1 /* This Source Code Form is subject to the terms of the Mozilla Public 2 * License, v. 2.0. If a copy of the MPL was not distributed with this 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 4 5 /* 6 * Header for pkcs7 types. 7 */ 8 9 #ifndef _PKCS7T_H_ 10 #define _PKCS7T_H_ 11 12 #include "plarena.h" 13 14 #include "seccomon.h" 15 #include "secoidt.h" 16 #include "certt.h" 17 #include "secmodt.h" 18 19 /* Opaque objects */ 20 typedef struct SEC_PKCS7DecoderContextStr SEC_PKCS7DecoderContext; 21 typedef struct SEC_PKCS7EncoderContextStr SEC_PKCS7EncoderContext; 22 23 /* legacy defines that haven't been active for years */ 24 typedef void *(*SECKEYGetPasswordKey)(void *arg, void *handle); 25 26 /* Non-opaque objects. NOTE, though: I want them to be treated as 27 * opaque as much as possible. If I could hide them completely, 28 * I would. (I tried, but ran into trouble that was taking me too 29 * much time to get out of.) I still intend to try to do so. 30 * In fact, the only type that "outsiders" should even *name* is 31 * SEC_PKCS7ContentInfo, and they should not reference its fields. 32 */ 33 /* rjr: PKCS #11 cert handling (pk11cert.c) does use SEC_PKCS7RecipientInfo's. 34 * This is because when we search the recipient list for the cert and key we 35 * want, we need to invert the order of the loops we used to have. The old 36 * loops were: 37 * 38 * For each recipient { 39 * find_cert = PK11_Find_AllCert(recipient->issuerSN); 40 * [which unrolls to... ] 41 * For each slot { 42 * Log into slot; 43 * search slot for cert; 44 * } 45 * } 46 * 47 * the new loop searchs all the recipients at once on a slot. this allows 48 * PKCS #11 to order slots in such a way that logout slots don't get checked 49 * if we can find the cert on a logged in slot. This eliminates lots of 50 * spurious password prompts when smart cards are installed... so why this 51 * comment? If you make SEC_PKCS7RecipientInfo completely opaque, you need 52 * to provide a non-opaque list of issuerSN's (the only field PKCS#11 needs 53 * and fix up pk11cert.c first. NOTE: Only S/MIME calls this special PKCS #11 54 * function. 55 */ 56 typedef struct SEC_PKCS7ContentInfoStr SEC_PKCS7ContentInfo; 57 typedef struct SEC_PKCS7SignedDataStr SEC_PKCS7SignedData; 58 typedef struct SEC_PKCS7EncryptedContentInfoStr SEC_PKCS7EncryptedContentInfo; 59 typedef struct SEC_PKCS7EnvelopedDataStr SEC_PKCS7EnvelopedData; 60 typedef struct SEC_PKCS7SignedAndEnvelopedDataStr 61 SEC_PKCS7SignedAndEnvelopedData; 62 typedef struct SEC_PKCS7SignerInfoStr SEC_PKCS7SignerInfo; 63 typedef struct SEC_PKCS7RecipientInfoStr SEC_PKCS7RecipientInfo; 64 typedef struct SEC_PKCS7DigestedDataStr SEC_PKCS7DigestedData; 65 typedef struct SEC_PKCS7EncryptedDataStr SEC_PKCS7EncryptedData; 66 /* 67 * The following is not actually a PKCS7 type, but for now it is only 68 * used by PKCS7, so we have adopted it. If someone else *ever* needs 69 * it, its name should be changed and it should be moved out of here. 70 * Do not dare to use it without doing so! 71 */ 72 typedef struct SEC_PKCS7AttributeStr SEC_PKCS7Attribute; 73 74 struct SEC_PKCS7ContentInfoStr { 75 PLArenaPool *poolp; /* local; not part of encoding */ 76 PRBool created; /* local; not part of encoding */ 77 int refCount; /* local; not part of encoding */ 78 SECOidData *contentTypeTag; /* local; not part of encoding */ 79 SECKEYGetPasswordKey pwfn; /* local; not part of encoding */ 80 void *pwfn_arg; /* local; not part of encoding */ 81 SECItem contentType; 82 union { 83 SECItem *data; 84 SEC_PKCS7DigestedData *digestedData; 85 SEC_PKCS7EncryptedData *encryptedData; 86 SEC_PKCS7EnvelopedData *envelopedData; 87 SEC_PKCS7SignedData *signedData; 88 SEC_PKCS7SignedAndEnvelopedData *signedAndEnvelopedData; 89 } content; 90 }; 91 92 struct SEC_PKCS7SignedDataStr { 93 SECItem version; 94 SECAlgorithmID **digestAlgorithms; 95 SEC_PKCS7ContentInfo contentInfo; 96 SECItem **rawCerts; 97 CERTSignedCrl **crls; 98 SEC_PKCS7SignerInfo **signerInfos; 99 SECItem **digests; /* local; not part of encoding */ 100 CERTCertificate **certs; /* local; not part of encoding */ 101 CERTCertificateList **certLists; /* local; not part of encoding */ 102 }; 103 #define SEC_PKCS7_SIGNED_DATA_VERSION 1 /* what we *create* */ 104 105 struct SEC_PKCS7EncryptedContentInfoStr { 106 SECOidData *contentTypeTag; /* local; not part of encoding */ 107 SECItem contentType; 108 SECAlgorithmID contentEncAlg; 109 SECItem encContent; 110 SECItem plainContent; /* local; not part of encoding */ 111 /* bytes not encrypted, but encoded */ 112 int keysize; /* local; not part of encoding */ 113 /* size of bulk encryption key 114 * (only used by creation code) */ 115 SECOidTag encalg; /* local; not part of encoding */ 116 /* oid tag of encryption algorithm 117 * (only used by creation code) */ 118 }; 119 120 struct SEC_PKCS7EnvelopedDataStr { 121 SECItem version; 122 SEC_PKCS7RecipientInfo **recipientInfos; 123 SEC_PKCS7EncryptedContentInfo encContentInfo; 124 }; 125 #define SEC_PKCS7_ENVELOPED_DATA_VERSION 0 /* what we *create* */ 126 127 struct SEC_PKCS7SignedAndEnvelopedDataStr { 128 SECItem version; 129 SEC_PKCS7RecipientInfo **recipientInfos; 130 SECAlgorithmID **digestAlgorithms; 131 SEC_PKCS7EncryptedContentInfo encContentInfo; 132 SECItem **rawCerts; 133 CERTSignedCrl **crls; 134 SEC_PKCS7SignerInfo **signerInfos; 135 SECItem **digests; /* local; not part of encoding */ 136 CERTCertificate **certs; /* local; not part of encoding */ 137 CERTCertificateList **certLists; /* local; not part of encoding */ 138 PK11SymKey *sigKey; /* local; not part of encoding */ 139 }; 140 #define SEC_PKCS7_SIGNED_AND_ENVELOPED_DATA_VERSION 1 /* what we *create* */ 141 142 struct SEC_PKCS7SignerInfoStr { 143 SECItem version; 144 CERTIssuerAndSN *issuerAndSN; 145 SECAlgorithmID digestAlg; 146 SEC_PKCS7Attribute **authAttr; 147 SECAlgorithmID digestEncAlg; 148 SECItem encDigest; 149 SEC_PKCS7Attribute **unAuthAttr; 150 CERTCertificate *cert; /* local; not part of encoding */ 151 CERTCertificateList *certList; /* local; not part of encoding */ 152 }; 153 #define SEC_PKCS7_SIGNER_INFO_VERSION 1 /* what we *create* */ 154 155 struct SEC_PKCS7RecipientInfoStr { 156 SECItem version; 157 CERTIssuerAndSN *issuerAndSN; 158 SECAlgorithmID keyEncAlg; 159 SECItem encKey; 160 CERTCertificate *cert; /* local; not part of encoding */ 161 }; 162 #define SEC_PKCS7_RECIPIENT_INFO_VERSION 0 /* what we *create* */ 163 164 struct SEC_PKCS7DigestedDataStr { 165 SECItem version; 166 SECAlgorithmID digestAlg; 167 SEC_PKCS7ContentInfo contentInfo; 168 SECItem digest; 169 }; 170 #define SEC_PKCS7_DIGESTED_DATA_VERSION 0 /* what we *create* */ 171 172 struct SEC_PKCS7EncryptedDataStr { 173 SECItem version; 174 SEC_PKCS7EncryptedContentInfo encContentInfo; 175 }; 176 #define SEC_PKCS7_ENCRYPTED_DATA_VERSION 0 /* what we *create* */ 177 178 /* 179 * See comment above about this type not really belonging to PKCS7. 180 */ 181 struct SEC_PKCS7AttributeStr { 182 /* The following fields make up an encoded Attribute: */ 183 SECItem type; 184 SECItem **values; /* data may or may not be encoded */ 185 /* The following fields are not part of an encoded Attribute: */ 186 SECOidData *typeTag; 187 PRBool encoded; /* when true, values are encoded */ 188 }; 189 190 /* 191 * Type of function passed to SEC_PKCS7Decode or SEC_PKCS7DecoderStart. 192 * If specified, this is where the content bytes (only) will be "sent" 193 * as they are recovered during the decoding. 194 * 195 * XXX Should just combine this with SEC_PKCS7EncoderContentCallback type 196 * and use a simpler, common name. 197 */ 198 typedef void (*SEC_PKCS7DecoderContentCallback)(void *arg, 199 const char *buf, 200 unsigned long len); 201 202 /* 203 * Type of function passed to SEC_PKCS7Encode or SEC_PKCS7EncoderStart. 204 * This is where the encoded bytes will be "sent". 205 * 206 * XXX Should just combine this with SEC_PKCS7DecoderContentCallback type 207 * and use a simpler, common name. 208 */ 209 typedef void (*SEC_PKCS7EncoderOutputCallback)(void *arg, 210 const char *buf, 211 unsigned long len); 212 213 /* 214 * Type of function passed to SEC_PKCS7Decode or SEC_PKCS7DecoderStart 215 * to retrieve the decryption key. This function is inteded to be 216 * used for EncryptedData content info's which do not have a key available 217 * in a certificate, etc. 218 */ 219 typedef PK11SymKey *(*SEC_PKCS7GetDecryptKeyCallback)(void *arg, 220 SECAlgorithmID *algid); 221 222 /* 223 * Type of function passed to SEC_PKCS7Decode or SEC_PKCS7DecoderStart. 224 * This function in intended to be used to verify that decrypting a 225 * particular crypto algorithm is allowed. Content types which do not 226 * require decryption will not need the callback. If the callback 227 * is not specified for content types which require decryption, the 228 * decryption will be disallowed. 229 */ 230 typedef PRBool (*SEC_PKCS7DecryptionAllowedCallback)(SECAlgorithmID *algid, 231 PK11SymKey *bulkkey); 232 233 #endif /* _PKCS7T_H_ */ 234