len); /* * Type of function passed to NSSCMSDecode or NSSCMSDecoderStart * to retrieve the decryption key. This function is intended to be * used for EncryptedData content info's which do not have a key available * in a certificate, etc. */ typedef PK11SymKey *(*NSSCMSGetDecryptKeyCallback)(void *arg, SECAlgorithmID *algid); /* ============================================================================= * ENCAPSULATED CONTENTINFO & CONTENTINFO */ union NSSCMSContentUnion { /* either unstructured */ SECItem * data; /* or structured data */ NSSCMSDigestedData * digestedData; NSSCMSEncryptedData * encryptedData; NSSCMSEnvelopedData * envelopedData; NSSCMSSignedData * signedData; NSSCMSGenericWrapperData * genericData; /* or anonymous pointer to something */ void * pointer; }; struct NSSCMSContentInfoStr { SECItem contentType; NSSCMSContent content; /* --------- local; not part of encoding --------- */ SECOidData * contentTypeTag; /* additional info for encryptedData and envelopedData */ /* we waste this space for signedData and digestedData. sue me. */ SECAlgorithmID contentEncAlg; SECItem * rawContent; /* encrypted DER, optional */ /* XXXX bytes not encrypted, but encoded? */ /* --------- local; not part of encoding --------- */ PK11SymKey * bulkkey; /* bulk encryption key */ int keysize; /* size of bulk encryption key * (only used by creation code) */ SECOidTag contentEncAlgTag; /* oid tag of encryption algorithm * (only used by creation code) */ NSSCMSContentInfoPrivate *privateInfo; /* place for NSS private info */ void *reserved; /* keep binary compatibility */ }; /* ============================================================================= * MESSAGE */ struct NSSCMSMessageStr { NSSCMSContentInfo contentInfo; /* "outer" cinfo */ /* --------- local; not part of encoding --------- */ PLArenaPool * poolp; PRBool poolp_is_ours; int refCount; /* properties of the "inner" data */ SECAlgorithmID ** detached_digestalgs; SECItem ** detached_digests; void * pwfn_arg; NSSCMSGetDecryptKeyCallback decrypt_key_cb; void * decrypt_key_cb_arg; }; /* ============================================================================ * GENERIC WRAPPER * * used for user defined types. */ struct NSSCMSGenericWrapperDataStr { NSSCMSContentInfo contentInfo; /* ---- local; not part of encoding ------ */ NSSCMSMessage * cmsg; /* wrapperspecific data starts here */ }; /* ============================================================================= * SIGNEDDATA */ struct NSSCMSSignedDataStr { SECItem version; SECAlgorithmID ** digestAlgorithms; NSSCMSContentInfo contentInfo; SECItem ** rawCerts; CERTSignedCrl ** crls; NSSCMSSignerInfo ** signerInfos; /* --------- local; not part of encoding --------- */ NSSCMSMessage * cmsg; /* back pointer to message */ SECItem ** digests; CERTCertificate ** certs; CERTCertificateList ** certLists; CERTCertificate ** tempCerts; /* temporary certs, needed * for example for signature * verification */ }; #define NSS_CMS_SIGNED_DATA_VERSION_BASIC 1 /* what we *create* */ #define NSS_CMS_SIGNED_DATA_VERSION_EXT 3 /* what we *create* */ typedef enum { NSSCMSVS_Unverified = 0, NSSCMSVS_GoodSignature = 1, NSSCMSVS_BadSignature = 2, NSSCMSVS_DigestMismatch = 3, NSSCMSVS_SigningCertNotFound = 4, NSSCMSVS_SigningCertNotTrusted = 5, NSSCMSVS_SignatureAlgorithmUnknown = 6, NSSCMSVS_SignatureAlgorithmUnsupported = 7, NSSCMSVS_MalformedSignature = 8, NSSCMSVS_ProcessingError = 9 } NSSCMSVerificationStatus; typedef enum { NSSCMSSignerID_IssuerSN = 0, NSSCMSSignerID_SubjectKeyID = 1 } NSSCMSSignerIDSelector; struct NSSCMSSignerIdentifierStr { NSSCMSSignerIDSelector identifierType; union { CERTIssuerAndSN *issuerAndSN; SECItem *subjectKeyID; } id; }; struct NSSCMSSignerInfoStr { SECItem version; NSSCMSSignerIdentifier signerIdentifier; SECAlgorithmID digestAlg; NSSCMSAttribute ** authAttr; SECAlgorithmID digestEncAlg; SECItem encDigest; NSSCMSAttribute ** unAuthAttr; /* --------- local; not part of encoding --------- */ NSSCMSMessage * cmsg; /* back pointer to message */ CERTCertificate * cert; CERTCertificateList * certList; PRTime signingTime; NSSCMSVerificationStatus verificationStatus; SECKEYPrivateKey * signingKey; /* Used if we're using subjKeyID*/ SECKEYPublicKey * pubKey; }; #define NSS_CMS_SIGNER_INFO_VERSION_ISSUERSN 1 /* what we *create* */ #define NSS_CMS_SIGNER_INFO_VERSION_SUBJKEY 3 /* what we *create* */ typedef enum { NSSCMSCM_None = 0, NSSCMSCM_CertOnly = 1, NSSCMSCM_CertChain = 2, NSSCMSCM_CertChainWithRoot = 3 } NSSCMSCertChainMode; /* ============================================================================= * ENVELOPED DATA */ struct NSSCMSEnvelopedDataStr { SECItem version; NSSCMSOriginatorInfo * originatorInfo; /* optional */ NSSCMSRecipientInfo ** recipientInfos; NSSCMSContentInfo contentInfo; NSSCMSAttribute ** unprotectedAttr; /* --------- local; not part of encoding --------- */ NSSCMSMessage * cmsg; /* back pointer to message */ }; #define NSS_CMS_ENVELOPED_DATA_VERSION_REG 0 /* what we *create* */ #define NSS_CMS_ENVELOPED_DATA_VERSION_ADV 2 /* what we *create* */ struct NSSCMSOriginatorInfoStr { SECItem ** rawCerts; CERTSignedCrl ** crls; /* --------- local; not part of encoding --------- */ CERTCertificate ** certs; }; /* ----------------------------------------------------------------------------- * key transport recipient info */ typedef enum { NSSCMSRecipientID_IssuerSN = 0, NSSCMSRecipientID_SubjectKeyID = 1, NSSCMSRecipientID_BrandNew = 2 } NSSCMSRecipientIDSelector; struct NSSCMSRecipientIdentifierStr { NSSCMSRecipientIDSelector identifierType; union { CERTIssuerAndSN *issuerAndSN; SECItem *subjectKeyID; } id; }; typedef struct NSSCMSRecipientIdentifierStr NSSCMSRecipientIdentifier; struct NSSCMSKeyTransRecipientInfoStr { SECItem version; NSSCMSRecipientIdentifier recipientIdentifier; SECAlgorithmID keyEncAlg; SECItem encKey; }; typedef struct NSSCMSKeyTransRecipientInfoStr NSSCMSKeyTransRecipientInfo; /* * View comments before NSSCMSRecipientInfoStr for purpose of this * structure. */ struct NSSCMSKeyTransRecipientInfoExStr { NSSCMSKeyTransRecipientInfo recipientInfo; int version; /* version of this structure (0) */ SECKEYPublicKey *pubKey; }; typedef struct NSSCMSKeyTransRecipientInfoExStr NSSCMSKeyTransRecipientInfoEx; #define NSS_CMS_KEYTRANS_RECIPIENT_INFO_VERSION_ISSUERSN 0 /* what we *create* */ #define NSS_CMS_KEYTRANS_RECIPIENT_INFO_VERSION_SUBJKEY 2 /* what we *create* */ /* ----------------------------------------------------------------------------- * key agreement recipient info */ struct NSSCMSOriginatorPublicKeyStr { SECAlgorithmID algorithmIdentifier; SECItem publicKey; /* bit string! */ }; typedef struct NSSCMSOriginatorPublicKeyStr NSSCMSOriginatorPublicKey; typedef enum { NSSCMSOriginatorIDOrKey_IssuerSN = 0, NSSCMSOriginatorIDOrKey_SubjectKeyID = 1, NSSCMSOriginatorIDOrKey_OriginatorPublicKey = 2 } NSSCMSOriginatorIDOrKeySelector; struct NSSCMSOriginatorIdentifierOrKeyStr { NSSCMSOriginatorIDOrKeySelector identifierType; union { CERTIssuerAndSN *issuerAndSN; /* static-static */ SECItem *subjectKeyID; /* static-static */ NSSCMSOriginatorPublicKey originatorPublicKey; /* ephemeral-static */ } id; }; typedef struct NSSCMSOriginatorIdentifierOrKeyStr NSSCMSOriginatorIdentifierOrKey; struct NSSCMSRecipientKeyIdentifierStr { SECItem * subjectKeyIdentifier; SECItem * date; /* optional */ SECItem * other; /* optional */ }; typedef struct NSSCMSRecipientKeyIdentifierStr NSSCMSRecipientKeyIdentifier; typedef enum { NSSCMSKeyAgreeRecipientID_IssuerSN = 0, NSSCMSKeyAgreeRecipientID_RKeyID = 1 } NSSCMSKeyAgreeRecipientIDSelector; struct NSSCMSKeyAgreeRecipientIdentifierStr { NSSCMSKeyAgreeRecipientIDSelector identifierType; union { CERTIssuerAndSN *issuerAndSN; NSSCMSRecipientKeyIdentifier recipientKeyIdentifier; } id; }; typedef struct NSSCMSKeyAgreeRecipientIdentifierStr NSSCMSKeyAgreeRecipientIdentifier; struct NSSCMSRecipientEncryptedKeyStr { NSSCMSKeyAgreeRecipientIdentifier recipientIdentifier; SECItem encKey; }; typedef struct NSSCMSRecipientEncryptedKeyStr NSSCMSRecipientEncryptedKey; struct NSSCMSKeyAgreeRecipientInfoStr { SECItem version; NSSCMSOriginatorIdentifierOrKey originatorIdentifierOrKey; SECItem * ukm; /* optional */ SECAlgorithmID keyEncAlg; NSSCMSRecipientEncryptedKey ** recipientEncryptedKeys; }; typedef struct NSSCMSKeyAgreeRecipientInfoStr NSSCMSKeyAgreeRecipientInfo; #define NSS_CMS_KEYAGREE_RECIPIENT_INFO_VERSION 3 /* what we *create* */ /* ----------------------------------------------------------------------------- * KEK recipient info */ struct NSSCMSKEKIdentifierStr { SECItem keyIdentifier; SECItem * date; /* optional */ SECItem * other; /* optional */ }; typedef struct NSSCMSKEKIdentifierStr NSSCMSKEKIdentifier; struct NSSCMSKEKRecipientInfoStr { SECItem version; NSSCMSKEKIdentifier kekIdentifier; SECAlgorithmID keyEncAlg; SECItem encKey; }; typedef struct NSSCMSKEKRecipientInfoStr NSSCMSKEKRecipientInfo; #define NSS_CMS_KEK_RECIPIENT_INFO_VERSION 4 /* what we *create* */ /* ----------------------------------------------------------------------------- * recipient info */ typedef enum { NSSCMSRecipientInfoID_KeyTrans = 0, NSSCMSRecipientInfoID_KeyAgree = 1, NSSCMSRecipientInfoID_KEK = 2 } NSSCMSRecipientInfoIDSelector; /* * In order to preserve backwards binary compatibility when implementing * creation of Recipient Info's that uses subjectKeyID in the * keyTransRecipientInfo we need to stash a public key pointer in this * structure somewhere. We figured out that NSSCMSKeyTransRecipientInfo * is the smallest member of the ri union. We're in luck since that's * the very structure that would need to use the public key. So we created * a new structure NSSCMSKeyTransRecipientInfoEx which has a member * NSSCMSKeyTransRecipientInfo as the first member followed by a version * and a public key pointer. This way we can keep backwards compatibility * without changing the size of this structure. * * BTW, size of structure: * NSSCMSKeyTransRecipientInfo: 9 ints, 4 pointers * NSSCMSKeyAgreeRecipientInfo: 12 ints, 8 pointers * NSSCMSKEKRecipientInfo: 10 ints, 7 pointers * * The new structure: * NSSCMSKeyTransRecipientInfoEx: sizeof(NSSCMSKeyTransRecipientInfo) + * 1 int, 1 pointer */ struct NSSCMSRecipientInfoStr { NSSCMSRecipientInfoIDSelector recipientInfoType; union { NSSCMSKeyTransRecipientInfo keyTransRecipientInfo; NSSCMSKeyAgreeRecipientInfo keyAgreeRecipientInfo; NSSCMSKEKRecipientInfo kekRecipientInfo; NSSCMSKeyTransRecipientInfoEx keyTransRecipientInfoEx; } ri; /* --------- local; not part of encoding --------- */ NSSCMSMessage * cmsg; /* back pointer to message */ CERTCertificate * cert; /* recipient's certificate */ }; /* ============================================================================= * DIGESTED DATA */ struct NSSCMSDigestedDataStr { SECItem version; SECAlgorithmID digestAlg; NSSCMSContentInfo contentInfo; SECItem digest; /* --------- local; not part of encoding --------- */ NSSCMSMessage * cmsg; /* back pointer */ SECItem cdigest; /* calculated digest */ }; #define NSS_CMS_DIGESTED_DATA_VERSION_DATA 0 /* what we *create* */ #define NSS_CMS_DIGESTED_DATA_VERSION_ENCAP 2 /* what we *create* */ /* ============================================================================= * ENCRYPTED DATA */ struct NSSCMSEncryptedDataStr { SECItem version; NSSCMSContentInfo contentInfo; NSSCMSAttribute ** unprotectedAttr; /* optional */ /* --------- local; not part of encoding --------- */ NSSCMSMessage * cmsg; /* back pointer */ }; #define NSS_CMS_ENCRYPTED_DATA_VERSION 0 /* what we *create* */ #define NSS_CMS_ENCRYPTED_DATA_VERSION_UPATTR 2 /* what we *create* */ /* * ***************************************************************************** * ***************************************************************************** * ***************************************************************************** */ /* * See comment above about this type not really belonging to CMS. */ struct NSSCMSAttributeStr { /* The following fields make up an encoded Attribute: */ SECItem type; SECItem ** values; /* data may or may not be encoded */ /* The following fields are not part of an encoded Attribute: */ SECOidData * typeTag; PRBool encoded; /* when true, values are encoded */ }; #endif /* _CMST_H_ */