1 /* 2 * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the OpenSSL license (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #ifndef HEADER_PKCS7_H 11 # define HEADER_PKCS7_H 12 13 # include <openssl/asn1.h> 14 # include <openssl/bio.h> 15 # include <openssl/e_os2.h> 16 17 # include <openssl/symhacks.h> 18 # include <openssl/ossl_typ.h> 19 # include <openssl/pkcs7err.h> 20 21 #ifdef __cplusplus 22 extern "C" { 23 #endif 24 25 /*- 26 Encryption_ID DES-CBC 27 Digest_ID MD5 28 Digest_Encryption_ID rsaEncryption 29 Key_Encryption_ID rsaEncryption 30 */ 31 32 typedef struct pkcs7_issuer_and_serial_st { 33 X509_NAME *issuer; 34 ASN1_INTEGER *serial; 35 } PKCS7_ISSUER_AND_SERIAL; 36 37 typedef struct pkcs7_signer_info_st { 38 ASN1_INTEGER *version; /* version 1 */ 39 PKCS7_ISSUER_AND_SERIAL *issuer_and_serial; 40 X509_ALGOR *digest_alg; 41 STACK_OF(X509_ATTRIBUTE) *auth_attr; /* [ 0 ] */ 42 X509_ALGOR *digest_enc_alg; 43 ASN1_OCTET_STRING *enc_digest; 44 STACK_OF(X509_ATTRIBUTE) *unauth_attr; /* [ 1 ] */ 45 /* The private key to sign with */ 46 EVP_PKEY *pkey; 47 } PKCS7_SIGNER_INFO; 48 49 DEFINE_STACK_OF(PKCS7_SIGNER_INFO) 50 51 typedef struct pkcs7_recip_info_st { 52 ASN1_INTEGER *version; /* version 0 */ 53 PKCS7_ISSUER_AND_SERIAL *issuer_and_serial; 54 X509_ALGOR *key_enc_algor; 55 ASN1_OCTET_STRING *enc_key; 56 X509 *cert; /* get the pub-key from this */ 57 } PKCS7_RECIP_INFO; 58 59 DEFINE_STACK_OF(PKCS7_RECIP_INFO) 60 61 typedef struct pkcs7_signed_st { 62 ASN1_INTEGER *version; /* version 1 */ 63 STACK_OF(X509_ALGOR) *md_algs; /* md used */ 64 STACK_OF(X509) *cert; /* [ 0 ] */ 65 STACK_OF(X509_CRL) *crl; /* [ 1 ] */ 66 STACK_OF(PKCS7_SIGNER_INFO) *signer_info; 67 struct pkcs7_st *contents; 68 } PKCS7_SIGNED; 69 /* 70 * The above structure is very very similar to PKCS7_SIGN_ENVELOPE. How about 71 * merging the two 72 */ 73 74 typedef struct pkcs7_enc_content_st { 75 ASN1_OBJECT *content_type; 76 X509_ALGOR *algorithm; 77 ASN1_OCTET_STRING *enc_data; /* [ 0 ] */ 78 const EVP_CIPHER *cipher; 79 } PKCS7_ENC_CONTENT; 80 81 typedef struct pkcs7_enveloped_st { 82 ASN1_INTEGER *version; /* version 0 */ 83 STACK_OF(PKCS7_RECIP_INFO) *recipientinfo; 84 PKCS7_ENC_CONTENT *enc_data; 85 } PKCS7_ENVELOPE; 86 87 typedef struct pkcs7_signedandenveloped_st { 88 ASN1_INTEGER *version; /* version 1 */ 89 STACK_OF(X509_ALGOR) *md_algs; /* md used */ 90 STACK_OF(X509) *cert; /* [ 0 ] */ 91 STACK_OF(X509_CRL) *crl; /* [ 1 ] */ 92 STACK_OF(PKCS7_SIGNER_INFO) *signer_info; 93 PKCS7_ENC_CONTENT *enc_data; 94 STACK_OF(PKCS7_RECIP_INFO) *recipientinfo; 95 } PKCS7_SIGN_ENVELOPE; 96 97 typedef struct pkcs7_digest_st { 98 ASN1_INTEGER *version; /* version 0 */ 99 X509_ALGOR *md; /* md used */ 100 struct pkcs7_st *contents; 101 ASN1_OCTET_STRING *digest; 102 } PKCS7_DIGEST; 103 104 typedef struct pkcs7_encrypted_st { 105 ASN1_INTEGER *version; /* version 0 */ 106 PKCS7_ENC_CONTENT *enc_data; 107 } PKCS7_ENCRYPT; 108 109 typedef struct pkcs7_st { 110 /* 111 * The following is non NULL if it contains ASN1 encoding of this 112 * structure 113 */ 114 unsigned char *asn1; 115 long length; 116 # define PKCS7_S_HEADER 0 117 # define PKCS7_S_BODY 1 118 # define PKCS7_S_TAIL 2 119 int state; /* used during processing */ 120 int detached; 121 ASN1_OBJECT *type; 122 /* content as defined by the type */ 123 /* 124 * all encryption/message digests are applied to the 'contents', leaving 125 * out the 'type' field. 126 */ 127 union { 128 char *ptr; 129 /* NID_pkcs7_data */ 130 ASN1_OCTET_STRING *data; 131 /* NID_pkcs7_signed */ 132 PKCS7_SIGNED *sign; 133 /* NID_pkcs7_enveloped */ 134 PKCS7_ENVELOPE *enveloped; 135 /* NID_pkcs7_signedAndEnveloped */ 136 PKCS7_SIGN_ENVELOPE *signed_and_enveloped; 137 /* NID_pkcs7_digest */ 138 PKCS7_DIGEST *digest; 139 /* NID_pkcs7_encrypted */ 140 PKCS7_ENCRYPT *encrypted; 141 /* Anything else */ 142 ASN1_TYPE *other; 143 } d; 144 } PKCS7; 145 146 DEFINE_STACK_OF(PKCS7) 147 148 # define PKCS7_OP_SET_DETACHED_SIGNATURE 1 149 # define PKCS7_OP_GET_DETACHED_SIGNATURE 2 150 151 # define PKCS7_get_signed_attributes(si) ((si)->auth_attr) 152 # define PKCS7_get_attributes(si) ((si)->unauth_attr) 153 154 # define PKCS7_type_is_signed(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_signed) 155 # define PKCS7_type_is_encrypted(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted) 156 # define PKCS7_type_is_enveloped(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_enveloped) 157 # define PKCS7_type_is_signedAndEnveloped(a) \ 158 (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped) 159 # define PKCS7_type_is_data(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_data) 160 # define PKCS7_type_is_digest(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_digest) 161 162 # define PKCS7_set_detached(p,v) \ 163 PKCS7_ctrl(p,PKCS7_OP_SET_DETACHED_SIGNATURE,v,NULL) 164 # define PKCS7_get_detached(p) \ 165 PKCS7_ctrl(p,PKCS7_OP_GET_DETACHED_SIGNATURE,0,NULL) 166 167 # define PKCS7_is_detached(p7) (PKCS7_type_is_signed(p7) && PKCS7_get_detached(p7)) 168 169 /* S/MIME related flags */ 170 171 # define PKCS7_TEXT 0x1 172 # define PKCS7_NOCERTS 0x2 173 # define PKCS7_NOSIGS 0x4 174 # define PKCS7_NOCHAIN 0x8 175 # define PKCS7_NOINTERN 0x10 176 # define PKCS7_NOVERIFY 0x20 177 # define PKCS7_DETACHED 0x40 178 # define PKCS7_BINARY 0x80 179 # define PKCS7_NOATTR 0x100 180 # define PKCS7_NOSMIMECAP 0x200 181 # define PKCS7_NOOLDMIMETYPE 0x400 182 # define PKCS7_CRLFEOL 0x800 183 # define PKCS7_STREAM 0x1000 184 # define PKCS7_NOCRL 0x2000 185 # define PKCS7_PARTIAL 0x4000 186 # define PKCS7_REUSE_DIGEST 0x8000 187 # define PKCS7_NO_DUAL_CONTENT 0x10000 188 189 /* Flags: for compatibility with older code */ 190 191 # define SMIME_TEXT PKCS7_TEXT 192 # define SMIME_NOCERTS PKCS7_NOCERTS 193 # define SMIME_NOSIGS PKCS7_NOSIGS 194 # define SMIME_NOCHAIN PKCS7_NOCHAIN 195 # define SMIME_NOINTERN PKCS7_NOINTERN 196 # define SMIME_NOVERIFY PKCS7_NOVERIFY 197 # define SMIME_DETACHED PKCS7_DETACHED 198 # define SMIME_BINARY PKCS7_BINARY 199 # define SMIME_NOATTR PKCS7_NOATTR 200 201 /* CRLF ASCII canonicalisation */ 202 # define SMIME_ASCIICRLF 0x80000 203 204 DECLARE_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL) 205 206 int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, 207 const EVP_MD *type, unsigned char *md, 208 unsigned int *len); 209 # ifndef OPENSSL_NO_STDIO 210 PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7); 211 int i2d_PKCS7_fp(FILE *fp, PKCS7 *p7); 212 # endif 213 PKCS7 *PKCS7_dup(PKCS7 *p7); 214 PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7); 215 int i2d_PKCS7_bio(BIO *bp, PKCS7 *p7); 216 int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *in, int flags); 217 int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *in, int flags); 218 219 DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNER_INFO) 220 DECLARE_ASN1_FUNCTIONS(PKCS7_RECIP_INFO) 221 DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNED) 222 DECLARE_ASN1_FUNCTIONS(PKCS7_ENC_CONTENT) 223 DECLARE_ASN1_FUNCTIONS(PKCS7_ENVELOPE) 224 DECLARE_ASN1_FUNCTIONS(PKCS7_SIGN_ENVELOPE) 225 DECLARE_ASN1_FUNCTIONS(PKCS7_DIGEST) 226 DECLARE_ASN1_FUNCTIONS(PKCS7_ENCRYPT) 227 DECLARE_ASN1_FUNCTIONS(PKCS7) 228 229 DECLARE_ASN1_ITEM(PKCS7_ATTR_SIGN) 230 DECLARE_ASN1_ITEM(PKCS7_ATTR_VERIFY) 231 232 DECLARE_ASN1_NDEF_FUNCTION(PKCS7) 233 DECLARE_ASN1_PRINT_FUNCTION(PKCS7) 234 235 long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg); 236 237 int PKCS7_set_type(PKCS7 *p7, int type); 238 int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other); 239 int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data); 240 int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, 241 const EVP_MD *dgst); 242 int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si); 243 int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i); 244 int PKCS7_add_certificate(PKCS7 *p7, X509 *x509); 245 int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509); 246 int PKCS7_content_new(PKCS7 *p7, int nid); 247 int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, 248 BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si); 249 int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, 250 X509 *x509); 251 252 BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio); 253 int PKCS7_dataFinal(PKCS7 *p7, BIO *bio); 254 BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert); 255 256 PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, 257 EVP_PKEY *pkey, const EVP_MD *dgst); 258 X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si); 259 int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md); 260 STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7); 261 262 PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509); 263 void PKCS7_SIGNER_INFO_get0_algs(PKCS7_SIGNER_INFO *si, EVP_PKEY **pk, 264 X509_ALGOR **pdig, X509_ALGOR **psig); 265 void PKCS7_RECIP_INFO_get0_alg(PKCS7_RECIP_INFO *ri, X509_ALGOR **penc); 266 int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri); 267 int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509); 268 int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher); 269 int PKCS7_stream(unsigned char ***boundary, PKCS7 *p7); 270 271 PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx); 272 ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk); 273 int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int type, 274 void *data); 275 int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, 276 void *value); 277 ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid); 278 ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid); 279 int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si, 280 STACK_OF(X509_ATTRIBUTE) *sk); 281 int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, 282 STACK_OF(X509_ATTRIBUTE) *sk); 283 284 PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, 285 BIO *data, int flags); 286 287 PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, 288 X509 *signcert, EVP_PKEY *pkey, 289 const EVP_MD *md, int flags); 290 291 int PKCS7_final(PKCS7 *p7, BIO *data, int flags); 292 int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, 293 BIO *indata, BIO *out, int flags); 294 STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, 295 int flags); 296 PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, 297 int flags); 298 int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, 299 int flags); 300 301 int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, 302 STACK_OF(X509_ALGOR) *cap); 303 STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si); 304 int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg); 305 306 int PKCS7_add_attrib_content_type(PKCS7_SIGNER_INFO *si, ASN1_OBJECT *coid); 307 int PKCS7_add0_attrib_signing_time(PKCS7_SIGNER_INFO *si, ASN1_TIME *t); 308 int PKCS7_add1_attrib_digest(PKCS7_SIGNER_INFO *si, 309 const unsigned char *md, int mdlen); 310 311 int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags); 312 PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont); 313 314 BIO *BIO_new_PKCS7(BIO *out, PKCS7 *p7); 315 316 # ifdef __cplusplus 317 } 318 # endif 319 #endif 320
Indexes created Sat Feb 28 05:31:39 UTC 2026