2 * Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
13 # include <openssl/opensslconf.h>
15 # ifndef OPENSSL_NO_CMS
16 # include <openssl/x509.h>
17 # include <openssl/x509v3.h>
18 # include <openssl/cmserr.h>
23 typedef struct CMS_ContentInfo_st CMS_ContentInfo;
24 typedef struct CMS_SignerInfo_st CMS_SignerInfo;
25 typedef struct CMS_CertificateChoices CMS_CertificateChoices;
26 typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice;
27 typedef struct CMS_RecipientInfo_st CMS_RecipientInfo;
28 typedef struct CMS_ReceiptRequest_st CMS_ReceiptRequest;
29 typedef struct CMS_Receipt_st CMS_Receipt;
30 typedef struct CMS_RecipientEncryptedKey_st CMS_RecipientEncryptedKey;
31 typedef struct CMS_OtherKeyAttribute_st CMS_OtherKeyAttribute;
33 DEFINE_STACK_OF(CMS_SignerInfo)
34 DEFINE_STACK_OF(CMS_RecipientEncryptedKey)
35 DEFINE_STACK_OF(CMS_RecipientInfo)
36 DEFINE_STACK_OF(CMS_RevocationInfoChoice)
37 DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
38 DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest)
39 DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
41 # define CMS_SIGNERINFO_ISSUER_SERIAL 0
42 # define CMS_SIGNERINFO_KEYIDENTIFIER 1
44 # define CMS_RECIPINFO_NONE -1
45 # define CMS_RECIPINFO_TRANS 0
46 # define CMS_RECIPINFO_AGREE 1
47 # define CMS_RECIPINFO_KEK 2
48 # define CMS_RECIPINFO_PASS 3
49 # define CMS_RECIPINFO_OTHER 4
51 /* S/MIME related flags */
54 # define CMS_NOCERTS 0x2
55 # define CMS_NO_CONTENT_VERIFY 0x4
56 # define CMS_NO_ATTR_VERIFY 0x8
58 (CMS_NO_CONTENT_VERIFY|CMS_NO_ATTR_VERIFY)
59 # define CMS_NOINTERN 0x10
60 # define CMS_NO_SIGNER_CERT_VERIFY 0x20
61 # define CMS_NOVERIFY 0x20
62 # define CMS_DETACHED 0x40
63 # define CMS_BINARY 0x80
64 # define CMS_NOATTR 0x100
65 # define CMS_NOSMIMECAP 0x200
66 # define CMS_NOOLDMIMETYPE 0x400
67 # define CMS_CRLFEOL 0x800
68 # define CMS_STREAM 0x1000
69 # define CMS_NOCRL 0x2000
70 # define CMS_PARTIAL 0x4000
71 # define CMS_REUSE_DIGEST 0x8000
72 # define CMS_USE_KEYID 0x10000
73 # define CMS_DEBUG_DECRYPT 0x20000
74 # define CMS_KEY_PARAM 0x40000
75 # define CMS_ASCIICRLF 0x80000
76 # define CMS_CADES 0x100000
78 const ASN1_OBJECT *CMS_get0_type(const CMS_ContentInfo *cms);
80 BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont);
81 int CMS_dataFinal(CMS_ContentInfo *cms, BIO *bio);
83 ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms);
84 int CMS_is_detached(CMS_ContentInfo *cms);
85 int CMS_set_detached(CMS_ContentInfo *cms, int detached);
88 DECLARE_PEM_rw_const(CMS, CMS_ContentInfo)
90 int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms);
91 CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms);
92 int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms);
94 BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms);
95 int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags);
96 int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in,
98 CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont);
99 int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);
101 int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont,
104 CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
105 STACK_OF(X509) *certs, BIO *data,
108 CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
109 X509 *signcert, EVP_PKEY *pkey,
110 STACK_OF(X509) *certs, unsigned int flags);
112 int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags);
113 CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags);
115 int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
117 CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
120 int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
121 const unsigned char *key, size_t keylen,
122 BIO *dcont, BIO *out, unsigned int flags);
124 CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
125 const unsigned char *key,
126 size_t keylen, unsigned int flags);
128 int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
129 const unsigned char *key, size_t keylen);
131 int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
132 X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags);
134 int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms,
135 STACK_OF(X509) *certs,
136 X509_STORE *store, unsigned int flags);
138 STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms);
140 CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
141 const EVP_CIPHER *cipher, unsigned int flags);
143 int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
144 BIO *dcont, BIO *out, unsigned int flags);
146 int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert);
147 int CMS_decrypt_set1_key(CMS_ContentInfo *cms,
148 unsigned char *key, size_t keylen,
149 const unsigned char *id, size_t idlen);
150 int CMS_decrypt_set1_password(CMS_ContentInfo *cms,
151 unsigned char *pass, ossl_ssize_t passlen);
153 STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms);
154 int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
155 EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri);
156 CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher);
157 CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
158 X509 *recip, unsigned int flags);
159 int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey);
160 int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert);
161 int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri,
162 EVP_PKEY **pk, X509 **recip,
164 int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
165 ASN1_OCTET_STRING **keyid,
169 CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
170 unsigned char *key, size_t keylen,
171 unsigned char *id, size_t idlen,
172 ASN1_GENERALIZEDTIME *date,
173 ASN1_OBJECT *otherTypeId,
174 ASN1_TYPE *otherType);
176 int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri,
178 ASN1_OCTET_STRING **pid,
179 ASN1_GENERALIZEDTIME **pdate,
180 ASN1_OBJECT **potherid,
181 ASN1_TYPE **pothertype);
183 int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri,
184 unsigned char *key, size_t keylen);
186 int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri,
187 const unsigned char *id, size_t idlen);
189 int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri,
191 ossl_ssize_t passlen);
193 CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
194 int iter, int wrap_nid,
197 ossl_ssize_t passlen,
198 const EVP_CIPHER *kekciph);
200 int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
201 int CMS_RecipientInfo_encrypt(const CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
203 int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
205 CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags);
207 int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid);
208 const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms);
210 CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms);
211 int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert);
212 int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert);
213 STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms);
215 CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms);
216 int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl);
217 int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl);
218 STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms);
220 int CMS_SignedData_init(CMS_ContentInfo *cms);
221 CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
222 X509 *signer, EVP_PKEY *pk, const EVP_MD *md,
224 EVP_PKEY_CTX *CMS_SignerInfo_get0_pkey_ctx(CMS_SignerInfo *si);
225 EVP_MD_CTX *CMS_SignerInfo_get0_md_ctx(CMS_SignerInfo *si);
226 STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms);
228 void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer);
229 int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si,
230 ASN1_OCTET_STRING **keyid,
231 X509_NAME **issuer, ASN1_INTEGER **sno);
232 int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert);
233 int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
235 void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk,
236 X509 **signer, X509_ALGOR **pdig,
238 ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si);
239 int CMS_SignerInfo_sign(CMS_SignerInfo *si);
240 int CMS_SignerInfo_verify(CMS_SignerInfo *si);
241 int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain);
243 int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs);
244 int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
245 int algnid, int keysize);
246 int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap);
248 int CMS_signed_get_attr_count(const CMS_SignerInfo *si);
249 int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
251 int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, const ASN1_OBJECT *obj,
253 X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc);
254 X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc);
255 int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr);
256 int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si,
257 const ASN1_OBJECT *obj, int type,
258 const void *bytes, int len);
259 int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si,
261 const void *bytes, int len);
262 int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si,
263 const char *attrname, int type,
264 const void *bytes, int len);
265 void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, const ASN1_OBJECT *oid,
266 int lastpos, int type);
268 int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si);
269 int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
271 int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si,
272 const ASN1_OBJECT *obj, int lastpos);
273 X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc);
274 X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc);
275 int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr);
276 int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si,
277 const ASN1_OBJECT *obj, int type,
278 const void *bytes, int len);
279 int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si,
281 const void *bytes, int len);
282 int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si,
283 const char *attrname, int type,
284 const void *bytes, int len);
285 void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
286 int lastpos, int type);
288 int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr);
289 CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
291 STACK_OF(GENERAL_NAMES)
292 *receiptList, STACK_OF(GENERAL_NAMES)
294 int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
295 void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
298 STACK_OF(GENERAL_NAMES) **plist,
299 STACK_OF(GENERAL_NAMES) **prto);
300 int CMS_RecipientInfo_kari_get0_alg(CMS_RecipientInfo *ri,
302 ASN1_OCTET_STRING **pukm);
303 STACK_OF(CMS_RecipientEncryptedKey)
304 *CMS_RecipientInfo_kari_get0_reks(CMS_RecipientInfo *ri);
306 int CMS_RecipientInfo_kari_get0_orig_id(CMS_RecipientInfo *ri,
308 ASN1_BIT_STRING **pubkey,
309 ASN1_OCTET_STRING **keyid,
313 int CMS_RecipientInfo_kari_orig_id_cmp(CMS_RecipientInfo *ri, X509 *cert);
315 int CMS_RecipientEncryptedKey_get0_id(CMS_RecipientEncryptedKey *rek,
316 ASN1_OCTET_STRING **keyid,
317 ASN1_GENERALIZEDTIME **tm,
318 CMS_OtherKeyAttribute **other,
319 X509_NAME **issuer, ASN1_INTEGER **sno);
320 int CMS_RecipientEncryptedKey_cert_cmp(CMS_RecipientEncryptedKey *rek,
322 int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk);
323 EVP_CIPHER_CTX *CMS_RecipientInfo_kari_get0_ctx(CMS_RecipientInfo *ri);
324 int CMS_RecipientInfo_kari_decrypt(CMS_ContentInfo *cms,
325 CMS_RecipientInfo *ri,
326 CMS_RecipientEncryptedKey *rek);
328 int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg,
329 ASN1_OCTET_STRING *ukm, int keylen);
331 /* Backward compatibility for spelling errors. */
332 # define CMS_R_UNKNOWN_DIGEST_ALGORITM CMS_R_UNKNOWN_DIGEST_ALGORITHM
333 # define CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE \
334 CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE