crypto/cms: Add support for CAdES Basic Electronic Signatures (CAdES-BES)
[openssl.git] / include / openssl / cms.h
1 /*
2  * Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9
10 #ifndef HEADER_CMS_H
11 # define HEADER_CMS_H
12
13 # include <openssl/opensslconf.h>
14
15 # ifndef OPENSSL_NO_CMS
16 # include <openssl/x509.h>
17 # include <openssl/x509v3.h>
18 # include <openssl/cmserr.h>
19 # include <openssl/ess.h>
20 # ifdef __cplusplus
21 extern "C" {
22 # endif
23
24 typedef struct CMS_ContentInfo_st CMS_ContentInfo;
25 typedef struct CMS_SignerInfo_st CMS_SignerInfo;
26 typedef struct CMS_CertificateChoices CMS_CertificateChoices;
27 typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice;
28 typedef struct CMS_RecipientInfo_st CMS_RecipientInfo;
29 typedef struct CMS_ReceiptRequest_st CMS_ReceiptRequest;
30 typedef struct CMS_Receipt_st CMS_Receipt;
31 typedef struct CMS_RecipientEncryptedKey_st CMS_RecipientEncryptedKey;
32 typedef struct CMS_OtherKeyAttribute_st CMS_OtherKeyAttribute;
33
34 DEFINE_STACK_OF(CMS_SignerInfo)
35 DEFINE_STACK_OF(CMS_RecipientEncryptedKey)
36 DEFINE_STACK_OF(CMS_RecipientInfo)
37 DEFINE_STACK_OF(CMS_RevocationInfoChoice)
38 DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
39 DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest)
40 DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
41
42 # define CMS_SIGNERINFO_ISSUER_SERIAL    0
43 # define CMS_SIGNERINFO_KEYIDENTIFIER    1
44
45 # define CMS_RECIPINFO_NONE              -1
46 # define CMS_RECIPINFO_TRANS             0
47 # define CMS_RECIPINFO_AGREE             1
48 # define CMS_RECIPINFO_KEK               2
49 # define CMS_RECIPINFO_PASS              3
50 # define CMS_RECIPINFO_OTHER             4
51
52 /* S/MIME related flags */
53
54 # define CMS_TEXT                        0x1
55 # define CMS_NOCERTS                     0x2
56 # define CMS_NO_CONTENT_VERIFY           0x4
57 # define CMS_NO_ATTR_VERIFY              0x8
58 # define CMS_NOSIGS                      \
59                         (CMS_NO_CONTENT_VERIFY|CMS_NO_ATTR_VERIFY)
60 # define CMS_NOINTERN                    0x10
61 # define CMS_NO_SIGNER_CERT_VERIFY       0x20
62 # define CMS_NOVERIFY                    0x20
63 # define CMS_DETACHED                    0x40
64 # define CMS_BINARY                      0x80
65 # define CMS_NOATTR                      0x100
66 # define CMS_NOSMIMECAP                  0x200
67 # define CMS_NOOLDMIMETYPE               0x400
68 # define CMS_CRLFEOL                     0x800
69 # define CMS_STREAM                      0x1000
70 # define CMS_NOCRL                       0x2000
71 # define CMS_PARTIAL                     0x4000
72 # define CMS_REUSE_DIGEST                0x8000
73 # define CMS_USE_KEYID                   0x10000
74 # define CMS_DEBUG_DECRYPT               0x20000
75 # define CMS_KEY_PARAM                   0x40000
76 # define CMS_ASCIICRLF                   0x80000
77 # define CMS_CADES                       0x100000
78
79 const ASN1_OBJECT *CMS_get0_type(const CMS_ContentInfo *cms);
80
81 BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont);
82 int CMS_dataFinal(CMS_ContentInfo *cms, BIO *bio);
83
84 ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms);
85 int CMS_is_detached(CMS_ContentInfo *cms);
86 int CMS_set_detached(CMS_ContentInfo *cms, int detached);
87
88 # ifdef HEADER_PEM_H
89 DECLARE_PEM_rw_const(CMS, CMS_ContentInfo)
90 # endif
91 int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms);
92 CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms);
93 int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms);
94
95 BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms);
96 int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags);
97 int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in,
98                              int flags);
99 CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont);
100 int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);
101
102 int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont,
103               unsigned int flags);
104
105 CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
106                           STACK_OF(X509) *certs, BIO *data,
107                           unsigned int flags);
108
109 CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
110                                   X509 *signcert, EVP_PKEY *pkey,
111                                   STACK_OF(X509) *certs, unsigned int flags);
112
113 int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags);
114 CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags);
115
116 int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
117                       unsigned int flags);
118 CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
119                                    unsigned int flags);
120
121 int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
122                               const unsigned char *key, size_t keylen,
123                               BIO *dcont, BIO *out, unsigned int flags);
124
125 CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
126                                            const unsigned char *key,
127                                            size_t keylen, unsigned int flags);
128
129 int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
130                                const unsigned char *key, size_t keylen);
131
132 int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
133                X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags);
134
135 int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms,
136                        STACK_OF(X509) *certs,
137                        X509_STORE *store, unsigned int flags);
138
139 STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms);
140
141 CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
142                              const EVP_CIPHER *cipher, unsigned int flags);
143
144 int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
145                 BIO *dcont, BIO *out, unsigned int flags);
146
147 int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert);
148 int CMS_decrypt_set1_key(CMS_ContentInfo *cms,
149                          unsigned char *key, size_t keylen,
150                          const unsigned char *id, size_t idlen);
151 int CMS_decrypt_set1_password(CMS_ContentInfo *cms,
152                               unsigned char *pass, ossl_ssize_t passlen);
153
154 STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms);
155 int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
156 EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri);
157 CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher);
158 CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
159                                            X509 *recip, unsigned int flags);
160 int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey);
161 int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert);
162 int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri,
163                                      EVP_PKEY **pk, X509 **recip,
164                                      X509_ALGOR **palg);
165 int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
166                                           ASN1_OCTET_STRING **keyid,
167                                           X509_NAME **issuer,
168                                           ASN1_INTEGER **sno);
169
170 CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
171                                           unsigned char *key, size_t keylen,
172                                           unsigned char *id, size_t idlen,
173                                           ASN1_GENERALIZEDTIME *date,
174                                           ASN1_OBJECT *otherTypeId,
175                                           ASN1_TYPE *otherType);
176
177 int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri,
178                                     X509_ALGOR **palg,
179                                     ASN1_OCTET_STRING **pid,
180                                     ASN1_GENERALIZEDTIME **pdate,
181                                     ASN1_OBJECT **potherid,
182                                     ASN1_TYPE **pothertype);
183
184 int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri,
185                                unsigned char *key, size_t keylen);
186
187 int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri,
188                                    const unsigned char *id, size_t idlen);
189
190 int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri,
191                                     unsigned char *pass,
192                                     ossl_ssize_t passlen);
193
194 CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
195                                                int iter, int wrap_nid,
196                                                int pbe_nid,
197                                                unsigned char *pass,
198                                                ossl_ssize_t passlen,
199                                                const EVP_CIPHER *kekciph);
200
201 int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
202 int CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
203
204 int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
205                    unsigned int flags);
206 CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags);
207
208 int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid);
209 const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms);
210
211 CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms);
212 int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert);
213 int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert);
214 STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms);
215
216 CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms);
217 int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl);
218 int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl);
219 STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms);
220
221 int CMS_SignedData_init(CMS_ContentInfo *cms);
222 CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
223                                 X509 *signer, EVP_PKEY *pk, const EVP_MD *md,
224                                 unsigned int flags);
225 EVP_PKEY_CTX *CMS_SignerInfo_get0_pkey_ctx(CMS_SignerInfo *si);
226 EVP_MD_CTX *CMS_SignerInfo_get0_md_ctx(CMS_SignerInfo *si);
227 STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms);
228
229 void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer);
230 int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si,
231                                   ASN1_OCTET_STRING **keyid,
232                                   X509_NAME **issuer, ASN1_INTEGER **sno);
233 int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert);
234 int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
235                            unsigned int flags);
236 void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk,
237                               X509 **signer, X509_ALGOR **pdig,
238                               X509_ALGOR **psig);
239 ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si);
240 int CMS_SignerInfo_sign(CMS_SignerInfo *si);
241 int CMS_SignerInfo_verify(CMS_SignerInfo *si);
242 int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain);
243
244 int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs);
245 int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
246                             int algnid, int keysize);
247 int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap);
248
249 int CMS_signed_get_attr_count(const CMS_SignerInfo *si);
250 int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
251                                int lastpos);
252 int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, const ASN1_OBJECT *obj,
253                                int lastpos);
254 X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc);
255 X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc);
256 int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr);
257 int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si,
258                                 const ASN1_OBJECT *obj, int type,
259                                 const void *bytes, int len);
260 int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si,
261                                 int nid, int type,
262                                 const void *bytes, int len);
263 int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si,
264                                 const char *attrname, int type,
265                                 const void *bytes, int len);
266 void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, const ASN1_OBJECT *oid,
267                                   int lastpos, int type);
268
269 int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si);
270 int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
271                                  int lastpos);
272 int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si,
273                                  const ASN1_OBJECT *obj, int lastpos);
274 X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc);
275 X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc);
276 int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr);
277 int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si,
278                                   const ASN1_OBJECT *obj, int type,
279                                   const void *bytes, int len);
280 int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si,
281                                   int nid, int type,
282                                   const void *bytes, int len);
283 int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si,
284                                   const char *attrname, int type,
285                                   const void *bytes, int len);
286 void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
287                                     int lastpos, int type);
288 int CMS_add1_signing_cert(CMS_SignerInfo *si, ESS_SIGNING_CERT *sc);
289 int CMS_add1_signing_cert_v2(CMS_SignerInfo *si, ESS_SIGNING_CERT_V2 *sc);
290
291 # ifdef HEADER_X509V3_H
292
293 int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr);
294 CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
295                                                int allorfirst,
296                                                STACK_OF(GENERAL_NAMES)
297                                                *receiptList, STACK_OF(GENERAL_NAMES)
298                                                *receiptsTo);
299 int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
300 void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
301                                     ASN1_STRING **pcid,
302                                     int *pallorfirst,
303                                     STACK_OF(GENERAL_NAMES) **plist,
304                                     STACK_OF(GENERAL_NAMES) **prto);
305 # endif
306 int CMS_RecipientInfo_kari_get0_alg(CMS_RecipientInfo *ri,
307                                     X509_ALGOR **palg,
308                                     ASN1_OCTET_STRING **pukm);
309 STACK_OF(CMS_RecipientEncryptedKey)
310 *CMS_RecipientInfo_kari_get0_reks(CMS_RecipientInfo *ri);
311
312 int CMS_RecipientInfo_kari_get0_orig_id(CMS_RecipientInfo *ri,
313                                         X509_ALGOR **pubalg,
314                                         ASN1_BIT_STRING **pubkey,
315                                         ASN1_OCTET_STRING **keyid,
316                                         X509_NAME **issuer,
317                                         ASN1_INTEGER **sno);
318
319 int CMS_RecipientInfo_kari_orig_id_cmp(CMS_RecipientInfo *ri, X509 *cert);
320
321 int CMS_RecipientEncryptedKey_get0_id(CMS_RecipientEncryptedKey *rek,
322                                       ASN1_OCTET_STRING **keyid,
323                                       ASN1_GENERALIZEDTIME **tm,
324                                       CMS_OtherKeyAttribute **other,
325                                       X509_NAME **issuer, ASN1_INTEGER **sno);
326 int CMS_RecipientEncryptedKey_cert_cmp(CMS_RecipientEncryptedKey *rek,
327                                        X509 *cert);
328 int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk);
329 EVP_CIPHER_CTX *CMS_RecipientInfo_kari_get0_ctx(CMS_RecipientInfo *ri);
330 int CMS_RecipientInfo_kari_decrypt(CMS_ContentInfo *cms,
331                                    CMS_RecipientInfo *ri,
332                                    CMS_RecipientEncryptedKey *rek);
333
334 int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg,
335                           ASN1_OCTET_STRING *ukm, int keylen);
336
337 /* Backward compatibility for spelling errors. */
338 # define CMS_R_UNKNOWN_DIGEST_ALGORITM CMS_R_UNKNOWN_DIGEST_ALGORITHM
339 # define CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE \
340     CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE
341
342 #  ifdef  __cplusplus
343 }
344 #  endif
345 # endif
346 #endif