The Tor Browser: security/nss/lib/pkcs7/pkcs7t.h@b8a032363ba2 (annotated)

security/nss/lib/pkcs7/pkcs7t.h@b8a032363ba2 (annotated)

security/nss/lib/pkcs7/pkcs7t.h

Thu, 22 Jan 2015 13:21:57 +0100

author: Michael Schloh von Bennewitz <michael@schloh.com>
date: Thu, 22 Jan 2015 13:21:57 +0100
branch: TOR_BUG_9701
changeset 15: b8a032363ba2
permissions: -rw-r--r--

Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6

 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 /*
  * Header for pkcs7 types.
  */
 #ifndef _PKCS7T_H_
 #define _PKCS7T_H_
 #include "plarena.h"
 #include "seccomon.h"
 #include "secoidt.h"
 #include "certt.h"
 #include "secmodt.h"
 /* Opaque objects */
 typedef struct SEC_PKCS7DecoderContextStr SEC_PKCS7DecoderContext;
 typedef struct SEC_PKCS7EncoderContextStr SEC_PKCS7EncoderContext;
 /* legacy defines that haven't been active for years */
 typedef void *(*SECKEYGetPasswordKey)(void *arg, void *handle);
 /* Non-opaque objects.  NOTE, though: I want them to be treated as
  * opaque as much as possible.  If I could hide them completely,
  * I would.  (I tried, but ran into trouble that was taking me too
  * much time to get out of.)  I still intend to try to do so.
  * In fact, the only type that "outsiders" should even *name* is
  * SEC_PKCS7ContentInfo, and they should not reference its fields.
  */
 /* rjr: PKCS #11 cert handling (pk11cert.c) does use SEC_PKCS7RecipientInfo's.
  * This is because when we search the recipient list for the cert and key we
  * want, we need to invert the order of the loops we used to have. The old
  * loops were:
  *
  *  For each recipient {
  *       find_cert = PK11_Find_AllCert(recipient->issuerSN);
  *       [which unrolls to... ]
  *       For each slot {
  *            Log into slot;
  *            search slot for cert;
  *      }
  *  }
  *
  *  the new loop searchs all the recipients at once on a slot. this allows
  *  PKCS #11 to order slots in such a way that logout slots don't get checked
  *  if we can find the cert on a logged in slot. This eliminates lots of
  *  spurious password prompts when smart cards are installed... so why this
  *  comment? If you make SEC_PKCS7RecipientInfo completely opaque, you need
  *  to provide a non-opaque list of issuerSN's (the only field PKCS#11 needs
  *  and fix up pk11cert.c first. NOTE: Only S/MIME calls this special PKCS #11
  *  function.
  */
 typedef struct SEC_PKCS7ContentInfoStr SEC_PKCS7ContentInfo;
 typedef struct SEC_PKCS7SignedDataStr SEC_PKCS7SignedData;
 typedef struct SEC_PKCS7EncryptedContentInfoStr SEC_PKCS7EncryptedContentInfo;
 typedef struct SEC_PKCS7EnvelopedDataStr SEC_PKCS7EnvelopedData;
 typedef struct SEC_PKCS7SignedAndEnvelopedDataStr
 		SEC_PKCS7SignedAndEnvelopedData;
 typedef struct SEC_PKCS7SignerInfoStr SEC_PKCS7SignerInfo;
 typedef struct SEC_PKCS7RecipientInfoStr SEC_PKCS7RecipientInfo;
 typedef struct SEC_PKCS7DigestedDataStr SEC_PKCS7DigestedData;
 typedef struct SEC_PKCS7EncryptedDataStr SEC_PKCS7EncryptedData;
 /*
  * The following is not actually a PKCS7 type, but for now it is only
  * used by PKCS7, so we have adopted it.  If someone else *ever* needs
  * it, its name should be changed and it should be moved out of here.
  * Do not dare to use it without doing so!
  */
 typedef struct SEC_PKCS7AttributeStr SEC_PKCS7Attribute;
 struct SEC_PKCS7ContentInfoStr {
     PLArenaPool *poolp;			/* local; not part of encoding */
     PRBool created;			/* local; not part of encoding */
     int refCount;			/* local; not part of encoding */
     SECOidData *contentTypeTag;		/* local; not part of encoding */
     SECKEYGetPasswordKey pwfn;		/* local; not part of encoding */
     void *pwfn_arg;			/* local; not part of encoding */
     SECItem contentType;
     union {
 	SECItem				*data;
 	SEC_PKCS7DigestedData		*digestedData;
 	SEC_PKCS7EncryptedData		*encryptedData;
 	SEC_PKCS7EnvelopedData		*envelopedData;
 	SEC_PKCS7SignedData		*signedData;
 	SEC_PKCS7SignedAndEnvelopedData	*signedAndEnvelopedData;
     } content;
 };
 struct SEC_PKCS7SignedDataStr {
     SECItem version;
     SECAlgorithmID **digestAlgorithms;
     SEC_PKCS7ContentInfo contentInfo;
     SECItem **rawCerts;
     CERTSignedCrl **crls;
     SEC_PKCS7SignerInfo **signerInfos;
     SECItem **digests;			/* local; not part of encoding */
     CERTCertificate **certs;		/* local; not part of encoding */
     CERTCertificateList **certLists;	/* local; not part of encoding */
 };
 #define SEC_PKCS7_SIGNED_DATA_VERSION		1	/* what we *create* */
 struct SEC_PKCS7EncryptedContentInfoStr {
     SECOidData *contentTypeTag;		/* local; not part of encoding */
     SECItem contentType;
     SECAlgorithmID contentEncAlg;
     SECItem encContent;
     SECItem plainContent;		/* local; not part of encoding */
 					/* bytes not encrypted, but encoded */
     int keysize;			/* local; not part of encoding */
 					/* size of bulk encryption key
 					 * (only used by creation code) */
     SECOidTag encalg;			/* local; not part of encoding */
 					/* oid tag of encryption algorithm
 					 * (only used by creation code) */
 };
 struct SEC_PKCS7EnvelopedDataStr {
     SECItem version;
     SEC_PKCS7RecipientInfo **recipientInfos;
     SEC_PKCS7EncryptedContentInfo encContentInfo;
 };
 #define SEC_PKCS7_ENVELOPED_DATA_VERSION	0	/* what we *create* */
 struct SEC_PKCS7SignedAndEnvelopedDataStr {
     SECItem version;
     SEC_PKCS7RecipientInfo **recipientInfos;
     SECAlgorithmID **digestAlgorithms;
     SEC_PKCS7EncryptedContentInfo encContentInfo;
     SECItem **rawCerts;
     CERTSignedCrl **crls;
     SEC_PKCS7SignerInfo **signerInfos;
     SECItem **digests;			/* local; not part of encoding */
     CERTCertificate **certs;		/* local; not part of encoding */
     CERTCertificateList **certLists;	/* local; not part of encoding */
     PK11SymKey *sigKey;			/* local; not part of encoding */
 };
 #define SEC_PKCS7_SIGNED_AND_ENVELOPED_DATA_VERSION 1	/* what we *create* */
 struct SEC_PKCS7SignerInfoStr {
     SECItem version;
     CERTIssuerAndSN *issuerAndSN;
     SECAlgorithmID digestAlg;
     SEC_PKCS7Attribute **authAttr;
     SECAlgorithmID digestEncAlg;
     SECItem encDigest;
     SEC_PKCS7Attribute **unAuthAttr;
     CERTCertificate *cert;		/* local; not part of encoding */
     CERTCertificateList *certList;	/* local; not part of encoding */
 };
 #define SEC_PKCS7_SIGNER_INFO_VERSION		1	/* what we *create* */
 struct SEC_PKCS7RecipientInfoStr {
     SECItem version;
     CERTIssuerAndSN *issuerAndSN;
     SECAlgorithmID keyEncAlg;
     SECItem encKey;
     CERTCertificate *cert;		/* local; not part of encoding */
 };
 #define SEC_PKCS7_RECIPIENT_INFO_VERSION	0	/* what we *create* */
 struct SEC_PKCS7DigestedDataStr {
     SECItem version;
     SECAlgorithmID digestAlg;
     SEC_PKCS7ContentInfo contentInfo;
     SECItem digest;
 };
 #define SEC_PKCS7_DIGESTED_DATA_VERSION		0	/* what we *create* */
 struct SEC_PKCS7EncryptedDataStr {
     SECItem version;
     SEC_PKCS7EncryptedContentInfo encContentInfo;
 };
 #define SEC_PKCS7_ENCRYPTED_DATA_VERSION	0	/* what we *create* */
 /*
  * See comment above about this type not really belonging to PKCS7.
  */
 struct SEC_PKCS7AttributeStr {
     /* The following fields make up an encoded Attribute: */
     SECItem type;
     SECItem **values;	/* data may or may not be encoded */
     /* The following fields are not part of an encoded Attribute: */
     SECOidData *typeTag;
     PRBool encoded;	/* when true, values are encoded */
 };
 /*
  * Type of function passed to SEC_PKCS7Decode or SEC_PKCS7DecoderStart.
  * If specified, this is where the content bytes (only) will be "sent"
  * as they are recovered during the decoding.
  *
  * XXX Should just combine this with SEC_PKCS7EncoderContentCallback type
  * and use a simpler, common name.
  */
 typedef void (* SEC_PKCS7DecoderContentCallback)(void *arg,
 						 const char *buf,
 						 unsigned long len);
 /*
  * Type of function passed to SEC_PKCS7Encode or SEC_PKCS7EncoderStart.
  * This is where the encoded bytes will be "sent".
  *
  * XXX Should just combine this with SEC_PKCS7DecoderContentCallback type
  * and use a simpler, common name.
  */
 typedef void (* SEC_PKCS7EncoderOutputCallback)(void *arg,
 						const char *buf,
 						unsigned long len);
 /*
  * Type of function passed to SEC_PKCS7Decode or SEC_PKCS7DecoderStart
  * to retrieve the decryption key.  This function is inteded to be
  * used for EncryptedData content info's which do not have a key available
  * in a certificate, etc.
  */
 typedef PK11SymKey * (* SEC_PKCS7GetDecryptKeyCallback)(void *arg,
 							SECAlgorithmID *algid);
 /*
  * Type of function passed to SEC_PKCS7Decode or SEC_PKCS7DecoderStart.
  * This function in intended to be used to verify that decrypting a
  * particular crypto algorithm is allowed.  Content types which do not
  * require decryption will not need the callback.  If the callback
  * is not specified for content types which require decryption, the
  * decryption will be disallowed.
  */
 typedef PRBool (* SEC_PKCS7DecryptionAllowedCallback)(SECAlgorithmID *algid,
 						      PK11SymKey *bulkkey);
 #endif /* _PKCS7T_H_ */

The Tor Browser / annotate

security/nss/lib/pkcs7/pkcs7t.h@b8a032363ba2 (annotated)

security/nss/lib/pkcs7/pkcs7t.h