]>
Commit | Line | Data |
---|---|---|
8931b30d DSH |
1 | /* crypto/cms/cms_lcl.h */ |
2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | |
3 | * project. | |
4 | */ | |
5 | /* ==================================================================== | |
6 | * Copyright (c) 2008 The OpenSSL Project. All rights reserved. | |
7 | * | |
8 | * Redistribution and use in source and binary forms, with or without | |
9 | * modification, are permitted provided that the following conditions | |
10 | * are met: | |
11 | * | |
12 | * 1. Redistributions of source code must retain the above copyright | |
13 | * notice, this list of conditions and the following disclaimer. | |
14 | * | |
15 | * 2. Redistributions in binary form must reproduce the above copyright | |
16 | * notice, this list of conditions and the following disclaimer in | |
17 | * the documentation and/or other materials provided with the | |
18 | * distribution. | |
19 | * | |
20 | * 3. All advertising materials mentioning features or use of this | |
21 | * software must display the following acknowledgment: | |
22 | * "This product includes software developed by the OpenSSL Project | |
23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | |
24 | * | |
25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
26 | * endorse or promote products derived from this software without | |
27 | * prior written permission. For written permission, please contact | |
28 | * licensing@OpenSSL.org. | |
29 | * | |
30 | * 5. Products derived from this software may not be called "OpenSSL" | |
31 | * nor may "OpenSSL" appear in their names without prior written | |
32 | * permission of the OpenSSL Project. | |
33 | * | |
34 | * 6. Redistributions of any form whatsoever must retain the following | |
35 | * acknowledgment: | |
36 | * "This product includes software developed by the OpenSSL Project | |
37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | |
38 | * | |
39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | |
51 | * ==================================================================== | |
52 | */ | |
53 | ||
54 | #ifndef HEADER_CMS_LCL_H | |
55 | #define HEADER_CMS_LCL_H | |
56 | ||
57 | #ifdef __cplusplus | |
58 | extern "C" { | |
59 | #endif | |
60 | ||
61 | #include <openssl/x509.h> | |
62 | ||
63 | /* Cryptographic message syntax (CMS) structures: taken | |
64 | * from RFC3852 | |
65 | */ | |
66 | ||
67 | /* Forward references */ | |
68 | ||
69 | typedef struct CMS_IssuerAndSerialNumber_st CMS_IssuerAndSerialNumber; | |
70 | typedef struct CMS_EncapsulatedContentInfo_st CMS_EncapsulatedContentInfo; | |
71 | typedef struct CMS_SignerIdentifier_st CMS_SignerIdentifier; | |
72 | typedef struct CMS_SignedData_st CMS_SignedData; | |
73 | typedef struct CMS_OtherRevocationInfoFormat_st CMS_OtherRevocationInfoFormat; | |
74 | typedef struct CMS_OriginatorInfo_st CMS_OriginatorInfo; | |
75 | typedef struct CMS_EncryptedContentInfo_st CMS_EncryptedContentInfo; | |
76 | typedef struct CMS_EnvelopedData_st CMS_EnvelopedData; | |
77 | typedef struct CMS_DigestedData_st CMS_DigestedData; | |
78 | typedef struct CMS_EncryptedData_st CMS_EncryptedData; | |
79 | typedef struct CMS_AuthenticatedData_st CMS_AuthenticatedData; | |
80 | typedef struct CMS_CompressedData_st CMS_CompressedData; | |
81 | typedef struct CMS_OtherCertificateFormat_st CMS_OtherCertificateFormat; | |
82 | typedef struct CMS_KeyTransRecipientInfo_st CMS_KeyTransRecipientInfo; | |
83 | typedef struct CMS_OriginatorPublicKey_st CMS_OriginatorPublicKey; | |
84 | typedef struct CMS_OriginatorIdentifierOrKey_st CMS_OriginatorIdentifierOrKey; | |
85 | typedef struct CMS_KeyAgreeRecipientInfo_st CMS_KeyAgreeRecipientInfo; | |
86 | typedef struct CMS_OtherKeyAttribute_st CMS_OtherKeyAttribute; | |
87 | typedef struct CMS_RecipientKeyIdentifier_st CMS_RecipientKeyIdentifier; | |
88 | typedef struct CMS_KeyAgreeRecipientIdentifier_st CMS_KeyAgreeRecipientIdentifier; | |
89 | typedef struct CMS_RecipientEncryptedKey_st CMS_RecipientEncryptedKey; | |
90 | typedef struct CMS_KEKIdentifier_st CMS_KEKIdentifier; | |
91 | typedef struct CMS_KEKRecipientInfo_st CMS_KEKRecipientInfo; | |
92 | typedef struct CMS_PasswordRecipientInfo_st CMS_PasswordRecipientInfo; | |
93 | typedef struct CMS_OtherRecipientInfo_st CMS_OtherRecipientInfo; | |
94 | typedef struct CMS_RecipientInfo_st CMS_RecipientInfo; | |
95 | ||
96 | struct CMS_ContentInfo_st | |
97 | { | |
98 | ASN1_OBJECT *contentType; | |
99 | union { | |
100 | ASN1_OCTET_STRING *data; | |
101 | CMS_SignedData *signedData; | |
102 | CMS_EnvelopedData *envelopedData; | |
103 | CMS_DigestedData *digestedData; | |
104 | CMS_EncryptedData *encryptedData; | |
105 | CMS_AuthenticatedData *authenticatedData; | |
106 | CMS_CompressedData *compressedData; | |
107 | ASN1_TYPE *other; | |
108 | /* Other types ... */ | |
109 | void *otherData; | |
110 | } d; | |
111 | }; | |
112 | ||
113 | struct CMS_SignedData_st | |
114 | { | |
115 | long version; | |
116 | STACK_OF(X509_ALGOR) *digestAlgorithms; | |
117 | CMS_EncapsulatedContentInfo *encapContentInfo; | |
118 | STACK_OF(CMS_CertificateChoices) *certificates; | |
119 | STACK_OF(CMS_RevocationInfoChoice) *crls; | |
120 | STACK_OF(CMS_SignerInfo) *signerInfos; | |
121 | }; | |
122 | ||
123 | struct CMS_EncapsulatedContentInfo_st | |
124 | { | |
125 | ASN1_OBJECT *eContentType; | |
126 | ASN1_OCTET_STRING *eContent; | |
127 | }; | |
128 | ||
129 | struct CMS_SignerInfo_st | |
130 | { | |
131 | long version; | |
132 | CMS_SignerIdentifier *sid; | |
133 | X509_ALGOR *digestAlgorithm; | |
134 | STACK_OF(X509_ATTRIBUTE) *signedAttrs; | |
135 | X509_ALGOR *signatureAlgorithm; | |
136 | ASN1_OCTET_STRING *signature; | |
137 | STACK_OF(X509_ATTRIBUTE) *unsignedAttrs; | |
138 | /* Signing certificate and key */ | |
139 | X509 *signer; | |
140 | EVP_PKEY *pkey; | |
141 | }; | |
142 | ||
143 | struct CMS_SignerIdentifier_st | |
144 | { | |
145 | int type; | |
146 | union { | |
147 | CMS_IssuerAndSerialNumber *issuerAndSerialNumber; | |
148 | ASN1_OCTET_STRING *subjectKeyIdentifier; | |
149 | } d; | |
150 | }; | |
151 | ||
152 | struct CMS_EnvelopedData_st | |
153 | { | |
154 | long version; | |
155 | CMS_OriginatorInfo *originatorInfo; | |
156 | STACK_OF(CMS_RecipientInfo) *recipientInfos; | |
157 | CMS_EncryptedContentInfo *encryptedContentInfo; | |
158 | STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs; | |
159 | }; | |
160 | ||
161 | struct CMS_OriginatorInfo_st | |
162 | { | |
163 | STACK_OF(CMS_CertificateChoices) *certificates; | |
164 | STACK_OF(CMS_RevocationInfoChoice) *crls; | |
165 | }; | |
166 | ||
167 | struct CMS_EncryptedContentInfo_st | |
168 | { | |
169 | ASN1_OBJECT *contentType; | |
170 | X509_ALGOR *contentEncryptionAlgorithm; | |
171 | ASN1_OCTET_STRING *encryptedContent; | |
320bfc1b DSH |
172 | /* Content encryption algorithm and key */ |
173 | const EVP_CIPHER *cipher; | |
174 | unsigned char *key; | |
175 | size_t keylen; | |
8931b30d DSH |
176 | }; |
177 | ||
178 | struct CMS_RecipientInfo_st | |
179 | { | |
180 | int type; | |
181 | union { | |
182 | CMS_KeyTransRecipientInfo *ktri; | |
183 | CMS_KeyAgreeRecipientInfo *kari; | |
184 | CMS_KEKRecipientInfo *kekri; | |
185 | CMS_PasswordRecipientInfo *pwri; | |
186 | CMS_OtherRecipientInfo *ori; | |
187 | } d; | |
188 | }; | |
189 | ||
190 | #define CMS_RECIPINFO_TRANS 0 | |
191 | #define CMS_RECIPINFO_AGREE 1 | |
192 | #define CMS_RECIPINFO_KEK 2 | |
193 | #define CMS_RECIPINFO_PASS 3 | |
194 | #define CMS_RECIPINFO_OTHER 4 | |
195 | ||
196 | typedef CMS_SignerIdentifier CMS_RecipientIdentifier; | |
197 | ||
198 | struct CMS_KeyTransRecipientInfo_st | |
199 | { | |
200 | long version; | |
201 | CMS_RecipientIdentifier *rid; | |
202 | X509_ALGOR *keyEncryptionAlgorithm; | |
203 | ASN1_OCTET_STRING *encryptedKey; | |
204 | /* Recipient Key and cert */ | |
205 | X509 *recip; | |
206 | EVP_PKEY *pkey; | |
207 | }; | |
208 | ||
209 | struct CMS_KeyAgreeRecipientInfo_st | |
210 | { | |
211 | long version; | |
212 | CMS_OriginatorIdentifierOrKey *originator; | |
213 | ASN1_OCTET_STRING *ukm; | |
214 | X509_ALGOR *keyEncryptionAlgorithm; | |
215 | STACK_OF(CMS_RecipientEncryptedKey) *recipientEncryptedKeys; | |
216 | }; | |
217 | ||
218 | struct CMS_OriginatorIdentifierOrKey_st | |
219 | { | |
220 | int type; | |
221 | union { | |
222 | CMS_IssuerAndSerialNumber *issuerAndSerialNumber; | |
223 | ASN1_OCTET_STRING *subjectKeyIdentifier; | |
224 | CMS_OriginatorPublicKey *originatorKey; | |
225 | } d; | |
226 | }; | |
227 | ||
228 | struct CMS_OriginatorPublicKey_st | |
229 | { | |
230 | X509_ALGOR *algorithm; | |
231 | ASN1_BIT_STRING *publicKey; | |
232 | }; | |
233 | ||
234 | struct CMS_RecipientEncryptedKey_st | |
235 | { | |
236 | CMS_KeyAgreeRecipientIdentifier *rid; | |
237 | ASN1_OCTET_STRING *encryptedKey; | |
238 | }; | |
239 | ||
240 | struct CMS_KeyAgreeRecipientIdentifier_st | |
241 | { | |
242 | int type; | |
243 | union { | |
244 | CMS_IssuerAndSerialNumber *issuerAndSerialNumber; | |
245 | CMS_RecipientKeyIdentifier *rKeyId; | |
246 | } d; | |
247 | }; | |
248 | ||
249 | struct CMS_RecipientKeyIdentifier_st | |
250 | { | |
251 | ASN1_OCTET_STRING *subjectKeyIdentifier; | |
252 | ASN1_GENERALIZEDTIME *date; | |
253 | CMS_OtherKeyAttribute *other; | |
254 | }; | |
255 | ||
256 | struct CMS_KEKRecipientInfo_st | |
257 | { | |
258 | long version; | |
259 | CMS_KEKIdentifier *kekid; | |
260 | X509_ALGOR *keyEncryptionAlgorithm; | |
261 | ASN1_OCTET_STRING *encryptedKey; | |
320bfc1b | 262 | /* Extra info: symmetric key to use */ |
afff52a3 DSH |
263 | unsigned char *key; |
264 | size_t keylen; | |
8931b30d DSH |
265 | }; |
266 | ||
267 | struct CMS_KEKIdentifier_st | |
268 | { | |
269 | ASN1_OCTET_STRING *keyIdentifier; | |
270 | ASN1_GENERALIZEDTIME *date; | |
271 | CMS_OtherKeyAttribute *other; | |
272 | }; | |
273 | ||
274 | struct CMS_PasswordRecipientInfo_st | |
275 | { | |
276 | long version; | |
277 | X509_ALGOR *keyDerivationAlgorithm; | |
278 | X509_ALGOR *keyEncryptionAlgorithm; | |
279 | ASN1_OCTET_STRING *encryptedKey; | |
280 | }; | |
281 | ||
282 | struct CMS_OtherRecipientInfo_st | |
283 | { | |
284 | ASN1_OBJECT *oriType; | |
285 | ASN1_TYPE *oriValue; | |
286 | }; | |
287 | ||
288 | struct CMS_DigestedData_st | |
289 | { | |
290 | long version; | |
291 | X509_ALGOR *digestAlgorithm; | |
292 | CMS_EncapsulatedContentInfo *encapContentInfo; | |
293 | ASN1_OCTET_STRING *digest; | |
294 | }; | |
295 | ||
296 | struct CMS_EncryptedData_st | |
297 | { | |
298 | long version; | |
299 | CMS_EncryptedContentInfo *encryptedContentInfo; | |
300 | STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs; | |
301 | }; | |
302 | ||
303 | struct CMS_AuthenticatedData_st | |
304 | { | |
305 | long version; | |
306 | CMS_OriginatorInfo *originatorInfo; | |
307 | STACK_OF(CMS_RecipientInfo) *recipientInfos; | |
308 | X509_ALGOR *macAlgorithm; | |
309 | X509_ALGOR *digestAlgorithm; | |
310 | CMS_EncapsulatedContentInfo *encapContentInfo; | |
311 | STACK_OF(X509_ATTRIBUTE) *authAttrs; | |
312 | ASN1_OCTET_STRING *mac; | |
313 | STACK_OF(X509_ATTRIBUTE) *unauthAttrs; | |
314 | }; | |
315 | ||
316 | struct CMS_CompressedData_st | |
317 | { | |
318 | long version; | |
319 | X509_ALGOR *compressionAlgorithm; | |
320 | STACK_OF(CMS_RecipientInfo) *recipientInfos; | |
321 | CMS_EncapsulatedContentInfo *encapContentInfo; | |
322 | }; | |
323 | ||
324 | struct CMS_RevocationInfoChoice_st | |
325 | { | |
326 | int type; | |
327 | union { | |
328 | X509_CRL *crl; | |
329 | CMS_OtherRevocationInfoFormat *other; | |
330 | } d; | |
331 | }; | |
332 | ||
333 | #define CMS_REVCHOICE_CRL 0 | |
334 | #define CMS_REVCHOICE_OTHER 1 | |
335 | ||
336 | struct CMS_OtherRevocationInfoFormat_st | |
337 | { | |
338 | ASN1_OBJECT *otherRevInfoFormat; | |
339 | ASN1_TYPE *otherRevInfo; | |
340 | }; | |
341 | ||
342 | struct CMS_CertificateChoices | |
343 | { | |
344 | int type; | |
345 | union { | |
346 | X509 *certificate; | |
347 | ASN1_STRING *extendedCertificate; /* Obsolete */ | |
348 | ASN1_STRING *v1AttrCert; /* Left encoded for now */ | |
349 | ASN1_STRING *v2AttrCert; /* Left encoded for now */ | |
350 | CMS_OtherCertificateFormat *other; | |
351 | } d; | |
352 | }; | |
353 | ||
354 | #define CMS_CERTCHOICE_CERT 0 | |
355 | #define CMS_CERTCHOICE_EXCERT 1 | |
356 | #define CMS_CERTCHOICE_V1ACERT 2 | |
357 | #define CMS_CERTCHOICE_V2ACERT 3 | |
358 | #define CMS_CERTCHOICE_OTHER 4 | |
359 | ||
360 | struct CMS_OtherCertificateFormat_st | |
361 | { | |
362 | ASN1_OBJECT *otherCertFormat; | |
363 | ASN1_TYPE *otherCert; | |
364 | }; | |
365 | ||
366 | /* This is also defined in pkcs7.h but we duplicate it | |
367 | * to allow the CMS code to be independent of PKCS#7 | |
368 | */ | |
369 | ||
370 | struct CMS_IssuerAndSerialNumber_st | |
371 | { | |
372 | X509_NAME *issuer; | |
373 | ASN1_INTEGER *serialNumber; | |
374 | }; | |
375 | ||
376 | struct CMS_OtherKeyAttribute_st | |
377 | { | |
378 | ASN1_OBJECT *keyAttrId; | |
379 | ASN1_TYPE *keyAttr; | |
380 | }; | |
381 | ||
382 | DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo) | |
383 | DECLARE_ASN1_ITEM(CMS_SignerInfo) | |
384 | DECLARE_ASN1_ITEM(CMS_IssuerAndSerialNumber) | |
385 | DECLARE_ASN1_ITEM(CMS_Attributes_Sign) | |
386 | DECLARE_ASN1_ITEM(CMS_Attributes_Verify) | |
387 | DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_IssuerAndSerialNumber) | |
388 | ||
389 | #define CMS_SIGNERINFO_ISSUER_SERIAL 0 | |
390 | #define CMS_SIGNERINFO_KEYIDENTIFIER 1 | |
391 | ||
392 | #define CMS_RECIPINFO_ISSUER_SERIAL 0 | |
393 | #define CMS_RECIPINFO_KEYIDENTIFIER 1 | |
394 | ||
395 | BIO *cms_content_bio(CMS_ContentInfo *cms); | |
396 | ||
397 | CMS_ContentInfo *cms_Data_create(void); | |
398 | ||
399 | CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md); | |
400 | BIO *cms_DigestedData_init_bio(CMS_ContentInfo *cms); | |
401 | int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify); | |
402 | ||
403 | BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms); | |
404 | int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain); | |
405 | int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type); | |
406 | int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid, | |
407 | ASN1_OCTET_STRING **keyid, | |
408 | X509_NAME **issuer, ASN1_INTEGER **sno); | |
409 | int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert); | |
410 | ||
411 | CMS_ContentInfo *cms_CompressedData_create(int comp_nid); | |
412 | BIO *cms_CompressedData_init_bio(CMS_ContentInfo *cms); | |
413 | ||
414 | void cms_DigestAlgorithm_set(X509_ALGOR *alg, const EVP_MD *md); | |
415 | BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm); | |
416 | int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain, | |
417 | X509_ALGOR *mdalg); | |
b820455c | 418 | |
320bfc1b DSH |
419 | BIO *cms_EncryptedContent_encrypt_bio(CMS_EncryptedContentInfo *ec); |
420 | BIO *cms_EncryptedContent_decrypt_bio(CMS_EncryptedContentInfo *ec); | |
421 | BIO *cms_EncryptedData_init_bio(CMS_ContentInfo *cms); | |
8931b30d DSH |
422 | |
423 | #ifdef __cplusplus | |
424 | } | |
425 | #endif | |
426 | #endif |