1/* 2 * {- join("\n * ", @autowarntext) -} 3 * 4 * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. 5 * 6 * Licensed under the Apache License 2.0 (the "License"). You may not use 7 * this file except in compliance with the License. You can obtain a copy 8 * in the file LICENSE in the source distribution or at 9 * https://www.openssl.org/source/license.html 10 */ 11 12{- 13use OpenSSL::stackhash qw(generate_stack_macros); 14-} 15 16#ifndef OPENSSL_PKCS7_H 17# define OPENSSL_PKCS7_H 18# pragma once 19 20# include <openssl/macros.h> 21# ifndef OPENSSL_NO_DEPRECATED_3_0 22# define HEADER_PKCS7_H 23# endif 24 25# include <openssl/asn1.h> 26# include <openssl/bio.h> 27# include <openssl/e_os2.h> 28 29# include <openssl/symhacks.h> 30# include <openssl/types.h> 31# include <openssl/pkcs7err.h> 32 33#ifdef __cplusplus 34extern "C" { 35#endif 36 37 38/*- 39Encryption_ID DES-CBC 40Digest_ID MD5 41Digest_Encryption_ID rsaEncryption 42Key_Encryption_ID rsaEncryption 43*/ 44 45typedef struct PKCS7_CTX_st { 46 OSSL_LIB_CTX *libctx; 47 char *propq; 48} PKCS7_CTX; 49 50typedef struct pkcs7_issuer_and_serial_st { 51 X509_NAME *issuer; 52 ASN1_INTEGER *serial; 53} PKCS7_ISSUER_AND_SERIAL; 54 55typedef struct pkcs7_signer_info_st { 56 ASN1_INTEGER *version; /* version 1 */ 57 PKCS7_ISSUER_AND_SERIAL *issuer_and_serial; 58 X509_ALGOR *digest_alg; 59 STACK_OF(X509_ATTRIBUTE) *auth_attr; /* [ 0 ] */ 60 X509_ALGOR *digest_enc_alg; /* confusing name, actually used for signing */ 61 ASN1_OCTET_STRING *enc_digest; /* confusing name, actually signature */ 62 STACK_OF(X509_ATTRIBUTE) *unauth_attr; /* [ 1 ] */ 63 /* The private key to sign with */ 64 EVP_PKEY *pkey; 65 const PKCS7_CTX *ctx; 66} PKCS7_SIGNER_INFO; 67{- 68 generate_stack_macros("PKCS7_SIGNER_INFO"); 69-} 70 71typedef struct pkcs7_recip_info_st { 72 ASN1_INTEGER *version; /* version 0 */ 73 PKCS7_ISSUER_AND_SERIAL *issuer_and_serial; 74 X509_ALGOR *key_enc_algor; 75 ASN1_OCTET_STRING *enc_key; 76 X509 *cert; /* get the pub-key from this */ 77 const PKCS7_CTX *ctx; 78} PKCS7_RECIP_INFO; 79{- 80 generate_stack_macros("PKCS7_RECIP_INFO"); 81-} 82 83 84typedef struct pkcs7_signed_st { 85 ASN1_INTEGER *version; /* version 1 */ 86 STACK_OF(X509_ALGOR) *md_algs; /* md used */ 87 STACK_OF(X509) *cert; /* [ 0 ] */ 88 STACK_OF(X509_CRL) *crl; /* [ 1 ] */ 89 STACK_OF(PKCS7_SIGNER_INFO) *signer_info; 90 struct pkcs7_st *contents; 91} PKCS7_SIGNED; 92/* 93 * The above structure is very very similar to PKCS7_SIGN_ENVELOPE. How about 94 * merging the two 95 */ 96 97typedef struct pkcs7_enc_content_st { 98 ASN1_OBJECT *content_type; 99 X509_ALGOR *algorithm; 100 ASN1_OCTET_STRING *enc_data; /* [ 0 ] */ 101 const EVP_CIPHER *cipher; 102 const PKCS7_CTX *ctx; 103} PKCS7_ENC_CONTENT; 104 105typedef struct pkcs7_enveloped_st { 106 ASN1_INTEGER *version; /* version 0 */ 107 STACK_OF(PKCS7_RECIP_INFO) *recipientinfo; 108 PKCS7_ENC_CONTENT *enc_data; 109} PKCS7_ENVELOPE; 110 111typedef struct pkcs7_signedandenveloped_st { 112 ASN1_INTEGER *version; /* version 1 */ 113 STACK_OF(X509_ALGOR) *md_algs; /* md used */ 114 STACK_OF(X509) *cert; /* [ 0 ] */ 115 STACK_OF(X509_CRL) *crl; /* [ 1 ] */ 116 STACK_OF(PKCS7_SIGNER_INFO) *signer_info; 117 PKCS7_ENC_CONTENT *enc_data; 118 STACK_OF(PKCS7_RECIP_INFO) *recipientinfo; 119} PKCS7_SIGN_ENVELOPE; 120 121typedef struct pkcs7_digest_st { 122 ASN1_INTEGER *version; /* version 0 */ 123 X509_ALGOR *md; /* md used */ 124 struct pkcs7_st *contents; 125 ASN1_OCTET_STRING *digest; 126} PKCS7_DIGEST; 127 128typedef struct pkcs7_encrypted_st { 129 ASN1_INTEGER *version; /* version 0 */ 130 PKCS7_ENC_CONTENT *enc_data; 131} PKCS7_ENCRYPT; 132 133typedef struct pkcs7_st { 134 /* 135 * The following is non NULL if it contains ASN1 encoding of this 136 * structure 137 */ 138 unsigned char *asn1; 139 long length; 140# define PKCS7_S_HEADER 0 141# define PKCS7_S_BODY 1 142# define PKCS7_S_TAIL 2 143 int state; /* used during processing */ 144 int detached; 145 ASN1_OBJECT *type; 146 /* content as defined by the type */ 147 /* 148 * all encryption/message digests are applied to the 'contents', leaving 149 * out the 'type' field. 150 */ 151 union { 152 char *ptr; 153 /* NID_pkcs7_data */ 154 ASN1_OCTET_STRING *data; 155 /* NID_pkcs7_signed */ 156 PKCS7_SIGNED *sign; 157 /* NID_pkcs7_enveloped */ 158 PKCS7_ENVELOPE *enveloped; 159 /* NID_pkcs7_signedAndEnveloped */ 160 PKCS7_SIGN_ENVELOPE *signed_and_enveloped; 161 /* NID_pkcs7_digest */ 162 PKCS7_DIGEST *digest; 163 /* NID_pkcs7_encrypted */ 164 PKCS7_ENCRYPT *encrypted; 165 /* Anything else */ 166 ASN1_TYPE *other; 167 } d; 168 PKCS7_CTX ctx; 169} PKCS7; 170{- 171 generate_stack_macros("PKCS7"); 172-} 173 174 175# define PKCS7_OP_SET_DETACHED_SIGNATURE 1 176# define PKCS7_OP_GET_DETACHED_SIGNATURE 2 177 178# define PKCS7_get_signed_attributes(si) ((si)->auth_attr) 179# define PKCS7_get_attributes(si) ((si)->unauth_attr) 180 181# define PKCS7_type_is_signed(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_signed) 182# define PKCS7_type_is_encrypted(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted) 183# define PKCS7_type_is_enveloped(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_enveloped) 184# define PKCS7_type_is_signedAndEnveloped(a) \ 185 (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped) 186# define PKCS7_type_is_data(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_data) 187# define PKCS7_type_is_digest(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_digest) 188 189# define PKCS7_set_detached(p,v) \ 190 PKCS7_ctrl(p,PKCS7_OP_SET_DETACHED_SIGNATURE,v,NULL) 191# define PKCS7_get_detached(p) \ 192 PKCS7_ctrl(p,PKCS7_OP_GET_DETACHED_SIGNATURE,0,NULL) 193 194# define PKCS7_is_detached(p7) (PKCS7_type_is_signed(p7) && PKCS7_get_detached(p7)) 195 196/* S/MIME related flags */ 197 198# define PKCS7_TEXT 0x1 199# define PKCS7_NOCERTS 0x2 200# define PKCS7_NOSIGS 0x4 201# define PKCS7_NOCHAIN 0x8 202# define PKCS7_NOINTERN 0x10 203# define PKCS7_NOVERIFY 0x20 204# define PKCS7_DETACHED 0x40 205# define PKCS7_BINARY 0x80 206# define PKCS7_NOATTR 0x100 207# define PKCS7_NOSMIMECAP 0x200 208# define PKCS7_NOOLDMIMETYPE 0x400 209# define PKCS7_CRLFEOL 0x800 210# define PKCS7_STREAM 0x1000 211# define PKCS7_NOCRL 0x2000 212# define PKCS7_PARTIAL 0x4000 213# define PKCS7_REUSE_DIGEST 0x8000 214# define PKCS7_NO_DUAL_CONTENT 0x10000 215 216/* Flags: for compatibility with older code */ 217 218# define SMIME_TEXT PKCS7_TEXT 219# define SMIME_NOCERTS PKCS7_NOCERTS 220# define SMIME_NOSIGS PKCS7_NOSIGS 221# define SMIME_NOCHAIN PKCS7_NOCHAIN 222# define SMIME_NOINTERN PKCS7_NOINTERN 223# define SMIME_NOVERIFY PKCS7_NOVERIFY 224# define SMIME_DETACHED PKCS7_DETACHED 225# define SMIME_BINARY PKCS7_BINARY 226# define SMIME_NOATTR PKCS7_NOATTR 227 228/* CRLF ASCII canonicalisation */ 229# define SMIME_ASCIICRLF 0x80000 230 231DECLARE_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL) 232 233int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, 234 const EVP_MD *type, unsigned char *md, 235 unsigned int *len); 236# ifndef OPENSSL_NO_STDIO 237PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7); 238int i2d_PKCS7_fp(FILE *fp, const PKCS7 *p7); 239# endif 240DECLARE_ASN1_DUP_FUNCTION(PKCS7) 241PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7); 242int i2d_PKCS7_bio(BIO *bp, const PKCS7 *p7); 243int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *in, int flags); 244int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *in, int flags); 245 246DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNER_INFO) 247DECLARE_ASN1_FUNCTIONS(PKCS7_RECIP_INFO) 248DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNED) 249DECLARE_ASN1_FUNCTIONS(PKCS7_ENC_CONTENT) 250DECLARE_ASN1_FUNCTIONS(PKCS7_ENVELOPE) 251DECLARE_ASN1_FUNCTIONS(PKCS7_SIGN_ENVELOPE) 252DECLARE_ASN1_FUNCTIONS(PKCS7_DIGEST) 253DECLARE_ASN1_FUNCTIONS(PKCS7_ENCRYPT) 254DECLARE_ASN1_FUNCTIONS(PKCS7) 255PKCS7 *PKCS7_new_ex(OSSL_LIB_CTX *libctx, const char *propq); 256 257DECLARE_ASN1_ITEM(PKCS7_ATTR_SIGN) 258DECLARE_ASN1_ITEM(PKCS7_ATTR_VERIFY) 259 260DECLARE_ASN1_NDEF_FUNCTION(PKCS7) 261DECLARE_ASN1_PRINT_FUNCTION(PKCS7) 262 263long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg); 264 265int PKCS7_type_is_other(PKCS7 *p7); 266int PKCS7_set_type(PKCS7 *p7, int type); 267int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other); 268int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data); 269int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, 270 const EVP_MD *dgst); 271int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si); 272int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i); 273int PKCS7_add_certificate(PKCS7 *p7, X509 *x509); 274int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509); 275int PKCS7_content_new(PKCS7 *p7, int nid); 276int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, 277 BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si); 278int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, 279 X509 *x509); 280 281BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio); 282int PKCS7_dataFinal(PKCS7 *p7, BIO *bio); 283BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert); 284 285PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, 286 EVP_PKEY *pkey, const EVP_MD *dgst); 287X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si); 288int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md); 289STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7); 290 291PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509); 292void PKCS7_SIGNER_INFO_get0_algs(PKCS7_SIGNER_INFO *si, EVP_PKEY **pk, 293 X509_ALGOR **pdig, X509_ALGOR **psig); 294void PKCS7_RECIP_INFO_get0_alg(PKCS7_RECIP_INFO *ri, X509_ALGOR **penc); 295int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri); 296int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509); 297int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher); 298int PKCS7_stream(unsigned char ***boundary, PKCS7 *p7); 299 300PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx); 301ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7); 302ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk); 303int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int type, 304 void *data); 305int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, 306 void *value); 307ASN1_TYPE *PKCS7_get_attribute(const PKCS7_SIGNER_INFO *si, int nid); 308ASN1_TYPE *PKCS7_get_signed_attribute(const PKCS7_SIGNER_INFO *si, int nid); 309int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si, 310 STACK_OF(X509_ATTRIBUTE) *sk); 311int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, 312 STACK_OF(X509_ATTRIBUTE) *sk); 313 314PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, 315 BIO *data, int flags); 316PKCS7 *PKCS7_sign_ex(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, 317 BIO *data, int flags, OSSL_LIB_CTX *libctx, 318 const char *propq); 319 320PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, 321 X509 *signcert, EVP_PKEY *pkey, 322 const EVP_MD *md, int flags); 323 324int PKCS7_final(PKCS7 *p7, BIO *data, int flags); 325int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, 326 BIO *indata, BIO *out, int flags); 327STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, 328 int flags); 329PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, 330 int flags); 331PKCS7 *PKCS7_encrypt_ex(STACK_OF(X509) *certs, BIO *in, 332 const EVP_CIPHER *cipher, int flags, 333 OSSL_LIB_CTX *libctx, const char *propq); 334int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, 335 int flags); 336 337int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, 338 STACK_OF(X509_ALGOR) *cap); 339STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si); 340int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg); 341 342int PKCS7_add_attrib_content_type(PKCS7_SIGNER_INFO *si, ASN1_OBJECT *coid); 343int PKCS7_add0_attrib_signing_time(PKCS7_SIGNER_INFO *si, ASN1_TIME *t); 344int PKCS7_add1_attrib_digest(PKCS7_SIGNER_INFO *si, 345 const unsigned char *md, int mdlen); 346 347int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags); 348PKCS7 *SMIME_read_PKCS7_ex(BIO *bio, BIO **bcont, PKCS7 **p7); 349PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont); 350 351BIO *BIO_new_PKCS7(BIO *out, PKCS7 *p7); 352 353# ifdef __cplusplus 354} 355# endif 356#endif 357