]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_smime/lib/cmstpriv.h
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-58286.60.28.tar.gz
[apple/security.git] / OSX / libsecurity_smime / lib / cmstpriv.h
1 /*
2 * The contents of this file are subject to the Mozilla Public
3 * License Version 1.1 (the "License"); you may not use this file
4 * except in compliance with the License. You may obtain a copy of
5 * the License at http://www.mozilla.org/MPL/
6 *
7 * Software distributed under the License is distributed on an "AS
8 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
9 * implied. See the License for the specific language governing
10 * rights and limitations under the License.
11 *
12 * The Original Code is the Netscape security libraries.
13 *
14 * The Initial Developer of the Original Code is Netscape
15 * Communications Corporation. Portions created by Netscape are
16 * Copyright (C) 1994-2000 Netscape Communications Corporation. All
17 * Rights Reserved.
18 *
19 * Contributor(s):
20 *
21 * Alternatively, the contents of this file may be used under the
22 * terms of the GNU General Public License Version 2 or later (the
23 * "GPL"), in which case the provisions of the GPL are applicable
24 * instead of those above. If you wish to allow use of your
25 * version of this file only under the terms of the GPL and not to
26 * allow others to use your version of this file under the MPL,
27 * indicate your decision by deleting the provisions above and
28 * replace them with the notice and other provisions required by
29 * the GPL. If you do not delete the provisions above, a recipient
30 * may use your version of this file under either the MPL or the
31 * GPL.
32 */
33
34 /*
35 * Header for CMS types.
36 */
37
38 #ifndef _CMSTPRIV_H_
39 #define _CMSTPRIV_H_
40
41 #include <Security/SecCmsBase.h>
42 #include <security_smime/secoidt.h>
43
44 #include <Security/secasn1t.h>
45 #include <security_asn1/plarenas.h>
46 #include <Security/nameTemplates.h>
47
48 #include <CoreFoundation/CFArray.h>
49 #include <CoreFoundation/CFDate.h>
50 #include <Security/SecCertificate.h>
51 #include <Security/SecKey.h>
52
53 /* rjr: PKCS #11 cert handling (pk11cert.c) does use SecCmsRecipientInfo's.
54 * This is because when we search the recipient list for the cert and key we
55 * want, we need to invert the order of the loops we used to have. The old
56 * loops were:
57 *
58 * For each recipient {
59 * find_cert = PK11_Find_AllCert(recipient->issuerSN);
60 * [which unrolls to... ]
61 * For each slot {
62 * Log into slot;
63 * search slot for cert;
64 * }
65 * }
66 *
67 * the new loop searchs all the recipients at once on a slot. this allows
68 * PKCS #11 to order slots in such a way that logout slots don't get checked
69 * if we can find the cert on a logged in slot. This eliminates lots of
70 * spurious password prompts when smart cards are installed... so why this
71 * comment? If you make SecCmsRecipientInfo completely opaque, you need
72 * to provide a non-opaque list of issuerSN's (the only field PKCS#11 needs
73 * and fix up pk11cert.c first. NOTE: Only S/MIME calls this special PKCS #11
74 * function.
75 */
76
77 typedef struct SecCmsContentInfoStr SecCmsContentInfo;
78 typedef struct SecCmsMessageStr SecCmsMessage;
79 typedef struct SecCmsSignedDataStr SecCmsSignedData;
80 typedef struct SecCmsSignerInfoStr SecCmsSignerInfo;
81 typedef struct SecCmsEnvelopedDataStr SecCmsEnvelopedData;
82 typedef struct SecCmsRecipientInfoStr SecCmsRecipientInfo;
83 typedef struct SecCmsDigestedDataStr SecCmsDigestedData;
84 typedef struct SecCmsEncryptedDataStr SecCmsEncryptedData;
85
86 typedef struct SecCmsIssuerAndSNStr SecCmsIssuerAndSN;
87 typedef struct SecCmsOriginatorInfoStr SecCmsOriginatorInfo;
88 typedef struct SecCmsAttributeStr SecCmsAttribute;
89
90 typedef union SecCmsContentUnion SecCmsContent;
91 typedef struct SecCmsSignerIdentifierStr SecCmsSignerIdentifier;
92
93 typedef struct SecCmsSMIMEKEAParametersStr SecCmsSMIMEKEAParameters;
94
95 typedef struct SecCmsCipherContextStr SecCmsCipherContext;
96 typedef struct SecCmsCipherContextStr *SecCmsCipherContextRef;
97
98 /* =============================================================================
99 * ENCAPSULATED CONTENTINFO & CONTENTINFO
100 */
101
102 union SecCmsContentUnion {
103 /* either unstructured */
104 CSSM_DATA_PTR data;
105 /* or structured data */
106 SecCmsDigestedDataRef digestedData;
107 SecCmsEncryptedDataRef encryptedData;
108 SecCmsEnvelopedDataRef envelopedData;
109 SecCmsSignedDataRef signedData;
110 /* or anonymous pointer to something */
111 void * pointer;
112 };
113
114 struct SecCmsContentInfoStr {
115 CSSM_DATA contentType;
116 SecCmsContent content;
117 /* --------- local; not part of encoding --------- */
118 SECOidData * contentTypeTag;
119
120 /* additional info for encryptedData and envelopedData */
121 /* we waste this space for signedData and digestedData. sue me. */
122
123 SECAlgorithmID contentEncAlg;
124 CSSM_DATA_PTR rawContent; /* encrypted DER, optional */
125 /* XXXX bytes not encrypted, but encoded? */
126 /* --------- local; not part of encoding --------- */
127 SecSymmetricKeyRef bulkkey; /* bulk encryption key */
128 int keysize; /* size of bulk encryption key
129 * (only used by creation code) */
130 SECOidTag contentEncAlgTag; /* oid tag of encryption algorithm
131 * (only used by creation code) */
132 SecCmsCipherContextRef ciphcx; /* context for en/decryption going on */
133 SecCmsDigestContextRef digcx; /* context for digesting going on */
134 SecPrivateKeyRef privkey; /* @@@ private key is only here as a workaround for 3401088 */
135 };
136
137 /* =============================================================================
138 * MESSAGE
139 */
140
141 /*!
142 @typedef
143 @discussion Type of function called inside SecCmsSignedDataEncodeAfterData to
144 fire up XPC service to talk to TimeStamping server, etc.
145 @param context Typically a CFDictionary with URL, etc.
146 @param messageImprint a SecAsn1TSAMessageImprint with the algorithm and hash value
147 @param tstoken The returned TimeStampToken
148 */
149 typedef OSStatus (*SecCmsTSACallback)(const void *context, void *messageImprint, uint64_t nonce, CSSM_DATA *tstoken);
150
151 struct SecCmsMessageStr {
152 SecCmsContentInfo contentInfo; /* "outer" cinfo */
153 /* --------- local; not part of encoding --------- */
154 PLArenaPool * poolp;
155 Boolean poolp_is_ours;
156 int refCount;
157 /* properties of the "inner" data */
158 SECAlgorithmID ** detached_digestalgs;
159 CSSM_DATA_PTR * detached_digests;
160 void * pwfn_arg;
161 SecCmsGetDecryptKeyCallback decrypt_key_cb;
162 void * decrypt_key_cb_arg;
163
164 /* Fields for Time Stamping */
165 SecCmsTSACallback tsaCallback;
166 CFTypeRef tsaContext;
167 };
168
169 /* =============================================================================
170 * SIGNEDDATA
171 */
172
173 struct SecCmsSignedDataStr {
174 CSSM_DATA version;
175 SECAlgorithmID ** digestAlgorithms;
176 SecCmsContentInfo contentInfo;
177 CSSM_DATA_PTR * rawCerts;
178 CSSM_DATA_PTR * rawCrls;
179 SecCmsSignerInfoRef * signerInfos;
180 /* --------- local; not part of encoding --------- */
181 SecCmsMessageRef cmsg; /* back pointer to message */
182 CSSM_DATA_PTR * digests;
183 CFMutableArrayRef certs;
184 };
185 #define SEC_CMS_SIGNED_DATA_VERSION_BASIC 1 /* what we *create* */
186 #define SEC_CMS_SIGNED_DATA_VERSION_EXT 3 /* what we *create* */
187
188 typedef enum {
189 SecCmsSignerIDIssuerSN = 0,
190 SecCmsSignerIDSubjectKeyID = 1
191 } SecCmsSignerIDSelector;
192
193 struct SecCmsSignerIdentifierStr {
194 SecCmsSignerIDSelector identifierType;
195 union {
196 SecCmsIssuerAndSN *issuerAndSN;
197 CSSM_DATA_PTR subjectKeyID;
198 } id;
199 };
200
201 struct SecCmsIssuerAndSNStr {
202 NSS_Name issuer;
203 CSSM_DATA serialNumber;
204 /* --------- local; not part of encoding --------- */
205 CSSM_DATA derIssuer;
206 };
207
208 struct SecCmsSignerInfoStr {
209 CSSM_DATA version;
210 SecCmsSignerIdentifier signerIdentifier;
211 SECAlgorithmID digestAlg;
212 SecCmsAttribute ** authAttr;
213 SECAlgorithmID digestEncAlg;
214 CSSM_DATA encDigest;
215 SecCmsAttribute ** unAuthAttr;
216 /* --------- local; not part of encoding --------- */
217 SecCmsMessageRef cmsg; /* back pointer to message */
218 SecCmsSignedDataRef sigd; /* back pointer to SignedData */
219 SecCertificateRef cert;
220 CFArrayRef certList;
221 CFAbsoluteTime signingTime;
222 SecCmsVerificationStatus verificationStatus;
223 SecPrivateKeyRef signingKey; /* Used if we're using subjKeyID*/
224 SecPublicKeyRef pubKey;
225 CFAbsoluteTime timestampTime;
226 CFAbsoluteTime tsaLeafNotBefore; /* Start date for Timestamp Authority leaf */
227 CFAbsoluteTime tsaLeafNotAfter; /* Expiration date for Timestamp Authority leaf */
228 CFMutableArrayRef timestampCertList;
229 SecCertificateRef timestampCert;
230 CFDataRef hashAgilityAttrValue;
231 CFDictionaryRef hashAgilityV2AttrValues;
232 };
233 #define SEC_CMS_SIGNER_INFO_VERSION_ISSUERSN 1 /* what we *create* */
234 #define SEC_CMS_SIGNER_INFO_VERSION_SUBJKEY 3 /* what we *create* */
235
236 /* =============================================================================
237 * ENVELOPED DATA
238 */
239 struct SecCmsEnvelopedDataStr {
240 CSSM_DATA version;
241 SecCmsOriginatorInfo * originatorInfo; /* optional */
242 SecCmsRecipientInfoRef * recipientInfos;
243 SecCmsContentInfo contentInfo;
244 SecCmsAttribute ** unprotectedAttr;
245 /* --------- local; not part of encoding --------- */
246 SecCmsMessageRef cmsg; /* back pointer to message */
247 };
248 #define SEC_CMS_ENVELOPED_DATA_VERSION_REG 0 /* what we *create* */
249 #define SEC_CMS_ENVELOPED_DATA_VERSION_ADV 2 /* what we *create* */
250
251 struct SecCmsOriginatorInfoStr {
252 CSSM_DATA_PTR * rawCerts;
253 CSSM_DATA_PTR * rawCrls;
254 /* --------- local; not part of encoding --------- */
255 SecCertificateRef * certs;
256 };
257
258 /* -----------------------------------------------------------------------------
259 * key transport recipient info
260 */
261 typedef enum {
262 SecCmsRecipientIDIssuerSN = 0,
263 SecCmsRecipientIDSubjectKeyID = 1
264 } SecCmsRecipientIDSelector;
265
266 struct SecCmsRecipientIdentifierStr {
267 SecCmsRecipientIDSelector identifierType;
268 union {
269 SecCmsIssuerAndSN *issuerAndSN;
270 CSSM_DATA_PTR subjectKeyID;
271 } id;
272 };
273 typedef struct SecCmsRecipientIdentifierStr SecCmsRecipientIdentifier;
274
275 struct SecCmsKeyTransRecipientInfoStr {
276 CSSM_DATA version;
277 SecCmsRecipientIdentifier recipientIdentifier;
278 SECAlgorithmID keyEncAlg;
279 CSSM_DATA encKey;
280 };
281 typedef struct SecCmsKeyTransRecipientInfoStr SecCmsKeyTransRecipientInfo;
282
283 /*
284 * View comments before SecCmsRecipientInfoStr for purpose of this
285 * structure.
286 */
287 struct SecCmsKeyTransRecipientInfoExStr {
288 SecCmsKeyTransRecipientInfo recipientInfo;
289 int version; /* version of this structure (0) */
290 SecPublicKeyRef pubKey;
291 };
292
293 typedef struct SecCmsKeyTransRecipientInfoExStr SecCmsKeyTransRecipientInfoEx;
294
295 #define SEC_CMS_KEYTRANS_RECIPIENT_INFO_VERSION_ISSUERSN 0 /* what we *create* */
296 #define SEC_CMS_KEYTRANS_RECIPIENT_INFO_VERSION_SUBJKEY 2 /* what we *create* */
297
298 /* -----------------------------------------------------------------------------
299 * key agreement recipient info
300 */
301 struct SecCmsOriginatorPublicKeyStr {
302 SECAlgorithmID algorithmIdentifier;
303 CSSM_DATA publicKey; /* bit string! */
304 };
305 typedef struct SecCmsOriginatorPublicKeyStr SecCmsOriginatorPublicKey;
306
307 typedef enum {
308 SecCmsOriginatorIDOrKeyIssuerSN = 0,
309 SecCmsOriginatorIDOrKeySubjectKeyID = 1,
310 SecCmsOriginatorIDOrKeyOriginatorPublicKey = 2
311 } SecCmsOriginatorIDOrKeySelector;
312
313 struct SecCmsOriginatorIdentifierOrKeyStr {
314 SecCmsOriginatorIDOrKeySelector identifierType;
315 union {
316 SecCmsIssuerAndSN *issuerAndSN; /* static-static */
317 CSSM_DATA subjectKeyID; /* static-static */
318 SecCmsOriginatorPublicKey originatorPublicKey; /* ephemeral-static */
319 } id;
320 };
321 typedef struct SecCmsOriginatorIdentifierOrKeyStr SecCmsOriginatorIdentifierOrKey;
322
323 struct SecCmsRecipientKeyIdentifierStr {
324 CSSM_DATA_PTR subjectKeyIdentifier;
325 CSSM_DATA_PTR date; /* optional */
326 CSSM_DATA_PTR other; /* optional */
327 };
328 typedef struct SecCmsRecipientKeyIdentifierStr SecCmsRecipientKeyIdentifier;
329
330 typedef enum {
331 SecCmsKeyAgreeRecipientIDIssuerSN = 0,
332 SecCmsKeyAgreeRecipientIDRKeyID = 1
333 } SecCmsKeyAgreeRecipientIDSelector;
334
335 struct SecCmsKeyAgreeRecipientIdentifierStr {
336 SecCmsKeyAgreeRecipientIDSelector identifierType;
337 union {
338 SecCmsIssuerAndSN *issuerAndSN;
339 SecCmsRecipientKeyIdentifier recipientKeyIdentifier;
340 } id;
341 };
342 typedef struct SecCmsKeyAgreeRecipientIdentifierStr SecCmsKeyAgreeRecipientIdentifier;
343
344 struct SecCmsRecipientEncryptedKeyStr {
345 SecCmsKeyAgreeRecipientIdentifier recipientIdentifier;
346 CSSM_DATA encKey;
347 };
348 typedef struct SecCmsRecipientEncryptedKeyStr SecCmsRecipientEncryptedKey;
349
350 struct SecCmsKeyAgreeRecipientInfoStr {
351 CSSM_DATA version;
352 SecCmsOriginatorIdentifierOrKey originatorIdentifierOrKey;
353 CSSM_DATA ukm; /* optional */
354 SECAlgorithmID keyEncAlg;
355 SecCmsRecipientEncryptedKey ** recipientEncryptedKeys;
356 };
357 typedef struct SecCmsKeyAgreeRecipientInfoStr SecCmsKeyAgreeRecipientInfo;
358
359 #define SEC_CMS_KEYAGREE_RECIPIENT_INFO_VERSION 3 /* what we *create* */
360
361 /* -----------------------------------------------------------------------------
362 * KEK recipient info
363 */
364 struct SecCmsKEKIdentifierStr {
365 CSSM_DATA keyIdentifier;
366 CSSM_DATA_PTR date; /* optional */
367 CSSM_DATA_PTR other; /* optional */
368 };
369 typedef struct SecCmsKEKIdentifierStr SecCmsKEKIdentifier;
370
371 struct SecCmsKEKRecipientInfoStr {
372 CSSM_DATA version;
373 SecCmsKEKIdentifier kekIdentifier;
374 SECAlgorithmID keyEncAlg;
375 CSSM_DATA encKey;
376 };
377 typedef struct SecCmsKEKRecipientInfoStr SecCmsKEKRecipientInfo;
378
379 #define SEC_CMS_KEK_RECIPIENT_INFO_VERSION 4 /* what we *create* */
380
381 /* -----------------------------------------------------------------------------
382 * recipient info
383 */
384
385 typedef enum {
386 SecCmsRecipientInfoIDKeyTrans = 0,
387 SecCmsRecipientInfoIDKeyAgree = 1,
388 SecCmsRecipientInfoIDKEK = 2
389 } SecCmsRecipientInfoIDSelector;
390
391 /*
392 * In order to preserve backwards binary compatibility when implementing
393 * creation of Recipient Info's that uses subjectKeyID in the
394 * keyTransRecipientInfo we need to stash a public key pointer in this
395 * structure somewhere. We figured out that SecCmsKeyTransRecipientInfo
396 * is the smallest member of the ri union. We're in luck since that's
397 * the very structure that would need to use the public key. So we created
398 * a new structure SecCmsKeyTransRecipientInfoEx which has a member
399 * SecCmsKeyTransRecipientInfo as the first member followed by a version
400 * and a public key pointer. This way we can keep backwards compatibility
401 * without changing the size of this structure.
402 *
403 * BTW, size of structure:
404 * SecCmsKeyTransRecipientInfo: 9 ints, 4 pointers
405 * SecCmsKeyAgreeRecipientInfo: 12 ints, 8 pointers
406 * SecCmsKEKRecipientInfo: 10 ints, 7 pointers
407 *
408 * The new structure:
409 * SecCmsKeyTransRecipientInfoEx: sizeof(SecCmsKeyTransRecipientInfo) +
410 * 1 int, 1 pointer
411 */
412
413 struct SecCmsRecipientInfoStr {
414 SecCmsRecipientInfoIDSelector recipientInfoType;
415 union {
416 SecCmsKeyTransRecipientInfo keyTransRecipientInfo;
417 SecCmsKeyAgreeRecipientInfo keyAgreeRecipientInfo;
418 SecCmsKEKRecipientInfo kekRecipientInfo;
419 SecCmsKeyTransRecipientInfoEx keyTransRecipientInfoEx;
420 } ri;
421 /* --------- local; not part of encoding --------- */
422 SecCmsMessageRef cmsg; /* back pointer to message */
423 SecCertificateRef cert; /* recipient's certificate */
424 };
425
426 /* =============================================================================
427 * DIGESTED DATA
428 */
429 struct SecCmsDigestedDataStr {
430 CSSM_DATA version;
431 SECAlgorithmID digestAlg;
432 SecCmsContentInfo contentInfo;
433 CSSM_DATA digest;
434 /* --------- local; not part of encoding --------- */
435 SecCmsMessageRef cmsg; /* back pointer */
436 CSSM_DATA cdigest; /* calculated digest */
437 };
438 #define SEC_CMS_DIGESTED_DATA_VERSION_DATA 0 /* what we *create* */
439 #define SEC_CMS_DIGESTED_DATA_VERSION_ENCAP 2 /* what we *create* */
440
441 /* =============================================================================
442 * ENCRYPTED DATA
443 */
444 struct SecCmsEncryptedDataStr {
445 CSSM_DATA version;
446 SecCmsContentInfo contentInfo;
447 SecCmsAttribute ** unprotectedAttr; /* optional */
448 /* --------- local; not part of encoding --------- */
449 SecCmsMessageRef cmsg; /* back pointer */
450 };
451 #define SEC_CMS_ENCRYPTED_DATA_VERSION 0 /* what we *create* */
452 #define SEC_CMS_ENCRYPTED_DATA_VERSION_UPATTR 2 /* what we *create* */
453
454 /* =============================================================================
455 * FORTEZZA KEA
456 */
457
458 /* An enumerated type used to select templates based on the encryption
459 scenario and data specifics. */
460 typedef enum {
461 SecCmsKEAInvalid = -1,
462 SecCmsKEAUsesSkipjack = 0,
463 SecCmsKEAUsesNonSkipjack = 1,
464 SecCmsKEAUsesNonSkipjackWithPaddedEncKey = 2
465 } SecCmsKEATemplateSelector;
466
467 /* ### mwelch - S/MIME KEA parameters. These don't really fit here,
468 but I cannot think of a more appropriate place at this time. */
469 struct SecCmsSMIMEKEAParametersStr {
470 CSSM_DATA originatorKEAKey; /* sender KEA key (encrypted?) */
471 CSSM_DATA originatorRA; /* random number generated by sender */
472 CSSM_DATA nonSkipjackIV; /* init'n vector for SkipjackCBC64
473 decryption of KEA key if Skipjack
474 is not the bulk algorithm used on
475 the message */
476 CSSM_DATA bulkKeySize; /* if Skipjack is not the bulk
477 algorithm used on the message,
478 and the size of the bulk encryption
479 key is not the same as that of
480 originatorKEAKey (due to padding
481 perhaps), this field will contain
482 the real size of the bulk encryption
483 key. */
484 };
485
486 /*
487 * *****************************************************************************
488 * *****************************************************************************
489 * *****************************************************************************
490 */
491
492 /*
493 * See comment above about this type not really belonging to CMS.
494 */
495 struct SecCmsAttributeStr {
496 /* The following fields make up an encoded Attribute: */
497 CSSM_DATA type;
498 CSSM_DATA_PTR * values; /* data may or may not be encoded */
499 /* The following fields are not part of an encoded Attribute: */
500 SECOidData * typeTag;
501 Boolean encoded; /* when true, values are encoded */
502 };
503
504
505 #endif /* _CMSTPRIV_H_ */
mirror of Security