VirtualBox

source: vbox/trunk/src/libs/openssl-3.1.4/crypto/cms/cms_local.h@ 102863

Last change on this file since 102863 was 102863, checked in by vboxsync, 13 months ago

openssl-3.1.4: Applied and adjusted our OpenSSL changes to 3.1.3. bugref:10577
File size: 16.5 KB
Line 
1/*
2 * Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10#ifndef OSSL_CRYPTO_CMS_LOCAL_H
11# define OSSL_CRYPTO_CMS_LOCAL_H
12
13# include <openssl/x509.h>
14
15/*
16 * Cryptographic message syntax (CMS) structures: taken from RFC3852
17 */
18
19/* Forward references */
20
21typedef struct CMS_IssuerAndSerialNumber_st CMS_IssuerAndSerialNumber;
22typedef struct CMS_EncapsulatedContentInfo_st CMS_EncapsulatedContentInfo;
23typedef struct CMS_SignerIdentifier_st CMS_SignerIdentifier;
24typedef struct CMS_SignedData_st CMS_SignedData;
25typedef struct CMS_OtherRevocationInfoFormat_st CMS_OtherRevocationInfoFormat;
26typedef struct CMS_OriginatorInfo_st CMS_OriginatorInfo;
27typedef struct CMS_EncryptedContentInfo_st CMS_EncryptedContentInfo;
28typedef struct CMS_EnvelopedData_st CMS_EnvelopedData;
29typedef struct CMS_DigestedData_st CMS_DigestedData;
30typedef struct CMS_EncryptedData_st CMS_EncryptedData;
31typedef struct CMS_AuthenticatedData_st CMS_AuthenticatedData;
32typedef struct CMS_AuthEnvelopedData_st CMS_AuthEnvelopedData;
33typedef struct CMS_CompressedData_st CMS_CompressedData;
34typedef struct CMS_OtherCertificateFormat_st CMS_OtherCertificateFormat;
35typedef struct CMS_KeyTransRecipientInfo_st CMS_KeyTransRecipientInfo;
36typedef struct CMS_OriginatorPublicKey_st CMS_OriginatorPublicKey;
37typedef struct CMS_OriginatorIdentifierOrKey_st CMS_OriginatorIdentifierOrKey;
38typedef struct CMS_KeyAgreeRecipientInfo_st CMS_KeyAgreeRecipientInfo;
39typedef struct CMS_RecipientKeyIdentifier_st CMS_RecipientKeyIdentifier;
40typedef struct CMS_KeyAgreeRecipientIdentifier_st
41 CMS_KeyAgreeRecipientIdentifier;
42typedef struct CMS_KEKIdentifier_st CMS_KEKIdentifier;
43typedef struct CMS_KEKRecipientInfo_st CMS_KEKRecipientInfo;
44typedef struct CMS_PasswordRecipientInfo_st CMS_PasswordRecipientInfo;
45typedef struct CMS_OtherRecipientInfo_st CMS_OtherRecipientInfo;
46typedef struct CMS_ReceiptsFrom_st CMS_ReceiptsFrom;
47typedef struct CMS_CTX_st CMS_CTX;
48
49struct CMS_CTX_st {
50 OSSL_LIB_CTX *libctx;
51 char *propq;
52};
53
54struct CMS_ContentInfo_st {
55 ASN1_OBJECT *contentType;
56 union {
57 ASN1_OCTET_STRING *data;
58 CMS_SignedData *signedData;
59 CMS_EnvelopedData *envelopedData;
60 CMS_DigestedData *digestedData;
61 CMS_EncryptedData *encryptedData;
62 CMS_AuthEnvelopedData *authEnvelopedData;
63 CMS_AuthenticatedData *authenticatedData;
64 CMS_CompressedData *compressedData;
65 ASN1_TYPE *other;
66 /* Other types ... */
67 void *otherData;
68 } d;
69 CMS_CTX ctx;
70};
71
72DEFINE_STACK_OF(CMS_CertificateChoices)
73
74struct CMS_SignedData_st {
75 int32_t version;
76 STACK_OF(X509_ALGOR) *digestAlgorithms;
77 CMS_EncapsulatedContentInfo *encapContentInfo;
78 STACK_OF(CMS_CertificateChoices) *certificates;
79 STACK_OF(CMS_RevocationInfoChoice) *crls;
80 STACK_OF(CMS_SignerInfo) *signerInfos;
81};
82
83struct CMS_EncapsulatedContentInfo_st {
84 ASN1_OBJECT *eContentType;
85 ASN1_OCTET_STRING *eContent;
86 /* Set to 1 if incomplete structure only part set up */
87 int partial;
88};
89
90struct CMS_SignerInfo_st {
91 int32_t version;
92 CMS_SignerIdentifier *sid;
93 X509_ALGOR *digestAlgorithm;
94 STACK_OF(X509_ATTRIBUTE) *signedAttrs;
95 X509_ALGOR *signatureAlgorithm;
96 ASN1_OCTET_STRING *signature;
97 STACK_OF(X509_ATTRIBUTE) *unsignedAttrs;
98 /* Signing certificate and key */
99 X509 *signer;
100 EVP_PKEY *pkey;
101 /* Digest and public key context for alternative parameters */
102 EVP_MD_CTX *mctx;
103 EVP_PKEY_CTX *pctx;
104 const CMS_CTX *cms_ctx;
105};
106
107struct CMS_SignerIdentifier_st {
108 int type;
109 union {
110 CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
111 ASN1_OCTET_STRING *subjectKeyIdentifier;
112 } d;
113};
114
115struct CMS_EnvelopedData_st {
116 int32_t version;
117 CMS_OriginatorInfo *originatorInfo;
118 STACK_OF(CMS_RecipientInfo) *recipientInfos;
119 CMS_EncryptedContentInfo *encryptedContentInfo;
120 STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs;
121};
122
123struct CMS_OriginatorInfo_st {
124 STACK_OF(CMS_CertificateChoices) *certificates;
125 STACK_OF(CMS_RevocationInfoChoice) *crls;
126};
127
128struct CMS_EncryptedContentInfo_st {
129 ASN1_OBJECT *contentType;
130 X509_ALGOR *contentEncryptionAlgorithm;
131 ASN1_OCTET_STRING *encryptedContent;
132 /* Content encryption algorithm, key and tag */
133 const EVP_CIPHER *cipher;
134 unsigned char *key;
135 size_t keylen;
136 unsigned char *tag;
137 size_t taglen;
138 /* Set to 1 if we are debugging decrypt and don't fake keys for MMA */
139 int debug;
140 /* Set to 1 if we have no cert and need extra safety measures for MMA */
141 int havenocert;
142};
143
144struct CMS_RecipientInfo_st {
145 int type;
146 union {
147 CMS_KeyTransRecipientInfo *ktri;
148 CMS_KeyAgreeRecipientInfo *kari;
149 CMS_KEKRecipientInfo *kekri;
150 CMS_PasswordRecipientInfo *pwri;
151 CMS_OtherRecipientInfo *ori;
152 } d;
153};
154
155typedef CMS_SignerIdentifier CMS_RecipientIdentifier;
156
157struct CMS_KeyTransRecipientInfo_st {
158 int32_t version;
159 CMS_RecipientIdentifier *rid;
160 X509_ALGOR *keyEncryptionAlgorithm;
161 ASN1_OCTET_STRING *encryptedKey;
162 /* Recipient Key and cert */
163 X509 *recip;
164 EVP_PKEY *pkey;
165 /* Public key context for this operation */
166 EVP_PKEY_CTX *pctx;
167 const CMS_CTX *cms_ctx;
168};
169
170struct CMS_KeyAgreeRecipientInfo_st {
171 int32_t version;
172 CMS_OriginatorIdentifierOrKey *originator;
173 ASN1_OCTET_STRING *ukm;
174 X509_ALGOR *keyEncryptionAlgorithm;
175 STACK_OF(CMS_RecipientEncryptedKey) *recipientEncryptedKeys;
176 /* Public key context associated with current operation */
177 EVP_PKEY_CTX *pctx;
178 /* Cipher context for CEK wrapping */
179 EVP_CIPHER_CTX *ctx;
180 const CMS_CTX *cms_ctx;
181};
182
183struct CMS_OriginatorIdentifierOrKey_st {
184 int type;
185 union {
186 CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
187 ASN1_OCTET_STRING *subjectKeyIdentifier;
188 CMS_OriginatorPublicKey *originatorKey;
189 } d;
190};
191
192struct CMS_OriginatorPublicKey_st {
193 X509_ALGOR *algorithm;
194 ASN1_BIT_STRING *publicKey;
195};
196
197struct CMS_RecipientEncryptedKey_st {
198 CMS_KeyAgreeRecipientIdentifier *rid;
199 ASN1_OCTET_STRING *encryptedKey;
200 /* Public key associated with this recipient */
201 EVP_PKEY *pkey;
202};
203
204struct CMS_KeyAgreeRecipientIdentifier_st {
205 int type;
206 union {
207 CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
208 CMS_RecipientKeyIdentifier *rKeyId;
209 } d;
210};
211
212struct CMS_RecipientKeyIdentifier_st {
213 ASN1_OCTET_STRING *subjectKeyIdentifier;
214 ASN1_GENERALIZEDTIME *date;
215 CMS_OtherKeyAttribute *other;
216};
217
218struct CMS_KEKRecipientInfo_st {
219 int32_t version;
220 CMS_KEKIdentifier *kekid;
221 X509_ALGOR *keyEncryptionAlgorithm;
222 ASN1_OCTET_STRING *encryptedKey;
223 /* Extra info: symmetric key to use */
224 unsigned char *key;
225 size_t keylen;
226 const CMS_CTX *cms_ctx;
227};
228
229struct CMS_KEKIdentifier_st {
230 ASN1_OCTET_STRING *keyIdentifier;
231 ASN1_GENERALIZEDTIME *date;
232 CMS_OtherKeyAttribute *other;
233};
234
235struct CMS_PasswordRecipientInfo_st {
236 int32_t version;
237 X509_ALGOR *keyDerivationAlgorithm;
238 X509_ALGOR *keyEncryptionAlgorithm;
239 ASN1_OCTET_STRING *encryptedKey;
240 /* Extra info: password to use */
241 unsigned char *pass;
242 size_t passlen;
243 const CMS_CTX *cms_ctx;
244};
245
246struct CMS_OtherRecipientInfo_st {
247 ASN1_OBJECT *oriType;
248 ASN1_TYPE *oriValue;
249};
250
251struct CMS_DigestedData_st {
252 int32_t version;
253 X509_ALGOR *digestAlgorithm;
254 CMS_EncapsulatedContentInfo *encapContentInfo;
255 ASN1_OCTET_STRING *digest;
256};
257
258struct CMS_EncryptedData_st {
259 int32_t version;
260 CMS_EncryptedContentInfo *encryptedContentInfo;
261 STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs;
262};
263
264struct CMS_AuthenticatedData_st {
265 int32_t version;
266 CMS_OriginatorInfo *originatorInfo;
267 STACK_OF(CMS_RecipientInfo) *recipientInfos;
268 X509_ALGOR *macAlgorithm;
269 X509_ALGOR *digestAlgorithm;
270 CMS_EncapsulatedContentInfo *encapContentInfo;
271 STACK_OF(X509_ATTRIBUTE) *authAttrs;
272 ASN1_OCTET_STRING *mac;
273 STACK_OF(X509_ATTRIBUTE) *unauthAttrs;
274};
275
276struct CMS_AuthEnvelopedData_st {
277 int32_t version;
278 CMS_OriginatorInfo *originatorInfo;
279 STACK_OF(CMS_RecipientInfo) *recipientInfos;
280 CMS_EncryptedContentInfo *authEncryptedContentInfo;
281 STACK_OF(X509_ATTRIBUTE) *authAttrs;
282 ASN1_OCTET_STRING *mac;
283 STACK_OF(X509_ATTRIBUTE) *unauthAttrs;
284};
285
286struct CMS_CompressedData_st {
287 int32_t version;
288 X509_ALGOR *compressionAlgorithm;
289 STACK_OF(CMS_RecipientInfo) *recipientInfos;
290 CMS_EncapsulatedContentInfo *encapContentInfo;
291};
292
293struct CMS_RevocationInfoChoice_st {
294 int type;
295 union {
296 X509_CRL *crl;
297 CMS_OtherRevocationInfoFormat *other;
298 } d;
299};
300
301# define CMS_REVCHOICE_CRL 0
302# define CMS_REVCHOICE_OTHER 1
303
304struct CMS_OtherRevocationInfoFormat_st {
305 ASN1_OBJECT *otherRevInfoFormat;
306 ASN1_TYPE *otherRevInfo;
307};
308
309struct CMS_CertificateChoices {
310 int type;
311 union {
312 X509 *certificate;
313 ASN1_STRING *extendedCertificate; /* Obsolete */
314 ASN1_STRING *v1AttrCert; /* Left encoded for now */
315 ASN1_STRING *v2AttrCert; /* Left encoded for now */
316 CMS_OtherCertificateFormat *other;
317 } d;
318};
319
320# define CMS_CERTCHOICE_CERT 0
321# define CMS_CERTCHOICE_EXCERT 1
322# define CMS_CERTCHOICE_V1ACERT 2
323# define CMS_CERTCHOICE_V2ACERT 3
324# define CMS_CERTCHOICE_OTHER 4
325
326struct CMS_OtherCertificateFormat_st {
327 ASN1_OBJECT *otherCertFormat;
328 ASN1_TYPE *otherCert;
329};
330
331/*
332 * This is also defined in pkcs7.h but we duplicate it to allow the CMS code
333 * to be independent of PKCS#7
334 */
335
336struct CMS_IssuerAndSerialNumber_st {
337 X509_NAME *issuer;
338 ASN1_INTEGER *serialNumber;
339};
340
341struct CMS_OtherKeyAttribute_st {
342 ASN1_OBJECT *keyAttrId;
343 ASN1_TYPE *keyAttr;
344};
345
346/* ESS structures */
347
348struct CMS_ReceiptRequest_st {
349 ASN1_OCTET_STRING *signedContentIdentifier;
350 CMS_ReceiptsFrom *receiptsFrom;
351 STACK_OF(GENERAL_NAMES) *receiptsTo;
352};
353
354struct CMS_ReceiptsFrom_st {
355 int type;
356 union {
357 int32_t allOrFirstTier;
358 STACK_OF(GENERAL_NAMES) *receiptList;
359 } d;
360};
361
362struct CMS_Receipt_st {
363 int32_t version;
364 ASN1_OBJECT *contentType;
365 ASN1_OCTET_STRING *signedContentIdentifier;
366 ASN1_OCTET_STRING *originatorSignatureValue;
367};
368
369DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
370DECLARE_ASN1_ITEM(CMS_SignerInfo)
371DECLARE_ASN1_ITEM(CMS_IssuerAndSerialNumber)
372DECLARE_ASN1_ITEM(CMS_Attributes_Sign)
373DECLARE_ASN1_ITEM(CMS_Attributes_Verify)
374DECLARE_ASN1_ITEM(CMS_RecipientInfo)
375DECLARE_ASN1_ITEM(CMS_PasswordRecipientInfo)
376DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_IssuerAndSerialNumber)
377
378# define CMS_SIGNERINFO_ISSUER_SERIAL 0
379# define CMS_SIGNERINFO_KEYIDENTIFIER 1
380
381# define CMS_RECIPINFO_ISSUER_SERIAL 0
382# define CMS_RECIPINFO_KEYIDENTIFIER 1
383
384# define CMS_REK_ISSUER_SERIAL 0
385# define CMS_REK_KEYIDENTIFIER 1
386
387# define CMS_OIK_ISSUER_SERIAL 0
388# define CMS_OIK_KEYIDENTIFIER 1
389# define CMS_OIK_PUBKEY 2
390
391BIO *ossl_cms_content_bio(CMS_ContentInfo *cms);
392const CMS_CTX *ossl_cms_get0_cmsctx(const CMS_ContentInfo *cms);
393OSSL_LIB_CTX *ossl_cms_ctx_get0_libctx(const CMS_CTX *ctx);
394const char *ossl_cms_ctx_get0_propq(const CMS_CTX *ctx);
395void ossl_cms_resolve_libctx(CMS_ContentInfo *ci);
396
397CMS_ContentInfo *ossl_cms_Data_create(OSSL_LIB_CTX *ctx, const char *propq);
398
399CMS_ContentInfo *ossl_cms_DigestedData_create(const EVP_MD *md,
400 OSSL_LIB_CTX *libctx,
401 const char *propq);
402BIO *ossl_cms_DigestedData_init_bio(const CMS_ContentInfo *cms);
403int ossl_cms_DigestedData_do_final(const CMS_ContentInfo *cms,
404 BIO *chain, int verify);
405
406BIO *ossl_cms_SignedData_init_bio(CMS_ContentInfo *cms);
407int ossl_cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain);
408int ossl_cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert,
409 int type, const CMS_CTX *ctx);
410int ossl_cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid,
411 ASN1_OCTET_STRING **keyid,
412 X509_NAME **issuer,
413 ASN1_INTEGER **sno);
414int ossl_cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert);
415
416CMS_ContentInfo *ossl_cms_CompressedData_create(int comp_nid,
417 OSSL_LIB_CTX *libctx,
418 const char *propq);
419BIO *ossl_cms_CompressedData_init_bio(const CMS_ContentInfo *cms);
420
421BIO *ossl_cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm,
422 const CMS_CTX *ctx);
423int ossl_cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
424 X509_ALGOR *mdalg);
425
426int ossl_cms_ias_cert_cmp(CMS_IssuerAndSerialNumber *ias, X509 *cert);
427int ossl_cms_keyid_cert_cmp(ASN1_OCTET_STRING *keyid, X509 *cert);
428int ossl_cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert);
429int ossl_cms_set1_keyid(ASN1_OCTET_STRING **pkeyid, X509 *cert);
430
431BIO *ossl_cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec,
432 const CMS_CTX *ctx);
433BIO *ossl_cms_EncryptedData_init_bio(const CMS_ContentInfo *cms);
434int ossl_cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec,
435 const EVP_CIPHER *cipher,
436 const unsigned char *key, size_t keylen,
437 const CMS_CTX *ctx);
438
439int ossl_cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms);
440int ossl_cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src);
441ASN1_OCTET_STRING *ossl_cms_encode_Receipt(CMS_SignerInfo *si);
442
443BIO *ossl_cms_EnvelopedData_init_bio(CMS_ContentInfo *cms);
444int ossl_cms_EnvelopedData_final(CMS_ContentInfo *cms, BIO *chain);
445BIO *ossl_cms_AuthEnvelopedData_init_bio(CMS_ContentInfo *cms);
446int ossl_cms_AuthEnvelopedData_final(CMS_ContentInfo *cms, BIO *cmsbio);
447void ossl_cms_env_enc_content_free(const CMS_ContentInfo *cinf);
448CMS_EnvelopedData *ossl_cms_get0_enveloped(CMS_ContentInfo *cms);
449CMS_AuthEnvelopedData *ossl_cms_get0_auth_enveloped(CMS_ContentInfo *cms);
450CMS_EncryptedContentInfo *ossl_cms_get0_env_enc_content(const CMS_ContentInfo *cms);
451
452/* RecipientInfo routines */
453int ossl_cms_env_asn1_ctrl(CMS_RecipientInfo *ri, int cmd);
454int ossl_cms_pkey_get_ri_type(EVP_PKEY *pk);
455int ossl_cms_pkey_is_ri_type_supported(EVP_PKEY *pk, int ri_type);
456
457void ossl_cms_RecipientInfos_set_cmsctx(CMS_ContentInfo *cms);
458
459/* KARI routines */
460int ossl_cms_RecipientInfo_kari_init(CMS_RecipientInfo *ri, X509 *recip,
461 EVP_PKEY *recipPubKey, X509 *originator,
462 EVP_PKEY *originatorPrivKey,
463 unsigned int flags,
464 const CMS_CTX *ctx);
465int ossl_cms_RecipientInfo_kari_encrypt(const CMS_ContentInfo *cms,
466 CMS_RecipientInfo *ri);
467
468/* PWRI routines */
469int ossl_cms_RecipientInfo_pwri_crypt(const CMS_ContentInfo *cms,
470 CMS_RecipientInfo *ri, int en_de);
471/* SignerInfo routines */
472int ossl_cms_si_check_attributes(const CMS_SignerInfo *si);
473void ossl_cms_SignerInfos_set_cmsctx(CMS_ContentInfo *cms);
474
475
476/* ESS routines */
477int ossl_cms_check_signing_certs(const CMS_SignerInfo *si,
478 const STACK_OF(X509) *chain);
479
480int ossl_cms_dh_envelope(CMS_RecipientInfo *ri, int decrypt);
481int ossl_cms_ecdh_envelope(CMS_RecipientInfo *ri, int decrypt);
482int ossl_cms_rsa_envelope(CMS_RecipientInfo *ri, int decrypt);
483int ossl_cms_rsa_sign(CMS_SignerInfo *si, int verify);
484
485DECLARE_ASN1_ITEM(CMS_CertificateChoices)
486DECLARE_ASN1_ITEM(CMS_DigestedData)
487DECLARE_ASN1_ITEM(CMS_EncryptedData)
488DECLARE_ASN1_ITEM(CMS_EnvelopedData)
489DECLARE_ASN1_ITEM(CMS_AuthEnvelopedData)
490DECLARE_ASN1_ITEM(CMS_KEKRecipientInfo)
491DECLARE_ASN1_ITEM(CMS_KeyAgreeRecipientInfo)
492DECLARE_ASN1_ITEM(CMS_KeyTransRecipientInfo)
493DECLARE_ASN1_ITEM(CMS_OriginatorPublicKey)
494DECLARE_ASN1_ITEM(CMS_OtherKeyAttribute)
495DECLARE_ASN1_ITEM(CMS_Receipt)
496DECLARE_ASN1_ITEM(CMS_ReceiptRequest)
497DECLARE_ASN1_ITEM(CMS_RecipientEncryptedKey)
498DECLARE_ASN1_ITEM(CMS_RecipientKeyIdentifier)
499DECLARE_ASN1_ITEM(CMS_RevocationInfoChoice)
500DECLARE_ASN1_ITEM(CMS_SignedData)
501DECLARE_ASN1_ITEM(CMS_CompressedData)
502
503#endif
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette