Home | History | Annotate | Download | only in cms
      1 /* crypto/cms/cms_lcl.h */
      2 /* Written by Dr Stephen N Henson (steve (at) openssl.org) for the OpenSSL
      3  * project.
      4  */
      5 /* ====================================================================
      6  * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
      7  *
      8  * Redistribution and use in source and binary forms, with or without
      9  * modification, are permitted provided that the following conditions
     10  * are met:
     11  *
     12  * 1. Redistributions of source code must retain the above copyright
     13  *    notice, this list of conditions and the following disclaimer.
     14  *
     15  * 2. Redistributions in binary form must reproduce the above copyright
     16  *    notice, this list of conditions and the following disclaimer in
     17  *    the documentation and/or other materials provided with the
     18  *    distribution.
     19  *
     20  * 3. All advertising materials mentioning features or use of this
     21  *    software must display the following acknowledgment:
     22  *    "This product includes software developed by the OpenSSL Project
     23  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
     24  *
     25  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
     26  *    endorse or promote products derived from this software without
     27  *    prior written permission. For written permission, please contact
     28  *    licensing (at) OpenSSL.org.
     29  *
     30  * 5. Products derived from this software may not be called "OpenSSL"
     31  *    nor may "OpenSSL" appear in their names without prior written
     32  *    permission of the OpenSSL Project.
     33  *
     34  * 6. Redistributions of any form whatsoever must retain the following
     35  *    acknowledgment:
     36  *    "This product includes software developed by the OpenSSL Project
     37  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
     38  *
     39  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
     40  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
     41  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
     42  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
     43  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
     44  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
     45  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
     46  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
     47  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
     48  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
     49  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
     50  * OF THE POSSIBILITY OF SUCH DAMAGE.
     51  * ====================================================================
     52  */
     53 
     54 #ifndef HEADER_CMS_LCL_H
     55 #define HEADER_CMS_LCL_H
     56 
     57 #ifdef __cplusplus
     58 extern "C" {
     59 #endif
     60 
     61 #include <openssl/x509.h>
     62 
     63 /* Cryptographic message syntax (CMS) structures: taken
     64  * from RFC3852
     65  */
     66 
     67 /* Forward references */
     68 
     69 typedef struct CMS_IssuerAndSerialNumber_st CMS_IssuerAndSerialNumber;
     70 typedef struct CMS_EncapsulatedContentInfo_st CMS_EncapsulatedContentInfo;
     71 typedef struct CMS_SignerIdentifier_st CMS_SignerIdentifier;
     72 typedef struct CMS_SignedData_st CMS_SignedData;
     73 typedef struct CMS_OtherRevocationInfoFormat_st CMS_OtherRevocationInfoFormat;
     74 typedef struct CMS_OriginatorInfo_st CMS_OriginatorInfo;
     75 typedef struct CMS_EncryptedContentInfo_st CMS_EncryptedContentInfo;
     76 typedef struct CMS_EnvelopedData_st CMS_EnvelopedData;
     77 typedef struct CMS_DigestedData_st CMS_DigestedData;
     78 typedef struct CMS_EncryptedData_st CMS_EncryptedData;
     79 typedef struct CMS_AuthenticatedData_st CMS_AuthenticatedData;
     80 typedef struct CMS_CompressedData_st CMS_CompressedData;
     81 typedef struct CMS_OtherCertificateFormat_st CMS_OtherCertificateFormat;
     82 typedef struct CMS_KeyTransRecipientInfo_st CMS_KeyTransRecipientInfo;
     83 typedef struct CMS_OriginatorPublicKey_st CMS_OriginatorPublicKey;
     84 typedef struct CMS_OriginatorIdentifierOrKey_st CMS_OriginatorIdentifierOrKey;
     85 typedef struct CMS_KeyAgreeRecipientInfo_st CMS_KeyAgreeRecipientInfo;
     86 typedef struct CMS_OtherKeyAttribute_st CMS_OtherKeyAttribute;
     87 typedef struct CMS_RecipientKeyIdentifier_st CMS_RecipientKeyIdentifier;
     88 typedef struct CMS_KeyAgreeRecipientIdentifier_st CMS_KeyAgreeRecipientIdentifier;
     89 typedef struct CMS_RecipientEncryptedKey_st CMS_RecipientEncryptedKey;
     90 typedef struct CMS_KEKIdentifier_st CMS_KEKIdentifier;
     91 typedef struct CMS_KEKRecipientInfo_st CMS_KEKRecipientInfo;
     92 typedef struct CMS_PasswordRecipientInfo_st CMS_PasswordRecipientInfo;
     93 typedef struct CMS_OtherRecipientInfo_st CMS_OtherRecipientInfo;
     94 typedef struct CMS_ReceiptsFrom_st CMS_ReceiptsFrom;
     95 
     96 struct CMS_ContentInfo_st
     97 	{
     98 	ASN1_OBJECT *contentType;
     99 	union	{
    100 		ASN1_OCTET_STRING *data;
    101 		CMS_SignedData *signedData;
    102 		CMS_EnvelopedData *envelopedData;
    103 		CMS_DigestedData *digestedData;
    104 		CMS_EncryptedData *encryptedData;
    105 		CMS_AuthenticatedData *authenticatedData;
    106 		CMS_CompressedData *compressedData;
    107 		ASN1_TYPE *other;
    108 		/* Other types ... */
    109 		void *otherData;
    110 		} d;
    111 	};
    112 
    113 struct CMS_SignedData_st
    114 	{
    115 	long version;
    116 	STACK_OF(X509_ALGOR) *digestAlgorithms;
    117 	CMS_EncapsulatedContentInfo *encapContentInfo;
    118 	STACK_OF(CMS_CertificateChoices) *certificates;
    119 	STACK_OF(CMS_RevocationInfoChoice) *crls;
    120 	STACK_OF(CMS_SignerInfo) *signerInfos;
    121 	};
    122 
    123 struct CMS_EncapsulatedContentInfo_st
    124 	{
    125 	ASN1_OBJECT *eContentType;
    126 	ASN1_OCTET_STRING *eContent;
    127 	/* Set to 1 if incomplete structure only part set up */
    128 	int partial;
    129 	};
    130 
    131 struct CMS_SignerInfo_st
    132 	{
    133 	long version;
    134 	CMS_SignerIdentifier *sid;
    135 	X509_ALGOR *digestAlgorithm;
    136 	STACK_OF(X509_ATTRIBUTE) *signedAttrs;
    137 	X509_ALGOR *signatureAlgorithm;
    138 	ASN1_OCTET_STRING *signature;
    139 	STACK_OF(X509_ATTRIBUTE) *unsignedAttrs;
    140 	/* Signing certificate and key */
    141 	X509 *signer;
    142 	EVP_PKEY *pkey;
    143 	};
    144 
    145 struct CMS_SignerIdentifier_st
    146 	{
    147 	int type;
    148 	union	{
    149 		CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
    150 		ASN1_OCTET_STRING *subjectKeyIdentifier;
    151 		} d;
    152 	};
    153 
    154 struct CMS_EnvelopedData_st
    155 	{
    156 	long version;
    157 	CMS_OriginatorInfo *originatorInfo;
    158 	STACK_OF(CMS_RecipientInfo) *recipientInfos;
    159 	CMS_EncryptedContentInfo *encryptedContentInfo;
    160 	STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs;
    161 	};
    162 
    163 struct CMS_OriginatorInfo_st
    164 	{
    165 	STACK_OF(CMS_CertificateChoices) *certificates;
    166 	STACK_OF(CMS_RevocationInfoChoice) *crls;
    167 	};
    168 
    169 struct CMS_EncryptedContentInfo_st
    170 	{
    171 	ASN1_OBJECT *contentType;
    172 	X509_ALGOR *contentEncryptionAlgorithm;
    173 	ASN1_OCTET_STRING *encryptedContent;
    174 	/* Content encryption algorithm and key */
    175 	const EVP_CIPHER *cipher;
    176 	unsigned char *key;
    177 	size_t keylen;
    178 	/* Set to 1 if we are debugging decrypt and don't fake keys for MMA */
    179 	int debug;
    180 	};
    181 
    182 struct CMS_RecipientInfo_st
    183 	{
    184  	int type;
    185  	union	{
    186   	 	CMS_KeyTransRecipientInfo *ktri;
    187    		CMS_KeyAgreeRecipientInfo *kari;
    188    		CMS_KEKRecipientInfo *kekri;
    189 		CMS_PasswordRecipientInfo *pwri;
    190 		CMS_OtherRecipientInfo *ori;
    191 		} d;
    192 	};
    193 
    194 typedef CMS_SignerIdentifier CMS_RecipientIdentifier;
    195 
    196 struct CMS_KeyTransRecipientInfo_st
    197 	{
    198 	long version;
    199 	CMS_RecipientIdentifier *rid;
    200 	X509_ALGOR *keyEncryptionAlgorithm;
    201 	ASN1_OCTET_STRING *encryptedKey;
    202 	/* Recipient Key and cert */
    203 	X509 *recip;
    204 	EVP_PKEY *pkey;
    205 	};
    206 
    207 struct CMS_KeyAgreeRecipientInfo_st
    208 	{
    209 	long version;
    210 	CMS_OriginatorIdentifierOrKey *originator;
    211 	ASN1_OCTET_STRING *ukm;
    212  	X509_ALGOR *keyEncryptionAlgorithm;
    213 	STACK_OF(CMS_RecipientEncryptedKey) *recipientEncryptedKeys;
    214 	};
    215 
    216 struct CMS_OriginatorIdentifierOrKey_st
    217 	{
    218 	int type;
    219 	union	{
    220 		CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
    221 		ASN1_OCTET_STRING *subjectKeyIdentifier;
    222 		CMS_OriginatorPublicKey *originatorKey;
    223 		} d;
    224 	};
    225 
    226 struct CMS_OriginatorPublicKey_st
    227 	{
    228 	X509_ALGOR *algorithm;
    229 	ASN1_BIT_STRING *publicKey;
    230 	};
    231 
    232 struct CMS_RecipientEncryptedKey_st
    233 	{
    234  	CMS_KeyAgreeRecipientIdentifier *rid;
    235  	ASN1_OCTET_STRING *encryptedKey;
    236 	};
    237 
    238 struct CMS_KeyAgreeRecipientIdentifier_st
    239 	{
    240 	int type;
    241 	union	{
    242 		CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
    243 		CMS_RecipientKeyIdentifier *rKeyId;
    244 		} d;
    245 	};
    246 
    247 struct CMS_RecipientKeyIdentifier_st
    248 	{
    249  	ASN1_OCTET_STRING *subjectKeyIdentifier;
    250  	ASN1_GENERALIZEDTIME *date;
    251  	CMS_OtherKeyAttribute *other;
    252 	};
    253 
    254 struct CMS_KEKRecipientInfo_st
    255 	{
    256  	long version;
    257  	CMS_KEKIdentifier *kekid;
    258  	X509_ALGOR *keyEncryptionAlgorithm;
    259  	ASN1_OCTET_STRING *encryptedKey;
    260 	/* Extra info: symmetric key to use */
    261 	unsigned char *key;
    262 	size_t keylen;
    263 	};
    264 
    265 struct CMS_KEKIdentifier_st
    266 	{
    267  	ASN1_OCTET_STRING *keyIdentifier;
    268  	ASN1_GENERALIZEDTIME *date;
    269  	CMS_OtherKeyAttribute *other;
    270 	};
    271 
    272 struct CMS_PasswordRecipientInfo_st
    273 	{
    274  	long version;
    275  	X509_ALGOR *keyDerivationAlgorithm;
    276  	X509_ALGOR *keyEncryptionAlgorithm;
    277  	ASN1_OCTET_STRING *encryptedKey;
    278 	/* Extra info: password to use */
    279 	unsigned char *pass;
    280 	size_t passlen;
    281 	};
    282 
    283 struct CMS_OtherRecipientInfo_st
    284 	{
    285  	ASN1_OBJECT *oriType;
    286  	ASN1_TYPE *oriValue;
    287 	};
    288 
    289 struct CMS_DigestedData_st
    290 	{
    291 	long version;
    292 	X509_ALGOR *digestAlgorithm;
    293 	CMS_EncapsulatedContentInfo *encapContentInfo;
    294 	ASN1_OCTET_STRING *digest;
    295 	};
    296 
    297 struct CMS_EncryptedData_st
    298 	{
    299 	long version;
    300 	CMS_EncryptedContentInfo *encryptedContentInfo;
    301 	STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs;
    302 	};
    303 
    304 struct CMS_AuthenticatedData_st
    305 	{
    306 	long version;
    307 	CMS_OriginatorInfo *originatorInfo;
    308 	STACK_OF(CMS_RecipientInfo) *recipientInfos;
    309 	X509_ALGOR *macAlgorithm;
    310 	X509_ALGOR *digestAlgorithm;
    311 	CMS_EncapsulatedContentInfo *encapContentInfo;
    312 	STACK_OF(X509_ATTRIBUTE) *authAttrs;
    313 	ASN1_OCTET_STRING *mac;
    314 	STACK_OF(X509_ATTRIBUTE) *unauthAttrs;
    315 	};
    316 
    317 struct CMS_CompressedData_st
    318 	{
    319 	long version;
    320 	X509_ALGOR *compressionAlgorithm;
    321 	STACK_OF(CMS_RecipientInfo) *recipientInfos;
    322 	CMS_EncapsulatedContentInfo *encapContentInfo;
    323 	};
    324 
    325 struct CMS_RevocationInfoChoice_st
    326 	{
    327 	int type;
    328 	union	{
    329 		X509_CRL *crl;
    330 		CMS_OtherRevocationInfoFormat *other;
    331 		} d;
    332 	};
    333 
    334 #define CMS_REVCHOICE_CRL		0
    335 #define CMS_REVCHOICE_OTHER		1
    336 
    337 struct CMS_OtherRevocationInfoFormat_st
    338 	{
    339 	ASN1_OBJECT *otherRevInfoFormat;
    340  	ASN1_TYPE *otherRevInfo;
    341 	};
    342 
    343 struct CMS_CertificateChoices
    344 	{
    345 	int type;
    346 		union {
    347 		X509 *certificate;
    348 		ASN1_STRING *extendedCertificate;	/* Obsolete */
    349 		ASN1_STRING *v1AttrCert;	/* Left encoded for now */
    350 		ASN1_STRING *v2AttrCert;	/* Left encoded for now */
    351 		CMS_OtherCertificateFormat *other;
    352 		} d;
    353 	};
    354 
    355 #define CMS_CERTCHOICE_CERT		0
    356 #define CMS_CERTCHOICE_EXCERT		1
    357 #define CMS_CERTCHOICE_V1ACERT		2
    358 #define CMS_CERTCHOICE_V2ACERT		3
    359 #define CMS_CERTCHOICE_OTHER		4
    360 
    361 struct CMS_OtherCertificateFormat_st
    362 	{
    363 	ASN1_OBJECT *otherCertFormat;
    364  	ASN1_TYPE *otherCert;
    365 	};
    366 
    367 /* This is also defined in pkcs7.h but we duplicate it
    368  * to allow the CMS code to be independent of PKCS#7
    369  */
    370 
    371 struct CMS_IssuerAndSerialNumber_st
    372 	{
    373 	X509_NAME *issuer;
    374 	ASN1_INTEGER *serialNumber;
    375 	};
    376 
    377 struct CMS_OtherKeyAttribute_st
    378 	{
    379 	ASN1_OBJECT *keyAttrId;
    380  	ASN1_TYPE *keyAttr;
    381 	};
    382 
    383 /* ESS structures */
    384 
    385 #ifdef HEADER_X509V3_H
    386 
    387 struct CMS_ReceiptRequest_st
    388 	{
    389 	ASN1_OCTET_STRING *signedContentIdentifier;
    390 	CMS_ReceiptsFrom *receiptsFrom;
    391 	STACK_OF(GENERAL_NAMES) *receiptsTo;
    392 	};
    393 
    394 
    395 struct CMS_ReceiptsFrom_st
    396 	{
    397 	int type;
    398 	union
    399 		{
    400 		long allOrFirstTier;
    401 		STACK_OF(GENERAL_NAMES) *receiptList;
    402 		} d;
    403 	};
    404 #endif
    405 
    406 struct CMS_Receipt_st
    407 	{
    408 	long version;
    409 	ASN1_OBJECT *contentType;
    410 	ASN1_OCTET_STRING *signedContentIdentifier;
    411 	ASN1_OCTET_STRING *originatorSignatureValue;
    412 	};
    413 
    414 DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
    415 DECLARE_ASN1_ITEM(CMS_SignerInfo)
    416 DECLARE_ASN1_ITEM(CMS_IssuerAndSerialNumber)
    417 DECLARE_ASN1_ITEM(CMS_Attributes_Sign)
    418 DECLARE_ASN1_ITEM(CMS_Attributes_Verify)
    419 DECLARE_ASN1_ITEM(CMS_RecipientInfo)
    420 DECLARE_ASN1_ITEM(CMS_PasswordRecipientInfo)
    421 DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_IssuerAndSerialNumber)
    422 
    423 #define CMS_SIGNERINFO_ISSUER_SERIAL	0
    424 #define CMS_SIGNERINFO_KEYIDENTIFIER	1
    425 
    426 #define CMS_RECIPINFO_ISSUER_SERIAL	0
    427 #define CMS_RECIPINFO_KEYIDENTIFIER	1
    428 
    429 BIO *cms_content_bio(CMS_ContentInfo *cms);
    430 
    431 CMS_ContentInfo *cms_Data_create(void);
    432 
    433 CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md);
    434 BIO *cms_DigestedData_init_bio(CMS_ContentInfo *cms);
    435 int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify);
    436 
    437 BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms);
    438 int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain);
    439 int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type);
    440 int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid,
    441 					ASN1_OCTET_STRING **keyid,
    442 					X509_NAME **issuer, ASN1_INTEGER **sno);
    443 int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert);
    444 
    445 CMS_ContentInfo *cms_CompressedData_create(int comp_nid);
    446 BIO *cms_CompressedData_init_bio(CMS_ContentInfo *cms);
    447 
    448 void cms_DigestAlgorithm_set(X509_ALGOR *alg, const EVP_MD *md);
    449 BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm);
    450 int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
    451 					X509_ALGOR *mdalg);
    452 
    453 BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec);
    454 BIO *cms_EncryptedData_init_bio(CMS_ContentInfo *cms);
    455 int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec,
    456 				const EVP_CIPHER *cipher,
    457 				const unsigned char *key, size_t keylen);
    458 
    459 int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms);
    460 int cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src);
    461 ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si);
    462 
    463 BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms);
    464 CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms);
    465 
    466 /* PWRI routines */
    467 int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
    468 							int en_de);
    469 
    470 #ifdef  __cplusplus
    471 }
    472 #endif
    473 #endif
    474