2 * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #ifndef OSSL_CRYPTO_CMS_LOCAL_H
11 # define OSSL_CRYPTO_CMS_LOCAL_H
13 # include <openssl/x509.h>
16 * Cryptographic message syntax (CMS) structures: taken from RFC3852
19 /* Forward references */
21 typedef struct CMS_IssuerAndSerialNumber_st CMS_IssuerAndSerialNumber
;
22 typedef struct CMS_EncapsulatedContentInfo_st CMS_EncapsulatedContentInfo
;
23 typedef struct CMS_SignerIdentifier_st CMS_SignerIdentifier
;
24 typedef struct CMS_SignedData_st CMS_SignedData
;
25 typedef struct CMS_OtherRevocationInfoFormat_st CMS_OtherRevocationInfoFormat
;
26 typedef struct CMS_OriginatorInfo_st CMS_OriginatorInfo
;
27 typedef struct CMS_EncryptedContentInfo_st CMS_EncryptedContentInfo
;
28 typedef struct CMS_EnvelopedData_st CMS_EnvelopedData
;
29 typedef struct CMS_DigestedData_st CMS_DigestedData
;
30 typedef struct CMS_EncryptedData_st CMS_EncryptedData
;
31 typedef struct CMS_AuthenticatedData_st CMS_AuthenticatedData
;
32 typedef struct CMS_AuthEnvelopedData_st CMS_AuthEnvelopedData
;
33 typedef struct CMS_CompressedData_st CMS_CompressedData
;
34 typedef struct CMS_OtherCertificateFormat_st CMS_OtherCertificateFormat
;
35 typedef struct CMS_KeyTransRecipientInfo_st CMS_KeyTransRecipientInfo
;
36 typedef struct CMS_OriginatorPublicKey_st CMS_OriginatorPublicKey
;
37 typedef struct CMS_OriginatorIdentifierOrKey_st CMS_OriginatorIdentifierOrKey
;
38 typedef struct CMS_KeyAgreeRecipientInfo_st CMS_KeyAgreeRecipientInfo
;
39 typedef struct CMS_RecipientKeyIdentifier_st CMS_RecipientKeyIdentifier
;
40 typedef struct CMS_KeyAgreeRecipientIdentifier_st
41 CMS_KeyAgreeRecipientIdentifier
;
42 typedef struct CMS_KEKIdentifier_st CMS_KEKIdentifier
;
43 typedef struct CMS_KEKRecipientInfo_st CMS_KEKRecipientInfo
;
44 typedef struct CMS_PasswordRecipientInfo_st CMS_PasswordRecipientInfo
;
45 typedef struct CMS_OtherRecipientInfo_st CMS_OtherRecipientInfo
;
46 typedef struct CMS_ReceiptsFrom_st CMS_ReceiptsFrom
;
47 typedef struct CMS_CTX_st CMS_CTX
;
54 struct CMS_ContentInfo_st
{
55 ASN1_OBJECT
*contentType
;
57 ASN1_OCTET_STRING
*data
;
58 CMS_SignedData
*signedData
;
59 CMS_EnvelopedData
*envelopedData
;
60 CMS_DigestedData
*digestedData
;
61 CMS_EncryptedData
*encryptedData
;
62 CMS_AuthEnvelopedData
*authEnvelopedData
;
63 CMS_AuthenticatedData
*authenticatedData
;
64 CMS_CompressedData
*compressedData
;
72 DEFINE_STACK_OF(CMS_CertificateChoices
)
74 struct CMS_SignedData_st
{
76 STACK_OF(X509_ALGOR
) *digestAlgorithms
;
77 CMS_EncapsulatedContentInfo
*encapContentInfo
;
78 STACK_OF(CMS_CertificateChoices
) *certificates
;
79 STACK_OF(CMS_RevocationInfoChoice
) *crls
;
80 STACK_OF(CMS_SignerInfo
) *signerInfos
;
83 struct CMS_EncapsulatedContentInfo_st
{
84 ASN1_OBJECT
*eContentType
;
85 ASN1_OCTET_STRING
*eContent
;
86 /* Set to 1 if incomplete structure only part set up */
90 struct CMS_SignerInfo_st
{
92 CMS_SignerIdentifier
*sid
;
93 X509_ALGOR
*digestAlgorithm
;
94 STACK_OF(X509_ATTRIBUTE
) *signedAttrs
;
95 X509_ALGOR
*signatureAlgorithm
;
96 ASN1_OCTET_STRING
*signature
;
97 STACK_OF(X509_ATTRIBUTE
) *unsignedAttrs
;
98 /* Signing certificate and key */
101 /* Digest and public key context for alternative parameters */
104 const CMS_CTX
*cms_ctx
;
107 struct CMS_SignerIdentifier_st
{
110 CMS_IssuerAndSerialNumber
*issuerAndSerialNumber
;
111 ASN1_OCTET_STRING
*subjectKeyIdentifier
;
115 struct CMS_EnvelopedData_st
{
117 CMS_OriginatorInfo
*originatorInfo
;
118 STACK_OF(CMS_RecipientInfo
) *recipientInfos
;
119 CMS_EncryptedContentInfo
*encryptedContentInfo
;
120 STACK_OF(X509_ATTRIBUTE
) *unprotectedAttrs
;
123 struct CMS_OriginatorInfo_st
{
124 STACK_OF(CMS_CertificateChoices
) *certificates
;
125 STACK_OF(CMS_RevocationInfoChoice
) *crls
;
128 struct CMS_EncryptedContentInfo_st
{
129 ASN1_OBJECT
*contentType
;
130 X509_ALGOR
*contentEncryptionAlgorithm
;
131 ASN1_OCTET_STRING
*encryptedContent
;
132 /* Content encryption algorithm, key and tag */
133 const EVP_CIPHER
*cipher
;
138 /* Set to 1 if we are debugging decrypt and don't fake keys for MMA */
140 /* Set to 1 if we have no cert and need extra safety measures for MMA */
144 struct CMS_RecipientInfo_st
{
147 CMS_KeyTransRecipientInfo
*ktri
;
148 CMS_KeyAgreeRecipientInfo
*kari
;
149 CMS_KEKRecipientInfo
*kekri
;
150 CMS_PasswordRecipientInfo
*pwri
;
151 CMS_OtherRecipientInfo
*ori
;
155 typedef CMS_SignerIdentifier CMS_RecipientIdentifier
;
157 struct CMS_KeyTransRecipientInfo_st
{
159 CMS_RecipientIdentifier
*rid
;
160 X509_ALGOR
*keyEncryptionAlgorithm
;
161 ASN1_OCTET_STRING
*encryptedKey
;
162 /* Recipient Key and cert */
165 /* Public key context for this operation */
167 const CMS_CTX
*cms_ctx
;
170 struct CMS_KeyAgreeRecipientInfo_st
{
172 CMS_OriginatorIdentifierOrKey
*originator
;
173 ASN1_OCTET_STRING
*ukm
;
174 X509_ALGOR
*keyEncryptionAlgorithm
;
175 STACK_OF(CMS_RecipientEncryptedKey
) *recipientEncryptedKeys
;
176 /* Public key context associated with current operation */
178 /* Cipher context for CEK wrapping */
180 const CMS_CTX
*cms_ctx
;
183 struct CMS_OriginatorIdentifierOrKey_st
{
186 CMS_IssuerAndSerialNumber
*issuerAndSerialNumber
;
187 ASN1_OCTET_STRING
*subjectKeyIdentifier
;
188 CMS_OriginatorPublicKey
*originatorKey
;
192 struct CMS_OriginatorPublicKey_st
{
193 X509_ALGOR
*algorithm
;
194 ASN1_BIT_STRING
*publicKey
;
197 struct CMS_RecipientEncryptedKey_st
{
198 CMS_KeyAgreeRecipientIdentifier
*rid
;
199 ASN1_OCTET_STRING
*encryptedKey
;
200 /* Public key associated with this recipient */
204 struct CMS_KeyAgreeRecipientIdentifier_st
{
207 CMS_IssuerAndSerialNumber
*issuerAndSerialNumber
;
208 CMS_RecipientKeyIdentifier
*rKeyId
;
212 struct CMS_RecipientKeyIdentifier_st
{
213 ASN1_OCTET_STRING
*subjectKeyIdentifier
;
214 ASN1_GENERALIZEDTIME
*date
;
215 CMS_OtherKeyAttribute
*other
;
218 struct CMS_KEKRecipientInfo_st
{
220 CMS_KEKIdentifier
*kekid
;
221 X509_ALGOR
*keyEncryptionAlgorithm
;
222 ASN1_OCTET_STRING
*encryptedKey
;
223 /* Extra info: symmetric key to use */
226 const CMS_CTX
*cms_ctx
;
229 struct CMS_KEKIdentifier_st
{
230 ASN1_OCTET_STRING
*keyIdentifier
;
231 ASN1_GENERALIZEDTIME
*date
;
232 CMS_OtherKeyAttribute
*other
;
235 struct CMS_PasswordRecipientInfo_st
{
237 X509_ALGOR
*keyDerivationAlgorithm
;
238 X509_ALGOR
*keyEncryptionAlgorithm
;
239 ASN1_OCTET_STRING
*encryptedKey
;
240 /* Extra info: password to use */
243 const CMS_CTX
*cms_ctx
;
246 struct CMS_OtherRecipientInfo_st
{
247 ASN1_OBJECT
*oriType
;
251 struct CMS_DigestedData_st
{
253 X509_ALGOR
*digestAlgorithm
;
254 CMS_EncapsulatedContentInfo
*encapContentInfo
;
255 ASN1_OCTET_STRING
*digest
;
258 struct CMS_EncryptedData_st
{
260 CMS_EncryptedContentInfo
*encryptedContentInfo
;
261 STACK_OF(X509_ATTRIBUTE
) *unprotectedAttrs
;
264 struct CMS_AuthenticatedData_st
{
266 CMS_OriginatorInfo
*originatorInfo
;
267 STACK_OF(CMS_RecipientInfo
) *recipientInfos
;
268 X509_ALGOR
*macAlgorithm
;
269 X509_ALGOR
*digestAlgorithm
;
270 CMS_EncapsulatedContentInfo
*encapContentInfo
;
271 STACK_OF(X509_ATTRIBUTE
) *authAttrs
;
272 ASN1_OCTET_STRING
*mac
;
273 STACK_OF(X509_ATTRIBUTE
) *unauthAttrs
;
276 struct CMS_AuthEnvelopedData_st
{
278 CMS_OriginatorInfo
*originatorInfo
;
279 STACK_OF(CMS_RecipientInfo
) *recipientInfos
;
280 CMS_EncryptedContentInfo
*authEncryptedContentInfo
;
281 STACK_OF(X509_ATTRIBUTE
) *authAttrs
;
282 ASN1_OCTET_STRING
*mac
;
283 STACK_OF(X509_ATTRIBUTE
) *unauthAttrs
;
286 struct CMS_CompressedData_st
{
288 X509_ALGOR
*compressionAlgorithm
;
289 STACK_OF(CMS_RecipientInfo
) *recipientInfos
;
290 CMS_EncapsulatedContentInfo
*encapContentInfo
;
293 struct CMS_RevocationInfoChoice_st
{
297 CMS_OtherRevocationInfoFormat
*other
;
301 # define CMS_REVCHOICE_CRL 0
302 # define CMS_REVCHOICE_OTHER 1
304 struct CMS_OtherRevocationInfoFormat_st
{
305 ASN1_OBJECT
*otherRevInfoFormat
;
306 ASN1_TYPE
*otherRevInfo
;
309 struct CMS_CertificateChoices
{
313 ASN1_STRING
*extendedCertificate
; /* Obsolete */
314 ASN1_STRING
*v1AttrCert
; /* Left encoded for now */
315 ASN1_STRING
*v2AttrCert
; /* Left encoded for now */
316 CMS_OtherCertificateFormat
*other
;
320 # define CMS_CERTCHOICE_CERT 0
321 # define CMS_CERTCHOICE_EXCERT 1
322 # define CMS_CERTCHOICE_V1ACERT 2
323 # define CMS_CERTCHOICE_V2ACERT 3
324 # define CMS_CERTCHOICE_OTHER 4
326 struct CMS_OtherCertificateFormat_st
{
327 ASN1_OBJECT
*otherCertFormat
;
328 ASN1_TYPE
*otherCert
;
332 * This is also defined in pkcs7.h but we duplicate it to allow the CMS code
333 * to be independent of PKCS#7
336 struct CMS_IssuerAndSerialNumber_st
{
338 ASN1_INTEGER
*serialNumber
;
341 struct CMS_OtherKeyAttribute_st
{
342 ASN1_OBJECT
*keyAttrId
;
348 struct CMS_ReceiptRequest_st
{
349 ASN1_OCTET_STRING
*signedContentIdentifier
;
350 CMS_ReceiptsFrom
*receiptsFrom
;
351 STACK_OF(GENERAL_NAMES
) *receiptsTo
;
354 struct CMS_ReceiptsFrom_st
{
357 int32_t allOrFirstTier
;
358 STACK_OF(GENERAL_NAMES
) *receiptList
;
362 struct CMS_Receipt_st
{
364 ASN1_OBJECT
*contentType
;
365 ASN1_OCTET_STRING
*signedContentIdentifier
;
366 ASN1_OCTET_STRING
*originatorSignatureValue
;
369 DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo
)
370 DECLARE_ASN1_ITEM(CMS_SignerInfo
)
371 DECLARE_ASN1_ITEM(CMS_IssuerAndSerialNumber
)
372 DECLARE_ASN1_ITEM(CMS_Attributes_Sign
)
373 DECLARE_ASN1_ITEM(CMS_Attributes_Verify
)
374 DECLARE_ASN1_ITEM(CMS_RecipientInfo
)
375 DECLARE_ASN1_ITEM(CMS_PasswordRecipientInfo
)
376 DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_IssuerAndSerialNumber
)
378 # define CMS_SIGNERINFO_ISSUER_SERIAL 0
379 # define CMS_SIGNERINFO_KEYIDENTIFIER 1
381 # define CMS_RECIPINFO_ISSUER_SERIAL 0
382 # define CMS_RECIPINFO_KEYIDENTIFIER 1
384 # define CMS_REK_ISSUER_SERIAL 0
385 # define CMS_REK_KEYIDENTIFIER 1
387 # define CMS_OIK_ISSUER_SERIAL 0
388 # define CMS_OIK_KEYIDENTIFIER 1
389 # define CMS_OIK_PUBKEY 2
391 BIO
*cms_content_bio(CMS_ContentInfo
*cms
);
392 const CMS_CTX
*cms_get0_cmsctx(const CMS_ContentInfo
*cms
);
393 OSSL_LIB_CTX
*cms_ctx_get0_libctx(const CMS_CTX
*ctx
);
394 const char *cms_ctx_get0_propq(const CMS_CTX
*ctx
);
395 void cms_resolve_libctx(CMS_ContentInfo
*ci
);
397 CMS_ContentInfo
*cms_Data_create(OSSL_LIB_CTX
*ctx
, const char *propq
);
399 CMS_ContentInfo
*cms_DigestedData_create(const EVP_MD
*md
,
400 OSSL_LIB_CTX
*libctx
,
402 BIO
*cms_DigestedData_init_bio(const CMS_ContentInfo
*cms
);
403 int cms_DigestedData_do_final(const CMS_ContentInfo
*cms
,
404 BIO
*chain
, int verify
);
406 BIO
*cms_SignedData_init_bio(CMS_ContentInfo
*cms
);
407 int cms_SignedData_final(CMS_ContentInfo
*cms
, BIO
*chain
);
408 int cms_set1_SignerIdentifier(CMS_SignerIdentifier
*sid
, X509
*cert
,
409 int type
, const CMS_CTX
*ctx
);
410 int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier
*sid
,
411 ASN1_OCTET_STRING
**keyid
,
414 int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier
*sid
, X509
*cert
);
416 CMS_ContentInfo
*cms_CompressedData_create(int comp_nid
, OSSL_LIB_CTX
*libctx
,
418 BIO
*cms_CompressedData_init_bio(const CMS_ContentInfo
*cms
);
420 BIO
*cms_DigestAlgorithm_init_bio(X509_ALGOR
*digestAlgorithm
,
422 int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX
*mctx
, BIO
*chain
,
425 int cms_ias_cert_cmp(CMS_IssuerAndSerialNumber
*ias
, X509
*cert
);
426 int cms_keyid_cert_cmp(ASN1_OCTET_STRING
*keyid
, X509
*cert
);
427 int cms_set1_ias(CMS_IssuerAndSerialNumber
**pias
, X509
*cert
);
428 int cms_set1_keyid(ASN1_OCTET_STRING
**pkeyid
, X509
*cert
);
430 BIO
*cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo
*ec
,
432 BIO
*cms_EncryptedData_init_bio(const CMS_ContentInfo
*cms
);
433 int cms_EncryptedContent_init(CMS_EncryptedContentInfo
*ec
,
434 const EVP_CIPHER
*cipher
,
435 const unsigned char *key
, size_t keylen
,
438 int cms_Receipt_verify(CMS_ContentInfo
*cms
, CMS_ContentInfo
*req_cms
);
439 int cms_msgSigDigest_add1(CMS_SignerInfo
*dest
, CMS_SignerInfo
*src
);
440 ASN1_OCTET_STRING
*cms_encode_Receipt(CMS_SignerInfo
*si
);
442 BIO
*cms_EnvelopedData_init_bio(CMS_ContentInfo
*cms
);
443 int cms_EnvelopedData_final(CMS_ContentInfo
*cms
, BIO
*chain
);
444 BIO
*cms_AuthEnvelopedData_init_bio(CMS_ContentInfo
*cms
);
445 int cms_AuthEnvelopedData_final(CMS_ContentInfo
*cms
, BIO
*cmsbio
);
446 CMS_EnvelopedData
*cms_get0_enveloped(CMS_ContentInfo
*cms
);
447 CMS_AuthEnvelopedData
*cms_get0_auth_enveloped(CMS_ContentInfo
*cms
);
448 CMS_EncryptedContentInfo
* cms_get0_env_enc_content(const CMS_ContentInfo
*cms
);
450 /* RecipientInfo routines */
451 int cms_env_asn1_ctrl(CMS_RecipientInfo
*ri
, int cmd
);
452 int cms_pkey_get_ri_type(EVP_PKEY
*pk
);
453 int cms_pkey_is_ri_type_supported(EVP_PKEY
*pk
, int ri_type
);
455 void cms_RecipientInfos_set_cmsctx(CMS_ContentInfo
*cms
);
458 int cms_RecipientInfo_kari_init(CMS_RecipientInfo
*ri
, X509
*recip
,
459 EVP_PKEY
*recipPubKey
, X509
*originator
,
460 EVP_PKEY
*originatorPrivKey
, unsigned int flags
,
462 int cms_RecipientInfo_kari_encrypt(const CMS_ContentInfo
*cms
,
463 CMS_RecipientInfo
*ri
);
466 int cms_RecipientInfo_pwri_crypt(const CMS_ContentInfo
*cms
,
467 CMS_RecipientInfo
*ri
, int en_de
);
468 /* SignerInfo routines */
469 int CMS_si_check_attributes(const CMS_SignerInfo
*si
);
470 void cms_SignerInfos_set_cmsctx(CMS_ContentInfo
*cms
);
474 int ess_check_signing_certs(CMS_SignerInfo
*si
, STACK_OF(X509
) *chain
);
476 int cms_dh_envelope(CMS_RecipientInfo
*ri
, int decrypt
);
477 int cms_ecdh_envelope(CMS_RecipientInfo
*ri
, int decrypt
);
478 int cms_rsa_envelope(CMS_RecipientInfo
*ri
, int decrypt
);
479 int cms_ecdsa_dsa_sign(CMS_SignerInfo
*si
, int verify
);
480 int cms_rsa_sign(CMS_SignerInfo
*si
, int verify
);
482 DECLARE_ASN1_ITEM(CMS_CertificateChoices
)
483 DECLARE_ASN1_ITEM(CMS_DigestedData
)
484 DECLARE_ASN1_ITEM(CMS_EncryptedData
)
485 DECLARE_ASN1_ITEM(CMS_EnvelopedData
)
486 DECLARE_ASN1_ITEM(CMS_AuthEnvelopedData
)
487 DECLARE_ASN1_ITEM(CMS_KEKRecipientInfo
)
488 DECLARE_ASN1_ITEM(CMS_KeyAgreeRecipientInfo
)
489 DECLARE_ASN1_ITEM(CMS_KeyTransRecipientInfo
)
490 DECLARE_ASN1_ITEM(CMS_OriginatorPublicKey
)
491 DECLARE_ASN1_ITEM(CMS_OtherKeyAttribute
)
492 DECLARE_ASN1_ITEM(CMS_Receipt
)
493 DECLARE_ASN1_ITEM(CMS_ReceiptRequest
)
494 DECLARE_ASN1_ITEM(CMS_RecipientEncryptedKey
)
495 DECLARE_ASN1_ITEM(CMS_RecipientKeyIdentifier
)
496 DECLARE_ASN1_ITEM(CMS_RevocationInfoChoice
)
497 DECLARE_ASN1_ITEM(CMS_SignedData
)
498 DECLARE_ASN1_ITEM(CMS_CompressedData
)