2 * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #ifndef HEADER_CMS_LCL_H
11 # define HEADER_CMS_LCL_H
13 # include <openssl/x509.h>
16 * Cryptographic message syntax (CMS) structures: taken from RFC3852
19 /* Forward references */
21 typedef struct CMS_IssuerAndSerialNumber_st CMS_IssuerAndSerialNumber
;
22 typedef struct CMS_EncapsulatedContentInfo_st CMS_EncapsulatedContentInfo
;
23 typedef struct CMS_SignerIdentifier_st CMS_SignerIdentifier
;
24 typedef struct CMS_SignedData_st CMS_SignedData
;
25 typedef struct CMS_OtherRevocationInfoFormat_st CMS_OtherRevocationInfoFormat
;
26 typedef struct CMS_OriginatorInfo_st CMS_OriginatorInfo
;
27 typedef struct CMS_EncryptedContentInfo_st CMS_EncryptedContentInfo
;
28 typedef struct CMS_EnvelopedData_st CMS_EnvelopedData
;
29 typedef struct CMS_DigestedData_st CMS_DigestedData
;
30 typedef struct CMS_EncryptedData_st CMS_EncryptedData
;
31 typedef struct CMS_AuthenticatedData_st CMS_AuthenticatedData
;
32 typedef struct CMS_CompressedData_st CMS_CompressedData
;
33 typedef struct CMS_OtherCertificateFormat_st CMS_OtherCertificateFormat
;
34 typedef struct CMS_KeyTransRecipientInfo_st CMS_KeyTransRecipientInfo
;
35 typedef struct CMS_OriginatorPublicKey_st CMS_OriginatorPublicKey
;
36 typedef struct CMS_OriginatorIdentifierOrKey_st CMS_OriginatorIdentifierOrKey
;
37 typedef struct CMS_KeyAgreeRecipientInfo_st CMS_KeyAgreeRecipientInfo
;
38 typedef struct CMS_RecipientKeyIdentifier_st CMS_RecipientKeyIdentifier
;
39 typedef struct CMS_KeyAgreeRecipientIdentifier_st
40 CMS_KeyAgreeRecipientIdentifier
;
41 typedef struct CMS_KEKIdentifier_st CMS_KEKIdentifier
;
42 typedef struct CMS_KEKRecipientInfo_st CMS_KEKRecipientInfo
;
43 typedef struct CMS_PasswordRecipientInfo_st CMS_PasswordRecipientInfo
;
44 typedef struct CMS_OtherRecipientInfo_st CMS_OtherRecipientInfo
;
45 typedef struct CMS_ReceiptsFrom_st CMS_ReceiptsFrom
;
47 struct CMS_ContentInfo_st
{
48 ASN1_OBJECT
*contentType
;
50 ASN1_OCTET_STRING
*data
;
51 CMS_SignedData
*signedData
;
52 CMS_EnvelopedData
*envelopedData
;
53 CMS_DigestedData
*digestedData
;
54 CMS_EncryptedData
*encryptedData
;
55 CMS_AuthenticatedData
*authenticatedData
;
56 CMS_CompressedData
*compressedData
;
63 DEFINE_STACK_OF(CMS_CertificateChoices
)
65 struct CMS_SignedData_st
{
67 STACK_OF(X509_ALGOR
) *digestAlgorithms
;
68 CMS_EncapsulatedContentInfo
*encapContentInfo
;
69 STACK_OF(CMS_CertificateChoices
) *certificates
;
70 STACK_OF(CMS_RevocationInfoChoice
) *crls
;
71 STACK_OF(CMS_SignerInfo
) *signerInfos
;
74 struct CMS_EncapsulatedContentInfo_st
{
75 ASN1_OBJECT
*eContentType
;
76 ASN1_OCTET_STRING
*eContent
;
77 /* Set to 1 if incomplete structure only part set up */
81 struct CMS_SignerInfo_st
{
83 CMS_SignerIdentifier
*sid
;
84 X509_ALGOR
*digestAlgorithm
;
85 STACK_OF(X509_ATTRIBUTE
) *signedAttrs
;
86 X509_ALGOR
*signatureAlgorithm
;
87 ASN1_OCTET_STRING
*signature
;
88 STACK_OF(X509_ATTRIBUTE
) *unsignedAttrs
;
89 /* Signing certificate and key */
92 /* Digest and public key context for alternative parameters */
97 struct CMS_SignerIdentifier_st
{
100 CMS_IssuerAndSerialNumber
*issuerAndSerialNumber
;
101 ASN1_OCTET_STRING
*subjectKeyIdentifier
;
105 struct CMS_EnvelopedData_st
{
107 CMS_OriginatorInfo
*originatorInfo
;
108 STACK_OF(CMS_RecipientInfo
) *recipientInfos
;
109 CMS_EncryptedContentInfo
*encryptedContentInfo
;
110 STACK_OF(X509_ATTRIBUTE
) *unprotectedAttrs
;
113 struct CMS_OriginatorInfo_st
{
114 STACK_OF(CMS_CertificateChoices
) *certificates
;
115 STACK_OF(CMS_RevocationInfoChoice
) *crls
;
118 struct CMS_EncryptedContentInfo_st
{
119 ASN1_OBJECT
*contentType
;
120 X509_ALGOR
*contentEncryptionAlgorithm
;
121 ASN1_OCTET_STRING
*encryptedContent
;
122 /* Content encryption algorithm and key */
123 const EVP_CIPHER
*cipher
;
126 /* Set to 1 if we are debugging decrypt and don't fake keys for MMA */
128 /* Set to 1 if we have no cert and need extra safety measures for MMA */
132 struct CMS_RecipientInfo_st
{
135 CMS_KeyTransRecipientInfo
*ktri
;
136 CMS_KeyAgreeRecipientInfo
*kari
;
137 CMS_KEKRecipientInfo
*kekri
;
138 CMS_PasswordRecipientInfo
*pwri
;
139 CMS_OtherRecipientInfo
*ori
;
143 typedef CMS_SignerIdentifier CMS_RecipientIdentifier
;
145 struct CMS_KeyTransRecipientInfo_st
{
147 CMS_RecipientIdentifier
*rid
;
148 X509_ALGOR
*keyEncryptionAlgorithm
;
149 ASN1_OCTET_STRING
*encryptedKey
;
150 /* Recipient Key and cert */
153 /* Public key context for this operation */
157 struct CMS_KeyAgreeRecipientInfo_st
{
159 CMS_OriginatorIdentifierOrKey
*originator
;
160 ASN1_OCTET_STRING
*ukm
;
161 X509_ALGOR
*keyEncryptionAlgorithm
;
162 STACK_OF(CMS_RecipientEncryptedKey
) *recipientEncryptedKeys
;
163 /* Public key context associated with current operation */
165 /* Cipher context for CEK wrapping */
169 struct CMS_OriginatorIdentifierOrKey_st
{
172 CMS_IssuerAndSerialNumber
*issuerAndSerialNumber
;
173 ASN1_OCTET_STRING
*subjectKeyIdentifier
;
174 CMS_OriginatorPublicKey
*originatorKey
;
178 struct CMS_OriginatorPublicKey_st
{
179 X509_ALGOR
*algorithm
;
180 ASN1_BIT_STRING
*publicKey
;
183 struct CMS_RecipientEncryptedKey_st
{
184 CMS_KeyAgreeRecipientIdentifier
*rid
;
185 ASN1_OCTET_STRING
*encryptedKey
;
186 /* Public key associated with this recipient */
190 struct CMS_KeyAgreeRecipientIdentifier_st
{
193 CMS_IssuerAndSerialNumber
*issuerAndSerialNumber
;
194 CMS_RecipientKeyIdentifier
*rKeyId
;
198 struct CMS_RecipientKeyIdentifier_st
{
199 ASN1_OCTET_STRING
*subjectKeyIdentifier
;
200 ASN1_GENERALIZEDTIME
*date
;
201 CMS_OtherKeyAttribute
*other
;
204 struct CMS_KEKRecipientInfo_st
{
206 CMS_KEKIdentifier
*kekid
;
207 X509_ALGOR
*keyEncryptionAlgorithm
;
208 ASN1_OCTET_STRING
*encryptedKey
;
209 /* Extra info: symmetric key to use */
214 struct CMS_KEKIdentifier_st
{
215 ASN1_OCTET_STRING
*keyIdentifier
;
216 ASN1_GENERALIZEDTIME
*date
;
217 CMS_OtherKeyAttribute
*other
;
220 struct CMS_PasswordRecipientInfo_st
{
222 X509_ALGOR
*keyDerivationAlgorithm
;
223 X509_ALGOR
*keyEncryptionAlgorithm
;
224 ASN1_OCTET_STRING
*encryptedKey
;
225 /* Extra info: password to use */
230 struct CMS_OtherRecipientInfo_st
{
231 ASN1_OBJECT
*oriType
;
235 struct CMS_DigestedData_st
{
237 X509_ALGOR
*digestAlgorithm
;
238 CMS_EncapsulatedContentInfo
*encapContentInfo
;
239 ASN1_OCTET_STRING
*digest
;
242 struct CMS_EncryptedData_st
{
244 CMS_EncryptedContentInfo
*encryptedContentInfo
;
245 STACK_OF(X509_ATTRIBUTE
) *unprotectedAttrs
;
248 struct CMS_AuthenticatedData_st
{
250 CMS_OriginatorInfo
*originatorInfo
;
251 STACK_OF(CMS_RecipientInfo
) *recipientInfos
;
252 X509_ALGOR
*macAlgorithm
;
253 X509_ALGOR
*digestAlgorithm
;
254 CMS_EncapsulatedContentInfo
*encapContentInfo
;
255 STACK_OF(X509_ATTRIBUTE
) *authAttrs
;
256 ASN1_OCTET_STRING
*mac
;
257 STACK_OF(X509_ATTRIBUTE
) *unauthAttrs
;
260 struct CMS_CompressedData_st
{
262 X509_ALGOR
*compressionAlgorithm
;
263 STACK_OF(CMS_RecipientInfo
) *recipientInfos
;
264 CMS_EncapsulatedContentInfo
*encapContentInfo
;
267 struct CMS_RevocationInfoChoice_st
{
271 CMS_OtherRevocationInfoFormat
*other
;
275 # define CMS_REVCHOICE_CRL 0
276 # define CMS_REVCHOICE_OTHER 1
278 struct CMS_OtherRevocationInfoFormat_st
{
279 ASN1_OBJECT
*otherRevInfoFormat
;
280 ASN1_TYPE
*otherRevInfo
;
283 struct CMS_CertificateChoices
{
287 ASN1_STRING
*extendedCertificate
; /* Obsolete */
288 ASN1_STRING
*v1AttrCert
; /* Left encoded for now */
289 ASN1_STRING
*v2AttrCert
; /* Left encoded for now */
290 CMS_OtherCertificateFormat
*other
;
294 # define CMS_CERTCHOICE_CERT 0
295 # define CMS_CERTCHOICE_EXCERT 1
296 # define CMS_CERTCHOICE_V1ACERT 2
297 # define CMS_CERTCHOICE_V2ACERT 3
298 # define CMS_CERTCHOICE_OTHER 4
300 struct CMS_OtherCertificateFormat_st
{
301 ASN1_OBJECT
*otherCertFormat
;
302 ASN1_TYPE
*otherCert
;
306 * This is also defined in pkcs7.h but we duplicate it to allow the CMS code
307 * to be independent of PKCS#7
310 struct CMS_IssuerAndSerialNumber_st
{
312 ASN1_INTEGER
*serialNumber
;
315 struct CMS_OtherKeyAttribute_st
{
316 ASN1_OBJECT
*keyAttrId
;
322 struct CMS_ReceiptRequest_st
{
323 ASN1_OCTET_STRING
*signedContentIdentifier
;
324 CMS_ReceiptsFrom
*receiptsFrom
;
325 STACK_OF(GENERAL_NAMES
) *receiptsTo
;
328 struct CMS_ReceiptsFrom_st
{
331 int32_t allOrFirstTier
;
332 STACK_OF(GENERAL_NAMES
) *receiptList
;
336 struct CMS_Receipt_st
{
338 ASN1_OBJECT
*contentType
;
339 ASN1_OCTET_STRING
*signedContentIdentifier
;
340 ASN1_OCTET_STRING
*originatorSignatureValue
;
343 DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo
)
344 DECLARE_ASN1_ITEM(CMS_SignerInfo
)
345 DECLARE_ASN1_ITEM(CMS_IssuerAndSerialNumber
)
346 DECLARE_ASN1_ITEM(CMS_Attributes_Sign
)
347 DECLARE_ASN1_ITEM(CMS_Attributes_Verify
)
348 DECLARE_ASN1_ITEM(CMS_RecipientInfo
)
349 DECLARE_ASN1_ITEM(CMS_PasswordRecipientInfo
)
350 DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_IssuerAndSerialNumber
)
352 # define CMS_SIGNERINFO_ISSUER_SERIAL 0
353 # define CMS_SIGNERINFO_KEYIDENTIFIER 1
355 # define CMS_RECIPINFO_ISSUER_SERIAL 0
356 # define CMS_RECIPINFO_KEYIDENTIFIER 1
358 # define CMS_REK_ISSUER_SERIAL 0
359 # define CMS_REK_KEYIDENTIFIER 1
361 # define CMS_OIK_ISSUER_SERIAL 0
362 # define CMS_OIK_KEYIDENTIFIER 1
363 # define CMS_OIK_PUBKEY 2
365 BIO
*cms_content_bio(CMS_ContentInfo
*cms
);
367 CMS_ContentInfo
*cms_Data_create(void);
369 CMS_ContentInfo
*cms_DigestedData_create(const EVP_MD
*md
);
370 BIO
*cms_DigestedData_init_bio(const CMS_ContentInfo
*cms
);
371 int cms_DigestedData_do_final(const CMS_ContentInfo
*cms
, BIO
*chain
, int verify
);
373 BIO
*cms_SignedData_init_bio(CMS_ContentInfo
*cms
);
374 int cms_SignedData_final(CMS_ContentInfo
*cms
, BIO
*chain
);
375 int cms_set1_SignerIdentifier(CMS_SignerIdentifier
*sid
, X509
*cert
,
377 int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier
*sid
,
378 ASN1_OCTET_STRING
**keyid
,
381 int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier
*sid
, X509
*cert
);
383 CMS_ContentInfo
*cms_CompressedData_create(int comp_nid
);
384 BIO
*cms_CompressedData_init_bio(const CMS_ContentInfo
*cms
);
386 BIO
*cms_DigestAlgorithm_init_bio(X509_ALGOR
*digestAlgorithm
);
387 int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX
*mctx
, BIO
*chain
,
390 int cms_ias_cert_cmp(CMS_IssuerAndSerialNumber
*ias
, X509
*cert
);
391 int cms_keyid_cert_cmp(ASN1_OCTET_STRING
*keyid
, X509
*cert
);
392 int cms_set1_ias(CMS_IssuerAndSerialNumber
**pias
, X509
*cert
);
393 int cms_set1_keyid(ASN1_OCTET_STRING
**pkeyid
, X509
*cert
);
395 BIO
*cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo
*ec
);
396 BIO
*cms_EncryptedData_init_bio(const CMS_ContentInfo
*cms
);
397 int cms_EncryptedContent_init(CMS_EncryptedContentInfo
*ec
,
398 const EVP_CIPHER
*cipher
,
399 const unsigned char *key
, size_t keylen
);
401 int cms_Receipt_verify(CMS_ContentInfo
*cms
, CMS_ContentInfo
*req_cms
);
402 int cms_msgSigDigest_add1(CMS_SignerInfo
*dest
, CMS_SignerInfo
*src
);
403 ASN1_OCTET_STRING
*cms_encode_Receipt(CMS_SignerInfo
*si
);
405 BIO
*cms_EnvelopedData_init_bio(const CMS_ContentInfo
*cms
);
406 CMS_EnvelopedData
*cms_get0_enveloped(CMS_ContentInfo
*cms
);
407 int cms_env_asn1_ctrl(CMS_RecipientInfo
*ri
, int cmd
);
408 int cms_pkey_get_ri_type(EVP_PKEY
*pk
);
410 int cms_RecipientInfo_kari_init(CMS_RecipientInfo
*ri
, X509
*recip
,
411 EVP_PKEY
*pk
, unsigned int flags
);
412 int cms_RecipientInfo_kari_encrypt(const CMS_ContentInfo
*cms
,
413 CMS_RecipientInfo
*ri
);
416 int cms_RecipientInfo_pwri_crypt(const CMS_ContentInfo
*cms
, CMS_RecipientInfo
*ri
,
418 /* SignerInfo routines */
419 int CMS_si_check_attributes(const CMS_SignerInfo
*si
);
421 DECLARE_ASN1_ITEM(CMS_CertificateChoices
)
422 DECLARE_ASN1_ITEM(CMS_DigestedData
)
423 DECLARE_ASN1_ITEM(CMS_EncryptedData
)
424 DECLARE_ASN1_ITEM(CMS_EnvelopedData
)
425 DECLARE_ASN1_ITEM(CMS_KEKRecipientInfo
)
426 DECLARE_ASN1_ITEM(CMS_KeyAgreeRecipientInfo
)
427 DECLARE_ASN1_ITEM(CMS_KeyTransRecipientInfo
)
428 DECLARE_ASN1_ITEM(CMS_OriginatorPublicKey
)
429 DECLARE_ASN1_ITEM(CMS_OtherKeyAttribute
)
430 DECLARE_ASN1_ITEM(CMS_Receipt
)
431 DECLARE_ASN1_ITEM(CMS_ReceiptRequest
)
432 DECLARE_ASN1_ITEM(CMS_RecipientEncryptedKey
)
433 DECLARE_ASN1_ITEM(CMS_RecipientKeyIdentifier
)
434 DECLARE_ASN1_ITEM(CMS_RevocationInfoChoice
)
435 DECLARE_ASN1_ITEM(CMS_SignedData
)
436 DECLARE_ASN1_ITEM(CMS_CompressedData
)