/src/openssl/include/openssl/pkcs7.h
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | | * this file except in compliance with the License. You can obtain a copy |
6 | | * in the file LICENSE in the source distribution or at |
7 | | * https://www.openssl.org/source/license.html |
8 | | */ |
9 | | |
10 | | #ifndef OPENSSL_PKCS7_H |
11 | | # define OPENSSL_PKCS7_H |
12 | | # pragma once |
13 | | |
14 | | # include <openssl/macros.h> |
15 | | # ifndef OPENSSL_NO_DEPRECATED_3_0 |
16 | | # define HEADER_PKCS7_H |
17 | | # endif |
18 | | |
19 | | # include <openssl/asn1.h> |
20 | | # include <openssl/bio.h> |
21 | | # include <openssl/e_os2.h> |
22 | | |
23 | | # include <openssl/symhacks.h> |
24 | | # include <openssl/types.h> |
25 | | # include <openssl/pkcs7err.h> |
26 | | |
27 | | #ifdef __cplusplus |
28 | | extern "C" { |
29 | | #endif |
30 | | |
31 | | /*- |
32 | | Encryption_ID DES-CBC |
33 | | Digest_ID MD5 |
34 | | Digest_Encryption_ID rsaEncryption |
35 | | Key_Encryption_ID rsaEncryption |
36 | | */ |
37 | | |
38 | | typedef struct pkcs7_issuer_and_serial_st { |
39 | | X509_NAME *issuer; |
40 | | ASN1_INTEGER *serial; |
41 | | } PKCS7_ISSUER_AND_SERIAL; |
42 | | |
43 | | typedef struct pkcs7_signer_info_st { |
44 | | ASN1_INTEGER *version; /* version 1 */ |
45 | | PKCS7_ISSUER_AND_SERIAL *issuer_and_serial; |
46 | | X509_ALGOR *digest_alg; |
47 | | STACK_OF(X509_ATTRIBUTE) *auth_attr; /* [ 0 ] */ |
48 | | X509_ALGOR *digest_enc_alg; |
49 | | ASN1_OCTET_STRING *enc_digest; |
50 | | STACK_OF(X509_ATTRIBUTE) *unauth_attr; /* [ 1 ] */ |
51 | | /* The private key to sign with */ |
52 | | EVP_PKEY *pkey; |
53 | | } PKCS7_SIGNER_INFO; |
54 | | |
55 | | DEFINE_STACK_OF(PKCS7_SIGNER_INFO) |
56 | | |
57 | | typedef struct pkcs7_recip_info_st { |
58 | | ASN1_INTEGER *version; /* version 0 */ |
59 | | PKCS7_ISSUER_AND_SERIAL *issuer_and_serial; |
60 | | X509_ALGOR *key_enc_algor; |
61 | | ASN1_OCTET_STRING *enc_key; |
62 | | X509 *cert; /* get the pub-key from this */ |
63 | | } PKCS7_RECIP_INFO; |
64 | | |
65 | | DEFINE_STACK_OF(PKCS7_RECIP_INFO) |
66 | | |
67 | | typedef struct pkcs7_signed_st { |
68 | | ASN1_INTEGER *version; /* version 1 */ |
69 | | STACK_OF(X509_ALGOR) *md_algs; /* md used */ |
70 | | STACK_OF(X509) *cert; /* [ 0 ] */ |
71 | | STACK_OF(X509_CRL) *crl; /* [ 1 ] */ |
72 | | STACK_OF(PKCS7_SIGNER_INFO) *signer_info; |
73 | | struct pkcs7_st *contents; |
74 | | } PKCS7_SIGNED; |
75 | | /* |
76 | | * The above structure is very very similar to PKCS7_SIGN_ENVELOPE. How about |
77 | | * merging the two |
78 | | */ |
79 | | |
80 | | typedef struct pkcs7_enc_content_st { |
81 | | ASN1_OBJECT *content_type; |
82 | | X509_ALGOR *algorithm; |
83 | | ASN1_OCTET_STRING *enc_data; /* [ 0 ] */ |
84 | | const EVP_CIPHER *cipher; |
85 | | } PKCS7_ENC_CONTENT; |
86 | | |
87 | | typedef struct pkcs7_enveloped_st { |
88 | | ASN1_INTEGER *version; /* version 0 */ |
89 | | STACK_OF(PKCS7_RECIP_INFO) *recipientinfo; |
90 | | PKCS7_ENC_CONTENT *enc_data; |
91 | | } PKCS7_ENVELOPE; |
92 | | |
93 | | typedef struct pkcs7_signedandenveloped_st { |
94 | | ASN1_INTEGER *version; /* version 1 */ |
95 | | STACK_OF(X509_ALGOR) *md_algs; /* md used */ |
96 | | STACK_OF(X509) *cert; /* [ 0 ] */ |
97 | | STACK_OF(X509_CRL) *crl; /* [ 1 ] */ |
98 | | STACK_OF(PKCS7_SIGNER_INFO) *signer_info; |
99 | | PKCS7_ENC_CONTENT *enc_data; |
100 | | STACK_OF(PKCS7_RECIP_INFO) *recipientinfo; |
101 | | } PKCS7_SIGN_ENVELOPE; |
102 | | |
103 | | typedef struct pkcs7_digest_st { |
104 | | ASN1_INTEGER *version; /* version 0 */ |
105 | | X509_ALGOR *md; /* md used */ |
106 | | struct pkcs7_st *contents; |
107 | | ASN1_OCTET_STRING *digest; |
108 | | } PKCS7_DIGEST; |
109 | | |
110 | | typedef struct pkcs7_encrypted_st { |
111 | | ASN1_INTEGER *version; /* version 0 */ |
112 | | PKCS7_ENC_CONTENT *enc_data; |
113 | | } PKCS7_ENCRYPT; |
114 | | |
115 | | typedef struct pkcs7_st { |
116 | | /* |
117 | | * The following is non NULL if it contains ASN1 encoding of this |
118 | | * structure |
119 | | */ |
120 | | unsigned char *asn1; |
121 | | long length; |
122 | 0 | # define PKCS7_S_HEADER 0 |
123 | | # define PKCS7_S_BODY 1 |
124 | | # define PKCS7_S_TAIL 2 |
125 | | int state; /* used during processing */ |
126 | | int detached; |
127 | | ASN1_OBJECT *type; |
128 | | /* content as defined by the type */ |
129 | | /* |
130 | | * all encryption/message digests are applied to the 'contents', leaving |
131 | | * out the 'type' field. |
132 | | */ |
133 | | union { |
134 | | char *ptr; |
135 | | /* NID_pkcs7_data */ |
136 | | ASN1_OCTET_STRING *data; |
137 | | /* NID_pkcs7_signed */ |
138 | | PKCS7_SIGNED *sign; |
139 | | /* NID_pkcs7_enveloped */ |
140 | | PKCS7_ENVELOPE *enveloped; |
141 | | /* NID_pkcs7_signedAndEnveloped */ |
142 | | PKCS7_SIGN_ENVELOPE *signed_and_enveloped; |
143 | | /* NID_pkcs7_digest */ |
144 | | PKCS7_DIGEST *digest; |
145 | | /* NID_pkcs7_encrypted */ |
146 | | PKCS7_ENCRYPT *encrypted; |
147 | | /* Anything else */ |
148 | | ASN1_TYPE *other; |
149 | | } d; |
150 | | } PKCS7; |
151 | | |
152 | | DEFINE_STACK_OF(PKCS7) |
153 | | |
154 | 0 | # define PKCS7_OP_SET_DETACHED_SIGNATURE 1 |
155 | 0 | # define PKCS7_OP_GET_DETACHED_SIGNATURE 2 |
156 | | |
157 | | # define PKCS7_get_signed_attributes(si) ((si)->auth_attr) |
158 | | # define PKCS7_get_attributes(si) ((si)->unauth_attr) |
159 | | |
160 | 0 | # define PKCS7_type_is_signed(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_signed) |
161 | 0 | # define PKCS7_type_is_encrypted(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted) |
162 | | # define PKCS7_type_is_enveloped(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_enveloped) |
163 | | # define PKCS7_type_is_signedAndEnveloped(a) \ |
164 | 0 | (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped) |
165 | 0 | # define PKCS7_type_is_data(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_data) |
166 | 0 | # define PKCS7_type_is_digest(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_digest) |
167 | | |
168 | | # define PKCS7_set_detached(p,v) \ |
169 | | PKCS7_ctrl(p,PKCS7_OP_SET_DETACHED_SIGNATURE,v,NULL) |
170 | | # define PKCS7_get_detached(p) \ |
171 | 0 | PKCS7_ctrl(p,PKCS7_OP_GET_DETACHED_SIGNATURE,0,NULL) |
172 | | |
173 | 0 | # define PKCS7_is_detached(p7) (PKCS7_type_is_signed(p7) && PKCS7_get_detached(p7)) |
174 | | |
175 | | /* S/MIME related flags */ |
176 | | |
177 | 0 | # define PKCS7_TEXT 0x1 |
178 | | # define PKCS7_NOCERTS 0x2 |
179 | | # define PKCS7_NOSIGS 0x4 |
180 | | # define PKCS7_NOCHAIN 0x8 |
181 | | # define PKCS7_NOINTERN 0x10 |
182 | | # define PKCS7_NOVERIFY 0x20 |
183 | 0 | # define PKCS7_DETACHED 0x40 |
184 | 0 | # define PKCS7_BINARY 0x80 |
185 | | # define PKCS7_NOATTR 0x100 |
186 | | # define PKCS7_NOSMIMECAP 0x200 |
187 | | # define PKCS7_NOOLDMIMETYPE 0x400 |
188 | | # define PKCS7_CRLFEOL 0x800 |
189 | | # define PKCS7_STREAM 0x1000 |
190 | | # define PKCS7_NOCRL 0x2000 |
191 | | # define PKCS7_PARTIAL 0x4000 |
192 | 0 | # define PKCS7_REUSE_DIGEST 0x8000 |
193 | | # define PKCS7_NO_DUAL_CONTENT 0x10000 |
194 | | |
195 | | /* Flags: for compatibility with older code */ |
196 | | |
197 | 0 | # define SMIME_TEXT PKCS7_TEXT |
198 | | # define SMIME_NOCERTS PKCS7_NOCERTS |
199 | | # define SMIME_NOSIGS PKCS7_NOSIGS |
200 | | # define SMIME_NOCHAIN PKCS7_NOCHAIN |
201 | | # define SMIME_NOINTERN PKCS7_NOINTERN |
202 | | # define SMIME_NOVERIFY PKCS7_NOVERIFY |
203 | 0 | # define SMIME_DETACHED PKCS7_DETACHED |
204 | 0 | # define SMIME_BINARY PKCS7_BINARY |
205 | | # define SMIME_NOATTR PKCS7_NOATTR |
206 | | |
207 | | /* CRLF ASCII canonicalisation */ |
208 | 0 | # define SMIME_ASCIICRLF 0x80000 |
209 | | |
210 | | DECLARE_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL) |
211 | | |
212 | | int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, |
213 | | const EVP_MD *type, unsigned char *md, |
214 | | unsigned int *len); |
215 | | # ifndef OPENSSL_NO_STDIO |
216 | | PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7); |
217 | | int i2d_PKCS7_fp(FILE *fp, const PKCS7 *p7); |
218 | | # endif |
219 | | DECLARE_ASN1_DUP_FUNCTION(PKCS7) |
220 | | PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7); |
221 | | int i2d_PKCS7_bio(BIO *bp, const PKCS7 *p7); |
222 | | int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *in, int flags); |
223 | | int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *in, int flags); |
224 | | |
225 | | DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNER_INFO) |
226 | | DECLARE_ASN1_FUNCTIONS(PKCS7_RECIP_INFO) |
227 | | DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNED) |
228 | | DECLARE_ASN1_FUNCTIONS(PKCS7_ENC_CONTENT) |
229 | | DECLARE_ASN1_FUNCTIONS(PKCS7_ENVELOPE) |
230 | | DECLARE_ASN1_FUNCTIONS(PKCS7_SIGN_ENVELOPE) |
231 | | DECLARE_ASN1_FUNCTIONS(PKCS7_DIGEST) |
232 | | DECLARE_ASN1_FUNCTIONS(PKCS7_ENCRYPT) |
233 | | DECLARE_ASN1_FUNCTIONS(PKCS7) |
234 | | |
235 | | DECLARE_ASN1_ITEM(PKCS7_ATTR_SIGN) |
236 | | DECLARE_ASN1_ITEM(PKCS7_ATTR_VERIFY) |
237 | | |
238 | | DECLARE_ASN1_NDEF_FUNCTION(PKCS7) |
239 | | DECLARE_ASN1_PRINT_FUNCTION(PKCS7) |
240 | | |
241 | | long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg); |
242 | | |
243 | | int PKCS7_set_type(PKCS7 *p7, int type); |
244 | | int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other); |
245 | | int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data); |
246 | | int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, |
247 | | const EVP_MD *dgst); |
248 | | int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si); |
249 | | int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i); |
250 | | int PKCS7_add_certificate(PKCS7 *p7, X509 *x509); |
251 | | int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509); |
252 | | int PKCS7_content_new(PKCS7 *p7, int nid); |
253 | | int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, |
254 | | BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si); |
255 | | int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, |
256 | | X509 *x509); |
257 | | |
258 | | BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio); |
259 | | int PKCS7_dataFinal(PKCS7 *p7, BIO *bio); |
260 | | BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert); |
261 | | |
262 | | PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, |
263 | | EVP_PKEY *pkey, const EVP_MD *dgst); |
264 | | X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si); |
265 | | int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md); |
266 | | STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7); |
267 | | |
268 | | PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509); |
269 | | void PKCS7_SIGNER_INFO_get0_algs(PKCS7_SIGNER_INFO *si, EVP_PKEY **pk, |
270 | | X509_ALGOR **pdig, X509_ALGOR **psig); |
271 | | void PKCS7_RECIP_INFO_get0_alg(PKCS7_RECIP_INFO *ri, X509_ALGOR **penc); |
272 | | int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri); |
273 | | int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509); |
274 | | int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher); |
275 | | int PKCS7_stream(unsigned char ***boundary, PKCS7 *p7); |
276 | | |
277 | | PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx); |
278 | | ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk); |
279 | | int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int type, |
280 | | void *data); |
281 | | int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, |
282 | | void *value); |
283 | | ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid); |
284 | | ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid); |
285 | | int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si, |
286 | | STACK_OF(X509_ATTRIBUTE) *sk); |
287 | | int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, |
288 | | STACK_OF(X509_ATTRIBUTE) *sk); |
289 | | |
290 | | PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, |
291 | | BIO *data, int flags); |
292 | | |
293 | | PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, |
294 | | X509 *signcert, EVP_PKEY *pkey, |
295 | | const EVP_MD *md, int flags); |
296 | | |
297 | | int PKCS7_final(PKCS7 *p7, BIO *data, int flags); |
298 | | int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, |
299 | | BIO *indata, BIO *out, int flags); |
300 | | STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, |
301 | | int flags); |
302 | | PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, |
303 | | int flags); |
304 | | int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, |
305 | | int flags); |
306 | | |
307 | | int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, |
308 | | STACK_OF(X509_ALGOR) *cap); |
309 | | STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si); |
310 | | int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg); |
311 | | |
312 | | int PKCS7_add_attrib_content_type(PKCS7_SIGNER_INFO *si, ASN1_OBJECT *coid); |
313 | | int PKCS7_add0_attrib_signing_time(PKCS7_SIGNER_INFO *si, ASN1_TIME *t); |
314 | | int PKCS7_add1_attrib_digest(PKCS7_SIGNER_INFO *si, |
315 | | const unsigned char *md, int mdlen); |
316 | | |
317 | | int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags); |
318 | | PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont); |
319 | | |
320 | | BIO *BIO_new_PKCS7(BIO *out, PKCS7 *p7); |
321 | | |
322 | | # ifdef __cplusplus |
323 | | } |
324 | | # endif |
325 | | #endif |