1 /* crypto/cms/cms_lcl.h */ 2 /* 3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 4 * project. 5 */ 6 /* ==================================================================== 7 * Copyright (c) 2008 The OpenSSL Project. All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in 18 * the documentation and/or other materials provided with the 19 * distribution. 20 * 21 * 3. All advertising materials mentioning features or use of this 22 * software must display the following acknowledgment: 23 * "This product includes software developed by the OpenSSL Project 24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 25 * 26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 27 * endorse or promote products derived from this software without 28 * prior written permission. For written permission, please contact 29 * licensing@OpenSSL.org. 30 * 31 * 5. Products derived from this software may not be called "OpenSSL" 32 * nor may "OpenSSL" appear in their names without prior written 33 * permission of the OpenSSL Project. 34 * 35 * 6. Redistributions of any form whatsoever must retain the following 36 * acknowledgment: 37 * "This product includes software developed by the OpenSSL Project 38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 39 * 40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 51 * OF THE POSSIBILITY OF SUCH DAMAGE. 52 * ==================================================================== 53 */ 54 55 #ifndef HEADER_CMS_LCL_H 56 # define HEADER_CMS_LCL_H 57 58 #ifdef __cplusplus 59 extern "C" { 60 #endif 61 62 # include <openssl/x509.h> 63 64 /* 65 * Cryptographic message syntax (CMS) structures: taken from RFC3852 66 */ 67 68 /* Forward references */ 69 70 typedef struct CMS_IssuerAndSerialNumber_st CMS_IssuerAndSerialNumber; 71 typedef struct CMS_EncapsulatedContentInfo_st CMS_EncapsulatedContentInfo; 72 typedef struct CMS_SignerIdentifier_st CMS_SignerIdentifier; 73 typedef struct CMS_SignedData_st CMS_SignedData; 74 typedef struct CMS_OtherRevocationInfoFormat_st CMS_OtherRevocationInfoFormat; 75 typedef struct CMS_OriginatorInfo_st CMS_OriginatorInfo; 76 typedef struct CMS_EncryptedContentInfo_st CMS_EncryptedContentInfo; 77 typedef struct CMS_EnvelopedData_st CMS_EnvelopedData; 78 typedef struct CMS_DigestedData_st CMS_DigestedData; 79 typedef struct CMS_EncryptedData_st CMS_EncryptedData; 80 typedef struct CMS_AuthenticatedData_st CMS_AuthenticatedData; 81 typedef struct CMS_CompressedData_st CMS_CompressedData; 82 typedef struct CMS_OtherCertificateFormat_st CMS_OtherCertificateFormat; 83 typedef struct CMS_KeyTransRecipientInfo_st CMS_KeyTransRecipientInfo; 84 typedef struct CMS_OriginatorPublicKey_st CMS_OriginatorPublicKey; 85 typedef struct CMS_OriginatorIdentifierOrKey_st CMS_OriginatorIdentifierOrKey; 86 typedef struct CMS_KeyAgreeRecipientInfo_st CMS_KeyAgreeRecipientInfo; 87 typedef struct CMS_OtherKeyAttribute_st CMS_OtherKeyAttribute; 88 typedef struct CMS_RecipientKeyIdentifier_st CMS_RecipientKeyIdentifier; 89 typedef struct CMS_KeyAgreeRecipientIdentifier_st 90 CMS_KeyAgreeRecipientIdentifier; 91 typedef struct CMS_RecipientEncryptedKey_st CMS_RecipientEncryptedKey; 92 typedef struct CMS_KEKIdentifier_st CMS_KEKIdentifier; 93 typedef struct CMS_KEKRecipientInfo_st CMS_KEKRecipientInfo; 94 typedef struct CMS_PasswordRecipientInfo_st CMS_PasswordRecipientInfo; 95 typedef struct CMS_OtherRecipientInfo_st CMS_OtherRecipientInfo; 96 typedef struct CMS_ReceiptsFrom_st CMS_ReceiptsFrom; 97 98 struct CMS_ContentInfo_st { 99 ASN1_OBJECT *contentType; 100 union { 101 ASN1_OCTET_STRING *data; 102 CMS_SignedData *signedData; 103 CMS_EnvelopedData *envelopedData; 104 CMS_DigestedData *digestedData; 105 CMS_EncryptedData *encryptedData; 106 CMS_AuthenticatedData *authenticatedData; 107 CMS_CompressedData *compressedData; 108 ASN1_TYPE *other; 109 /* Other types ... */ 110 void *otherData; 111 } d; 112 }; 113 114 struct CMS_SignedData_st { 115 long version; 116 STACK_OF(X509_ALGOR) *digestAlgorithms; 117 CMS_EncapsulatedContentInfo *encapContentInfo; 118 STACK_OF(CMS_CertificateChoices) *certificates; 119 STACK_OF(CMS_RevocationInfoChoice) *crls; 120 STACK_OF(CMS_SignerInfo) *signerInfos; 121 }; 122 123 struct CMS_EncapsulatedContentInfo_st { 124 ASN1_OBJECT *eContentType; 125 ASN1_OCTET_STRING *eContent; 126 /* Set to 1 if incomplete structure only part set up */ 127 int partial; 128 }; 129 130 struct CMS_SignerInfo_st { 131 long version; 132 CMS_SignerIdentifier *sid; 133 X509_ALGOR *digestAlgorithm; 134 STACK_OF(X509_ATTRIBUTE) *signedAttrs; 135 X509_ALGOR *signatureAlgorithm; 136 ASN1_OCTET_STRING *signature; 137 STACK_OF(X509_ATTRIBUTE) *unsignedAttrs; 138 /* Signing certificate and key */ 139 X509 *signer; 140 EVP_PKEY *pkey; 141 }; 142 143 struct CMS_SignerIdentifier_st { 144 int type; 145 union { 146 CMS_IssuerAndSerialNumber *issuerAndSerialNumber; 147 ASN1_OCTET_STRING *subjectKeyIdentifier; 148 } d; 149 }; 150 151 struct CMS_EnvelopedData_st { 152 long version; 153 CMS_OriginatorInfo *originatorInfo; 154 STACK_OF(CMS_RecipientInfo) *recipientInfos; 155 CMS_EncryptedContentInfo *encryptedContentInfo; 156 STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs; 157 }; 158 159 struct CMS_OriginatorInfo_st { 160 STACK_OF(CMS_CertificateChoices) *certificates; 161 STACK_OF(CMS_RevocationInfoChoice) *crls; 162 }; 163 164 struct CMS_EncryptedContentInfo_st { 165 ASN1_OBJECT *contentType; 166 X509_ALGOR *contentEncryptionAlgorithm; 167 ASN1_OCTET_STRING *encryptedContent; 168 /* Content encryption algorithm and key */ 169 const EVP_CIPHER *cipher; 170 unsigned char *key; 171 size_t keylen; 172 /* Set to 1 if we are debugging decrypt and don't fake keys for MMA */ 173 int debug; 174 }; 175 176 struct CMS_RecipientInfo_st { 177 int type; 178 union { 179 CMS_KeyTransRecipientInfo *ktri; 180 CMS_KeyAgreeRecipientInfo *kari; 181 CMS_KEKRecipientInfo *kekri; 182 CMS_PasswordRecipientInfo *pwri; 183 CMS_OtherRecipientInfo *ori; 184 } d; 185 }; 186 187 typedef CMS_SignerIdentifier CMS_RecipientIdentifier; 188 189 struct CMS_KeyTransRecipientInfo_st { 190 long version; 191 CMS_RecipientIdentifier *rid; 192 X509_ALGOR *keyEncryptionAlgorithm; 193 ASN1_OCTET_STRING *encryptedKey; 194 /* Recipient Key and cert */ 195 X509 *recip; 196 EVP_PKEY *pkey; 197 }; 198 199 struct CMS_KeyAgreeRecipientInfo_st { 200 long version; 201 CMS_OriginatorIdentifierOrKey *originator; 202 ASN1_OCTET_STRING *ukm; 203 X509_ALGOR *keyEncryptionAlgorithm; 204 STACK_OF(CMS_RecipientEncryptedKey) *recipientEncryptedKeys; 205 }; 206 207 struct CMS_OriginatorIdentifierOrKey_st { 208 int type; 209 union { 210 CMS_IssuerAndSerialNumber *issuerAndSerialNumber; 211 ASN1_OCTET_STRING *subjectKeyIdentifier; 212 CMS_OriginatorPublicKey *originatorKey; 213 } d; 214 }; 215 216 struct CMS_OriginatorPublicKey_st { 217 X509_ALGOR *algorithm; 218 ASN1_BIT_STRING *publicKey; 219 }; 220 221 struct CMS_RecipientEncryptedKey_st { 222 CMS_KeyAgreeRecipientIdentifier *rid; 223 ASN1_OCTET_STRING *encryptedKey; 224 }; 225 226 struct CMS_KeyAgreeRecipientIdentifier_st { 227 int type; 228 union { 229 CMS_IssuerAndSerialNumber *issuerAndSerialNumber; 230 CMS_RecipientKeyIdentifier *rKeyId; 231 } d; 232 }; 233 234 struct CMS_RecipientKeyIdentifier_st { 235 ASN1_OCTET_STRING *subjectKeyIdentifier; 236 ASN1_GENERALIZEDTIME *date; 237 CMS_OtherKeyAttribute *other; 238 }; 239 240 struct CMS_KEKRecipientInfo_st { 241 long version; 242 CMS_KEKIdentifier *kekid; 243 X509_ALGOR *keyEncryptionAlgorithm; 244 ASN1_OCTET_STRING *encryptedKey; 245 /* Extra info: symmetric key to use */ 246 unsigned char *key; 247 size_t keylen; 248 }; 249 250 struct CMS_KEKIdentifier_st { 251 ASN1_OCTET_STRING *keyIdentifier; 252 ASN1_GENERALIZEDTIME *date; 253 CMS_OtherKeyAttribute *other; 254 }; 255 256 struct CMS_PasswordRecipientInfo_st { 257 long version; 258 X509_ALGOR *keyDerivationAlgorithm; 259 X509_ALGOR *keyEncryptionAlgorithm; 260 ASN1_OCTET_STRING *encryptedKey; 261 /* Extra info: password to use */ 262 unsigned char *pass; 263 size_t passlen; 264 }; 265 266 struct CMS_OtherRecipientInfo_st { 267 ASN1_OBJECT *oriType; 268 ASN1_TYPE *oriValue; 269 }; 270 271 struct CMS_DigestedData_st { 272 long version; 273 X509_ALGOR *digestAlgorithm; 274 CMS_EncapsulatedContentInfo *encapContentInfo; 275 ASN1_OCTET_STRING *digest; 276 }; 277 278 struct CMS_EncryptedData_st { 279 long version; 280 CMS_EncryptedContentInfo *encryptedContentInfo; 281 STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs; 282 }; 283 284 struct CMS_AuthenticatedData_st { 285 long version; 286 CMS_OriginatorInfo *originatorInfo; 287 STACK_OF(CMS_RecipientInfo) *recipientInfos; 288 X509_ALGOR *macAlgorithm; 289 X509_ALGOR *digestAlgorithm; 290 CMS_EncapsulatedContentInfo *encapContentInfo; 291 STACK_OF(X509_ATTRIBUTE) *authAttrs; 292 ASN1_OCTET_STRING *mac; 293 STACK_OF(X509_ATTRIBUTE) *unauthAttrs; 294 }; 295 296 struct CMS_CompressedData_st { 297 long version; 298 X509_ALGOR *compressionAlgorithm; 299 STACK_OF(CMS_RecipientInfo) *recipientInfos; 300 CMS_EncapsulatedContentInfo *encapContentInfo; 301 }; 302 303 struct CMS_RevocationInfoChoice_st { 304 int type; 305 union { 306 X509_CRL *crl; 307 CMS_OtherRevocationInfoFormat *other; 308 } d; 309 }; 310 311 # define CMS_REVCHOICE_CRL 0 312 # define CMS_REVCHOICE_OTHER 1 313 314 struct CMS_OtherRevocationInfoFormat_st { 315 ASN1_OBJECT *otherRevInfoFormat; 316 ASN1_TYPE *otherRevInfo; 317 }; 318 319 struct CMS_CertificateChoices { 320 int type; 321 union { 322 X509 *certificate; 323 ASN1_STRING *extendedCertificate; /* Obsolete */ 324 ASN1_STRING *v1AttrCert; /* Left encoded for now */ 325 ASN1_STRING *v2AttrCert; /* Left encoded for now */ 326 CMS_OtherCertificateFormat *other; 327 } d; 328 }; 329 330 # define CMS_CERTCHOICE_CERT 0 331 # define CMS_CERTCHOICE_EXCERT 1 332 # define CMS_CERTCHOICE_V1ACERT 2 333 # define CMS_CERTCHOICE_V2ACERT 3 334 # define CMS_CERTCHOICE_OTHER 4 335 336 struct CMS_OtherCertificateFormat_st { 337 ASN1_OBJECT *otherCertFormat; 338 ASN1_TYPE *otherCert; 339 }; 340 341 /* 342 * This is also defined in pkcs7.h but we duplicate it to allow the CMS code 343 * to be independent of PKCS#7 344 */ 345 346 struct CMS_IssuerAndSerialNumber_st { 347 X509_NAME *issuer; 348 ASN1_INTEGER *serialNumber; 349 }; 350 351 struct CMS_OtherKeyAttribute_st { 352 ASN1_OBJECT *keyAttrId; 353 ASN1_TYPE *keyAttr; 354 }; 355 356 /* ESS structures */ 357 358 # ifdef HEADER_X509V3_H 359 360 struct CMS_ReceiptRequest_st { 361 ASN1_OCTET_STRING *signedContentIdentifier; 362 CMS_ReceiptsFrom *receiptsFrom; 363 STACK_OF(GENERAL_NAMES) *receiptsTo; 364 }; 365 366 struct CMS_ReceiptsFrom_st { 367 int type; 368 union { 369 long allOrFirstTier; 370 STACK_OF(GENERAL_NAMES) *receiptList; 371 } d; 372 }; 373 # endif 374 375 struct CMS_Receipt_st { 376 long version; 377 ASN1_OBJECT *contentType; 378 ASN1_OCTET_STRING *signedContentIdentifier; 379 ASN1_OCTET_STRING *originatorSignatureValue; 380 }; 381 382 DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo) 383 DECLARE_ASN1_ITEM(CMS_SignerInfo) 384 DECLARE_ASN1_ITEM(CMS_IssuerAndSerialNumber) 385 DECLARE_ASN1_ITEM(CMS_Attributes_Sign) 386 DECLARE_ASN1_ITEM(CMS_Attributes_Verify) 387 DECLARE_ASN1_ITEM(CMS_RecipientInfo) 388 DECLARE_ASN1_ITEM(CMS_PasswordRecipientInfo) 389 DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_IssuerAndSerialNumber) 390 391 # define CMS_SIGNERINFO_ISSUER_SERIAL 0 392 # define CMS_SIGNERINFO_KEYIDENTIFIER 1 393 394 # define CMS_RECIPINFO_ISSUER_SERIAL 0 395 # define CMS_RECIPINFO_KEYIDENTIFIER 1 396 397 BIO *cms_content_bio(CMS_ContentInfo *cms); 398 399 CMS_ContentInfo *cms_Data_create(void); 400 401 CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md); 402 BIO *cms_DigestedData_init_bio(CMS_ContentInfo *cms); 403 int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify); 404 405 BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms); 406 int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain); 407 int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, 408 int type); 409 int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid, 410 ASN1_OCTET_STRING **keyid, 411 X509_NAME **issuer, 412 ASN1_INTEGER **sno); 413 int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert); 414 415 CMS_ContentInfo *cms_CompressedData_create(int comp_nid); 416 BIO *cms_CompressedData_init_bio(CMS_ContentInfo *cms); 417 418 void cms_DigestAlgorithm_set(X509_ALGOR *alg, const EVP_MD *md); 419 BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm); 420 int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain, 421 X509_ALGOR *mdalg); 422 423 BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec); 424 BIO *cms_EncryptedData_init_bio(CMS_ContentInfo *cms); 425 int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec, 426 const EVP_CIPHER *cipher, 427 const unsigned char *key, size_t keylen); 428 429 int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms); 430 int cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src); 431 ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si); 432 433 BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms); 434 CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms); 435 436 /* PWRI routines */ 437 int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri, 438 int en_de); 439 440 #ifdef __cplusplus 441 } 442 #endif 443 #endif 444