1 /* 2 * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. 3 * 4 * Licensed under the Apache License, Version 2.0 (the License); you may 5 * not use this file except in compliance with the License. 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 */ 9 10 11 /* 12 References: 13 1. GM/T 0010-2012 SM2 Cryptography Message Syntax Specification 14 2. RFC 2315 PKCS #7 Cryptographic Message Syntax Version 1.5 15 3. RFC 5652 Cryptographic Message Syntax (CMS) 16 */ 17 18 #ifndef GMSSL_CMS_H 19 #define GMSSL_CMS_H 20 21 22 #include <string.h> 23 #include <stdint.h> 24 #include <sys/types.h> 25 #include <gmssl/x509.h> 26 27 28 #ifdef __cplusplus 29 extern "C" { 30 #endif 31 32 enum { 33 CMS_version_v1 = 1, 34 }; 35 36 37 /* 38 ContentType: 39 OID_cms_data 40 OID_cms_signed_data 41 OID_cms_enveloped_data 42 OID_cms_signed_and_enveloped_data 43 OID_cms_encrypted_data 44 OID_cms_key_agreement_info 45 */ 46 const char *cms_content_type_name(int oid); 47 int cms_content_type_from_name(const char *name); 48 int cms_content_type_to_der(int oid, uint8_t **out, size_t *outlen); 49 int cms_content_type_from_der(int *oid, const uint8_t **in, size_t *inlen); 50 51 /* 52 ContentInfo ::= SEQUENCE { 53 contentType OBJECT IDENTIFIER, 54 content [0] EXPLICIT ANY OPTIONAL } 55 */ 56 int cms_content_info_header_to_der( 57 int content_type, size_t content_len, 58 uint8_t **out, size_t *outlen); 59 int cms_content_info_to_der( 60 int content_type, 61 const uint8_t *content, size_t content_len, 62 uint8_t **out, size_t *outlen); 63 int cms_content_info_from_der( 64 int *content_type, 65 const uint8_t **content, size_t *content_len, // 这里获得的是完整的TLV 66 const uint8_t **in, size_t *inlen); 67 int cms_content_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); 68 69 /* 70 Data ::= OCTET STRING 71 */ 72 #define cms_data_to_der(d,dlen,out,outlen) asn1_octet_string_to_der(d,dlen,out,outlen) 73 #define cms_data_from_der(d,dlen,in,inlen) asn1_octet_string_from_der(d,dlen,in,inlen) 74 #define cms_data_print(fp,fmt,ind,label,d,dlen) format_bytes(fp,fmt,ind,label,d,dlen) 75 76 /* 77 EncryptedContentInfo ::= SEQUENCE { 78 contentType OBJECT IDENTIFIER, 79 contentEncryptionAlgorithm AlgorithmIdentifier, 80 encryptedContent [0] IMPLICIT OCTET STRING OPTIONAL, 81 sharedInfo1 [1] IMPLICIT OCTET STRING OPTIONAL, 82 sharedInfo2 [2] IMPLICIT OCTET STRING OPTIONAL } 83 */ 84 int cms_enced_content_info_to_der( 85 int content_type, 86 int enc_algor, const uint8_t *enc_iv, size_t enc_iv_len, 87 const uint8_t *enced_content, size_t enced_content_len, 88 const uint8_t *shared_info1, size_t shared_info1_len, 89 const uint8_t *shared_info2, size_t shared_info2_len, 90 uint8_t **out, size_t *outlen); 91 int cms_enced_content_info_from_der( 92 int *content_type, 93 int *enc_algor, const uint8_t **enc_iv, size_t *enc_iv_len, 94 const uint8_t **enced_content, size_t *enced_content_len, 95 const uint8_t **shared_info1, size_t *shared_info1_len, 96 const uint8_t **shared_info2, size_t *shared_info2_len, 97 const uint8_t **in, size_t *inlen); 98 int cms_enced_content_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); 99 100 int cms_enced_content_info_encrypt_to_der( 101 int enc_algor, 102 const uint8_t *key, size_t keylen, 103 const uint8_t *iv, size_t ivlen, 104 int content_type, const uint8_t *content, size_t content_len, 105 const uint8_t *shared_info1, size_t shared_info1_len, 106 const uint8_t *shared_info2, size_t shared_info2_len, 107 uint8_t **out, size_t *outlen); 108 int cms_enced_content_info_decrypt_from_der( 109 int *enc_algor, 110 const uint8_t *key, size_t keylen, 111 int *content_type, uint8_t *content, size_t *content_len, 112 const uint8_t **shared_info1, size_t *shared_info1_len, 113 const uint8_t **shared_info2, size_t *shared_info2_len, 114 const uint8_t **in, size_t *inlen); 115 116 /* 117 EncryptedData ::= SEQUENCE { 118 version INTEGER (1), 119 encryptedContentInfo EncryptedContentInfo } 120 */ 121 int cms_encrypted_data_to_der( 122 int version, 123 int content_type, 124 int enc_algor, const uint8_t *iv, size_t ivlen, 125 const uint8_t *enced_content, size_t enced_content_len, 126 const uint8_t *shared_info1, size_t shared_info1_len, 127 const uint8_t *shared_info2, size_t shared_info2_len, 128 uint8_t **out, size_t *outlen); 129 int cms_encrypted_data_from_der( 130 int *version, 131 int *content_type, 132 int *enc_algor, const uint8_t **iv, size_t *ivlen, 133 const uint8_t **enced_content, size_t *enced_content_len, 134 const uint8_t **shared_info1, size_t *shared_info1_len, 135 const uint8_t **shared_info2, size_t *shared_info2_len, 136 const uint8_t **in, size_t *inlen); 137 int cms_encrypted_data_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); 138 139 int cms_encrypted_data_encrypt_to_der( 140 int enc_algor, 141 const uint8_t *key, size_t keylen, 142 const uint8_t *iv, size_t ivlen, 143 int content_type, const uint8_t *content, size_t content_len, 144 const uint8_t *shared_info1, size_t shared_info1_len, 145 const uint8_t *shared_info2, size_t shared_info2_len, 146 uint8_t **out, size_t *outlen); 147 int cms_encrypted_data_decrypt_from_der( 148 int *enc_algor, 149 const uint8_t *key, size_t keylen, 150 int *content_type, uint8_t *content, size_t *content_len, 151 const uint8_t **shared_info1, size_t *shared_info1_len, 152 const uint8_t **shared_info2, size_t *shared_info2_len, 153 const uint8_t **in, size_t *inlen); 154 155 /* 156 IssuerAndSerialNumber ::= SEQUENCE { 157 isser Name, 158 serialNumber INTEGER } 159 */ 160 int cms_issuer_and_serial_number_to_der( 161 const uint8_t *issuer, size_t issuer_len, 162 const uint8_t *serial_number, size_t serial_number_len, 163 uint8_t **out, size_t *outlen); 164 int cms_issuer_and_serial_number_from_der( 165 const uint8_t **issuer, size_t *issuer_len, 166 const uint8_t **serial_number, size_t *serial_number_len, 167 const uint8_t **in, size_t *inlen); 168 int cms_issuer_and_serial_number_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); 169 170 /* 171 SignerInfo ::= SEQUENCE { 172 version INTEGER (1), 173 issuerAndSerialNumber IssuerAndSerialNumber, 174 digestAlgorithm AlgorithmIdentifier, 175 authenticatedAttributes [0] IMPLICIT SET OF Attribute OPTINOAL, 176 digestEncryptionAlgorithm AlgorithmIdentifier, 177 encryptedDigest OCTET STRING, 178 unauthenticatedAttributes [1] IMPLICIT SET OF Attribute OPTINOAL, } 179 */ 180 int cms_signer_info_to_der( 181 int version, 182 const uint8_t *issuer, size_t issuer_len, 183 const uint8_t *serial_number, size_t serial_number_len, 184 int digest_algor, 185 const uint8_t *authed_attrs, size_t authed_attrs_len, 186 int signature_algor, 187 const uint8_t *enced_digest, size_t enced_digest_len, 188 const uint8_t *unauthed_attrs, size_t unauthed_attrs_len, 189 uint8_t **out, size_t *outlen); 190 int cms_signer_info_from_der( 191 int *version, 192 const uint8_t **issuer, size_t *issuer_len, 193 const uint8_t **serial_number, size_t *serial_number_len, 194 int *digest_algor, 195 const uint8_t **authed_attrs, size_t *authed_attrs_len, 196 int *signature_algor, 197 const uint8_t **enced_digest, size_t *enced_digest_len, 198 const uint8_t **unauthed_attrs, size_t *unauthed_attrs_len, 199 const uint8_t **in, size_t *inlen); 200 int cms_signer_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); 201 202 int cms_signer_info_sign_to_der( 203 const SM3_CTX *sm3_ctx, const SM2_KEY *sm2_key, 204 const uint8_t *issuer, size_t issuer_len, 205 const uint8_t *serial_number, size_t serial_number_len, 206 const uint8_t *authed_attrs, size_t authed_attrs_len, 207 const uint8_t *unauthed_attrs, size_t unauthed_attrs_len, 208 uint8_t **out, size_t *outlen); 209 int cms_signer_info_verify_from_der( 210 const SM3_CTX *sm3_ctx, const uint8_t *certs, size_t certslen, 211 const uint8_t **cert, size_t *certlen, 212 const uint8_t **issuer, size_t *issuer_len, 213 const uint8_t **serial, size_t *serial_len, 214 const uint8_t **authed_attrs, size_t *authed_attrs_len, 215 const uint8_t **unauthed_attrs, size_t *unauthed_attrs_len, 216 const uint8_t **in, size_t *inlen); 217 /* 218 SignerInfos ::= SET OF SignerInfo; 219 */ 220 int cms_signer_infos_add_signer_info( 221 uint8_t *d, size_t *dlen, size_t maxlen, 222 const SM3_CTX *sm3_ctx, const SM2_KEY *sign_key, 223 const uint8_t *issuer, size_t issuer_len, 224 const uint8_t *serial_number, size_t serial_number_len, 225 const uint8_t *authed_attrs, size_t authed_attrs_len, 226 const uint8_t *unauthed_attrs, size_t unauthed_attrs_len); 227 #define cms_signer_infos_to_der(d,dlen,out,outlen) asn1_set_to_der(d,dlen,out,outlen) 228 #define cms_signer_infos_from_der(d,dlen,in,inlen) asn1_set_from_der(d,dlen,in,inlen) 229 int cms_signer_infos_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); 230 231 int cms_digest_algors_to_der(const int *digest_algors, size_t digest_algors_cnt, uint8_t **out, size_t *outlen); 232 int cms_digest_algors_from_der(int *digest_algors, size_t *digest_algors_cnt, size_t max_digest_algors, 233 const uint8_t **in, size_t *inlen); 234 int cms_digest_algors_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); 235 236 /* 237 SignedData ::= SEQUENCE { 238 version INTEGER (1), 239 digestAlgorithms SET OF AlgorithmIdentifier, 240 contentInfo ContentInfo, 241 certificates [0] IMPLICIT SET OF Certificate OPTIONAL, 242 crls [1] IMPLICIT SET OF CertificateRevocationList OPTIONAL, 243 signerInfos SET OF SignerInfo } 244 */ 245 int cms_signed_data_to_der( 246 int version, 247 const int *digest_algors, size_t digest_algors_cnt, 248 const int content_type, const uint8_t *content, const size_t content_len, 249 const uint8_t *certs, size_t certs_len, 250 const uint8_t *crls, const size_t crls_len, 251 const uint8_t *signer_infos, size_t signer_infos_len, 252 uint8_t **out, size_t *outlen); 253 int cms_signed_data_from_der( 254 int *version, 255 int *digest_algors, size_t *digest_algors_cnt, size_t max_digest_algors, 256 int *content_type, const uint8_t **content, size_t *content_len, 257 const uint8_t **certs, size_t *certs_len, 258 const uint8_t **crls, size_t *crls_len, 259 const uint8_t **signer_infos, size_t *signer_infos_len, 260 const uint8_t **in, size_t *inlen); 261 int cms_signed_data_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); 262 263 264 typedef struct { 265 uint8_t *certs; 266 size_t certs_len; 267 SM2_KEY *sign_key; 268 } CMS_CERTS_AND_KEY; 269 270 int cms_signed_data_sign_to_der( 271 const CMS_CERTS_AND_KEY *signers, size_t signers_cnt, 272 int content_type, const uint8_t *data, size_t datalen, // 当OID_cms_data时为raw data 273 const uint8_t *crls, size_t crls_len, // 可以为空 274 uint8_t **out, size_t *outlen); 275 int cms_signed_data_verify_from_der( 276 const uint8_t *extra_certs, size_t extra_certs_len, 277 const uint8_t *extra_crls, size_t extra_crls_len, 278 int *content_type, const uint8_t **content, size_t *content_len, // 是否应该返回raw data呢? 279 const uint8_t **certs, size_t *certs_len, 280 const uint8_t **crls, size_t *crls_len, 281 const uint8_t **signer_infos, size_t *signer_infos_len, 282 const uint8_t **in, size_t *inlen); 283 284 285 /* 286 RecipientInfo ::= SEQUENCE { 287 version INTEGER (1), 288 issuerAndSerialNumber IssuerAndSerialNumber, 289 keyEncryptionAlgorithm AlgorithmIdentifier, 290 encryptedKey OCTET STRING -- DER-encoding of SM2Cipher 291 } 292 由于encryptedKey的类型为SM2Cipher, 而SM2Cipher中有2个INTEGER,因此长度是不固定的。 293 因此不能预先确定输出长度 294 */ 295 int cms_recipient_info_to_der( 296 int version, 297 const uint8_t *issuer, size_t issuer_len, 298 const uint8_t *serial_number, size_t serial_number_len, 299 int public_key_enc_algor, 300 const uint8_t *enced_key, size_t enced_key_len, 301 uint8_t **out, size_t *outlen); 302 int cms_recipient_info_from_der( 303 int *version, 304 const uint8_t **issuer, size_t *issuer_len, 305 const uint8_t **serial_number, size_t *serial_number_len, 306 int *pke_algor, const uint8_t **params, size_t *params_len,// SM2加密只使用SM3,没有默认参数,但是ECIES可能有 307 const uint8_t **enced_key, size_t *enced_key_len, 308 const uint8_t **in, size_t *inlen); 309 int cms_recipient_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); 310 311 312 int cms_recipient_info_encrypt_to_der( 313 const SM2_KEY *public_key, 314 const uint8_t *issuer, size_t issuer_len, 315 const uint8_t *serial, size_t serial_len, 316 const uint8_t *in, size_t inlen, 317 uint8_t **out, size_t *outlen); 318 int cms_recipient_info_decrypt_from_der( 319 const SM2_KEY *sm2_key, 320 const uint8_t *rcpt_issuer, size_t rcpt_issuer_len, 321 const uint8_t *rcpt_serial, size_t rcpt_serial_len, 322 uint8_t *out, size_t *outlen, size_t maxlen, 323 const uint8_t **in, size_t *inlen); 324 325 int cms_recipient_infos_add_recipient_info( 326 uint8_t *d, size_t *dlen, size_t maxlen, 327 const SM2_KEY *public_key, 328 const uint8_t *issuer, size_t issuer_len, 329 const uint8_t *serial, size_t serial_len, 330 const uint8_t *in, size_t inlen); 331 #define cms_recipient_infos_to_der(d,dlen,out,outlen) asn1_set_to_der(d,dlen,out,outlen) 332 #define cms_recipient_infos_from_der(d,dlen,in,inlen) asn1_set_from_der(d,dlen,in,inlen) 333 int cms_recipient_infos_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); 334 335 /* 336 EnvelopedData ::= SEQUENCE { 337 version Version, 338 recipientInfos SET OF RecipientInfo, 339 encryptedContentInfo EncryptedContentInfo } 340 */ 341 int cms_enveloped_data_to_der( 342 int version, 343 const uint8_t *rcpt_infos, size_t rcpt_infos_len, 344 int content_type, 345 int enc_algor, const uint8_t *enc_iv, size_t enc_iv_len, 346 const uint8_t *enced_content, size_t enced_content_len, 347 const uint8_t *shared_info1, size_t shared_info1_len, 348 const uint8_t *shared_info2, size_t shared_info2_len, 349 uint8_t **out, size_t *outlen); 350 int cms_enveloped_data_from_der( 351 int *version, 352 const uint8_t **rcpt_infos, size_t *rcpt_infos_len, 353 const uint8_t **enced_content_info, size_t *enced_content_info_len, 354 const uint8_t **in, size_t *inlen); 355 int cms_enveloped_data_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); 356 357 int cms_enveloped_data_encrypt_to_der( 358 const uint8_t *rcpt_certs, size_t rcpt_certs_len, 359 int enc_algor, const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen, 360 int content_type, const uint8_t *content, size_t content_len, 361 const uint8_t *shared_info1, size_t shared_info1_len, 362 const uint8_t *shared_info2, size_t shared_info2_len, 363 uint8_t **out, size_t *outlen); 364 int cms_enveloped_data_decrypt_from_der( 365 const SM2_KEY *sm2_key, 366 const uint8_t *issuer, size_t issuer_len, 367 const uint8_t *serial_number, size_t serial_number_len, 368 int *content_type, uint8_t *content, size_t *content_len, 369 const uint8_t **rcpt_infos, size_t *rcpt_infos_len, 370 const uint8_t **shared_info1, size_t *shared_info1_len, 371 const uint8_t **shared_info2, size_t *shared_info2_len, 372 const uint8_t **in, size_t *inlen); 373 374 /* 375 SignedAndEnvelopedData ::= SEQUENCE { 376 version INTEGER (1), 377 recipientInfos SET OF RecipientInfo, 378 digestAlgorithms SET OF AlgorithmIdentifier, 379 encryptedContentInfo EncryptedContentInfo, 380 certificates [0] IMPLICIT SET OF Certificate OPTIONAL, 381 crls [1] IMPLICIT SET OF CertificateRevocationList OPTIONAL, 382 signerInfos SET OF SignerInfo } 383 */ 384 int cms_signed_and_enveloped_data_to_der( 385 int version, 386 const uint8_t *rcpt_infos, size_t rcpt_infos_len, 387 const int *digest_algors, size_t digest_algors_cnt, 388 int content_type, 389 int enc_algor, const uint8_t *iv, size_t ivlen, 390 const uint8_t *enced_content, size_t enced_content_len, 391 const uint8_t *shared_info1, size_t shared_info1_len, 392 const uint8_t *shared_info2, size_t shared_info2_len, 393 const uint8_t *certs, size_t certs_len, 394 const uint8_t *crls, size_t crls_len, 395 const uint8_t *signer_infos, size_t signer_infos_len, 396 uint8_t **out, size_t *outlen); 397 int cms_signed_and_enveloped_data_from_der( 398 int *version, 399 const uint8_t **rcpt_infos, size_t *rcpt_infos_len, 400 int *digest_algors, size_t *digest_algors_cnt, size_t max_digest_algors, 401 const uint8_t **enced_content_info, size_t *enced_content_info_len, 402 const uint8_t **certs, size_t *certs_len, 403 const uint8_t **crls, size_t *crls_len, 404 const uint8_t **signer_infos, size_t *signer_infos_len, 405 const uint8_t **in, size_t *inlen); 406 int cms_signed_and_enveloped_data_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); 407 408 int cms_signed_and_enveloped_data_encipher_to_der( 409 const CMS_CERTS_AND_KEY *signers, size_t signers_cnt, 410 const uint8_t *rcpt_certs, size_t rcpt_certs_len, 411 int enc_algor, const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen, 412 int content_type, const uint8_t *content, size_t content_len, 413 const uint8_t *signers_crls, size_t signers_crls_len, 414 const uint8_t *shared_info1, size_t shared_info1_len, 415 const uint8_t *shared_info2, size_t shared_info2_len, 416 uint8_t **out, size_t *outlen); 417 int cms_signed_and_enveloped_data_decipher_from_der( 418 const SM2_KEY *rcpt_key, 419 const uint8_t *rcpt_issuer, size_t rcpt_issuer_len, 420 const uint8_t *rcpt_serial, size_t rcpt_serial_len, 421 int *content_type, uint8_t *content, size_t *content_len, 422 const uint8_t **prcpt_infos, size_t *prcpt_infos_len, 423 const uint8_t **shared_info1, size_t *shared_info1_len, 424 const uint8_t **shared_info2, size_t *shared_info2_len, 425 const uint8_t **certs, size_t *certs_len, 426 const uint8_t **crls, size_t *crls_len, 427 const uint8_t **psigner_infos, size_t *psigner_infos_len, 428 const uint8_t *extra_certs, size_t extra_certs_len, 429 const uint8_t *extra_crls, size_t extra_crls_len, 430 const uint8_t **in, size_t *inlen); 431 432 /* 433 KeyAgreementInfo ::= SEQUENCE { 434 version INTEGER (1), 435 tempPublicKeyR SM2PublicKey, 436 userCertificate Certificate, 437 userID OCTET STRING } 438 */ 439 int cms_key_agreement_info_to_der( 440 int version, 441 const SM2_KEY *temp_public_key_r, 442 const uint8_t *user_cert, size_t user_cert_len, 443 const uint8_t *user_id, size_t user_id_len, 444 uint8_t **out, size_t *outlen); 445 int cms_key_agreement_info_from_der( 446 int *version, 447 SM2_KEY *temp_public_key_r, 448 const uint8_t **user_cert, size_t *user_cert_len, 449 const uint8_t **user_id, size_t *user_id_len, 450 const uint8_t **in, size_t *inlen); 451 int cms_key_agreement_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); 452 453 454 455 // 下面是公开API 456 // 公开API的设计考虑: 457 // 1. 不需要调用其他函数 458 // 2. 在逻辑上容易理解 459 // 3. 将cms,cmslen看做对象 460 461 462 // 生成ContentInfo, type == data 463 int cms_set_data(uint8_t *cms, size_t *cmslen, 464 const uint8_t *d, size_t dlen); 465 466 int cms_encrypt( 467 uint8_t *cms, size_t *cmslen, // 输出的ContentInfo (type encryptedData) 468 int enc_algor, const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen, // 对称加密算法、密钥和IV 469 int content_type, const uint8_t *content, size_t content_len, // 待加密的输入数据 470 const uint8_t *shared_info1, size_t shared_info1_len, // 附加信息 471 const uint8_t *shared_info2, size_t shared_info2_len); 472 473 int cms_decrypt( 474 const uint8_t *cms, size_t cmslen, // 输入的ContentInfo (type encryptedData) 475 int *enc_algor, const uint8_t *key, size_t keylen, // 解密密钥(我们不知道解密算法) 476 int *content_type, uint8_t *content, size_t *content_len, // 输出的解密数据类型及数据 477 const uint8_t **shared_info1, size_t *shared_info1_len, // 附加信息 478 const uint8_t **shared_info2, size_t *shared_info2_len); 479 480 int cms_sign( 481 uint8_t *cms, size_t *cms_len, 482 const CMS_CERTS_AND_KEY *signers, size_t signers_cnt, // 签名者的签名私钥和证书 483 int content_type, const uint8_t *content, size_t content_len, // 待签名的输入数据 484 const uint8_t *crls, size_t crls_len); 485 486 int cms_verify( 487 const uint8_t *cms, size_t cms_len, 488 const uint8_t *extra_certs, size_t extra_certs_len, 489 const uint8_t *extra_crls, size_t extra_crls_len, 490 int *content_type, const uint8_t **content, size_t *content_len, 491 const uint8_t **certs, size_t *certs_len, 492 const uint8_t **crls, size_t *crls_len, 493 const uint8_t **signer_infos, size_t *signer_infos_len); 494 495 int cms_envelop( 496 uint8_t *cms, size_t *cms_len, 497 const uint8_t *rcpt_certs, size_t rcpt_certs_len, // 接收方证书,注意这个参数的类型可以容纳多个证书,但是只有在一个接受者时对调用方最方便 498 int enc_algor, const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen, // 对称加密算法及参数 499 int content_type, const uint8_t *content, size_t content_len, // 待加密的输入数据 500 const uint8_t *shared_info1, size_t shared_info1_len, // 附加输入信息 501 const uint8_t *shared_info2, size_t shared_info2_len); 502 503 int cms_deenvelop( 504 const uint8_t *cms, size_t cms_len, 505 const SM2_KEY *rcpt_key, const uint8_t *rcpt_cert, size_t rcpt_cert_len, // 接收方的解密私钥和对应的证书,注意只需要一个解密方 506 int *content_type, uint8_t *content, size_t *content_len, 507 const uint8_t **rcpt_infos, size_t *rcpt_infos_len, // 解析得到,用于显示 508 const uint8_t **shared_info1, size_t *shared_info1_len, 509 const uint8_t **shared_info2, size_t *shared_info2_len); 510 511 int cms_sign_and_envelop( 512 uint8_t *cms, size_t *cms_len, 513 const CMS_CERTS_AND_KEY *signers, size_t signers_cnt, 514 const uint8_t *rcpt_certs, size_t rcpt_certs_len, 515 int enc_algor, const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen, 516 int content_type, const uint8_t *content, size_t content_len, 517 const uint8_t *signers_crls, size_t signers_crls_len, 518 const uint8_t *shared_info1, size_t shared_info1_len, 519 const uint8_t *shared_info2, size_t shared_info2_len); 520 521 int cms_deenvelop_and_verify( 522 const uint8_t *cms, size_t cms_len, 523 const SM2_KEY *rcpt_key, const uint8_t *rcpt_cert, size_t rcpt_cert_len, 524 const uint8_t *extra_signer_certs, size_t extra_signer_certs_len, 525 const uint8_t *extra_signer_crls, size_t extra_signer_crls_len, 526 int *content_type, uint8_t *content, size_t *content_len, 527 const uint8_t **rcpt_infos, size_t *rcpt_infos_len, 528 const uint8_t **signer_infos, size_t *signer_infos_len, 529 const uint8_t **signer_certs, size_t *signer_certs_len, 530 const uint8_t **signer_crls, size_t *signer_crls_len, 531 const uint8_t **shared_info1, size_t *shared_info1_len, 532 const uint8_t **shared_info2, size_t *shared_info2_len); 533 534 // 生成ContentInfo, type == keyAgreementInfo 535 int cms_set_key_agreement_info( 536 uint8_t *cms, size_t *cms_len, 537 const SM2_KEY *temp_public_key_r, 538 const uint8_t *user_cert, size_t user_cert_len, 539 const uint8_t *user_id, size_t user_id_len); 540 541 #define PEM_CMS "CMS" 542 int cms_to_pem(const uint8_t *cms, size_t cms_len, FILE *fp); 543 int cms_from_pem(uint8_t *cms, size_t *cms_len, size_t maxlen, FILE *fp); 544 545 546 int cms_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *a, size_t alen); 547 548 549 #ifdef __cplusplus 550 } 551 #endif 552 #endif 553