--- /dev/null
+/*
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ *
+ * The Original Code is the Netscape security libraries.
+ *
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation. Portions created by Netscape are
+ * Copyright (C) 1994-2000 Netscape Communications Corporation. All
+ * Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable
+ * instead of those above. If you wish to allow use of your
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL. If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+
+/*
+ * Interfaces of the CMS implementation.
+ */
+
+#ifndef _CMSPRIV_H_
+#define _CMSPRIV_H_
+
+#include <Security/SecTrust.h>
+#include <security_asn1/seccomon.h> // SEC_BEGIN_PROTOS
+#include "cmstpriv.h"
+
+/************************************************************************/
+SEC_BEGIN_PROTOS
+
+/************************************************************************
+ * cmsutil.c - CMS misc utility functions
+ ************************************************************************/
+
+
+/*
+ * SecCmsArraySortByDER - sort array of objects by objects' DER encoding
+ *
+ * make sure that the order of the objects guarantees valid DER (which must be
+ * in lexigraphically ascending order for a SET OF); if reordering is necessary it
+ * will be done in place (in objs).
+ */
+extern OSStatus
+SecCmsArraySortByDER(void **objs, const SecAsn1Template *objtemplate, void **objs2);
+
+/*
+ * SecCmsUtilDERCompare - for use with SecCmsArraySort to
+ * sort arrays of SecAsn1Items containing DER
+ */
+extern int
+SecCmsUtilDERCompare(void *a, void *b);
+
+/*
+ * SecCmsAlgArrayGetIndexByAlgID - find a specific algorithm in an array of
+ * algorithms.
+ *
+ * algorithmArray - array of algorithm IDs
+ * algid - algorithmid of algorithm to pick
+ *
+ * Returns:
+ * An integer containing the index of the algorithm in the array or -1 if
+ * algorithm was not found.
+ */
+extern int
+SecCmsAlgArrayGetIndexByAlgID(SECAlgorithmID **algorithmArray, SECAlgorithmID *algid);
+
+/*
+ * SecCmsAlgArrayGetIndexByAlgID - find a specific algorithm in an array of
+ * algorithms.
+ *
+ * algorithmArray - array of algorithm IDs
+ * algiddata - id of algorithm to pick
+ *
+ * Returns:
+ * An integer containing the index of the algorithm in the array or -1 if
+ * algorithm was not found.
+ */
+extern int
+SecCmsAlgArrayGetIndexByAlgTag(SECAlgorithmID **algorithmArray, SECOidTag algtag);
+
+#if USE_CDSA_CRYPTO
+extern CSSM_CC_HANDLE
+#else
+extern void *
+#endif
+SecCmsUtilGetHashObjByAlgID(SECAlgorithmID *algid);
+
+/*
+ * XXX I would *really* like to not have to do this, but the current
+ * signing interface gives me little choice.
+ */
+extern SECOidTag
+SecCmsUtilMakeSignatureAlgorithm(SECOidTag hashalg, SECOidTag encalg);
+
+extern const SecAsn1Template *
+SecCmsUtilGetTemplateByTypeTag(SECOidTag type);
+
+extern size_t
+SecCmsUtilGetSizeByTypeTag(SECOidTag type);
+
+extern SecCmsContentInfoRef
+SecCmsContentGetContentInfo(void *msg, SECOidTag type);
+
+/************************************************************************
+* cmsmessage.c - CMS message methods
+************************************************************************/
+
+/*!
+@function
+ @abstract Set up a CMS message object for encoding or decoding.
+ @discussion used internally.
+ @param cmsg Pointer to a SecCmsMessage object
+ @param pwfn callback function for getting token password for enveloped
+ data content with a password recipient.
+ @param pwfn_arg first argument passed to pwfn when it is called.
+ @param encrypt_key_cb callback function for getting bulk key for encryptedData content.
+ @param encrypt_key_cb_arg first argument passed to encrypt_key_cb when it is
+ called.
+ @param detached_digestalgs digest algorithms in detached_digests
+ @param detached_digests digests from detached content (one for every element
+ in detached_digestalgs).
+ */
+extern void
+SecCmsMessageSetEncodingParams(SecCmsMessageRef cmsg,
+ PK11PasswordFunc pwfn, void *pwfn_arg,
+ SecCmsGetDecryptKeyCallback encrypt_key_cb, void *encrypt_key_cb_arg);
+
+/************************************************************************
+ * cmscinfo.c - CMS contentInfo methods
+ ************************************************************************/
+
+/*!
+ Destroy a CMS contentInfo and all of its sub-pieces.
+ @param cinfo The contentInfo object to destroy.
+ */
+extern void
+SecCmsContentInfoDestroy(SecCmsContentInfoRef cinfo);
+
+/*
+ * SecCmsContentInfoSetContent - set cinfo's content type & content to CMS object
+ */
+extern OSStatus
+SecCmsContentInfoSetContent(SecCmsContentInfoRef cinfo, SECOidTag type, void *ptr);
+
+
+/************************************************************************
+ * cmssigdata.c - CMS signedData methods
+ ************************************************************************/
+
+extern OSStatus
+SecCmsSignedDataSetDigestValue(SecCmsSignedDataRef sigd,
+ SECOidTag digestalgtag,
+ SecAsn1Item * digestdata);
+
+extern OSStatus
+SecCmsSignedDataAddDigest(PRArenaPool *poolp,
+ SecCmsSignedDataRef sigd,
+ SECOidTag digestalgtag,
+ SecAsn1Item * digest);
+
+extern SecAsn1Item *
+SecCmsSignedDataGetDigestByAlgTag(SecCmsSignedDataRef sigd, SECOidTag algtag);
+
+extern SecAsn1Item *
+SecCmsSignedDataGetDigestValue(SecCmsSignedDataRef sigd, SECOidTag digestalgtag);
+
+/*!
+ @function
+ */
+extern OSStatus
+SecCmsSignedDataAddSignerInfo(SecCmsSignedDataRef sigd,
+ SecCmsSignerInfoRef signerinfo);
+
+/*!
+ @function
+ */
+extern OSStatus
+SecCmsSignedDataSetDigests(SecCmsSignedDataRef sigd,
+ SECAlgorithmID **digestalgs,
+ SecAsn1Item * *digests);
+
+/*
+ * SecCmsSignedDataEncodeBeforeStart - do all the necessary things to a SignedData
+ * before start of encoding.
+ *
+ * In detail:
+ * - find out about the right value to put into sigd->version
+ * - come up with a list of digestAlgorithms (which should be the union of the algorithms
+ * in the signerinfos).
+ * If we happen to have a pre-set list of algorithms (and digest values!), we
+ * check if we have all the signerinfos' algorithms. If not, this is an error.
+ */
+extern OSStatus
+SecCmsSignedDataEncodeBeforeStart(SecCmsSignedDataRef sigd);
+
+extern OSStatus
+SecCmsSignedDataEncodeBeforeData(SecCmsSignedDataRef sigd);
+
+/*
+ * SecCmsSignedDataEncodeAfterData - do all the necessary things to a SignedData
+ * after all the encapsulated data was passed through the encoder.
+ *
+ * In detail:
+ * - create the signatures in all the SignerInfos
+ *
+ * Please note that nothing is done to the Certificates and CRLs in the message - this
+ * is entirely the responsibility of our callers.
+ */
+extern OSStatus
+SecCmsSignedDataEncodeAfterData(SecCmsSignedDataRef sigd);
+
+extern OSStatus
+SecCmsSignedDataDecodeBeforeData(SecCmsSignedDataRef sigd);
+
+/*
+ * SecCmsSignedDataDecodeAfterData - do all the necessary things to a SignedData
+ * after all the encapsulated data was passed through the decoder.
+ */
+extern OSStatus
+SecCmsSignedDataDecodeAfterData(SecCmsSignedDataRef sigd);
+
+/*
+ * SecCmsSignedDataDecodeAfterEnd - do all the necessary things to a SignedData
+ * after all decoding is finished.
+ */
+extern OSStatus
+SecCmsSignedDataDecodeAfterEnd(SecCmsSignedDataRef sigd);
+
+
+/************************************************************************
+ * cmssiginfo.c - CMS signerInfo methods
+ ************************************************************************/
+
+/*
+ * SecCmsSignerInfoSign - sign something
+ *
+ */
+extern OSStatus
+SecCmsSignerInfoSign(SecCmsSignerInfoRef signerinfo, SecAsn1Item * digest, SecAsn1Item * contentType);
+
+/*
+ * If trustRef is NULL the cert chain is verified and the VerificationStatus is set accordingly.
+ * Otherwise a SecTrust object is returned for the caller to evaluate using SecTrustEvaluate().
+ */
+extern OSStatus
+SecCmsSignerInfoVerifyCertificate(SecCmsSignerInfoRef signerinfo, SecKeychainRef keychainOrArray,
+ CFTypeRef policies, SecTrustRef *trustRef);
+
+/*
+ * SecCmsSignerInfoVerify - verify the signature of a single SignerInfo
+ *
+ * Just verifies the signature. The assumption is that verification of the certificate
+ * is done already.
+ */
+extern OSStatus
+SecCmsSignerInfoVerify(SecCmsSignerInfoRef signerinfo, SecAsn1Item * digest, SecAsn1Item * contentType);
+
+/*
+ * SecCmsSignerInfoAddAuthAttr - add an attribute to the
+ * authenticated (i.e. signed) attributes of "signerinfo".
+ */
+extern OSStatus
+SecCmsSignerInfoAddAuthAttr(SecCmsSignerInfoRef signerinfo, SecCmsAttribute *attr);
+
+/*
+ * SecCmsSignerInfoAddUnauthAttr - add an attribute to the
+ * unauthenticated attributes of "signerinfo".
+ */
+extern OSStatus
+SecCmsSignerInfoAddUnauthAttr(SecCmsSignerInfoRef signerinfo, SecCmsAttribute *attr);
+
+extern int
+SecCmsSignerInfoGetVersion(SecCmsSignerInfoRef signerinfo);
+
+/*!
+ @function
+ @abstract Destroy a SignerInfo data structure.
+ */
+extern void
+SecCmsSignerInfoDestroy(SecCmsSignerInfoRef si);
+
+
+/************************************************************************
+ * cmsenvdata.c - CMS envelopedData methods
+ ************************************************************************/
+
+/*!
+ @function
+ @abstract Add a recipientinfo to the enveloped data msg.
+ @discussion Rip must be created on the same pool as edp - this is not enforced, though.
+ */
+extern OSStatus
+SecCmsEnvelopedDataAddRecipient(SecCmsEnvelopedDataRef edp, SecCmsRecipientInfoRef rip);
+
+/*
+ * SecCmsEnvelopedDataEncodeBeforeStart - prepare this envelopedData for encoding
+ *
+ * at this point, we need
+ * - recipientinfos set up with recipient's certificates
+ * - a content encryption algorithm (if none, 3DES will be used)
+ *
+ * this function will generate a random content encryption key (aka bulk key),
+ * initialize the recipientinfos with certificate identification and wrap the bulk key
+ * using the proper algorithm for every certificiate.
+ * it will finally set the bulk algorithm and key so that the encode step can find it.
+ */
+extern OSStatus
+SecCmsEnvelopedDataEncodeBeforeStart(SecCmsEnvelopedDataRef envd);
+
+/*
+ * SecCmsEnvelopedDataEncodeBeforeData - set up encryption
+ */
+extern OSStatus
+SecCmsEnvelopedDataEncodeBeforeData(SecCmsEnvelopedDataRef envd);
+
+/*
+ * SecCmsEnvelopedDataEncodeAfterData - finalize this envelopedData for encoding
+ */
+extern OSStatus
+SecCmsEnvelopedDataEncodeAfterData(SecCmsEnvelopedDataRef envd);
+
+/*
+ * SecCmsEnvelopedDataDecodeBeforeData - find our recipientinfo,
+ * derive bulk key & set up our contentinfo
+ */
+extern OSStatus
+SecCmsEnvelopedDataDecodeBeforeData(SecCmsEnvelopedDataRef envd);
+
+/*
+ * SecCmsEnvelopedDataDecodeAfterData - finish decrypting this envelopedData's content
+ */
+extern OSStatus
+SecCmsEnvelopedDataDecodeAfterData(SecCmsEnvelopedDataRef envd);
+
+/*
+ * SecCmsEnvelopedDataDecodeAfterEnd - finish decoding this envelopedData
+ */
+extern OSStatus
+SecCmsEnvelopedDataDecodeAfterEnd(SecCmsEnvelopedDataRef envd);
+
+
+/************************************************************************
+ * cmsrecinfo.c - CMS recipientInfo methods
+ ************************************************************************/
+
+extern int
+SecCmsRecipientInfoGetVersion(SecCmsRecipientInfoRef ri);
+
+extern SecAsn1Item *
+SecCmsRecipientInfoGetEncryptedKey(SecCmsRecipientInfoRef ri, int subIndex);
+
+
+extern SECOidTag
+SecCmsRecipientInfoGetKeyEncryptionAlgorithmTag(SecCmsRecipientInfoRef ri);
+
+extern OSStatus
+SecCmsRecipientInfoWrapBulkKey(SecCmsRecipientInfoRef ri, SecSymmetricKeyRef bulkkey, SECOidTag bulkalgtag);
+
+extern SecSymmetricKeyRef
+SecCmsRecipientInfoUnwrapBulkKey(SecCmsRecipientInfoRef ri, int subIndex,
+ SecCertificateRef cert, SecPrivateKeyRef privkey, SECOidTag bulkalgtag);
+
+/*!
+ @function
+ */
+extern void
+SecCmsRecipientInfoDestroy(SecCmsRecipientInfoRef ri);
+
+
+/************************************************************************
+ * cmsencdata.c - CMS encryptedData methods
+ ************************************************************************/
+
+/*
+ * SecCmsEncryptedDataEncodeBeforeStart - do all the necessary things to a EncryptedData
+ * before encoding begins.
+ *
+ * In particular:
+ * - set the correct version value.
+ * - get the encryption key
+ */
+extern OSStatus
+SecCmsEncryptedDataEncodeBeforeStart(SecCmsEncryptedDataRef encd);
+
+/*
+ * SecCmsEncryptedDataEncodeBeforeData - set up encryption
+ */
+extern OSStatus
+SecCmsEncryptedDataEncodeBeforeData(SecCmsEncryptedDataRef encd);
+
+/*
+ * SecCmsEncryptedDataEncodeAfterData - finalize this encryptedData for encoding
+ */
+extern OSStatus
+SecCmsEncryptedDataEncodeAfterData(SecCmsEncryptedDataRef encd);
+
+/*
+ * SecCmsEncryptedDataDecodeBeforeData - find bulk key & set up decryption
+ */
+extern OSStatus
+SecCmsEncryptedDataDecodeBeforeData(SecCmsEncryptedDataRef encd);
+
+/*
+ * SecCmsEncryptedDataDecodeAfterData - finish decrypting this encryptedData's content
+ */
+extern OSStatus
+SecCmsEncryptedDataDecodeAfterData(SecCmsEncryptedDataRef encd);
+
+/*
+ * SecCmsEncryptedDataDecodeAfterEnd - finish decoding this encryptedData
+ */
+extern OSStatus
+SecCmsEncryptedDataDecodeAfterEnd(SecCmsEncryptedDataRef encd);
+
+
+/************************************************************************
+ * cmsdigdata.c - CMS encryptedData methods
+ ************************************************************************/
+
+/*
+ * SecCmsDigestedDataEncodeBeforeStart - do all the necessary things to a DigestedData
+ * before encoding begins.
+ *
+ * In particular:
+ * - set the right version number. The contentInfo's content type must be set up already.
+ */
+extern OSStatus
+SecCmsDigestedDataEncodeBeforeStart(SecCmsDigestedDataRef digd);
+
+/*
+ * SecCmsDigestedDataEncodeBeforeData - do all the necessary things to a DigestedData
+ * before the encapsulated data is passed through the encoder.
+ *
+ * In detail:
+ * - set up the digests if necessary
+ */
+extern OSStatus
+SecCmsDigestedDataEncodeBeforeData(SecCmsDigestedDataRef digd);
+
+/*
+ * SecCmsDigestedDataEncodeAfterData - do all the necessary things to a DigestedData
+ * after all the encapsulated data was passed through the encoder.
+ *
+ * In detail:
+ * - finish the digests
+ */
+extern OSStatus
+SecCmsDigestedDataEncodeAfterData(SecCmsDigestedDataRef digd);
+
+/*
+ * SecCmsDigestedDataDecodeBeforeData - do all the necessary things to a DigestedData
+ * before the encapsulated data is passed through the encoder.
+ *
+ * In detail:
+ * - set up the digests if necessary
+ */
+extern OSStatus
+SecCmsDigestedDataDecodeBeforeData(SecCmsDigestedDataRef digd);
+
+/*
+ * SecCmsDigestedDataDecodeAfterData - do all the necessary things to a DigestedData
+ * after all the encapsulated data was passed through the encoder.
+ *
+ * In detail:
+ * - finish the digests
+ */
+extern OSStatus
+SecCmsDigestedDataDecodeAfterData(SecCmsDigestedDataRef digd);
+
+/*
+ * SecCmsDigestedDataDecodeAfterEnd - finalize a digestedData.
+ *
+ * In detail:
+ * - check the digests for equality
+ */
+extern OSStatus
+SecCmsDigestedDataDecodeAfterEnd(SecCmsDigestedDataRef digd);
+
+
+/************************************************************************
+ * cmsdigest.c - CMS encryptedData methods
+ ************************************************************************/
+
+/*
+ * SecCmsDigestContextStartSingle - same as SecCmsDigestContextStartMultiple, but
+ * only one algorithm.
+ */
+extern SecCmsDigestContextRef
+SecCmsDigestContextStartSingle(SECAlgorithmID *digestalg);
+
+/*
+ * SecCmsDigestContextFinishSingle - same as SecCmsDigestContextFinishMultiple,
+ * but for one digest.
+ */
+extern OSStatus
+SecCmsDigestContextFinishSingle(SecCmsDigestContextRef cmsdigcx,
+ SecAsn1Item * digest);
+
+/*!
+ @function
+ @abstract Finish the digests being calculated and put them into to parralel
+ arrays of SecAsn1Items.
+ @param cmsdigcx A DigestContext object.
+ @param digestalgsp will contain a to an array of digest algorithms on
+ success.
+ @param digestsp A EncryptedData object to set as the content of the cinfo
+ object.
+ @result A result code. See "SecCmsBase.h" for possible results.
+ @discussion This function requires a DigestContext object which can be made
+ by calling SecCmsDigestContextStartSingle or
+ SecCmsDigestContextStartMultiple. The returned arrays remain valid
+ until SecCmsDigestContextDestroy is called.
+ @availability 10.4 and later
+ */
+extern OSStatus
+SecCmsDigestContextFinishMultiple(SecCmsDigestContextRef cmsdigcx,
+ SECAlgorithmID ***digestalgsp,
+ SecAsn1Item * **digestsp);
+
+
+/************************************************************************/
+SEC_END_PROTOS
+
+#endif /* _CMSPRIV_H_ */
projects / apple / security.git / blobdiff