VirtualBox

source: vbox/trunk/src/libs/openssl-3.3.2/crypto/cms/cms_local.h@ 108358

最後變更 在這個檔案從108358是 108206,由 vboxsync 提交於 6 週 前

openssl-3.3.2: Exported all files to OSE and removed .scm-settings ​bugref:10757
  • 屬性 svn:eol-style 設為 native
  • 屬性 svn:keywords 設為 Author Date Id Revision
檔案大小: 16.6 KB
 
1/*
2 * Copyright 2008-2024 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10#ifndef OSSL_CRYPTO_CMS_LOCAL_H
11# define OSSL_CRYPTO_CMS_LOCAL_H
12
13# include <openssl/x509.h>
14
15/*
16 * Cryptographic message syntax (CMS) structures: taken from RFC3852
17 */
18
19/* Forward references */
20
21typedef struct CMS_IssuerAndSerialNumber_st CMS_IssuerAndSerialNumber;
22typedef struct CMS_EncapsulatedContentInfo_st CMS_EncapsulatedContentInfo;
23typedef struct CMS_SignerIdentifier_st CMS_SignerIdentifier;
24typedef struct CMS_OtherRevocationInfoFormat_st CMS_OtherRevocationInfoFormat;
25typedef struct CMS_OriginatorInfo_st CMS_OriginatorInfo;
26typedef struct CMS_EncryptedContentInfo_st CMS_EncryptedContentInfo;
27typedef struct CMS_DigestedData_st CMS_DigestedData;
28typedef struct CMS_EncryptedData_st CMS_EncryptedData;
29typedef struct CMS_AuthenticatedData_st CMS_AuthenticatedData;
30typedef struct CMS_AuthEnvelopedData_st CMS_AuthEnvelopedData;
31typedef struct CMS_CompressedData_st CMS_CompressedData;
32typedef struct CMS_OtherCertificateFormat_st CMS_OtherCertificateFormat;
33typedef struct CMS_KeyTransRecipientInfo_st CMS_KeyTransRecipientInfo;
34typedef struct CMS_OriginatorPublicKey_st CMS_OriginatorPublicKey;
35typedef struct CMS_OriginatorIdentifierOrKey_st CMS_OriginatorIdentifierOrKey;
36typedef struct CMS_KeyAgreeRecipientInfo_st CMS_KeyAgreeRecipientInfo;
37typedef struct CMS_RecipientKeyIdentifier_st CMS_RecipientKeyIdentifier;
38typedef struct CMS_KeyAgreeRecipientIdentifier_st
39 CMS_KeyAgreeRecipientIdentifier;
40typedef struct CMS_KEKIdentifier_st CMS_KEKIdentifier;
41typedef struct CMS_KEKRecipientInfo_st CMS_KEKRecipientInfo;
42typedef struct CMS_PasswordRecipientInfo_st CMS_PasswordRecipientInfo;
43typedef struct CMS_OtherRecipientInfo_st CMS_OtherRecipientInfo;
44typedef struct CMS_ReceiptsFrom_st CMS_ReceiptsFrom;
45typedef struct CMS_CTX_st CMS_CTX;
46
47struct CMS_CTX_st {
48 OSSL_LIB_CTX *libctx;
49 char *propq;
50};
51
52struct CMS_ContentInfo_st {
53 ASN1_OBJECT *contentType;
54 union {
55 ASN1_OCTET_STRING *data;
56 CMS_SignedData *signedData;
57 CMS_EnvelopedData *envelopedData;
58 CMS_DigestedData *digestedData;
59 CMS_EncryptedData *encryptedData;
60 CMS_AuthEnvelopedData *authEnvelopedData;
61 CMS_AuthenticatedData *authenticatedData;
62 CMS_CompressedData *compressedData;
63 ASN1_TYPE *other;
64 /* Other types ... */
65 void *otherData;
66 } d;
67 CMS_CTX ctx;
68};
69
70DEFINE_STACK_OF(CMS_CertificateChoices)
71
72struct CMS_SignedData_st {
73 int32_t version;
74 STACK_OF(X509_ALGOR) *digestAlgorithms;
75 CMS_EncapsulatedContentInfo *encapContentInfo;
76 STACK_OF(CMS_CertificateChoices) *certificates;
77 STACK_OF(CMS_RevocationInfoChoice) *crls;
78 STACK_OF(CMS_SignerInfo) *signerInfos;
79};
80
81struct CMS_EncapsulatedContentInfo_st {
82 ASN1_OBJECT *eContentType;
83 ASN1_OCTET_STRING *eContent;
84 /* Set to 1 if incomplete structure only part set up */
85 int partial;
86};
87
88struct CMS_SignerInfo_st {
89 int32_t version;
90 CMS_SignerIdentifier *sid;
91 X509_ALGOR *digestAlgorithm;
92 STACK_OF(X509_ATTRIBUTE) *signedAttrs;
93 X509_ALGOR *signatureAlgorithm;
94 ASN1_OCTET_STRING *signature;
95 STACK_OF(X509_ATTRIBUTE) *unsignedAttrs;
96 /* Signing certificate and key */
97 X509 *signer;
98 EVP_PKEY *pkey;
99 /* Digest and public key context for alternative parameters */
100 EVP_MD_CTX *mctx;
101 EVP_PKEY_CTX *pctx;
102 const CMS_CTX *cms_ctx;
103};
104
105struct CMS_SignerIdentifier_st {
106 int type;
107 union {
108 CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
109 ASN1_OCTET_STRING *subjectKeyIdentifier;
110 } d;
111};
112
113struct CMS_EnvelopedData_st {
114 int32_t version;
115 CMS_OriginatorInfo *originatorInfo;
116 STACK_OF(CMS_RecipientInfo) *recipientInfos;
117 CMS_EncryptedContentInfo *encryptedContentInfo;
118 STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs;
119};
120
121struct CMS_OriginatorInfo_st {
122 STACK_OF(CMS_CertificateChoices) *certificates;
123 STACK_OF(CMS_RevocationInfoChoice) *crls;
124};
125
126struct CMS_EncryptedContentInfo_st {
127 ASN1_OBJECT *contentType;
128 X509_ALGOR *contentEncryptionAlgorithm;
129 ASN1_OCTET_STRING *encryptedContent;
130 /* Content encryption algorithm, key and tag */
131 const EVP_CIPHER *cipher;
132 unsigned char *key;
133 size_t keylen;
134 unsigned char *tag;
135 size_t taglen;
136 /* Set to 1 if we are debugging decrypt and don't fake keys for MMA */
137 int debug;
138 /* Set to 1 if we have no cert and need extra safety measures for MMA */
139 int havenocert;
140};
141
142struct CMS_RecipientInfo_st {
143 int type;
144 union {
145 CMS_KeyTransRecipientInfo *ktri;
146 CMS_KeyAgreeRecipientInfo *kari;
147 CMS_KEKRecipientInfo *kekri;
148 CMS_PasswordRecipientInfo *pwri;
149 CMS_OtherRecipientInfo *ori;
150 } d;
151};
152
153typedef CMS_SignerIdentifier CMS_RecipientIdentifier;
154
155struct CMS_KeyTransRecipientInfo_st {
156 int32_t version;
157 CMS_RecipientIdentifier *rid;
158 X509_ALGOR *keyEncryptionAlgorithm;
159 ASN1_OCTET_STRING *encryptedKey;
160 /* Recipient Key and cert */
161 X509 *recip;
162 EVP_PKEY *pkey;
163 /* Public key context for this operation */
164 EVP_PKEY_CTX *pctx;
165 const CMS_CTX *cms_ctx;
166};
167
168struct CMS_KeyAgreeRecipientInfo_st {
169 int32_t version;
170 CMS_OriginatorIdentifierOrKey *originator;
171 ASN1_OCTET_STRING *ukm;
172 X509_ALGOR *keyEncryptionAlgorithm;
173 STACK_OF(CMS_RecipientEncryptedKey) *recipientEncryptedKeys;
174 /* Public key context associated with current operation */
175 EVP_PKEY_CTX *pctx;
176 /* Cipher context for CEK wrapping */
177 EVP_CIPHER_CTX *ctx;
178 const CMS_CTX *cms_ctx;
179};
180
181struct CMS_OriginatorIdentifierOrKey_st {
182 int type;
183 union {
184 CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
185 ASN1_OCTET_STRING *subjectKeyIdentifier;
186 CMS_OriginatorPublicKey *originatorKey;
187 } d;
188};
189
190struct CMS_OriginatorPublicKey_st {
191 X509_ALGOR *algorithm;
192 ASN1_BIT_STRING *publicKey;
193};
194
195struct CMS_RecipientEncryptedKey_st {
196 CMS_KeyAgreeRecipientIdentifier *rid;
197 ASN1_OCTET_STRING *encryptedKey;
198 /* Public key associated with this recipient */
199 EVP_PKEY *pkey;
200};
201
202struct CMS_KeyAgreeRecipientIdentifier_st {
203 int type;
204 union {
205 CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
206 CMS_RecipientKeyIdentifier *rKeyId;
207 } d;
208};
209
210struct CMS_RecipientKeyIdentifier_st {
211 ASN1_OCTET_STRING *subjectKeyIdentifier;
212 ASN1_GENERALIZEDTIME *date;
213 CMS_OtherKeyAttribute *other;
214};
215
216struct CMS_KEKRecipientInfo_st {
217 int32_t version;
218 CMS_KEKIdentifier *kekid;
219 X509_ALGOR *keyEncryptionAlgorithm;
220 ASN1_OCTET_STRING *encryptedKey;
221 /* Extra info: symmetric key to use */
222 unsigned char *key;
223 size_t keylen;
224 const CMS_CTX *cms_ctx;
225};
226
227struct CMS_KEKIdentifier_st {
228 ASN1_OCTET_STRING *keyIdentifier;
229 ASN1_GENERALIZEDTIME *date;
230 CMS_OtherKeyAttribute *other;
231};
232
233struct CMS_PasswordRecipientInfo_st {
234 int32_t version;
235 X509_ALGOR *keyDerivationAlgorithm;
236 X509_ALGOR *keyEncryptionAlgorithm;
237 ASN1_OCTET_STRING *encryptedKey;
238 /* Extra info: password to use */
239 unsigned char *pass;
240 size_t passlen;
241 const CMS_CTX *cms_ctx;
242};
243
244struct CMS_OtherRecipientInfo_st {
245 ASN1_OBJECT *oriType;
246 ASN1_TYPE *oriValue;
247};
248
249struct CMS_DigestedData_st {
250 int32_t version;
251 X509_ALGOR *digestAlgorithm;
252 CMS_EncapsulatedContentInfo *encapContentInfo;
253 ASN1_OCTET_STRING *digest;
254};
255
256struct CMS_EncryptedData_st {
257 int32_t version;
258 CMS_EncryptedContentInfo *encryptedContentInfo;
259 STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs;
260};
261
262struct CMS_AuthenticatedData_st {
263 int32_t version;
264 CMS_OriginatorInfo *originatorInfo;
265 STACK_OF(CMS_RecipientInfo) *recipientInfos;
266 X509_ALGOR *macAlgorithm;
267 X509_ALGOR *digestAlgorithm;
268 CMS_EncapsulatedContentInfo *encapContentInfo;
269 STACK_OF(X509_ATTRIBUTE) *authAttrs;
270 ASN1_OCTET_STRING *mac;
271 STACK_OF(X509_ATTRIBUTE) *unauthAttrs;
272};
273
274struct CMS_AuthEnvelopedData_st {
275 int32_t version;
276 CMS_OriginatorInfo *originatorInfo;
277 STACK_OF(CMS_RecipientInfo) *recipientInfos;
278 CMS_EncryptedContentInfo *authEncryptedContentInfo;
279 STACK_OF(X509_ATTRIBUTE) *authAttrs;
280 ASN1_OCTET_STRING *mac;
281 STACK_OF(X509_ATTRIBUTE) *unauthAttrs;
282};
283
284struct CMS_CompressedData_st {
285 int32_t version;
286 X509_ALGOR *compressionAlgorithm;
287 STACK_OF(CMS_RecipientInfo) *recipientInfos;
288 CMS_EncapsulatedContentInfo *encapContentInfo;
289};
290
291struct CMS_RevocationInfoChoice_st {
292 int type;
293 union {
294 X509_CRL *crl;
295 CMS_OtherRevocationInfoFormat *other;
296 } d;
297};
298
299# define CMS_REVCHOICE_CRL 0
300# define CMS_REVCHOICE_OTHER 1
301
302struct CMS_OtherRevocationInfoFormat_st {
303 ASN1_OBJECT *otherRevInfoFormat;
304 ASN1_TYPE *otherRevInfo;
305};
306
307struct CMS_CertificateChoices {
308 int type;
309 union {
310 X509 *certificate;
311 ASN1_STRING *extendedCertificate; /* Obsolete */
312 ASN1_STRING *v1AttrCert; /* Left encoded for now */
313 ASN1_STRING *v2AttrCert; /* Left encoded for now */
314 CMS_OtherCertificateFormat *other;
315 } d;
316};
317
318# define CMS_CERTCHOICE_CERT 0
319# define CMS_CERTCHOICE_EXCERT 1
320# define CMS_CERTCHOICE_V1ACERT 2
321# define CMS_CERTCHOICE_V2ACERT 3
322# define CMS_CERTCHOICE_OTHER 4
323
324struct CMS_OtherCertificateFormat_st {
325 ASN1_OBJECT *otherCertFormat;
326 ASN1_TYPE *otherCert;
327};
328
329/*
330 * This is also defined in pkcs7.h but we duplicate it to allow the CMS code
331 * to be independent of PKCS#7
332 */
333
334struct CMS_IssuerAndSerialNumber_st {
335 X509_NAME *issuer;
336 ASN1_INTEGER *serialNumber;
337};
338
339struct CMS_OtherKeyAttribute_st {
340 ASN1_OBJECT *keyAttrId;
341 ASN1_TYPE *keyAttr;
342};
343
344/* ESS structures */
345
346struct CMS_ReceiptRequest_st {
347 ASN1_OCTET_STRING *signedContentIdentifier;
348 CMS_ReceiptsFrom *receiptsFrom;
349 STACK_OF(GENERAL_NAMES) *receiptsTo;
350};
351
352struct CMS_ReceiptsFrom_st {
353 int type;
354 union {
355 int32_t allOrFirstTier;
356 STACK_OF(GENERAL_NAMES) *receiptList;
357 } d;
358};
359
360struct CMS_Receipt_st {
361 int32_t version;
362 ASN1_OBJECT *contentType;
363 ASN1_OCTET_STRING *signedContentIdentifier;
364 ASN1_OCTET_STRING *originatorSignatureValue;
365};
366
367DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
368DECLARE_ASN1_ITEM(CMS_SignerInfo)
369DECLARE_ASN1_ITEM(CMS_EncryptedContentInfo)
370DECLARE_ASN1_ITEM(CMS_IssuerAndSerialNumber)
371DECLARE_ASN1_ITEM(CMS_Attributes_Sign)
372DECLARE_ASN1_ITEM(CMS_Attributes_Verify)
373DECLARE_ASN1_ITEM(CMS_RecipientInfo)
374DECLARE_ASN1_ITEM(CMS_PasswordRecipientInfo)
375DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_IssuerAndSerialNumber)
376
377# define CMS_SIGNERINFO_ISSUER_SERIAL 0
378# define CMS_SIGNERINFO_KEYIDENTIFIER 1
379
380# define CMS_RECIPINFO_ISSUER_SERIAL 0
381# define CMS_RECIPINFO_KEYIDENTIFIER 1
382
383# define CMS_REK_ISSUER_SERIAL 0
384# define CMS_REK_KEYIDENTIFIER 1
385
386# define CMS_OIK_ISSUER_SERIAL 0
387# define CMS_OIK_KEYIDENTIFIER 1
388# define CMS_OIK_PUBKEY 2
389
390BIO *ossl_cms_content_bio(CMS_ContentInfo *cms);
391const CMS_CTX *ossl_cms_get0_cmsctx(const CMS_ContentInfo *cms);
392OSSL_LIB_CTX *ossl_cms_ctx_get0_libctx(const CMS_CTX *ctx);
393const char *ossl_cms_ctx_get0_propq(const CMS_CTX *ctx);
394void ossl_cms_resolve_libctx(CMS_ContentInfo *ci);
395
396CMS_ContentInfo *ossl_cms_Data_create(OSSL_LIB_CTX *ctx, const char *propq);
397int ossl_cms_DataFinal(CMS_ContentInfo *cms, BIO *cmsbio,
398 const unsigned char *precomp_md,
399 unsigned int precomp_mdlen);
400
401CMS_ContentInfo *ossl_cms_DigestedData_create(const EVP_MD *md,
402 OSSL_LIB_CTX *libctx,
403 const char *propq);
404BIO *ossl_cms_DigestedData_init_bio(const CMS_ContentInfo *cms);
405int ossl_cms_DigestedData_do_final(const CMS_ContentInfo *cms,
406 BIO *chain, int verify);
407
408BIO *ossl_cms_SignedData_init_bio(CMS_ContentInfo *cms);
409int ossl_cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain,
410 const unsigned char *precomp_md,
411 unsigned int precomp_mdlen);
412int ossl_cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert,
413 int type, const CMS_CTX *ctx);
414int ossl_cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid,
415 ASN1_OCTET_STRING **keyid,
416 X509_NAME **issuer,
417 ASN1_INTEGER **sno);
418int ossl_cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert);
419
420CMS_ContentInfo *ossl_cms_CompressedData_create(int comp_nid,
421 OSSL_LIB_CTX *libctx,
422 const char *propq);
423BIO *ossl_cms_CompressedData_init_bio(const CMS_ContentInfo *cms);
424
425BIO *ossl_cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm,
426 const CMS_CTX *ctx);
427int ossl_cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
428 X509_ALGOR *mdalg);
429
430int ossl_cms_ias_cert_cmp(CMS_IssuerAndSerialNumber *ias, X509 *cert);
431int ossl_cms_keyid_cert_cmp(ASN1_OCTET_STRING *keyid, X509 *cert);
432int ossl_cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert);
433int ossl_cms_set1_keyid(ASN1_OCTET_STRING **pkeyid, X509 *cert);
434
435BIO *ossl_cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec,
436 const CMS_CTX *ctx);
437BIO *ossl_cms_EncryptedData_init_bio(const CMS_ContentInfo *cms);
438int ossl_cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec,
439 const EVP_CIPHER *cipher,
440 const unsigned char *key, size_t keylen,
441 const CMS_CTX *ctx);
442
443int ossl_cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms);
444int ossl_cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src);
445ASN1_OCTET_STRING *ossl_cms_encode_Receipt(CMS_SignerInfo *si);
446
447BIO *ossl_cms_EnvelopedData_init_bio(CMS_ContentInfo *cms);
448int ossl_cms_EnvelopedData_final(CMS_ContentInfo *cms, BIO *chain);
449BIO *ossl_cms_AuthEnvelopedData_init_bio(CMS_ContentInfo *cms);
450int ossl_cms_AuthEnvelopedData_final(CMS_ContentInfo *cms, BIO *cmsbio);
451CMS_EnvelopedData *ossl_cms_get0_enveloped(CMS_ContentInfo *cms);
452CMS_AuthEnvelopedData *ossl_cms_get0_auth_enveloped(CMS_ContentInfo *cms);
453CMS_EncryptedContentInfo *ossl_cms_get0_env_enc_content(const CMS_ContentInfo *cms);
454
455/* RecipientInfo routines */
456int ossl_cms_env_asn1_ctrl(CMS_RecipientInfo *ri, int cmd);
457int ossl_cms_pkey_get_ri_type(EVP_PKEY *pk);
458int ossl_cms_pkey_is_ri_type_supported(EVP_PKEY *pk, int ri_type);
459
460void ossl_cms_RecipientInfos_set_cmsctx(CMS_ContentInfo *cms);
461
462/* KARI routines */
463int ossl_cms_RecipientInfo_kari_init(CMS_RecipientInfo *ri, X509 *recip,
464 EVP_PKEY *recipPubKey, X509 *originator,
465 EVP_PKEY *originatorPrivKey,
466 unsigned int flags,
467 const CMS_CTX *ctx);
468int ossl_cms_RecipientInfo_kari_encrypt(const CMS_ContentInfo *cms,
469 CMS_RecipientInfo *ri);
470
471/* PWRI routines */
472int ossl_cms_RecipientInfo_pwri_crypt(const CMS_ContentInfo *cms,
473 CMS_RecipientInfo *ri, int en_de);
474/* SignerInfo routines */
475int ossl_cms_si_check_attributes(const CMS_SignerInfo *si);
476void ossl_cms_SignerInfos_set_cmsctx(CMS_ContentInfo *cms);
477
478
479/* ESS routines */
480int ossl_cms_check_signing_certs(const CMS_SignerInfo *si,
481 const STACK_OF(X509) *chain);
482
483int ossl_cms_dh_envelope(CMS_RecipientInfo *ri, int decrypt);
484int ossl_cms_ecdh_envelope(CMS_RecipientInfo *ri, int decrypt);
485int ossl_cms_rsa_envelope(CMS_RecipientInfo *ri, int decrypt);
486int ossl_cms_rsa_sign(CMS_SignerInfo *si, int verify);
487
488DECLARE_ASN1_ITEM(CMS_CertificateChoices)
489DECLARE_ASN1_ITEM(CMS_DigestedData)
490DECLARE_ASN1_ITEM(CMS_EncryptedData)
491DECLARE_ASN1_ITEM(CMS_EnvelopedData)
492DECLARE_ASN1_ITEM(CMS_AuthEnvelopedData)
493DECLARE_ASN1_ITEM(CMS_KEKRecipientInfo)
494DECLARE_ASN1_ITEM(CMS_KeyAgreeRecipientInfo)
495DECLARE_ASN1_ITEM(CMS_KeyTransRecipientInfo)
496DECLARE_ASN1_ITEM(CMS_OriginatorPublicKey)
497DECLARE_ASN1_ITEM(CMS_OtherKeyAttribute)
498DECLARE_ASN1_ITEM(CMS_Receipt)
499DECLARE_ASN1_ITEM(CMS_ReceiptRequest)
500DECLARE_ASN1_ITEM(CMS_RecipientEncryptedKey)
501DECLARE_ASN1_ITEM(CMS_RecipientKeyIdentifier)
502DECLARE_ASN1_ITEM(CMS_RevocationInfoChoice)
503DECLARE_ASN1_ITEM(CMS_SignedData)
504DECLARE_ASN1_ITEM(CMS_CompressedData)
505
506#endif
注意: 瀏覽 TracBrowser 來幫助您使用儲存庫瀏覽器

© 2025 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette