1 /* crypto/cms/cms_lcl.h */
3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
6 /* ====================================================================
7 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * licensing@OpenSSL.org.
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
35 * 6. Redistributions of any form whatsoever must retain the following
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
55 #ifndef HEADER_CMS_LCL_H
56 # define HEADER_CMS_LCL_H
62 # include <openssl/x509.h>
65 * Cryptographic message syntax (CMS) structures: taken from RFC3852
68 /* Forward references */
70 typedef struct CMS_IssuerAndSerialNumber_st CMS_IssuerAndSerialNumber
;
71 typedef struct CMS_EncapsulatedContentInfo_st CMS_EncapsulatedContentInfo
;
72 typedef struct CMS_SignerIdentifier_st CMS_SignerIdentifier
;
73 typedef struct CMS_SignedData_st CMS_SignedData
;
74 typedef struct CMS_OtherRevocationInfoFormat_st CMS_OtherRevocationInfoFormat
;
75 typedef struct CMS_OriginatorInfo_st CMS_OriginatorInfo
;
76 typedef struct CMS_EncryptedContentInfo_st CMS_EncryptedContentInfo
;
77 typedef struct CMS_EnvelopedData_st CMS_EnvelopedData
;
78 typedef struct CMS_DigestedData_st CMS_DigestedData
;
79 typedef struct CMS_EncryptedData_st CMS_EncryptedData
;
80 typedef struct CMS_AuthenticatedData_st CMS_AuthenticatedData
;
81 typedef struct CMS_CompressedData_st CMS_CompressedData
;
82 typedef struct CMS_OtherCertificateFormat_st CMS_OtherCertificateFormat
;
83 typedef struct CMS_KeyTransRecipientInfo_st CMS_KeyTransRecipientInfo
;
84 typedef struct CMS_OriginatorPublicKey_st CMS_OriginatorPublicKey
;
85 typedef struct CMS_OriginatorIdentifierOrKey_st CMS_OriginatorIdentifierOrKey
;
86 typedef struct CMS_KeyAgreeRecipientInfo_st CMS_KeyAgreeRecipientInfo
;
87 typedef struct CMS_RecipientKeyIdentifier_st CMS_RecipientKeyIdentifier
;
88 typedef struct CMS_KeyAgreeRecipientIdentifier_st
89 CMS_KeyAgreeRecipientIdentifier
;
90 typedef struct CMS_KEKIdentifier_st CMS_KEKIdentifier
;
91 typedef struct CMS_KEKRecipientInfo_st CMS_KEKRecipientInfo
;
92 typedef struct CMS_PasswordRecipientInfo_st CMS_PasswordRecipientInfo
;
93 typedef struct CMS_OtherRecipientInfo_st CMS_OtherRecipientInfo
;
94 typedef struct CMS_ReceiptsFrom_st CMS_ReceiptsFrom
;
96 struct CMS_ContentInfo_st
{
97 ASN1_OBJECT
*contentType
;
99 ASN1_OCTET_STRING
*data
;
100 CMS_SignedData
*signedData
;
101 CMS_EnvelopedData
*envelopedData
;
102 CMS_DigestedData
*digestedData
;
103 CMS_EncryptedData
*encryptedData
;
104 CMS_AuthenticatedData
*authenticatedData
;
105 CMS_CompressedData
*compressedData
;
107 /* Other types ... */
112 struct CMS_SignedData_st
{
114 STACK_OF(X509_ALGOR
) *digestAlgorithms
;
115 CMS_EncapsulatedContentInfo
*encapContentInfo
;
116 STACK_OF(CMS_CertificateChoices
) *certificates
;
117 STACK_OF(CMS_RevocationInfoChoice
) *crls
;
118 STACK_OF(CMS_SignerInfo
) *signerInfos
;
121 struct CMS_EncapsulatedContentInfo_st
{
122 ASN1_OBJECT
*eContentType
;
123 ASN1_OCTET_STRING
*eContent
;
124 /* Set to 1 if incomplete structure only part set up */
128 struct CMS_SignerInfo_st
{
130 CMS_SignerIdentifier
*sid
;
131 X509_ALGOR
*digestAlgorithm
;
132 STACK_OF(X509_ATTRIBUTE
) *signedAttrs
;
133 X509_ALGOR
*signatureAlgorithm
;
134 ASN1_OCTET_STRING
*signature
;
135 STACK_OF(X509_ATTRIBUTE
) *unsignedAttrs
;
136 /* Signing certificate and key */
139 /* Digest and public key context for alternative parameters */
144 struct CMS_SignerIdentifier_st
{
147 CMS_IssuerAndSerialNumber
*issuerAndSerialNumber
;
148 ASN1_OCTET_STRING
*subjectKeyIdentifier
;
152 struct CMS_EnvelopedData_st
{
154 CMS_OriginatorInfo
*originatorInfo
;
155 STACK_OF(CMS_RecipientInfo
) *recipientInfos
;
156 CMS_EncryptedContentInfo
*encryptedContentInfo
;
157 STACK_OF(X509_ATTRIBUTE
) *unprotectedAttrs
;
160 struct CMS_OriginatorInfo_st
{
161 STACK_OF(CMS_CertificateChoices
) *certificates
;
162 STACK_OF(CMS_RevocationInfoChoice
) *crls
;
165 struct CMS_EncryptedContentInfo_st
{
166 ASN1_OBJECT
*contentType
;
167 X509_ALGOR
*contentEncryptionAlgorithm
;
168 ASN1_OCTET_STRING
*encryptedContent
;
169 /* Content encryption algorithm and key */
170 const EVP_CIPHER
*cipher
;
173 /* Set to 1 if we are debugging decrypt and don't fake keys for MMA */
177 struct CMS_RecipientInfo_st
{
180 CMS_KeyTransRecipientInfo
*ktri
;
181 CMS_KeyAgreeRecipientInfo
*kari
;
182 CMS_KEKRecipientInfo
*kekri
;
183 CMS_PasswordRecipientInfo
*pwri
;
184 CMS_OtherRecipientInfo
*ori
;
188 typedef CMS_SignerIdentifier CMS_RecipientIdentifier
;
190 struct CMS_KeyTransRecipientInfo_st
{
192 CMS_RecipientIdentifier
*rid
;
193 X509_ALGOR
*keyEncryptionAlgorithm
;
194 ASN1_OCTET_STRING
*encryptedKey
;
195 /* Recipient Key and cert */
198 /* Public key context for this operation */
202 struct CMS_KeyAgreeRecipientInfo_st
{
204 CMS_OriginatorIdentifierOrKey
*originator
;
205 ASN1_OCTET_STRING
*ukm
;
206 X509_ALGOR
*keyEncryptionAlgorithm
;
207 STACK_OF(CMS_RecipientEncryptedKey
) *recipientEncryptedKeys
;
208 /* Public key context associated with current operation */
210 /* Cipher context for CEK wrapping */
214 struct CMS_OriginatorIdentifierOrKey_st
{
217 CMS_IssuerAndSerialNumber
*issuerAndSerialNumber
;
218 ASN1_OCTET_STRING
*subjectKeyIdentifier
;
219 CMS_OriginatorPublicKey
*originatorKey
;
223 struct CMS_OriginatorPublicKey_st
{
224 X509_ALGOR
*algorithm
;
225 ASN1_BIT_STRING
*publicKey
;
228 struct CMS_RecipientEncryptedKey_st
{
229 CMS_KeyAgreeRecipientIdentifier
*rid
;
230 ASN1_OCTET_STRING
*encryptedKey
;
231 /* Public key associated with this recipient */
235 struct CMS_KeyAgreeRecipientIdentifier_st
{
238 CMS_IssuerAndSerialNumber
*issuerAndSerialNumber
;
239 CMS_RecipientKeyIdentifier
*rKeyId
;
243 struct CMS_RecipientKeyIdentifier_st
{
244 ASN1_OCTET_STRING
*subjectKeyIdentifier
;
245 ASN1_GENERALIZEDTIME
*date
;
246 CMS_OtherKeyAttribute
*other
;
249 struct CMS_KEKRecipientInfo_st
{
251 CMS_KEKIdentifier
*kekid
;
252 X509_ALGOR
*keyEncryptionAlgorithm
;
253 ASN1_OCTET_STRING
*encryptedKey
;
254 /* Extra info: symmetric key to use */
259 struct CMS_KEKIdentifier_st
{
260 ASN1_OCTET_STRING
*keyIdentifier
;
261 ASN1_GENERALIZEDTIME
*date
;
262 CMS_OtherKeyAttribute
*other
;
265 struct CMS_PasswordRecipientInfo_st
{
267 X509_ALGOR
*keyDerivationAlgorithm
;
268 X509_ALGOR
*keyEncryptionAlgorithm
;
269 ASN1_OCTET_STRING
*encryptedKey
;
270 /* Extra info: password to use */
275 struct CMS_OtherRecipientInfo_st
{
276 ASN1_OBJECT
*oriType
;
280 struct CMS_DigestedData_st
{
282 X509_ALGOR
*digestAlgorithm
;
283 CMS_EncapsulatedContentInfo
*encapContentInfo
;
284 ASN1_OCTET_STRING
*digest
;
287 struct CMS_EncryptedData_st
{
289 CMS_EncryptedContentInfo
*encryptedContentInfo
;
290 STACK_OF(X509_ATTRIBUTE
) *unprotectedAttrs
;
293 struct CMS_AuthenticatedData_st
{
295 CMS_OriginatorInfo
*originatorInfo
;
296 STACK_OF(CMS_RecipientInfo
) *recipientInfos
;
297 X509_ALGOR
*macAlgorithm
;
298 X509_ALGOR
*digestAlgorithm
;
299 CMS_EncapsulatedContentInfo
*encapContentInfo
;
300 STACK_OF(X509_ATTRIBUTE
) *authAttrs
;
301 ASN1_OCTET_STRING
*mac
;
302 STACK_OF(X509_ATTRIBUTE
) *unauthAttrs
;
305 struct CMS_CompressedData_st
{
307 X509_ALGOR
*compressionAlgorithm
;
308 STACK_OF(CMS_RecipientInfo
) *recipientInfos
;
309 CMS_EncapsulatedContentInfo
*encapContentInfo
;
312 struct CMS_RevocationInfoChoice_st
{
316 CMS_OtherRevocationInfoFormat
*other
;
320 # define CMS_REVCHOICE_CRL 0
321 # define CMS_REVCHOICE_OTHER 1
323 struct CMS_OtherRevocationInfoFormat_st
{
324 ASN1_OBJECT
*otherRevInfoFormat
;
325 ASN1_TYPE
*otherRevInfo
;
328 struct CMS_CertificateChoices
{
332 ASN1_STRING
*extendedCertificate
; /* Obsolete */
333 ASN1_STRING
*v1AttrCert
; /* Left encoded for now */
334 ASN1_STRING
*v2AttrCert
; /* Left encoded for now */
335 CMS_OtherCertificateFormat
*other
;
339 # define CMS_CERTCHOICE_CERT 0
340 # define CMS_CERTCHOICE_EXCERT 1
341 # define CMS_CERTCHOICE_V1ACERT 2
342 # define CMS_CERTCHOICE_V2ACERT 3
343 # define CMS_CERTCHOICE_OTHER 4
345 struct CMS_OtherCertificateFormat_st
{
346 ASN1_OBJECT
*otherCertFormat
;
347 ASN1_TYPE
*otherCert
;
351 * This is also defined in pkcs7.h but we duplicate it to allow the CMS code
352 * to be independent of PKCS#7
355 struct CMS_IssuerAndSerialNumber_st
{
357 ASN1_INTEGER
*serialNumber
;
360 struct CMS_OtherKeyAttribute_st
{
361 ASN1_OBJECT
*keyAttrId
;
367 # ifdef HEADER_X509V3_H
369 struct CMS_ReceiptRequest_st
{
370 ASN1_OCTET_STRING
*signedContentIdentifier
;
371 CMS_ReceiptsFrom
*receiptsFrom
;
372 STACK_OF(GENERAL_NAMES
) *receiptsTo
;
375 struct CMS_ReceiptsFrom_st
{
379 STACK_OF(GENERAL_NAMES
) *receiptList
;
384 struct CMS_Receipt_st
{
386 ASN1_OBJECT
*contentType
;
387 ASN1_OCTET_STRING
*signedContentIdentifier
;
388 ASN1_OCTET_STRING
*originatorSignatureValue
;
391 DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo
)
392 DECLARE_ASN1_ITEM(CMS_SignerInfo
)
393 DECLARE_ASN1_ITEM(CMS_IssuerAndSerialNumber
)
394 DECLARE_ASN1_ITEM(CMS_Attributes_Sign
)
395 DECLARE_ASN1_ITEM(CMS_Attributes_Verify
)
396 DECLARE_ASN1_ITEM(CMS_RecipientInfo
)
397 DECLARE_ASN1_ITEM(CMS_PasswordRecipientInfo
)
398 DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_IssuerAndSerialNumber
)
400 # define CMS_SIGNERINFO_ISSUER_SERIAL 0
401 # define CMS_SIGNERINFO_KEYIDENTIFIER 1
403 # define CMS_RECIPINFO_ISSUER_SERIAL 0
404 # define CMS_RECIPINFO_KEYIDENTIFIER 1
406 # define CMS_REK_ISSUER_SERIAL 0
407 # define CMS_REK_KEYIDENTIFIER 1
409 # define CMS_OIK_ISSUER_SERIAL 0
410 # define CMS_OIK_KEYIDENTIFIER 1
411 # define CMS_OIK_PUBKEY 2
413 BIO
*cms_content_bio(CMS_ContentInfo
*cms
);
415 CMS_ContentInfo
*cms_Data_create(void);
417 CMS_ContentInfo
*cms_DigestedData_create(const EVP_MD
*md
);
418 BIO
*cms_DigestedData_init_bio(CMS_ContentInfo
*cms
);
419 int cms_DigestedData_do_final(CMS_ContentInfo
*cms
, BIO
*chain
, int verify
);
421 BIO
*cms_SignedData_init_bio(CMS_ContentInfo
*cms
);
422 int cms_SignedData_final(CMS_ContentInfo
*cms
, BIO
*chain
);
423 int cms_set1_SignerIdentifier(CMS_SignerIdentifier
*sid
, X509
*cert
,
425 int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier
*sid
,
426 ASN1_OCTET_STRING
**keyid
,
429 int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier
*sid
, X509
*cert
);
431 CMS_ContentInfo
*cms_CompressedData_create(int comp_nid
);
432 BIO
*cms_CompressedData_init_bio(CMS_ContentInfo
*cms
);
434 void cms_DigestAlgorithm_set(X509_ALGOR
*alg
, const EVP_MD
*md
);
435 BIO
*cms_DigestAlgorithm_init_bio(X509_ALGOR
*digestAlgorithm
);
436 int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX
*mctx
, BIO
*chain
,
439 int cms_ias_cert_cmp(CMS_IssuerAndSerialNumber
*ias
, X509
*cert
);
440 int cms_keyid_cert_cmp(ASN1_OCTET_STRING
*keyid
, X509
*cert
);
441 int cms_set1_ias(CMS_IssuerAndSerialNumber
**pias
, X509
*cert
);
442 int cms_set1_keyid(ASN1_OCTET_STRING
**pkeyid
, X509
*cert
);
444 BIO
*cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo
*ec
);
445 BIO
*cms_EncryptedData_init_bio(CMS_ContentInfo
*cms
);
446 int cms_EncryptedContent_init(CMS_EncryptedContentInfo
*ec
,
447 const EVP_CIPHER
*cipher
,
448 const unsigned char *key
, size_t keylen
);
450 int cms_Receipt_verify(CMS_ContentInfo
*cms
, CMS_ContentInfo
*req_cms
);
451 int cms_msgSigDigest_add1(CMS_SignerInfo
*dest
, CMS_SignerInfo
*src
);
452 ASN1_OCTET_STRING
*cms_encode_Receipt(CMS_SignerInfo
*si
);
454 BIO
*cms_EnvelopedData_init_bio(CMS_ContentInfo
*cms
);
455 CMS_EnvelopedData
*cms_get0_enveloped(CMS_ContentInfo
*cms
);
456 int cms_env_asn1_ctrl(CMS_RecipientInfo
*ri
, int cmd
);
457 int cms_pkey_get_ri_type(EVP_PKEY
*pk
);
459 int cms_RecipientInfo_kari_init(CMS_RecipientInfo
*ri
, X509
*recip
,
460 EVP_PKEY
*pk
, unsigned int flags
);
461 int cms_RecipientInfo_kari_encrypt(CMS_ContentInfo
*cms
,
462 CMS_RecipientInfo
*ri
);
465 int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo
*cms
, CMS_RecipientInfo
*ri
,