[apple/security.git] / libsecurity_smime / lib / cmstpriv.h

/*
 * The contents of this file are subject to the Mozilla Public
 * License Version 1.1 (the "License"); you may not use this file
 * except in compliance with the License. You may obtain a copy of
 * the License at http://www.mozilla.org/MPL/
 * 
 * Software distributed under the License is distributed on an "AS
 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
 * implied. See the License for the specific language governing
 * rights and limitations under the License.
 * 
 * The Original Code is the Netscape security libraries.
 * 
 * The Initial Developer of the Original Code is Netscape
 * Communications Corporation.  Portions created by Netscape are 
 * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
 * Rights Reserved.
 * 
 * Contributor(s):
 * 
 * Alternatively, the contents of this file may be used under the
 * terms of the GNU General Public License Version 2 or later (the
 * "GPL"), in which case the provisions of the GPL are applicable 
 * instead of those above.  If you wish to allow use of your 
 * version of this file only under the terms of the GPL and not to
 * allow others to use your version of this file under the MPL,
 * indicate your decision by deleting the provisions above and
 * replace them with the notice and other provisions required by
 * the GPL.  If you do not delete the provisions above, a recipient
 * may use your version of this file under either the MPL or the
 * GPL.
 */

/*
 * Header for CMS types.
 */

#ifndef _CMSTPRIV_H_
#define _CMSTPRIV_H_

#include <Security/SecCmsBase.h>
#include <security_smime/secoidt.h>

#include <Security/secasn1t.h>
#include <security_asn1/plarenas.h>
#include <Security/nameTemplates.h>

#include <CoreFoundation/CFArray.h>
#include <CoreFoundation/CFDate.h>
#include <Security/SecCertificate.h>
#include <Security/SecKey.h>

/* rjr: PKCS #11 cert handling (pk11cert.c) does use SecCmsRecipientInfo's.
 * This is because when we search the recipient list for the cert and key we
 * want, we need to invert the order of the loops we used to have. The old
 * loops were:
 *
 *  For each recipient {
 *       find_cert = PK11_Find_AllCert(recipient->issuerSN);
 *       [which unrolls to... ]
 *       For each slot {
 *            Log into slot;
 *            search slot for cert;
 *      }
 *  }
 *
 *  the new loop searchs all the recipients at once on a slot. this allows
 *  PKCS #11 to order slots in such a way that logout slots don't get checked
 *  if we can find the cert on a logged in slot. This eliminates lots of
 *  spurious password prompts when smart cards are installed... so why this
 *  comment? If you make SecCmsRecipientInfo completely opaque, you need
 *  to provide a non-opaque list of issuerSN's (the only field PKCS#11 needs
 *  and fix up pk11cert.c first. NOTE: Only S/MIME calls this special PKCS #11
 *  function.
 */

typedef struct SecCmsContentInfoStr SecCmsContentInfo;
typedef struct SecCmsMessageStr SecCmsMessage;
typedef struct SecCmsSignedDataStr SecCmsSignedData;
typedef struct SecCmsSignerInfoStr SecCmsSignerInfo;
typedef struct SecCmsEnvelopedDataStr SecCmsEnvelopedData;
typedef struct SecCmsRecipientInfoStr SecCmsRecipientInfo;
typedef struct SecCmsDigestedDataStr SecCmsDigestedData;
typedef struct SecCmsEncryptedDataStr SecCmsEncryptedData;

typedef struct SecCmsIssuerAndSNStr SecCmsIssuerAndSN;
typedef struct SecCmsOriginatorInfoStr SecCmsOriginatorInfo;
typedef struct SecCmsAttributeStr SecCmsAttribute;

typedef union SecCmsContentUnion SecCmsContent;
typedef struct SecCmsSignerIdentifierStr SecCmsSignerIdentifier;

typedef struct SecCmsSMIMEKEAParametersStr SecCmsSMIMEKEAParameters;

typedef struct SecCmsCipherContextStr SecCmsCipherContext;
typedef struct SecCmsCipherContextStr *SecCmsCipherContextRef;

/* =============================================================================
 * ENCAPSULATED CONTENTINFO & CONTENTINFO
 */

union SecCmsContentUnion {
    /* either unstructured */
    SecAsn1Item * 			data;
    /* or structured data */
    SecCmsDigestedDataRef 	digestedData;
    SecCmsEncryptedDataRef 	encryptedData;
    SecCmsEnvelopedDataRef 	envelopedData;
    SecCmsSignedDataRef 		signedData;
    /* or anonymous pointer to something */
    void *			pointer;
};

struct SecCmsContentInfoStr {
    SecAsn1Item			contentType;
    SecCmsContent		content;
    /* --------- local; not part of encoding --------- */
    SecCmsMessageRef 	cmsg;			/* back pointer to message */
    SECOidData *		contentTypeTag;	

    /* additional info for encryptedData and envelopedData */
    /* we waste this space for signedData and digestedData. sue me. */

    SECAlgorithmID		contentEncAlg;
    SecAsn1Item * 			rawContent;		/* encrypted DER, optional */
							/* XXXX bytes not encrypted, but encoded? */
    /* --------- local; not part of encoding --------- */
    SecSymmetricKeyRef		bulkkey;		/* bulk encryption key */
    int				keysize;		/* size of bulk encryption key
							 * (only used by creation code) */
    SECOidTag			contentEncAlgTag;	/* oid tag of encryption algorithm
							 * (only used by creation code) */
    SecCmsCipherContextRef ciphcx;		/* context for en/decryption going on */
    SecCmsDigestContextRef digcx;			/* context for digesting going on */
    SecPrivateKeyRef		privkey;		/* @@@ private key is only here as a workaround for 3401088 */
};

/* =============================================================================
 * MESSAGE
 */

struct SecCmsMessageStr {
    SecCmsContentInfo	contentInfo;		/* "outer" cinfo */
    /* --------- local; not part of encoding --------- */
    PLArenaPool *	poolp;
    int			refCount;
    /* properties of the "inner" data */
    void *		pwfn_arg;
    SecCmsGetDecryptKeyCallback decrypt_key_cb;
    void *		decrypt_key_cb_arg;
};

/* =============================================================================
 * SIGNEDDATA
 */

struct SecCmsSignedDataStr {
    SecCmsContentInfo		contentInfo;
    SecAsn1Item			version;
    SECAlgorithmID **		digestAlgorithms;
    SecAsn1Item **		rawCerts;
    SecAsn1Item **		rawCrls;
    SecCmsSignerInfoRef *		signerInfos;
    /* --------- local; not part of encoding --------- */
    //SecCmsMessageRef 		cmsg;			/* back pointer to message */
    SecAsn1Item **		digests;
    CFMutableArrayRef		certs;
};
#define SEC_CMS_SIGNED_DATA_VERSION_BASIC	1	/* what we *create* */
#define SEC_CMS_SIGNED_DATA_VERSION_EXT		3	/* what we *create* */

typedef enum {
    SecCmsSignerIDIssuerSN = 0,
    SecCmsSignerIDSubjectKeyID = 1
} SecCmsSignerIDSelector;

struct SecCmsSignerIdentifierStr {
    SecCmsSignerIDSelector identifierType;
    union {
	SecCmsIssuerAndSN *issuerAndSN;
	SecAsn1Item * subjectKeyID;
    } id;
};

struct SecCmsIssuerAndSNStr {
	NSS_Name issuer;
	SecAsn1Item serialNumber;
    /* --------- local; not part of encoding --------- */
	SecAsn1Item derIssuer;
};

struct SecCmsSignerInfoStr {
    SecAsn1Item			version;
    SecCmsSignerIdentifier	signerIdentifier;
    SECAlgorithmID		digestAlg;
    SecCmsAttribute **		authAttr;
    SECAlgorithmID		digestEncAlg;
    SecAsn1Item			encDigest;
    SecCmsAttribute **		unAuthAttr;
    /* --------- local; not part of encoding --------- */
    //SecCmsMessageRef 		cmsg;			/* back pointer to message */
	SecCmsSignedDataRef		signedData;		/* back pointer to signedData. */
    SecCertificateRef		cert;
    CFArrayRef			certList;
    CFAbsoluteTime		signingTime;
    SecCmsVerificationStatus	verificationStatus;
    SecPrivateKeyRef		signingKey; /* Used if we're using subjKeyID*/
    SecPublicKeyRef		pubKey;
    CFDataRef           hashAgilityAttrValue;
};
#define SEC_CMS_SIGNER_INFO_VERSION_ISSUERSN	1	/* what we *create* */
#define SEC_CMS_SIGNER_INFO_VERSION_SUBJKEY	3	/* what we *create* */

/* =============================================================================
 * ENVELOPED DATA
 */
struct SecCmsEnvelopedDataStr {
    SecCmsContentInfo		contentInfo;
    SecAsn1Item			version;
    SecCmsOriginatorInfo *	originatorInfo;		/* optional */
    SecCmsRecipientInfoRef *	recipientInfos;
    SecCmsAttribute **		unprotectedAttr;
    /* --------- local; not part of encoding --------- */
    //SecCmsMessageRef 		cmsg;			/* back pointer to message */
};
#define SEC_CMS_ENVELOPED_DATA_VERSION_REG	0	/* what we *create* */
#define SEC_CMS_ENVELOPED_DATA_VERSION_ADV	2	/* what we *create* */

struct SecCmsOriginatorInfoStr {
    SecAsn1Item **		rawCerts;
    SecAsn1Item **		rawCrls;
    /* --------- local; not part of encoding --------- */
    SecCertificateRef *		certs;
};

/* -----------------------------------------------------------------------------
 * key transport recipient info
 */
typedef enum {
    SecCmsRecipientIDIssuerSN = 0,
    SecCmsRecipientIDSubjectKeyID = 1
} SecCmsRecipientIDSelector;

struct SecCmsRecipientIdentifierStr {
    SecCmsRecipientIDSelector	identifierType;
    union {
	SecCmsIssuerAndSN	*issuerAndSN;
	SecAsn1Item * subjectKeyID;
    } id;
};
typedef struct SecCmsRecipientIdentifierStr SecCmsRecipientIdentifier;

struct SecCmsKeyTransRecipientInfoStr {
    SecAsn1Item			version;
    SecCmsRecipientIdentifier	recipientIdentifier;
    SECAlgorithmID		keyEncAlg;
    SecAsn1Item			encKey;
};
typedef struct SecCmsKeyTransRecipientInfoStr SecCmsKeyTransRecipientInfo;

/*
 * View comments before SecCmsRecipientInfoStr for purpose of this
 * structure.
 */
struct SecCmsKeyTransRecipientInfoExStr {
    SecCmsKeyTransRecipientInfo recipientInfo;
    int version;  /* version of this structure (0) */
    SecPublicKeyRef pubKey;
};

typedef struct SecCmsKeyTransRecipientInfoExStr SecCmsKeyTransRecipientInfoEx;

#define SEC_CMS_KEYTRANS_RECIPIENT_INFO_VERSION_ISSUERSN	0	/* what we *create* */
#define SEC_CMS_KEYTRANS_RECIPIENT_INFO_VERSION_SUBJKEY		2	/* what we *create* */

/* -----------------------------------------------------------------------------
 * key agreement recipient info
 */
struct SecCmsOriginatorPublicKeyStr {
    SECAlgorithmID			algorithmIdentifier;
    SecAsn1Item				publicKey;			/* bit string! */
};
typedef struct SecCmsOriginatorPublicKeyStr SecCmsOriginatorPublicKey;

typedef enum {
    SecCmsOriginatorIDOrKeyIssuerSN = 0,
    SecCmsOriginatorIDOrKeySubjectKeyID = 1,
    SecCmsOriginatorIDOrKeyOriginatorPublicKey = 2
} SecCmsOriginatorIDOrKeySelector;

struct SecCmsOriginatorIdentifierOrKeyStr {
    SecCmsOriginatorIDOrKeySelector identifierType;
    union {
	SecCmsIssuerAndSN		*issuerAndSN;		/* static-static */
	SecAsn1Item * subjectKeyID;		/* static-static */
	SecCmsOriginatorPublicKey	originatorPublicKey;	/* ephemeral-static */
    } id;
};
typedef struct SecCmsOriginatorIdentifierOrKeyStr SecCmsOriginatorIdentifierOrKey;

struct SecCmsRecipientKeyIdentifierStr {
    SecAsn1Item * 				subjectKeyIdentifier;
    SecAsn1Item * 				date;			/* optional */
    SecAsn1Item * 				other;			/* optional */
};
typedef struct SecCmsRecipientKeyIdentifierStr SecCmsRecipientKeyIdentifier;

typedef enum {
    SecCmsKeyAgreeRecipientIDIssuerSN = 0,
    SecCmsKeyAgreeRecipientIDRKeyID = 1
} SecCmsKeyAgreeRecipientIDSelector;

struct SecCmsKeyAgreeRecipientIdentifierStr {
    SecCmsKeyAgreeRecipientIDSelector	identifierType;
    union {
	SecCmsIssuerAndSN		*issuerAndSN;
	SecCmsRecipientKeyIdentifier	recipientKeyIdentifier;
    } id;
};
typedef struct SecCmsKeyAgreeRecipientIdentifierStr SecCmsKeyAgreeRecipientIdentifier;

struct SecCmsRecipientEncryptedKeyStr {
    SecCmsKeyAgreeRecipientIdentifier	recipientIdentifier;
    SecAsn1Item				encKey;
};
typedef struct SecCmsRecipientEncryptedKeyStr SecCmsRecipientEncryptedKey;

struct SecCmsKeyAgreeRecipientInfoStr {
    SecAsn1Item				version;
    SecCmsOriginatorIdentifierOrKey	originatorIdentifierOrKey;
    SecAsn1Item * 				ukm;				/* optional */
    SECAlgorithmID			keyEncAlg;
    SecCmsRecipientEncryptedKey **	recipientEncryptedKeys;
};
typedef struct SecCmsKeyAgreeRecipientInfoStr SecCmsKeyAgreeRecipientInfo;

#define SEC_CMS_KEYAGREE_RECIPIENT_INFO_VERSION	3	/* what we *create* */

/* -----------------------------------------------------------------------------
 * KEK recipient info
 */
struct SecCmsKEKIdentifierStr {
    SecAsn1Item			keyIdentifier;
    SecAsn1Item * 			date;			/* optional */
    SecAsn1Item * 			other;			/* optional */
};
typedef struct SecCmsKEKIdentifierStr SecCmsKEKIdentifier;

struct SecCmsKEKRecipientInfoStr {
    SecAsn1Item			version;
    SecCmsKEKIdentifier		kekIdentifier;
    SECAlgorithmID		keyEncAlg;
    SecAsn1Item			encKey;
};
typedef struct SecCmsKEKRecipientInfoStr SecCmsKEKRecipientInfo;

#define SEC_CMS_KEK_RECIPIENT_INFO_VERSION	4	/* what we *create* */

/* -----------------------------------------------------------------------------
 * recipient info
 */

typedef enum {
    SecCmsRecipientInfoIDKeyTrans = 0,
    SecCmsRecipientInfoIDKeyAgree = 1,
    SecCmsRecipientInfoIDKEK = 2
} SecCmsRecipientInfoIDSelector;

/*
 * In order to preserve backwards binary compatibility when implementing
 * creation of Recipient Info's that uses subjectKeyID in the 
 * keyTransRecipientInfo we need to stash a public key pointer in this
 * structure somewhere.  We figured out that SecCmsKeyTransRecipientInfo
 * is the smallest member of the ri union.  We're in luck since that's
 * the very structure that would need to use the public key. So we created
 * a new structure SecCmsKeyTransRecipientInfoEx which has a member 
 * SecCmsKeyTransRecipientInfo as the first member followed by a version
 * and a public key pointer.  This way we can keep backwards compatibility
 * without changing the size of this structure.
 *
 * BTW, size of structure:
 * SecCmsKeyTransRecipientInfo:  9 ints, 4 pointers
 * SecCmsKeyAgreeRecipientInfo: 12 ints, 8 pointers
 * SecCmsKEKRecipientInfo:      10 ints, 7 pointers
 *
 * The new structure:
 * SecCmsKeyTransRecipientInfoEx: sizeof(SecCmsKeyTransRecipientInfo) +
 *                                1 int, 1 pointer
 */

struct SecCmsRecipientInfoStr {
    SecCmsRecipientInfoIDSelector recipientInfoType;
    union {
	SecCmsKeyTransRecipientInfo keyTransRecipientInfo;
	SecCmsKeyAgreeRecipientInfo keyAgreeRecipientInfo;
	SecCmsKEKRecipientInfo kekRecipientInfo;
	SecCmsKeyTransRecipientInfoEx keyTransRecipientInfoEx;
    } ri;
    /* --------- local; not part of encoding --------- */
    //SecCmsMessageRef 		cmsg;			/* back pointer to message */
	SecCmsEnvelopedDataRef	envelopedData;	/* back pointer to envelopedData */
    SecCertificateRef 		cert;			/* recipient's certificate */
};

/* =============================================================================
 * DIGESTED DATA
 */
struct SecCmsDigestedDataStr {
    SecCmsContentInfo		contentInfo;
    SecAsn1Item			version;
    SECAlgorithmID		digestAlg;
    SecAsn1Item			digest;
    /* --------- local; not part of encoding --------- */
    //SecCmsMessageRef 		cmsg;		/* back pointer */
    SecAsn1Item			cdigest;	/* calculated digest */
};
#define SEC_CMS_DIGESTED_DATA_VERSION_DATA	0	/* what we *create* */
#define SEC_CMS_DIGESTED_DATA_VERSION_ENCAP	2	/* what we *create* */

/* =============================================================================
 * ENCRYPTED DATA
 */
struct SecCmsEncryptedDataStr {
    SecCmsContentInfo		contentInfo;
    SecAsn1Item			version;
    SecCmsAttribute **		unprotectedAttr;	/* optional */
    /* --------- local; not part of encoding --------- */
    //SecCmsMessageRef 		cmsg;		/* back pointer */
};
#define SEC_CMS_ENCRYPTED_DATA_VERSION		0	/* what we *create* */
#define SEC_CMS_ENCRYPTED_DATA_VERSION_UPATTR	2	/* what we *create* */

/* =============================================================================
 * FORTEZZA KEA
 */

/* An enumerated type used to select templates based on the encryption
   scenario and data specifics. */
typedef enum {
    SecCmsKEAInvalid = -1,
    SecCmsKEAUsesSkipjack = 0,
    SecCmsKEAUsesNonSkipjack = 1,
    SecCmsKEAUsesNonSkipjackWithPaddedEncKey = 2
} SecCmsKEATemplateSelector;

/* ### mwelch - S/MIME KEA parameters. These don't really fit here,
                but I cannot think of a more appropriate place at this time. */
struct SecCmsSMIMEKEAParametersStr {
    SecAsn1Item originatorKEAKey;	/* sender KEA key (encrypted?) */
    SecAsn1Item originatorRA;	/* random number generated by sender */
    SecAsn1Item nonSkipjackIV;	/* init'n vector for SkipjackCBC64
			           decryption of KEA key if Skipjack
				   is not the bulk algorithm used on
				   the message */
    SecAsn1Item bulkKeySize;	/* if Skipjack is not the bulk
			           algorithm used on the message,
				   and the size of the bulk encryption
				   key is not the same as that of
				   originatorKEAKey (due to padding
				   perhaps), this field will contain
				   the real size of the bulk encryption
				   key. */
};

/*
 * *****************************************************************************
 * *****************************************************************************
 * *****************************************************************************
 */

/*
 * See comment above about this type not really belonging to CMS.
 */
struct SecCmsAttributeStr {
    /* The following fields make up an encoded Attribute: */
    SecAsn1Item			type;
    SecAsn1Item **		values;	/* data may or may not be encoded */
    /* The following fields are not part of an encoded Attribute: */
    SECOidData *		typeTag;
    Boolean			encoded;	/* when true, values are encoded */
};


#endif /* _CMSTPRIV_H_ */
Commit	Line	Data
b1ab9ed8 A	1	/*
	2	* The contents of this file are subject to the Mozilla Public
	3	* License Version 1.1 (the "License"); you may not use this file
	4	* except in compliance with the License. You may obtain a copy of
	5	* the License at http://www.mozilla.org/MPL/
	6	*
	7	* Software distributed under the License is distributed on an "AS
	8	* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
	9	* implied. See the License for the specific language governing
	10	* rights and limitations under the License.
	11	*
	12	* The Original Code is the Netscape security libraries.
	13	*
	14	* The Initial Developer of the Original Code is Netscape
	15	* Communications Corporation. Portions created by Netscape are
	16	* Copyright (C) 1994-2000 Netscape Communications Corporation. All
	17	* Rights Reserved.
	18	*
	19	* Contributor(s):
	20	*
	21	* Alternatively, the contents of this file may be used under the
	22	* terms of the GNU General Public License Version 2 or later (the
	23	* "GPL"), in which case the provisions of the GPL are applicable
	24	* instead of those above. If you wish to allow use of your
	25	* version of this file only under the terms of the GPL and not to
	26	* allow others to use your version of this file under the MPL,
	27	* indicate your decision by deleting the provisions above and
	28	* replace them with the notice and other provisions required by
	29	* the GPL. If you do not delete the provisions above, a recipient
	30	* may use your version of this file under either the MPL or the
	31	* GPL.
	32	*/
	33
	34	/*
	35	* Header for CMS types.
	36	*/
	37
	38	#ifndef _CMSTPRIV_H_
	39	#define _CMSTPRIV_H_
	40
	41	#include <Security/SecCmsBase.h>
	42	#include <security_smime/secoidt.h>
	43
	44	#include <Security/secasn1t.h>
	45	#include <security_asn1/plarenas.h>
	46	#include <Security/nameTemplates.h>
	47
	48	#include <CoreFoundation/CFArray.h>
	49	#include <CoreFoundation/CFDate.h>
	50	#include <Security/SecCertificate.h>
	51	#include <Security/SecKey.h>
	52
	53	/* rjr: PKCS #11 cert handling (pk11cert.c) does use SecCmsRecipientInfo's.
	54	* This is because when we search the recipient list for the cert and key we
	55	* want, we need to invert the order of the loops we used to have. The old
	56	* loops were:
	57	*
	58	* For each recipient {
	59	* find_cert = PK11_Find_AllCert(recipient->issuerSN);
	60	* [which unrolls to... ]
	61	* For each slot {
	62	* Log into slot;
	63	* search slot for cert;
	64	* }
65	* }
66	*
67	* the new loop searchs all the recipients at once on a slot. this allows
68	* PKCS #11 to order slots in such a way that logout slots don't get checked
69	* if we can find the cert on a logged in slot. This eliminates lots of
70	* spurious password prompts when smart cards are installed... so why this
71	* comment? If you make SecCmsRecipientInfo completely opaque, you need
72	* to provide a non-opaque list of issuerSN's (the only field PKCS#11 needs
73	* and fix up pk11cert.c first. NOTE: Only S/MIME calls this special PKCS #11
74	* function.
75	*/
76
77	typedef struct SecCmsContentInfoStr SecCmsContentInfo;
78	typedef struct SecCmsMessageStr SecCmsMessage;
79	typedef struct SecCmsSignedDataStr SecCmsSignedData;
80	typedef struct SecCmsSignerInfoStr SecCmsSignerInfo;
81	typedef struct SecCmsEnvelopedDataStr SecCmsEnvelopedData;
82	typedef struct SecCmsRecipientInfoStr SecCmsRecipientInfo;
83	typedef struct SecCmsDigestedDataStr SecCmsDigestedData;
84	typedef struct SecCmsEncryptedDataStr SecCmsEncryptedData;
85
86	typedef struct SecCmsIssuerAndSNStr SecCmsIssuerAndSN;
87	typedef struct SecCmsOriginatorInfoStr SecCmsOriginatorInfo;
88	typedef struct SecCmsAttributeStr SecCmsAttribute;
89
90	typedef union SecCmsContentUnion SecCmsContent;
91	typedef struct SecCmsSignerIdentifierStr SecCmsSignerIdentifier;
92
93	typedef struct SecCmsSMIMEKEAParametersStr SecCmsSMIMEKEAParameters;
94
95	typedef struct SecCmsCipherContextStr SecCmsCipherContext;
96	typedef struct SecCmsCipherContextStr *SecCmsCipherContextRef;
97
98	/* =============================================================================
99	* ENCAPSULATED CONTENTINFO & CONTENTINFO
100	*/
101
102	union SecCmsContentUnion {
103	/* either unstructured */
d8f41ccd	104	SecAsn1Item * data;
b1ab9ed8 A	105	/* or structured data */
	106	SecCmsDigestedDataRef digestedData;
	107	SecCmsEncryptedDataRef encryptedData;
	108	SecCmsEnvelopedDataRef envelopedData;
	109	SecCmsSignedDataRef signedData;
	110	/* or anonymous pointer to something */
	111	void * pointer;
	112	};
	113
	114	struct SecCmsContentInfoStr {
d8f41ccd	115	SecAsn1Item contentType;
b1ab9ed8 A	116	SecCmsContent content;
b1ab9ed8 A	117	/* --------- local; not part of encoding --------- */
d8f41ccd	118	SecCmsMessageRef cmsg; /* back pointer to message */
b1ab9ed8 A	119	SECOidData * contentTypeTag;
	120
	121	/* additional info for encryptedData and envelopedData */
	122	/* we waste this space for signedData and digestedData. sue me. */
	123
	124	SECAlgorithmID contentEncAlg;
d8f41ccd	125	SecAsn1Item * rawContent; /* encrypted DER, optional */
b1ab9ed8 A	126	/* XXXX bytes not encrypted, but encoded? */
	127	/* --------- local; not part of encoding --------- */
	128	SecSymmetricKeyRef bulkkey; /* bulk encryption key */
	129	int keysize; /* size of bulk encryption key
	130	* (only used by creation code) */
	131	SECOidTag contentEncAlgTag; /* oid tag of encryption algorithm
	132	* (only used by creation code) */
	133	SecCmsCipherContextRef ciphcx; /* context for en/decryption going on */
	134	SecCmsDigestContextRef digcx; /* context for digesting going on */
	135	SecPrivateKeyRef privkey; /* @@@ private key is only here as a workaround for 3401088 */
	136	};
	137
	138	/* =============================================================================
	139	* MESSAGE
	140	*/
	141
b1ab9ed8 A	142	struct SecCmsMessageStr {
	143	SecCmsContentInfo contentInfo; /* "outer" cinfo */
	144	/* --------- local; not part of encoding --------- */
	145	PLArenaPool * poolp;
b1ab9ed8 A	146	int refCount;
b1ab9ed8 A	147	/* properties of the "inner" data */
b1ab9ed8 A	148	void * pwfn_arg;
	149	SecCmsGetDecryptKeyCallback decrypt_key_cb;
	150	void * decrypt_key_cb_arg;
b1ab9ed8 A	151	};
	152
	153	/* =============================================================================
	154	* SIGNEDDATA
	155	*/
	156
	157	struct SecCmsSignedDataStr {
b1ab9ed8	158	SecCmsContentInfo contentInfo;
d8f41ccd A	159	SecAsn1Item version;
	160	SECAlgorithmID ** digestAlgorithms;
	161	SecAsn1Item ** rawCerts;
	162	SecAsn1Item ** rawCrls;
b1ab9ed8 A	163	SecCmsSignerInfoRef * signerInfos;
b1ab9ed8 A	164	/* --------- local; not part of encoding --------- */
d8f41ccd A	165	//SecCmsMessageRef cmsg; /* back pointer to message */
d8f41ccd A	166	SecAsn1Item ** digests;
b1ab9ed8 A	167	CFMutableArrayRef certs;
	168	};
	169	#define SEC_CMS_SIGNED_DATA_VERSION_BASIC 1 /* what we create */
	170	#define SEC_CMS_SIGNED_DATA_VERSION_EXT 3 /* what we create */
	171
	172	typedef enum {
	173	SecCmsSignerIDIssuerSN = 0,
	174	SecCmsSignerIDSubjectKeyID = 1
	175	} SecCmsSignerIDSelector;
	176
	177	struct SecCmsSignerIdentifierStr {
	178	SecCmsSignerIDSelector identifierType;
	179	union {
	180	SecCmsIssuerAndSN *issuerAndSN;
d8f41ccd	181	SecAsn1Item * subjectKeyID;
b1ab9ed8 A	182	} id;
	183	};
	184
	185	struct SecCmsIssuerAndSNStr {
	186	NSS_Name issuer;
d8f41ccd	187	SecAsn1Item serialNumber;
b1ab9ed8	188	/* --------- local; not part of encoding --------- */
d8f41ccd	189	SecAsn1Item derIssuer;
b1ab9ed8 A	190	};
	191
	192	struct SecCmsSignerInfoStr {
d8f41ccd	193	SecAsn1Item version;
b1ab9ed8 A	194	SecCmsSignerIdentifier signerIdentifier;
	195	SECAlgorithmID digestAlg;
	196	SecCmsAttribute ** authAttr;
	197	SECAlgorithmID digestEncAlg;
d8f41ccd	198	SecAsn1Item encDigest;
b1ab9ed8 A	199	SecCmsAttribute ** unAuthAttr;
b1ab9ed8 A	200	/* --------- local; not part of encoding --------- */
d8f41ccd A	201	//SecCmsMessageRef cmsg; /* back pointer to message */
d8f41ccd A	202	SecCmsSignedDataRef signedData; /* back pointer to signedData. */
b1ab9ed8 A	203	SecCertificateRef cert;
	204	CFArrayRef certList;
	205	CFAbsoluteTime signingTime;
	206	SecCmsVerificationStatus verificationStatus;
	207	SecPrivateKeyRef signingKey; /* Used if we're using subjKeyID*/
	208	SecPublicKeyRef pubKey;
e3d460c9	209	CFDataRef hashAgilityAttrValue;
b1ab9ed8 A	210	};
	211	#define SEC_CMS_SIGNER_INFO_VERSION_ISSUERSN 1 /* what we create */
	212	#define SEC_CMS_SIGNER_INFO_VERSION_SUBJKEY 3 /* what we create */
	213
	214	/* =============================================================================
	215	* ENVELOPED DATA
	216	*/
	217	struct SecCmsEnvelopedDataStr {
d8f41ccd A	218	SecCmsContentInfo contentInfo;
d8f41ccd A	219	SecAsn1Item version;
b1ab9ed8 A	220	SecCmsOriginatorInfo * originatorInfo; /* optional */
b1ab9ed8 A	221	SecCmsRecipientInfoRef * recipientInfos;
b1ab9ed8 A	222	SecCmsAttribute ** unprotectedAttr;
b1ab9ed8 A	223	/* --------- local; not part of encoding --------- */
d8f41ccd	224	//SecCmsMessageRef cmsg; /* back pointer to message */
b1ab9ed8 A	225	};
	226	#define SEC_CMS_ENVELOPED_DATA_VERSION_REG 0 /* what we create */
	227	#define SEC_CMS_ENVELOPED_DATA_VERSION_ADV 2 /* what we create */
	228
	229	struct SecCmsOriginatorInfoStr {
d8f41ccd A	230	SecAsn1Item ** rawCerts;
d8f41ccd A	231	SecAsn1Item ** rawCrls;
b1ab9ed8 A	232	/* --------- local; not part of encoding --------- */
	233	SecCertificateRef * certs;
	234	};
	235
	236	/* -----------------------------------------------------------------------------
	237	* key transport recipient info
	238	*/
	239	typedef enum {
	240	SecCmsRecipientIDIssuerSN = 0,
	241	SecCmsRecipientIDSubjectKeyID = 1
	242	} SecCmsRecipientIDSelector;
	243
	244	struct SecCmsRecipientIdentifierStr {
	245	SecCmsRecipientIDSelector identifierType;
	246	union {
	247	SecCmsIssuerAndSN *issuerAndSN;
d8f41ccd	248	SecAsn1Item * subjectKeyID;
b1ab9ed8 A	249	} id;
	250	};
	251	typedef struct SecCmsRecipientIdentifierStr SecCmsRecipientIdentifier;
	252
	253	struct SecCmsKeyTransRecipientInfoStr {
d8f41ccd	254	SecAsn1Item version;
b1ab9ed8 A	255	SecCmsRecipientIdentifier recipientIdentifier;
b1ab9ed8 A	256	SECAlgorithmID keyEncAlg;
d8f41ccd	257	SecAsn1Item encKey;
b1ab9ed8 A	258	};
	259	typedef struct SecCmsKeyTransRecipientInfoStr SecCmsKeyTransRecipientInfo;
	260
	261	/*
	262	* View comments before SecCmsRecipientInfoStr for purpose of this
	263	* structure.
	264	*/
	265	struct SecCmsKeyTransRecipientInfoExStr {
	266	SecCmsKeyTransRecipientInfo recipientInfo;
	267	int version; /* version of this structure (0) */
	268	SecPublicKeyRef pubKey;
	269	};
	270
	271	typedef struct SecCmsKeyTransRecipientInfoExStr SecCmsKeyTransRecipientInfoEx;
	272
	273	#define SEC_CMS_KEYTRANS_RECIPIENT_INFO_VERSION_ISSUERSN 0 /* what we create */
	274	#define SEC_CMS_KEYTRANS_RECIPIENT_INFO_VERSION_SUBJKEY 2 /* what we create */
	275
	276	/* -----------------------------------------------------------------------------
	277	* key agreement recipient info
	278	*/
	279	struct SecCmsOriginatorPublicKeyStr {
	280	SECAlgorithmID algorithmIdentifier;
d8f41ccd	281	SecAsn1Item publicKey; /* bit string! */
b1ab9ed8 A	282	};
	283	typedef struct SecCmsOriginatorPublicKeyStr SecCmsOriginatorPublicKey;
	284
	285	typedef enum {
	286	SecCmsOriginatorIDOrKeyIssuerSN = 0,
	287	SecCmsOriginatorIDOrKeySubjectKeyID = 1,
	288	SecCmsOriginatorIDOrKeyOriginatorPublicKey = 2
	289	} SecCmsOriginatorIDOrKeySelector;
	290
	291	struct SecCmsOriginatorIdentifierOrKeyStr {
	292	SecCmsOriginatorIDOrKeySelector identifierType;
	293	union {
d8f41ccd A	294	SecCmsIssuerAndSN issuerAndSN; / static-static */
d8f41ccd A	295	SecAsn1Item * subjectKeyID; /* static-static */
b1ab9ed8 A	296	SecCmsOriginatorPublicKey originatorPublicKey; /* ephemeral-static */
	297	} id;
	298	};
	299	typedef struct SecCmsOriginatorIdentifierOrKeyStr SecCmsOriginatorIdentifierOrKey;
	300
	301	struct SecCmsRecipientKeyIdentifierStr {
d8f41ccd A	302	SecAsn1Item * subjectKeyIdentifier;
	303	SecAsn1Item * date; /* optional */
	304	SecAsn1Item * other; /* optional */
b1ab9ed8 A	305	};
	306	typedef struct SecCmsRecipientKeyIdentifierStr SecCmsRecipientKeyIdentifier;
	307
	308	typedef enum {
	309	SecCmsKeyAgreeRecipientIDIssuerSN = 0,
	310	SecCmsKeyAgreeRecipientIDRKeyID = 1
	311	} SecCmsKeyAgreeRecipientIDSelector;
	312
	313	struct SecCmsKeyAgreeRecipientIdentifierStr {
	314	SecCmsKeyAgreeRecipientIDSelector identifierType;
	315	union {
	316	SecCmsIssuerAndSN *issuerAndSN;
	317	SecCmsRecipientKeyIdentifier recipientKeyIdentifier;
	318	} id;
	319	};
	320	typedef struct SecCmsKeyAgreeRecipientIdentifierStr SecCmsKeyAgreeRecipientIdentifier;
	321
	322	struct SecCmsRecipientEncryptedKeyStr {
	323	SecCmsKeyAgreeRecipientIdentifier recipientIdentifier;
d8f41ccd	324	SecAsn1Item encKey;
b1ab9ed8 A	325	};
	326	typedef struct SecCmsRecipientEncryptedKeyStr SecCmsRecipientEncryptedKey;
	327
	328	struct SecCmsKeyAgreeRecipientInfoStr {
d8f41ccd	329	SecAsn1Item version;
b1ab9ed8	330	SecCmsOriginatorIdentifierOrKey originatorIdentifierOrKey;
d8f41ccd	331	SecAsn1Item * ukm; /* optional */
b1ab9ed8 A	332	SECAlgorithmID keyEncAlg;
	333	SecCmsRecipientEncryptedKey ** recipientEncryptedKeys;
	334	};
	335	typedef struct SecCmsKeyAgreeRecipientInfoStr SecCmsKeyAgreeRecipientInfo;
	336
	337	#define SEC_CMS_KEYAGREE_RECIPIENT_INFO_VERSION 3 /* what we create */
	338
	339	/* -----------------------------------------------------------------------------
	340	* KEK recipient info
	341	*/
	342	struct SecCmsKEKIdentifierStr {
d8f41ccd A	343	SecAsn1Item keyIdentifier;
	344	SecAsn1Item * date; /* optional */
	345	SecAsn1Item * other; /* optional */
b1ab9ed8 A	346	};
	347	typedef struct SecCmsKEKIdentifierStr SecCmsKEKIdentifier;
	348
	349	struct SecCmsKEKRecipientInfoStr {
d8f41ccd	350	SecAsn1Item version;
b1ab9ed8 A	351	SecCmsKEKIdentifier kekIdentifier;
b1ab9ed8 A	352	SECAlgorithmID keyEncAlg;
d8f41ccd	353	SecAsn1Item encKey;
b1ab9ed8 A	354	};
	355	typedef struct SecCmsKEKRecipientInfoStr SecCmsKEKRecipientInfo;
	356
	357	#define SEC_CMS_KEK_RECIPIENT_INFO_VERSION 4 /* what we create */
	358
	359	/* -----------------------------------------------------------------------------
	360	* recipient info
	361	*/
	362
	363	typedef enum {
	364	SecCmsRecipientInfoIDKeyTrans = 0,
	365	SecCmsRecipientInfoIDKeyAgree = 1,
	366	SecCmsRecipientInfoIDKEK = 2
	367	} SecCmsRecipientInfoIDSelector;
	368
	369	/*
	370	* In order to preserve backwards binary compatibility when implementing
	371	* creation of Recipient Info's that uses subjectKeyID in the
	372	* keyTransRecipientInfo we need to stash a public key pointer in this
	373	* structure somewhere. We figured out that SecCmsKeyTransRecipientInfo
	374	* is the smallest member of the ri union. We're in luck since that's
	375	* the very structure that would need to use the public key. So we created
	376	* a new structure SecCmsKeyTransRecipientInfoEx which has a member
	377	* SecCmsKeyTransRecipientInfo as the first member followed by a version
	378	* and a public key pointer. This way we can keep backwards compatibility
	379	* without changing the size of this structure.
	380	*
	381	* BTW, size of structure:
	382	* SecCmsKeyTransRecipientInfo: 9 ints, 4 pointers
	383	* SecCmsKeyAgreeRecipientInfo: 12 ints, 8 pointers
	384	* SecCmsKEKRecipientInfo: 10 ints, 7 pointers
	385	*
	386	* The new structure:
	387	* SecCmsKeyTransRecipientInfoEx: sizeof(SecCmsKeyTransRecipientInfo) +
	388	* 1 int, 1 pointer
	389	*/
	390
	391	struct SecCmsRecipientInfoStr {
	392	SecCmsRecipientInfoIDSelector recipientInfoType;
	393	union {
	394	SecCmsKeyTransRecipientInfo keyTransRecipientInfo;
	395	SecCmsKeyAgreeRecipientInfo keyAgreeRecipientInfo;
	396	SecCmsKEKRecipientInfo kekRecipientInfo;
	397	SecCmsKeyTransRecipientInfoEx keyTransRecipientInfoEx;
	398	} ri;
	399	/* --------- local; not part of encoding --------- */
d8f41ccd A	400	//SecCmsMessageRef cmsg; /* back pointer to message */
d8f41ccd A	401	SecCmsEnvelopedDataRef envelopedData; /* back pointer to envelopedData */
b1ab9ed8 A	402	SecCertificateRef cert; /* recipient's certificate */
	403	};
	404
	405	/* =============================================================================
	406	* DIGESTED DATA
	407	*/
	408	struct SecCmsDigestedDataStr {
b1ab9ed8	409	SecCmsContentInfo contentInfo;
d8f41ccd A	410	SecAsn1Item version;
	411	SECAlgorithmID digestAlg;
	412	SecAsn1Item digest;
b1ab9ed8	413	/* --------- local; not part of encoding --------- */
d8f41ccd A	414	//SecCmsMessageRef cmsg; /* back pointer */
d8f41ccd A	415	SecAsn1Item cdigest; /* calculated digest */
b1ab9ed8 A	416	};
	417	#define SEC_CMS_DIGESTED_DATA_VERSION_DATA 0 /* what we create */
	418	#define SEC_CMS_DIGESTED_DATA_VERSION_ENCAP 2 /* what we create */
	419
	420	/* =============================================================================
	421	* ENCRYPTED DATA
	422	*/
	423	struct SecCmsEncryptedDataStr {
b1ab9ed8	424	SecCmsContentInfo contentInfo;
d8f41ccd	425	SecAsn1Item version;
b1ab9ed8 A	426	SecCmsAttribute ** unprotectedAttr; /* optional */
b1ab9ed8 A	427	/* --------- local; not part of encoding --------- */
d8f41ccd	428	//SecCmsMessageRef cmsg; /* back pointer */
b1ab9ed8 A	429	};
	430	#define SEC_CMS_ENCRYPTED_DATA_VERSION 0 /* what we create */
	431	#define SEC_CMS_ENCRYPTED_DATA_VERSION_UPATTR 2 /* what we create */
	432
	433	/* =============================================================================
	434	* FORTEZZA KEA
	435	*/
	436
	437	/* An enumerated type used to select templates based on the encryption
	438	scenario and data specifics. */
	439	typedef enum {
	440	SecCmsKEAInvalid = -1,
	441	SecCmsKEAUsesSkipjack = 0,
	442	SecCmsKEAUsesNonSkipjack = 1,
	443	SecCmsKEAUsesNonSkipjackWithPaddedEncKey = 2
	444	} SecCmsKEATemplateSelector;
	445
	446	/* ### mwelch - S/MIME KEA parameters. These don't really fit here,
	447	but I cannot think of a more appropriate place at this time. */
	448	struct SecCmsSMIMEKEAParametersStr {
d8f41ccd A	449	SecAsn1Item originatorKEAKey; /* sender KEA key (encrypted?) */
	450	SecAsn1Item originatorRA; /* random number generated by sender */
	451	SecAsn1Item nonSkipjackIV; /* init'n vector for SkipjackCBC64
b1ab9ed8 A	452	decryption of KEA key if Skipjack
	453	is not the bulk algorithm used on
	454	the message */
d8f41ccd	455	SecAsn1Item bulkKeySize; /* if Skipjack is not the bulk
b1ab9ed8 A	456	algorithm used on the message,
	457	and the size of the bulk encryption
	458	key is not the same as that of
	459	originatorKEAKey (due to padding
	460	perhaps), this field will contain
	461	the real size of the bulk encryption
	462	key. */
	463	};
	464
	465	/*
	466	* *****************************************************************************
	467	* *****************************************************************************
	468	* *****************************************************************************
	469	*/
	470
	471	/*
	472	* See comment above about this type not really belonging to CMS.
	473	*/
	474	struct SecCmsAttributeStr {
	475	/* The following fields make up an encoded Attribute: */
d8f41ccd A	476	SecAsn1Item type;
d8f41ccd A	477	SecAsn1Item ** values; /* data may or may not be encoded */
b1ab9ed8 A	478	/* The following fields are not part of an encoded Attribute: */
	479	SECOidData * typeTag;
	480	Boolean encoded; /* when true, values are encoded */
	481	};
	482
	483
	484	#endif /* _CMSTPRIV_H_ */