Delete bundled copy of NSS and replace with README.

nss/lib/smime/cmst.h

-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-/*
- * Header for CMS types.
- */
-
-#ifndef _CMST_H_
-#define _CMST_H_
-
-#include "seccomon.h"
-#include "secoidt.h"
-#include "certt.h"
-#include "secmodt.h"
-#include "secmodt.h"
-
-#include "plarena.h"
-
-/* Non-opaque objects.  NOTE, though: I want them to be treated as
- * opaque as much as possible.  If I could hide them completely,
- * I would.  (I tried, but ran into trouble that was taking me too
- * much time to get out of.)  I still intend to try to do so.
- * In fact, the only type that "outsiders" should even *name* is
- * NSSCMSMessage, and they should not reference its fields.
- */
-/* rjr: PKCS #11 cert handling (pk11cert.c) does use NSSCMSRecipientInfo's.
- * This is because when we search the recipient list for the cert and key we
- * want, we need to invert the order of the loops we used to have. The old
- * loops were:
- *
- *  For each recipient {
- *       find_cert = PK11_Find_AllCert(recipient->issuerSN);
- *       [which unrolls to... ]
- *       For each slot {
- *            Log into slot;
- *            search slot for cert;
- *      }
- *  }
- *
- *  the new loop searchs all the recipients at once on a slot. this allows
- *  PKCS #11 to order slots in such a way that logout slots don't get checked
- *  if we can find the cert on a logged in slot. This eliminates lots of
- *  spurious password prompts when smart cards are installed... so why this
- *  comment? If you make NSSCMSRecipientInfo completely opaque, you need
- *  to provide a non-opaque list of issuerSN's (the only field PKCS#11 needs
- *  and fix up pk11cert.c first. NOTE: Only S/MIME calls this special PKCS #11
- *  function.
- */
-
-typedef struct NSSCMSMessageStr NSSCMSMessage;
-
-typedef union NSSCMSContentUnion NSSCMSContent;
-typedef struct NSSCMSContentInfoStr NSSCMSContentInfo;
-
-typedef struct NSSCMSSignedDataStr NSSCMSSignedData;
-typedef struct NSSCMSSignerInfoStr NSSCMSSignerInfo;
-typedef struct NSSCMSSignerIdentifierStr NSSCMSSignerIdentifier;
-
-typedef struct NSSCMSEnvelopedDataStr NSSCMSEnvelopedData;
-typedef struct NSSCMSOriginatorInfoStr NSSCMSOriginatorInfo;
-typedef struct NSSCMSRecipientInfoStr NSSCMSRecipientInfo;
-
-typedef struct NSSCMSDigestedDataStr NSSCMSDigestedData;
-typedef struct NSSCMSEncryptedDataStr NSSCMSEncryptedData;
-
-typedef struct NSSCMSGenericWrapperDataStr NSSCMSGenericWrapperData;
-
-typedef struct NSSCMSAttributeStr NSSCMSAttribute;
-
-typedef struct NSSCMSDecoderContextStr NSSCMSDecoderContext;
-typedef struct NSSCMSEncoderContextStr NSSCMSEncoderContext;
-
-typedef struct NSSCMSCipherContextStr NSSCMSCipherContext;
-typedef struct NSSCMSDigestContextStr NSSCMSDigestContext;
-
-typedef struct NSSCMSContentInfoPrivateStr NSSCMSContentInfoPrivate;
-
-typedef SECStatus (*NSSCMSGenericWrapperDataCallback)
-                                                (NSSCMSGenericWrapperData *);
-typedef   void    (*NSSCMSGenericWrapperDataDestroy) 
-                                                (NSSCMSGenericWrapperData *);
-
-extern const SEC_ASN1Template NSSCMSGenericWrapperDataTemplate[];
-extern const SEC_ASN1Template NSS_PointerToCMSGenericWrapperDataTemplate[];
-
-SEC_ASN1_CHOOSER_DECLARE(NSS_PointerToCMSGenericWrapperDataTemplate)
-SEC_ASN1_CHOOSER_DECLARE(NSSCMSGenericWrapperDataTemplate)
-
-
-
-/*
- * Type of function passed to NSSCMSDecode or NSSCMSDecoderStart.
- * If specified, this is where the content bytes (only) will be "sent"
- * as they are recovered during the decoding.
- * And:
- * Type of function passed to NSSCMSEncode or NSSCMSEncoderStart.
- * This is where the DER-encoded bytes will be "sent".
- *
- * XXX Should just combine this with NSSCMSEncoderContentCallback type
- * and use a simpler, common name.
- */
-typedef void (*NSSCMSContentCallback)(void *arg, const char *buf, unsigned long len);
-
-/*
- * Type of function passed to NSSCMSDecode or NSSCMSDecoderStart
- * to retrieve the decryption key.  This function is intended to be
- * used for EncryptedData content info's which do not have a key available
- * in a certificate, etc.
- */
-typedef PK11SymKey *(*NSSCMSGetDecryptKeyCallback)(void *arg, SECAlgorithmID *algid);
-
-
-/* =============================================================================
- * ENCAPSULATED CONTENTINFO & CONTENTINFO
- */
-
-union NSSCMSContentUnion {
-    /* either unstructured */
-    SECItem *                   data;
-    /* or structured data */
-    NSSCMSDigestedData *        digestedData;
-    NSSCMSEncryptedData *       encryptedData;
-    NSSCMSEnvelopedData *       envelopedData;
-    NSSCMSSignedData *          signedData;
-    NSSCMSGenericWrapperData *  genericData;
-    /* or anonymous pointer to something */
-    void *                      pointer;
-};
-
-struct NSSCMSContentInfoStr {
-    SECItem                     contentType;
-    NSSCMSContent               content;
-    /* --------- local; not part of encoding --------- */
-    SECOidData *                contentTypeTag; 
-
-    /* additional info for encryptedData and envelopedData */
-    /* we waste this space for signedData and digestedData. sue me. */
-
-    SECAlgorithmID              contentEncAlg;
-    SECItem *                   rawContent;             /* encrypted DER, optional */
-                                                        /* XXXX bytes not encrypted, but encoded? */
-    /* --------- local; not part of encoding --------- */
-    PK11SymKey *                bulkkey;                /* bulk encryption key */
-    int                         keysize;                /* size of bulk encryption key
-                                                         * (only used by creation code) */
-    SECOidTag                   contentEncAlgTag;       /* oid tag of encryption algorithm
-                                                         * (only used by creation code) */
-    NSSCMSContentInfoPrivate    *privateInfo;           /* place for NSS private info */
-    void                *reserved;                      /* keep binary compatibility */
-};
-
-/* =============================================================================
- * MESSAGE
- */
-
-struct NSSCMSMessageStr {
-    NSSCMSContentInfo   contentInfo;            /* "outer" cinfo */
-    /* --------- local; not part of encoding --------- */
-    PLArenaPool *       poolp;
-    PRBool              poolp_is_ours;
-    int                 refCount;
-    /* properties of the "inner" data */
-    SECAlgorithmID **   detached_digestalgs;
-    SECItem **          detached_digests;
-    void *              pwfn_arg;
-    NSSCMSGetDecryptKeyCallback decrypt_key_cb;
-    void *              decrypt_key_cb_arg;
-};
-
-/* ============================================================================
- * GENERIC WRAPPER
- * 
- * used for user defined types.
- */
-struct NSSCMSGenericWrapperDataStr {
-    NSSCMSContentInfo   contentInfo;
-    /* ---- local; not part of encoding ------ */
-    NSSCMSMessage *     cmsg;
-    /* wrapperspecific data starts here */
-};
-
-/* =============================================================================
- * SIGNEDDATA
- */
-
-struct NSSCMSSignedDataStr {
-    SECItem                     version;
-    SECAlgorithmID **           digestAlgorithms;
-    NSSCMSContentInfo           contentInfo;
-    SECItem **                  rawCerts;
-    CERTSignedCrl **            crls;
-    NSSCMSSignerInfo **         signerInfos;
-    /* --------- local; not part of encoding --------- */
-    NSSCMSMessage *             cmsg;                   /* back pointer to message */
-    SECItem **                  digests;
-    CERTCertificate **          certs;
-    CERTCertificateList **      certLists;
-    CERTCertificate **          tempCerts;              /* temporary certs, needed
-                                                         * for example for signature
-                                                         * verification */
-};
-#define NSS_CMS_SIGNED_DATA_VERSION_BASIC       1       /* what we *create* */
-#define NSS_CMS_SIGNED_DATA_VERSION_EXT         3       /* what we *create* */
-
-typedef enum {
-    NSSCMSVS_Unverified = 0,
-    NSSCMSVS_GoodSignature = 1,
-    NSSCMSVS_BadSignature = 2,
-    NSSCMSVS_DigestMismatch = 3,
-    NSSCMSVS_SigningCertNotFound = 4,
-    NSSCMSVS_SigningCertNotTrusted = 5,
-    NSSCMSVS_SignatureAlgorithmUnknown = 6,
-    NSSCMSVS_SignatureAlgorithmUnsupported = 7,
-    NSSCMSVS_MalformedSignature = 8,
-    NSSCMSVS_ProcessingError = 9
-} NSSCMSVerificationStatus;
-
-typedef enum {
-    NSSCMSSignerID_IssuerSN = 0,
-    NSSCMSSignerID_SubjectKeyID = 1
-} NSSCMSSignerIDSelector;
-
-struct NSSCMSSignerIdentifierStr {
-    NSSCMSSignerIDSelector identifierType;
-    union {
-        CERTIssuerAndSN *issuerAndSN;
-        SECItem *subjectKeyID;
-    } id;
-};
-
-struct NSSCMSSignerInfoStr {
-    SECItem                     version;
-    NSSCMSSignerIdentifier      signerIdentifier;
-    SECAlgorithmID              digestAlg;
-    NSSCMSAttribute **          authAttr;
-    SECAlgorithmID              digestEncAlg;
-    SECItem                     encDigest;
-    NSSCMSAttribute **          unAuthAttr;
-    /* --------- local; not part of encoding --------- */
-    NSSCMSMessage *             cmsg;                   /* back pointer to message */
-    CERTCertificate *           cert;
-    CERTCertificateList *       certList;
-    PRTime                      signingTime;
-    NSSCMSVerificationStatus    verificationStatus;
-    SECKEYPrivateKey *          signingKey; /* Used if we're using subjKeyID*/
-    SECKEYPublicKey *           pubKey;
-};
-#define NSS_CMS_SIGNER_INFO_VERSION_ISSUERSN    1       /* what we *create* */
-#define NSS_CMS_SIGNER_INFO_VERSION_SUBJKEY     3       /* what we *create* */
-
-typedef enum {
-    NSSCMSCM_None = 0,
-    NSSCMSCM_CertOnly = 1,
-    NSSCMSCM_CertChain = 2,
-    NSSCMSCM_CertChainWithRoot = 3
-} NSSCMSCertChainMode;
-
-/* =============================================================================
- * ENVELOPED DATA
- */
-struct NSSCMSEnvelopedDataStr {
-    SECItem                     version;
-    NSSCMSOriginatorInfo *      originatorInfo;         /* optional */
-    NSSCMSRecipientInfo **      recipientInfos;
-    NSSCMSContentInfo           contentInfo;
-    NSSCMSAttribute **          unprotectedAttr;
-    /* --------- local; not part of encoding --------- */
-    NSSCMSMessage *             cmsg;                   /* back pointer to message */
-};
-#define NSS_CMS_ENVELOPED_DATA_VERSION_REG      0       /* what we *create* */
-#define NSS_CMS_ENVELOPED_DATA_VERSION_ADV      2       /* what we *create* */
-
-struct NSSCMSOriginatorInfoStr {
-    SECItem **                  rawCerts;
-    CERTSignedCrl **            crls;
-    /* --------- local; not part of encoding --------- */
-    CERTCertificate **          certs;
-};
-
-/* -----------------------------------------------------------------------------
- * key transport recipient info
- */
-typedef enum {
-    NSSCMSRecipientID_IssuerSN = 0,
-    NSSCMSRecipientID_SubjectKeyID = 1,
-    NSSCMSRecipientID_BrandNew = 2
-} NSSCMSRecipientIDSelector;
-
-struct NSSCMSRecipientIdentifierStr {
-    NSSCMSRecipientIDSelector   identifierType;
-    union {
-        CERTIssuerAndSN         *issuerAndSN;
-        SECItem                 *subjectKeyID;
-    } id;
-};
-typedef struct NSSCMSRecipientIdentifierStr NSSCMSRecipientIdentifier;
-
-struct NSSCMSKeyTransRecipientInfoStr {
-    SECItem                     version;
-    NSSCMSRecipientIdentifier   recipientIdentifier;
-    SECAlgorithmID              keyEncAlg;
-    SECItem                     encKey;
-};
-typedef struct NSSCMSKeyTransRecipientInfoStr NSSCMSKeyTransRecipientInfo;
-
-/*
- * View comments before NSSCMSRecipientInfoStr for purpose of this
- * structure.
- */
-struct NSSCMSKeyTransRecipientInfoExStr {
-    NSSCMSKeyTransRecipientInfo recipientInfo;
-    int version;  /* version of this structure (0) */
-    SECKEYPublicKey *pubKey;
-};
-
-typedef struct NSSCMSKeyTransRecipientInfoExStr NSSCMSKeyTransRecipientInfoEx;
-
-#define NSS_CMS_KEYTRANS_RECIPIENT_INFO_VERSION_ISSUERSN        0       /* what we *create* */
-#define NSS_CMS_KEYTRANS_RECIPIENT_INFO_VERSION_SUBJKEY         2       /* what we *create* */
-
-/* -----------------------------------------------------------------------------
- * key agreement recipient info
- */
-struct NSSCMSOriginatorPublicKeyStr {
-    SECAlgorithmID                      algorithmIdentifier;
-    SECItem                             publicKey;                      /* bit string! */
-};
-typedef struct NSSCMSOriginatorPublicKeyStr NSSCMSOriginatorPublicKey;
-
-typedef enum {
-    NSSCMSOriginatorIDOrKey_IssuerSN = 0,
-    NSSCMSOriginatorIDOrKey_SubjectKeyID = 1,
-    NSSCMSOriginatorIDOrKey_OriginatorPublicKey = 2
-} NSSCMSOriginatorIDOrKeySelector;
-
-struct NSSCMSOriginatorIdentifierOrKeyStr {
-    NSSCMSOriginatorIDOrKeySelector identifierType;
-    union {
-        CERTIssuerAndSN                 *issuerAndSN;           /* static-static */
-        SECItem                         *subjectKeyID;          /* static-static */
-        NSSCMSOriginatorPublicKey       originatorPublicKey;    /* ephemeral-static */
-    } id;
-};
-typedef struct NSSCMSOriginatorIdentifierOrKeyStr NSSCMSOriginatorIdentifierOrKey;
-
-struct NSSCMSRecipientKeyIdentifierStr {
-    SECItem *                           subjectKeyIdentifier;
-    SECItem *                           date;                   /* optional */
-    SECItem *                           other;                  /* optional */
-};
-typedef struct NSSCMSRecipientKeyIdentifierStr NSSCMSRecipientKeyIdentifier;
-
-typedef enum {
-    NSSCMSKeyAgreeRecipientID_IssuerSN = 0,
-    NSSCMSKeyAgreeRecipientID_RKeyID = 1
-} NSSCMSKeyAgreeRecipientIDSelector;
-
-struct NSSCMSKeyAgreeRecipientIdentifierStr {
-    NSSCMSKeyAgreeRecipientIDSelector   identifierType;
-    union {
-        CERTIssuerAndSN                 *issuerAndSN;
-        NSSCMSRecipientKeyIdentifier    recipientKeyIdentifier;
-    } id;
-};
-typedef struct NSSCMSKeyAgreeRecipientIdentifierStr NSSCMSKeyAgreeRecipientIdentifier;
-
-struct NSSCMSRecipientEncryptedKeyStr {
-    NSSCMSKeyAgreeRecipientIdentifier   recipientIdentifier;
-    SECItem                             encKey;
-};
-typedef struct NSSCMSRecipientEncryptedKeyStr NSSCMSRecipientEncryptedKey;
-
-struct NSSCMSKeyAgreeRecipientInfoStr {
-    SECItem                             version;
-    NSSCMSOriginatorIdentifierOrKey     originatorIdentifierOrKey;
-    SECItem *                           ukm;                            /* optional */
-    SECAlgorithmID                      keyEncAlg;
-    NSSCMSRecipientEncryptedKey **      recipientEncryptedKeys;
-};
-typedef struct NSSCMSKeyAgreeRecipientInfoStr NSSCMSKeyAgreeRecipientInfo;
-
-#define NSS_CMS_KEYAGREE_RECIPIENT_INFO_VERSION 3       /* what we *create* */
-
-/* -----------------------------------------------------------------------------
- * KEK recipient info
- */
-struct NSSCMSKEKIdentifierStr {
-    SECItem                     keyIdentifier;
-    SECItem *                   date;                   /* optional */
-    SECItem *                   other;                  /* optional */
-};
-typedef struct NSSCMSKEKIdentifierStr NSSCMSKEKIdentifier;
-
-struct NSSCMSKEKRecipientInfoStr {
-    SECItem                     version;
-    NSSCMSKEKIdentifier         kekIdentifier;
-    SECAlgorithmID              keyEncAlg;
-    SECItem                     encKey;
-};
-typedef struct NSSCMSKEKRecipientInfoStr NSSCMSKEKRecipientInfo;
-
-#define NSS_CMS_KEK_RECIPIENT_INFO_VERSION      4       /* what we *create* */
-
-/* -----------------------------------------------------------------------------
- * recipient info
- */
-
-typedef enum {
-    NSSCMSRecipientInfoID_KeyTrans = 0,
-    NSSCMSRecipientInfoID_KeyAgree = 1,
-    NSSCMSRecipientInfoID_KEK = 2
-} NSSCMSRecipientInfoIDSelector;
-
-/*
- * In order to preserve backwards binary compatibility when implementing
- * creation of Recipient Info's that uses subjectKeyID in the 
- * keyTransRecipientInfo we need to stash a public key pointer in this
- * structure somewhere.  We figured out that NSSCMSKeyTransRecipientInfo
- * is the smallest member of the ri union.  We're in luck since that's
- * the very structure that would need to use the public key. So we created
- * a new structure NSSCMSKeyTransRecipientInfoEx which has a member 
- * NSSCMSKeyTransRecipientInfo as the first member followed by a version
- * and a public key pointer.  This way we can keep backwards compatibility
- * without changing the size of this structure.
- *
- * BTW, size of structure:
- * NSSCMSKeyTransRecipientInfo:  9 ints, 4 pointers
- * NSSCMSKeyAgreeRecipientInfo: 12 ints, 8 pointers
- * NSSCMSKEKRecipientInfo:      10 ints, 7 pointers
- *
- * The new structure:
- * NSSCMSKeyTransRecipientInfoEx: sizeof(NSSCMSKeyTransRecipientInfo) +
- *                                1 int, 1 pointer
- */
-
-struct NSSCMSRecipientInfoStr {
-    NSSCMSRecipientInfoIDSelector recipientInfoType;
-    union {
-        NSSCMSKeyTransRecipientInfo keyTransRecipientInfo;
-        NSSCMSKeyAgreeRecipientInfo keyAgreeRecipientInfo;
-        NSSCMSKEKRecipientInfo kekRecipientInfo;
-        NSSCMSKeyTransRecipientInfoEx keyTransRecipientInfoEx;
-    } ri;
-    /* --------- local; not part of encoding --------- */
-    NSSCMSMessage *             cmsg;                   /* back pointer to message */
-    CERTCertificate *           cert;                   /* recipient's certificate */
-};
-
-/* =============================================================================
- * DIGESTED DATA
- */
-struct NSSCMSDigestedDataStr {
-    SECItem                     version;
-    SECAlgorithmID              digestAlg;
-    NSSCMSContentInfo           contentInfo;
-    SECItem                     digest;
-    /* --------- local; not part of encoding --------- */
-    NSSCMSMessage *             cmsg;           /* back pointer */
-    SECItem                     cdigest;        /* calculated digest */
-};
-#define NSS_CMS_DIGESTED_DATA_VERSION_DATA      0       /* what we *create* */
-#define NSS_CMS_DIGESTED_DATA_VERSION_ENCAP     2       /* what we *create* */
-
-/* =============================================================================
- * ENCRYPTED DATA
- */
-struct NSSCMSEncryptedDataStr {
-    SECItem                     version;
-    NSSCMSContentInfo           contentInfo;
-    NSSCMSAttribute **          unprotectedAttr;        /* optional */
-    /* --------- local; not part of encoding --------- */
-    NSSCMSMessage *             cmsg;           /* back pointer */
-};
-#define NSS_CMS_ENCRYPTED_DATA_VERSION          0       /* what we *create* */
-#define NSS_CMS_ENCRYPTED_DATA_VERSION_UPATTR   2       /* what we *create* */
-
-/*
- * *****************************************************************************
- * *****************************************************************************
- * *****************************************************************************
- */
-
-/*
- * See comment above about this type not really belonging to CMS.
- */
-struct NSSCMSAttributeStr {
-    /* The following fields make up an encoded Attribute: */
-    SECItem                     type;
-    SECItem **                  values; /* data may or may not be encoded */
-    /* The following fields are not part of an encoded Attribute: */
-    SECOidData *                typeTag;
-    PRBool                      encoded;        /* when true, values are encoded */
-};
-
-#endif /* _CMST_H_ */