1 /* 2 * Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the OpenSSL license (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #ifndef OSSL_CRYPTO_CMS_LOCAL_H 11 # define OSSL_CRYPTO_CMS_LOCAL_H 12 13 # include <openssl/x509.h> 14 15 /* 16 * Cryptographic message syntax (CMS) structures: taken from RFC3852 17 */ 18 19 /* Forward references */ 20 21 typedef struct CMS_IssuerAndSerialNumber_st CMS_IssuerAndSerialNumber; 22 typedef struct CMS_EncapsulatedContentInfo_st CMS_EncapsulatedContentInfo; 23 typedef struct CMS_SignerIdentifier_st CMS_SignerIdentifier; 24 typedef struct CMS_SignedData_st CMS_SignedData; 25 typedef struct CMS_OtherRevocationInfoFormat_st CMS_OtherRevocationInfoFormat; 26 typedef struct CMS_OriginatorInfo_st CMS_OriginatorInfo; 27 typedef struct CMS_EncryptedContentInfo_st CMS_EncryptedContentInfo; 28 typedef struct CMS_EnvelopedData_st CMS_EnvelopedData; 29 typedef struct CMS_DigestedData_st CMS_DigestedData; 30 typedef struct CMS_EncryptedData_st CMS_EncryptedData; 31 typedef struct CMS_AuthenticatedData_st CMS_AuthenticatedData; 32 typedef struct CMS_CompressedData_st CMS_CompressedData; 33 typedef struct CMS_OtherCertificateFormat_st CMS_OtherCertificateFormat; 34 typedef struct CMS_KeyTransRecipientInfo_st CMS_KeyTransRecipientInfo; 35 typedef struct CMS_OriginatorPublicKey_st CMS_OriginatorPublicKey; 36 typedef struct CMS_OriginatorIdentifierOrKey_st CMS_OriginatorIdentifierOrKey; 37 typedef struct CMS_KeyAgreeRecipientInfo_st CMS_KeyAgreeRecipientInfo; 38 typedef struct CMS_RecipientKeyIdentifier_st CMS_RecipientKeyIdentifier; 39 typedef struct CMS_KeyAgreeRecipientIdentifier_st 40 CMS_KeyAgreeRecipientIdentifier; 41 typedef struct CMS_KEKIdentifier_st CMS_KEKIdentifier; 42 typedef struct CMS_KEKRecipientInfo_st CMS_KEKRecipientInfo; 43 typedef struct CMS_PasswordRecipientInfo_st CMS_PasswordRecipientInfo; 44 typedef struct CMS_OtherRecipientInfo_st CMS_OtherRecipientInfo; 45 typedef struct CMS_ReceiptsFrom_st CMS_ReceiptsFrom; 46 47 struct CMS_ContentInfo_st { 48 ASN1_OBJECT *contentType; 49 union { 50 ASN1_OCTET_STRING *data; 51 CMS_SignedData *signedData; 52 CMS_EnvelopedData *envelopedData; 53 CMS_DigestedData *digestedData; 54 CMS_EncryptedData *encryptedData; 55 CMS_AuthenticatedData *authenticatedData; 56 CMS_CompressedData *compressedData; 57 ASN1_TYPE *other; 58 /* Other types ... */ 59 void *otherData; 60 } d; 61 }; 62 63 DEFINE_STACK_OF(CMS_CertificateChoices) 64 65 struct CMS_SignedData_st { 66 int32_t version; 67 STACK_OF(X509_ALGOR) *digestAlgorithms; 68 CMS_EncapsulatedContentInfo *encapContentInfo; 69 STACK_OF(CMS_CertificateChoices) *certificates; 70 STACK_OF(CMS_RevocationInfoChoice) *crls; 71 STACK_OF(CMS_SignerInfo) *signerInfos; 72 }; 73 74 struct CMS_EncapsulatedContentInfo_st { 75 ASN1_OBJECT *eContentType; 76 ASN1_OCTET_STRING *eContent; 77 /* Set to 1 if incomplete structure only part set up */ 78 int partial; 79 }; 80 81 struct CMS_SignerInfo_st { 82 int32_t version; 83 CMS_SignerIdentifier *sid; 84 X509_ALGOR *digestAlgorithm; 85 STACK_OF(X509_ATTRIBUTE) *signedAttrs; 86 X509_ALGOR *signatureAlgorithm; 87 ASN1_OCTET_STRING *signature; 88 STACK_OF(X509_ATTRIBUTE) *unsignedAttrs; 89 /* Signing certificate and key */ 90 X509 *signer; 91 EVP_PKEY *pkey; 92 /* Digest and public key context for alternative parameters */ 93 EVP_MD_CTX *mctx; 94 EVP_PKEY_CTX *pctx; 95 }; 96 97 struct CMS_SignerIdentifier_st { 98 int type; 99 union { 100 CMS_IssuerAndSerialNumber *issuerAndSerialNumber; 101 ASN1_OCTET_STRING *subjectKeyIdentifier; 102 } d; 103 }; 104 105 struct CMS_EnvelopedData_st { 106 int32_t version; 107 CMS_OriginatorInfo *originatorInfo; 108 STACK_OF(CMS_RecipientInfo) *recipientInfos; 109 CMS_EncryptedContentInfo *encryptedContentInfo; 110 STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs; 111 }; 112 113 struct CMS_OriginatorInfo_st { 114 STACK_OF(CMS_CertificateChoices) *certificates; 115 STACK_OF(CMS_RevocationInfoChoice) *crls; 116 }; 117 118 struct CMS_EncryptedContentInfo_st { 119 ASN1_OBJECT *contentType; 120 X509_ALGOR *contentEncryptionAlgorithm; 121 ASN1_OCTET_STRING *encryptedContent; 122 /* Content encryption algorithm and key */ 123 const EVP_CIPHER *cipher; 124 unsigned char *key; 125 size_t keylen; 126 /* Set to 1 if we are debugging decrypt and don't fake keys for MMA */ 127 int debug; 128 /* Set to 1 if we have no cert and need extra safety measures for MMA */ 129 int havenocert; 130 }; 131 132 struct CMS_RecipientInfo_st { 133 int type; 134 union { 135 CMS_KeyTransRecipientInfo *ktri; 136 CMS_KeyAgreeRecipientInfo *kari; 137 CMS_KEKRecipientInfo *kekri; 138 CMS_PasswordRecipientInfo *pwri; 139 CMS_OtherRecipientInfo *ori; 140 } d; 141 }; 142 143 typedef CMS_SignerIdentifier CMS_RecipientIdentifier; 144 145 struct CMS_KeyTransRecipientInfo_st { 146 int32_t version; 147 CMS_RecipientIdentifier *rid; 148 X509_ALGOR *keyEncryptionAlgorithm; 149 ASN1_OCTET_STRING *encryptedKey; 150 /* Recipient Key and cert */ 151 X509 *recip; 152 EVP_PKEY *pkey; 153 /* Public key context for this operation */ 154 EVP_PKEY_CTX *pctx; 155 }; 156 157 struct CMS_KeyAgreeRecipientInfo_st { 158 int32_t version; 159 CMS_OriginatorIdentifierOrKey *originator; 160 ASN1_OCTET_STRING *ukm; 161 X509_ALGOR *keyEncryptionAlgorithm; 162 STACK_OF(CMS_RecipientEncryptedKey) *recipientEncryptedKeys; 163 /* Public key context associated with current operation */ 164 EVP_PKEY_CTX *pctx; 165 /* Cipher context for CEK wrapping */ 166 EVP_CIPHER_CTX *ctx; 167 }; 168 169 struct CMS_OriginatorIdentifierOrKey_st { 170 int type; 171 union { 172 CMS_IssuerAndSerialNumber *issuerAndSerialNumber; 173 ASN1_OCTET_STRING *subjectKeyIdentifier; 174 CMS_OriginatorPublicKey *originatorKey; 175 } d; 176 }; 177 178 struct CMS_OriginatorPublicKey_st { 179 X509_ALGOR *algorithm; 180 ASN1_BIT_STRING *publicKey; 181 }; 182 183 struct CMS_RecipientEncryptedKey_st { 184 CMS_KeyAgreeRecipientIdentifier *rid; 185 ASN1_OCTET_STRING *encryptedKey; 186 /* Public key associated with this recipient */ 187 EVP_PKEY *pkey; 188 }; 189 190 struct CMS_KeyAgreeRecipientIdentifier_st { 191 int type; 192 union { 193 CMS_IssuerAndSerialNumber *issuerAndSerialNumber; 194 CMS_RecipientKeyIdentifier *rKeyId; 195 } d; 196 }; 197 198 struct CMS_RecipientKeyIdentifier_st { 199 ASN1_OCTET_STRING *subjectKeyIdentifier; 200 ASN1_GENERALIZEDTIME *date; 201 CMS_OtherKeyAttribute *other; 202 }; 203 204 struct CMS_KEKRecipientInfo_st { 205 int32_t version; 206 CMS_KEKIdentifier *kekid; 207 X509_ALGOR *keyEncryptionAlgorithm; 208 ASN1_OCTET_STRING *encryptedKey; 209 /* Extra info: symmetric key to use */ 210 unsigned char *key; 211 size_t keylen; 212 }; 213 214 struct CMS_KEKIdentifier_st { 215 ASN1_OCTET_STRING *keyIdentifier; 216 ASN1_GENERALIZEDTIME *date; 217 CMS_OtherKeyAttribute *other; 218 }; 219 220 struct CMS_PasswordRecipientInfo_st { 221 int32_t version; 222 X509_ALGOR *keyDerivationAlgorithm; 223 X509_ALGOR *keyEncryptionAlgorithm; 224 ASN1_OCTET_STRING *encryptedKey; 225 /* Extra info: password to use */ 226 unsigned char *pass; 227 size_t passlen; 228 }; 229 230 struct CMS_OtherRecipientInfo_st { 231 ASN1_OBJECT *oriType; 232 ASN1_TYPE *oriValue; 233 }; 234 235 struct CMS_DigestedData_st { 236 int32_t version; 237 X509_ALGOR *digestAlgorithm; 238 CMS_EncapsulatedContentInfo *encapContentInfo; 239 ASN1_OCTET_STRING *digest; 240 }; 241 242 struct CMS_EncryptedData_st { 243 int32_t version; 244 CMS_EncryptedContentInfo *encryptedContentInfo; 245 STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs; 246 }; 247 248 struct CMS_AuthenticatedData_st { 249 int32_t version; 250 CMS_OriginatorInfo *originatorInfo; 251 STACK_OF(CMS_RecipientInfo) *recipientInfos; 252 X509_ALGOR *macAlgorithm; 253 X509_ALGOR *digestAlgorithm; 254 CMS_EncapsulatedContentInfo *encapContentInfo; 255 STACK_OF(X509_ATTRIBUTE) *authAttrs; 256 ASN1_OCTET_STRING *mac; 257 STACK_OF(X509_ATTRIBUTE) *unauthAttrs; 258 }; 259 260 struct CMS_CompressedData_st { 261 int32_t version; 262 X509_ALGOR *compressionAlgorithm; 263 STACK_OF(CMS_RecipientInfo) *recipientInfos; 264 CMS_EncapsulatedContentInfo *encapContentInfo; 265 }; 266 267 struct CMS_RevocationInfoChoice_st { 268 int type; 269 union { 270 X509_CRL *crl; 271 CMS_OtherRevocationInfoFormat *other; 272 } d; 273 }; 274 275 # define CMS_REVCHOICE_CRL 0 276 # define CMS_REVCHOICE_OTHER 1 277 278 struct CMS_OtherRevocationInfoFormat_st { 279 ASN1_OBJECT *otherRevInfoFormat; 280 ASN1_TYPE *otherRevInfo; 281 }; 282 283 struct CMS_CertificateChoices { 284 int type; 285 union { 286 X509 *certificate; 287 ASN1_STRING *extendedCertificate; /* Obsolete */ 288 ASN1_STRING *v1AttrCert; /* Left encoded for now */ 289 ASN1_STRING *v2AttrCert; /* Left encoded for now */ 290 CMS_OtherCertificateFormat *other; 291 } d; 292 }; 293 294 # define CMS_CERTCHOICE_CERT 0 295 # define CMS_CERTCHOICE_EXCERT 1 296 # define CMS_CERTCHOICE_V1ACERT 2 297 # define CMS_CERTCHOICE_V2ACERT 3 298 # define CMS_CERTCHOICE_OTHER 4 299 300 struct CMS_OtherCertificateFormat_st { 301 ASN1_OBJECT *otherCertFormat; 302 ASN1_TYPE *otherCert; 303 }; 304 305 /* 306 * This is also defined in pkcs7.h but we duplicate it to allow the CMS code 307 * to be independent of PKCS#7 308 */ 309 310 struct CMS_IssuerAndSerialNumber_st { 311 X509_NAME *issuer; 312 ASN1_INTEGER *serialNumber; 313 }; 314 315 struct CMS_OtherKeyAttribute_st { 316 ASN1_OBJECT *keyAttrId; 317 ASN1_TYPE *keyAttr; 318 }; 319 320 /* ESS structures */ 321 322 struct CMS_ReceiptRequest_st { 323 ASN1_OCTET_STRING *signedContentIdentifier; 324 CMS_ReceiptsFrom *receiptsFrom; 325 STACK_OF(GENERAL_NAMES) *receiptsTo; 326 }; 327 328 struct CMS_ReceiptsFrom_st { 329 int type; 330 union { 331 int32_t allOrFirstTier; 332 STACK_OF(GENERAL_NAMES) *receiptList; 333 } d; 334 }; 335 336 struct CMS_Receipt_st { 337 int32_t version; 338 ASN1_OBJECT *contentType; 339 ASN1_OCTET_STRING *signedContentIdentifier; 340 ASN1_OCTET_STRING *originatorSignatureValue; 341 }; 342 343 DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo) 344 DECLARE_ASN1_ITEM(CMS_SignerInfo) 345 DECLARE_ASN1_ITEM(CMS_IssuerAndSerialNumber) 346 DECLARE_ASN1_ITEM(CMS_Attributes_Sign) 347 DECLARE_ASN1_ITEM(CMS_Attributes_Verify) 348 DECLARE_ASN1_ITEM(CMS_RecipientInfo) 349 DECLARE_ASN1_ITEM(CMS_PasswordRecipientInfo) 350 DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_IssuerAndSerialNumber) 351 352 # define CMS_SIGNERINFO_ISSUER_SERIAL 0 353 # define CMS_SIGNERINFO_KEYIDENTIFIER 1 354 355 # define CMS_RECIPINFO_ISSUER_SERIAL 0 356 # define CMS_RECIPINFO_KEYIDENTIFIER 1 357 358 # define CMS_REK_ISSUER_SERIAL 0 359 # define CMS_REK_KEYIDENTIFIER 1 360 361 # define CMS_OIK_ISSUER_SERIAL 0 362 # define CMS_OIK_KEYIDENTIFIER 1 363 # define CMS_OIK_PUBKEY 2 364 365 BIO *cms_content_bio(CMS_ContentInfo *cms); 366 367 CMS_ContentInfo *cms_Data_create(void); 368 369 CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md); 370 BIO *cms_DigestedData_init_bio(CMS_ContentInfo *cms); 371 int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify); 372 373 BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms); 374 int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain); 375 int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, 376 int type); 377 int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid, 378 ASN1_OCTET_STRING **keyid, 379 X509_NAME **issuer, 380 ASN1_INTEGER **sno); 381 int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert); 382 383 CMS_ContentInfo *cms_CompressedData_create(int comp_nid); 384 BIO *cms_CompressedData_init_bio(CMS_ContentInfo *cms); 385 386 BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm); 387 int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain, 388 X509_ALGOR *mdalg); 389 390 int cms_ias_cert_cmp(CMS_IssuerAndSerialNumber *ias, X509 *cert); 391 int cms_keyid_cert_cmp(ASN1_OCTET_STRING *keyid, X509 *cert); 392 int cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert); 393 int cms_set1_keyid(ASN1_OCTET_STRING **pkeyid, X509 *cert); 394 395 BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec); 396 BIO *cms_EncryptedData_init_bio(CMS_ContentInfo *cms); 397 int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec, 398 const EVP_CIPHER *cipher, 399 const unsigned char *key, size_t keylen); 400 401 int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms); 402 int cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src); 403 ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si); 404 405 BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms); 406 CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms); 407 int cms_env_asn1_ctrl(CMS_RecipientInfo *ri, int cmd); 408 int cms_pkey_get_ri_type(EVP_PKEY *pk); 409 /* KARI routines */ 410 int cms_RecipientInfo_kari_init(CMS_RecipientInfo *ri, X509 *recip, 411 EVP_PKEY *pk, unsigned int flags); 412 int cms_RecipientInfo_kari_encrypt(CMS_ContentInfo *cms, 413 CMS_RecipientInfo *ri); 414 415 /* PWRI routines */ 416 int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri, 417 int en_de); 418 /* SignerInfo routines */ 419 int CMS_si_check_attributes(const CMS_SignerInfo *si); 420 421 DECLARE_ASN1_ITEM(CMS_CertificateChoices) 422 DECLARE_ASN1_ITEM(CMS_DigestedData) 423 DECLARE_ASN1_ITEM(CMS_EncryptedData) 424 DECLARE_ASN1_ITEM(CMS_EnvelopedData) 425 DECLARE_ASN1_ITEM(CMS_KEKRecipientInfo) 426 DECLARE_ASN1_ITEM(CMS_KeyAgreeRecipientInfo) 427 DECLARE_ASN1_ITEM(CMS_KeyTransRecipientInfo) 428 DECLARE_ASN1_ITEM(CMS_OriginatorPublicKey) 429 DECLARE_ASN1_ITEM(CMS_OtherKeyAttribute) 430 DECLARE_ASN1_ITEM(CMS_Receipt) 431 DECLARE_ASN1_ITEM(CMS_ReceiptRequest) 432 DECLARE_ASN1_ITEM(CMS_RecipientEncryptedKey) 433 DECLARE_ASN1_ITEM(CMS_RecipientKeyIdentifier) 434 DECLARE_ASN1_ITEM(CMS_RevocationInfoChoice) 435 DECLARE_ASN1_ITEM(CMS_SignedData) 436 DECLARE_ASN1_ITEM(CMS_CompressedData) 437 438 #endif 439