security/nss/lib/pkcs7/pkcs7t.h@7e26c7da4463
security/nss/lib/pkcs7/pkcs7t.h
Wed, 31 Dec 2014 06:55:50 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 31 Dec 2014 06:55:50 +0100
- changeset 2
- 7e26c7da4463
- permissions
- -rw-r--r--
Added tag UPSTREAM_283F7C6 for changeset ca08bd8f51b2
1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
5 /*
6 * Header for pkcs7 types.
7 */
9 #ifndef _PKCS7T_H_
10 #define _PKCS7T_H_
12 #include "plarena.h"
14 #include "seccomon.h"
15 #include "secoidt.h"
16 #include "certt.h"
17 #include "secmodt.h"
19 /* Opaque objects */
20 typedef struct SEC_PKCS7DecoderContextStr SEC_PKCS7DecoderContext;
21 typedef struct SEC_PKCS7EncoderContextStr SEC_PKCS7EncoderContext;
23 /* legacy defines that haven't been active for years */
24 typedef void *(*SECKEYGetPasswordKey)(void *arg, void *handle);
27 /* Non-opaque objects. NOTE, though: I want them to be treated as
28 * opaque as much as possible. If I could hide them completely,
29 * I would. (I tried, but ran into trouble that was taking me too
30 * much time to get out of.) I still intend to try to do so.
31 * In fact, the only type that "outsiders" should even *name* is
32 * SEC_PKCS7ContentInfo, and they should not reference its fields.
33 */
34 /* rjr: PKCS #11 cert handling (pk11cert.c) does use SEC_PKCS7RecipientInfo's.
35 * This is because when we search the recipient list for the cert and key we
36 * want, we need to invert the order of the loops we used to have. The old
37 * loops were:
38 *
39 * For each recipient {
40 * find_cert = PK11_Find_AllCert(recipient->issuerSN);
41 * [which unrolls to... ]
42 * For each slot {
43 * Log into slot;
44 * search slot for cert;
45 * }
46 * }
47 *
48 * the new loop searchs all the recipients at once on a slot. this allows
49 * PKCS #11 to order slots in such a way that logout slots don't get checked
50 * if we can find the cert on a logged in slot. This eliminates lots of
51 * spurious password prompts when smart cards are installed... so why this
52 * comment? If you make SEC_PKCS7RecipientInfo completely opaque, you need
53 * to provide a non-opaque list of issuerSN's (the only field PKCS#11 needs
54 * and fix up pk11cert.c first. NOTE: Only S/MIME calls this special PKCS #11
55 * function.
56 */
57 typedef struct SEC_PKCS7ContentInfoStr SEC_PKCS7ContentInfo;
58 typedef struct SEC_PKCS7SignedDataStr SEC_PKCS7SignedData;
59 typedef struct SEC_PKCS7EncryptedContentInfoStr SEC_PKCS7EncryptedContentInfo;
60 typedef struct SEC_PKCS7EnvelopedDataStr SEC_PKCS7EnvelopedData;
61 typedef struct SEC_PKCS7SignedAndEnvelopedDataStr
62 SEC_PKCS7SignedAndEnvelopedData;
63 typedef struct SEC_PKCS7SignerInfoStr SEC_PKCS7SignerInfo;
64 typedef struct SEC_PKCS7RecipientInfoStr SEC_PKCS7RecipientInfo;
65 typedef struct SEC_PKCS7DigestedDataStr SEC_PKCS7DigestedData;
66 typedef struct SEC_PKCS7EncryptedDataStr SEC_PKCS7EncryptedData;
67 /*
68 * The following is not actually a PKCS7 type, but for now it is only
69 * used by PKCS7, so we have adopted it. If someone else *ever* needs
70 * it, its name should be changed and it should be moved out of here.
71 * Do not dare to use it without doing so!
72 */
73 typedef struct SEC_PKCS7AttributeStr SEC_PKCS7Attribute;
75 struct SEC_PKCS7ContentInfoStr {
76 PLArenaPool *poolp; /* local; not part of encoding */
77 PRBool created; /* local; not part of encoding */
78 int refCount; /* local; not part of encoding */
79 SECOidData *contentTypeTag; /* local; not part of encoding */
80 SECKEYGetPasswordKey pwfn; /* local; not part of encoding */
81 void *pwfn_arg; /* local; not part of encoding */
82 SECItem contentType;
83 union {
84 SECItem *data;
85 SEC_PKCS7DigestedData *digestedData;
86 SEC_PKCS7EncryptedData *encryptedData;
87 SEC_PKCS7EnvelopedData *envelopedData;
88 SEC_PKCS7SignedData *signedData;
89 SEC_PKCS7SignedAndEnvelopedData *signedAndEnvelopedData;
90 } content;
91 };
93 struct SEC_PKCS7SignedDataStr {
94 SECItem version;
95 SECAlgorithmID **digestAlgorithms;
96 SEC_PKCS7ContentInfo contentInfo;
97 SECItem **rawCerts;
98 CERTSignedCrl **crls;
99 SEC_PKCS7SignerInfo **signerInfos;
100 SECItem **digests; /* local; not part of encoding */
101 CERTCertificate **certs; /* local; not part of encoding */
102 CERTCertificateList **certLists; /* local; not part of encoding */
103 };
104 #define SEC_PKCS7_SIGNED_DATA_VERSION 1 /* what we *create* */
106 struct SEC_PKCS7EncryptedContentInfoStr {
107 SECOidData *contentTypeTag; /* local; not part of encoding */
108 SECItem contentType;
109 SECAlgorithmID contentEncAlg;
110 SECItem encContent;
111 SECItem plainContent; /* local; not part of encoding */
112 /* bytes not encrypted, but encoded */
113 int keysize; /* local; not part of encoding */
114 /* size of bulk encryption key
115 * (only used by creation code) */
116 SECOidTag encalg; /* local; not part of encoding */
117 /* oid tag of encryption algorithm
118 * (only used by creation code) */
119 };
121 struct SEC_PKCS7EnvelopedDataStr {
122 SECItem version;
123 SEC_PKCS7RecipientInfo **recipientInfos;
124 SEC_PKCS7EncryptedContentInfo encContentInfo;
125 };
126 #define SEC_PKCS7_ENVELOPED_DATA_VERSION 0 /* what we *create* */
128 struct SEC_PKCS7SignedAndEnvelopedDataStr {
129 SECItem version;
130 SEC_PKCS7RecipientInfo **recipientInfos;
131 SECAlgorithmID **digestAlgorithms;
132 SEC_PKCS7EncryptedContentInfo encContentInfo;
133 SECItem **rawCerts;
134 CERTSignedCrl **crls;
135 SEC_PKCS7SignerInfo **signerInfos;
136 SECItem **digests; /* local; not part of encoding */
137 CERTCertificate **certs; /* local; not part of encoding */
138 CERTCertificateList **certLists; /* local; not part of encoding */
139 PK11SymKey *sigKey; /* local; not part of encoding */
140 };
141 #define SEC_PKCS7_SIGNED_AND_ENVELOPED_DATA_VERSION 1 /* what we *create* */
143 struct SEC_PKCS7SignerInfoStr {
144 SECItem version;
145 CERTIssuerAndSN *issuerAndSN;
146 SECAlgorithmID digestAlg;
147 SEC_PKCS7Attribute **authAttr;
148 SECAlgorithmID digestEncAlg;
149 SECItem encDigest;
150 SEC_PKCS7Attribute **unAuthAttr;
151 CERTCertificate *cert; /* local; not part of encoding */
152 CERTCertificateList *certList; /* local; not part of encoding */
153 };
154 #define SEC_PKCS7_SIGNER_INFO_VERSION 1 /* what we *create* */
156 struct SEC_PKCS7RecipientInfoStr {
157 SECItem version;
158 CERTIssuerAndSN *issuerAndSN;
159 SECAlgorithmID keyEncAlg;
160 SECItem encKey;
161 CERTCertificate *cert; /* local; not part of encoding */
162 };
163 #define SEC_PKCS7_RECIPIENT_INFO_VERSION 0 /* what we *create* */
165 struct SEC_PKCS7DigestedDataStr {
166 SECItem version;
167 SECAlgorithmID digestAlg;
168 SEC_PKCS7ContentInfo contentInfo;
169 SECItem digest;
170 };
171 #define SEC_PKCS7_DIGESTED_DATA_VERSION 0 /* what we *create* */
173 struct SEC_PKCS7EncryptedDataStr {
174 SECItem version;
175 SEC_PKCS7EncryptedContentInfo encContentInfo;
176 };
177 #define SEC_PKCS7_ENCRYPTED_DATA_VERSION 0 /* what we *create* */
179 /*
180 * See comment above about this type not really belonging to PKCS7.
181 */
182 struct SEC_PKCS7AttributeStr {
183 /* The following fields make up an encoded Attribute: */
184 SECItem type;
185 SECItem **values; /* data may or may not be encoded */
186 /* The following fields are not part of an encoded Attribute: */
187 SECOidData *typeTag;
188 PRBool encoded; /* when true, values are encoded */
189 };
191 /*
192 * Type of function passed to SEC_PKCS7Decode or SEC_PKCS7DecoderStart.
193 * If specified, this is where the content bytes (only) will be "sent"
194 * as they are recovered during the decoding.
195 *
196 * XXX Should just combine this with SEC_PKCS7EncoderContentCallback type
197 * and use a simpler, common name.
198 */
199 typedef void (* SEC_PKCS7DecoderContentCallback)(void *arg,
200 const char *buf,
201 unsigned long len);
203 /*
204 * Type of function passed to SEC_PKCS7Encode or SEC_PKCS7EncoderStart.
205 * This is where the encoded bytes will be "sent".
206 *
207 * XXX Should just combine this with SEC_PKCS7DecoderContentCallback type
208 * and use a simpler, common name.
209 */
210 typedef void (* SEC_PKCS7EncoderOutputCallback)(void *arg,
211 const char *buf,
212 unsigned long len);
215 /*
216 * Type of function passed to SEC_PKCS7Decode or SEC_PKCS7DecoderStart
217 * to retrieve the decryption key. This function is inteded to be
218 * used for EncryptedData content info's which do not have a key available
219 * in a certificate, etc.
220 */
221 typedef PK11SymKey * (* SEC_PKCS7GetDecryptKeyCallback)(void *arg,
222 SECAlgorithmID *algid);
224 /*
225 * Type of function passed to SEC_PKCS7Decode or SEC_PKCS7DecoderStart.
226 * This function in intended to be used to verify that decrypting a
227 * particular crypto algorithm is allowed. Content types which do not
228 * require decryption will not need the callback. If the callback
229 * is not specified for content types which require decryption, the
230 * decryption will be disallowed.
231 */
232 typedef PRBool (* SEC_PKCS7DecryptionAllowedCallback)(SECAlgorithmID *algid,
233 PK11SymKey *bulkkey);
235 #endif /* _PKCS7T_H_ */
