include/openssl/cms.h.in

   1 /*
   2  * {- join("\n * ", @autowarntext) -}
   3  *
   4  * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
   5  *
   6  * Licensed under the Apache License 2.0 (the "License").  You may not use
   7  * this file except in compliance with the License.  You can obtain a copy
   8  * in the file LICENSE in the source distribution or at
   9  * https://www.openssl.org/source/license.html
  10  */
  11
  12 {-
  13 use OpenSSL::stackhash qw(generate_stack_macros);
  14 -}
  15
  16 #ifndef OPENSSL_CMS_H
  17 # define OPENSSL_CMS_H
  18 # pragma once
  19
  20 # include <openssl/macros.h>
  21 # ifndef OPENSSL_NO_DEPRECATED_3_0
  22 #  define HEADER_CMS_H
  23 # endif
  24
  25 # include <openssl/opensslconf.h>
  26
  27 # ifndef OPENSSL_NO_CMS
  28 # include <openssl/x509.h>
  29 # include <openssl/x509v3.h>
  30 # include <openssl/cmserr.h>
  31 # ifdef __cplusplus
  32 extern "C" {
  33 # endif
  34
  35 typedef struct CMS_ContentInfo_st CMS_ContentInfo;
  36 typedef struct CMS_SignerInfo_st CMS_SignerInfo;
  37 typedef struct CMS_CertificateChoices CMS_CertificateChoices;
  38 typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice;
  39 typedef struct CMS_RecipientInfo_st CMS_RecipientInfo;
  40 typedef struct CMS_ReceiptRequest_st CMS_ReceiptRequest;
  41 typedef struct CMS_Receipt_st CMS_Receipt;
  42 typedef struct CMS_RecipientEncryptedKey_st CMS_RecipientEncryptedKey;
  43 typedef struct CMS_OtherKeyAttribute_st CMS_OtherKeyAttribute;
  44
  45 {-
  46     generate_stack_macros("CMS_SignerInfo")
  47     .generate_stack_macros("CMS_RecipientEncryptedKey")
  48     .generate_stack_macros("CMS_RecipientInfo")
  49     .generate_stack_macros("CMS_RevocationInfoChoice");
  50 -}
  51
  52 DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
  53 DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest)
  54 DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
  55
  56 CMS_ContentInfo *CMS_ContentInfo_new_ex(OSSL_LIB_CTX *libctx, const char *propq);
  57
  58 # define CMS_SIGNERINFO_ISSUER_SERIAL    0
  59 # define CMS_SIGNERINFO_KEYIDENTIFIER    1
  60
  61 # define CMS_RECIPINFO_NONE              -1
  62 # define CMS_RECIPINFO_TRANS             0
  63 # define CMS_RECIPINFO_AGREE             1
  64 # define CMS_RECIPINFO_KEK               2
  65 # define CMS_RECIPINFO_PASS              3
  66 # define CMS_RECIPINFO_OTHER             4
  67
  68 /* S/MIME related flags */
  69
  70 # define CMS_TEXT                        0x1
  71 # define CMS_NOCERTS                     0x2
  72 # define CMS_NO_CONTENT_VERIFY           0x4
  73 # define CMS_NO_ATTR_VERIFY              0x8
  74 # define CMS_NOSIGS                      \
  75                         (CMS_NO_CONTENT_VERIFY|CMS_NO_ATTR_VERIFY)
  76 # define CMS_NOINTERN                    0x10
  77 # define CMS_NO_SIGNER_CERT_VERIFY       0x20
  78 # define CMS_NOVERIFY                    0x20
  79 # define CMS_DETACHED                    0x40
  80 # define CMS_BINARY                      0x80
  81 # define CMS_NOATTR                      0x100
  82 # define CMS_NOSMIMECAP                  0x200
  83 # define CMS_NOOLDMIMETYPE               0x400
  84 # define CMS_CRLFEOL                     0x800
  85 # define CMS_STREAM                      0x1000
  86 # define CMS_NOCRL                       0x2000
  87 # define CMS_PARTIAL                     0x4000
  88 # define CMS_REUSE_DIGEST                0x8000
  89 # define CMS_USE_KEYID                   0x10000
  90 # define CMS_DEBUG_DECRYPT               0x20000
  91 # define CMS_KEY_PARAM                   0x40000
  92 # define CMS_ASCIICRLF                   0x80000
  93 # define CMS_CADES                       0x100000
  94 # define CMS_USE_ORIGINATOR_KEYID        0x200000
  95
  96 const ASN1_OBJECT *CMS_get0_type(const CMS_ContentInfo *cms);
  97
  98 BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont);
  99 int CMS_dataFinal(CMS_ContentInfo *cms, BIO *bio);
 100
 101 ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms);
 102 int CMS_is_detached(CMS_ContentInfo *cms);
 103 int CMS_set_detached(CMS_ContentInfo *cms, int detached);
 104
 105 # ifdef OPENSSL_PEM_H
 106 DECLARE_PEM_rw(CMS, CMS_ContentInfo)
 107 # endif
 108 int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms);
 109 CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms);
 110 int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms);
 111
 112 BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms);
 113 int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags);
 114 int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in,
 115                              int flags);
 116 CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont);
 117 CMS_ContentInfo *SMIME_read_CMS_ex(BIO *bio, int flags, BIO **bcont, CMS_ContentInfo **ci);
 118 int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);
 119
 120 int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont,
 121               unsigned int flags);
 122
 123 CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
 124                           STACK_OF(X509) *certs, BIO *data,
 125                           unsigned int flags);
 126 CMS_ContentInfo *CMS_sign_ex(X509 *signcert, EVP_PKEY *pkey,
 127                              STACK_OF(X509) *certs, BIO *data,
 128                              unsigned int flags, OSSL_LIB_CTX *ctx,
 129                              const char *propq);
 130
 131 CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
 132                                   X509 *signcert, EVP_PKEY *pkey,
 133                                   STACK_OF(X509) *certs, unsigned int flags);
 134
 135 int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags);
 136 CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags);
 137 CMS_ContentInfo *CMS_data_create_ex(BIO *in, unsigned int flags,
 138                                     OSSL_LIB_CTX *ctx, const char *propq);
 139
 140 int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
 141                       unsigned int flags);
 142 CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
 143                                    unsigned int flags);
 144 CMS_ContentInfo *CMS_digest_create_ex(BIO *in, const EVP_MD *md,
 145                                       unsigned int flags, OSSL_LIB_CTX *ctx,
 146                                       const char *propq);
 147
 148 int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
 149                               const unsigned char *key, size_t keylen,
 150                               BIO *dcont, BIO *out, unsigned int flags);
 151
 152 CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
 153                                            const unsigned char *key,
 154                                            size_t keylen, unsigned int flags);
 155 CMS_ContentInfo *CMS_EncryptedData_encrypt_ex(BIO *in, const EVP_CIPHER *cipher,
 156                                               const unsigned char *key,
 157                                               size_t keylen, unsigned int flags,
 158                                               OSSL_LIB_CTX *ctx,
 159                                               const char *propq);
 160
 161 int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
 162                                const unsigned char *key, size_t keylen);
 163
 164 int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
 165                X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags);
 166
 167 int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms,
 168                        STACK_OF(X509) *certs,
 169                        X509_STORE *store, unsigned int flags);
 170
 171 STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms);
 172
 173 CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
 174                              const EVP_CIPHER *cipher, unsigned int flags);
 175 CMS_ContentInfo *CMS_encrypt_ex(STACK_OF(X509) *certs, BIO *in,
 176                                 const EVP_CIPHER *cipher, unsigned int flags,
 177                                 OSSL_LIB_CTX *ctx, const char *propq);
 178
 179 int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
 180                 BIO *dcont, BIO *out, unsigned int flags);
 181
 182 int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert);
 183 int CMS_decrypt_set1_pkey_and_peer(CMS_ContentInfo *cms, EVP_PKEY *pk,
 184                                    X509 *cert, X509 *peer);
 185 int CMS_decrypt_set1_key(CMS_ContentInfo *cms,
 186                          unsigned char *key, size_t keylen,
 187                          const unsigned char *id, size_t idlen);
 188 int CMS_decrypt_set1_password(CMS_ContentInfo *cms,
 189                               unsigned char *pass, ossl_ssize_t passlen);
 190
 191 STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms);
 192 int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
 193 EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri);
 194 CMS_ContentInfo *CMS_AuthEnvelopedData_create(const EVP_CIPHER *cipher);
 195 CMS_ContentInfo *
 196 CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *ctx,
 197                                 const char *propq);
 198 CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher);
 199 CMS_ContentInfo *CMS_EnvelopedData_create_ex(const EVP_CIPHER *cipher,
 200                                              OSSL_LIB_CTX *ctx,
 201                                              const char *propq);
 202
 203 CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
 204                                            X509 *recip, unsigned int flags);
 205 CMS_RecipientInfo *CMS_add1_recipient(CMS_ContentInfo *cms, X509 *recip,
 206      EVP_PKEY *originatorPrivKey, X509 * originator, unsigned int flags);
 207 int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey);
 208 int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert);
 209 int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri,
 210                                      EVP_PKEY **pk, X509 **recip,
 211                                      X509_ALGOR **palg);
 212 int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
 213                                           ASN1_OCTET_STRING **keyid,
 214                                           X509_NAME **issuer,
 215                                           ASN1_INTEGER **sno);
 216
 217 CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
 218                                           unsigned char *key, size_t keylen,
 219                                           unsigned char *id, size_t idlen,
 220                                           ASN1_GENERALIZEDTIME *date,
 221                                           ASN1_OBJECT *otherTypeId,
 222                                           ASN1_TYPE *otherType);
 223
 224 int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri,
 225                                     X509_ALGOR **palg,
 226                                     ASN1_OCTET_STRING **pid,
 227                                     ASN1_GENERALIZEDTIME **pdate,
 228                                     ASN1_OBJECT **potherid,
 229                                     ASN1_TYPE **pothertype);
 230
 231 int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri,
 232                                unsigned char *key, size_t keylen);
 233
 234 int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri,
 235                                    const unsigned char *id, size_t idlen);
 236
 237 int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri,
 238                                     unsigned char *pass,
 239                                     ossl_ssize_t passlen);
 240
 241 CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
 242                                                int iter, int wrap_nid,
 243                                                int pbe_nid,
 244                                                unsigned char *pass,
 245                                                ossl_ssize_t passlen,
 246                                                const EVP_CIPHER *kekciph);
 247
 248 int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
 249 int CMS_RecipientInfo_encrypt(const CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
 250
 251 int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
 252                    unsigned int flags);
 253 CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags);
 254
 255 int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid);
 256 const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms);
 257
 258 CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms);
 259 int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert);
 260 int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert);
 261 STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms);
 262
 263 CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms);
 264 int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl);
 265 int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl);
 266 STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms);
 267
 268 int CMS_SignedData_init(CMS_ContentInfo *cms);
 269 CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
 270                                 X509 *signer, EVP_PKEY *pk, const EVP_MD *md,
 271                                 unsigned int flags);
 272 EVP_PKEY_CTX *CMS_SignerInfo_get0_pkey_ctx(CMS_SignerInfo *si);
 273 EVP_MD_CTX *CMS_SignerInfo_get0_md_ctx(CMS_SignerInfo *si);
 274 STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms);
 275
 276 void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer);
 277 int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si,
 278                                   ASN1_OCTET_STRING **keyid,
 279                                   X509_NAME **issuer, ASN1_INTEGER **sno);
 280 int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert);
 281 int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
 282                            unsigned int flags);
 283 void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk,
 284                               X509 **signer, X509_ALGOR **pdig,
 285                               X509_ALGOR **psig);
 286 ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si);
 287 int CMS_SignerInfo_sign(CMS_SignerInfo *si);
 288 int CMS_SignerInfo_verify(CMS_SignerInfo *si);
 289 int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain);
 290
 291 int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs);
 292 int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
 293                             int algnid, int keysize);
 294 int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap);
 295
 296 int CMS_signed_get_attr_count(const CMS_SignerInfo *si);
 297 int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
 298                                int lastpos);
 299 int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, const ASN1_OBJECT *obj,
 300                                int lastpos);
 301 X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc);
 302 X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc);
 303 int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr);
 304 int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si,
 305                                 const ASN1_OBJECT *obj, int type,
 306                                 const void *bytes, int len);
 307 int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si,
 308                                 int nid, int type,
 309                                 const void *bytes, int len);
 310 int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si,
 311                                 const char *attrname, int type,
 312                                 const void *bytes, int len);
 313 void *CMS_signed_get0_data_by_OBJ(const CMS_SignerInfo *si,
 314                                   const ASN1_OBJECT *oid,
 315                                   int lastpos, int type);
 316
 317 int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si);
 318 int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
 319                                  int lastpos);
 320 int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si,
 321                                  const ASN1_OBJECT *obj, int lastpos);
 322 X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc);
 323 X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc);
 324 int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr);
 325 int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si,
 326                                   const ASN1_OBJECT *obj, int type,
 327                                   const void *bytes, int len);
 328 int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si,
 329                                   int nid, int type,
 330                                   const void *bytes, int len);
 331 int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si,
 332                                   const char *attrname, int type,
 333                                   const void *bytes, int len);
 334 void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
 335                                     int lastpos, int type);
 336
 337 int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr);
 338 CMS_ReceiptRequest *CMS_ReceiptRequest_create0(
 339     unsigned char *id, int idlen, int allorfirst,
 340     STACK_OF(GENERAL_NAMES) *receiptList,
 341     STACK_OF(GENERAL_NAMES) *receiptsTo);
 342 CMS_ReceiptRequest *CMS_ReceiptRequest_create0_ex(
 343     unsigned char *id, int idlen, int allorfirst,
 344     STACK_OF(GENERAL_NAMES) *receiptList,
 345     STACK_OF(GENERAL_NAMES) *receiptsTo,
 346     OSSL_LIB_CTX *ctx);
 347
 348 int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
 349 void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
 350                                     ASN1_STRING **pcid,
 351                                     int *pallorfirst,
 352                                     STACK_OF(GENERAL_NAMES) **plist,
 353                                     STACK_OF(GENERAL_NAMES) **prto);
 354 int CMS_RecipientInfo_kari_get0_alg(CMS_RecipientInfo *ri,
 355                                     X509_ALGOR **palg,
 356                                     ASN1_OCTET_STRING **pukm);
 357 STACK_OF(CMS_RecipientEncryptedKey)
 358 *CMS_RecipientInfo_kari_get0_reks(CMS_RecipientInfo *ri);
 359
 360 int CMS_RecipientInfo_kari_get0_orig_id(CMS_RecipientInfo *ri,
 361                                         X509_ALGOR **pubalg,
 362                                         ASN1_BIT_STRING **pubkey,
 363                                         ASN1_OCTET_STRING **keyid,
 364                                         X509_NAME **issuer,
 365                                         ASN1_INTEGER **sno);
 366
 367 int CMS_RecipientInfo_kari_orig_id_cmp(CMS_RecipientInfo *ri, X509 *cert);
 368
 369 int CMS_RecipientEncryptedKey_get0_id(CMS_RecipientEncryptedKey *rek,
 370                                       ASN1_OCTET_STRING **keyid,
 371                                       ASN1_GENERALIZEDTIME **tm,
 372                                       CMS_OtherKeyAttribute **other,
 373                                       X509_NAME **issuer, ASN1_INTEGER **sno);
 374 int CMS_RecipientEncryptedKey_cert_cmp(CMS_RecipientEncryptedKey *rek,
 375                                        X509 *cert);
 376 int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk);
 377 int CMS_RecipientInfo_kari_set0_pkey_and_peer(CMS_RecipientInfo *ri, EVP_PKEY *pk, X509 *peer);
 378 EVP_CIPHER_CTX *CMS_RecipientInfo_kari_get0_ctx(CMS_RecipientInfo *ri);
 379 int CMS_RecipientInfo_kari_decrypt(CMS_ContentInfo *cms,
 380                                    CMS_RecipientInfo *ri,
 381                                    CMS_RecipientEncryptedKey *rek);
 382
 383 int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg,
 384                           ASN1_OCTET_STRING *ukm, int keylen);
 385
 386 /* Backward compatibility for spelling errors. */
 387 # define CMS_R_UNKNOWN_DIGEST_ALGORITM CMS_R_UNKNOWN_DIGEST_ALGORITHM
 388 # define CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE \
 389     CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE
 390
 391 #  ifdef  __cplusplus
 392 }
 393 #  endif
 394 # endif
 395 #endif