1/* 2 * {- join("\n * ", @autowarntext) -} 3 * 4 * Copyright 2008-2025 The OpenSSL Project Authors. All Rights Reserved. 5 * 6 * Licensed under the Apache License 2.0 (the "License"). You may not use 7 * this file except in compliance with the License. You can obtain a copy 8 * in the file LICENSE in the source distribution or at 9 * https://www.openssl.org/source/license.html 10 */ 11 12{- 13use OpenSSL::stackhash qw(generate_stack_macros); 14-} 15 16#ifndef OPENSSL_CMS_H 17# define OPENSSL_CMS_H 18# pragma once 19 20# include <openssl/macros.h> 21# ifndef OPENSSL_NO_DEPRECATED_3_0 22# define HEADER_CMS_H 23# endif 24 25# include <openssl/opensslconf.h> 26 27# ifndef OPENSSL_NO_CMS 28# include <openssl/x509.h> 29# include <openssl/x509v3.h> 30# include <openssl/cmserr.h> 31# ifdef __cplusplus 32extern "C" { 33# endif 34 35typedef struct CMS_EnvelopedData_st CMS_EnvelopedData; 36typedef struct CMS_ContentInfo_st CMS_ContentInfo; 37typedef struct CMS_SignerInfo_st CMS_SignerInfo; 38typedef struct CMS_SignedData_st CMS_SignedData; 39typedef struct CMS_CertificateChoices CMS_CertificateChoices; 40typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice; 41typedef struct CMS_RecipientInfo_st CMS_RecipientInfo; 42typedef struct CMS_ReceiptRequest_st CMS_ReceiptRequest; 43typedef struct CMS_Receipt_st CMS_Receipt; 44typedef struct CMS_RecipientEncryptedKey_st CMS_RecipientEncryptedKey; 45typedef struct CMS_OtherKeyAttribute_st CMS_OtherKeyAttribute; 46 47{- 48 generate_stack_macros("CMS_SignerInfo") 49 .generate_stack_macros("CMS_RecipientEncryptedKey") 50 .generate_stack_macros("CMS_RecipientInfo") 51 .generate_stack_macros("CMS_RevocationInfoChoice"); 52-} 53 54DECLARE_ASN1_ITEM(CMS_EnvelopedData) 55DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_SignedData) 56DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo) 57DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest) 58DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo) 59 60DECLARE_ASN1_DUP_FUNCTION(CMS_EnvelopedData) 61 62CMS_ContentInfo *CMS_ContentInfo_new_ex(OSSL_LIB_CTX *libctx, const char *propq); 63 64# define CMS_SIGNERINFO_ISSUER_SERIAL 0 65# define CMS_SIGNERINFO_KEYIDENTIFIER 1 66 67# define CMS_RECIPINFO_NONE -1 68# define CMS_RECIPINFO_TRANS 0 69# define CMS_RECIPINFO_AGREE 1 70# define CMS_RECIPINFO_KEK 2 71# define CMS_RECIPINFO_PASS 3 72# define CMS_RECIPINFO_OTHER 4 73 74/* S/MIME related flags */ 75 76# define CMS_TEXT 0x1 77# define CMS_NOCERTS 0x2 78# define CMS_NO_CONTENT_VERIFY 0x4 79# define CMS_NO_ATTR_VERIFY 0x8 80# define CMS_NOSIGS \ 81 (CMS_NO_CONTENT_VERIFY|CMS_NO_ATTR_VERIFY) 82# define CMS_NOINTERN 0x10 83# define CMS_NO_SIGNER_CERT_VERIFY 0x20 84# define CMS_NOVERIFY 0x20 85# define CMS_DETACHED 0x40 86# define CMS_BINARY 0x80 87# define CMS_NOATTR 0x100 88# define CMS_NOSMIMECAP 0x200 89# define CMS_NOOLDMIMETYPE 0x400 90# define CMS_CRLFEOL 0x800 91# define CMS_STREAM 0x1000 92# define CMS_NOCRL 0x2000 93# define CMS_PARTIAL 0x4000 94# define CMS_REUSE_DIGEST 0x8000 95# define CMS_USE_KEYID 0x10000 96# define CMS_DEBUG_DECRYPT 0x20000 97# define CMS_KEY_PARAM 0x40000 98# define CMS_ASCIICRLF 0x80000 99# define CMS_CADES 0x100000 100# define CMS_USE_ORIGINATOR_KEYID 0x200000 101# define CMS_NO_SIGNING_TIME 0x400000 102 103const ASN1_OBJECT *CMS_get0_type(const CMS_ContentInfo *cms); 104 105BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont); 106int CMS_dataFinal(CMS_ContentInfo *cms, BIO *bio); 107 108ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms); 109int CMS_is_detached(CMS_ContentInfo *cms); 110int CMS_set_detached(CMS_ContentInfo *cms, int detached); 111 112# ifdef OPENSSL_PEM_H 113DECLARE_PEM_rw(CMS, CMS_ContentInfo) 114# endif 115int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms); 116CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms); 117int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms); 118 119BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms); 120int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags); 121int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, 122 int flags); 123CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont); 124CMS_ContentInfo *SMIME_read_CMS_ex(BIO *bio, int flags, BIO **bcont, CMS_ContentInfo **ci); 125int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags); 126 127int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, 128 unsigned int flags); 129int CMS_final_digest(CMS_ContentInfo *cms, 130 const unsigned char *md, unsigned int mdlen, BIO *dcont, 131 unsigned int flags); 132 133CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, 134 STACK_OF(X509) *certs, BIO *data, 135 unsigned int flags); 136CMS_ContentInfo *CMS_sign_ex(X509 *signcert, EVP_PKEY *pkey, 137 STACK_OF(X509) *certs, BIO *data, 138 unsigned int flags, OSSL_LIB_CTX *libctx, 139 const char *propq); 140 141CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, 142 X509 *signcert, EVP_PKEY *pkey, 143 STACK_OF(X509) *certs, unsigned int flags); 144 145int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags); 146CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags); 147CMS_ContentInfo *CMS_data_create_ex(BIO *in, unsigned int flags, 148 OSSL_LIB_CTX *libctx, const char *propq); 149 150int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out, 151 unsigned int flags); 152CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md, 153 unsigned int flags); 154CMS_ContentInfo *CMS_digest_create_ex(BIO *in, const EVP_MD *md, 155 unsigned int flags, OSSL_LIB_CTX *libctx, 156 const char *propq); 157 158int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms, 159 const unsigned char *key, size_t keylen, 160 BIO *dcont, BIO *out, unsigned int flags); 161CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher, 162 const unsigned char *key, 163 size_t keylen, unsigned int flags); 164CMS_ContentInfo *CMS_EncryptedData_encrypt_ex(BIO *in, const EVP_CIPHER *cipher, 165 const unsigned char *key, 166 size_t keylen, unsigned int flags, 167 OSSL_LIB_CTX *libctx, 168 const char *propq); 169 170int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph, 171 const unsigned char *key, size_t keylen); 172 173int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, 174 X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags); 175 176int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms, 177 STACK_OF(X509) *certs, 178 X509_STORE *store, unsigned int flags); 179 180STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms); 181 182CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in, 183 const EVP_CIPHER *cipher, unsigned int flags); 184CMS_ContentInfo *CMS_encrypt_ex(STACK_OF(X509) *certs, BIO *in, 185 const EVP_CIPHER *cipher, unsigned int flags, 186 OSSL_LIB_CTX *libctx, const char *propq); 187 188int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert, 189 BIO *dcont, BIO *out, unsigned int flags); 190 191int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert); 192int CMS_decrypt_set1_pkey_and_peer(CMS_ContentInfo *cms, EVP_PKEY *pk, 193 X509 *cert, X509 *peer); 194int CMS_decrypt_set1_key(CMS_ContentInfo *cms, 195 unsigned char *key, size_t keylen, 196 const unsigned char *id, size_t idlen); 197int CMS_decrypt_set1_password(CMS_ContentInfo *cms, 198 unsigned char *pass, ossl_ssize_t passlen); 199 200STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms); 201int CMS_RecipientInfo_type(CMS_RecipientInfo *ri); 202EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri); 203CMS_ContentInfo *CMS_AuthEnvelopedData_create(const EVP_CIPHER *cipher); 204CMS_ContentInfo * 205CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *libctx, 206 const char *propq); 207CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher); 208CMS_ContentInfo *CMS_EnvelopedData_create_ex(const EVP_CIPHER *cipher, 209 OSSL_LIB_CTX *libctx, 210 const char *propq); 211BIO *CMS_EnvelopedData_decrypt(CMS_EnvelopedData *env, BIO *detached_data, 212 EVP_PKEY *pkey, X509 *cert, 213 ASN1_OCTET_STRING *secret, unsigned int flags, 214 OSSL_LIB_CTX *libctx, const char *propq); 215 216CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, 217 X509 *recip, unsigned int flags); 218CMS_RecipientInfo *CMS_add1_recipient(CMS_ContentInfo *cms, X509 *recip, 219 EVP_PKEY *originatorPrivKey, X509 * originator, unsigned int flags); 220int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey); 221int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert); 222int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri, 223 EVP_PKEY **pk, X509 **recip, 224 X509_ALGOR **palg); 225int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri, 226 ASN1_OCTET_STRING **keyid, 227 X509_NAME **issuer, 228 ASN1_INTEGER **sno); 229 230CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, 231 unsigned char *key, size_t keylen, 232 unsigned char *id, size_t idlen, 233 ASN1_GENERALIZEDTIME *date, 234 ASN1_OBJECT *otherTypeId, 235 ASN1_TYPE *otherType); 236 237int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, 238 X509_ALGOR **palg, 239 ASN1_OCTET_STRING **pid, 240 ASN1_GENERALIZEDTIME **pdate, 241 ASN1_OBJECT **potherid, 242 ASN1_TYPE **pothertype); 243 244int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, 245 unsigned char *key, size_t keylen); 246 247int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, 248 const unsigned char *id, size_t idlen); 249 250int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri, 251 unsigned char *pass, 252 ossl_ssize_t passlen); 253 254CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, 255 int iter, int wrap_nid, 256 int pbe_nid, 257 unsigned char *pass, 258 ossl_ssize_t passlen, 259 const EVP_CIPHER *kekciph); 260 261int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri); 262int CMS_RecipientInfo_encrypt(const CMS_ContentInfo *cms, CMS_RecipientInfo *ri); 263 264int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, 265 unsigned int flags); 266CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags); 267 268int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid); 269const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms); 270 271CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms); 272int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert); 273int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert); 274STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms); 275 276CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms); 277int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl); 278int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl); 279STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms); 280 281int CMS_SignedData_init(CMS_ContentInfo *cms); 282CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, 283 X509 *signer, EVP_PKEY *pk, const EVP_MD *md, 284 unsigned int flags); 285EVP_PKEY_CTX *CMS_SignerInfo_get0_pkey_ctx(CMS_SignerInfo *si); 286EVP_MD_CTX *CMS_SignerInfo_get0_md_ctx(CMS_SignerInfo *si); 287STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms); 288 289void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer); 290int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, 291 ASN1_OCTET_STRING **keyid, 292 X509_NAME **issuer, ASN1_INTEGER **sno); 293int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert); 294int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *certs, 295 unsigned int flags); 296void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, 297 X509 **signer, X509_ALGOR **pdig, 298 X509_ALGOR **psig); 299ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si); 300int CMS_SignerInfo_sign(CMS_SignerInfo *si); 301int CMS_SignerInfo_verify(CMS_SignerInfo *si); 302int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain); 303BIO *CMS_SignedData_verify(CMS_SignedData *sd, BIO *detached_data, 304 STACK_OF(X509) *scerts, X509_STORE *store, 305 STACK_OF(X509) *extra, STACK_OF(X509_CRL) *crls, 306 unsigned int flags, 307 OSSL_LIB_CTX *libctx, const char *propq); 308 309int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs); 310int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, 311 int algnid, int keysize); 312int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap); 313 314int CMS_signed_get_attr_count(const CMS_SignerInfo *si); 315int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid, 316 int lastpos); 317int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, const ASN1_OBJECT *obj, 318 int lastpos); 319X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc); 320X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc); 321int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr); 322int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si, 323 const ASN1_OBJECT *obj, int type, 324 const void *bytes, int len); 325int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si, 326 int nid, int type, 327 const void *bytes, int len); 328int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si, 329 const char *attrname, int type, 330 const void *bytes, int len); 331void *CMS_signed_get0_data_by_OBJ(const CMS_SignerInfo *si, 332 const ASN1_OBJECT *oid, 333 int lastpos, int type); 334 335int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si); 336int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid, 337 int lastpos); 338int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, 339 const ASN1_OBJECT *obj, int lastpos); 340X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc); 341X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc); 342int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr); 343int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si, 344 const ASN1_OBJECT *obj, int type, 345 const void *bytes, int len); 346int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si, 347 int nid, int type, 348 const void *bytes, int len); 349int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si, 350 const char *attrname, int type, 351 const void *bytes, int len); 352void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, 353 int lastpos, int type); 354 355int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr); 356CMS_ReceiptRequest *CMS_ReceiptRequest_create0( 357 unsigned char *id, int idlen, int allorfirst, 358 STACK_OF(GENERAL_NAMES) *receiptList, 359 STACK_OF(GENERAL_NAMES) *receiptsTo); 360CMS_ReceiptRequest *CMS_ReceiptRequest_create0_ex( 361 unsigned char *id, int idlen, int allorfirst, 362 STACK_OF(GENERAL_NAMES) *receiptList, 363 STACK_OF(GENERAL_NAMES) *receiptsTo, 364 OSSL_LIB_CTX *libctx); 365 366int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr); 367void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, 368 ASN1_STRING **pcid, 369 int *pallorfirst, 370 STACK_OF(GENERAL_NAMES) **plist, 371 STACK_OF(GENERAL_NAMES) **prto); 372int CMS_RecipientInfo_kari_get0_alg(CMS_RecipientInfo *ri, 373 X509_ALGOR **palg, 374 ASN1_OCTET_STRING **pukm); 375STACK_OF(CMS_RecipientEncryptedKey) 376*CMS_RecipientInfo_kari_get0_reks(CMS_RecipientInfo *ri); 377 378int CMS_RecipientInfo_kari_get0_orig_id(CMS_RecipientInfo *ri, 379 X509_ALGOR **pubalg, 380 ASN1_BIT_STRING **pubkey, 381 ASN1_OCTET_STRING **keyid, 382 X509_NAME **issuer, 383 ASN1_INTEGER **sno); 384 385int CMS_RecipientInfo_kari_orig_id_cmp(CMS_RecipientInfo *ri, X509 *cert); 386 387int CMS_RecipientEncryptedKey_get0_id(CMS_RecipientEncryptedKey *rek, 388 ASN1_OCTET_STRING **keyid, 389 ASN1_GENERALIZEDTIME **tm, 390 CMS_OtherKeyAttribute **other, 391 X509_NAME **issuer, ASN1_INTEGER **sno); 392int CMS_RecipientEncryptedKey_cert_cmp(CMS_RecipientEncryptedKey *rek, 393 X509 *cert); 394int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk); 395int CMS_RecipientInfo_kari_set0_pkey_and_peer(CMS_RecipientInfo *ri, EVP_PKEY *pk, X509 *peer); 396EVP_CIPHER_CTX *CMS_RecipientInfo_kari_get0_ctx(CMS_RecipientInfo *ri); 397int CMS_RecipientInfo_kari_decrypt(CMS_ContentInfo *cms, 398 CMS_RecipientInfo *ri, 399 CMS_RecipientEncryptedKey *rek); 400 401int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg, 402 ASN1_OCTET_STRING *ukm, int keylen); 403 404/* Backward compatibility for spelling errors. */ 405# define CMS_R_UNKNOWN_DIGEST_ALGORITM CMS_R_UNKNOWN_DIGEST_ALGORITHM 406# define CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE \ 407 CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE 408 409# ifdef __cplusplus 410} 411# endif 412# endif 413#endif 414