cmst.h

来自「支持SSL v2/v3, TLS, PKCS #5, PKCS #7, PKCS」· C头文件 代码 · 共 490 行 · 第 1/2 页

/*
 * The contents of this file are subject to the Mozilla Public
 * License Version 1.1 (the "License"); you may not use this file
 * except in compliance with the License. You may obtain a copy of
 * the License at http://www.mozilla.org/MPL/
 * 
 * Software distributed under the License is distributed on an "AS
 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
 * implied. See the License for the specific language governing
 * rights and limitations under the License.
 * 
 * The Original Code is the Netscape security libraries.
 * 
 * The Initial Developer of the Original Code is Netscape
 * Communications Corporation.  Portions created by Netscape are 
 * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
 * Rights Reserved.
 * 
 * Contributor(s):
 * 
 * Alternatively, the contents of this file may be used under the
 * terms of the GNU General Public License Version 2 or later (the
 * "GPL"), in which case the provisions of the GPL are applicable 
 * instead of those above.  If you wish to allow use of your 
 * version of this file only under the terms of the GPL and not to
 * allow others to use your version of this file under the MPL,
 * indicate your decision by deleting the provisions above and
 * replace them with the notice and other provisions required by
 * the GPL.  If you do not delete the provisions above, a recipient
 * may use your version of this file under either the MPL or the
 * GPL.
 */

/*
 * Header for CMS types.
 *
 * $Id: cmst.h,v 1.2 2000/06/13 21:56:32 chrisk%netscape.com Exp $
 */

#ifndef _CMST_H_
#define _CMST_H_

#include "seccomon.h"
#include "secoidt.h"
#include "certt.h"
#include "secmodt.h"
#include "secmodt.h"

#include "plarena.h"

/* Non-opaque objects.  NOTE, though: I want them to be treated as
 * opaque as much as possible.  If I could hide them completely,
 * I would.  (I tried, but ran into trouble that was taking me too
 * much time to get out of.)  I still intend to try to do so.
 * In fact, the only type that "outsiders" should even *name* is
 * NSSCMSMessage, and they should not reference its fields.
 */
/* rjr: PKCS #11 cert handling (pk11cert.c) does use NSSCMSRecipientInfo's.
 * This is because when we search the recipient list for the cert and key we
 * want, we need to invert the order of the loops we used to have. The old
 * loops were:
 *
 *  For each recipient {
 *       find_cert = PK11_Find_AllCert(recipient->issuerSN);
 *       [which unrolls to... ]
 *       For each slot {
 *            Log into slot;
 *            search slot for cert;
 *      }
 *  }
 *
 *  the new loop searchs all the recipients at once on a slot. this allows
 *  PKCS #11 to order slots in such a way that logout slots don't get checked
 *  if we can find the cert on a logged in slot. This eliminates lots of
 *  spurious password prompts when smart cards are installed... so why this
 *  comment? If you make NSSCMSRecipientInfo completely opaque, you need
 *  to provide a non-opaque list of issuerSN's (the only field PKCS#11 needs
 *  and fix up pk11cert.c first. NOTE: Only S/MIME calls this special PKCS #11
 *  function.
 */

typedef struct NSSCMSMessageStr NSSCMSMessage;

typedef union NSSCMSContentUnion NSSCMSContent;
typedef struct NSSCMSContentInfoStr NSSCMSContentInfo;

typedef struct NSSCMSSignedDataStr NSSCMSSignedData;
typedef struct NSSCMSSignerInfoStr NSSCMSSignerInfo;
typedef struct NSSCMSSignerIdentifierStr NSSCMSSignerIdentifier;

typedef struct NSSCMSEnvelopedDataStr NSSCMSEnvelopedData;
typedef struct NSSCMSOriginatorInfoStr NSSCMSOriginatorInfo;
typedef struct NSSCMSRecipientInfoStr NSSCMSRecipientInfo;

typedef struct NSSCMSDigestedDataStr NSSCMSDigestedData;
typedef struct NSSCMSEncryptedDataStr NSSCMSEncryptedData;

typedef struct NSSCMSSMIMEKEAParametersStr NSSCMSSMIMEKEAParameters;

typedef struct NSSCMSAttributeStr NSSCMSAttribute;

typedef struct NSSCMSDecoderContextStr NSSCMSDecoderContext;
typedef struct NSSCMSEncoderContextStr NSSCMSEncoderContext;

typedef struct NSSCMSCipherContextStr NSSCMSCipherContext;
typedef struct NSSCMSDigestContextStr NSSCMSDigestContext;

/*
 * Type of function passed to NSSCMSDecode or NSSCMSDecoderStart.
 * If specified, this is where the content bytes (only) will be "sent"
 * as they are recovered during the decoding.
 * And:
 * Type of function passed to NSSCMSEncode or NSSCMSEncoderStart.
 * This is where the DER-encoded bytes will be "sent".
 *
 * XXX Should just combine this with NSSCMSEncoderContentCallback type
 * and use a simpler, common name.
 */
typedef void (*NSSCMSContentCallback)(void *arg, const char *buf, unsigned long len);

/*
 * Type of function passed to NSSCMSDecode or NSSCMSDecoderStart
 * to retrieve the decryption key.  This function is intended to be
 * used for EncryptedData content info's which do not have a key available
 * in a certificate, etc.
 */
typedef PK11SymKey *(*NSSCMSGetDecryptKeyCallback)(void *arg, SECAlgorithmID *algid);


/* =============================================================================
 * ENCAPSULATED CONTENTINFO & CONTENTINFO
 */

union NSSCMSContentUnion {
    /* either unstructured */
    SECItem *			data;
    /* or structured data */
    NSSCMSDigestedData *	digestedData;
    NSSCMSEncryptedData	*	encryptedData;
    NSSCMSEnvelopedData	*	envelopedData;
    NSSCMSSignedData *		signedData;
    /* or anonymous pointer to something */
    void *			pointer;
};

struct NSSCMSContentInfoStr {
    SECItem			contentType;
    NSSCMSContent		content;
    /* --------- local; not part of encoding --------- */
    SECOidData *		contentTypeTag;	

    /* additional info for encryptedData and envelopedData */
    /* we waste this space for signedData and digestedData. sue me. */

    SECAlgorithmID		contentEncAlg;
    SECItem *			rawContent;		/* encrypted DER, optional */
							/* XXXX bytes not encrypted, but encoded? */
    /* --------- local; not part of encoding --------- */
    PK11SymKey *		bulkkey;		/* bulk encryption key */
    int				keysize;		/* size of bulk encryption key
							 * (only used by creation code) */
    SECOidTag			contentEncAlgTag;	/* oid tag of encryption algorithm
							 * (only used by creation code) */
    NSSCMSCipherContext		*ciphcx;		/* context for en/decryption going on */
    NSSCMSDigestContext		*digcx;			/* context for digesting going on */
};

/* =============================================================================
 * MESSAGE
 */

struct NSSCMSMessageStr {
    NSSCMSContentInfo	contentInfo;		/* "outer" cinfo */
    /* --------- local; not part of encoding --------- */
    PLArenaPool *	poolp;
    PRBool		poolp_is_ours;
    int			refCount;
    /* properties of the "inner" data */
    SECAlgorithmID **	detached_digestalgs;
    SECItem **		detached_digests;
    void *		pwfn_arg;
    NSSCMSGetDecryptKeyCallback decrypt_key_cb;
    void *		decrypt_key_cb_arg;
};

/* =============================================================================
 * SIGNEDDATA
 */

struct NSSCMSSignedDataStr {
    SECItem			version;
    SECAlgorithmID **		digestAlgorithms;
    NSSCMSContentInfo		contentInfo;
    SECItem **			rawCerts;
    CERTSignedCrl **		crls;
    NSSCMSSignerInfo **		signerInfos;
    /* --------- local; not part of encoding --------- */
    NSSCMSMessage *		cmsg;			/* back pointer to message */
    SECItem **			digests;
    CERTCertificate **		certs;
    CERTCertificateList **	certLists;
};
#define NSS_CMS_SIGNED_DATA_VERSION_BASIC	1	/* what we *create* */
#define NSS_CMS_SIGNED_DATA_VERSION_EXT		3	/* what we *create* */

typedef enum {
    NSSCMSVS_Unverified = 0,
    NSSCMSVS_GoodSignature,
    NSSCMSVS_BadSignature,
    NSSCMSVS_DigestMismatch,
    NSSCMSVS_SigningCertNotFound,
    NSSCMSVS_SigningCertNotTrusted,
    NSSCMSVS_SignatureAlgorithmUnknown,
    NSSCMSVS_SignatureAlgorithmUnsupported,
    NSSCMSVS_MalformedSignature,
    NSSCMSVS_ProcessingError
} NSSCMSVerificationStatus;

typedef enum {
    NSSCMSSignerID_IssuerSN,
    NSSCMSSignerID_SubjectKeyID
} NSSCMSSignerIDSelector;

struct NSSCMSSignerIdentifierStr {
    NSSCMSSignerIDSelector identifierType;
    union {
	CERTIssuerAndSN *issuerAndSN;
	SECItem *subjectKeyID;
    } id;
};

struct NSSCMSSignerInfoStr {
    SECItem			version;
    NSSCMSSignerIdentifier	signerIdentifier;
    SECAlgorithmID		digestAlg;
    NSSCMSAttribute **		authAttr;
    SECAlgorithmID		digestEncAlg;
    SECItem			encDigest;
    NSSCMSAttribute **		unAuthAttr;
    /* --------- local; not part of encoding --------- */
    NSSCMSMessage *		cmsg;			/* back pointer to message */
    CERTCertificate *		cert;
    CERTCertificateList *	certList;
    PRTime			signingTime;
    NSSCMSVerificationStatus	verificationStatus;