]> git.saurik.com Git - apple/security.git/blob - libsecurity_smime/lib/cmstpriv.h
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-58286.51.6.tar.gz
[apple/security.git] / libsecurity_smime / lib / cmstpriv.h
1 /*
2 * The contents of this file are subject to the Mozilla Public
3 * License Version 1.1 (the "License"); you may not use this file
4 * except in compliance with the License. You may obtain a copy of
5 * the License at http://www.mozilla.org/MPL/
6 *
7 * Software distributed under the License is distributed on an "AS
8 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
9 * implied. See the License for the specific language governing
10 * rights and limitations under the License.
11 *
12 * The Original Code is the Netscape security libraries.
13 *
14 * The Initial Developer of the Original Code is Netscape
15 * Communications Corporation. Portions created by Netscape are
16 * Copyright (C) 1994-2000 Netscape Communications Corporation. All
17 * Rights Reserved.
18 *
19 * Contributor(s):
20 *
21 * Alternatively, the contents of this file may be used under the
22 * terms of the GNU General Public License Version 2 or later (the
23 * "GPL"), in which case the provisions of the GPL are applicable
24 * instead of those above. If you wish to allow use of your
25 * version of this file only under the terms of the GPL and not to
26 * allow others to use your version of this file under the MPL,
27 * indicate your decision by deleting the provisions above and
28 * replace them with the notice and other provisions required by
29 * the GPL. If you do not delete the provisions above, a recipient
30 * may use your version of this file under either the MPL or the
31 * GPL.
32 */
33
34 /*
35 * Header for CMS types.
36 */
37
38 #ifndef _CMSTPRIV_H_
39 #define _CMSTPRIV_H_
40
41 #include <Security/SecCmsBase.h>
42 #include <security_smime/secoidt.h>
43
44 #include <Security/secasn1t.h>
45 #include <security_asn1/plarenas.h>
46 #include <Security/nameTemplates.h>
47
48 #include <CoreFoundation/CFArray.h>
49 #include <CoreFoundation/CFDate.h>
50 #include <Security/SecCertificate.h>
51 #include <Security/SecKey.h>
52
53 /* rjr: PKCS #11 cert handling (pk11cert.c) does use SecCmsRecipientInfo's.
54 * This is because when we search the recipient list for the cert and key we
55 * want, we need to invert the order of the loops we used to have. The old
56 * loops were:
57 *
58 * For each recipient {
59 * find_cert = PK11_Find_AllCert(recipient->issuerSN);
60 * [which unrolls to... ]
61 * For each slot {
62 * Log into slot;
63 * search slot for cert;
64 * }
65 * }
66 *
67 * the new loop searchs all the recipients at once on a slot. this allows
68 * PKCS #11 to order slots in such a way that logout slots don't get checked
69 * if we can find the cert on a logged in slot. This eliminates lots of
70 * spurious password prompts when smart cards are installed... so why this
71 * comment? If you make SecCmsRecipientInfo completely opaque, you need
72 * to provide a non-opaque list of issuerSN's (the only field PKCS#11 needs
73 * and fix up pk11cert.c first. NOTE: Only S/MIME calls this special PKCS #11
74 * function.
75 */
76
77 typedef struct SecCmsContentInfoStr SecCmsContentInfo;
78 typedef struct SecCmsMessageStr SecCmsMessage;
79 typedef struct SecCmsSignedDataStr SecCmsSignedData;
80 typedef struct SecCmsSignerInfoStr SecCmsSignerInfo;
81 typedef struct SecCmsEnvelopedDataStr SecCmsEnvelopedData;
82 typedef struct SecCmsRecipientInfoStr SecCmsRecipientInfo;
83 typedef struct SecCmsDigestedDataStr SecCmsDigestedData;
84 typedef struct SecCmsEncryptedDataStr SecCmsEncryptedData;
85
86 typedef struct SecCmsIssuerAndSNStr SecCmsIssuerAndSN;
87 typedef struct SecCmsOriginatorInfoStr SecCmsOriginatorInfo;
88 typedef struct SecCmsAttributeStr SecCmsAttribute;
89
90 typedef union SecCmsContentUnion SecCmsContent;
91 typedef struct SecCmsSignerIdentifierStr SecCmsSignerIdentifier;
92
93 typedef struct SecCmsSMIMEKEAParametersStr SecCmsSMIMEKEAParameters;
94
95 typedef struct SecCmsCipherContextStr SecCmsCipherContext;
96 typedef struct SecCmsCipherContextStr *SecCmsCipherContextRef;
97
98 /* =============================================================================
99 * ENCAPSULATED CONTENTINFO & CONTENTINFO
100 */
101
102 union SecCmsContentUnion {
103 /* either unstructured */
104 SecAsn1Item * data;
105 /* or structured data */
106 SecCmsDigestedDataRef digestedData;
107 SecCmsEncryptedDataRef encryptedData;
108 SecCmsEnvelopedDataRef envelopedData;
109 SecCmsSignedDataRef signedData;
110 /* or anonymous pointer to something */
111 void * pointer;
112 };
113
114 struct SecCmsContentInfoStr {
115 SecAsn1Item contentType;
116 SecCmsContent content;
117 /* --------- local; not part of encoding --------- */
118 SecCmsMessageRef cmsg; /* back pointer to message */
119 SECOidData * contentTypeTag;
120
121 /* additional info for encryptedData and envelopedData */
122 /* we waste this space for signedData and digestedData. sue me. */
123
124 SECAlgorithmID contentEncAlg;
125 SecAsn1Item * rawContent; /* encrypted DER, optional */
126 /* XXXX bytes not encrypted, but encoded? */
127 /* --------- local; not part of encoding --------- */
128 SecSymmetricKeyRef bulkkey; /* bulk encryption key */
129 int keysize; /* size of bulk encryption key
130 * (only used by creation code) */
131 SECOidTag contentEncAlgTag; /* oid tag of encryption algorithm
132 * (only used by creation code) */
133 SecCmsCipherContextRef ciphcx; /* context for en/decryption going on */
134 SecCmsDigestContextRef digcx; /* context for digesting going on */
135 SecPrivateKeyRef privkey; /* @@@ private key is only here as a workaround for 3401088 */
136 };
137
138 /* =============================================================================
139 * MESSAGE
140 */
141
142 struct SecCmsMessageStr {
143 SecCmsContentInfo contentInfo; /* "outer" cinfo */
144 /* --------- local; not part of encoding --------- */
145 PLArenaPool * poolp;
146 int refCount;
147 /* properties of the "inner" data */
148 void * pwfn_arg;
149 SecCmsGetDecryptKeyCallback decrypt_key_cb;
150 void * decrypt_key_cb_arg;
151 };
152
153 /* =============================================================================
154 * SIGNEDDATA
155 */
156
157 struct SecCmsSignedDataStr {
158 SecCmsContentInfo contentInfo;
159 SecAsn1Item version;
160 SECAlgorithmID ** digestAlgorithms;
161 SecAsn1Item ** rawCerts;
162 SecAsn1Item ** rawCrls;
163 SecCmsSignerInfoRef * signerInfos;
164 /* --------- local; not part of encoding --------- */
165 //SecCmsMessageRef cmsg; /* back pointer to message */
166 SecAsn1Item ** digests;
167 CFMutableArrayRef certs;
168 };
169 #define SEC_CMS_SIGNED_DATA_VERSION_BASIC 1 /* what we *create* */
170 #define SEC_CMS_SIGNED_DATA_VERSION_EXT 3 /* what we *create* */
171
172 typedef enum {
173 SecCmsSignerIDIssuerSN = 0,
174 SecCmsSignerIDSubjectKeyID = 1
175 } SecCmsSignerIDSelector;
176
177 struct SecCmsSignerIdentifierStr {
178 SecCmsSignerIDSelector identifierType;
179 union {
180 SecCmsIssuerAndSN *issuerAndSN;
181 SecAsn1Item * subjectKeyID;
182 } id;
183 };
184
185 struct SecCmsIssuerAndSNStr {
186 NSS_Name issuer;
187 SecAsn1Item serialNumber;
188 /* --------- local; not part of encoding --------- */
189 SecAsn1Item derIssuer;
190 };
191
192 struct SecCmsSignerInfoStr {
193 SecAsn1Item version;
194 SecCmsSignerIdentifier signerIdentifier;
195 SECAlgorithmID digestAlg;
196 SecCmsAttribute ** authAttr;
197 SECAlgorithmID digestEncAlg;
198 SecAsn1Item encDigest;
199 SecCmsAttribute ** unAuthAttr;
200 /* --------- local; not part of encoding --------- */
201 //SecCmsMessageRef cmsg; /* back pointer to message */
202 SecCmsSignedDataRef signedData; /* back pointer to signedData. */
203 SecCertificateRef cert;
204 CFArrayRef certList;
205 CFAbsoluteTime signingTime;
206 SecCmsVerificationStatus verificationStatus;
207 SecPrivateKeyRef signingKey; /* Used if we're using subjKeyID*/
208 SecPublicKeyRef pubKey;
209 CFDataRef hashAgilityAttrValue;
210 CFDictionaryRef hashAgilityV2AttrValues;
211 };
212 #define SEC_CMS_SIGNER_INFO_VERSION_ISSUERSN 1 /* what we *create* */
213 #define SEC_CMS_SIGNER_INFO_VERSION_SUBJKEY 3 /* what we *create* */
214
215 /* =============================================================================
216 * ENVELOPED DATA
217 */
218 struct SecCmsEnvelopedDataStr {
219 SecCmsContentInfo contentInfo;
220 SecAsn1Item version;
221 SecCmsOriginatorInfo * originatorInfo; /* optional */
222 SecCmsRecipientInfoRef * recipientInfos;
223 SecCmsAttribute ** unprotectedAttr;
224 /* --------- local; not part of encoding --------- */
225 //SecCmsMessageRef cmsg; /* back pointer to message */
226 };
227 #define SEC_CMS_ENVELOPED_DATA_VERSION_REG 0 /* what we *create* */
228 #define SEC_CMS_ENVELOPED_DATA_VERSION_ADV 2 /* what we *create* */
229
230 struct SecCmsOriginatorInfoStr {
231 SecAsn1Item ** rawCerts;
232 SecAsn1Item ** rawCrls;
233 /* --------- local; not part of encoding --------- */
234 SecCertificateRef * certs;
235 };
236
237 /* -----------------------------------------------------------------------------
238 * key transport recipient info
239 */
240 typedef enum {
241 SecCmsRecipientIDIssuerSN = 0,
242 SecCmsRecipientIDSubjectKeyID = 1
243 } SecCmsRecipientIDSelector;
244
245 struct SecCmsRecipientIdentifierStr {
246 SecCmsRecipientIDSelector identifierType;
247 union {
248 SecCmsIssuerAndSN *issuerAndSN;
249 SecAsn1Item * subjectKeyID;
250 } id;
251 };
252 typedef struct SecCmsRecipientIdentifierStr SecCmsRecipientIdentifier;
253
254 struct SecCmsKeyTransRecipientInfoStr {
255 SecAsn1Item version;
256 SecCmsRecipientIdentifier recipientIdentifier;
257 SECAlgorithmID keyEncAlg;
258 SecAsn1Item encKey;
259 };
260 typedef struct SecCmsKeyTransRecipientInfoStr SecCmsKeyTransRecipientInfo;
261
262 /*
263 * View comments before SecCmsRecipientInfoStr for purpose of this
264 * structure.
265 */
266 struct SecCmsKeyTransRecipientInfoExStr {
267 SecCmsKeyTransRecipientInfo recipientInfo;
268 int version; /* version of this structure (0) */
269 SecPublicKeyRef pubKey;
270 };
271
272 typedef struct SecCmsKeyTransRecipientInfoExStr SecCmsKeyTransRecipientInfoEx;
273
274 #define SEC_CMS_KEYTRANS_RECIPIENT_INFO_VERSION_ISSUERSN 0 /* what we *create* */
275 #define SEC_CMS_KEYTRANS_RECIPIENT_INFO_VERSION_SUBJKEY 2 /* what we *create* */
276
277 /* -----------------------------------------------------------------------------
278 * key agreement recipient info
279 */
280 struct SecCmsOriginatorPublicKeyStr {
281 SECAlgorithmID algorithmIdentifier;
282 SecAsn1Item publicKey; /* bit string! */
283 };
284 typedef struct SecCmsOriginatorPublicKeyStr SecCmsOriginatorPublicKey;
285
286 typedef enum {
287 SecCmsOriginatorIDOrKeyIssuerSN = 0,
288 SecCmsOriginatorIDOrKeySubjectKeyID = 1,
289 SecCmsOriginatorIDOrKeyOriginatorPublicKey = 2
290 } SecCmsOriginatorIDOrKeySelector;
291
292 struct SecCmsOriginatorIdentifierOrKeyStr {
293 SecCmsOriginatorIDOrKeySelector identifierType;
294 union {
295 SecCmsIssuerAndSN *issuerAndSN; /* static-static */
296 SecAsn1Item * subjectKeyID; /* static-static */
297 SecCmsOriginatorPublicKey originatorPublicKey; /* ephemeral-static */
298 } id;
299 };
300 typedef struct SecCmsOriginatorIdentifierOrKeyStr SecCmsOriginatorIdentifierOrKey;
301
302 struct SecCmsRecipientKeyIdentifierStr {
303 SecAsn1Item * subjectKeyIdentifier;
304 SecAsn1Item * date; /* optional */
305 SecAsn1Item * other; /* optional */
306 };
307 typedef struct SecCmsRecipientKeyIdentifierStr SecCmsRecipientKeyIdentifier;
308
309 typedef enum {
310 SecCmsKeyAgreeRecipientIDIssuerSN = 0,
311 SecCmsKeyAgreeRecipientIDRKeyID = 1
312 } SecCmsKeyAgreeRecipientIDSelector;
313
314 struct SecCmsKeyAgreeRecipientIdentifierStr {
315 SecCmsKeyAgreeRecipientIDSelector identifierType;
316 union {
317 SecCmsIssuerAndSN *issuerAndSN;
318 SecCmsRecipientKeyIdentifier recipientKeyIdentifier;
319 } id;
320 };
321 typedef struct SecCmsKeyAgreeRecipientIdentifierStr SecCmsKeyAgreeRecipientIdentifier;
322
323 struct SecCmsRecipientEncryptedKeyStr {
324 SecCmsKeyAgreeRecipientIdentifier recipientIdentifier;
325 SecAsn1Item encKey;
326 };
327 typedef struct SecCmsRecipientEncryptedKeyStr SecCmsRecipientEncryptedKey;
328
329 struct SecCmsKeyAgreeRecipientInfoStr {
330 SecAsn1Item version;
331 SecCmsOriginatorIdentifierOrKey originatorIdentifierOrKey;
332 SecAsn1Item ukm; /* optional */
333 SECAlgorithmID keyEncAlg;
334 SecCmsRecipientEncryptedKey ** recipientEncryptedKeys;
335 };
336 typedef struct SecCmsKeyAgreeRecipientInfoStr SecCmsKeyAgreeRecipientInfo;
337
338 #define SEC_CMS_KEYAGREE_RECIPIENT_INFO_VERSION 3 /* what we *create* */
339
340 /* -----------------------------------------------------------------------------
341 * KEK recipient info
342 */
343 struct SecCmsKEKIdentifierStr {
344 SecAsn1Item keyIdentifier;
345 SecAsn1Item * date; /* optional */
346 SecAsn1Item * other; /* optional */
347 };
348 typedef struct SecCmsKEKIdentifierStr SecCmsKEKIdentifier;
349
350 struct SecCmsKEKRecipientInfoStr {
351 SecAsn1Item version;
352 SecCmsKEKIdentifier kekIdentifier;
353 SECAlgorithmID keyEncAlg;
354 SecAsn1Item encKey;
355 };
356 typedef struct SecCmsKEKRecipientInfoStr SecCmsKEKRecipientInfo;
357
358 #define SEC_CMS_KEK_RECIPIENT_INFO_VERSION 4 /* what we *create* */
359
360 /* -----------------------------------------------------------------------------
361 * recipient info
362 */
363
364 typedef enum {
365 SecCmsRecipientInfoIDKeyTrans = 0,
366 SecCmsRecipientInfoIDKeyAgree = 1,
367 SecCmsRecipientInfoIDKEK = 2
368 } SecCmsRecipientInfoIDSelector;
369
370 /*
371 * In order to preserve backwards binary compatibility when implementing
372 * creation of Recipient Info's that uses subjectKeyID in the
373 * keyTransRecipientInfo we need to stash a public key pointer in this
374 * structure somewhere. We figured out that SecCmsKeyTransRecipientInfo
375 * is the smallest member of the ri union. We're in luck since that's
376 * the very structure that would need to use the public key. So we created
377 * a new structure SecCmsKeyTransRecipientInfoEx which has a member
378 * SecCmsKeyTransRecipientInfo as the first member followed by a version
379 * and a public key pointer. This way we can keep backwards compatibility
380 * without changing the size of this structure.
381 *
382 * BTW, size of structure:
383 * SecCmsKeyTransRecipientInfo: 9 ints, 4 pointers
384 * SecCmsKeyAgreeRecipientInfo: 12 ints, 8 pointers
385 * SecCmsKEKRecipientInfo: 10 ints, 7 pointers
386 *
387 * The new structure:
388 * SecCmsKeyTransRecipientInfoEx: sizeof(SecCmsKeyTransRecipientInfo) +
389 * 1 int, 1 pointer
390 */
391
392 struct SecCmsRecipientInfoStr {
393 SecCmsRecipientInfoIDSelector recipientInfoType;
394 union {
395 SecCmsKeyTransRecipientInfo keyTransRecipientInfo;
396 SecCmsKeyAgreeRecipientInfo keyAgreeRecipientInfo;
397 SecCmsKEKRecipientInfo kekRecipientInfo;
398 SecCmsKeyTransRecipientInfoEx keyTransRecipientInfoEx;
399 } ri;
400 /* --------- local; not part of encoding --------- */
401 //SecCmsMessageRef cmsg; /* back pointer to message */
402 SecCmsEnvelopedDataRef envelopedData; /* back pointer to envelopedData */
403 SecCertificateRef cert; /* recipient's certificate */
404 };
405
406 /* =============================================================================
407 * DIGESTED DATA
408 */
409 struct SecCmsDigestedDataStr {
410 SecCmsContentInfo contentInfo;
411 SecAsn1Item version;
412 SECAlgorithmID digestAlg;
413 SecAsn1Item digest;
414 /* --------- local; not part of encoding --------- */
415 //SecCmsMessageRef cmsg; /* back pointer */
416 SecAsn1Item cdigest; /* calculated digest */
417 };
418 #define SEC_CMS_DIGESTED_DATA_VERSION_DATA 0 /* what we *create* */
419 #define SEC_CMS_DIGESTED_DATA_VERSION_ENCAP 2 /* what we *create* */
420
421 /* =============================================================================
422 * ENCRYPTED DATA
423 */
424 struct SecCmsEncryptedDataStr {
425 SecCmsContentInfo contentInfo;
426 SecAsn1Item version;
427 SecCmsAttribute ** unprotectedAttr; /* optional */
428 /* --------- local; not part of encoding --------- */
429 //SecCmsMessageRef cmsg; /* back pointer */
430 };
431 #define SEC_CMS_ENCRYPTED_DATA_VERSION 0 /* what we *create* */
432 #define SEC_CMS_ENCRYPTED_DATA_VERSION_UPATTR 2 /* what we *create* */
433
434 /* =============================================================================
435 * FORTEZZA KEA
436 */
437
438 /* An enumerated type used to select templates based on the encryption
439 scenario and data specifics. */
440 typedef enum {
441 SecCmsKEAInvalid = -1,
442 SecCmsKEAUsesSkipjack = 0,
443 SecCmsKEAUsesNonSkipjack = 1,
444 SecCmsKEAUsesNonSkipjackWithPaddedEncKey = 2
445 } SecCmsKEATemplateSelector;
446
447 /* ### mwelch - S/MIME KEA parameters. These don't really fit here,
448 but I cannot think of a more appropriate place at this time. */
449 struct SecCmsSMIMEKEAParametersStr {
450 SecAsn1Item originatorKEAKey; /* sender KEA key (encrypted?) */
451 SecAsn1Item originatorRA; /* random number generated by sender */
452 SecAsn1Item nonSkipjackIV; /* init'n vector for SkipjackCBC64
453 decryption of KEA key if Skipjack
454 is not the bulk algorithm used on
455 the message */
456 SecAsn1Item bulkKeySize; /* if Skipjack is not the bulk
457 algorithm used on the message,
458 and the size of the bulk encryption
459 key is not the same as that of
460 originatorKEAKey (due to padding
461 perhaps), this field will contain
462 the real size of the bulk encryption
463 key. */
464 };
465
466 /*
467 * *****************************************************************************
468 * *****************************************************************************
469 * *****************************************************************************
470 */
471
472 /*
473 * See comment above about this type not really belonging to CMS.
474 */
475 struct SecCmsAttributeStr {
476 /* The following fields make up an encoded Attribute: */
477 SecAsn1Item type;
478 SecAsn1Item ** values; /* data may or may not be encoded */
479 /* The following fields are not part of an encoded Attribute: */
480 SECOidData * typeTag;
481 Boolean encoded; /* when true, values are encoded */
482 };
483
484
485 #endif /* _CMSTPRIV_H_ */
mirror of Security