summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/cms/cms_lcl.h
diff options
context:
space:
mode:
authorjsing <>2019-08-10 15:55:20 +0000
committerjsing <>2019-08-10 15:55:20 +0000
commita0845ead6d459f388701fe3fe8fa27635f4885f1 (patch)
treecfa2d4e7280cbfe7b7007556c8dcab6691e87b83 /src/lib/libcrypto/cms/cms_lcl.h
parent38e170324f2dafb68786e79022ddafab241aad3d (diff)
downloadopenbsd-a0845ead6d459f388701fe3fe8fa27635f4885f1.tar.gz
openbsd-a0845ead6d459f388701fe3fe8fa27635f4885f1.tar.bz2
openbsd-a0845ead6d459f388701fe3fe8fa27635f4885f1.zip
Work towards supporting Cryptographic Message Syntax (CMS) in libcrypto.
Cryptographic Message Syntax (CMS) is a standard for cryptographically protecting messages, as defined in RFC 5652. It is derived from PKCS #7 version 1.5 and utilises various ASN.1 structures, making it complex and fairly heavyweight. Various protocols - including RPKI (RFC 6480) - have been built on top of it, which means it is necessary to support CMS, in order to support RPKI. This imports around 6,000 lines of code from OpenSSL 1.1.1, which is still under the original OpenSSL license. Further work will occur in tree. Requested by and discussed with many. ok deraadt@ tb@
Diffstat (limited to 'src/lib/libcrypto/cms/cms_lcl.h')
-rw-r--r--src/lib/libcrypto/cms/cms_lcl.h437
1 files changed, 437 insertions, 0 deletions
diff --git a/src/lib/libcrypto/cms/cms_lcl.h b/src/lib/libcrypto/cms/cms_lcl.h
new file mode 100644
index 0000000000..916fcbfbe1
--- /dev/null
+++ b/src/lib/libcrypto/cms/cms_lcl.h
@@ -0,0 +1,437 @@
1/*
2 * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10#ifndef HEADER_CMS_LCL_H
11# define HEADER_CMS_LCL_H
12
13# include <openssl/x509.h>
14
15/*
16 * Cryptographic message syntax (CMS) structures: taken from RFC3852
17 */
18
19/* Forward references */
20
21typedef struct CMS_IssuerAndSerialNumber_st CMS_IssuerAndSerialNumber;
22typedef struct CMS_EncapsulatedContentInfo_st CMS_EncapsulatedContentInfo;
23typedef struct CMS_SignerIdentifier_st CMS_SignerIdentifier;
24typedef struct CMS_SignedData_st CMS_SignedData;
25typedef struct CMS_OtherRevocationInfoFormat_st CMS_OtherRevocationInfoFormat;
26typedef struct CMS_OriginatorInfo_st CMS_OriginatorInfo;
27typedef struct CMS_EncryptedContentInfo_st CMS_EncryptedContentInfo;
28typedef struct CMS_EnvelopedData_st CMS_EnvelopedData;
29typedef struct CMS_DigestedData_st CMS_DigestedData;
30typedef struct CMS_EncryptedData_st CMS_EncryptedData;
31typedef struct CMS_AuthenticatedData_st CMS_AuthenticatedData;
32typedef struct CMS_CompressedData_st CMS_CompressedData;
33typedef struct CMS_OtherCertificateFormat_st CMS_OtherCertificateFormat;
34typedef struct CMS_KeyTransRecipientInfo_st CMS_KeyTransRecipientInfo;
35typedef struct CMS_OriginatorPublicKey_st CMS_OriginatorPublicKey;
36typedef struct CMS_OriginatorIdentifierOrKey_st CMS_OriginatorIdentifierOrKey;
37typedef struct CMS_KeyAgreeRecipientInfo_st CMS_KeyAgreeRecipientInfo;
38typedef struct CMS_RecipientKeyIdentifier_st CMS_RecipientKeyIdentifier;
39typedef struct CMS_KeyAgreeRecipientIdentifier_st
40 CMS_KeyAgreeRecipientIdentifier;
41typedef struct CMS_KEKIdentifier_st CMS_KEKIdentifier;
42typedef struct CMS_KEKRecipientInfo_st CMS_KEKRecipientInfo;
43typedef struct CMS_PasswordRecipientInfo_st CMS_PasswordRecipientInfo;
44typedef struct CMS_OtherRecipientInfo_st CMS_OtherRecipientInfo;
45typedef struct CMS_ReceiptsFrom_st CMS_ReceiptsFrom;
46
47struct CMS_ContentInfo_st {
48 ASN1_OBJECT *contentType;
49 union {
50 ASN1_OCTET_STRING *data;
51 CMS_SignedData *signedData;
52 CMS_EnvelopedData *envelopedData;
53 CMS_DigestedData *digestedData;
54 CMS_EncryptedData *encryptedData;
55 CMS_AuthenticatedData *authenticatedData;
56 CMS_CompressedData *compressedData;
57 ASN1_TYPE *other;
58 /* Other types ... */
59 void *otherData;
60 } d;
61};
62
63DEFINE_STACK_OF(CMS_CertificateChoices)
64
65struct CMS_SignedData_st {
66 int32_t version;
67 STACK_OF(X509_ALGOR) *digestAlgorithms;
68 CMS_EncapsulatedContentInfo *encapContentInfo;
69 STACK_OF(CMS_CertificateChoices) *certificates;
70 STACK_OF(CMS_RevocationInfoChoice) *crls;
71 STACK_OF(CMS_SignerInfo) *signerInfos;
72};
73
74struct CMS_EncapsulatedContentInfo_st {
75 ASN1_OBJECT *eContentType;
76 ASN1_OCTET_STRING *eContent;
77 /* Set to 1 if incomplete structure only part set up */
78 int partial;
79};
80
81struct CMS_SignerInfo_st {
82 int32_t version;
83 CMS_SignerIdentifier *sid;
84 X509_ALGOR *digestAlgorithm;
85 STACK_OF(X509_ATTRIBUTE) *signedAttrs;
86 X509_ALGOR *signatureAlgorithm;
87 ASN1_OCTET_STRING *signature;
88 STACK_OF(X509_ATTRIBUTE) *unsignedAttrs;
89 /* Signing certificate and key */
90 X509 *signer;
91 EVP_PKEY *pkey;
92 /* Digest and public key context for alternative parameters */
93 EVP_MD_CTX *mctx;
94 EVP_PKEY_CTX *pctx;
95};
96
97struct CMS_SignerIdentifier_st {
98 int type;
99 union {
100 CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
101 ASN1_OCTET_STRING *subjectKeyIdentifier;
102 } d;
103};
104
105struct CMS_EnvelopedData_st {
106 int32_t version;
107 CMS_OriginatorInfo *originatorInfo;
108 STACK_OF(CMS_RecipientInfo) *recipientInfos;
109 CMS_EncryptedContentInfo *encryptedContentInfo;
110 STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs;
111};
112
113struct CMS_OriginatorInfo_st {
114 STACK_OF(CMS_CertificateChoices) *certificates;
115 STACK_OF(CMS_RevocationInfoChoice) *crls;
116};
117
118struct CMS_EncryptedContentInfo_st {
119 ASN1_OBJECT *contentType;
120 X509_ALGOR *contentEncryptionAlgorithm;
121 ASN1_OCTET_STRING *encryptedContent;
122 /* Content encryption algorithm and key */
123 const EVP_CIPHER *cipher;
124 unsigned char *key;
125 size_t keylen;
126 /* Set to 1 if we are debugging decrypt and don't fake keys for MMA */
127 int debug;
128};
129
130struct CMS_RecipientInfo_st {
131 int type;
132 union {
133 CMS_KeyTransRecipientInfo *ktri;
134 CMS_KeyAgreeRecipientInfo *kari;
135 CMS_KEKRecipientInfo *kekri;
136 CMS_PasswordRecipientInfo *pwri;
137 CMS_OtherRecipientInfo *ori;
138 } d;
139};
140
141typedef CMS_SignerIdentifier CMS_RecipientIdentifier;
142
143struct CMS_KeyTransRecipientInfo_st {
144 int32_t version;
145 CMS_RecipientIdentifier *rid;
146 X509_ALGOR *keyEncryptionAlgorithm;
147 ASN1_OCTET_STRING *encryptedKey;
148 /* Recipient Key and cert */
149 X509 *recip;
150 EVP_PKEY *pkey;
151 /* Public key context for this operation */
152 EVP_PKEY_CTX *pctx;
153};
154
155struct CMS_KeyAgreeRecipientInfo_st {
156 int32_t version;
157 CMS_OriginatorIdentifierOrKey *originator;
158 ASN1_OCTET_STRING *ukm;
159 X509_ALGOR *keyEncryptionAlgorithm;
160 STACK_OF(CMS_RecipientEncryptedKey) *recipientEncryptedKeys;
161 /* Public key context associated with current operation */
162 EVP_PKEY_CTX *pctx;
163 /* Cipher context for CEK wrapping */
164 EVP_CIPHER_CTX *ctx;
165};
166
167struct CMS_OriginatorIdentifierOrKey_st {
168 int type;
169 union {
170 CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
171 ASN1_OCTET_STRING *subjectKeyIdentifier;
172 CMS_OriginatorPublicKey *originatorKey;
173 } d;
174};
175
176struct CMS_OriginatorPublicKey_st {
177 X509_ALGOR *algorithm;
178 ASN1_BIT_STRING *publicKey;
179};
180
181struct CMS_RecipientEncryptedKey_st {
182 CMS_KeyAgreeRecipientIdentifier *rid;
183 ASN1_OCTET_STRING *encryptedKey;
184 /* Public key associated with this recipient */
185 EVP_PKEY *pkey;
186};
187
188struct CMS_KeyAgreeRecipientIdentifier_st {
189 int type;
190 union {
191 CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
192 CMS_RecipientKeyIdentifier *rKeyId;
193 } d;
194};
195
196struct CMS_RecipientKeyIdentifier_st {
197 ASN1_OCTET_STRING *subjectKeyIdentifier;
198 ASN1_GENERALIZEDTIME *date;
199 CMS_OtherKeyAttribute *other;
200};
201
202struct CMS_KEKRecipientInfo_st {
203 int32_t version;
204 CMS_KEKIdentifier *kekid;
205 X509_ALGOR *keyEncryptionAlgorithm;
206 ASN1_OCTET_STRING *encryptedKey;
207 /* Extra info: symmetric key to use */
208 unsigned char *key;
209 size_t keylen;
210};
211
212struct CMS_KEKIdentifier_st {
213 ASN1_OCTET_STRING *keyIdentifier;
214 ASN1_GENERALIZEDTIME *date;
215 CMS_OtherKeyAttribute *other;
216};
217
218struct CMS_PasswordRecipientInfo_st {
219 int32_t version;
220 X509_ALGOR *keyDerivationAlgorithm;
221 X509_ALGOR *keyEncryptionAlgorithm;
222 ASN1_OCTET_STRING *encryptedKey;
223 /* Extra info: password to use */
224 unsigned char *pass;
225 size_t passlen;
226};
227
228struct CMS_OtherRecipientInfo_st {
229 ASN1_OBJECT *oriType;
230 ASN1_TYPE *oriValue;
231};
232
233struct CMS_DigestedData_st {
234 int32_t version;
235 X509_ALGOR *digestAlgorithm;
236 CMS_EncapsulatedContentInfo *encapContentInfo;
237 ASN1_OCTET_STRING *digest;
238};
239
240struct CMS_EncryptedData_st {
241 int32_t version;
242 CMS_EncryptedContentInfo *encryptedContentInfo;
243 STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs;
244};
245
246struct CMS_AuthenticatedData_st {
247 int32_t version;
248 CMS_OriginatorInfo *originatorInfo;
249 STACK_OF(CMS_RecipientInfo) *recipientInfos;
250 X509_ALGOR *macAlgorithm;
251 X509_ALGOR *digestAlgorithm;
252 CMS_EncapsulatedContentInfo *encapContentInfo;
253 STACK_OF(X509_ATTRIBUTE) *authAttrs;
254 ASN1_OCTET_STRING *mac;
255 STACK_OF(X509_ATTRIBUTE) *unauthAttrs;
256};
257
258struct CMS_CompressedData_st {
259 int32_t version;
260 X509_ALGOR *compressionAlgorithm;
261 STACK_OF(CMS_RecipientInfo) *recipientInfos;
262 CMS_EncapsulatedContentInfo *encapContentInfo;
263};
264
265struct CMS_RevocationInfoChoice_st {
266 int type;
267 union {
268 X509_CRL *crl;
269 CMS_OtherRevocationInfoFormat *other;
270 } d;
271};
272
273# define CMS_REVCHOICE_CRL 0
274# define CMS_REVCHOICE_OTHER 1
275
276struct CMS_OtherRevocationInfoFormat_st {
277 ASN1_OBJECT *otherRevInfoFormat;
278 ASN1_TYPE *otherRevInfo;
279};
280
281struct CMS_CertificateChoices {
282 int type;
283 union {
284 X509 *certificate;
285 ASN1_STRING *extendedCertificate; /* Obsolete */
286 ASN1_STRING *v1AttrCert; /* Left encoded for now */
287 ASN1_STRING *v2AttrCert; /* Left encoded for now */
288 CMS_OtherCertificateFormat *other;
289 } d;
290};
291
292# define CMS_CERTCHOICE_CERT 0
293# define CMS_CERTCHOICE_EXCERT 1
294# define CMS_CERTCHOICE_V1ACERT 2
295# define CMS_CERTCHOICE_V2ACERT 3
296# define CMS_CERTCHOICE_OTHER 4
297
298struct CMS_OtherCertificateFormat_st {
299 ASN1_OBJECT *otherCertFormat;
300 ASN1_TYPE *otherCert;
301};
302
303/*
304 * This is also defined in pkcs7.h but we duplicate it to allow the CMS code
305 * to be independent of PKCS#7
306 */
307
308struct CMS_IssuerAndSerialNumber_st {
309 X509_NAME *issuer;
310 ASN1_INTEGER *serialNumber;
311};
312
313struct CMS_OtherKeyAttribute_st {
314 ASN1_OBJECT *keyAttrId;
315 ASN1_TYPE *keyAttr;
316};
317
318/* ESS structures */
319
320# ifdef HEADER_X509V3_H
321
322struct CMS_ReceiptRequest_st {
323 ASN1_OCTET_STRING *signedContentIdentifier;
324 CMS_ReceiptsFrom *receiptsFrom;
325 STACK_OF(GENERAL_NAMES) *receiptsTo;
326};
327
328struct CMS_ReceiptsFrom_st {
329 int type;
330 union {
331 int32_t allOrFirstTier;
332 STACK_OF(GENERAL_NAMES) *receiptList;
333 } d;
334};
335# endif
336
337struct CMS_Receipt_st {
338 int32_t version;
339 ASN1_OBJECT *contentType;
340 ASN1_OCTET_STRING *signedContentIdentifier;
341 ASN1_OCTET_STRING *originatorSignatureValue;
342};
343
344DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
345DECLARE_ASN1_ITEM(CMS_SignerInfo)
346DECLARE_ASN1_ITEM(CMS_IssuerAndSerialNumber)
347DECLARE_ASN1_ITEM(CMS_Attributes_Sign)
348DECLARE_ASN1_ITEM(CMS_Attributes_Verify)
349DECLARE_ASN1_ITEM(CMS_RecipientInfo)
350DECLARE_ASN1_ITEM(CMS_PasswordRecipientInfo)
351DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_IssuerAndSerialNumber)
352
353# define CMS_SIGNERINFO_ISSUER_SERIAL 0
354# define CMS_SIGNERINFO_KEYIDENTIFIER 1
355
356# define CMS_RECIPINFO_ISSUER_SERIAL 0
357# define CMS_RECIPINFO_KEYIDENTIFIER 1
358
359# define CMS_REK_ISSUER_SERIAL 0
360# define CMS_REK_KEYIDENTIFIER 1
361
362# define CMS_OIK_ISSUER_SERIAL 0
363# define CMS_OIK_KEYIDENTIFIER 1
364# define CMS_OIK_PUBKEY 2
365
366BIO *cms_content_bio(CMS_ContentInfo *cms);
367
368CMS_ContentInfo *cms_Data_create(void);
369
370CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md);
371BIO *cms_DigestedData_init_bio(CMS_ContentInfo *cms);
372int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify);
373
374BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms);
375int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain);
376int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert,
377 int type);
378int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid,
379 ASN1_OCTET_STRING **keyid,
380 X509_NAME **issuer,
381 ASN1_INTEGER **sno);
382int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert);
383
384CMS_ContentInfo *cms_CompressedData_create(int comp_nid);
385BIO *cms_CompressedData_init_bio(CMS_ContentInfo *cms);
386
387BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm);
388int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
389 X509_ALGOR *mdalg);
390
391int cms_ias_cert_cmp(CMS_IssuerAndSerialNumber *ias, X509 *cert);
392int cms_keyid_cert_cmp(ASN1_OCTET_STRING *keyid, X509 *cert);
393int cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert);
394int cms_set1_keyid(ASN1_OCTET_STRING **pkeyid, X509 *cert);
395
396BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec);
397BIO *cms_EncryptedData_init_bio(CMS_ContentInfo *cms);
398int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec,
399 const EVP_CIPHER *cipher,
400 const unsigned char *key, size_t keylen);
401
402int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms);
403int cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src);
404ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si);
405
406BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms);
407CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms);
408int cms_env_asn1_ctrl(CMS_RecipientInfo *ri, int cmd);
409int cms_pkey_get_ri_type(EVP_PKEY *pk);
410/* KARI routines */
411int cms_RecipientInfo_kari_init(CMS_RecipientInfo *ri, X509 *recip,
412 EVP_PKEY *pk, unsigned int flags);
413int cms_RecipientInfo_kari_encrypt(CMS_ContentInfo *cms,
414 CMS_RecipientInfo *ri);
415
416/* PWRI routines */
417int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
418 int en_de);
419
420DECLARE_ASN1_ITEM(CMS_CertificateChoices)
421DECLARE_ASN1_ITEM(CMS_DigestedData)
422DECLARE_ASN1_ITEM(CMS_EncryptedData)
423DECLARE_ASN1_ITEM(CMS_EnvelopedData)
424DECLARE_ASN1_ITEM(CMS_KEKRecipientInfo)
425DECLARE_ASN1_ITEM(CMS_KeyAgreeRecipientInfo)
426DECLARE_ASN1_ITEM(CMS_KeyTransRecipientInfo)
427DECLARE_ASN1_ITEM(CMS_OriginatorPublicKey)
428DECLARE_ASN1_ITEM(CMS_OtherKeyAttribute)
429DECLARE_ASN1_ITEM(CMS_Receipt)
430DECLARE_ASN1_ITEM(CMS_ReceiptRequest)
431DECLARE_ASN1_ITEM(CMS_RecipientEncryptedKey)
432DECLARE_ASN1_ITEM(CMS_RecipientKeyIdentifier)
433DECLARE_ASN1_ITEM(CMS_RevocationInfoChoice)
434DECLARE_ASN1_ITEM(CMS_SignedData)
435DECLARE_ASN1_ITEM(CMS_CompressedData)
436
437#endif