+++ /dev/null
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 1994-2000 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the
- * terms of the GNU General Public License Version 2 or later (the
- * "GPL"), in which case the provisions of the GPL are applicable
- * instead of those above. If you wish to allow use of your
- * version of this file only under the terms of the GPL and not to
- * allow others to use your version of this file under the MPL,
- * indicate your decision by deleting the provisions above and
- * replace them with the notice and other provisions required by
- * the GPL. If you do not delete the provisions above, a recipient
- * may use your version of this file under either the MPL or the
- * GPL.
- */
-
-/*
- * Header for CMS types.
- */
-
-#ifndef _CMSTPRIV_H_
-#define _CMSTPRIV_H_
-
-#include <Security/SecCmsBase.h>
-#include <security_smime/secoidt.h>
-
-#include <Security/secasn1t.h>
-#include <security_asn1/plarenas.h>
-#include <Security/nameTemplates.h>
-
-#include <CoreFoundation/CFArray.h>
-#include <CoreFoundation/CFDate.h>
-#include <Security/SecCertificate.h>
-#include <Security/SecKey.h>
-
-/* rjr: PKCS #11 cert handling (pk11cert.c) does use SecCmsRecipientInfo's.
- * This is because when we search the recipient list for the cert and key we
- * want, we need to invert the order of the loops we used to have. The old
- * loops were:
- *
- * For each recipient {
- * find_cert = PK11_Find_AllCert(recipient->issuerSN);
- * [which unrolls to... ]
- * For each slot {
- * Log into slot;
- * search slot for cert;
- * }
- * }
- *
- * the new loop searchs all the recipients at once on a slot. this allows
- * PKCS #11 to order slots in such a way that logout slots don't get checked
- * if we can find the cert on a logged in slot. This eliminates lots of
- * spurious password prompts when smart cards are installed... so why this
- * comment? If you make SecCmsRecipientInfo completely opaque, you need
- * to provide a non-opaque list of issuerSN's (the only field PKCS#11 needs
- * and fix up pk11cert.c first. NOTE: Only S/MIME calls this special PKCS #11
- * function.
- */
-
-typedef struct SecCmsContentInfoStr SecCmsContentInfo;
-typedef struct SecCmsMessageStr SecCmsMessage;
-typedef struct SecCmsSignedDataStr SecCmsSignedData;
-typedef struct SecCmsSignerInfoStr SecCmsSignerInfo;
-typedef struct SecCmsEnvelopedDataStr SecCmsEnvelopedData;
-typedef struct SecCmsRecipientInfoStr SecCmsRecipientInfo;
-typedef struct SecCmsDigestedDataStr SecCmsDigestedData;
-typedef struct SecCmsEncryptedDataStr SecCmsEncryptedData;
-
-typedef struct SecCmsIssuerAndSNStr SecCmsIssuerAndSN;
-typedef struct SecCmsOriginatorInfoStr SecCmsOriginatorInfo;
-typedef struct SecCmsAttributeStr SecCmsAttribute;
-
-typedef union SecCmsContentUnion SecCmsContent;
-typedef struct SecCmsSignerIdentifierStr SecCmsSignerIdentifier;
-
-typedef struct SecCmsSMIMEKEAParametersStr SecCmsSMIMEKEAParameters;
-
-typedef struct SecCmsCipherContextStr SecCmsCipherContext;
-typedef struct SecCmsCipherContextStr *SecCmsCipherContextRef;
-
-/* =============================================================================
- * ENCAPSULATED CONTENTINFO & CONTENTINFO
- */
-
-union SecCmsContentUnion {
- /* either unstructured */
- CSSM_DATA_PTR data;
- /* or structured data */
- SecCmsDigestedDataRef digestedData;
- SecCmsEncryptedDataRef encryptedData;
- SecCmsEnvelopedDataRef envelopedData;
- SecCmsSignedDataRef signedData;
- /* or anonymous pointer to something */
- void * pointer;
-};
-
-struct SecCmsContentInfoStr {
- CSSM_DATA contentType;
- SecCmsContent content;
- /* --------- local; not part of encoding --------- */
- SECOidData * contentTypeTag;
-
- /* additional info for encryptedData and envelopedData */
- /* we waste this space for signedData and digestedData. sue me. */
-
- SECAlgorithmID contentEncAlg;
- CSSM_DATA_PTR rawContent; /* encrypted DER, optional */
- /* XXXX bytes not encrypted, but encoded? */
- /* --------- local; not part of encoding --------- */
- SecSymmetricKeyRef bulkkey; /* bulk encryption key */
- int keysize; /* size of bulk encryption key
- * (only used by creation code) */
- SECOidTag contentEncAlgTag; /* oid tag of encryption algorithm
- * (only used by creation code) */
- SecCmsCipherContextRef ciphcx; /* context for en/decryption going on */
- SecCmsDigestContextRef digcx; /* context for digesting going on */
- SecPrivateKeyRef privkey; /* @@@ private key is only here as a workaround for 3401088 */
-};
-
-/* =============================================================================
- * MESSAGE
- */
-
-/*!
- @typedef
- @discussion Type of function called inside SecCmsSignedDataEncodeAfterData to
- fire up XPC service to talk to TimeStamping server, etc.
- @param context Typically a CFDictionary with URL, etc.
- @param messageImprint a SecAsn1TSAMessageImprint with the algorithm and hash value
- @param tstoken The returned TimeStampToken
- */
-typedef OSStatus (*SecCmsTSACallback)(const void *context, void *messageImprint, uint64_t nonce, CSSM_DATA *tstoken);
-
-struct SecCmsMessageStr {
- SecCmsContentInfo contentInfo; /* "outer" cinfo */
- /* --------- local; not part of encoding --------- */
- PLArenaPool * poolp;
- Boolean poolp_is_ours;
- int refCount;
- /* properties of the "inner" data */
- SECAlgorithmID ** detached_digestalgs;
- CSSM_DATA_PTR * detached_digests;
- void * pwfn_arg;
- SecCmsGetDecryptKeyCallback decrypt_key_cb;
- void * decrypt_key_cb_arg;
-
- /* Fields for Time Stamping */
- SecCmsTSACallback tsaCallback;
- CFTypeRef tsaContext;
-};
-
-/* =============================================================================
- * SIGNEDDATA
- */
-
-struct SecCmsSignedDataStr {
- CSSM_DATA version;
- SECAlgorithmID ** digestAlgorithms;
- SecCmsContentInfo contentInfo;
- CSSM_DATA_PTR * rawCerts;
- CSSM_DATA_PTR * rawCrls;
- SecCmsSignerInfoRef * signerInfos;
- /* --------- local; not part of encoding --------- */
- SecCmsMessageRef cmsg; /* back pointer to message */
- CSSM_DATA_PTR * digests;
- CFMutableArrayRef certs;
-};
-#define SEC_CMS_SIGNED_DATA_VERSION_BASIC 1 /* what we *create* */
-#define SEC_CMS_SIGNED_DATA_VERSION_EXT 3 /* what we *create* */
-
-typedef enum {
- SecCmsSignerIDIssuerSN = 0,
- SecCmsSignerIDSubjectKeyID = 1
-} SecCmsSignerIDSelector;
-
-struct SecCmsSignerIdentifierStr {
- SecCmsSignerIDSelector identifierType;
- union {
- SecCmsIssuerAndSN *issuerAndSN;
- CSSM_DATA_PTR subjectKeyID;
- } id;
-};
-
-struct SecCmsIssuerAndSNStr {
- NSS_Name issuer;
- CSSM_DATA serialNumber;
- /* --------- local; not part of encoding --------- */
- CSSM_DATA derIssuer;
-};
-
-struct SecCmsSignerInfoStr {
- CSSM_DATA version;
- SecCmsSignerIdentifier signerIdentifier;
- SECAlgorithmID digestAlg;
- SecCmsAttribute ** authAttr;
- SECAlgorithmID digestEncAlg;
- CSSM_DATA encDigest;
- SecCmsAttribute ** unAuthAttr;
- /* --------- local; not part of encoding --------- */
- SecCmsMessageRef cmsg; /* back pointer to message */
- SecCmsSignedDataRef sigd; /* back pointer to SignedData */
- SecCertificateRef cert;
- CFArrayRef certList;
- CFAbsoluteTime signingTime;
- SecCmsVerificationStatus verificationStatus;
- SecPrivateKeyRef signingKey; /* Used if we're using subjKeyID*/
- SecPublicKeyRef pubKey;
- CFAbsoluteTime timestampTime;
- CFAbsoluteTime tsaLeafNotBefore; /* Start date for Timestamp Authority leaf */
- CFAbsoluteTime tsaLeafNotAfter; /* Expiration date for Timestamp Authority leaf */
- CFMutableArrayRef timestampCertList;
-};
-#define SEC_CMS_SIGNER_INFO_VERSION_ISSUERSN 1 /* what we *create* */
-#define SEC_CMS_SIGNER_INFO_VERSION_SUBJKEY 3 /* what we *create* */
-
-/* =============================================================================
- * ENVELOPED DATA
- */
-struct SecCmsEnvelopedDataStr {
- CSSM_DATA version;
- SecCmsOriginatorInfo * originatorInfo; /* optional */
- SecCmsRecipientInfoRef * recipientInfos;
- SecCmsContentInfo contentInfo;
- SecCmsAttribute ** unprotectedAttr;
- /* --------- local; not part of encoding --------- */
- SecCmsMessageRef cmsg; /* back pointer to message */
-};
-#define SEC_CMS_ENVELOPED_DATA_VERSION_REG 0 /* what we *create* */
-#define SEC_CMS_ENVELOPED_DATA_VERSION_ADV 2 /* what we *create* */
-
-struct SecCmsOriginatorInfoStr {
- CSSM_DATA_PTR * rawCerts;
- CSSM_DATA_PTR * rawCrls;
- /* --------- local; not part of encoding --------- */
- SecCertificateRef * certs;
-};
-
-/* -----------------------------------------------------------------------------
- * key transport recipient info
- */
-typedef enum {
- SecCmsRecipientIDIssuerSN = 0,
- SecCmsRecipientIDSubjectKeyID = 1
-} SecCmsRecipientIDSelector;
-
-struct SecCmsRecipientIdentifierStr {
- SecCmsRecipientIDSelector identifierType;
- union {
- SecCmsIssuerAndSN *issuerAndSN;
- CSSM_DATA_PTR subjectKeyID;
- } id;
-};
-typedef struct SecCmsRecipientIdentifierStr SecCmsRecipientIdentifier;
-
-struct SecCmsKeyTransRecipientInfoStr {
- CSSM_DATA version;
- SecCmsRecipientIdentifier recipientIdentifier;
- SECAlgorithmID keyEncAlg;
- CSSM_DATA encKey;
-};
-typedef struct SecCmsKeyTransRecipientInfoStr SecCmsKeyTransRecipientInfo;
-
-/*
- * View comments before SecCmsRecipientInfoStr for purpose of this
- * structure.
- */
-struct SecCmsKeyTransRecipientInfoExStr {
- SecCmsKeyTransRecipientInfo recipientInfo;
- int version; /* version of this structure (0) */
- SecPublicKeyRef pubKey;
-};
-
-typedef struct SecCmsKeyTransRecipientInfoExStr SecCmsKeyTransRecipientInfoEx;
-
-#define SEC_CMS_KEYTRANS_RECIPIENT_INFO_VERSION_ISSUERSN 0 /* what we *create* */
-#define SEC_CMS_KEYTRANS_RECIPIENT_INFO_VERSION_SUBJKEY 2 /* what we *create* */
-
-/* -----------------------------------------------------------------------------
- * key agreement recipient info
- */
-struct SecCmsOriginatorPublicKeyStr {
- SECAlgorithmID algorithmIdentifier;
- CSSM_DATA publicKey; /* bit string! */
-};
-typedef struct SecCmsOriginatorPublicKeyStr SecCmsOriginatorPublicKey;
-
-typedef enum {
- SecCmsOriginatorIDOrKeyIssuerSN = 0,
- SecCmsOriginatorIDOrKeySubjectKeyID = 1,
- SecCmsOriginatorIDOrKeyOriginatorPublicKey = 2
-} SecCmsOriginatorIDOrKeySelector;
-
-struct SecCmsOriginatorIdentifierOrKeyStr {
- SecCmsOriginatorIDOrKeySelector identifierType;
- union {
- SecCmsIssuerAndSN *issuerAndSN; /* static-static */
- CSSM_DATA subjectKeyID; /* static-static */
- SecCmsOriginatorPublicKey originatorPublicKey; /* ephemeral-static */
- } id;
-};
-typedef struct SecCmsOriginatorIdentifierOrKeyStr SecCmsOriginatorIdentifierOrKey;
-
-struct SecCmsRecipientKeyIdentifierStr {
- CSSM_DATA_PTR subjectKeyIdentifier;
- CSSM_DATA_PTR date; /* optional */
- CSSM_DATA_PTR other; /* optional */
-};
-typedef struct SecCmsRecipientKeyIdentifierStr SecCmsRecipientKeyIdentifier;
-
-typedef enum {
- SecCmsKeyAgreeRecipientIDIssuerSN = 0,
- SecCmsKeyAgreeRecipientIDRKeyID = 1
-} SecCmsKeyAgreeRecipientIDSelector;
-
-struct SecCmsKeyAgreeRecipientIdentifierStr {
- SecCmsKeyAgreeRecipientIDSelector identifierType;
- union {
- SecCmsIssuerAndSN *issuerAndSN;
- SecCmsRecipientKeyIdentifier recipientKeyIdentifier;
- } id;
-};
-typedef struct SecCmsKeyAgreeRecipientIdentifierStr SecCmsKeyAgreeRecipientIdentifier;
-
-struct SecCmsRecipientEncryptedKeyStr {
- SecCmsKeyAgreeRecipientIdentifier recipientIdentifier;
- CSSM_DATA encKey;
-};
-typedef struct SecCmsRecipientEncryptedKeyStr SecCmsRecipientEncryptedKey;
-
-struct SecCmsKeyAgreeRecipientInfoStr {
- CSSM_DATA version;
- SecCmsOriginatorIdentifierOrKey originatorIdentifierOrKey;
- CSSM_DATA ukm; /* optional */
- SECAlgorithmID keyEncAlg;
- SecCmsRecipientEncryptedKey ** recipientEncryptedKeys;
-};
-typedef struct SecCmsKeyAgreeRecipientInfoStr SecCmsKeyAgreeRecipientInfo;
-
-#define SEC_CMS_KEYAGREE_RECIPIENT_INFO_VERSION 3 /* what we *create* */
-
-/* -----------------------------------------------------------------------------
- * KEK recipient info
- */
-struct SecCmsKEKIdentifierStr {
- CSSM_DATA keyIdentifier;
- CSSM_DATA_PTR date; /* optional */
- CSSM_DATA_PTR other; /* optional */
-};
-typedef struct SecCmsKEKIdentifierStr SecCmsKEKIdentifier;
-
-struct SecCmsKEKRecipientInfoStr {
- CSSM_DATA version;
- SecCmsKEKIdentifier kekIdentifier;
- SECAlgorithmID keyEncAlg;
- CSSM_DATA encKey;
-};
-typedef struct SecCmsKEKRecipientInfoStr SecCmsKEKRecipientInfo;
-
-#define SEC_CMS_KEK_RECIPIENT_INFO_VERSION 4 /* what we *create* */
-
-/* -----------------------------------------------------------------------------
- * recipient info
- */
-
-typedef enum {
- SecCmsRecipientInfoIDKeyTrans = 0,
- SecCmsRecipientInfoIDKeyAgree = 1,
- SecCmsRecipientInfoIDKEK = 2
-} SecCmsRecipientInfoIDSelector;
-
-/*
- * In order to preserve backwards binary compatibility when implementing
- * creation of Recipient Info's that uses subjectKeyID in the
- * keyTransRecipientInfo we need to stash a public key pointer in this
- * structure somewhere. We figured out that SecCmsKeyTransRecipientInfo
- * is the smallest member of the ri union. We're in luck since that's
- * the very structure that would need to use the public key. So we created
- * a new structure SecCmsKeyTransRecipientInfoEx which has a member
- * SecCmsKeyTransRecipientInfo as the first member followed by a version
- * and a public key pointer. This way we can keep backwards compatibility
- * without changing the size of this structure.
- *
- * BTW, size of structure:
- * SecCmsKeyTransRecipientInfo: 9 ints, 4 pointers
- * SecCmsKeyAgreeRecipientInfo: 12 ints, 8 pointers
- * SecCmsKEKRecipientInfo: 10 ints, 7 pointers
- *
- * The new structure:
- * SecCmsKeyTransRecipientInfoEx: sizeof(SecCmsKeyTransRecipientInfo) +
- * 1 int, 1 pointer
- */
-
-struct SecCmsRecipientInfoStr {
- SecCmsRecipientInfoIDSelector recipientInfoType;
- union {
- SecCmsKeyTransRecipientInfo keyTransRecipientInfo;
- SecCmsKeyAgreeRecipientInfo keyAgreeRecipientInfo;
- SecCmsKEKRecipientInfo kekRecipientInfo;
- SecCmsKeyTransRecipientInfoEx keyTransRecipientInfoEx;
- } ri;
- /* --------- local; not part of encoding --------- */
- SecCmsMessageRef cmsg; /* back pointer to message */
- SecCertificateRef cert; /* recipient's certificate */
-};
-
-/* =============================================================================
- * DIGESTED DATA
- */
-struct SecCmsDigestedDataStr {
- CSSM_DATA version;
- SECAlgorithmID digestAlg;
- SecCmsContentInfo contentInfo;
- CSSM_DATA digest;
- /* --------- local; not part of encoding --------- */
- SecCmsMessageRef cmsg; /* back pointer */
- CSSM_DATA cdigest; /* calculated digest */
-};
-#define SEC_CMS_DIGESTED_DATA_VERSION_DATA 0 /* what we *create* */
-#define SEC_CMS_DIGESTED_DATA_VERSION_ENCAP 2 /* what we *create* */
-
-/* =============================================================================
- * ENCRYPTED DATA
- */
-struct SecCmsEncryptedDataStr {
- CSSM_DATA version;
- SecCmsContentInfo contentInfo;
- SecCmsAttribute ** unprotectedAttr; /* optional */
- /* --------- local; not part of encoding --------- */
- SecCmsMessageRef cmsg; /* back pointer */
-};
-#define SEC_CMS_ENCRYPTED_DATA_VERSION 0 /* what we *create* */
-#define SEC_CMS_ENCRYPTED_DATA_VERSION_UPATTR 2 /* what we *create* */
-
-/* =============================================================================
- * FORTEZZA KEA
- */
-
-/* An enumerated type used to select templates based on the encryption
- scenario and data specifics. */
-typedef enum {
- SecCmsKEAInvalid = -1,
- SecCmsKEAUsesSkipjack = 0,
- SecCmsKEAUsesNonSkipjack = 1,
- SecCmsKEAUsesNonSkipjackWithPaddedEncKey = 2
-} SecCmsKEATemplateSelector;
-
-/* ### mwelch - S/MIME KEA parameters. These don't really fit here,
- but I cannot think of a more appropriate place at this time. */
-struct SecCmsSMIMEKEAParametersStr {
- CSSM_DATA originatorKEAKey; /* sender KEA key (encrypted?) */
- CSSM_DATA originatorRA; /* random number generated by sender */
- CSSM_DATA nonSkipjackIV; /* init'n vector for SkipjackCBC64
- decryption of KEA key if Skipjack
- is not the bulk algorithm used on
- the message */
- CSSM_DATA bulkKeySize; /* if Skipjack is not the bulk
- algorithm used on the message,
- and the size of the bulk encryption
- key is not the same as that of
- originatorKEAKey (due to padding
- perhaps), this field will contain
- the real size of the bulk encryption
- key. */
-};
-
-/*
- * *****************************************************************************
- * *****************************************************************************
- * *****************************************************************************
- */
-
-/*
- * See comment above about this type not really belonging to CMS.
- */
-struct SecCmsAttributeStr {
- /* The following fields make up an encoded Attribute: */
- CSSM_DATA type;
- CSSM_DATA_PTR * values; /* data may or may not be encoded */
- /* The following fields are not part of an encoded Attribute: */
- SECOidData * typeTag;
- Boolean encoded; /* when true, values are encoded */
-};
-
-
-#endif /* _CMSTPRIV_H_ */
projects / apple / security.git / blobdiff