1 /* crypto/cms/cms_lcl.h */ 2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 3 * project. 4 */ 5 /* ==================================================================== 6 * Copyright (c) 2008 The OpenSSL Project. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in 17 * the documentation and/or other materials provided with the 18 * distribution. 19 * 20 * 3. All advertising materials mentioning features or use of this 21 * software must display the following acknowledgment: 22 * "This product includes software developed by the OpenSSL Project 23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 24 * 25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26 * endorse or promote products derived from this software without 27 * prior written permission. For written permission, please contact 28 * licensing@OpenSSL.org. 29 * 30 * 5. Products derived from this software may not be called "OpenSSL" 31 * nor may "OpenSSL" appear in their names without prior written 32 * permission of the OpenSSL Project. 33 * 34 * 6. Redistributions of any form whatsoever must retain the following 35 * acknowledgment: 36 * "This product includes software developed by the OpenSSL Project 37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 38 * 39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50 * OF THE POSSIBILITY OF SUCH DAMAGE. 51 * ==================================================================== 52 */ 53 54 #ifndef HEADER_CMS_LCL_H 55 #define HEADER_CMS_LCL_H 56 57 #ifdef __cplusplus 58 extern "C" { 59 #endif 60 61 #include <openssl/x509.h> 62 63 /* Cryptographic message syntax (CMS) structures: taken 64 * from RFC3852 65 */ 66 67 /* Forward references */ 68 69 typedef struct CMS_IssuerAndSerialNumber_st CMS_IssuerAndSerialNumber; 70 typedef struct CMS_EncapsulatedContentInfo_st CMS_EncapsulatedContentInfo; 71 typedef struct CMS_SignerIdentifier_st CMS_SignerIdentifier; 72 typedef struct CMS_SignedData_st CMS_SignedData; 73 typedef struct CMS_OtherRevocationInfoFormat_st CMS_OtherRevocationInfoFormat; 74 typedef struct CMS_OriginatorInfo_st CMS_OriginatorInfo; 75 typedef struct CMS_EncryptedContentInfo_st CMS_EncryptedContentInfo; 76 typedef struct CMS_EnvelopedData_st CMS_EnvelopedData; 77 typedef struct CMS_DigestedData_st CMS_DigestedData; 78 typedef struct CMS_EncryptedData_st CMS_EncryptedData; 79 typedef struct CMS_AuthenticatedData_st CMS_AuthenticatedData; 80 typedef struct CMS_CompressedData_st CMS_CompressedData; 81 typedef struct CMS_OtherCertificateFormat_st CMS_OtherCertificateFormat; 82 typedef struct CMS_KeyTransRecipientInfo_st CMS_KeyTransRecipientInfo; 83 typedef struct CMS_OriginatorPublicKey_st CMS_OriginatorPublicKey; 84 typedef struct CMS_OriginatorIdentifierOrKey_st CMS_OriginatorIdentifierOrKey; 85 typedef struct CMS_KeyAgreeRecipientInfo_st CMS_KeyAgreeRecipientInfo; 86 typedef struct CMS_OtherKeyAttribute_st CMS_OtherKeyAttribute; 87 typedef struct CMS_RecipientKeyIdentifier_st CMS_RecipientKeyIdentifier; 88 typedef struct CMS_KeyAgreeRecipientIdentifier_st CMS_KeyAgreeRecipientIdentifier; 89 typedef struct CMS_RecipientEncryptedKey_st CMS_RecipientEncryptedKey; 90 typedef struct CMS_KEKIdentifier_st CMS_KEKIdentifier; 91 typedef struct CMS_KEKRecipientInfo_st CMS_KEKRecipientInfo; 92 typedef struct CMS_PasswordRecipientInfo_st CMS_PasswordRecipientInfo; 93 typedef struct CMS_OtherRecipientInfo_st CMS_OtherRecipientInfo; 94 typedef struct CMS_ReceiptsFrom_st CMS_ReceiptsFrom; 95 96 struct CMS_ContentInfo_st 97 { 98 ASN1_OBJECT *contentType; 99 union { 100 ASN1_OCTET_STRING *data; 101 CMS_SignedData *signedData; 102 CMS_EnvelopedData *envelopedData; 103 CMS_DigestedData *digestedData; 104 CMS_EncryptedData *encryptedData; 105 CMS_AuthenticatedData *authenticatedData; 106 CMS_CompressedData *compressedData; 107 ASN1_TYPE *other; 108 /* Other types ... */ 109 void *otherData; 110 } d; 111 }; 112 113 struct CMS_SignedData_st 114 { 115 long version; 116 STACK_OF(X509_ALGOR) *digestAlgorithms; 117 CMS_EncapsulatedContentInfo *encapContentInfo; 118 STACK_OF(CMS_CertificateChoices) *certificates; 119 STACK_OF(CMS_RevocationInfoChoice) *crls; 120 STACK_OF(CMS_SignerInfo) *signerInfos; 121 }; 122 123 struct CMS_EncapsulatedContentInfo_st 124 { 125 ASN1_OBJECT *eContentType; 126 ASN1_OCTET_STRING *eContent; 127 /* Set to 1 if incomplete structure only part set up */ 128 int partial; 129 }; 130 131 struct CMS_SignerInfo_st 132 { 133 long version; 134 CMS_SignerIdentifier *sid; 135 X509_ALGOR *digestAlgorithm; 136 STACK_OF(X509_ATTRIBUTE) *signedAttrs; 137 X509_ALGOR *signatureAlgorithm; 138 ASN1_OCTET_STRING *signature; 139 STACK_OF(X509_ATTRIBUTE) *unsignedAttrs; 140 /* Signing certificate and key */ 141 X509 *signer; 142 EVP_PKEY *pkey; 143 }; 144 145 struct CMS_SignerIdentifier_st 146 { 147 int type; 148 union { 149 CMS_IssuerAndSerialNumber *issuerAndSerialNumber; 150 ASN1_OCTET_STRING *subjectKeyIdentifier; 151 } d; 152 }; 153 154 struct CMS_EnvelopedData_st 155 { 156 long version; 157 CMS_OriginatorInfo *originatorInfo; 158 STACK_OF(CMS_RecipientInfo) *recipientInfos; 159 CMS_EncryptedContentInfo *encryptedContentInfo; 160 STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs; 161 }; 162 163 struct CMS_OriginatorInfo_st 164 { 165 STACK_OF(CMS_CertificateChoices) *certificates; 166 STACK_OF(CMS_RevocationInfoChoice) *crls; 167 }; 168 169 struct CMS_EncryptedContentInfo_st 170 { 171 ASN1_OBJECT *contentType; 172 X509_ALGOR *contentEncryptionAlgorithm; 173 ASN1_OCTET_STRING *encryptedContent; 174 /* Content encryption algorithm and key */ 175 const EVP_CIPHER *cipher; 176 unsigned char *key; 177 size_t keylen; 178 /* Set to 1 if we are debugging decrypt and don't fake keys for MMA */ 179 int debug; 180 }; 181 182 struct CMS_RecipientInfo_st 183 { 184 int type; 185 union { 186 CMS_KeyTransRecipientInfo *ktri; 187 CMS_KeyAgreeRecipientInfo *kari; 188 CMS_KEKRecipientInfo *kekri; 189 CMS_PasswordRecipientInfo *pwri; 190 CMS_OtherRecipientInfo *ori; 191 } d; 192 }; 193 194 typedef CMS_SignerIdentifier CMS_RecipientIdentifier; 195 196 struct CMS_KeyTransRecipientInfo_st 197 { 198 long version; 199 CMS_RecipientIdentifier *rid; 200 X509_ALGOR *keyEncryptionAlgorithm; 201 ASN1_OCTET_STRING *encryptedKey; 202 /* Recipient Key and cert */ 203 X509 *recip; 204 EVP_PKEY *pkey; 205 }; 206 207 struct CMS_KeyAgreeRecipientInfo_st 208 { 209 long version; 210 CMS_OriginatorIdentifierOrKey *originator; 211 ASN1_OCTET_STRING *ukm; 212 X509_ALGOR *keyEncryptionAlgorithm; 213 STACK_OF(CMS_RecipientEncryptedKey) *recipientEncryptedKeys; 214 }; 215 216 struct CMS_OriginatorIdentifierOrKey_st 217 { 218 int type; 219 union { 220 CMS_IssuerAndSerialNumber *issuerAndSerialNumber; 221 ASN1_OCTET_STRING *subjectKeyIdentifier; 222 CMS_OriginatorPublicKey *originatorKey; 223 } d; 224 }; 225 226 struct CMS_OriginatorPublicKey_st 227 { 228 X509_ALGOR *algorithm; 229 ASN1_BIT_STRING *publicKey; 230 }; 231 232 struct CMS_RecipientEncryptedKey_st 233 { 234 CMS_KeyAgreeRecipientIdentifier *rid; 235 ASN1_OCTET_STRING *encryptedKey; 236 }; 237 238 struct CMS_KeyAgreeRecipientIdentifier_st 239 { 240 int type; 241 union { 242 CMS_IssuerAndSerialNumber *issuerAndSerialNumber; 243 CMS_RecipientKeyIdentifier *rKeyId; 244 } d; 245 }; 246 247 struct CMS_RecipientKeyIdentifier_st 248 { 249 ASN1_OCTET_STRING *subjectKeyIdentifier; 250 ASN1_GENERALIZEDTIME *date; 251 CMS_OtherKeyAttribute *other; 252 }; 253 254 struct CMS_KEKRecipientInfo_st 255 { 256 long version; 257 CMS_KEKIdentifier *kekid; 258 X509_ALGOR *keyEncryptionAlgorithm; 259 ASN1_OCTET_STRING *encryptedKey; 260 /* Extra info: symmetric key to use */ 261 unsigned char *key; 262 size_t keylen; 263 }; 264 265 struct CMS_KEKIdentifier_st 266 { 267 ASN1_OCTET_STRING *keyIdentifier; 268 ASN1_GENERALIZEDTIME *date; 269 CMS_OtherKeyAttribute *other; 270 }; 271 272 struct CMS_PasswordRecipientInfo_st 273 { 274 long version; 275 X509_ALGOR *keyDerivationAlgorithm; 276 X509_ALGOR *keyEncryptionAlgorithm; 277 ASN1_OCTET_STRING *encryptedKey; 278 /* Extra info: password to use */ 279 unsigned char *pass; 280 size_t passlen; 281 }; 282 283 struct CMS_OtherRecipientInfo_st 284 { 285 ASN1_OBJECT *oriType; 286 ASN1_TYPE *oriValue; 287 }; 288 289 struct CMS_DigestedData_st 290 { 291 long version; 292 X509_ALGOR *digestAlgorithm; 293 CMS_EncapsulatedContentInfo *encapContentInfo; 294 ASN1_OCTET_STRING *digest; 295 }; 296 297 struct CMS_EncryptedData_st 298 { 299 long version; 300 CMS_EncryptedContentInfo *encryptedContentInfo; 301 STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs; 302 }; 303 304 struct CMS_AuthenticatedData_st 305 { 306 long version; 307 CMS_OriginatorInfo *originatorInfo; 308 STACK_OF(CMS_RecipientInfo) *recipientInfos; 309 X509_ALGOR *macAlgorithm; 310 X509_ALGOR *digestAlgorithm; 311 CMS_EncapsulatedContentInfo *encapContentInfo; 312 STACK_OF(X509_ATTRIBUTE) *authAttrs; 313 ASN1_OCTET_STRING *mac; 314 STACK_OF(X509_ATTRIBUTE) *unauthAttrs; 315 }; 316 317 struct CMS_CompressedData_st 318 { 319 long version; 320 X509_ALGOR *compressionAlgorithm; 321 STACK_OF(CMS_RecipientInfo) *recipientInfos; 322 CMS_EncapsulatedContentInfo *encapContentInfo; 323 }; 324 325 struct CMS_RevocationInfoChoice_st 326 { 327 int type; 328 union { 329 X509_CRL *crl; 330 CMS_OtherRevocationInfoFormat *other; 331 } d; 332 }; 333 334 #define CMS_REVCHOICE_CRL 0 335 #define CMS_REVCHOICE_OTHER 1 336 337 struct CMS_OtherRevocationInfoFormat_st 338 { 339 ASN1_OBJECT *otherRevInfoFormat; 340 ASN1_TYPE *otherRevInfo; 341 }; 342 343 struct CMS_CertificateChoices 344 { 345 int type; 346 union { 347 X509 *certificate; 348 ASN1_STRING *extendedCertificate; /* Obsolete */ 349 ASN1_STRING *v1AttrCert; /* Left encoded for now */ 350 ASN1_STRING *v2AttrCert; /* Left encoded for now */ 351 CMS_OtherCertificateFormat *other; 352 } d; 353 }; 354 355 #define CMS_CERTCHOICE_CERT 0 356 #define CMS_CERTCHOICE_EXCERT 1 357 #define CMS_CERTCHOICE_V1ACERT 2 358 #define CMS_CERTCHOICE_V2ACERT 3 359 #define CMS_CERTCHOICE_OTHER 4 360 361 struct CMS_OtherCertificateFormat_st 362 { 363 ASN1_OBJECT *otherCertFormat; 364 ASN1_TYPE *otherCert; 365 }; 366 367 /* This is also defined in pkcs7.h but we duplicate it 368 * to allow the CMS code to be independent of PKCS#7 369 */ 370 371 struct CMS_IssuerAndSerialNumber_st 372 { 373 X509_NAME *issuer; 374 ASN1_INTEGER *serialNumber; 375 }; 376 377 struct CMS_OtherKeyAttribute_st 378 { 379 ASN1_OBJECT *keyAttrId; 380 ASN1_TYPE *keyAttr; 381 }; 382 383 /* ESS structures */ 384 385 #ifdef HEADER_X509V3_H 386 387 struct CMS_ReceiptRequest_st 388 { 389 ASN1_OCTET_STRING *signedContentIdentifier; 390 CMS_ReceiptsFrom *receiptsFrom; 391 STACK_OF(GENERAL_NAMES) *receiptsTo; 392 }; 393 394 395 struct CMS_ReceiptsFrom_st 396 { 397 int type; 398 union 399 { 400 long allOrFirstTier; 401 STACK_OF(GENERAL_NAMES) *receiptList; 402 } d; 403 }; 404 #endif 405 406 struct CMS_Receipt_st 407 { 408 long version; 409 ASN1_OBJECT *contentType; 410 ASN1_OCTET_STRING *signedContentIdentifier; 411 ASN1_OCTET_STRING *originatorSignatureValue; 412 }; 413 414 DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo) 415 DECLARE_ASN1_ITEM(CMS_SignerInfo) 416 DECLARE_ASN1_ITEM(CMS_IssuerAndSerialNumber) 417 DECLARE_ASN1_ITEM(CMS_Attributes_Sign) 418 DECLARE_ASN1_ITEM(CMS_Attributes_Verify) 419 DECLARE_ASN1_ITEM(CMS_RecipientInfo) 420 DECLARE_ASN1_ITEM(CMS_PasswordRecipientInfo) 421 DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_IssuerAndSerialNumber) 422 423 #define CMS_SIGNERINFO_ISSUER_SERIAL 0 424 #define CMS_SIGNERINFO_KEYIDENTIFIER 1 425 426 #define CMS_RECIPINFO_ISSUER_SERIAL 0 427 #define CMS_RECIPINFO_KEYIDENTIFIER 1 428 429 BIO *cms_content_bio(CMS_ContentInfo *cms); 430 431 CMS_ContentInfo *cms_Data_create(void); 432 433 CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md); 434 BIO *cms_DigestedData_init_bio(CMS_ContentInfo *cms); 435 int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify); 436 437 BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms); 438 int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain); 439 int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type); 440 int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid, 441 ASN1_OCTET_STRING **keyid, 442 X509_NAME **issuer, ASN1_INTEGER **sno); 443 int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert); 444 445 CMS_ContentInfo *cms_CompressedData_create(int comp_nid); 446 BIO *cms_CompressedData_init_bio(CMS_ContentInfo *cms); 447 448 void cms_DigestAlgorithm_set(X509_ALGOR *alg, const EVP_MD *md); 449 BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm); 450 int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain, 451 X509_ALGOR *mdalg); 452 453 BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec); 454 BIO *cms_EncryptedData_init_bio(CMS_ContentInfo *cms); 455 int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec, 456 const EVP_CIPHER *cipher, 457 const unsigned char *key, size_t keylen); 458 459 int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms); 460 int cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src); 461 ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si); 462 463 BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms); 464 CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms); 465 466 /* PWRI routines */ 467 int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri, 468 int en_de); 469 470 #ifdef __cplusplus 471 } 472 #endif 473 #endif 474