1/* crypto/cms/cms_lcl.h */ 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 3 * project. 4 */ 5/* ==================================================================== 6 * Copyright (c) 2008 The OpenSSL Project. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in 17 * the documentation and/or other materials provided with the 18 * distribution. 19 * 20 * 3. All advertising materials mentioning features or use of this 21 * software must display the following acknowledgment: 22 * "This product includes software developed by the OpenSSL Project 23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 24 * 25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26 * endorse or promote products derived from this software without 27 * prior written permission. For written permission, please contact 28 * licensing@OpenSSL.org. 29 * 30 * 5. Products derived from this software may not be called "OpenSSL" 31 * nor may "OpenSSL" appear in their names without prior written 32 * permission of the OpenSSL Project. 33 * 34 * 6. Redistributions of any form whatsoever must retain the following 35 * acknowledgment: 36 * "This product includes software developed by the OpenSSL Project 37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 38 * 39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50 * OF THE POSSIBILITY OF SUCH DAMAGE. 51 * ==================================================================== 52 */ 53 54#ifndef HEADER_CMS_LCL_H 55#define HEADER_CMS_LCL_H 56 57#ifdef __cplusplus 58extern "C" { 59#endif 60 61#include <openssl/x509.h> 62 63/* Cryptographic message syntax (CMS) structures: taken 64 * from RFC3852 65 */ 66 67/* Forward references */ 68 69typedef struct CMS_IssuerAndSerialNumber_st CMS_IssuerAndSerialNumber; 70typedef struct CMS_EncapsulatedContentInfo_st CMS_EncapsulatedContentInfo; 71typedef struct CMS_SignerIdentifier_st CMS_SignerIdentifier; 72typedef struct CMS_SignedData_st CMS_SignedData; 73typedef struct CMS_OtherRevocationInfoFormat_st CMS_OtherRevocationInfoFormat; 74typedef struct CMS_OriginatorInfo_st CMS_OriginatorInfo; 75typedef struct CMS_EncryptedContentInfo_st CMS_EncryptedContentInfo; 76typedef struct CMS_EnvelopedData_st CMS_EnvelopedData; 77typedef struct CMS_DigestedData_st CMS_DigestedData; 78typedef struct CMS_EncryptedData_st CMS_EncryptedData; 79typedef struct CMS_AuthenticatedData_st CMS_AuthenticatedData; 80typedef struct CMS_CompressedData_st CMS_CompressedData; 81typedef struct CMS_OtherCertificateFormat_st CMS_OtherCertificateFormat; 82typedef struct CMS_KeyTransRecipientInfo_st CMS_KeyTransRecipientInfo; 83typedef struct CMS_OriginatorPublicKey_st CMS_OriginatorPublicKey; 84typedef struct CMS_OriginatorIdentifierOrKey_st CMS_OriginatorIdentifierOrKey; 85typedef struct CMS_KeyAgreeRecipientInfo_st CMS_KeyAgreeRecipientInfo; 86typedef struct CMS_OtherKeyAttribute_st CMS_OtherKeyAttribute; 87typedef struct CMS_RecipientKeyIdentifier_st CMS_RecipientKeyIdentifier; 88typedef struct CMS_KeyAgreeRecipientIdentifier_st CMS_KeyAgreeRecipientIdentifier; 89typedef struct CMS_RecipientEncryptedKey_st CMS_RecipientEncryptedKey; 90typedef struct CMS_KEKIdentifier_st CMS_KEKIdentifier; 91typedef struct CMS_KEKRecipientInfo_st CMS_KEKRecipientInfo; 92typedef struct CMS_PasswordRecipientInfo_st CMS_PasswordRecipientInfo; 93typedef struct CMS_OtherRecipientInfo_st CMS_OtherRecipientInfo; 94typedef struct CMS_ReceiptsFrom_st CMS_ReceiptsFrom; 95 96struct CMS_ContentInfo_st 97 { 98 ASN1_OBJECT *contentType; 99 union { 100 ASN1_OCTET_STRING *data; 101 CMS_SignedData *signedData; 102 CMS_EnvelopedData *envelopedData; 103 CMS_DigestedData *digestedData; 104 CMS_EncryptedData *encryptedData; 105 CMS_AuthenticatedData *authenticatedData; 106 CMS_CompressedData *compressedData; 107 ASN1_TYPE *other; 108 /* Other types ... */ 109 void *otherData; 110 } d; 111 }; 112 113struct CMS_SignedData_st 114 { 115 long version; 116 STACK_OF(X509_ALGOR) *digestAlgorithms; 117 CMS_EncapsulatedContentInfo *encapContentInfo; 118 STACK_OF(CMS_CertificateChoices) *certificates; 119 STACK_OF(CMS_RevocationInfoChoice) *crls; 120 STACK_OF(CMS_SignerInfo) *signerInfos; 121 }; 122 123struct CMS_EncapsulatedContentInfo_st 124 { 125 ASN1_OBJECT *eContentType; 126 ASN1_OCTET_STRING *eContent; 127 /* Set to 1 if incomplete structure only part set up */ 128 int partial; 129 }; 130 131struct CMS_SignerInfo_st 132 { 133 long version; 134 CMS_SignerIdentifier *sid; 135 X509_ALGOR *digestAlgorithm; 136 STACK_OF(X509_ATTRIBUTE) *signedAttrs; 137 X509_ALGOR *signatureAlgorithm; 138 ASN1_OCTET_STRING *signature; 139 STACK_OF(X509_ATTRIBUTE) *unsignedAttrs; 140 /* Signing certificate and key */ 141 X509 *signer; 142 EVP_PKEY *pkey; 143 }; 144 145struct CMS_SignerIdentifier_st 146 { 147 int type; 148 union { 149 CMS_IssuerAndSerialNumber *issuerAndSerialNumber; 150 ASN1_OCTET_STRING *subjectKeyIdentifier; 151 } d; 152 }; 153 154struct CMS_EnvelopedData_st 155 { 156 long version; 157 CMS_OriginatorInfo *originatorInfo; 158 STACK_OF(CMS_RecipientInfo) *recipientInfos; 159 CMS_EncryptedContentInfo *encryptedContentInfo; 160 STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs; 161 }; 162 163struct CMS_OriginatorInfo_st 164 { 165 STACK_OF(CMS_CertificateChoices) *certificates; 166 STACK_OF(CMS_RevocationInfoChoice) *crls; 167 }; 168 169struct CMS_EncryptedContentInfo_st 170 { 171 ASN1_OBJECT *contentType; 172 X509_ALGOR *contentEncryptionAlgorithm; 173 ASN1_OCTET_STRING *encryptedContent; 174 /* Content encryption algorithm and key */ 175 const EVP_CIPHER *cipher; 176 unsigned char *key; 177 size_t keylen; 178 /* Set to 1 if we are debugging decrypt and don't fake keys for MMA */ 179 int debug; 180 }; 181 182struct CMS_RecipientInfo_st 183 { 184 int type; 185 union { 186 CMS_KeyTransRecipientInfo *ktri; 187 CMS_KeyAgreeRecipientInfo *kari; 188 CMS_KEKRecipientInfo *kekri; 189 CMS_PasswordRecipientInfo *pwri; 190 CMS_OtherRecipientInfo *ori; 191 } d; 192 }; 193 194typedef CMS_SignerIdentifier CMS_RecipientIdentifier; 195 196struct CMS_KeyTransRecipientInfo_st 197 { 198 long version; 199 CMS_RecipientIdentifier *rid; 200 X509_ALGOR *keyEncryptionAlgorithm; 201 ASN1_OCTET_STRING *encryptedKey; 202 /* Recipient Key and cert */ 203 X509 *recip; 204 EVP_PKEY *pkey; 205 }; 206 207struct CMS_KeyAgreeRecipientInfo_st 208 { 209 long version; 210 CMS_OriginatorIdentifierOrKey *originator; 211 ASN1_OCTET_STRING *ukm; 212 X509_ALGOR *keyEncryptionAlgorithm; 213 STACK_OF(CMS_RecipientEncryptedKey) *recipientEncryptedKeys; 214 }; 215 216struct CMS_OriginatorIdentifierOrKey_st 217 { 218 int type; 219 union { 220 CMS_IssuerAndSerialNumber *issuerAndSerialNumber; 221 ASN1_OCTET_STRING *subjectKeyIdentifier; 222 CMS_OriginatorPublicKey *originatorKey; 223 } d; 224 }; 225 226struct CMS_OriginatorPublicKey_st 227 { 228 X509_ALGOR *algorithm; 229 ASN1_BIT_STRING *publicKey; 230 }; 231 232struct CMS_RecipientEncryptedKey_st 233 { 234 CMS_KeyAgreeRecipientIdentifier *rid; 235 ASN1_OCTET_STRING *encryptedKey; 236 }; 237 238struct CMS_KeyAgreeRecipientIdentifier_st 239 { 240 int type; 241 union { 242 CMS_IssuerAndSerialNumber *issuerAndSerialNumber; 243 CMS_RecipientKeyIdentifier *rKeyId; 244 } d; 245 }; 246 247struct CMS_RecipientKeyIdentifier_st 248 { 249 ASN1_OCTET_STRING *subjectKeyIdentifier; 250 ASN1_GENERALIZEDTIME *date; 251 CMS_OtherKeyAttribute *other; 252 }; 253 254struct CMS_KEKRecipientInfo_st 255 { 256 long version; 257 CMS_KEKIdentifier *kekid; 258 X509_ALGOR *keyEncryptionAlgorithm; 259 ASN1_OCTET_STRING *encryptedKey; 260 /* Extra info: symmetric key to use */ 261 unsigned char *key; 262 size_t keylen; 263 }; 264 265struct CMS_KEKIdentifier_st 266 { 267 ASN1_OCTET_STRING *keyIdentifier; 268 ASN1_GENERALIZEDTIME *date; 269 CMS_OtherKeyAttribute *other; 270 }; 271 272struct CMS_PasswordRecipientInfo_st 273 { 274 long version; 275 X509_ALGOR *keyDerivationAlgorithm; 276 X509_ALGOR *keyEncryptionAlgorithm; 277 ASN1_OCTET_STRING *encryptedKey; 278 }; 279 280struct CMS_OtherRecipientInfo_st 281 { 282 ASN1_OBJECT *oriType; 283 ASN1_TYPE *oriValue; 284 }; 285 286struct CMS_DigestedData_st 287 { 288 long version; 289 X509_ALGOR *digestAlgorithm; 290 CMS_EncapsulatedContentInfo *encapContentInfo; 291 ASN1_OCTET_STRING *digest; 292 }; 293 294struct CMS_EncryptedData_st 295 { 296 long version; 297 CMS_EncryptedContentInfo *encryptedContentInfo; 298 STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs; 299 }; 300 301struct CMS_AuthenticatedData_st 302 { 303 long version; 304 CMS_OriginatorInfo *originatorInfo; 305 STACK_OF(CMS_RecipientInfo) *recipientInfos; 306 X509_ALGOR *macAlgorithm; 307 X509_ALGOR *digestAlgorithm; 308 CMS_EncapsulatedContentInfo *encapContentInfo; 309 STACK_OF(X509_ATTRIBUTE) *authAttrs; 310 ASN1_OCTET_STRING *mac; 311 STACK_OF(X509_ATTRIBUTE) *unauthAttrs; 312 }; 313 314struct CMS_CompressedData_st 315 { 316 long version; 317 X509_ALGOR *compressionAlgorithm; 318 STACK_OF(CMS_RecipientInfo) *recipientInfos; 319 CMS_EncapsulatedContentInfo *encapContentInfo; 320 }; 321 322struct CMS_RevocationInfoChoice_st 323 { 324 int type; 325 union { 326 X509_CRL *crl; 327 CMS_OtherRevocationInfoFormat *other; 328 } d; 329 }; 330 331#define CMS_REVCHOICE_CRL 0 332#define CMS_REVCHOICE_OTHER 1 333 334struct CMS_OtherRevocationInfoFormat_st 335 { 336 ASN1_OBJECT *otherRevInfoFormat; 337 ASN1_TYPE *otherRevInfo; 338 }; 339 340struct CMS_CertificateChoices 341 { 342 int type; 343 union { 344 X509 *certificate; 345 ASN1_STRING *extendedCertificate; /* Obsolete */ 346 ASN1_STRING *v1AttrCert; /* Left encoded for now */ 347 ASN1_STRING *v2AttrCert; /* Left encoded for now */ 348 CMS_OtherCertificateFormat *other; 349 } d; 350 }; 351 352#define CMS_CERTCHOICE_CERT 0 353#define CMS_CERTCHOICE_EXCERT 1 354#define CMS_CERTCHOICE_V1ACERT 2 355#define CMS_CERTCHOICE_V2ACERT 3 356#define CMS_CERTCHOICE_OTHER 4 357 358struct CMS_OtherCertificateFormat_st 359 { 360 ASN1_OBJECT *otherCertFormat; 361 ASN1_TYPE *otherCert; 362 }; 363 364/* This is also defined in pkcs7.h but we duplicate it 365 * to allow the CMS code to be independent of PKCS#7 366 */ 367 368struct CMS_IssuerAndSerialNumber_st 369 { 370 X509_NAME *issuer; 371 ASN1_INTEGER *serialNumber; 372 }; 373 374struct CMS_OtherKeyAttribute_st 375 { 376 ASN1_OBJECT *keyAttrId; 377 ASN1_TYPE *keyAttr; 378 }; 379 380/* ESS structures */ 381 382#ifdef HEADER_X509V3_H 383 384struct CMS_ReceiptRequest_st 385 { 386 ASN1_OCTET_STRING *signedContentIdentifier; 387 CMS_ReceiptsFrom *receiptsFrom; 388 STACK_OF(GENERAL_NAMES) *receiptsTo; 389 }; 390 391 392struct CMS_ReceiptsFrom_st 393 { 394 int type; 395 union 396 { 397 long allOrFirstTier; 398 STACK_OF(GENERAL_NAMES) *receiptList; 399 } d; 400 }; 401#endif 402 403struct CMS_Receipt_st 404 { 405 long version; 406 ASN1_OBJECT *contentType; 407 ASN1_OCTET_STRING *signedContentIdentifier; 408 ASN1_OCTET_STRING *originatorSignatureValue; 409 }; 410 411DECLARE_ASN1_ITEM(CMS_SignerInfo) 412DECLARE_ASN1_ITEM(CMS_IssuerAndSerialNumber) 413DECLARE_ASN1_ITEM(CMS_Attributes_Sign) 414DECLARE_ASN1_ITEM(CMS_Attributes_Verify) 415DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_IssuerAndSerialNumber) 416 417#define CMS_SIGNERINFO_ISSUER_SERIAL 0 418#define CMS_SIGNERINFO_KEYIDENTIFIER 1 419 420#define CMS_RECIPINFO_ISSUER_SERIAL 0 421#define CMS_RECIPINFO_KEYIDENTIFIER 1 422 423BIO *cms_content_bio(CMS_ContentInfo *cms); 424 425CMS_ContentInfo *cms_Data_create(void); 426 427CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md); 428BIO *cms_DigestedData_init_bio(CMS_ContentInfo *cms); 429int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify); 430 431BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms); 432int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain); 433int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type); 434int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid, 435 ASN1_OCTET_STRING **keyid, 436 X509_NAME **issuer, ASN1_INTEGER **sno); 437int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert); 438 439CMS_ContentInfo *cms_CompressedData_create(int comp_nid); 440BIO *cms_CompressedData_init_bio(CMS_ContentInfo *cms); 441 442void cms_DigestAlgorithm_set(X509_ALGOR *alg, const EVP_MD *md); 443BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm); 444int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain, 445 X509_ALGOR *mdalg); 446 447BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec); 448BIO *cms_EncryptedData_init_bio(CMS_ContentInfo *cms); 449int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec, 450 const EVP_CIPHER *cipher, 451 const unsigned char *key, size_t keylen); 452 453int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms); 454int cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src); 455ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si); 456 457BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms); 458 459#ifdef __cplusplus 460} 461#endif 462#endif 463