PageRenderTime 302ms CodeModel.GetById 181ms app.highlight 15ms RepoModel.GetById 85ms app.codeStats 1ms

/gecko_api/include/pkcs7t.h

http://firefox-mac-pdf.googlecode.com/
C++ Header | 299 lines | 142 code | 26 blank | 131 comment | 0 complexity | 647f7b722af26c181e0f02915789f289 MD5 | raw file
  1/* ***** BEGIN LICENSE BLOCK *****
  2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  3 *
  4 * The contents of this file are subject to the Mozilla Public License Version
  5 * 1.1 (the "License"); you may not use this file except in compliance with
  6 * the License. You may obtain a copy of the License at
  7 * http://www.mozilla.org/MPL/
  8 *
  9 * Software distributed under the License is distributed on an "AS IS" basis,
 10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
 11 * for the specific language governing rights and limitations under the
 12 * License.
 13 *
 14 * The Original Code is the Netscape security libraries.
 15 *
 16 * The Initial Developer of the Original Code is
 17 * Netscape Communications Corporation.
 18 * Portions created by the Initial Developer are Copyright (C) 1994-2000
 19 * the Initial Developer. All Rights Reserved.
 20 *
 21 * Contributor(s):
 22 *
 23 * Alternatively, the contents of this file may be used under the terms of
 24 * either the GNU General Public License Version 2 or later (the "GPL"), or
 25 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
 26 * in which case the provisions of the GPL or the LGPL are applicable instead
 27 * of those above. If you wish to allow use of your version of this file only
 28 * under the terms of either the GPL or the LGPL, and not to allow others to
 29 * use your version of this file under the terms of the MPL, indicate your
 30 * decision by deleting the provisions above and replace them with the notice
 31 * and other provisions required by the GPL or the LGPL. If you do not delete
 32 * the provisions above, a recipient may use your version of this file under
 33 * the terms of any one of the MPL, the GPL or the LGPL.
 34 *
 35 * ***** END LICENSE BLOCK ***** */
 36
 37/*
 38 * Header for pkcs7 types.
 39 *
 40 * $Id: pkcs7t.h,v 1.5 2004/04/25 15:03:13 gerv%gerv.net Exp $
 41 */
 42
 43#ifndef _PKCS7T_H_
 44#define _PKCS7T_H_
 45
 46#include "plarena.h"
 47
 48#include "seccomon.h"
 49#include "secoidt.h"
 50#include "certt.h"
 51#include "secmodt.h"
 52
 53/* Opaque objects */
 54typedef struct SEC_PKCS7DecoderContextStr SEC_PKCS7DecoderContext;
 55typedef struct SEC_PKCS7EncoderContextStr SEC_PKCS7EncoderContext;
 56
 57/* legacy defines that haven't been active for years */
 58typedef void *(*SECKEYGetPasswordKey)(void *arg, void *handle);
 59
 60
 61/* Non-opaque objects.  NOTE, though: I want them to be treated as
 62 * opaque as much as possible.  If I could hide them completely,
 63 * I would.  (I tried, but ran into trouble that was taking me too
 64 * much time to get out of.)  I still intend to try to do so.
 65 * In fact, the only type that "outsiders" should even *name* is
 66 * SEC_PKCS7ContentInfo, and they should not reference its fields.
 67 */
 68/* rjr: PKCS #11 cert handling (pk11cert.c) does use SEC_PKCS7RecipientInfo's.
 69 * This is because when we search the recipient list for the cert and key we
 70 * want, we need to invert the order of the loops we used to have. The old
 71 * loops were:
 72 *
 73 *  For each recipient {
 74 *       find_cert = PK11_Find_AllCert(recipient->issuerSN);
 75 *       [which unrolls to... ]
 76 *       For each slot {
 77 *            Log into slot;
 78 *            search slot for cert;
 79 *      }
 80 *  }
 81 *
 82 *  the new loop searchs all the recipients at once on a slot. this allows
 83 *  PKCS #11 to order slots in such a way that logout slots don't get checked
 84 *  if we can find the cert on a logged in slot. This eliminates lots of
 85 *  spurious password prompts when smart cards are installed... so why this
 86 *  comment? If you make SEC_PKCS7RecipientInfo completely opaque, you need
 87 *  to provide a non-opaque list of issuerSN's (the only field PKCS#11 needs
 88 *  and fix up pk11cert.c first. NOTE: Only S/MIME calls this special PKCS #11
 89 *  function.
 90 */
 91typedef struct SEC_PKCS7ContentInfoStr SEC_PKCS7ContentInfo;
 92typedef struct SEC_PKCS7SignedDataStr SEC_PKCS7SignedData;
 93typedef struct SEC_PKCS7EncryptedContentInfoStr SEC_PKCS7EncryptedContentInfo;
 94typedef struct SEC_PKCS7EnvelopedDataStr SEC_PKCS7EnvelopedData;
 95typedef struct SEC_PKCS7SignedAndEnvelopedDataStr
 96		SEC_PKCS7SignedAndEnvelopedData;
 97typedef struct SEC_PKCS7SignerInfoStr SEC_PKCS7SignerInfo;
 98typedef struct SEC_PKCS7RecipientInfoStr SEC_PKCS7RecipientInfo;
 99typedef struct SEC_PKCS7DigestedDataStr SEC_PKCS7DigestedData;
100typedef struct SEC_PKCS7EncryptedDataStr SEC_PKCS7EncryptedData;
101typedef struct SEC_PKCS7SMIMEKEAParametersStr SEC_PKCS7SMIMEKEAParameters;
102/*
103 * The following is not actually a PKCS7 type, but for now it is only
104 * used by PKCS7, so we have adopted it.  If someone else *ever* needs
105 * it, its name should be changed and it should be moved out of here.
106 * Do not dare to use it without doing so!
107 */
108typedef struct SEC_PKCS7AttributeStr SEC_PKCS7Attribute;
109
110struct SEC_PKCS7ContentInfoStr {
111    PRArenaPool *poolp;			/* local; not part of encoding */
112    PRBool created;			/* local; not part of encoding */
113    int refCount;			/* local; not part of encoding */
114    SECOidData *contentTypeTag;		/* local; not part of encoding */
115    SECKEYGetPasswordKey pwfn;		/* local; not part of encoding */
116    void *pwfn_arg;			/* local; not part of encoding */
117    SECItem contentType;
118    union {
119	SECItem				*data;
120	SEC_PKCS7DigestedData		*digestedData;
121	SEC_PKCS7EncryptedData		*encryptedData;
122	SEC_PKCS7EnvelopedData		*envelopedData;
123	SEC_PKCS7SignedData		*signedData;
124	SEC_PKCS7SignedAndEnvelopedData	*signedAndEnvelopedData;
125    } content;
126};
127
128struct SEC_PKCS7SignedDataStr {
129    SECItem version;
130    SECAlgorithmID **digestAlgorithms;
131    SEC_PKCS7ContentInfo contentInfo;
132    SECItem **rawCerts;
133    CERTSignedCrl **crls;
134    SEC_PKCS7SignerInfo **signerInfos;
135    SECItem **digests;			/* local; not part of encoding */
136    CERTCertificate **certs;		/* local; not part of encoding */
137    CERTCertificateList **certLists;	/* local; not part of encoding */
138};
139#define SEC_PKCS7_SIGNED_DATA_VERSION		1	/* what we *create* */
140
141struct SEC_PKCS7EncryptedContentInfoStr {
142    SECOidData *contentTypeTag;		/* local; not part of encoding */
143    SECItem contentType;
144    SECAlgorithmID contentEncAlg;
145    SECItem encContent;
146    SECItem plainContent;		/* local; not part of encoding */
147					/* bytes not encrypted, but encoded */
148    int keysize;			/* local; not part of encoding */
149					/* size of bulk encryption key
150					 * (only used by creation code) */
151    SECOidTag encalg;			/* local; not part of encoding */
152					/* oid tag of encryption algorithm
153					 * (only used by creation code) */
154};
155
156struct SEC_PKCS7EnvelopedDataStr {
157    SECItem version;
158    SEC_PKCS7RecipientInfo **recipientInfos;
159    SEC_PKCS7EncryptedContentInfo encContentInfo;
160};
161#define SEC_PKCS7_ENVELOPED_DATA_VERSION	0	/* what we *create* */
162
163struct SEC_PKCS7SignedAndEnvelopedDataStr {
164    SECItem version;
165    SEC_PKCS7RecipientInfo **recipientInfos;
166    SECAlgorithmID **digestAlgorithms;
167    SEC_PKCS7EncryptedContentInfo encContentInfo;
168    SECItem **rawCerts;
169    CERTSignedCrl **crls;
170    SEC_PKCS7SignerInfo **signerInfos;
171    SECItem **digests;			/* local; not part of encoding */
172    CERTCertificate **certs;		/* local; not part of encoding */
173    CERTCertificateList **certLists;	/* local; not part of encoding */
174    PK11SymKey *sigKey;			/* local; not part of encoding */
175};
176#define SEC_PKCS7_SIGNED_AND_ENVELOPED_DATA_VERSION 1	/* what we *create* */
177
178struct SEC_PKCS7SignerInfoStr {
179    SECItem version;
180    CERTIssuerAndSN *issuerAndSN;
181    SECAlgorithmID digestAlg;
182    SEC_PKCS7Attribute **authAttr;
183    SECAlgorithmID digestEncAlg;
184    SECItem encDigest;
185    SEC_PKCS7Attribute **unAuthAttr;
186    CERTCertificate *cert;		/* local; not part of encoding */
187    CERTCertificateList *certList;	/* local; not part of encoding */
188};
189#define SEC_PKCS7_SIGNER_INFO_VERSION		1	/* what we *create* */
190
191struct SEC_PKCS7RecipientInfoStr {
192    SECItem version;
193    CERTIssuerAndSN *issuerAndSN;
194    SECAlgorithmID keyEncAlg;
195    SECItem encKey;
196    CERTCertificate *cert;		/* local; not part of encoding */
197};
198#define SEC_PKCS7_RECIPIENT_INFO_VERSION	0	/* what we *create* */
199
200struct SEC_PKCS7DigestedDataStr {
201    SECItem version;
202    SECAlgorithmID digestAlg;
203    SEC_PKCS7ContentInfo contentInfo;
204    SECItem digest;
205};
206#define SEC_PKCS7_DIGESTED_DATA_VERSION		0	/* what we *create* */
207
208struct SEC_PKCS7EncryptedDataStr {
209    SECItem version;
210    SEC_PKCS7EncryptedContentInfo encContentInfo;
211};
212#define SEC_PKCS7_ENCRYPTED_DATA_VERSION	0	/* what we *create* */
213
214/*
215 * See comment above about this type not really belonging to PKCS7.
216 */
217struct SEC_PKCS7AttributeStr {
218    /* The following fields make up an encoded Attribute: */
219    SECItem type;
220    SECItem **values;	/* data may or may not be encoded */
221    /* The following fields are not part of an encoded Attribute: */
222    SECOidData *typeTag;
223    PRBool encoded;	/* when true, values are encoded */
224};
225
226/* An enumerated type used to select templates based on the encryption
227   scenario and data specifics. */
228typedef enum
229{
230	SECKEAInvalid = -1,
231	SECKEAUsesSkipjack = 0,
232	SECKEAUsesNonSkipjack = 1,
233	SECKEAUsesNonSkipjackWithPaddedEncKey = 2
234} SECKEATemplateSelector;
235
236/* ### mwelch - S/MIME KEA parameters. These don't really fit here,
237                but I cannot think of a more appropriate place at this time. */
238struct SEC_PKCS7SMIMEKEAParametersStr {
239	SECItem originatorKEAKey;	/* sender KEA key (encrypted?) */
240	SECItem originatorRA;		/* random number generated by sender */
241	SECItem nonSkipjackIV;		/* init'n vector for SkipjackCBC64
242					   decryption of KEA key if Skipjack
243					   is not the bulk algorithm used on
244					   the message */
245	SECItem bulkKeySize;		/* if Skipjack is not the bulk
246					   algorithm used on the message,
247					   and the size of the bulk encryption
248					   key is not the same as that of
249					   originatorKEAKey (due to padding
250					   perhaps), this field will contain
251					   the real size of the bulk encryption
252					   key. */
253};
254
255/*
256 * Type of function passed to SEC_PKCS7Decode or SEC_PKCS7DecoderStart.
257 * If specified, this is where the content bytes (only) will be "sent"
258 * as they are recovered during the decoding.
259 *
260 * XXX Should just combine this with SEC_PKCS7EncoderContentCallback type
261 * and use a simpler, common name.
262 */
263typedef void (* SEC_PKCS7DecoderContentCallback)(void *arg,
264						 const char *buf,
265						 unsigned long len);
266
267/*
268 * Type of function passed to SEC_PKCS7Encode or SEC_PKCS7EncoderStart.
269 * This is where the encoded bytes will be "sent".
270 *
271 * XXX Should just combine this with SEC_PKCS7DecoderContentCallback type
272 * and use a simpler, common name.
273 */
274typedef void (* SEC_PKCS7EncoderOutputCallback)(void *arg,
275						const char *buf,
276						unsigned long len);
277
278
279/*
280 * Type of function passed to SEC_PKCS7Decode or SEC_PKCS7DecoderStart
281 * to retrieve the decryption key.  This function is inteded to be
282 * used for EncryptedData content info's which do not have a key available
283 * in a certificate, etc.
284 */
285typedef PK11SymKey * (* SEC_PKCS7GetDecryptKeyCallback)(void *arg, 
286							SECAlgorithmID *algid);
287
288/* 
289 * Type of function passed to SEC_PKCS7Decode or SEC_PKCS7DecoderStart.
290 * This function in intended to be used to verify that decrypting a
291 * particular crypto algorithm is allowed.  Content types which do not
292 * require decryption will not need the callback.  If the callback
293 * is not specified for content types which require decryption, the
294 * decryption will be disallowed.
295 */
296typedef PRBool (* SEC_PKCS7DecryptionAllowedCallback)(SECAlgorithmID *algid,  
297						      PK11SymKey *bulkkey);
298
299#endif /* _PKCS7T_H_ */