]> git.saurik.com Git - apple/security.git/blob - libsecurity_smime/lib/cmstpriv.h
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-58286.220.15.tar.gz
[apple/security.git] / libsecurity_smime / lib / cmstpriv.h
1 /*
2 * The contents of this file are subject to the Mozilla Public
3 * License Version 1.1 (the "License"); you may not use this file
4 * except in compliance with the License. You may obtain a copy of
5 * the License at http://www.mozilla.org/MPL/
6 *
7 * Software distributed under the License is distributed on an "AS
8 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
9 * implied. See the License for the specific language governing
10 * rights and limitations under the License.
11 *
12 * The Original Code is the Netscape security libraries.
13 *
14 * The Initial Developer of the Original Code is Netscape
15 * Communications Corporation. Portions created by Netscape are
16 * Copyright (C) 1994-2000 Netscape Communications Corporation. All
17 * Rights Reserved.
18 *
19 * Contributor(s):
20 *
21 * Alternatively, the contents of this file may be used under the
22 * terms of the GNU General Public License Version 2 or later (the
23 * "GPL"), in which case the provisions of the GPL are applicable
24 * instead of those above. If you wish to allow use of your
25 * version of this file only under the terms of the GPL and not to
26 * allow others to use your version of this file under the MPL,
27 * indicate your decision by deleting the provisions above and
28 * replace them with the notice and other provisions required by
29 * the GPL. If you do not delete the provisions above, a recipient
30 * may use your version of this file under either the MPL or the
31 * GPL.
32 */
33
34 /*
35 * Header for CMS types.
36 */
37
38 #ifndef _CMSTPRIV_H_
39 #define _CMSTPRIV_H_
40
41 #include <Security/SecCmsBase.h>
42 #include <security_smime/secoidt.h>
43
44 #include <Security/secasn1t.h>
45 #include <security_asn1/plarenas.h>
46 #include <Security/nameTemplates.h>
47
48 #include <CoreFoundation/CFArray.h>
49 #include <CoreFoundation/CFDate.h>
50 #include <Security/SecCertificate.h>
51 #include <Security/SecKey.h>
52
53 /* rjr: PKCS #11 cert handling (pk11cert.c) does use SecCmsRecipientInfo's.
54 * This is because when we search the recipient list for the cert and key we
55 * want, we need to invert the order of the loops we used to have. The old
56 * loops were:
57 *
58 * For each recipient {
59 * find_cert = PK11_Find_AllCert(recipient->issuerSN);
60 * [which unrolls to... ]
61 * For each slot {
62 * Log into slot;
63 * search slot for cert;
64 * }
65 * }
66 *
67 * the new loop searchs all the recipients at once on a slot. this allows
68 * PKCS #11 to order slots in such a way that logout slots don't get checked
69 * if we can find the cert on a logged in slot. This eliminates lots of
70 * spurious password prompts when smart cards are installed... so why this
71 * comment? If you make SecCmsRecipientInfo completely opaque, you need
72 * to provide a non-opaque list of issuerSN's (the only field PKCS#11 needs
73 * and fix up pk11cert.c first. NOTE: Only S/MIME calls this special PKCS #11
74 * function.
75 */
76
77 typedef struct SecCmsContentInfoStr SecCmsContentInfo;
78 typedef struct SecCmsMessageStr SecCmsMessage;
79 typedef struct SecCmsSignedDataStr SecCmsSignedData;
80 typedef struct SecCmsSignerInfoStr SecCmsSignerInfo;
81 typedef struct SecCmsEnvelopedDataStr SecCmsEnvelopedData;
82 typedef struct SecCmsRecipientInfoStr SecCmsRecipientInfo;
83 typedef struct SecCmsDigestedDataStr SecCmsDigestedData;
84 typedef struct SecCmsEncryptedDataStr SecCmsEncryptedData;
85
86 typedef struct SecCmsIssuerAndSNStr SecCmsIssuerAndSN;
87 typedef struct SecCmsOriginatorInfoStr SecCmsOriginatorInfo;
88 typedef struct SecCmsAttributeStr SecCmsAttribute;
89
90 typedef union SecCmsContentUnion SecCmsContent;
91 typedef struct SecCmsSignerIdentifierStr SecCmsSignerIdentifier;
92
93 typedef struct SecCmsSMIMEKEAParametersStr SecCmsSMIMEKEAParameters;
94
95 typedef struct SecCmsCipherContextStr SecCmsCipherContext;
96 typedef struct SecCmsCipherContextStr *SecCmsCipherContextRef;
97
98 /* =============================================================================
99 * ENCAPSULATED CONTENTINFO & CONTENTINFO
100 */
101
102 union SecCmsContentUnion {
103 /* either unstructured */
104 SecAsn1Item * data;
105 /* or structured data */
106 SecCmsDigestedDataRef digestedData;
107 SecCmsEncryptedDataRef encryptedData;
108 SecCmsEnvelopedDataRef envelopedData;
109 SecCmsSignedDataRef signedData;
110 /* or anonymous pointer to something */
111 void * pointer;
112 };
113
114 struct SecCmsContentInfoStr {
115 SecAsn1Item contentType;
116 SecCmsContent content;
117 /* --------- local; not part of encoding --------- */
118 SecCmsMessageRef cmsg; /* back pointer to message */
119 SECOidData * contentTypeTag;
120
121 /* additional info for encryptedData and envelopedData */
122 /* we waste this space for signedData and digestedData. sue me. */
123
124 SECAlgorithmID contentEncAlg;
125 SecAsn1Item * rawContent; /* encrypted DER, optional */
126 /* XXXX bytes not encrypted, but encoded? */
127 /* --------- local; not part of encoding --------- */
128 SecSymmetricKeyRef bulkkey; /* bulk encryption key */
129 int keysize; /* size of bulk encryption key
130 * (only used by creation code) */
131 SECOidTag contentEncAlgTag; /* oid tag of encryption algorithm
132 * (only used by creation code) */
133 SecCmsCipherContextRef ciphcx; /* context for en/decryption going on */
134 SecCmsDigestContextRef digcx; /* context for digesting going on */
135 SecPrivateKeyRef privkey; /* @@@ private key is only here as a workaround for 3401088 */
136 };
137
138 /* =============================================================================
139 * MESSAGE
140 */
141
142 struct SecCmsMessageStr {
143 SecCmsContentInfo contentInfo; /* "outer" cinfo */
144 /* --------- local; not part of encoding --------- */
145 PLArenaPool * poolp;
146 int refCount;
147 /* properties of the "inner" data */
148 void * pwfn_arg;
149 SecCmsGetDecryptKeyCallback decrypt_key_cb;
150 void * decrypt_key_cb_arg;
151 };
152
153 /* =============================================================================
154 * SIGNEDDATA
155 */
156
157 struct SecCmsSignedDataStr {
158 SecCmsContentInfo contentInfo;
159 SecAsn1Item version;
160 SECAlgorithmID ** digestAlgorithms;
161 SecAsn1Item ** rawCerts;
162 SecAsn1Item ** rawCrls;
163 SecCmsSignerInfoRef * signerInfos;
164 /* --------- local; not part of encoding --------- */
165 //SecCmsMessageRef cmsg; /* back pointer to message */
166 SecAsn1Item ** digests;
167 CFMutableArrayRef certs;
168 };
169 #define SEC_CMS_SIGNED_DATA_VERSION_BASIC 1 /* what we *create* */
170 #define SEC_CMS_SIGNED_DATA_VERSION_EXT 3 /* what we *create* */
171
172 typedef enum {
173 SecCmsSignerIDIssuerSN = 0,
174 SecCmsSignerIDSubjectKeyID = 1
175 } SecCmsSignerIDSelector;
176
177 struct SecCmsSignerIdentifierStr {
178 SecCmsSignerIDSelector identifierType;
179 union {
180 SecCmsIssuerAndSN *issuerAndSN;
181 SecAsn1Item * subjectKeyID;
182 } id;
183 };
184
185 struct SecCmsIssuerAndSNStr {
186 NSS_Name issuer;
187 SecAsn1Item serialNumber;
188 /* --------- local; not part of encoding --------- */
189 SecAsn1Item derIssuer;
190 };
191
192 struct SecCmsSignerInfoStr {
193 SecAsn1Item version;
194 SecCmsSignerIdentifier signerIdentifier;
195 SECAlgorithmID digestAlg;
196 SecCmsAttribute ** authAttr;
197 SECAlgorithmID digestEncAlg;
198 SecAsn1Item encDigest;
199 SecCmsAttribute ** unAuthAttr;
200 /* --------- local; not part of encoding --------- */
201 //SecCmsMessageRef cmsg; /* back pointer to message */
202 SecCmsSignedDataRef signedData; /* back pointer to signedData. */
203 SecCertificateRef cert;
204 CFArrayRef certList;
205 CFAbsoluteTime signingTime;
206 SecCmsVerificationStatus verificationStatus;
207 SecPrivateKeyRef signingKey; /* Used if we're using subjKeyID*/
208 SecPublicKeyRef pubKey;
209 CFDataRef hashAgilityAttrValue;
210 CFDictionaryRef hashAgilityV2AttrValues;
211 CFAbsoluteTime expirationTime;
212 };
213 #define SEC_CMS_SIGNER_INFO_VERSION_ISSUERSN 1 /* what we *create* */
214 #define SEC_CMS_SIGNER_INFO_VERSION_SUBJKEY 3 /* what we *create* */
215
216 /* =============================================================================
217 * ENVELOPED DATA
218 */
219 struct SecCmsEnvelopedDataStr {
220 SecCmsContentInfo contentInfo;
221 SecAsn1Item version;
222 SecCmsOriginatorInfo * originatorInfo; /* optional */
223 SecCmsRecipientInfoRef * recipientInfos;
224 SecCmsAttribute ** unprotectedAttr;
225 /* --------- local; not part of encoding --------- */
226 //SecCmsMessageRef cmsg; /* back pointer to message */
227 };
228 #define SEC_CMS_ENVELOPED_DATA_VERSION_REG 0 /* what we *create* */
229 #define SEC_CMS_ENVELOPED_DATA_VERSION_ADV 2 /* what we *create* */
230
231 struct SecCmsOriginatorInfoStr {
232 SecAsn1Item ** rawCerts;
233 SecAsn1Item ** rawCrls;
234 /* --------- local; not part of encoding --------- */
235 SecCertificateRef * certs;
236 };
237
238 /* -----------------------------------------------------------------------------
239 * key transport recipient info
240 */
241 typedef enum {
242 SecCmsRecipientIDIssuerSN = 0,
243 SecCmsRecipientIDSubjectKeyID = 1
244 } SecCmsRecipientIDSelector;
245
246 struct SecCmsRecipientIdentifierStr {
247 SecCmsRecipientIDSelector identifierType;
248 union {
249 SecCmsIssuerAndSN *issuerAndSN;
250 SecAsn1Item * subjectKeyID;
251 } id;
252 };
253 typedef struct SecCmsRecipientIdentifierStr SecCmsRecipientIdentifier;
254
255 struct SecCmsKeyTransRecipientInfoStr {
256 SecAsn1Item version;
257 SecCmsRecipientIdentifier recipientIdentifier;
258 SECAlgorithmID keyEncAlg;
259 SecAsn1Item encKey;
260 };
261 typedef struct SecCmsKeyTransRecipientInfoStr SecCmsKeyTransRecipientInfo;
262
263 /*
264 * View comments before SecCmsRecipientInfoStr for purpose of this
265 * structure.
266 */
267 struct SecCmsKeyTransRecipientInfoExStr {
268 SecCmsKeyTransRecipientInfo recipientInfo;
269 int version; /* version of this structure (0) */
270 SecPublicKeyRef pubKey;
271 };
272
273 typedef struct SecCmsKeyTransRecipientInfoExStr SecCmsKeyTransRecipientInfoEx;
274
275 #define SEC_CMS_KEYTRANS_RECIPIENT_INFO_VERSION_ISSUERSN 0 /* what we *create* */
276 #define SEC_CMS_KEYTRANS_RECIPIENT_INFO_VERSION_SUBJKEY 2 /* what we *create* */
277
278 /* -----------------------------------------------------------------------------
279 * key agreement recipient info
280 */
281 struct SecCmsOriginatorPublicKeyStr {
282 SECAlgorithmID algorithmIdentifier;
283 SecAsn1Item publicKey; /* bit string! */
284 };
285 typedef struct SecCmsOriginatorPublicKeyStr SecCmsOriginatorPublicKey;
286
287 typedef enum {
288 SecCmsOriginatorIDOrKeyIssuerSN = 0,
289 SecCmsOriginatorIDOrKeySubjectKeyID = 1,
290 SecCmsOriginatorIDOrKeyOriginatorPublicKey = 2
291 } SecCmsOriginatorIDOrKeySelector;
292
293 struct SecCmsOriginatorIdentifierOrKeyStr {
294 SecCmsOriginatorIDOrKeySelector identifierType;
295 union {
296 SecCmsIssuerAndSN *issuerAndSN; /* static-static */
297 SecAsn1Item * subjectKeyID; /* static-static */
298 SecCmsOriginatorPublicKey originatorPublicKey; /* ephemeral-static */
299 } id;
300 };
301 typedef struct SecCmsOriginatorIdentifierOrKeyStr SecCmsOriginatorIdentifierOrKey;
302
303 struct SecCmsRecipientKeyIdentifierStr {
304 SecAsn1Item subjectKeyIdentifier;
305 SecAsn1Item date; /* optional */
306 SecAsn1Item other; /* optional */
307 };
308 typedef struct SecCmsRecipientKeyIdentifierStr SecCmsRecipientKeyIdentifier;
309
310 typedef enum {
311 SecCmsKeyAgreeRecipientIDIssuerSN = 0,
312 SecCmsKeyAgreeRecipientIDRKeyID = 1
313 } SecCmsKeyAgreeRecipientIDSelector;
314
315 struct SecCmsKeyAgreeRecipientIdentifierStr {
316 SecCmsKeyAgreeRecipientIDSelector identifierType;
317 union {
318 SecCmsIssuerAndSN *issuerAndSN;
319 SecCmsRecipientKeyIdentifier recipientKeyIdentifier;
320 } id;
321 };
322 typedef struct SecCmsKeyAgreeRecipientIdentifierStr SecCmsKeyAgreeRecipientIdentifier;
323
324 struct SecCmsRecipientEncryptedKeyStr {
325 SecCmsKeyAgreeRecipientIdentifier recipientIdentifier;
326 SecAsn1Item encKey;
327 };
328 typedef struct SecCmsRecipientEncryptedKeyStr SecCmsRecipientEncryptedKey;
329
330 struct SecCmsKeyAgreeRecipientInfoStr {
331 SecAsn1Item version;
332 SecCmsOriginatorIdentifierOrKey originatorIdentifierOrKey;
333 SecAsn1Item ukm; /* optional */
334 SECAlgorithmID keyEncAlg;
335 SecCmsRecipientEncryptedKey ** recipientEncryptedKeys;
336 };
337 typedef struct SecCmsKeyAgreeRecipientInfoStr SecCmsKeyAgreeRecipientInfo;
338
339 #define SEC_CMS_KEYAGREE_RECIPIENT_INFO_VERSION 3 /* what we *create* */
340
341 /* -----------------------------------------------------------------------------
342 * KEK recipient info
343 */
344 struct SecCmsKEKIdentifierStr {
345 SecAsn1Item keyIdentifier;
346 SecAsn1Item * date; /* optional */
347 SecAsn1Item * other; /* optional */
348 };
349 typedef struct SecCmsKEKIdentifierStr SecCmsKEKIdentifier;
350
351 struct SecCmsKEKRecipientInfoStr {
352 SecAsn1Item version;
353 SecCmsKEKIdentifier kekIdentifier;
354 SECAlgorithmID keyEncAlg;
355 SecAsn1Item encKey;
356 };
357 typedef struct SecCmsKEKRecipientInfoStr SecCmsKEKRecipientInfo;
358
359 #define SEC_CMS_KEK_RECIPIENT_INFO_VERSION 4 /* what we *create* */
360
361 /* -----------------------------------------------------------------------------
362 * recipient info
363 */
364
365 typedef enum {
366 SecCmsRecipientInfoIDKeyTrans = 0,
367 SecCmsRecipientInfoIDKeyAgree = 1,
368 SecCmsRecipientInfoIDKEK = 2
369 } SecCmsRecipientInfoIDSelector;
370
371 /*
372 * In order to preserve backwards binary compatibility when implementing
373 * creation of Recipient Info's that uses subjectKeyID in the
374 * keyTransRecipientInfo we need to stash a public key pointer in this
375 * structure somewhere. We figured out that SecCmsKeyTransRecipientInfo
376 * is the smallest member of the ri union. We're in luck since that's
377 * the very structure that would need to use the public key. So we created
378 * a new structure SecCmsKeyTransRecipientInfoEx which has a member
379 * SecCmsKeyTransRecipientInfo as the first member followed by a version
380 * and a public key pointer. This way we can keep backwards compatibility
381 * without changing the size of this structure.
382 *
383 * BTW, size of structure:
384 * SecCmsKeyTransRecipientInfo: 9 ints, 4 pointers
385 * SecCmsKeyAgreeRecipientInfo: 12 ints, 8 pointers
386 * SecCmsKEKRecipientInfo: 10 ints, 7 pointers
387 *
388 * The new structure:
389 * SecCmsKeyTransRecipientInfoEx: sizeof(SecCmsKeyTransRecipientInfo) +
390 * 1 int, 1 pointer
391 */
392
393 struct SecCmsRecipientInfoStr {
394 SecCmsRecipientInfoIDSelector recipientInfoType;
395 union {
396 SecCmsKeyTransRecipientInfo keyTransRecipientInfo;
397 SecCmsKeyAgreeRecipientInfo keyAgreeRecipientInfo;
398 SecCmsKEKRecipientInfo kekRecipientInfo;
399 SecCmsKeyTransRecipientInfoEx keyTransRecipientInfoEx;
400 } ri;
401 /* --------- local; not part of encoding --------- */
402 //SecCmsMessageRef cmsg; /* back pointer to message */
403 SecCmsEnvelopedDataRef envelopedData; /* back pointer to envelopedData */
404 SecCertificateRef cert; /* recipient's certificate */
405 };
406
407 /* =============================================================================
408 * DIGESTED DATA
409 */
410 struct SecCmsDigestedDataStr {
411 SecCmsContentInfo contentInfo;
412 SecAsn1Item version;
413 SECAlgorithmID digestAlg;
414 SecAsn1Item digest;
415 /* --------- local; not part of encoding --------- */
416 //SecCmsMessageRef cmsg; /* back pointer */
417 SecAsn1Item cdigest; /* calculated digest */
418 };
419 #define SEC_CMS_DIGESTED_DATA_VERSION_DATA 0 /* what we *create* */
420 #define SEC_CMS_DIGESTED_DATA_VERSION_ENCAP 2 /* what we *create* */
421
422 /* =============================================================================
423 * ENCRYPTED DATA
424 */
425 struct SecCmsEncryptedDataStr {
426 SecCmsContentInfo contentInfo;
427 SecAsn1Item version;
428 SecCmsAttribute ** unprotectedAttr; /* optional */
429 /* --------- local; not part of encoding --------- */
430 //SecCmsMessageRef cmsg; /* back pointer */
431 };
432 #define SEC_CMS_ENCRYPTED_DATA_VERSION 0 /* what we *create* */
433 #define SEC_CMS_ENCRYPTED_DATA_VERSION_UPATTR 2 /* what we *create* */
434
435 /* =============================================================================
436 * FORTEZZA KEA
437 */
438
439 /* An enumerated type used to select templates based on the encryption
440 scenario and data specifics. */
441 typedef enum {
442 SecCmsKEAInvalid = -1,
443 SecCmsKEAUsesSkipjack = 0,
444 SecCmsKEAUsesNonSkipjack = 1,
445 SecCmsKEAUsesNonSkipjackWithPaddedEncKey = 2
446 } SecCmsKEATemplateSelector;
447
448 /* ### mwelch - S/MIME KEA parameters. These don't really fit here,
449 but I cannot think of a more appropriate place at this time. */
450 struct SecCmsSMIMEKEAParametersStr {
451 SecAsn1Item originatorKEAKey; /* sender KEA key (encrypted?) */
452 SecAsn1Item originatorRA; /* random number generated by sender */
453 SecAsn1Item nonSkipjackIV; /* init'n vector for SkipjackCBC64
454 decryption of KEA key if Skipjack
455 is not the bulk algorithm used on
456 the message */
457 SecAsn1Item bulkKeySize; /* if Skipjack is not the bulk
458 algorithm used on the message,
459 and the size of the bulk encryption
460 key is not the same as that of
461 originatorKEAKey (due to padding
462 perhaps), this field will contain
463 the real size of the bulk encryption
464 key. */
465 };
466
467 /*
468 * *****************************************************************************
469 * *****************************************************************************
470 * *****************************************************************************
471 */
472
473 /*
474 * See comment above about this type not really belonging to CMS.
475 */
476 struct SecCmsAttributeStr {
477 /* The following fields make up an encoded Attribute: */
478 SecAsn1Item type;
479 SecAsn1Item ** values; /* data may or may not be encoded */
480 /* The following fields are not part of an encoded Attribute: */
481 SECOidData * typeTag;
482 Boolean encoded; /* when true, values are encoded */
483 };
484
485
486 #endif /* _CMSTPRIV_H_ */
mirror of Security