1 /* crypto/cms/cms_lcl.h */
2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
5 /* ====================================================================
6 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
34 * 6. Redistributions of any form whatsoever must retain the following
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
54 #ifndef HEADER_CMS_LCL_H
55 #define HEADER_CMS_LCL_H
61 #include <openssl/x509.h>
63 /* Cryptographic message syntax (CMS) structures: taken
67 /* Forward references */
69 typedef struct CMS_IssuerAndSerialNumber_st CMS_IssuerAndSerialNumber
;
70 typedef struct CMS_EncapsulatedContentInfo_st CMS_EncapsulatedContentInfo
;
71 typedef struct CMS_SignerIdentifier_st CMS_SignerIdentifier
;
72 typedef struct CMS_SignedData_st CMS_SignedData
;
73 typedef struct CMS_OtherRevocationInfoFormat_st CMS_OtherRevocationInfoFormat
;
74 typedef struct CMS_OriginatorInfo_st CMS_OriginatorInfo
;
75 typedef struct CMS_EncryptedContentInfo_st CMS_EncryptedContentInfo
;
76 typedef struct CMS_EnvelopedData_st CMS_EnvelopedData
;
77 typedef struct CMS_DigestedData_st CMS_DigestedData
;
78 typedef struct CMS_EncryptedData_st CMS_EncryptedData
;
79 typedef struct CMS_AuthenticatedData_st CMS_AuthenticatedData
;
80 typedef struct CMS_CompressedData_st CMS_CompressedData
;
81 typedef struct CMS_OtherCertificateFormat_st CMS_OtherCertificateFormat
;
82 typedef struct CMS_KeyTransRecipientInfo_st CMS_KeyTransRecipientInfo
;
83 typedef struct CMS_OriginatorPublicKey_st CMS_OriginatorPublicKey
;
84 typedef struct CMS_OriginatorIdentifierOrKey_st CMS_OriginatorIdentifierOrKey
;
85 typedef struct CMS_KeyAgreeRecipientInfo_st CMS_KeyAgreeRecipientInfo
;
86 typedef struct CMS_OtherKeyAttribute_st CMS_OtherKeyAttribute
;
87 typedef struct CMS_RecipientKeyIdentifier_st CMS_RecipientKeyIdentifier
;
88 typedef struct CMS_KeyAgreeRecipientIdentifier_st CMS_KeyAgreeRecipientIdentifier
;
89 typedef struct CMS_RecipientEncryptedKey_st CMS_RecipientEncryptedKey
;
90 typedef struct CMS_KEKIdentifier_st CMS_KEKIdentifier
;
91 typedef struct CMS_KEKRecipientInfo_st CMS_KEKRecipientInfo
;
92 typedef struct CMS_PasswordRecipientInfo_st CMS_PasswordRecipientInfo
;
93 typedef struct CMS_OtherRecipientInfo_st CMS_OtherRecipientInfo
;
94 typedef struct CMS_ReceiptsFrom_st CMS_ReceiptsFrom
;
96 struct CMS_ContentInfo_st
98 ASN1_OBJECT
*contentType
;
100 ASN1_OCTET_STRING
*data
;
101 CMS_SignedData
*signedData
;
102 CMS_EnvelopedData
*envelopedData
;
103 CMS_DigestedData
*digestedData
;
104 CMS_EncryptedData
*encryptedData
;
105 CMS_AuthenticatedData
*authenticatedData
;
106 CMS_CompressedData
*compressedData
;
108 /* Other types ... */
113 struct CMS_SignedData_st
116 STACK_OF(X509_ALGOR
) *digestAlgorithms
;
117 CMS_EncapsulatedContentInfo
*encapContentInfo
;
118 STACK_OF(CMS_CertificateChoices
) *certificates
;
119 STACK_OF(CMS_RevocationInfoChoice
) *crls
;
120 STACK_OF(CMS_SignerInfo
) *signerInfos
;
123 struct CMS_EncapsulatedContentInfo_st
125 ASN1_OBJECT
*eContentType
;
126 ASN1_OCTET_STRING
*eContent
;
127 /* Set to 1 if incomplete structure only part set up */
131 struct CMS_SignerInfo_st
134 CMS_SignerIdentifier
*sid
;
135 X509_ALGOR
*digestAlgorithm
;
136 STACK_OF(X509_ATTRIBUTE
) *signedAttrs
;
137 X509_ALGOR
*signatureAlgorithm
;
138 ASN1_OCTET_STRING
*signature
;
139 STACK_OF(X509_ATTRIBUTE
) *unsignedAttrs
;
140 /* Signing certificate and key */
145 struct CMS_SignerIdentifier_st
149 CMS_IssuerAndSerialNumber
*issuerAndSerialNumber
;
150 ASN1_OCTET_STRING
*subjectKeyIdentifier
;
154 struct CMS_EnvelopedData_st
157 CMS_OriginatorInfo
*originatorInfo
;
158 STACK_OF(CMS_RecipientInfo
) *recipientInfos
;
159 CMS_EncryptedContentInfo
*encryptedContentInfo
;
160 STACK_OF(X509_ATTRIBUTE
) *unprotectedAttrs
;
163 struct CMS_OriginatorInfo_st
165 STACK_OF(CMS_CertificateChoices
) *certificates
;
166 STACK_OF(CMS_RevocationInfoChoice
) *crls
;
169 struct CMS_EncryptedContentInfo_st
171 ASN1_OBJECT
*contentType
;
172 X509_ALGOR
*contentEncryptionAlgorithm
;
173 ASN1_OCTET_STRING
*encryptedContent
;
174 /* Content encryption algorithm and key */
175 const EVP_CIPHER
*cipher
;
180 struct CMS_RecipientInfo_st
184 CMS_KeyTransRecipientInfo
*ktri
;
185 CMS_KeyAgreeRecipientInfo
*kari
;
186 CMS_KEKRecipientInfo
*kekri
;
187 CMS_PasswordRecipientInfo
*pwri
;
188 CMS_OtherRecipientInfo
*ori
;
192 typedef CMS_SignerIdentifier CMS_RecipientIdentifier
;
194 struct CMS_KeyTransRecipientInfo_st
197 CMS_RecipientIdentifier
*rid
;
198 X509_ALGOR
*keyEncryptionAlgorithm
;
199 ASN1_OCTET_STRING
*encryptedKey
;
200 /* Recipient Key and cert */
205 struct CMS_KeyAgreeRecipientInfo_st
208 CMS_OriginatorIdentifierOrKey
*originator
;
209 ASN1_OCTET_STRING
*ukm
;
210 X509_ALGOR
*keyEncryptionAlgorithm
;
211 STACK_OF(CMS_RecipientEncryptedKey
) *recipientEncryptedKeys
;
214 struct CMS_OriginatorIdentifierOrKey_st
218 CMS_IssuerAndSerialNumber
*issuerAndSerialNumber
;
219 ASN1_OCTET_STRING
*subjectKeyIdentifier
;
220 CMS_OriginatorPublicKey
*originatorKey
;
224 struct CMS_OriginatorPublicKey_st
226 X509_ALGOR
*algorithm
;
227 ASN1_BIT_STRING
*publicKey
;
230 struct CMS_RecipientEncryptedKey_st
232 CMS_KeyAgreeRecipientIdentifier
*rid
;
233 ASN1_OCTET_STRING
*encryptedKey
;
236 struct CMS_KeyAgreeRecipientIdentifier_st
240 CMS_IssuerAndSerialNumber
*issuerAndSerialNumber
;
241 CMS_RecipientKeyIdentifier
*rKeyId
;
245 struct CMS_RecipientKeyIdentifier_st
247 ASN1_OCTET_STRING
*subjectKeyIdentifier
;
248 ASN1_GENERALIZEDTIME
*date
;
249 CMS_OtherKeyAttribute
*other
;
252 struct CMS_KEKRecipientInfo_st
255 CMS_KEKIdentifier
*kekid
;
256 X509_ALGOR
*keyEncryptionAlgorithm
;
257 ASN1_OCTET_STRING
*encryptedKey
;
258 /* Extra info: symmetric key to use */
263 struct CMS_KEKIdentifier_st
265 ASN1_OCTET_STRING
*keyIdentifier
;
266 ASN1_GENERALIZEDTIME
*date
;
267 CMS_OtherKeyAttribute
*other
;
270 struct CMS_PasswordRecipientInfo_st
273 X509_ALGOR
*keyDerivationAlgorithm
;
274 X509_ALGOR
*keyEncryptionAlgorithm
;
275 ASN1_OCTET_STRING
*encryptedKey
;
278 struct CMS_OtherRecipientInfo_st
280 ASN1_OBJECT
*oriType
;
284 struct CMS_DigestedData_st
287 X509_ALGOR
*digestAlgorithm
;
288 CMS_EncapsulatedContentInfo
*encapContentInfo
;
289 ASN1_OCTET_STRING
*digest
;
292 struct CMS_EncryptedData_st
295 CMS_EncryptedContentInfo
*encryptedContentInfo
;
296 STACK_OF(X509_ATTRIBUTE
) *unprotectedAttrs
;
299 struct CMS_AuthenticatedData_st
302 CMS_OriginatorInfo
*originatorInfo
;
303 STACK_OF(CMS_RecipientInfo
) *recipientInfos
;
304 X509_ALGOR
*macAlgorithm
;
305 X509_ALGOR
*digestAlgorithm
;
306 CMS_EncapsulatedContentInfo
*encapContentInfo
;
307 STACK_OF(X509_ATTRIBUTE
) *authAttrs
;
308 ASN1_OCTET_STRING
*mac
;
309 STACK_OF(X509_ATTRIBUTE
) *unauthAttrs
;
312 struct CMS_CompressedData_st
315 X509_ALGOR
*compressionAlgorithm
;
316 STACK_OF(CMS_RecipientInfo
) *recipientInfos
;
317 CMS_EncapsulatedContentInfo
*encapContentInfo
;
320 struct CMS_RevocationInfoChoice_st
325 CMS_OtherRevocationInfoFormat
*other
;
329 #define CMS_REVCHOICE_CRL 0
330 #define CMS_REVCHOICE_OTHER 1
332 struct CMS_OtherRevocationInfoFormat_st
334 ASN1_OBJECT
*otherRevInfoFormat
;
335 ASN1_TYPE
*otherRevInfo
;
338 struct CMS_CertificateChoices
343 ASN1_STRING
*extendedCertificate
; /* Obsolete */
344 ASN1_STRING
*v1AttrCert
; /* Left encoded for now */
345 ASN1_STRING
*v2AttrCert
; /* Left encoded for now */
346 CMS_OtherCertificateFormat
*other
;
350 #define CMS_CERTCHOICE_CERT 0
351 #define CMS_CERTCHOICE_EXCERT 1
352 #define CMS_CERTCHOICE_V1ACERT 2
353 #define CMS_CERTCHOICE_V2ACERT 3
354 #define CMS_CERTCHOICE_OTHER 4
356 struct CMS_OtherCertificateFormat_st
358 ASN1_OBJECT
*otherCertFormat
;
359 ASN1_TYPE
*otherCert
;
362 /* This is also defined in pkcs7.h but we duplicate it
363 * to allow the CMS code to be independent of PKCS#7
366 struct CMS_IssuerAndSerialNumber_st
369 ASN1_INTEGER
*serialNumber
;
372 struct CMS_OtherKeyAttribute_st
374 ASN1_OBJECT
*keyAttrId
;
380 #ifdef HEADER_X509V3_H
382 struct CMS_ReceiptRequest_st
384 ASN1_OCTET_STRING
*signedContentIdentifier
;
385 CMS_ReceiptsFrom
*receiptsFrom
;
386 STACK_OF(GENERAL_NAMES
) *receiptsTo
;
390 struct CMS_ReceiptsFrom_st
396 STACK_OF(GENERAL_NAMES
) *receiptList
;
401 struct CMS_Receipt_st
404 ASN1_OBJECT
*contentType
;
405 ASN1_OCTET_STRING
*signedContentIdentifier
;
406 ASN1_OCTET_STRING
*originatorSignatureValue
;
409 DECLARE_ASN1_ITEM(CMS_SignerInfo
)
410 DECLARE_ASN1_ITEM(CMS_IssuerAndSerialNumber
)
411 DECLARE_ASN1_ITEM(CMS_Attributes_Sign
)
412 DECLARE_ASN1_ITEM(CMS_Attributes_Verify
)
413 DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_IssuerAndSerialNumber
)
415 #define CMS_SIGNERINFO_ISSUER_SERIAL 0
416 #define CMS_SIGNERINFO_KEYIDENTIFIER 1
418 #define CMS_RECIPINFO_ISSUER_SERIAL 0
419 #define CMS_RECIPINFO_KEYIDENTIFIER 1
421 BIO
*cms_content_bio(CMS_ContentInfo
*cms
);
423 CMS_ContentInfo
*cms_Data_create(void);
425 CMS_ContentInfo
*cms_DigestedData_create(const EVP_MD
*md
);
426 BIO
*cms_DigestedData_init_bio(CMS_ContentInfo
*cms
);
427 int cms_DigestedData_do_final(CMS_ContentInfo
*cms
, BIO
*chain
, int verify
);
429 BIO
*cms_SignedData_init_bio(CMS_ContentInfo
*cms
);
430 int cms_SignedData_final(CMS_ContentInfo
*cms
, BIO
*chain
);
431 int cms_set1_SignerIdentifier(CMS_SignerIdentifier
*sid
, X509
*cert
, int type
);
432 int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier
*sid
,
433 ASN1_OCTET_STRING
**keyid
,
434 X509_NAME
**issuer
, ASN1_INTEGER
**sno
);
435 int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier
*sid
, X509
*cert
);
437 CMS_ContentInfo
*cms_CompressedData_create(int comp_nid
);
438 BIO
*cms_CompressedData_init_bio(CMS_ContentInfo
*cms
);
440 void cms_DigestAlgorithm_set(X509_ALGOR
*alg
, const EVP_MD
*md
);
441 BIO
*cms_DigestAlgorithm_init_bio(X509_ALGOR
*digestAlgorithm
);
442 int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX
*mctx
, BIO
*chain
,
445 BIO
*cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo
*ec
);
446 BIO
*cms_EncryptedData_init_bio(CMS_ContentInfo
*cms
);
447 int cms_EncryptedContent_init(CMS_EncryptedContentInfo
*ec
,
448 const EVP_CIPHER
*cipher
,
449 const unsigned char *key
, size_t keylen
);
451 int cms_Receipt_verify(CMS_ContentInfo
*cms
, CMS_ContentInfo
*req_cms
);
452 int cms_msgSigDigest_add1(CMS_SignerInfo
*dest
, CMS_SignerInfo
*src
);
453 ASN1_OCTET_STRING
*cms_encode_Receipt(CMS_SignerInfo
*si
);
455 BIO
*cms_EnvelopedData_init_bio(CMS_ContentInfo
*cms
);