]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_smime/lib/cmstpriv.h
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-59754.80.3.tar.gz
[apple/security.git] / OSX / libsecurity_smime / lib / cmstpriv.h
1 /*
2 * The contents of this file are subject to the Mozilla Public
3 * License Version 1.1 (the "License"); you may not use this file
4 * except in compliance with the License. You may obtain a copy of
5 * the License at http://www.mozilla.org/MPL/
6 *
7 * Software distributed under the License is distributed on an "AS
8 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
9 * implied. See the License for the specific language governing
10 * rights and limitations under the License.
11 *
12 * The Original Code is the Netscape security libraries.
13 *
14 * The Initial Developer of the Original Code is Netscape
15 * Communications Corporation. Portions created by Netscape are
16 * Copyright (C) 1994-2000 Netscape Communications Corporation. All
17 * Rights Reserved.
18 *
19 * Contributor(s):
20 *
21 * Alternatively, the contents of this file may be used under the
22 * terms of the GNU General Public License Version 2 or later (the
23 * "GPL"), in which case the provisions of the GPL are applicable
24 * instead of those above. If you wish to allow use of your
25 * version of this file only under the terms of the GPL and not to
26 * allow others to use your version of this file under the MPL,
27 * indicate your decision by deleting the provisions above and
28 * replace them with the notice and other provisions required by
29 * the GPL. If you do not delete the provisions above, a recipient
30 * may use your version of this file under either the MPL or the
31 * GPL.
32 */
33
34 /*
35 * Header for CMS types.
36 */
37
38 #ifndef _CMSTPRIV_H_
39 #define _CMSTPRIV_H_
40
41 #include <Security/SecCmsBase.h>
42 #include <security_smime/secoidt.h>
43
44 #include <Security/secasn1t.h>
45 #include <security_asn1/plarenas.h>
46 #include <Security/nameTemplates.h>
47
48 #include <CoreFoundation/CFArray.h>
49 #include <CoreFoundation/CFDate.h>
50 #include <Security/SecCertificate.h>
51 #include <Security/SecKey.h>
52
53 /* rjr: PKCS #11 cert handling (pk11cert.c) does use SecCmsRecipientInfo's.
54 * This is because when we search the recipient list for the cert and key we
55 * want, we need to invert the order of the loops we used to have. The old
56 * loops were:
57 *
58 * For each recipient {
59 * find_cert = PK11_Find_AllCert(recipient->issuerSN);
60 * [which unrolls to... ]
61 * For each slot {
62 * Log into slot;
63 * search slot for cert;
64 * }
65 * }
66 *
67 * the new loop searchs all the recipients at once on a slot. this allows
68 * PKCS #11 to order slots in such a way that logout slots don't get checked
69 * if we can find the cert on a logged in slot. This eliminates lots of
70 * spurious password prompts when smart cards are installed... so why this
71 * comment? If you make SecCmsRecipientInfo completely opaque, you need
72 * to provide a non-opaque list of issuerSN's (the only field PKCS#11 needs
73 * and fix up pk11cert.c first. NOTE: Only S/MIME calls this special PKCS #11
74 * function.
75 */
76
77 typedef struct SecCmsContentInfoStr SecCmsContentInfo;
78 typedef struct SecCmsMessageStr SecCmsMessage;
79 typedef struct SecCmsSignedDataStr SecCmsSignedData;
80 typedef struct SecCmsSignerInfoStr SecCmsSignerInfo;
81 typedef struct SecCmsEnvelopedDataStr SecCmsEnvelopedData;
82 typedef struct SecCmsRecipientInfoStr SecCmsRecipientInfo;
83 typedef struct SecCmsDigestedDataStr SecCmsDigestedData;
84 typedef struct SecCmsEncryptedDataStr SecCmsEncryptedData;
85
86 typedef struct SecCmsIssuerAndSNStr SecCmsIssuerAndSN;
87 typedef struct SecCmsOriginatorInfoStr SecCmsOriginatorInfo;
88 typedef struct SecCmsAttributeStr SecCmsAttribute;
89
90 typedef union SecCmsContentUnion SecCmsContent;
91 typedef struct SecCmsSignerIdentifierStr SecCmsSignerIdentifier;
92
93 typedef struct SecCmsSMIMEKEAParametersStr SecCmsSMIMEKEAParameters;
94
95 typedef struct SecCmsCipherContextStr SecCmsCipherContext;
96 typedef struct SecCmsCipherContextStr *SecCmsCipherContextRef;
97
98 /* =============================================================================
99 * ENCAPSULATED CONTENTINFO & CONTENTINFO
100 */
101
102 union SecCmsContentUnion {
103 /* either unstructured */
104 CSSM_DATA_PTR data;
105 /* or structured data */
106 SecCmsDigestedDataRef digestedData;
107 SecCmsEncryptedDataRef encryptedData;
108 SecCmsEnvelopedDataRef envelopedData;
109 SecCmsSignedDataRef signedData;
110 /* or anonymous pointer to something */
111 void * pointer;
112 };
113
114 struct SecCmsContentInfoStr {
115 CSSM_DATA contentType;
116 SecCmsContent content;
117 /* --------- local; not part of encoding --------- */
118 SECOidData * contentTypeTag;
119
120 /* additional info for encryptedData and envelopedData */
121 /* we waste this space for signedData and digestedData. sue me. */
122
123 SECAlgorithmID contentEncAlg;
124 CSSM_DATA_PTR rawContent; /* encrypted DER, optional */
125 /* XXXX bytes not encrypted, but encoded? */
126 /* --------- local; not part of encoding --------- */
127 SecSymmetricKeyRef bulkkey; /* bulk encryption key */
128 int keysize; /* size of bulk encryption key
129 * (only used by creation code) */
130 SECOidTag contentEncAlgTag; /* oid tag of encryption algorithm
131 * (only used by creation code) */
132 SecCmsCipherContextRef ciphcx; /* context for en/decryption going on */
133 SecCmsDigestContextRef digcx; /* context for digesting going on */
134 SecPrivateKeyRef privkey; /* @@@ private key is only here as a workaround for 3401088 */
135 };
136
137 /* =============================================================================
138 * MESSAGE
139 */
140
141 /*!
142 @typedef
143 @discussion Type of function called inside SecCmsSignedDataEncodeAfterData to
144 fire up XPC service to talk to TimeStamping server, etc.
145 @param context Typically a CFDictionary with URL, etc.
146 @param messageImprint a SecAsn1TSAMessageImprint with the algorithm and hash value
147 @param tstoken The returned TimeStampToken
148 */
149 typedef OSStatus (*SecCmsTSACallback)(const void *context, void *messageImprint, uint64_t nonce, CSSM_DATA *tstoken);
150
151 struct SecCmsMessageStr {
152 SecCmsContentInfo contentInfo; /* "outer" cinfo */
153 /* --------- local; not part of encoding --------- */
154 PLArenaPool * poolp;
155 Boolean poolp_is_ours;
156 int refCount;
157 /* properties of the "inner" data */
158 SECAlgorithmID ** detached_digestalgs;
159 CSSM_DATA_PTR * detached_digests;
160 void * pwfn_arg;
161 SecCmsGetDecryptKeyCallback decrypt_key_cb;
162 void * decrypt_key_cb_arg;
163
164 /* Fields for Time Stamping */
165 SecCmsTSACallback tsaCallback;
166 CFTypeRef tsaContext;
167 };
168
169 /* =============================================================================
170 * SIGNEDDATA
171 */
172
173 struct SecCmsSignedDataStr {
174 CSSM_DATA version;
175 SECAlgorithmID ** digestAlgorithms;
176 SecCmsContentInfo contentInfo;
177 CSSM_DATA_PTR * rawCerts;
178 CSSM_DATA_PTR * rawCrls;
179 SecCmsSignerInfoRef * signerInfos;
180 /* --------- local; not part of encoding --------- */
181 SecCmsMessageRef cmsg; /* back pointer to message */
182 CSSM_DATA_PTR * digests;
183 CFMutableArrayRef certs;
184 };
185 #define SEC_CMS_SIGNED_DATA_VERSION_BASIC 1 /* what we *create* */
186 #define SEC_CMS_SIGNED_DATA_VERSION_EXT 3 /* what we *create* */
187
188 typedef enum {
189 SecCmsSignerIDIssuerSN = 0,
190 SecCmsSignerIDSubjectKeyID = 1
191 } SecCmsSignerIDSelector;
192
193 struct SecCmsSignerIdentifierStr {
194 SecCmsSignerIDSelector identifierType;
195 union {
196 SecCmsIssuerAndSN *issuerAndSN;
197 CSSM_DATA_PTR subjectKeyID;
198 } id;
199 };
200
201 struct SecCmsIssuerAndSNStr {
202 NSS_Name issuer;
203 CSSM_DATA serialNumber;
204 /* --------- local; not part of encoding --------- */
205 CSSM_DATA derIssuer;
206 };
207
208 struct SecCmsSignerInfoStr {
209 CSSM_DATA version;
210 SecCmsSignerIdentifier signerIdentifier;
211 SECAlgorithmID digestAlg;
212 SecCmsAttribute ** authAttr;
213 SECAlgorithmID digestEncAlg;
214 CSSM_DATA encDigest;
215 SecCmsAttribute ** unAuthAttr;
216 /* --------- local; not part of encoding --------- */
217 SecCmsMessageRef cmsg; /* back pointer to message */
218 SecCmsSignedDataRef sigd; /* back pointer to SignedData */
219 SecCertificateRef cert;
220 CFArrayRef certList;
221 CFAbsoluteTime signingTime;
222 SecCmsVerificationStatus verificationStatus;
223 SecPrivateKeyRef signingKey; /* Used if we're using subjKeyID*/
224 SecPublicKeyRef pubKey;
225 CFAbsoluteTime timestampTime;
226 CFAbsoluteTime tsaLeafNotBefore; /* Start date for Timestamp Authority leaf */
227 CFAbsoluteTime tsaLeafNotAfter; /* Expiration date for Timestamp Authority leaf */
228 CFMutableArrayRef timestampCertList;
229 SecCertificateRef timestampCert;
230 CFDataRef hashAgilityAttrValue;
231 CFDictionaryRef hashAgilityV2AttrValues;
232 CFAbsoluteTime expirationTime;
233 };
234 #define SEC_CMS_SIGNER_INFO_VERSION_ISSUERSN 1 /* what we *create* */
235 #define SEC_CMS_SIGNER_INFO_VERSION_SUBJKEY 3 /* what we *create* */
236
237 /* =============================================================================
238 * ENVELOPED DATA
239 */
240 struct SecCmsEnvelopedDataStr {
241 CSSM_DATA version;
242 SecCmsOriginatorInfo * originatorInfo; /* optional */
243 SecCmsRecipientInfoRef * recipientInfos;
244 SecCmsContentInfo contentInfo;
245 SecCmsAttribute ** unprotectedAttr;
246 /* --------- local; not part of encoding --------- */
247 SecCmsMessageRef cmsg; /* back pointer to message */
248 };
249 #define SEC_CMS_ENVELOPED_DATA_VERSION_REG 0 /* what we *create* */
250 #define SEC_CMS_ENVELOPED_DATA_VERSION_ADV 2 /* what we *create* */
251
252 struct SecCmsOriginatorInfoStr {
253 CSSM_DATA_PTR * rawCerts;
254 CSSM_DATA_PTR * rawCrls;
255 /* --------- local; not part of encoding --------- */
256 SecCertificateRef * certs;
257 };
258
259 /* -----------------------------------------------------------------------------
260 * key transport recipient info
261 */
262 typedef enum {
263 SecCmsRecipientIDIssuerSN = 0,
264 SecCmsRecipientIDSubjectKeyID = 1
265 } SecCmsRecipientIDSelector;
266
267 struct SecCmsRecipientIdentifierStr {
268 SecCmsRecipientIDSelector identifierType;
269 union {
270 SecCmsIssuerAndSN *issuerAndSN;
271 CSSM_DATA_PTR subjectKeyID;
272 } id;
273 };
274 typedef struct SecCmsRecipientIdentifierStr SecCmsRecipientIdentifier;
275
276 struct SecCmsKeyTransRecipientInfoStr {
277 CSSM_DATA version;
278 SecCmsRecipientIdentifier recipientIdentifier;
279 SECAlgorithmID keyEncAlg;
280 CSSM_DATA encKey;
281 };
282 typedef struct SecCmsKeyTransRecipientInfoStr SecCmsKeyTransRecipientInfo;
283
284 /*
285 * View comments before SecCmsRecipientInfoStr for purpose of this
286 * structure.
287 */
288 struct SecCmsKeyTransRecipientInfoExStr {
289 SecCmsKeyTransRecipientInfo recipientInfo;
290 int version; /* version of this structure (0) */
291 SecPublicKeyRef pubKey;
292 };
293
294 typedef struct SecCmsKeyTransRecipientInfoExStr SecCmsKeyTransRecipientInfoEx;
295
296 #define SEC_CMS_KEYTRANS_RECIPIENT_INFO_VERSION_ISSUERSN 0 /* what we *create* */
297 #define SEC_CMS_KEYTRANS_RECIPIENT_INFO_VERSION_SUBJKEY 2 /* what we *create* */
298
299 /* -----------------------------------------------------------------------------
300 * key agreement recipient info
301 */
302 struct SecCmsOriginatorPublicKeyStr {
303 SECAlgorithmID algorithmIdentifier;
304 CSSM_DATA publicKey; /* bit string! */
305 };
306 typedef struct SecCmsOriginatorPublicKeyStr SecCmsOriginatorPublicKey;
307
308 typedef enum {
309 SecCmsOriginatorIDOrKeyIssuerSN = 0,
310 SecCmsOriginatorIDOrKeySubjectKeyID = 1,
311 SecCmsOriginatorIDOrKeyOriginatorPublicKey = 2
312 } SecCmsOriginatorIDOrKeySelector;
313
314 struct SecCmsOriginatorIdentifierOrKeyStr {
315 SecCmsOriginatorIDOrKeySelector identifierType;
316 union {
317 SecCmsIssuerAndSN *issuerAndSN; /* static-static */
318 CSSM_DATA subjectKeyID; /* static-static */
319 SecCmsOriginatorPublicKey originatorPublicKey; /* ephemeral-static */
320 } id;
321 };
322 typedef struct SecCmsOriginatorIdentifierOrKeyStr SecCmsOriginatorIdentifierOrKey;
323
324 struct SecCmsRecipientKeyIdentifierStr {
325 CSSM_DATA subjectKeyIdentifier;
326 CSSM_DATA date; /* optional */
327 CSSM_DATA other; /* optional */
328 };
329 typedef struct SecCmsRecipientKeyIdentifierStr SecCmsRecipientKeyIdentifier;
330
331 typedef enum {
332 SecCmsKeyAgreeRecipientIDIssuerSN = 0,
333 SecCmsKeyAgreeRecipientIDRKeyID = 1
334 } SecCmsKeyAgreeRecipientIDSelector;
335
336 struct SecCmsKeyAgreeRecipientIdentifierStr {
337 SecCmsKeyAgreeRecipientIDSelector identifierType;
338 union {
339 SecCmsIssuerAndSN *issuerAndSN;
340 SecCmsRecipientKeyIdentifier recipientKeyIdentifier;
341 } id;
342 };
343 typedef struct SecCmsKeyAgreeRecipientIdentifierStr SecCmsKeyAgreeRecipientIdentifier;
344
345 struct SecCmsRecipientEncryptedKeyStr {
346 SecCmsKeyAgreeRecipientIdentifier recipientIdentifier;
347 CSSM_DATA encKey;
348 };
349 typedef struct SecCmsRecipientEncryptedKeyStr SecCmsRecipientEncryptedKey;
350
351 struct SecCmsKeyAgreeRecipientInfoStr {
352 CSSM_DATA version;
353 SecCmsOriginatorIdentifierOrKey originatorIdentifierOrKey;
354 CSSM_DATA ukm; /* optional */
355 SECAlgorithmID keyEncAlg;
356 SecCmsRecipientEncryptedKey ** recipientEncryptedKeys;
357 };
358 typedef struct SecCmsKeyAgreeRecipientInfoStr SecCmsKeyAgreeRecipientInfo;
359
360 #define SEC_CMS_KEYAGREE_RECIPIENT_INFO_VERSION 3 /* what we *create* */
361
362 /* -----------------------------------------------------------------------------
363 * KEK recipient info
364 */
365 struct SecCmsKEKIdentifierStr {
366 CSSM_DATA keyIdentifier;
367 CSSM_DATA_PTR date; /* optional */
368 CSSM_DATA_PTR other; /* optional */
369 };
370 typedef struct SecCmsKEKIdentifierStr SecCmsKEKIdentifier;
371
372 struct SecCmsKEKRecipientInfoStr {
373 CSSM_DATA version;
374 SecCmsKEKIdentifier kekIdentifier;
375 SECAlgorithmID keyEncAlg;
376 CSSM_DATA encKey;
377 };
378 typedef struct SecCmsKEKRecipientInfoStr SecCmsKEKRecipientInfo;
379
380 #define SEC_CMS_KEK_RECIPIENT_INFO_VERSION 4 /* what we *create* */
381
382 /* -----------------------------------------------------------------------------
383 * recipient info
384 */
385
386 typedef enum {
387 SecCmsRecipientInfoIDKeyTrans = 0,
388 SecCmsRecipientInfoIDKeyAgree = 1,
389 SecCmsRecipientInfoIDKEK = 2
390 } SecCmsRecipientInfoIDSelector;
391
392 /*
393 * In order to preserve backwards binary compatibility when implementing
394 * creation of Recipient Info's that uses subjectKeyID in the
395 * keyTransRecipientInfo we need to stash a public key pointer in this
396 * structure somewhere. We figured out that SecCmsKeyTransRecipientInfo
397 * is the smallest member of the ri union. We're in luck since that's
398 * the very structure that would need to use the public key. So we created
399 * a new structure SecCmsKeyTransRecipientInfoEx which has a member
400 * SecCmsKeyTransRecipientInfo as the first member followed by a version
401 * and a public key pointer. This way we can keep backwards compatibility
402 * without changing the size of this structure.
403 *
404 * BTW, size of structure:
405 * SecCmsKeyTransRecipientInfo: 9 ints, 4 pointers
406 * SecCmsKeyAgreeRecipientInfo: 12 ints, 8 pointers
407 * SecCmsKEKRecipientInfo: 10 ints, 7 pointers
408 *
409 * The new structure:
410 * SecCmsKeyTransRecipientInfoEx: sizeof(SecCmsKeyTransRecipientInfo) +
411 * 1 int, 1 pointer
412 */
413
414 struct SecCmsRecipientInfoStr {
415 SecCmsRecipientInfoIDSelector recipientInfoType;
416 union {
417 SecCmsKeyTransRecipientInfo keyTransRecipientInfo;
418 SecCmsKeyAgreeRecipientInfo keyAgreeRecipientInfo;
419 SecCmsKEKRecipientInfo kekRecipientInfo;
420 SecCmsKeyTransRecipientInfoEx keyTransRecipientInfoEx;
421 } ri;
422 /* --------- local; not part of encoding --------- */
423 SecCmsMessageRef cmsg; /* back pointer to message */
424 SecCertificateRef cert; /* recipient's certificate */
425 };
426
427 /* =============================================================================
428 * DIGESTED DATA
429 */
430 struct SecCmsDigestedDataStr {
431 CSSM_DATA version;
432 SECAlgorithmID digestAlg;
433 SecCmsContentInfo contentInfo;
434 CSSM_DATA digest;
435 /* --------- local; not part of encoding --------- */
436 SecCmsMessageRef cmsg; /* back pointer */
437 CSSM_DATA cdigest; /* calculated digest */
438 };
439 #define SEC_CMS_DIGESTED_DATA_VERSION_DATA 0 /* what we *create* */
440 #define SEC_CMS_DIGESTED_DATA_VERSION_ENCAP 2 /* what we *create* */
441
442 /* =============================================================================
443 * ENCRYPTED DATA
444 */
445 struct SecCmsEncryptedDataStr {
446 CSSM_DATA version;
447 SecCmsContentInfo contentInfo;
448 SecCmsAttribute ** unprotectedAttr; /* optional */
449 /* --------- local; not part of encoding --------- */
450 SecCmsMessageRef cmsg; /* back pointer */
451 };
452 #define SEC_CMS_ENCRYPTED_DATA_VERSION 0 /* what we *create* */
453 #define SEC_CMS_ENCRYPTED_DATA_VERSION_UPATTR 2 /* what we *create* */
454
455 /* =============================================================================
456 * FORTEZZA KEA
457 */
458
459 /* An enumerated type used to select templates based on the encryption
460 scenario and data specifics. */
461 typedef enum {
462 SecCmsKEAInvalid = -1,
463 SecCmsKEAUsesSkipjack = 0,
464 SecCmsKEAUsesNonSkipjack = 1,
465 SecCmsKEAUsesNonSkipjackWithPaddedEncKey = 2
466 } SecCmsKEATemplateSelector;
467
468 /* ### mwelch - S/MIME KEA parameters. These don't really fit here,
469 but I cannot think of a more appropriate place at this time. */
470 struct SecCmsSMIMEKEAParametersStr {
471 CSSM_DATA originatorKEAKey; /* sender KEA key (encrypted?) */
472 CSSM_DATA originatorRA; /* random number generated by sender */
473 CSSM_DATA nonSkipjackIV; /* init'n vector for SkipjackCBC64
474 decryption of KEA key if Skipjack
475 is not the bulk algorithm used on
476 the message */
477 CSSM_DATA bulkKeySize; /* if Skipjack is not the bulk
478 algorithm used on the message,
479 and the size of the bulk encryption
480 key is not the same as that of
481 originatorKEAKey (due to padding
482 perhaps), this field will contain
483 the real size of the bulk encryption
484 key. */
485 };
486
487 /*
488 * *****************************************************************************
489 * *****************************************************************************
490 * *****************************************************************************
491 */
492
493 /*
494 * See comment above about this type not really belonging to CMS.
495 */
496 struct SecCmsAttributeStr {
497 /* The following fields make up an encoded Attribute: */
498 CSSM_DATA type;
499 CSSM_DATA_PTR * values; /* data may or may not be encoded */
500 /* The following fields are not part of an encoded Attribute: */
501 SECOidData * typeTag;
502 Boolean encoded; /* when true, values are encoded */
503 };
504
505
506 #endif /* _CMSTPRIV_H_ */
mirror of Security