1/* crypto/cms/cms_lcl.h */ 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 3 * project. 4 */ 5/* ==================================================================== 6 * Copyright (c) 2008 The OpenSSL Project. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in 17 * the documentation and/or other materials provided with the 18 * distribution. 19 * 20 * 3. All advertising materials mentioning features or use of this 21 * software must display the following acknowledgment: 22 * "This product includes software developed by the OpenSSL Project 23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 24 * 25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26 * endorse or promote products derived from this software without 27 * prior written permission. For written permission, please contact 28 * licensing@OpenSSL.org. 29 * 30 * 5. Products derived from this software may not be called "OpenSSL" 31 * nor may "OpenSSL" appear in their names without prior written 32 * permission of the OpenSSL Project. 33 * 34 * 6. Redistributions of any form whatsoever must retain the following 35 * acknowledgment: 36 * "This product includes software developed by the OpenSSL Project 37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 38 * 39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50 * OF THE POSSIBILITY OF SUCH DAMAGE. 51 * ==================================================================== 52 */ 53 54#ifndef HEADER_CMS_LCL_H 55#define HEADER_CMS_LCL_H 56 57#ifdef __cplusplus 58extern "C" { 59#endif 60 61#include <openssl/x509.h> 62 63/* Cryptographic message syntax (CMS) structures: taken 64 * from RFC3852 65 */ 66 67/* Forward references */ 68 69typedef struct CMS_IssuerAndSerialNumber_st CMS_IssuerAndSerialNumber; 70typedef struct CMS_EncapsulatedContentInfo_st CMS_EncapsulatedContentInfo; 71typedef struct CMS_SignerIdentifier_st CMS_SignerIdentifier; 72typedef struct CMS_SignedData_st CMS_SignedData; 73typedef struct CMS_OtherRevocationInfoFormat_st CMS_OtherRevocationInfoFormat; 74typedef struct CMS_OriginatorInfo_st CMS_OriginatorInfo; 75typedef struct CMS_EncryptedContentInfo_st CMS_EncryptedContentInfo; 76typedef struct CMS_EnvelopedData_st CMS_EnvelopedData; 77typedef struct CMS_DigestedData_st CMS_DigestedData; 78typedef struct CMS_EncryptedData_st CMS_EncryptedData; 79typedef struct CMS_AuthenticatedData_st CMS_AuthenticatedData; 80typedef struct CMS_CompressedData_st CMS_CompressedData; 81typedef struct CMS_OtherCertificateFormat_st CMS_OtherCertificateFormat; 82typedef struct CMS_KeyTransRecipientInfo_st CMS_KeyTransRecipientInfo; 83typedef struct CMS_OriginatorPublicKey_st CMS_OriginatorPublicKey; 84typedef struct CMS_OriginatorIdentifierOrKey_st CMS_OriginatorIdentifierOrKey; 85typedef struct CMS_KeyAgreeRecipientInfo_st CMS_KeyAgreeRecipientInfo; 86typedef struct CMS_OtherKeyAttribute_st CMS_OtherKeyAttribute; 87typedef struct CMS_RecipientKeyIdentifier_st CMS_RecipientKeyIdentifier; 88typedef struct CMS_KeyAgreeRecipientIdentifier_st CMS_KeyAgreeRecipientIdentifier; 89typedef struct CMS_RecipientEncryptedKey_st CMS_RecipientEncryptedKey; 90typedef struct CMS_KEKIdentifier_st CMS_KEKIdentifier; 91typedef struct CMS_KEKRecipientInfo_st CMS_KEKRecipientInfo; 92typedef struct CMS_PasswordRecipientInfo_st CMS_PasswordRecipientInfo; 93typedef struct CMS_OtherRecipientInfo_st CMS_OtherRecipientInfo; 94typedef struct CMS_ReceiptsFrom_st CMS_ReceiptsFrom; 95 96struct CMS_ContentInfo_st 97 { 98 ASN1_OBJECT *contentType; 99 union { 100 ASN1_OCTET_STRING *data; 101 CMS_SignedData *signedData; 102 CMS_EnvelopedData *envelopedData; 103 CMS_DigestedData *digestedData; 104 CMS_EncryptedData *encryptedData; 105 CMS_AuthenticatedData *authenticatedData; 106 CMS_CompressedData *compressedData; 107 ASN1_TYPE *other; 108 /* Other types ... */ 109 void *otherData; 110 } d; 111 }; 112 113struct CMS_SignedData_st 114 { 115 long version; 116 STACK_OF(X509_ALGOR) *digestAlgorithms; 117 CMS_EncapsulatedContentInfo *encapContentInfo; 118 STACK_OF(CMS_CertificateChoices) *certificates; 119 STACK_OF(CMS_RevocationInfoChoice) *crls; 120 STACK_OF(CMS_SignerInfo) *signerInfos; 121 }; 122 123struct CMS_EncapsulatedContentInfo_st 124 { 125 ASN1_OBJECT *eContentType; 126 ASN1_OCTET_STRING *eContent; 127 /* Set to 1 if incomplete structure only part set up */ 128 int partial; 129 }; 130 131struct CMS_SignerInfo_st 132 { 133 long version; 134 CMS_SignerIdentifier *sid; 135 X509_ALGOR *digestAlgorithm; 136 STACK_OF(X509_ATTRIBUTE) *signedAttrs; 137 X509_ALGOR *signatureAlgorithm; 138 ASN1_OCTET_STRING *signature; 139 STACK_OF(X509_ATTRIBUTE) *unsignedAttrs; 140 /* Signing certificate and key */ 141 X509 *signer; 142 EVP_PKEY *pkey; 143 }; 144 145struct CMS_SignerIdentifier_st 146 { 147 int type; 148 union { 149 CMS_IssuerAndSerialNumber *issuerAndSerialNumber; 150 ASN1_OCTET_STRING *subjectKeyIdentifier; 151 } d; 152 }; 153 154struct CMS_EnvelopedData_st 155 { 156 long version; 157 CMS_OriginatorInfo *originatorInfo; 158 STACK_OF(CMS_RecipientInfo) *recipientInfos; 159 CMS_EncryptedContentInfo *encryptedContentInfo; 160 STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs; 161 }; 162 163struct CMS_OriginatorInfo_st 164 { 165 STACK_OF(CMS_CertificateChoices) *certificates; 166 STACK_OF(CMS_RevocationInfoChoice) *crls; 167 }; 168 169struct CMS_EncryptedContentInfo_st 170 { 171 ASN1_OBJECT *contentType; 172 X509_ALGOR *contentEncryptionAlgorithm; 173 ASN1_OCTET_STRING *encryptedContent; 174 /* Content encryption algorithm and key */ 175 const EVP_CIPHER *cipher; 176 unsigned char *key; 177 size_t keylen; 178 }; 179 180struct CMS_RecipientInfo_st 181 { 182 int type; 183 union { 184 CMS_KeyTransRecipientInfo *ktri; 185 CMS_KeyAgreeRecipientInfo *kari; 186 CMS_KEKRecipientInfo *kekri; 187 CMS_PasswordRecipientInfo *pwri; 188 CMS_OtherRecipientInfo *ori; 189 } d; 190 }; 191 192typedef CMS_SignerIdentifier CMS_RecipientIdentifier; 193 194struct CMS_KeyTransRecipientInfo_st 195 { 196 long version; 197 CMS_RecipientIdentifier *rid; 198 X509_ALGOR *keyEncryptionAlgorithm; 199 ASN1_OCTET_STRING *encryptedKey; 200 /* Recipient Key and cert */ 201 X509 *recip; 202 EVP_PKEY *pkey; 203 }; 204 205struct CMS_KeyAgreeRecipientInfo_st 206 { 207 long version; 208 CMS_OriginatorIdentifierOrKey *originator; 209 ASN1_OCTET_STRING *ukm; 210 X509_ALGOR *keyEncryptionAlgorithm; 211 STACK_OF(CMS_RecipientEncryptedKey) *recipientEncryptedKeys; 212 }; 213 214struct CMS_OriginatorIdentifierOrKey_st 215 { 216 int type; 217 union { 218 CMS_IssuerAndSerialNumber *issuerAndSerialNumber; 219 ASN1_OCTET_STRING *subjectKeyIdentifier; 220 CMS_OriginatorPublicKey *originatorKey; 221 } d; 222 }; 223 224struct CMS_OriginatorPublicKey_st 225 { 226 X509_ALGOR *algorithm; 227 ASN1_BIT_STRING *publicKey; 228 }; 229 230struct CMS_RecipientEncryptedKey_st 231 { 232 CMS_KeyAgreeRecipientIdentifier *rid; 233 ASN1_OCTET_STRING *encryptedKey; 234 }; 235 236struct CMS_KeyAgreeRecipientIdentifier_st 237 { 238 int type; 239 union { 240 CMS_IssuerAndSerialNumber *issuerAndSerialNumber; 241 CMS_RecipientKeyIdentifier *rKeyId; 242 } d; 243 }; 244 245struct CMS_RecipientKeyIdentifier_st 246 { 247 ASN1_OCTET_STRING *subjectKeyIdentifier; 248 ASN1_GENERALIZEDTIME *date; 249 CMS_OtherKeyAttribute *other; 250 }; 251 252struct CMS_KEKRecipientInfo_st 253 { 254 long version; 255 CMS_KEKIdentifier *kekid; 256 X509_ALGOR *keyEncryptionAlgorithm; 257 ASN1_OCTET_STRING *encryptedKey; 258 /* Extra info: symmetric key to use */ 259 unsigned char *key; 260 size_t keylen; 261 }; 262 263struct CMS_KEKIdentifier_st 264 { 265 ASN1_OCTET_STRING *keyIdentifier; 266 ASN1_GENERALIZEDTIME *date; 267 CMS_OtherKeyAttribute *other; 268 }; 269 270struct CMS_PasswordRecipientInfo_st 271 { 272 long version; 273 X509_ALGOR *keyDerivationAlgorithm; 274 X509_ALGOR *keyEncryptionAlgorithm; 275 ASN1_OCTET_STRING *encryptedKey; 276 }; 277 278struct CMS_OtherRecipientInfo_st 279 { 280 ASN1_OBJECT *oriType; 281 ASN1_TYPE *oriValue; 282 }; 283 284struct CMS_DigestedData_st 285 { 286 long version; 287 X509_ALGOR *digestAlgorithm; 288 CMS_EncapsulatedContentInfo *encapContentInfo; 289 ASN1_OCTET_STRING *digest; 290 }; 291 292struct CMS_EncryptedData_st 293 { 294 long version; 295 CMS_EncryptedContentInfo *encryptedContentInfo; 296 STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs; 297 }; 298 299struct CMS_AuthenticatedData_st 300 { 301 long version; 302 CMS_OriginatorInfo *originatorInfo; 303 STACK_OF(CMS_RecipientInfo) *recipientInfos; 304 X509_ALGOR *macAlgorithm; 305 X509_ALGOR *digestAlgorithm; 306 CMS_EncapsulatedContentInfo *encapContentInfo; 307 STACK_OF(X509_ATTRIBUTE) *authAttrs; 308 ASN1_OCTET_STRING *mac; 309 STACK_OF(X509_ATTRIBUTE) *unauthAttrs; 310 }; 311 312struct CMS_CompressedData_st 313 { 314 long version; 315 X509_ALGOR *compressionAlgorithm; 316 STACK_OF(CMS_RecipientInfo) *recipientInfos; 317 CMS_EncapsulatedContentInfo *encapContentInfo; 318 }; 319 320struct CMS_RevocationInfoChoice_st 321 { 322 int type; 323 union { 324 X509_CRL *crl; 325 CMS_OtherRevocationInfoFormat *other; 326 } d; 327 }; 328 329#define CMS_REVCHOICE_CRL 0 330#define CMS_REVCHOICE_OTHER 1 331 332struct CMS_OtherRevocationInfoFormat_st 333 { 334 ASN1_OBJECT *otherRevInfoFormat; 335 ASN1_TYPE *otherRevInfo; 336 }; 337 338struct CMS_CertificateChoices 339 { 340 int type; 341 union { 342 X509 *certificate; 343 ASN1_STRING *extendedCertificate; /* Obsolete */ 344 ASN1_STRING *v1AttrCert; /* Left encoded for now */ 345 ASN1_STRING *v2AttrCert; /* Left encoded for now */ 346 CMS_OtherCertificateFormat *other; 347 } d; 348 }; 349 350#define CMS_CERTCHOICE_CERT 0 351#define CMS_CERTCHOICE_EXCERT 1 352#define CMS_CERTCHOICE_V1ACERT 2 353#define CMS_CERTCHOICE_V2ACERT 3 354#define CMS_CERTCHOICE_OTHER 4 355 356struct CMS_OtherCertificateFormat_st 357 { 358 ASN1_OBJECT *otherCertFormat; 359 ASN1_TYPE *otherCert; 360 }; 361 362/* This is also defined in pkcs7.h but we duplicate it 363 * to allow the CMS code to be independent of PKCS#7 364 */ 365 366struct CMS_IssuerAndSerialNumber_st 367 { 368 X509_NAME *issuer; 369 ASN1_INTEGER *serialNumber; 370 }; 371 372struct CMS_OtherKeyAttribute_st 373 { 374 ASN1_OBJECT *keyAttrId; 375 ASN1_TYPE *keyAttr; 376 }; 377 378/* ESS structures */ 379 380#ifdef HEADER_X509V3_H 381 382struct CMS_ReceiptRequest_st 383 { 384 ASN1_OCTET_STRING *signedContentIdentifier; 385 CMS_ReceiptsFrom *receiptsFrom; 386 STACK_OF(GENERAL_NAMES) *receiptsTo; 387 }; 388 389 390struct CMS_ReceiptsFrom_st 391 { 392 int type; 393 union 394 { 395 long allOrFirstTier; 396 STACK_OF(GENERAL_NAMES) *receiptList; 397 } d; 398 }; 399#endif 400 401struct CMS_Receipt_st 402 { 403 long version; 404 ASN1_OBJECT *contentType; 405 ASN1_OCTET_STRING *signedContentIdentifier; 406 ASN1_OCTET_STRING *originatorSignatureValue; 407 }; 408 409DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo) 410DECLARE_ASN1_ITEM(CMS_SignerInfo) 411DECLARE_ASN1_ITEM(CMS_IssuerAndSerialNumber) 412DECLARE_ASN1_ITEM(CMS_Attributes_Sign) 413DECLARE_ASN1_ITEM(CMS_Attributes_Verify) 414DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_IssuerAndSerialNumber) 415 416#define CMS_SIGNERINFO_ISSUER_SERIAL 0 417#define CMS_SIGNERINFO_KEYIDENTIFIER 1 418 419#define CMS_RECIPINFO_ISSUER_SERIAL 0 420#define CMS_RECIPINFO_KEYIDENTIFIER 1 421 422BIO *cms_content_bio(CMS_ContentInfo *cms); 423 424CMS_ContentInfo *cms_Data_create(void); 425 426CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md); 427BIO *cms_DigestedData_init_bio(CMS_ContentInfo *cms); 428int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify); 429 430BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms); 431int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain); 432int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type); 433int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid, 434 ASN1_OCTET_STRING **keyid, 435 X509_NAME **issuer, ASN1_INTEGER **sno); 436int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert); 437 438CMS_ContentInfo *cms_CompressedData_create(int comp_nid); 439BIO *cms_CompressedData_init_bio(CMS_ContentInfo *cms); 440 441void cms_DigestAlgorithm_set(X509_ALGOR *alg, const EVP_MD *md); 442BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm); 443int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain, 444 X509_ALGOR *mdalg); 445 446BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec); 447BIO *cms_EncryptedData_init_bio(CMS_ContentInfo *cms); 448int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec, 449 const EVP_CIPHER *cipher, 450 const unsigned char *key, size_t keylen); 451 452int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms); 453int cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src); 454ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si); 455 456BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms); 457 458#ifdef __cplusplus 459} 460#endif 461#endif 462