1 | /* |
2 | * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved. |
3 | * |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at |
7 | * https://www.openssl.org/source/license.html |
8 | */ |
9 | |
10 | #ifndef OSSL_CRYPTO_CMS_LOCAL_H |
11 | # define OSSL_CRYPTO_CMS_LOCAL_H |
12 | |
13 | # include <openssl/x509.h> |
14 | |
15 | /* |
16 | * Cryptographic message syntax (CMS) structures: taken from RFC3852 |
17 | */ |
18 | |
19 | /* Forward references */ |
20 | |
21 | typedef struct CMS_IssuerAndSerialNumber_st CMS_IssuerAndSerialNumber; |
22 | typedef struct CMS_EncapsulatedContentInfo_st CMS_EncapsulatedContentInfo; |
23 | typedef struct CMS_SignerIdentifier_st CMS_SignerIdentifier; |
24 | typedef struct CMS_SignedData_st CMS_SignedData; |
25 | typedef struct CMS_OtherRevocationInfoFormat_st CMS_OtherRevocationInfoFormat; |
26 | typedef struct CMS_OriginatorInfo_st CMS_OriginatorInfo; |
27 | typedef struct CMS_EncryptedContentInfo_st CMS_EncryptedContentInfo; |
28 | typedef struct CMS_EnvelopedData_st CMS_EnvelopedData; |
29 | typedef struct CMS_DigestedData_st CMS_DigestedData; |
30 | typedef struct CMS_EncryptedData_st CMS_EncryptedData; |
31 | typedef struct CMS_AuthenticatedData_st CMS_AuthenticatedData; |
32 | typedef struct CMS_CompressedData_st CMS_CompressedData; |
33 | typedef struct CMS_OtherCertificateFormat_st CMS_OtherCertificateFormat; |
34 | typedef struct CMS_KeyTransRecipientInfo_st CMS_KeyTransRecipientInfo; |
35 | typedef struct CMS_OriginatorPublicKey_st CMS_OriginatorPublicKey; |
36 | typedef struct CMS_OriginatorIdentifierOrKey_st CMS_OriginatorIdentifierOrKey; |
37 | typedef struct CMS_KeyAgreeRecipientInfo_st CMS_KeyAgreeRecipientInfo; |
38 | typedef struct CMS_RecipientKeyIdentifier_st CMS_RecipientKeyIdentifier; |
39 | typedef struct CMS_KeyAgreeRecipientIdentifier_st |
40 | CMS_KeyAgreeRecipientIdentifier; |
41 | typedef struct CMS_KEKIdentifier_st CMS_KEKIdentifier; |
42 | typedef struct CMS_KEKRecipientInfo_st CMS_KEKRecipientInfo; |
43 | typedef struct CMS_PasswordRecipientInfo_st CMS_PasswordRecipientInfo; |
44 | typedef struct CMS_OtherRecipientInfo_st CMS_OtherRecipientInfo; |
45 | typedef struct CMS_ReceiptsFrom_st CMS_ReceiptsFrom; |
46 | |
47 | struct CMS_ContentInfo_st { |
48 | ASN1_OBJECT *contentType; |
49 | union { |
50 | ASN1_OCTET_STRING *data; |
51 | CMS_SignedData *signedData; |
52 | CMS_EnvelopedData *envelopedData; |
53 | CMS_DigestedData *digestedData; |
54 | CMS_EncryptedData *encryptedData; |
55 | CMS_AuthenticatedData *authenticatedData; |
56 | CMS_CompressedData *compressedData; |
57 | ASN1_TYPE *other; |
58 | /* Other types ... */ |
59 | void *otherData; |
60 | } d; |
61 | }; |
62 | |
63 | DEFINE_STACK_OF(CMS_CertificateChoices) |
64 | |
65 | struct CMS_SignedData_st { |
66 | int32_t version; |
67 | STACK_OF(X509_ALGOR) *digestAlgorithms; |
68 | CMS_EncapsulatedContentInfo *encapContentInfo; |
69 | STACK_OF(CMS_CertificateChoices) *certificates; |
70 | STACK_OF(CMS_RevocationInfoChoice) *crls; |
71 | STACK_OF(CMS_SignerInfo) *signerInfos; |
72 | }; |
73 | |
74 | struct CMS_EncapsulatedContentInfo_st { |
75 | ASN1_OBJECT *eContentType; |
76 | ASN1_OCTET_STRING *eContent; |
77 | /* Set to 1 if incomplete structure only part set up */ |
78 | int partial; |
79 | }; |
80 | |
81 | struct CMS_SignerInfo_st { |
82 | int32_t version; |
83 | CMS_SignerIdentifier *sid; |
84 | X509_ALGOR *digestAlgorithm; |
85 | STACK_OF(X509_ATTRIBUTE) *signedAttrs; |
86 | X509_ALGOR *signatureAlgorithm; |
87 | ASN1_OCTET_STRING *signature; |
88 | STACK_OF(X509_ATTRIBUTE) *unsignedAttrs; |
89 | /* Signing certificate and key */ |
90 | X509 *signer; |
91 | EVP_PKEY *pkey; |
92 | /* Digest and public key context for alternative parameters */ |
93 | EVP_MD_CTX *mctx; |
94 | EVP_PKEY_CTX *pctx; |
95 | }; |
96 | |
97 | struct CMS_SignerIdentifier_st { |
98 | int type; |
99 | union { |
100 | CMS_IssuerAndSerialNumber *issuerAndSerialNumber; |
101 | ASN1_OCTET_STRING *subjectKeyIdentifier; |
102 | } d; |
103 | }; |
104 | |
105 | struct CMS_EnvelopedData_st { |
106 | int32_t version; |
107 | CMS_OriginatorInfo *originatorInfo; |
108 | STACK_OF(CMS_RecipientInfo) *recipientInfos; |
109 | CMS_EncryptedContentInfo *encryptedContentInfo; |
110 | STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs; |
111 | }; |
112 | |
113 | struct CMS_OriginatorInfo_st { |
114 | STACK_OF(CMS_CertificateChoices) *certificates; |
115 | STACK_OF(CMS_RevocationInfoChoice) *crls; |
116 | }; |
117 | |
118 | struct CMS_EncryptedContentInfo_st { |
119 | ASN1_OBJECT *contentType; |
120 | X509_ALGOR *contentEncryptionAlgorithm; |
121 | ASN1_OCTET_STRING *encryptedContent; |
122 | /* Content encryption algorithm and key */ |
123 | const EVP_CIPHER *cipher; |
124 | unsigned char *key; |
125 | size_t keylen; |
126 | /* Set to 1 if we are debugging decrypt and don't fake keys for MMA */ |
127 | int debug; |
128 | /* Set to 1 if we have no cert and need extra safety measures for MMA */ |
129 | int havenocert; |
130 | }; |
131 | |
132 | struct CMS_RecipientInfo_st { |
133 | int type; |
134 | union { |
135 | CMS_KeyTransRecipientInfo *ktri; |
136 | CMS_KeyAgreeRecipientInfo *kari; |
137 | CMS_KEKRecipientInfo *kekri; |
138 | CMS_PasswordRecipientInfo *pwri; |
139 | CMS_OtherRecipientInfo *ori; |
140 | } d; |
141 | }; |
142 | |
143 | typedef CMS_SignerIdentifier CMS_RecipientIdentifier; |
144 | |
145 | struct CMS_KeyTransRecipientInfo_st { |
146 | int32_t version; |
147 | CMS_RecipientIdentifier *rid; |
148 | X509_ALGOR *keyEncryptionAlgorithm; |
149 | ASN1_OCTET_STRING *encryptedKey; |
150 | /* Recipient Key and cert */ |
151 | X509 *recip; |
152 | EVP_PKEY *pkey; |
153 | /* Public key context for this operation */ |
154 | EVP_PKEY_CTX *pctx; |
155 | }; |
156 | |
157 | struct CMS_KeyAgreeRecipientInfo_st { |
158 | int32_t version; |
159 | CMS_OriginatorIdentifierOrKey *originator; |
160 | ASN1_OCTET_STRING *ukm; |
161 | X509_ALGOR *keyEncryptionAlgorithm; |
162 | STACK_OF(CMS_RecipientEncryptedKey) *recipientEncryptedKeys; |
163 | /* Public key context associated with current operation */ |
164 | EVP_PKEY_CTX *pctx; |
165 | /* Cipher context for CEK wrapping */ |
166 | EVP_CIPHER_CTX *ctx; |
167 | }; |
168 | |
169 | struct CMS_OriginatorIdentifierOrKey_st { |
170 | int type; |
171 | union { |
172 | CMS_IssuerAndSerialNumber *issuerAndSerialNumber; |
173 | ASN1_OCTET_STRING *subjectKeyIdentifier; |
174 | CMS_OriginatorPublicKey *originatorKey; |
175 | } d; |
176 | }; |
177 | |
178 | struct CMS_OriginatorPublicKey_st { |
179 | X509_ALGOR *algorithm; |
180 | ASN1_BIT_STRING *publicKey; |
181 | }; |
182 | |
183 | struct CMS_RecipientEncryptedKey_st { |
184 | CMS_KeyAgreeRecipientIdentifier *rid; |
185 | ASN1_OCTET_STRING *encryptedKey; |
186 | /* Public key associated with this recipient */ |
187 | EVP_PKEY *pkey; |
188 | }; |
189 | |
190 | struct CMS_KeyAgreeRecipientIdentifier_st { |
191 | int type; |
192 | union { |
193 | CMS_IssuerAndSerialNumber *issuerAndSerialNumber; |
194 | CMS_RecipientKeyIdentifier *rKeyId; |
195 | } d; |
196 | }; |
197 | |
198 | struct CMS_RecipientKeyIdentifier_st { |
199 | ASN1_OCTET_STRING *subjectKeyIdentifier; |
200 | ASN1_GENERALIZEDTIME *date; |
201 | CMS_OtherKeyAttribute *other; |
202 | }; |
203 | |
204 | struct CMS_KEKRecipientInfo_st { |
205 | int32_t version; |
206 | CMS_KEKIdentifier *kekid; |
207 | X509_ALGOR *keyEncryptionAlgorithm; |
208 | ASN1_OCTET_STRING *encryptedKey; |
209 | /* Extra info: symmetric key to use */ |
210 | unsigned char *key; |
211 | size_t keylen; |
212 | }; |
213 | |
214 | struct CMS_KEKIdentifier_st { |
215 | ASN1_OCTET_STRING *keyIdentifier; |
216 | ASN1_GENERALIZEDTIME *date; |
217 | CMS_OtherKeyAttribute *other; |
218 | }; |
219 | |
220 | struct CMS_PasswordRecipientInfo_st { |
221 | int32_t version; |
222 | X509_ALGOR *keyDerivationAlgorithm; |
223 | X509_ALGOR *keyEncryptionAlgorithm; |
224 | ASN1_OCTET_STRING *encryptedKey; |
225 | /* Extra info: password to use */ |
226 | unsigned char *pass; |
227 | size_t passlen; |
228 | }; |
229 | |
230 | struct CMS_OtherRecipientInfo_st { |
231 | ASN1_OBJECT *oriType; |
232 | ASN1_TYPE *oriValue; |
233 | }; |
234 | |
235 | struct CMS_DigestedData_st { |
236 | int32_t version; |
237 | X509_ALGOR *digestAlgorithm; |
238 | CMS_EncapsulatedContentInfo *encapContentInfo; |
239 | ASN1_OCTET_STRING *digest; |
240 | }; |
241 | |
242 | struct CMS_EncryptedData_st { |
243 | int32_t version; |
244 | CMS_EncryptedContentInfo *encryptedContentInfo; |
245 | STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs; |
246 | }; |
247 | |
248 | struct CMS_AuthenticatedData_st { |
249 | int32_t version; |
250 | CMS_OriginatorInfo *originatorInfo; |
251 | STACK_OF(CMS_RecipientInfo) *recipientInfos; |
252 | X509_ALGOR *macAlgorithm; |
253 | X509_ALGOR *digestAlgorithm; |
254 | CMS_EncapsulatedContentInfo *encapContentInfo; |
255 | STACK_OF(X509_ATTRIBUTE) *authAttrs; |
256 | ASN1_OCTET_STRING *mac; |
257 | STACK_OF(X509_ATTRIBUTE) *unauthAttrs; |
258 | }; |
259 | |
260 | struct CMS_CompressedData_st { |
261 | int32_t version; |
262 | X509_ALGOR *compressionAlgorithm; |
263 | STACK_OF(CMS_RecipientInfo) *recipientInfos; |
264 | CMS_EncapsulatedContentInfo *encapContentInfo; |
265 | }; |
266 | |
267 | struct CMS_RevocationInfoChoice_st { |
268 | int type; |
269 | union { |
270 | X509_CRL *crl; |
271 | CMS_OtherRevocationInfoFormat *other; |
272 | } d; |
273 | }; |
274 | |
275 | # define CMS_REVCHOICE_CRL 0 |
276 | # define CMS_REVCHOICE_OTHER 1 |
277 | |
278 | struct CMS_OtherRevocationInfoFormat_st { |
279 | ASN1_OBJECT *otherRevInfoFormat; |
280 | ASN1_TYPE *otherRevInfo; |
281 | }; |
282 | |
283 | struct CMS_CertificateChoices { |
284 | int type; |
285 | union { |
286 | X509 *certificate; |
287 | ASN1_STRING *extendedCertificate; /* Obsolete */ |
288 | ASN1_STRING *v1AttrCert; /* Left encoded for now */ |
289 | ASN1_STRING *v2AttrCert; /* Left encoded for now */ |
290 | CMS_OtherCertificateFormat *other; |
291 | } d; |
292 | }; |
293 | |
294 | # define CMS_CERTCHOICE_CERT 0 |
295 | # define CMS_CERTCHOICE_EXCERT 1 |
296 | # define CMS_CERTCHOICE_V1ACERT 2 |
297 | # define CMS_CERTCHOICE_V2ACERT 3 |
298 | # define CMS_CERTCHOICE_OTHER 4 |
299 | |
300 | struct CMS_OtherCertificateFormat_st { |
301 | ASN1_OBJECT *otherCertFormat; |
302 | ASN1_TYPE *otherCert; |
303 | }; |
304 | |
305 | /* |
306 | * This is also defined in pkcs7.h but we duplicate it to allow the CMS code |
307 | * to be independent of PKCS#7 |
308 | */ |
309 | |
310 | struct CMS_IssuerAndSerialNumber_st { |
311 | X509_NAME *issuer; |
312 | ASN1_INTEGER *serialNumber; |
313 | }; |
314 | |
315 | struct CMS_OtherKeyAttribute_st { |
316 | ASN1_OBJECT *keyAttrId; |
317 | ASN1_TYPE *keyAttr; |
318 | }; |
319 | |
320 | /* ESS structures */ |
321 | |
322 | struct CMS_ReceiptRequest_st { |
323 | ASN1_OCTET_STRING *signedContentIdentifier; |
324 | CMS_ReceiptsFrom *receiptsFrom; |
325 | STACK_OF(GENERAL_NAMES) *receiptsTo; |
326 | }; |
327 | |
328 | struct CMS_ReceiptsFrom_st { |
329 | int type; |
330 | union { |
331 | int32_t allOrFirstTier; |
332 | STACK_OF(GENERAL_NAMES) *receiptList; |
333 | } d; |
334 | }; |
335 | |
336 | struct CMS_Receipt_st { |
337 | int32_t version; |
338 | ASN1_OBJECT *contentType; |
339 | ASN1_OCTET_STRING *signedContentIdentifier; |
340 | ASN1_OCTET_STRING *originatorSignatureValue; |
341 | }; |
342 | |
343 | DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo) |
344 | DECLARE_ASN1_ITEM(CMS_SignerInfo) |
345 | DECLARE_ASN1_ITEM(CMS_IssuerAndSerialNumber) |
346 | DECLARE_ASN1_ITEM(CMS_Attributes_Sign) |
347 | DECLARE_ASN1_ITEM(CMS_Attributes_Verify) |
348 | DECLARE_ASN1_ITEM(CMS_RecipientInfo) |
349 | DECLARE_ASN1_ITEM(CMS_PasswordRecipientInfo) |
350 | DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_IssuerAndSerialNumber) |
351 | |
352 | # define CMS_SIGNERINFO_ISSUER_SERIAL 0 |
353 | # define CMS_SIGNERINFO_KEYIDENTIFIER 1 |
354 | |
355 | # define CMS_RECIPINFO_ISSUER_SERIAL 0 |
356 | # define CMS_RECIPINFO_KEYIDENTIFIER 1 |
357 | |
358 | # define CMS_REK_ISSUER_SERIAL 0 |
359 | # define CMS_REK_KEYIDENTIFIER 1 |
360 | |
361 | # define CMS_OIK_ISSUER_SERIAL 0 |
362 | # define CMS_OIK_KEYIDENTIFIER 1 |
363 | # define CMS_OIK_PUBKEY 2 |
364 | |
365 | BIO *cms_content_bio(CMS_ContentInfo *cms); |
366 | |
367 | CMS_ContentInfo *cms_Data_create(void); |
368 | |
369 | CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md); |
370 | BIO *cms_DigestedData_init_bio(const CMS_ContentInfo *cms); |
371 | int cms_DigestedData_do_final(const CMS_ContentInfo *cms, BIO *chain, int verify); |
372 | |
373 | BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms); |
374 | int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain); |
375 | int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, |
376 | int type); |
377 | int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid, |
378 | ASN1_OCTET_STRING **keyid, |
379 | X509_NAME **issuer, |
380 | ASN1_INTEGER **sno); |
381 | int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert); |
382 | |
383 | CMS_ContentInfo *cms_CompressedData_create(int comp_nid); |
384 | BIO *cms_CompressedData_init_bio(const CMS_ContentInfo *cms); |
385 | |
386 | BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm); |
387 | int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain, |
388 | X509_ALGOR *mdalg); |
389 | |
390 | int cms_ias_cert_cmp(CMS_IssuerAndSerialNumber *ias, X509 *cert); |
391 | int cms_keyid_cert_cmp(ASN1_OCTET_STRING *keyid, X509 *cert); |
392 | int cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert); |
393 | int cms_set1_keyid(ASN1_OCTET_STRING **pkeyid, X509 *cert); |
394 | |
395 | BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec); |
396 | BIO *cms_EncryptedData_init_bio(const CMS_ContentInfo *cms); |
397 | int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec, |
398 | const EVP_CIPHER *cipher, |
399 | const unsigned char *key, size_t keylen); |
400 | |
401 | int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms); |
402 | int cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src); |
403 | ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si); |
404 | |
405 | BIO *cms_EnvelopedData_init_bio(const CMS_ContentInfo *cms); |
406 | CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms); |
407 | int cms_env_asn1_ctrl(CMS_RecipientInfo *ri, int cmd); |
408 | int cms_pkey_get_ri_type(EVP_PKEY *pk); |
409 | /* KARI routines */ |
410 | int cms_RecipientInfo_kari_init(CMS_RecipientInfo *ri, X509 *recip, |
411 | EVP_PKEY *pk, unsigned int flags); |
412 | int cms_RecipientInfo_kari_encrypt(const CMS_ContentInfo *cms, |
413 | CMS_RecipientInfo *ri); |
414 | |
415 | /* PWRI routines */ |
416 | int cms_RecipientInfo_pwri_crypt(const CMS_ContentInfo *cms, CMS_RecipientInfo *ri, |
417 | int en_de); |
418 | /* SignerInfo routines */ |
419 | int CMS_si_check_attributes(const CMS_SignerInfo *si); |
420 | |
421 | DECLARE_ASN1_ITEM(CMS_CertificateChoices) |
422 | DECLARE_ASN1_ITEM(CMS_DigestedData) |
423 | DECLARE_ASN1_ITEM(CMS_EncryptedData) |
424 | DECLARE_ASN1_ITEM(CMS_EnvelopedData) |
425 | DECLARE_ASN1_ITEM(CMS_KEKRecipientInfo) |
426 | DECLARE_ASN1_ITEM(CMS_KeyAgreeRecipientInfo) |
427 | DECLARE_ASN1_ITEM(CMS_KeyTransRecipientInfo) |
428 | DECLARE_ASN1_ITEM(CMS_OriginatorPublicKey) |
429 | DECLARE_ASN1_ITEM(CMS_OtherKeyAttribute) |
430 | DECLARE_ASN1_ITEM(CMS_Receipt) |
431 | DECLARE_ASN1_ITEM(CMS_ReceiptRequest) |
432 | DECLARE_ASN1_ITEM(CMS_RecipientEncryptedKey) |
433 | DECLARE_ASN1_ITEM(CMS_RecipientKeyIdentifier) |
434 | DECLARE_ASN1_ITEM(CMS_RevocationInfoChoice) |
435 | DECLARE_ASN1_ITEM(CMS_SignedData) |
436 | DECLARE_ASN1_ITEM(CMS_CompressedData) |
437 | |
438 | #endif |
439 | |