/security/nss/lib/pkcs7/pkcs7t.h

http://github.com/zpao/v8monkey · C Header · 269 lines · 128 code · 24 blank · 117 comment · 0 complexity · 4a7b6ffa0db57772b04f0a6dbc5c9fac MD5 · raw file

  1. /* ***** BEGIN LICENSE BLOCK *****
  2. * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  3. *
  4. * The contents of this file are subject to the Mozilla Public License Version
  5. * 1.1 (the "License"); you may not use this file except in compliance with
  6. * the License. You may obtain a copy of the License at
  7. * http://www.mozilla.org/MPL/
  8. *
  9. * Software distributed under the License is distributed on an "AS IS" basis,
  10. * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
  11. * for the specific language governing rights and limitations under the
  12. * License.
  13. *
  14. * The Original Code is the Netscape security libraries.
  15. *
  16. * The Initial Developer of the Original Code is
  17. * Netscape Communications Corporation.
  18. * Portions created by the Initial Developer are Copyright (C) 1994-2000
  19. * the Initial Developer. All Rights Reserved.
  20. *
  21. * Contributor(s):
  22. *
  23. * Alternatively, the contents of this file may be used under the terms of
  24. * either the GNU General Public License Version 2 or later (the "GPL"), or
  25. * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
  26. * in which case the provisions of the GPL or the LGPL are applicable instead
  27. * of those above. If you wish to allow use of your version of this file only
  28. * under the terms of either the GPL or the LGPL, and not to allow others to
  29. * use your version of this file under the terms of the MPL, indicate your
  30. * decision by deleting the provisions above and replace them with the notice
  31. * and other provisions required by the GPL or the LGPL. If you do not delete
  32. * the provisions above, a recipient may use your version of this file under
  33. * the terms of any one of the MPL, the GPL or the LGPL.
  34. *
  35. * ***** END LICENSE BLOCK ***** */
  36. /*
  37. * Header for pkcs7 types.
  38. *
  39. * $Id: pkcs7t.h,v 1.7 2011/08/21 01:14:17 wtc%google.com Exp $
  40. */
  41. #ifndef _PKCS7T_H_
  42. #define _PKCS7T_H_
  43. #include "plarena.h"
  44. #include "seccomon.h"
  45. #include "secoidt.h"
  46. #include "certt.h"
  47. #include "secmodt.h"
  48. /* Opaque objects */
  49. typedef struct SEC_PKCS7DecoderContextStr SEC_PKCS7DecoderContext;
  50. typedef struct SEC_PKCS7EncoderContextStr SEC_PKCS7EncoderContext;
  51. /* legacy defines that haven't been active for years */
  52. typedef void *(*SECKEYGetPasswordKey)(void *arg, void *handle);
  53. /* Non-opaque objects. NOTE, though: I want them to be treated as
  54. * opaque as much as possible. If I could hide them completely,
  55. * I would. (I tried, but ran into trouble that was taking me too
  56. * much time to get out of.) I still intend to try to do so.
  57. * In fact, the only type that "outsiders" should even *name* is
  58. * SEC_PKCS7ContentInfo, and they should not reference its fields.
  59. */
  60. /* rjr: PKCS #11 cert handling (pk11cert.c) does use SEC_PKCS7RecipientInfo's.
  61. * This is because when we search the recipient list for the cert and key we
  62. * want, we need to invert the order of the loops we used to have. The old
  63. * loops were:
  64. *
  65. * For each recipient {
  66. * find_cert = PK11_Find_AllCert(recipient->issuerSN);
  67. * [which unrolls to... ]
  68. * For each slot {
  69. * Log into slot;
  70. * search slot for cert;
  71. * }
  72. * }
  73. *
  74. * the new loop searchs all the recipients at once on a slot. this allows
  75. * PKCS #11 to order slots in such a way that logout slots don't get checked
  76. * if we can find the cert on a logged in slot. This eliminates lots of
  77. * spurious password prompts when smart cards are installed... so why this
  78. * comment? If you make SEC_PKCS7RecipientInfo completely opaque, you need
  79. * to provide a non-opaque list of issuerSN's (the only field PKCS#11 needs
  80. * and fix up pk11cert.c first. NOTE: Only S/MIME calls this special PKCS #11
  81. * function.
  82. */
  83. typedef struct SEC_PKCS7ContentInfoStr SEC_PKCS7ContentInfo;
  84. typedef struct SEC_PKCS7SignedDataStr SEC_PKCS7SignedData;
  85. typedef struct SEC_PKCS7EncryptedContentInfoStr SEC_PKCS7EncryptedContentInfo;
  86. typedef struct SEC_PKCS7EnvelopedDataStr SEC_PKCS7EnvelopedData;
  87. typedef struct SEC_PKCS7SignedAndEnvelopedDataStr
  88. SEC_PKCS7SignedAndEnvelopedData;
  89. typedef struct SEC_PKCS7SignerInfoStr SEC_PKCS7SignerInfo;
  90. typedef struct SEC_PKCS7RecipientInfoStr SEC_PKCS7RecipientInfo;
  91. typedef struct SEC_PKCS7DigestedDataStr SEC_PKCS7DigestedData;
  92. typedef struct SEC_PKCS7EncryptedDataStr SEC_PKCS7EncryptedData;
  93. /*
  94. * The following is not actually a PKCS7 type, but for now it is only
  95. * used by PKCS7, so we have adopted it. If someone else *ever* needs
  96. * it, its name should be changed and it should be moved out of here.
  97. * Do not dare to use it without doing so!
  98. */
  99. typedef struct SEC_PKCS7AttributeStr SEC_PKCS7Attribute;
  100. struct SEC_PKCS7ContentInfoStr {
  101. PLArenaPool *poolp; /* local; not part of encoding */
  102. PRBool created; /* local; not part of encoding */
  103. int refCount; /* local; not part of encoding */
  104. SECOidData *contentTypeTag; /* local; not part of encoding */
  105. SECKEYGetPasswordKey pwfn; /* local; not part of encoding */
  106. void *pwfn_arg; /* local; not part of encoding */
  107. SECItem contentType;
  108. union {
  109. SECItem *data;
  110. SEC_PKCS7DigestedData *digestedData;
  111. SEC_PKCS7EncryptedData *encryptedData;
  112. SEC_PKCS7EnvelopedData *envelopedData;
  113. SEC_PKCS7SignedData *signedData;
  114. SEC_PKCS7SignedAndEnvelopedData *signedAndEnvelopedData;
  115. } content;
  116. };
  117. struct SEC_PKCS7SignedDataStr {
  118. SECItem version;
  119. SECAlgorithmID **digestAlgorithms;
  120. SEC_PKCS7ContentInfo contentInfo;
  121. SECItem **rawCerts;
  122. CERTSignedCrl **crls;
  123. SEC_PKCS7SignerInfo **signerInfos;
  124. SECItem **digests; /* local; not part of encoding */
  125. CERTCertificate **certs; /* local; not part of encoding */
  126. CERTCertificateList **certLists; /* local; not part of encoding */
  127. };
  128. #define SEC_PKCS7_SIGNED_DATA_VERSION 1 /* what we *create* */
  129. struct SEC_PKCS7EncryptedContentInfoStr {
  130. SECOidData *contentTypeTag; /* local; not part of encoding */
  131. SECItem contentType;
  132. SECAlgorithmID contentEncAlg;
  133. SECItem encContent;
  134. SECItem plainContent; /* local; not part of encoding */
  135. /* bytes not encrypted, but encoded */
  136. int keysize; /* local; not part of encoding */
  137. /* size of bulk encryption key
  138. * (only used by creation code) */
  139. SECOidTag encalg; /* local; not part of encoding */
  140. /* oid tag of encryption algorithm
  141. * (only used by creation code) */
  142. };
  143. struct SEC_PKCS7EnvelopedDataStr {
  144. SECItem version;
  145. SEC_PKCS7RecipientInfo **recipientInfos;
  146. SEC_PKCS7EncryptedContentInfo encContentInfo;
  147. };
  148. #define SEC_PKCS7_ENVELOPED_DATA_VERSION 0 /* what we *create* */
  149. struct SEC_PKCS7SignedAndEnvelopedDataStr {
  150. SECItem version;
  151. SEC_PKCS7RecipientInfo **recipientInfos;
  152. SECAlgorithmID **digestAlgorithms;
  153. SEC_PKCS7EncryptedContentInfo encContentInfo;
  154. SECItem **rawCerts;
  155. CERTSignedCrl **crls;
  156. SEC_PKCS7SignerInfo **signerInfos;
  157. SECItem **digests; /* local; not part of encoding */
  158. CERTCertificate **certs; /* local; not part of encoding */
  159. CERTCertificateList **certLists; /* local; not part of encoding */
  160. PK11SymKey *sigKey; /* local; not part of encoding */
  161. };
  162. #define SEC_PKCS7_SIGNED_AND_ENVELOPED_DATA_VERSION 1 /* what we *create* */
  163. struct SEC_PKCS7SignerInfoStr {
  164. SECItem version;
  165. CERTIssuerAndSN *issuerAndSN;
  166. SECAlgorithmID digestAlg;
  167. SEC_PKCS7Attribute **authAttr;
  168. SECAlgorithmID digestEncAlg;
  169. SECItem encDigest;
  170. SEC_PKCS7Attribute **unAuthAttr;
  171. CERTCertificate *cert; /* local; not part of encoding */
  172. CERTCertificateList *certList; /* local; not part of encoding */
  173. };
  174. #define SEC_PKCS7_SIGNER_INFO_VERSION 1 /* what we *create* */
  175. struct SEC_PKCS7RecipientInfoStr {
  176. SECItem version;
  177. CERTIssuerAndSN *issuerAndSN;
  178. SECAlgorithmID keyEncAlg;
  179. SECItem encKey;
  180. CERTCertificate *cert; /* local; not part of encoding */
  181. };
  182. #define SEC_PKCS7_RECIPIENT_INFO_VERSION 0 /* what we *create* */
  183. struct SEC_PKCS7DigestedDataStr {
  184. SECItem version;
  185. SECAlgorithmID digestAlg;
  186. SEC_PKCS7ContentInfo contentInfo;
  187. SECItem digest;
  188. };
  189. #define SEC_PKCS7_DIGESTED_DATA_VERSION 0 /* what we *create* */
  190. struct SEC_PKCS7EncryptedDataStr {
  191. SECItem version;
  192. SEC_PKCS7EncryptedContentInfo encContentInfo;
  193. };
  194. #define SEC_PKCS7_ENCRYPTED_DATA_VERSION 0 /* what we *create* */
  195. /*
  196. * See comment above about this type not really belonging to PKCS7.
  197. */
  198. struct SEC_PKCS7AttributeStr {
  199. /* The following fields make up an encoded Attribute: */
  200. SECItem type;
  201. SECItem **values; /* data may or may not be encoded */
  202. /* The following fields are not part of an encoded Attribute: */
  203. SECOidData *typeTag;
  204. PRBool encoded; /* when true, values are encoded */
  205. };
  206. /*
  207. * Type of function passed to SEC_PKCS7Decode or SEC_PKCS7DecoderStart.
  208. * If specified, this is where the content bytes (only) will be "sent"
  209. * as they are recovered during the decoding.
  210. *
  211. * XXX Should just combine this with SEC_PKCS7EncoderContentCallback type
  212. * and use a simpler, common name.
  213. */
  214. typedef void (* SEC_PKCS7DecoderContentCallback)(void *arg,
  215. const char *buf,
  216. unsigned long len);
  217. /*
  218. * Type of function passed to SEC_PKCS7Encode or SEC_PKCS7EncoderStart.
  219. * This is where the encoded bytes will be "sent".
  220. *
  221. * XXX Should just combine this with SEC_PKCS7DecoderContentCallback type
  222. * and use a simpler, common name.
  223. */
  224. typedef void (* SEC_PKCS7EncoderOutputCallback)(void *arg,
  225. const char *buf,
  226. unsigned long len);
  227. /*
  228. * Type of function passed to SEC_PKCS7Decode or SEC_PKCS7DecoderStart
  229. * to retrieve the decryption key. This function is inteded to be
  230. * used for EncryptedData content info's which do not have a key available
  231. * in a certificate, etc.
  232. */
  233. typedef PK11SymKey * (* SEC_PKCS7GetDecryptKeyCallback)(void *arg,
  234. SECAlgorithmID *algid);
  235. /*
  236. * Type of function passed to SEC_PKCS7Decode or SEC_PKCS7DecoderStart.
  237. * This function in intended to be used to verify that decrypting a
  238. * particular crypto algorithm is allowed. Content types which do not
  239. * require decryption will not need the callback. If the callback
  240. * is not specified for content types which require decryption, the
  241. * decryption will be disallowed.
  242. */
  243. typedef PRBool (* SEC_PKCS7DecryptionAllowedCallback)(SECAlgorithmID *algid,
  244. PK11SymKey *bulkkey);
  245. #endif /* _PKCS7T_H_ */