[thirdparty/openssl.git] / crypto / cms / cms_lcl.h

/* crypto/cms/cms_lcl.h */
/*
 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
/* ====================================================================
 * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    licensing@OpenSSL.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 */

#ifndef HEADER_CMS_LCL_H
# define HEADER_CMS_LCL_H

#ifdef __cplusplus
extern "C" {
#endif

# include <openssl/x509.h>

/*
 * Cryptographic message syntax (CMS) structures: taken from RFC3852
 */

/* Forward references */

typedef struct CMS_IssuerAndSerialNumber_st CMS_IssuerAndSerialNumber;
typedef struct CMS_EncapsulatedContentInfo_st CMS_EncapsulatedContentInfo;
typedef struct CMS_SignerIdentifier_st CMS_SignerIdentifier;
typedef struct CMS_SignedData_st CMS_SignedData;
typedef struct CMS_OtherRevocationInfoFormat_st CMS_OtherRevocationInfoFormat;
typedef struct CMS_OriginatorInfo_st CMS_OriginatorInfo;
typedef struct CMS_EncryptedContentInfo_st CMS_EncryptedContentInfo;
typedef struct CMS_EnvelopedData_st CMS_EnvelopedData;
typedef struct CMS_DigestedData_st CMS_DigestedData;
typedef struct CMS_EncryptedData_st CMS_EncryptedData;
typedef struct CMS_AuthenticatedData_st CMS_AuthenticatedData;
typedef struct CMS_CompressedData_st CMS_CompressedData;
typedef struct CMS_OtherCertificateFormat_st CMS_OtherCertificateFormat;
typedef struct CMS_KeyTransRecipientInfo_st CMS_KeyTransRecipientInfo;
typedef struct CMS_OriginatorPublicKey_st CMS_OriginatorPublicKey;
typedef struct CMS_OriginatorIdentifierOrKey_st CMS_OriginatorIdentifierOrKey;
typedef struct CMS_KeyAgreeRecipientInfo_st CMS_KeyAgreeRecipientInfo;
typedef struct CMS_RecipientKeyIdentifier_st CMS_RecipientKeyIdentifier;
typedef struct CMS_KeyAgreeRecipientIdentifier_st
    CMS_KeyAgreeRecipientIdentifier;
typedef struct CMS_KEKIdentifier_st CMS_KEKIdentifier;
typedef struct CMS_KEKRecipientInfo_st CMS_KEKRecipientInfo;
typedef struct CMS_PasswordRecipientInfo_st CMS_PasswordRecipientInfo;
typedef struct CMS_OtherRecipientInfo_st CMS_OtherRecipientInfo;
typedef struct CMS_ReceiptsFrom_st CMS_ReceiptsFrom;

struct CMS_ContentInfo_st {
    ASN1_OBJECT *contentType;
    union {
        ASN1_OCTET_STRING *data;
        CMS_SignedData *signedData;
        CMS_EnvelopedData *envelopedData;
        CMS_DigestedData *digestedData;
        CMS_EncryptedData *encryptedData;
        CMS_AuthenticatedData *authenticatedData;
        CMS_CompressedData *compressedData;
        ASN1_TYPE *other;
        /* Other types ... */
        void *otherData;
    } d;
};

struct CMS_SignedData_st {
    long version;
    STACK_OF(X509_ALGOR) *digestAlgorithms;
    CMS_EncapsulatedContentInfo *encapContentInfo;
    STACK_OF(CMS_CertificateChoices) *certificates;
    STACK_OF(CMS_RevocationInfoChoice) *crls;
    STACK_OF(CMS_SignerInfo) *signerInfos;
};

struct CMS_EncapsulatedContentInfo_st {
    ASN1_OBJECT *eContentType;
    ASN1_OCTET_STRING *eContent;
    /* Set to 1 if incomplete structure only part set up */
    int partial;
};

struct CMS_SignerInfo_st {
    long version;
    CMS_SignerIdentifier *sid;
    X509_ALGOR *digestAlgorithm;
    STACK_OF(X509_ATTRIBUTE) *signedAttrs;
    X509_ALGOR *signatureAlgorithm;
    ASN1_OCTET_STRING *signature;
    STACK_OF(X509_ATTRIBUTE) *unsignedAttrs;
    /* Signing certificate and key */
    X509 *signer;
    EVP_PKEY *pkey;
    /* Digest and public key context for alternative parameters */
    EVP_MD_CTX mctx;
    EVP_PKEY_CTX *pctx;
};

struct CMS_SignerIdentifier_st {
    int type;
    union {
        CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
        ASN1_OCTET_STRING *subjectKeyIdentifier;
    } d;
};

struct CMS_EnvelopedData_st {
    long version;
    CMS_OriginatorInfo *originatorInfo;
    STACK_OF(CMS_RecipientInfo) *recipientInfos;
    CMS_EncryptedContentInfo *encryptedContentInfo;
    STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs;
};

struct CMS_OriginatorInfo_st {
    STACK_OF(CMS_CertificateChoices) *certificates;
    STACK_OF(CMS_RevocationInfoChoice) *crls;
};

struct CMS_EncryptedContentInfo_st {
    ASN1_OBJECT *contentType;
    X509_ALGOR *contentEncryptionAlgorithm;
    ASN1_OCTET_STRING *encryptedContent;
    /* Content encryption algorithm and key */
    const EVP_CIPHER *cipher;
    unsigned char *key;
    size_t keylen;
    /* Set to 1 if we are debugging decrypt and don't fake keys for MMA */
    int debug;
};

struct CMS_RecipientInfo_st {
    int type;
    union {
        CMS_KeyTransRecipientInfo *ktri;
        CMS_KeyAgreeRecipientInfo *kari;
        CMS_KEKRecipientInfo *kekri;
        CMS_PasswordRecipientInfo *pwri;
        CMS_OtherRecipientInfo *ori;
    } d;
};

typedef CMS_SignerIdentifier CMS_RecipientIdentifier;

struct CMS_KeyTransRecipientInfo_st {
    long version;
    CMS_RecipientIdentifier *rid;
    X509_ALGOR *keyEncryptionAlgorithm;
    ASN1_OCTET_STRING *encryptedKey;
    /* Recipient Key and cert */
    X509 *recip;
    EVP_PKEY *pkey;
    /* Public key context for this operation */
    EVP_PKEY_CTX *pctx;
};

struct CMS_KeyAgreeRecipientInfo_st {
    long version;
    CMS_OriginatorIdentifierOrKey *originator;
    ASN1_OCTET_STRING *ukm;
    X509_ALGOR *keyEncryptionAlgorithm;
    STACK_OF(CMS_RecipientEncryptedKey) *recipientEncryptedKeys;
    /* Public key context associated with current operation */
    EVP_PKEY_CTX *pctx;
    /* Cipher context for CEK wrapping */
    EVP_CIPHER_CTX ctx;
};

struct CMS_OriginatorIdentifierOrKey_st {
    int type;
    union {
        CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
        ASN1_OCTET_STRING *subjectKeyIdentifier;
        CMS_OriginatorPublicKey *originatorKey;
    } d;
};

struct CMS_OriginatorPublicKey_st {
    X509_ALGOR *algorithm;
    ASN1_BIT_STRING *publicKey;
};

struct CMS_RecipientEncryptedKey_st {
    CMS_KeyAgreeRecipientIdentifier *rid;
    ASN1_OCTET_STRING *encryptedKey;
    /* Public key associated with this recipient */
    EVP_PKEY *pkey;
};

struct CMS_KeyAgreeRecipientIdentifier_st {
    int type;
    union {
        CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
        CMS_RecipientKeyIdentifier *rKeyId;
    } d;
};

struct CMS_RecipientKeyIdentifier_st {
    ASN1_OCTET_STRING *subjectKeyIdentifier;
    ASN1_GENERALIZEDTIME *date;
    CMS_OtherKeyAttribute *other;
};

struct CMS_KEKRecipientInfo_st {
    long version;
    CMS_KEKIdentifier *kekid;
    X509_ALGOR *keyEncryptionAlgorithm;
    ASN1_OCTET_STRING *encryptedKey;
    /* Extra info: symmetric key to use */
    unsigned char *key;
    size_t keylen;
};

struct CMS_KEKIdentifier_st {
    ASN1_OCTET_STRING *keyIdentifier;
    ASN1_GENERALIZEDTIME *date;
    CMS_OtherKeyAttribute *other;
};

struct CMS_PasswordRecipientInfo_st {
    long version;
    X509_ALGOR *keyDerivationAlgorithm;
    X509_ALGOR *keyEncryptionAlgorithm;
    ASN1_OCTET_STRING *encryptedKey;
    /* Extra info: password to use */
    unsigned char *pass;
    size_t passlen;
};

struct CMS_OtherRecipientInfo_st {
    ASN1_OBJECT *oriType;
    ASN1_TYPE *oriValue;
};

struct CMS_DigestedData_st {
    long version;
    X509_ALGOR *digestAlgorithm;
    CMS_EncapsulatedContentInfo *encapContentInfo;
    ASN1_OCTET_STRING *digest;
};

struct CMS_EncryptedData_st {
    long version;
    CMS_EncryptedContentInfo *encryptedContentInfo;
    STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs;
};

struct CMS_AuthenticatedData_st {
    long version;
    CMS_OriginatorInfo *originatorInfo;
    STACK_OF(CMS_RecipientInfo) *recipientInfos;
    X509_ALGOR *macAlgorithm;
    X509_ALGOR *digestAlgorithm;
    CMS_EncapsulatedContentInfo *encapContentInfo;
    STACK_OF(X509_ATTRIBUTE) *authAttrs;
    ASN1_OCTET_STRING *mac;
    STACK_OF(X509_ATTRIBUTE) *unauthAttrs;
};

struct CMS_CompressedData_st {
    long version;
    X509_ALGOR *compressionAlgorithm;
    STACK_OF(CMS_RecipientInfo) *recipientInfos;
    CMS_EncapsulatedContentInfo *encapContentInfo;
};

struct CMS_RevocationInfoChoice_st {
    int type;
    union {
        X509_CRL *crl;
        CMS_OtherRevocationInfoFormat *other;
    } d;
};

# define CMS_REVCHOICE_CRL               0
# define CMS_REVCHOICE_OTHER             1

struct CMS_OtherRevocationInfoFormat_st {
    ASN1_OBJECT *otherRevInfoFormat;
    ASN1_TYPE *otherRevInfo;
};

struct CMS_CertificateChoices {
    int type;
    union {
        X509 *certificate;
        ASN1_STRING *extendedCertificate; /* Obsolete */
        ASN1_STRING *v1AttrCert; /* Left encoded for now */
        ASN1_STRING *v2AttrCert; /* Left encoded for now */
        CMS_OtherCertificateFormat *other;
    } d;
};

# define CMS_CERTCHOICE_CERT             0
# define CMS_CERTCHOICE_EXCERT           1
# define CMS_CERTCHOICE_V1ACERT          2
# define CMS_CERTCHOICE_V2ACERT          3
# define CMS_CERTCHOICE_OTHER            4

struct CMS_OtherCertificateFormat_st {
    ASN1_OBJECT *otherCertFormat;
    ASN1_TYPE *otherCert;
};

/*
 * This is also defined in pkcs7.h but we duplicate it to allow the CMS code
 * to be independent of PKCS#7
 */

struct CMS_IssuerAndSerialNumber_st {
    X509_NAME *issuer;
    ASN1_INTEGER *serialNumber;
};

struct CMS_OtherKeyAttribute_st {
    ASN1_OBJECT *keyAttrId;
    ASN1_TYPE *keyAttr;
};

/* ESS structures */

# ifdef HEADER_X509V3_H

struct CMS_ReceiptRequest_st {
    ASN1_OCTET_STRING *signedContentIdentifier;
    CMS_ReceiptsFrom *receiptsFrom;
    STACK_OF(GENERAL_NAMES) *receiptsTo;
};

struct CMS_ReceiptsFrom_st {
    int type;
    union {
        long allOrFirstTier;
        STACK_OF(GENERAL_NAMES) *receiptList;
    } d;
};
# endif

struct CMS_Receipt_st {
    long version;
    ASN1_OBJECT *contentType;
    ASN1_OCTET_STRING *signedContentIdentifier;
    ASN1_OCTET_STRING *originatorSignatureValue;
};

DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
DECLARE_ASN1_ITEM(CMS_SignerInfo)
DECLARE_ASN1_ITEM(CMS_IssuerAndSerialNumber)
DECLARE_ASN1_ITEM(CMS_Attributes_Sign)
DECLARE_ASN1_ITEM(CMS_Attributes_Verify)
DECLARE_ASN1_ITEM(CMS_RecipientInfo)
DECLARE_ASN1_ITEM(CMS_PasswordRecipientInfo)
DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_IssuerAndSerialNumber)

# define CMS_SIGNERINFO_ISSUER_SERIAL    0
# define CMS_SIGNERINFO_KEYIDENTIFIER    1

# define CMS_RECIPINFO_ISSUER_SERIAL     0
# define CMS_RECIPINFO_KEYIDENTIFIER     1

# define CMS_REK_ISSUER_SERIAL           0
# define CMS_REK_KEYIDENTIFIER           1

# define CMS_OIK_ISSUER_SERIAL           0
# define CMS_OIK_KEYIDENTIFIER           1
# define CMS_OIK_PUBKEY                  2

BIO *cms_content_bio(CMS_ContentInfo *cms);

CMS_ContentInfo *cms_Data_create(void);

CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md);
BIO *cms_DigestedData_init_bio(CMS_ContentInfo *cms);
int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify);

BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms);
int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain);
int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert,
                              int type);
int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid,
                                        ASN1_OCTET_STRING **keyid,
                                        X509_NAME **issuer,
                                        ASN1_INTEGER **sno);
int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert);

CMS_ContentInfo *cms_CompressedData_create(int comp_nid);
BIO *cms_CompressedData_init_bio(CMS_ContentInfo *cms);

BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm);
int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
                                 X509_ALGOR *mdalg);

int cms_ias_cert_cmp(CMS_IssuerAndSerialNumber *ias, X509 *cert);
int cms_keyid_cert_cmp(ASN1_OCTET_STRING *keyid, X509 *cert);
int cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert);
int cms_set1_keyid(ASN1_OCTET_STRING **pkeyid, X509 *cert);

BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec);
BIO *cms_EncryptedData_init_bio(CMS_ContentInfo *cms);
int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec,
                              const EVP_CIPHER *cipher,
                              const unsigned char *key, size_t keylen);

int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms);
int cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src);
ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si);

BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms);
CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms);
int cms_env_asn1_ctrl(CMS_RecipientInfo *ri, int cmd);
int cms_pkey_get_ri_type(EVP_PKEY *pk);
/* KARI routines */
int cms_RecipientInfo_kari_init(CMS_RecipientInfo *ri, X509 *recip,
                                EVP_PKEY *pk, unsigned int flags);
int cms_RecipientInfo_kari_encrypt(CMS_ContentInfo *cms,
                                   CMS_RecipientInfo *ri);

/* PWRI routines */
int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
                                 int en_de);

DECLARE_ASN1_ITEM(CMS_CertificateChoices)
DECLARE_ASN1_ITEM(CMS_DigestedData)
DECLARE_ASN1_ITEM(CMS_EncryptedData)
DECLARE_ASN1_ITEM(CMS_EnvelopedData)
DECLARE_ASN1_ITEM(CMS_KEKRecipientInfo)
DECLARE_ASN1_ITEM(CMS_KeyAgreeRecipientInfo)
DECLARE_ASN1_ITEM(CMS_KeyTransRecipientInfo)
DECLARE_ASN1_ITEM(CMS_OriginatorPublicKey)
DECLARE_ASN1_ITEM(CMS_OtherKeyAttribute)
DECLARE_ASN1_ITEM(CMS_Receipt)
DECLARE_ASN1_ITEM(CMS_ReceiptRequest)
DECLARE_ASN1_ITEM(CMS_RecipientEncryptedKey)
DECLARE_ASN1_ITEM(CMS_RecipientKeyIdentifier)
DECLARE_ASN1_ITEM(CMS_RevocationInfoChoice)
DECLARE_ASN1_ITEM(CMS_SignedData)
DECLARE_ASN1_ITEM(CMS_CompressedData)

#ifdef  __cplusplus
}
#endif
#endif
Commit	Line	Data
8931b30d	1	/* crypto/cms/cms_lcl.h */
0f113f3e MC	2	/*
0f113f3e MC	3	* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
8931b30d DSH	4	* project.
	5	*/
	6	/* ====================================================================
	7	* Copyright (c) 2008 The OpenSSL Project. All rights reserved.
	8	*
	9	* Redistribution and use in source and binary forms, with or without
	10	* modification, are permitted provided that the following conditions
	11	* are met:
	12	*
	13	* 1. Redistributions of source code must retain the above copyright
0f113f3e	14	* notice, this list of conditions and the following disclaimer.
8931b30d DSH	15	*
	16	* 2. Redistributions in binary form must reproduce the above copyright
	17	* notice, this list of conditions and the following disclaimer in
	18	* the documentation and/or other materials provided with the
	19	* distribution.
	20	*
	21	* 3. All advertising materials mentioning features or use of this
	22	* software must display the following acknowledgment:
	23	* "This product includes software developed by the OpenSSL Project
	24	* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
	25	*
	26	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
	27	* endorse or promote products derived from this software without
	28	* prior written permission. For written permission, please contact
	29	* licensing@OpenSSL.org.
	30	*
	31	* 5. Products derived from this software may not be called "OpenSSL"
	32	* nor may "OpenSSL" appear in their names without prior written
	33	* permission of the OpenSSL Project.
	34	*
	35	* 6. Redistributions of any form whatsoever must retain the following
	36	* acknowledgment:
	37	* "This product includes software developed by the OpenSSL Project
	38	* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
	39	*
	40	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
	41	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	42	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	43	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
	44	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
	45	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	46	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
	47	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	49	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	50	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
	51	* OF THE POSSIBILITY OF SUCH DAMAGE.
	52	* ====================================================================
	53	*/
	54
	55	#ifndef HEADER_CMS_LCL_H
0f113f3e	56	# define HEADER_CMS_LCL_H
8931b30d DSH	57
	58	#ifdef __cplusplus
	59	extern "C" {
	60	#endif
	61
0f113f3e	62	# include <openssl/x509.h>
8931b30d	63
0f113f3e MC	64	/*
0f113f3e MC	65	* Cryptographic message syntax (CMS) structures: taken from RFC3852
8931b30d DSH	66	*/
	67
	68	/* Forward references */
	69
	70	typedef struct CMS_IssuerAndSerialNumber_st CMS_IssuerAndSerialNumber;
	71	typedef struct CMS_EncapsulatedContentInfo_st CMS_EncapsulatedContentInfo;
	72	typedef struct CMS_SignerIdentifier_st CMS_SignerIdentifier;
	73	typedef struct CMS_SignedData_st CMS_SignedData;
	74	typedef struct CMS_OtherRevocationInfoFormat_st CMS_OtherRevocationInfoFormat;
	75	typedef struct CMS_OriginatorInfo_st CMS_OriginatorInfo;
	76	typedef struct CMS_EncryptedContentInfo_st CMS_EncryptedContentInfo;
	77	typedef struct CMS_EnvelopedData_st CMS_EnvelopedData;
	78	typedef struct CMS_DigestedData_st CMS_DigestedData;
	79	typedef struct CMS_EncryptedData_st CMS_EncryptedData;
	80	typedef struct CMS_AuthenticatedData_st CMS_AuthenticatedData;
	81	typedef struct CMS_CompressedData_st CMS_CompressedData;
	82	typedef struct CMS_OtherCertificateFormat_st CMS_OtherCertificateFormat;
	83	typedef struct CMS_KeyTransRecipientInfo_st CMS_KeyTransRecipientInfo;
	84	typedef struct CMS_OriginatorPublicKey_st CMS_OriginatorPublicKey;
	85	typedef struct CMS_OriginatorIdentifierOrKey_st CMS_OriginatorIdentifierOrKey;
	86	typedef struct CMS_KeyAgreeRecipientInfo_st CMS_KeyAgreeRecipientInfo;
8931b30d	87	typedef struct CMS_RecipientKeyIdentifier_st CMS_RecipientKeyIdentifier;
0f113f3e MC	88	typedef struct CMS_KeyAgreeRecipientIdentifier_st
0f113f3e MC	89	CMS_KeyAgreeRecipientIdentifier;
8931b30d DSH	90	typedef struct CMS_KEKIdentifier_st CMS_KEKIdentifier;
	91	typedef struct CMS_KEKRecipientInfo_st CMS_KEKRecipientInfo;
	92	typedef struct CMS_PasswordRecipientInfo_st CMS_PasswordRecipientInfo;
	93	typedef struct CMS_OtherRecipientInfo_st CMS_OtherRecipientInfo;
be86c7fc	94	typedef struct CMS_ReceiptsFrom_st CMS_ReceiptsFrom;
8931b30d	95
0f113f3e MC	96	struct CMS_ContentInfo_st {
	97	ASN1_OBJECT *contentType;
	98	union {
	99	ASN1_OCTET_STRING *data;
	100	CMS_SignedData *signedData;
	101	CMS_EnvelopedData *envelopedData;
	102	CMS_DigestedData *digestedData;
	103	CMS_EncryptedData *encryptedData;
	104	CMS_AuthenticatedData *authenticatedData;
	105	CMS_CompressedData *compressedData;
	106	ASN1_TYPE *other;
	107	/* Other types ... */
	108	void *otherData;
	109	} d;
	110	};
	111
	112	struct CMS_SignedData_st {
	113	long version;
	114	STACK_OF(X509_ALGOR) *digestAlgorithms;
	115	CMS_EncapsulatedContentInfo *encapContentInfo;
	116	STACK_OF(CMS_CertificateChoices) *certificates;
	117	STACK_OF(CMS_RevocationInfoChoice) *crls;
	118	STACK_OF(CMS_SignerInfo) *signerInfos;
	119	};
	120
	121	struct CMS_EncapsulatedContentInfo_st {
	122	ASN1_OBJECT *eContentType;
	123	ASN1_OCTET_STRING *eContent;
	124	/* Set to 1 if incomplete structure only part set up */
	125	int partial;
	126	};
	127
	128	struct CMS_SignerInfo_st {
	129	long version;
	130	CMS_SignerIdentifier *sid;
	131	X509_ALGOR *digestAlgorithm;
	132	STACK_OF(X509_ATTRIBUTE) *signedAttrs;
	133	X509_ALGOR *signatureAlgorithm;
	134	ASN1_OCTET_STRING *signature;
	135	STACK_OF(X509_ATTRIBUTE) *unsignedAttrs;
	136	/* Signing certificate and key */
	137	X509 *signer;
	138	EVP_PKEY *pkey;
	139	/* Digest and public key context for alternative parameters */
	140	EVP_MD_CTX mctx;
	141	EVP_PKEY_CTX *pctx;
	142	};
	143
	144	struct CMS_SignerIdentifier_st {
	145	int type;
	146	union {
	147	CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
	148	ASN1_OCTET_STRING *subjectKeyIdentifier;
	149	} d;
	150	};
	151
	152	struct CMS_EnvelopedData_st {
	153	long version;
	154	CMS_OriginatorInfo *originatorInfo;
	155	STACK_OF(CMS_RecipientInfo) *recipientInfos;
	156	CMS_EncryptedContentInfo *encryptedContentInfo;
	157	STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs;
	158	};
	159
160	struct CMS_OriginatorInfo_st {
161	STACK_OF(CMS_CertificateChoices) *certificates;
162	STACK_OF(CMS_RevocationInfoChoice) *crls;
163	};
164
165	struct CMS_EncryptedContentInfo_st {
166	ASN1_OBJECT *contentType;
167	X509_ALGOR *contentEncryptionAlgorithm;
168	ASN1_OCTET_STRING *encryptedContent;
169	/* Content encryption algorithm and key */
170	const EVP_CIPHER *cipher;
171	unsigned char *key;
172	size_t keylen;
173	/* Set to 1 if we are debugging decrypt and don't fake keys for MMA */
174	int debug;
175	};
176
177	struct CMS_RecipientInfo_st {
178	int type;
179	union {
180	CMS_KeyTransRecipientInfo *ktri;
181	CMS_KeyAgreeRecipientInfo *kari;
182	CMS_KEKRecipientInfo *kekri;
183	CMS_PasswordRecipientInfo *pwri;
184	CMS_OtherRecipientInfo *ori;
185	} d;
186	};
8931b30d	187
8931b30d DSH	188	typedef CMS_SignerIdentifier CMS_RecipientIdentifier;
8931b30d DSH	189
0f113f3e MC	190	struct CMS_KeyTransRecipientInfo_st {
	191	long version;
	192	CMS_RecipientIdentifier *rid;
	193	X509_ALGOR *keyEncryptionAlgorithm;
	194	ASN1_OCTET_STRING *encryptedKey;
	195	/* Recipient Key and cert */
	196	X509 *recip;
	197	EVP_PKEY *pkey;
	198	/* Public key context for this operation */
	199	EVP_PKEY_CTX *pctx;
	200	};
	201
	202	struct CMS_KeyAgreeRecipientInfo_st {
	203	long version;
	204	CMS_OriginatorIdentifierOrKey *originator;
	205	ASN1_OCTET_STRING *ukm;
	206	X509_ALGOR *keyEncryptionAlgorithm;
	207	STACK_OF(CMS_RecipientEncryptedKey) *recipientEncryptedKeys;
	208	/* Public key context associated with current operation */
	209	EVP_PKEY_CTX *pctx;
	210	/* Cipher context for CEK wrapping */
	211	EVP_CIPHER_CTX ctx;
	212	};
	213
	214	struct CMS_OriginatorIdentifierOrKey_st {
	215	int type;
	216	union {
	217	CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
	218	ASN1_OCTET_STRING *subjectKeyIdentifier;
	219	CMS_OriginatorPublicKey *originatorKey;
	220	} d;
	221	};
	222
	223	struct CMS_OriginatorPublicKey_st {
	224	X509_ALGOR *algorithm;
	225	ASN1_BIT_STRING *publicKey;
	226	};
	227
	228	struct CMS_RecipientEncryptedKey_st {
	229	CMS_KeyAgreeRecipientIdentifier *rid;
	230	ASN1_OCTET_STRING *encryptedKey;
	231	/* Public key associated with this recipient */
	232	EVP_PKEY *pkey;
	233	};
	234
	235	struct CMS_KeyAgreeRecipientIdentifier_st {
	236	int type;
	237	union {
	238	CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
	239	CMS_RecipientKeyIdentifier *rKeyId;
	240	} d;
	241	};
	242
	243	struct CMS_RecipientKeyIdentifier_st {
	244	ASN1_OCTET_STRING *subjectKeyIdentifier;
	245	ASN1_GENERALIZEDTIME *date;
	246	CMS_OtherKeyAttribute *other;
	247	};
	248
	249	struct CMS_KEKRecipientInfo_st {
	250	long version;
	251	CMS_KEKIdentifier *kekid;
	252	X509_ALGOR *keyEncryptionAlgorithm;
	253	ASN1_OCTET_STRING *encryptedKey;
254	/* Extra info: symmetric key to use */
255	unsigned char *key;
256	size_t keylen;
257	};
258
259	struct CMS_KEKIdentifier_st {
260	ASN1_OCTET_STRING *keyIdentifier;
261	ASN1_GENERALIZEDTIME *date;
262	CMS_OtherKeyAttribute *other;
263	};
264
265	struct CMS_PasswordRecipientInfo_st {
266	long version;
267	X509_ALGOR *keyDerivationAlgorithm;
268	X509_ALGOR *keyEncryptionAlgorithm;
269	ASN1_OCTET_STRING *encryptedKey;
270	/* Extra info: password to use */
271	unsigned char *pass;
272	size_t passlen;
273	};
274
275	struct CMS_OtherRecipientInfo_st {
276	ASN1_OBJECT *oriType;
277	ASN1_TYPE *oriValue;
278	};
279
280	struct CMS_DigestedData_st {
281	long version;
282	X509_ALGOR *digestAlgorithm;
283	CMS_EncapsulatedContentInfo *encapContentInfo;
284	ASN1_OCTET_STRING *digest;
285	};
286
287	struct CMS_EncryptedData_st {
288	long version;
289	CMS_EncryptedContentInfo *encryptedContentInfo;
290	STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs;
291	};
292
293	struct CMS_AuthenticatedData_st {
294	long version;
295	CMS_OriginatorInfo *originatorInfo;
296	STACK_OF(CMS_RecipientInfo) *recipientInfos;
297	X509_ALGOR *macAlgorithm;
298	X509_ALGOR *digestAlgorithm;
299	CMS_EncapsulatedContentInfo *encapContentInfo;
300	STACK_OF(X509_ATTRIBUTE) *authAttrs;
301	ASN1_OCTET_STRING *mac;
302	STACK_OF(X509_ATTRIBUTE) *unauthAttrs;
303	};
304
305	struct CMS_CompressedData_st {
306	long version;
307	X509_ALGOR *compressionAlgorithm;
308	STACK_OF(CMS_RecipientInfo) *recipientInfos;
309	CMS_EncapsulatedContentInfo *encapContentInfo;
310	};
311
312	struct CMS_RevocationInfoChoice_st {
313	int type;
314	union {
315	X509_CRL *crl;
316	CMS_OtherRevocationInfoFormat *other;
317	} d;
318	};
319
320	# define CMS_REVCHOICE_CRL 0
321	# define CMS_REVCHOICE_OTHER 1
322
323	struct CMS_OtherRevocationInfoFormat_st {
324	ASN1_OBJECT *otherRevInfoFormat;
325	ASN1_TYPE *otherRevInfo;
326	};
327
328	struct CMS_CertificateChoices {
329	int type;
330	union {
331	X509 *certificate;
332	ASN1_STRING extendedCertificate; / Obsolete */
333	ASN1_STRING v1AttrCert; / Left encoded for now */
334	ASN1_STRING v2AttrCert; / Left encoded for now */
335	CMS_OtherCertificateFormat *other;
336	} d;
337	};
338
339	# define CMS_CERTCHOICE_CERT 0
340	# define CMS_CERTCHOICE_EXCERT 1
341	# define CMS_CERTCHOICE_V1ACERT 2
342	# define CMS_CERTCHOICE_V2ACERT 3
343	# define CMS_CERTCHOICE_OTHER 4
344
345	struct CMS_OtherCertificateFormat_st {
346	ASN1_OBJECT *otherCertFormat;
347	ASN1_TYPE *otherCert;
348	};
349
350	/*
351	* This is also defined in pkcs7.h but we duplicate it to allow the CMS code
352	* to be independent of PKCS#7
8931b30d DSH	353	*/
8931b30d DSH	354
0f113f3e MC	355	struct CMS_IssuerAndSerialNumber_st {
	356	X509_NAME *issuer;
	357	ASN1_INTEGER *serialNumber;
	358	};
8931b30d	359
0f113f3e MC	360	struct CMS_OtherKeyAttribute_st {
	361	ASN1_OBJECT *keyAttrId;
	362	ASN1_TYPE *keyAttr;
	363	};
8931b30d	364
be86c7fc DSH	365	/* ESS structures */
be86c7fc DSH	366
0f113f3e MC	367	# ifdef HEADER_X509V3_H
	368
	369	struct CMS_ReceiptRequest_st {
	370	ASN1_OCTET_STRING *signedContentIdentifier;
	371	CMS_ReceiptsFrom *receiptsFrom;
	372	STACK_OF(GENERAL_NAMES) *receiptsTo;
	373	};
	374
	375	struct CMS_ReceiptsFrom_st {
	376	int type;
	377	union {
	378	long allOrFirstTier;
	379	STACK_OF(GENERAL_NAMES) *receiptList;
	380	} d;
	381	};
	382	# endif
	383
	384	struct CMS_Receipt_st {
	385	long version;
	386	ASN1_OBJECT *contentType;
	387	ASN1_OCTET_STRING *signedContentIdentifier;
	388	ASN1_OCTET_STRING *originatorSignatureValue;
	389	};
be86c7fc	390
8931b30d DSH	391	DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
	392	DECLARE_ASN1_ITEM(CMS_SignerInfo)
	393	DECLARE_ASN1_ITEM(CMS_IssuerAndSerialNumber)
	394	DECLARE_ASN1_ITEM(CMS_Attributes_Sign)
	395	DECLARE_ASN1_ITEM(CMS_Attributes_Verify)
d2a53c22 DSH	396	DECLARE_ASN1_ITEM(CMS_RecipientInfo)
d2a53c22 DSH	397	DECLARE_ASN1_ITEM(CMS_PasswordRecipientInfo)
8931b30d DSH	398	DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_IssuerAndSerialNumber)
8931b30d DSH	399
0f113f3e MC	400	# define CMS_SIGNERINFO_ISSUER_SERIAL 0
0f113f3e MC	401	# define CMS_SIGNERINFO_KEYIDENTIFIER 1
8931b30d	402
0f113f3e MC	403	# define CMS_RECIPINFO_ISSUER_SERIAL 0
0f113f3e MC	404	# define CMS_RECIPINFO_KEYIDENTIFIER 1
8931b30d	405
0f113f3e MC	406	# define CMS_REK_ISSUER_SERIAL 0
0f113f3e MC	407	# define CMS_REK_KEYIDENTIFIER 1
17c2764d	408
0f113f3e MC	409	# define CMS_OIK_ISSUER_SERIAL 0
	410	# define CMS_OIK_KEYIDENTIFIER 1
	411	# define CMS_OIK_PUBKEY 2
17c2764d	412
8931b30d DSH	413	BIO cms_content_bio(CMS_ContentInfo cms);
	414
	415	CMS_ContentInfo *cms_Data_create(void);
	416
	417	CMS_ContentInfo cms_DigestedData_create(const EVP_MD md);
	418	BIO cms_DigestedData_init_bio(CMS_ContentInfo cms);
	419	int cms_DigestedData_do_final(CMS_ContentInfo cms, BIO chain, int verify);
	420
	421	BIO cms_SignedData_init_bio(CMS_ContentInfo cms);
	422	int cms_SignedData_final(CMS_ContentInfo cms, BIO chain);
0f113f3e MC	423	int cms_set1_SignerIdentifier(CMS_SignerIdentifier sid, X509 cert,
0f113f3e MC	424	int type);
8931b30d	425	int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid,
0f113f3e MC	426	ASN1_OCTET_STRING **keyid,
	427	X509_NAME **issuer,
	428	ASN1_INTEGER **sno);
8931b30d DSH	429	int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier sid, X509 cert);
	430
	431	CMS_ContentInfo *cms_CompressedData_create(int comp_nid);
	432	BIO cms_CompressedData_init_bio(CMS_ContentInfo cms);
	433
8931b30d DSH	434	BIO cms_DigestAlgorithm_init_bio(X509_ALGOR digestAlgorithm);
8931b30d DSH	435	int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX mctx, BIO chain,
0f113f3e	436	X509_ALGOR *mdalg);
b820455c	437
17c2764d DSH	438	int cms_ias_cert_cmp(CMS_IssuerAndSerialNumber ias, X509 cert);
	439	int cms_keyid_cert_cmp(ASN1_OCTET_STRING keyid, X509 cert);
	440	int cms_set1_ias(CMS_IssuerAndSerialNumber *pias, X509 cert);
	441	int cms_set1_keyid(ASN1_OCTET_STRING *pkeyid, X509 cert);
	442
4f1aa191	443	BIO cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo ec);
320bfc1b	444	BIO cms_EncryptedData_init_bio(CMS_ContentInfo cms);
0f113f3e MC	445	int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec,
	446	const EVP_CIPHER *cipher,
	447	const unsigned char *key, size_t keylen);
4f1aa191	448
eb9d8d8c	449	int cms_Receipt_verify(CMS_ContentInfo cms, CMS_ContentInfo req_cms);
36309aa2 DSH	450	int cms_msgSigDigest_add1(CMS_SignerInfo dest, CMS_SignerInfo src);
36309aa2 DSH	451	ASN1_OCTET_STRING cms_encode_Receipt(CMS_SignerInfo si);
eb9d8d8c	452
4f1aa191	453	BIO cms_EnvelopedData_init_bio(CMS_ContentInfo cms);
d2a53c22	454	CMS_EnvelopedData cms_get0_enveloped(CMS_ContentInfo cms);
17c2764d DSH	455	int cms_env_asn1_ctrl(CMS_RecipientInfo *ri, int cmd);
	456	int cms_pkey_get_ri_type(EVP_PKEY *pk);
	457	/* KARI routines */
	458	int cms_RecipientInfo_kari_init(CMS_RecipientInfo ri, X509 recip,
0f113f3e MC	459	EVP_PKEY *pk, unsigned int flags);
	460	int cms_RecipientInfo_kari_encrypt(CMS_ContentInfo *cms,
	461	CMS_RecipientInfo *ri);
d2a53c22 DSH	462
	463	/* PWRI routines */
	464	int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo cms, CMS_RecipientInfo ri,
0f113f3e MC	465	int en_de);
0f113f3e MC	466
df2ee0e2 BL	467	DECLARE_ASN1_ITEM(CMS_CertificateChoices)
	468	DECLARE_ASN1_ITEM(CMS_DigestedData)
	469	DECLARE_ASN1_ITEM(CMS_EncryptedData)
	470	DECLARE_ASN1_ITEM(CMS_EnvelopedData)
	471	DECLARE_ASN1_ITEM(CMS_KEKRecipientInfo)
	472	DECLARE_ASN1_ITEM(CMS_KeyAgreeRecipientInfo)
	473	DECLARE_ASN1_ITEM(CMS_KeyTransRecipientInfo)
	474	DECLARE_ASN1_ITEM(CMS_OriginatorPublicKey)
	475	DECLARE_ASN1_ITEM(CMS_OtherKeyAttribute)
	476	DECLARE_ASN1_ITEM(CMS_Receipt)
	477	DECLARE_ASN1_ITEM(CMS_ReceiptRequest)
	478	DECLARE_ASN1_ITEM(CMS_RecipientEncryptedKey)
	479	DECLARE_ASN1_ITEM(CMS_RecipientKeyIdentifier)
	480	DECLARE_ASN1_ITEM(CMS_RevocationInfoChoice)
	481	DECLARE_ASN1_ITEM(CMS_SignedData)
bc2a15cd	482	DECLARE_ASN1_ITEM(CMS_CompressedData)
df2ee0e2	483
8931b30d DSH	484	#ifdef __cplusplus
	485	}
	486	#endif
	487	#endif