andre@0: /* This Source Code Form is subject to the terms of the Mozilla Public andre@0: * License, v. 2.0. If a copy of the MPL was not distributed with this andre@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ andre@0: andre@0: /* andre@0: * Header for pkcs7 types. andre@0: */ andre@0: andre@0: #ifndef _PKCS7T_H_ andre@0: #define _PKCS7T_H_ andre@0: andre@0: #include "plarena.h" andre@0: andre@0: #include "seccomon.h" andre@0: #include "secoidt.h" andre@0: #include "certt.h" andre@0: #include "secmodt.h" andre@0: andre@0: /* Opaque objects */ andre@0: typedef struct SEC_PKCS7DecoderContextStr SEC_PKCS7DecoderContext; andre@0: typedef struct SEC_PKCS7EncoderContextStr SEC_PKCS7EncoderContext; andre@0: andre@0: /* legacy defines that haven't been active for years */ andre@0: typedef void *(*SECKEYGetPasswordKey)(void *arg, void *handle); andre@0: andre@0: andre@0: /* Non-opaque objects. NOTE, though: I want them to be treated as andre@0: * opaque as much as possible. If I could hide them completely, andre@0: * I would. (I tried, but ran into trouble that was taking me too andre@0: * much time to get out of.) I still intend to try to do so. andre@0: * In fact, the only type that "outsiders" should even *name* is andre@0: * SEC_PKCS7ContentInfo, and they should not reference its fields. andre@0: */ andre@0: /* rjr: PKCS #11 cert handling (pk11cert.c) does use SEC_PKCS7RecipientInfo's. andre@0: * This is because when we search the recipient list for the cert and key we andre@0: * want, we need to invert the order of the loops we used to have. The old andre@0: * loops were: andre@0: * andre@0: * For each recipient { andre@0: * find_cert = PK11_Find_AllCert(recipient->issuerSN); andre@0: * [which unrolls to... ] andre@0: * For each slot { andre@0: * Log into slot; andre@0: * search slot for cert; andre@0: * } andre@0: * } andre@0: * andre@0: * the new loop searchs all the recipients at once on a slot. this allows andre@0: * PKCS #11 to order slots in such a way that logout slots don't get checked andre@0: * if we can find the cert on a logged in slot. This eliminates lots of andre@0: * spurious password prompts when smart cards are installed... so why this andre@0: * comment? If you make SEC_PKCS7RecipientInfo completely opaque, you need andre@0: * to provide a non-opaque list of issuerSN's (the only field PKCS#11 needs andre@0: * and fix up pk11cert.c first. NOTE: Only S/MIME calls this special PKCS #11 andre@0: * function. andre@0: */ andre@0: typedef struct SEC_PKCS7ContentInfoStr SEC_PKCS7ContentInfo; andre@0: typedef struct SEC_PKCS7SignedDataStr SEC_PKCS7SignedData; andre@0: typedef struct SEC_PKCS7EncryptedContentInfoStr SEC_PKCS7EncryptedContentInfo; andre@0: typedef struct SEC_PKCS7EnvelopedDataStr SEC_PKCS7EnvelopedData; andre@0: typedef struct SEC_PKCS7SignedAndEnvelopedDataStr andre@0: SEC_PKCS7SignedAndEnvelopedData; andre@0: typedef struct SEC_PKCS7SignerInfoStr SEC_PKCS7SignerInfo; andre@0: typedef struct SEC_PKCS7RecipientInfoStr SEC_PKCS7RecipientInfo; andre@0: typedef struct SEC_PKCS7DigestedDataStr SEC_PKCS7DigestedData; andre@0: typedef struct SEC_PKCS7EncryptedDataStr SEC_PKCS7EncryptedData; andre@0: /* andre@0: * The following is not actually a PKCS7 type, but for now it is only andre@0: * used by PKCS7, so we have adopted it. If someone else *ever* needs andre@0: * it, its name should be changed and it should be moved out of here. andre@0: * Do not dare to use it without doing so! andre@0: */ andre@0: typedef struct SEC_PKCS7AttributeStr SEC_PKCS7Attribute; andre@0: andre@0: struct SEC_PKCS7ContentInfoStr { andre@0: PLArenaPool *poolp; /* local; not part of encoding */ andre@0: PRBool created; /* local; not part of encoding */ andre@0: int refCount; /* local; not part of encoding */ andre@0: SECOidData *contentTypeTag; /* local; not part of encoding */ andre@0: SECKEYGetPasswordKey pwfn; /* local; not part of encoding */ andre@0: void *pwfn_arg; /* local; not part of encoding */ andre@0: SECItem contentType; andre@0: union { andre@0: SECItem *data; andre@0: SEC_PKCS7DigestedData *digestedData; andre@0: SEC_PKCS7EncryptedData *encryptedData; andre@0: SEC_PKCS7EnvelopedData *envelopedData; andre@0: SEC_PKCS7SignedData *signedData; andre@0: SEC_PKCS7SignedAndEnvelopedData *signedAndEnvelopedData; andre@0: } content; andre@0: }; andre@0: andre@0: struct SEC_PKCS7SignedDataStr { andre@0: SECItem version; andre@0: SECAlgorithmID **digestAlgorithms; andre@0: SEC_PKCS7ContentInfo contentInfo; andre@0: SECItem **rawCerts; andre@0: CERTSignedCrl **crls; andre@0: SEC_PKCS7SignerInfo **signerInfos; andre@0: SECItem **digests; /* local; not part of encoding */ andre@0: CERTCertificate **certs; /* local; not part of encoding */ andre@0: CERTCertificateList **certLists; /* local; not part of encoding */ andre@0: }; andre@0: #define SEC_PKCS7_SIGNED_DATA_VERSION 1 /* what we *create* */ andre@0: andre@0: struct SEC_PKCS7EncryptedContentInfoStr { andre@0: SECOidData *contentTypeTag; /* local; not part of encoding */ andre@0: SECItem contentType; andre@0: SECAlgorithmID contentEncAlg; andre@0: SECItem encContent; andre@0: SECItem plainContent; /* local; not part of encoding */ andre@0: /* bytes not encrypted, but encoded */ andre@0: int keysize; /* local; not part of encoding */ andre@0: /* size of bulk encryption key andre@0: * (only used by creation code) */ andre@0: SECOidTag encalg; /* local; not part of encoding */ andre@0: /* oid tag of encryption algorithm andre@0: * (only used by creation code) */ andre@0: }; andre@0: andre@0: struct SEC_PKCS7EnvelopedDataStr { andre@0: SECItem version; andre@0: SEC_PKCS7RecipientInfo **recipientInfos; andre@0: SEC_PKCS7EncryptedContentInfo encContentInfo; andre@0: }; andre@0: #define SEC_PKCS7_ENVELOPED_DATA_VERSION 0 /* what we *create* */ andre@0: andre@0: struct SEC_PKCS7SignedAndEnvelopedDataStr { andre@0: SECItem version; andre@0: SEC_PKCS7RecipientInfo **recipientInfos; andre@0: SECAlgorithmID **digestAlgorithms; andre@0: SEC_PKCS7EncryptedContentInfo encContentInfo; andre@0: SECItem **rawCerts; andre@0: CERTSignedCrl **crls; andre@0: SEC_PKCS7SignerInfo **signerInfos; andre@0: SECItem **digests; /* local; not part of encoding */ andre@0: CERTCertificate **certs; /* local; not part of encoding */ andre@0: CERTCertificateList **certLists; /* local; not part of encoding */ andre@0: PK11SymKey *sigKey; /* local; not part of encoding */ andre@0: }; andre@0: #define SEC_PKCS7_SIGNED_AND_ENVELOPED_DATA_VERSION 1 /* what we *create* */ andre@0: andre@0: struct SEC_PKCS7SignerInfoStr { andre@0: SECItem version; andre@0: CERTIssuerAndSN *issuerAndSN; andre@0: SECAlgorithmID digestAlg; andre@0: SEC_PKCS7Attribute **authAttr; andre@0: SECAlgorithmID digestEncAlg; andre@0: SECItem encDigest; andre@0: SEC_PKCS7Attribute **unAuthAttr; andre@0: CERTCertificate *cert; /* local; not part of encoding */ andre@0: CERTCertificateList *certList; /* local; not part of encoding */ andre@0: }; andre@0: #define SEC_PKCS7_SIGNER_INFO_VERSION 1 /* what we *create* */ andre@0: andre@0: struct SEC_PKCS7RecipientInfoStr { andre@0: SECItem version; andre@0: CERTIssuerAndSN *issuerAndSN; andre@0: SECAlgorithmID keyEncAlg; andre@0: SECItem encKey; andre@0: CERTCertificate *cert; /* local; not part of encoding */ andre@0: }; andre@0: #define SEC_PKCS7_RECIPIENT_INFO_VERSION 0 /* what we *create* */ andre@0: andre@0: struct SEC_PKCS7DigestedDataStr { andre@0: SECItem version; andre@0: SECAlgorithmID digestAlg; andre@0: SEC_PKCS7ContentInfo contentInfo; andre@0: SECItem digest; andre@0: }; andre@0: #define SEC_PKCS7_DIGESTED_DATA_VERSION 0 /* what we *create* */ andre@0: andre@0: struct SEC_PKCS7EncryptedDataStr { andre@0: SECItem version; andre@0: SEC_PKCS7EncryptedContentInfo encContentInfo; andre@0: }; andre@0: #define SEC_PKCS7_ENCRYPTED_DATA_VERSION 0 /* what we *create* */ andre@0: andre@0: /* andre@0: * See comment above about this type not really belonging to PKCS7. andre@0: */ andre@0: struct SEC_PKCS7AttributeStr { andre@0: /* The following fields make up an encoded Attribute: */ andre@0: SECItem type; andre@0: SECItem **values; /* data may or may not be encoded */ andre@0: /* The following fields are not part of an encoded Attribute: */ andre@0: SECOidData *typeTag; andre@0: PRBool encoded; /* when true, values are encoded */ andre@0: }; andre@0: andre@0: /* andre@0: * Type of function passed to SEC_PKCS7Decode or SEC_PKCS7DecoderStart. andre@0: * If specified, this is where the content bytes (only) will be "sent" andre@0: * as they are recovered during the decoding. andre@0: * andre@0: * XXX Should just combine this with SEC_PKCS7EncoderContentCallback type andre@0: * and use a simpler, common name. andre@0: */ andre@0: typedef void (* SEC_PKCS7DecoderContentCallback)(void *arg, andre@0: const char *buf, andre@0: unsigned long len); andre@0: andre@0: /* andre@0: * Type of function passed to SEC_PKCS7Encode or SEC_PKCS7EncoderStart. andre@0: * This is where the encoded bytes will be "sent". andre@0: * andre@0: * XXX Should just combine this with SEC_PKCS7DecoderContentCallback type andre@0: * and use a simpler, common name. andre@0: */ andre@0: typedef void (* SEC_PKCS7EncoderOutputCallback)(void *arg, andre@0: const char *buf, andre@0: unsigned long len); andre@0: andre@0: andre@0: /* andre@0: * Type of function passed to SEC_PKCS7Decode or SEC_PKCS7DecoderStart andre@0: * to retrieve the decryption key. This function is inteded to be andre@0: * used for EncryptedData content info's which do not have a key available andre@0: * in a certificate, etc. andre@0: */ andre@0: typedef PK11SymKey * (* SEC_PKCS7GetDecryptKeyCallback)(void *arg, andre@0: SECAlgorithmID *algid); andre@0: andre@0: /* andre@0: * Type of function passed to SEC_PKCS7Decode or SEC_PKCS7DecoderStart. andre@0: * This function in intended to be used to verify that decrypting a andre@0: * particular crypto algorithm is allowed. Content types which do not andre@0: * require decryption will not need the callback. If the callback andre@0: * is not specified for content types which require decryption, the andre@0: * decryption will be disallowed. andre@0: */ andre@0: typedef PRBool (* SEC_PKCS7DecryptionAllowedCallback)(SECAlgorithmID *algid, andre@0: PK11SymKey *bulkkey); andre@0: andre@0: #endif /* _PKCS7T_H_ */