include/openssl/cms.h

   1 /*
   2  * Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved.
   3  *
   4  * Licensed under the Apache License 2.0 (the "License").  You may not use
   5  * this file except in compliance with the License.  You can obtain a copy
   6  * in the file LICENSE in the source distribution or at
   7  * https://www.openssl.org/source/license.html
   8  */
   9
  10 #ifndef HEADER_CMS_H
  11 # define HEADER_CMS_H
  12
  13 # include <openssl/opensslconf.h>
  14
  15 # ifndef OPENSSL_NO_CMS
  16 # include <openssl/x509.h>
  17 # include <openssl/x509v3.h>
  18 # include <openssl/cmserr.h>
  19 # ifdef __cplusplus
  20 extern "C" {
  21 # endif
  22
  23 typedef struct CMS_ContentInfo_st CMS_ContentInfo;
  24 typedef struct CMS_SignerInfo_st CMS_SignerInfo;
  25 typedef struct CMS_CertificateChoices CMS_CertificateChoices;
  26 typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice;
  27 typedef struct CMS_RecipientInfo_st CMS_RecipientInfo;
  28 typedef struct CMS_ReceiptRequest_st CMS_ReceiptRequest;
  29 typedef struct CMS_Receipt_st CMS_Receipt;
  30 typedef struct CMS_RecipientEncryptedKey_st CMS_RecipientEncryptedKey;
  31 typedef struct CMS_OtherKeyAttribute_st CMS_OtherKeyAttribute;
  32
  33 DEFINE_STACK_OF(CMS_SignerInfo)
  34 DEFINE_STACK_OF(CMS_RecipientEncryptedKey)
  35 DEFINE_STACK_OF(CMS_RecipientInfo)
  36 DEFINE_STACK_OF(CMS_RevocationInfoChoice)
  37 DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
  38 DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest)
  39 DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
  40
  41 # define CMS_SIGNERINFO_ISSUER_SERIAL    0
  42 # define CMS_SIGNERINFO_KEYIDENTIFIER    1
  43
  44 # define CMS_RECIPINFO_NONE              -1
  45 # define CMS_RECIPINFO_TRANS             0
  46 # define CMS_RECIPINFO_AGREE             1
  47 # define CMS_RECIPINFO_KEK               2
  48 # define CMS_RECIPINFO_PASS              3
  49 # define CMS_RECIPINFO_OTHER             4
  50
  51 /* S/MIME related flags */
  52
  53 # define CMS_TEXT                        0x1
  54 # define CMS_NOCERTS                     0x2
  55 # define CMS_NO_CONTENT_VERIFY           0x4
  56 # define CMS_NO_ATTR_VERIFY              0x8
  57 # define CMS_NOSIGS                      \
  58                         (CMS_NO_CONTENT_VERIFY|CMS_NO_ATTR_VERIFY)
  59 # define CMS_NOINTERN                    0x10
  60 # define CMS_NO_SIGNER_CERT_VERIFY       0x20
  61 # define CMS_NOVERIFY                    0x20
  62 # define CMS_DETACHED                    0x40
  63 # define CMS_BINARY                      0x80
  64 # define CMS_NOATTR                      0x100
  65 # define CMS_NOSMIMECAP                  0x200
  66 # define CMS_NOOLDMIMETYPE               0x400
  67 # define CMS_CRLFEOL                     0x800
  68 # define CMS_STREAM                      0x1000
  69 # define CMS_NOCRL                       0x2000
  70 # define CMS_PARTIAL                     0x4000
  71 # define CMS_REUSE_DIGEST                0x8000
  72 # define CMS_USE_KEYID                   0x10000
  73 # define CMS_DEBUG_DECRYPT               0x20000
  74 # define CMS_KEY_PARAM                   0x40000
  75 # define CMS_ASCIICRLF                   0x80000
  76 # define CMS_CADES                       0x100000
  77
  78 const ASN1_OBJECT *CMS_get0_type(const CMS_ContentInfo *cms);
  79
  80 BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont);
  81 int CMS_dataFinal(CMS_ContentInfo *cms, BIO *bio);
  82
  83 ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms);
  84 int CMS_is_detached(CMS_ContentInfo *cms);
  85 int CMS_set_detached(CMS_ContentInfo *cms, int detached);
  86
  87 # ifdef HEADER_PEM_H
  88 DECLARE_PEM_rw_const(CMS, CMS_ContentInfo)
  89 # endif
  90 int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms);
  91 CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms);
  92 int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms);
  93
  94 BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms);
  95 int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags);
  96 int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in,
  97                              int flags);
  98 CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont);
  99 int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);
 100
 101 int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont,
 102               unsigned int flags);
 103
 104 CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
 105                           STACK_OF(X509) *certs, BIO *data,
 106                           unsigned int flags);
 107
 108 CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
 109                                   X509 *signcert, EVP_PKEY *pkey,
 110                                   STACK_OF(X509) *certs, unsigned int flags);
 111
 112 int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags);
 113 CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags);
 114
 115 int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
 116                       unsigned int flags);
 117 CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
 118                                    unsigned int flags);
 119
 120 int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
 121                               const unsigned char *key, size_t keylen,
 122                               BIO *dcont, BIO *out, unsigned int flags);
 123
 124 CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
 125                                            const unsigned char *key,
 126                                            size_t keylen, unsigned int flags);
 127
 128 int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
 129                                const unsigned char *key, size_t keylen);
 130
 131 int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
 132                X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags);
 133
 134 int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms,
 135                        STACK_OF(X509) *certs,
 136                        X509_STORE *store, unsigned int flags);
 137
 138 STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms);
 139
 140 CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
 141                              const EVP_CIPHER *cipher, unsigned int flags);
 142
 143 int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
 144                 BIO *dcont, BIO *out, unsigned int flags);
 145
 146 int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert);
 147 int CMS_decrypt_set1_key(CMS_ContentInfo *cms,
 148                          unsigned char *key, size_t keylen,
 149                          const unsigned char *id, size_t idlen);
 150 int CMS_decrypt_set1_password(CMS_ContentInfo *cms,
 151                               unsigned char *pass, ossl_ssize_t passlen);
 152
 153 STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms);
 154 int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
 155 EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri);
 156 CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher);
 157 CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
 158                                            X509 *recip, unsigned int flags);
 159 int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey);
 160 int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert);
 161 int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri,
 162                                      EVP_PKEY **pk, X509 **recip,
 163                                      X509_ALGOR **palg);
 164 int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
 165                                           ASN1_OCTET_STRING **keyid,
 166                                           X509_NAME **issuer,
 167                                           ASN1_INTEGER **sno);
 168
 169 CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
 170                                           unsigned char *key, size_t keylen,
 171                                           unsigned char *id, size_t idlen,
 172                                           ASN1_GENERALIZEDTIME *date,
 173                                           ASN1_OBJECT *otherTypeId,
 174                                           ASN1_TYPE *otherType);
 175
 176 int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri,
 177                                     X509_ALGOR **palg,
 178                                     ASN1_OCTET_STRING **pid,
 179                                     ASN1_GENERALIZEDTIME **pdate,
 180                                     ASN1_OBJECT **potherid,
 181                                     ASN1_TYPE **pothertype);
 182
 183 int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri,
 184                                unsigned char *key, size_t keylen);
 185
 186 int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri,
 187                                    const unsigned char *id, size_t idlen);
 188
 189 int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri,
 190                                     unsigned char *pass,
 191                                     ossl_ssize_t passlen);
 192
 193 CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
 194                                                int iter, int wrap_nid,
 195                                                int pbe_nid,
 196                                                unsigned char *pass,
 197                                                ossl_ssize_t passlen,
 198                                                const EVP_CIPHER *kekciph);
 199
 200 int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
 201 int CMS_RecipientInfo_encrypt(const CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
 202
 203 int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
 204                    unsigned int flags);
 205 CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags);
 206
 207 int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid);
 208 const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms);
 209
 210 CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms);
 211 int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert);
 212 int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert);
 213 STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms);
 214
 215 CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms);
 216 int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl);
 217 int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl);
 218 STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms);
 219
 220 int CMS_SignedData_init(CMS_ContentInfo *cms);
 221 CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
 222                                 X509 *signer, EVP_PKEY *pk, const EVP_MD *md,
 223                                 unsigned int flags);
 224 EVP_PKEY_CTX *CMS_SignerInfo_get0_pkey_ctx(CMS_SignerInfo *si);
 225 EVP_MD_CTX *CMS_SignerInfo_get0_md_ctx(CMS_SignerInfo *si);
 226 STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms);
 227
 228 void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer);
 229 int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si,
 230                                   ASN1_OCTET_STRING **keyid,
 231                                   X509_NAME **issuer, ASN1_INTEGER **sno);
 232 int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert);
 233 int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
 234                            unsigned int flags);
 235 void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk,
 236                               X509 **signer, X509_ALGOR **pdig,
 237                               X509_ALGOR **psig);
 238 ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si);
 239 int CMS_SignerInfo_sign(CMS_SignerInfo *si);
 240 int CMS_SignerInfo_verify(CMS_SignerInfo *si);
 241 int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain);
 242
 243 int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs);
 244 int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
 245                             int algnid, int keysize);
 246 int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap);
 247
 248 int CMS_signed_get_attr_count(const CMS_SignerInfo *si);
 249 int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
 250                                int lastpos);
 251 int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, const ASN1_OBJECT *obj,
 252                                int lastpos);
 253 X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc);
 254 X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc);
 255 int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr);
 256 int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si,
 257                                 const ASN1_OBJECT *obj, int type,
 258                                 const void *bytes, int len);
 259 int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si,
 260                                 int nid, int type,
 261                                 const void *bytes, int len);
 262 int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si,
 263                                 const char *attrname, int type,
 264                                 const void *bytes, int len);
 265 void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, const ASN1_OBJECT *oid,
 266                                   int lastpos, int type);
 267
 268 int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si);
 269 int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
 270                                  int lastpos);
 271 int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si,
 272                                  const ASN1_OBJECT *obj, int lastpos);
 273 X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc);
 274 X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc);
 275 int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr);
 276 int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si,
 277                                   const ASN1_OBJECT *obj, int type,
 278                                   const void *bytes, int len);
 279 int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si,
 280                                   int nid, int type,
 281                                   const void *bytes, int len);
 282 int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si,
 283                                   const char *attrname, int type,
 284                                   const void *bytes, int len);
 285 void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
 286                                     int lastpos, int type);
 287
 288 int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr);
 289 CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
 290                                                int allorfirst,
 291                                                STACK_OF(GENERAL_NAMES)
 292                                                *receiptList, STACK_OF(GENERAL_NAMES)
 293                                                *receiptsTo);
 294 int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
 295 void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
 296                                     ASN1_STRING **pcid,
 297                                     int *pallorfirst,
 298                                     STACK_OF(GENERAL_NAMES) **plist,
 299                                     STACK_OF(GENERAL_NAMES) **prto);
 300 int CMS_RecipientInfo_kari_get0_alg(CMS_RecipientInfo *ri,
 301                                     X509_ALGOR **palg,
 302                                     ASN1_OCTET_STRING **pukm);
 303 STACK_OF(CMS_RecipientEncryptedKey)
 304 *CMS_RecipientInfo_kari_get0_reks(CMS_RecipientInfo *ri);
 305
 306 int CMS_RecipientInfo_kari_get0_orig_id(CMS_RecipientInfo *ri,
 307                                         X509_ALGOR **pubalg,
 308                                         ASN1_BIT_STRING **pubkey,
 309                                         ASN1_OCTET_STRING **keyid,
 310                                         X509_NAME **issuer,
 311                                         ASN1_INTEGER **sno);
 312
 313 int CMS_RecipientInfo_kari_orig_id_cmp(CMS_RecipientInfo *ri, X509 *cert);
 314
 315 int CMS_RecipientEncryptedKey_get0_id(CMS_RecipientEncryptedKey *rek,
 316                                       ASN1_OCTET_STRING **keyid,
 317                                       ASN1_GENERALIZEDTIME **tm,
 318                                       CMS_OtherKeyAttribute **other,
 319                                       X509_NAME **issuer, ASN1_INTEGER **sno);
 320 int CMS_RecipientEncryptedKey_cert_cmp(CMS_RecipientEncryptedKey *rek,
 321                                        X509 *cert);
 322 int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk);
 323 EVP_CIPHER_CTX *CMS_RecipientInfo_kari_get0_ctx(CMS_RecipientInfo *ri);
 324 int CMS_RecipientInfo_kari_decrypt(CMS_ContentInfo *cms,
 325                                    CMS_RecipientInfo *ri,
 326                                    CMS_RecipientEncryptedKey *rek);
 327
 328 int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg,
 329                           ASN1_OCTET_STRING *ukm, int keylen);
 330
 331 /* Backward compatibility for spelling errors. */
 332 # define CMS_R_UNKNOWN_DIGEST_ALGORITM CMS_R_UNKNOWN_DIGEST_ALGORITHM
 333 # define CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE \
 334     CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE
 335
 336 #  ifdef  __cplusplus
 337 }
 338 #  endif
 339 # endif
 340 #endif