OpenSSL  1.0.1c
 All Classes Files Functions Variables Typedefs Enumerations Enumerator Macros
pkcs7.h
Go to the documentation of this file.
1 /* crypto/pkcs7/pkcs7.h */
2 /* Copyright (C) 1995-1998 Eric Young ([email protected])
3  * All rights reserved.
4  *
5  * This package is an SSL implementation written
6  * by Eric Young ([email protected]).
7  * The implementation was written so as to conform with Netscapes SSL.
8  *
9  * This library is free for commercial and non-commercial use as long as
10  * the following conditions are aheared to. The following conditions
11  * apply to all code found in this distribution, be it the RC4, RSA,
12  * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13  * included with this distribution is covered by the same copyright terms
14  * except that the holder is Tim Hudson ([email protected]).
15  *
16  * Copyright remains Eric Young's, and as such any Copyright notices in
17  * the code are not to be removed.
18  * If this package is used in a product, Eric Young should be given attribution
19  * as the author of the parts of the library used.
20  * This can be in the form of a textual message at program startup or
21  * in documentation (online or textual) provided with the package.
22  *
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions
25  * are met:
26  * 1. Redistributions of source code must retain the copyright
27  * notice, this list of conditions and the following disclaimer.
28  * 2. Redistributions in binary form must reproduce the above copyright
29  * notice, this list of conditions and the following disclaimer in the
30  * documentation and/or other materials provided with the distribution.
31  * 3. All advertising materials mentioning features or use of this software
32  * must display the following acknowledgement:
33  * "This product includes cryptographic software written by
34  * Eric Young ([email protected])"
35  * The word 'cryptographic' can be left out if the rouines from the library
36  * being used are not cryptographic related :-).
37  * 4. If you include any Windows specific code (or a derivative thereof) from
38  * the apps directory (application code) you must include an acknowledgement:
39  * "This product includes software written by Tim Hudson ([email protected])"
40  *
41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  *
53  * The licence and distribution terms for any publically available version or
54  * derivative of this code cannot be changed. i.e. this code cannot simply be
55  * copied and put under another distribution licence
56  * [including the GNU Public Licence.]
57  */
58 
59 #ifndef HEADER_PKCS7_H
60 #define HEADER_PKCS7_H
61 
62 #include <openssl/asn1.h>
63 #include <openssl/bio.h>
64 #include <openssl/e_os2.h>
65 
66 #include <openssl/symhacks.h>
67 #include <openssl/ossl_typ.h>
68 
69 #ifdef __cplusplus
70 extern "C" {
71 #endif
72 
73 #ifdef OPENSSL_SYS_WIN32
74 /* Under Win32 thes are defined in wincrypt.h */
75 #undef PKCS7_ISSUER_AND_SERIAL
76 #undef PKCS7_SIGNER_INFO
77 #endif
78 
79 /*
80 Encryption_ID DES-CBC
81 Digest_ID MD5
82 Digest_Encryption_ID rsaEncryption
83 Key_Encryption_ID rsaEncryption
84 */
85 
86 typedef struct pkcs7_issuer_and_serial_st
87  {
91 
92 typedef struct pkcs7_signer_info_st
93  {
94  ASN1_INTEGER *version; /* version 1 */
97  STACK_OF(X509_ATTRIBUTE) *auth_attr; /* [ 0 ] */
100  STACK_OF(X509_ATTRIBUTE) *unauth_attr; /* [ 1 ] */
101 
102  /* The private key to sign with */
103  EVP_PKEY *pkey;
105 
108 
109 typedef struct pkcs7_recip_info_st
110  {
111  ASN1_INTEGER *version; /* version 0 */
112  PKCS7_ISSUER_AND_SERIAL *issuer_and_serial;
113  X509_ALGOR *key_enc_algor;
114  ASN1_OCTET_STRING *enc_key;
115  X509 *cert; /* get the pub-key from this */
117 
120 
121 typedef struct pkcs7_signed_st
122  {
123  ASN1_INTEGER *version; /* version 1 */
124  STACK_OF(X509_ALGOR) *md_algs; /* md used */
125  STACK_OF(X509) *cert; /* [ 0 ] */
126  STACK_OF(X509_CRL) *crl; /* [ 1 ] */
127  STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
128 
129  struct pkcs7_st *contents;
130  } PKCS7_SIGNED;
131 /* The above structure is very very similar to PKCS7_SIGN_ENVELOPE.
132  * How about merging the two */
133 
134 typedef struct pkcs7_enc_content_st
135  {
138  ASN1_OCTET_STRING *enc_data; /* [ 0 ] */
139  const EVP_CIPHER *cipher;
141 
142 typedef struct pkcs7_enveloped_st
143  {
144  ASN1_INTEGER *version; /* version 0 */
145  STACK_OF(PKCS7_RECIP_INFO) *recipientinfo;
147  } PKCS7_ENVELOPE;
148 
149 typedef struct pkcs7_signedandenveloped_st
150  {
151  ASN1_INTEGER *version; /* version 1 */
152  STACK_OF(X509_ALGOR) *md_algs; /* md used */
153  STACK_OF(X509) *cert; /* [ 0 ] */
154  STACK_OF(X509_CRL) *crl; /* [ 1 ] */
155  STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
156 
158  STACK_OF(PKCS7_RECIP_INFO) *recipientinfo;
160 
161 typedef struct pkcs7_digest_st
162  {
163  ASN1_INTEGER *version; /* version 0 */
164  X509_ALGOR *md; /* md used */
165  struct pkcs7_st *contents;
167  } PKCS7_DIGEST;
168 
169 typedef struct pkcs7_encrypted_st
170  {
171  ASN1_INTEGER *version; /* version 0 */
173  } PKCS7_ENCRYPT;
174 
175 typedef struct pkcs7_st
176  {
177  /* The following is non NULL if it contains ASN1 encoding of
178  * this structure */
179  unsigned char *asn1;
180  long length;
181 
182 #define PKCS7_S_HEADER 0
183 #define PKCS7_S_BODY 1
184 #define PKCS7_S_TAIL 2
185  int state; /* used during processing */
186 
187  int detached;
188 
189  ASN1_OBJECT *type;
190  /* content as defined by the type */
191  /* all encryption/message digests are applied to the 'contents',
192  * leaving out the 'type' field. */
193  union {
194  char *ptr;
195 
196  /* NID_pkcs7_data */
198 
199  /* NID_pkcs7_signed */
201 
202  /* NID_pkcs7_enveloped */
204 
205  /* NID_pkcs7_signedAndEnveloped */
207 
208  /* NID_pkcs7_digest */
210 
211  /* NID_pkcs7_encrypted */
213 
214  /* Anything else */
215  ASN1_TYPE *other;
216  } d;
217  } PKCS7;
218 
222 
223 #define PKCS7_OP_SET_DETACHED_SIGNATURE 1
224 #define PKCS7_OP_GET_DETACHED_SIGNATURE 2
225 
226 #define PKCS7_get_signed_attributes(si) ((si)->auth_attr)
227 #define PKCS7_get_attributes(si) ((si)->unauth_attr)
228 
229 #define PKCS7_type_is_signed(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_signed)
230 #define PKCS7_type_is_encrypted(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted)
231 #define PKCS7_type_is_enveloped(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_enveloped)
232 #define PKCS7_type_is_signedAndEnveloped(a) \
233  (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped)
234 #define PKCS7_type_is_data(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_data)
235 #define PKCS7_type_is_digest(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_digest)
236 #define PKCS7_type_is_encrypted(a) \
237  (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted)
238 
239 #define PKCS7_type_is_digest(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_digest)
240 
241 #define PKCS7_set_detached(p,v) \
242  PKCS7_ctrl(p,PKCS7_OP_SET_DETACHED_SIGNATURE,v,NULL)
243 #define PKCS7_get_detached(p) \
244  PKCS7_ctrl(p,PKCS7_OP_GET_DETACHED_SIGNATURE,0,NULL)
245 
246 #define PKCS7_is_detached(p7) (PKCS7_type_is_signed(p7) && PKCS7_get_detached(p7))
247 
248 /* S/MIME related flags */
249 
250 #define PKCS7_TEXT 0x1
251 #define PKCS7_NOCERTS 0x2
252 #define PKCS7_NOSIGS 0x4
253 #define PKCS7_NOCHAIN 0x8
254 #define PKCS7_NOINTERN 0x10
255 #define PKCS7_NOVERIFY 0x20
256 #define PKCS7_DETACHED 0x40
257 #define PKCS7_BINARY 0x80
258 #define PKCS7_NOATTR 0x100
259 #define PKCS7_NOSMIMECAP 0x200
260 #define PKCS7_NOOLDMIMETYPE 0x400
261 #define PKCS7_CRLFEOL 0x800
262 #define PKCS7_STREAM 0x1000
263 #define PKCS7_NOCRL 0x2000
264 #define PKCS7_PARTIAL 0x4000
265 #define PKCS7_REUSE_DIGEST 0x8000
266 
267 /* Flags: for compatibility with older code */
268 
269 #define SMIME_TEXT PKCS7_TEXT
270 #define SMIME_NOCERTS PKCS7_NOCERTS
271 #define SMIME_NOSIGS PKCS7_NOSIGS
272 #define SMIME_NOCHAIN PKCS7_NOCHAIN
273 #define SMIME_NOINTERN PKCS7_NOINTERN
274 #define SMIME_NOVERIFY PKCS7_NOVERIFY
275 #define SMIME_DETACHED PKCS7_DETACHED
276 #define SMIME_BINARY PKCS7_BINARY
277 #define SMIME_NOATTR PKCS7_NOATTR
278 
280 
282  unsigned char *md,unsigned int *len);
283 #ifndef OPENSSL_NO_FP_API
284 PKCS7 *d2i_PKCS7_fp(FILE *fp,PKCS7 **p7);
285 int i2d_PKCS7_fp(FILE *fp,PKCS7 *p7);
286 #endif
287 PKCS7 *PKCS7_dup(PKCS7 *p7);
288 PKCS7 *d2i_PKCS7_bio(BIO *bp,PKCS7 **p7);
289 int i2d_PKCS7_bio(BIO *bp,PKCS7 *p7);
290 int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *in, int flags);
291 int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *in, int flags);
292 
302 
303 DECLARE_ASN1_ITEM(PKCS7_ATTR_SIGN)
304 DECLARE_ASN1_ITEM(PKCS7_ATTR_VERIFY)
305 
308 
309 long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg);
310 
311 int PKCS7_set_type(PKCS7 *p7, int type);
312 int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other);
313 int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data);
315  const EVP_MD *dgst);
318 int PKCS7_add_certificate(PKCS7 *p7, X509 *x509);
319 int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);
320 int PKCS7_content_new(PKCS7 *p7, int nid);
321 int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx,
322  BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si);
324  X509 *x509);
325 
326 BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio);
327 int PKCS7_dataFinal(PKCS7 *p7, BIO *bio);
328 BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert);
329 
330 
332  EVP_PKEY *pkey, const EVP_MD *dgst);
334 int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md);
335 STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7);
336 
339  X509_ALGOR **pdig, X509_ALGOR **psig);
343 int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher);
344 int PKCS7_stream(unsigned char ***boundary, PKCS7 *p7);
345 
348 int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si,int nid,int type,
349  void *data);
350 int PKCS7_add_attribute (PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
351  void *value);
355  STACK_OF(X509_ATTRIBUTE) *sk);
357 
358 
359 PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
360  BIO *data, int flags);
361 
363  X509 *signcert, EVP_PKEY *pkey, const EVP_MD *md,
364  int flags);
365 
366 int PKCS7_final(PKCS7 *p7, BIO *data, int flags);
367 int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
368  BIO *indata, BIO *out, int flags);
369 STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags);
370 PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
371  int flags);
372 int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags);
373 
375  STACK_OF(X509_ALGOR) *cap);
376 STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si);
377 int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg);
378 
382  const unsigned char *md, int mdlen);
383 
384 int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags);
385 PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont);
386 
387 BIO *BIO_new_PKCS7(BIO *out, PKCS7 *p7);
388 
389 
390 /* BEGIN ERROR CODES */
391 /* The following lines are auto generated by the script mkerr.pl. Any changes
392  * made after this point may be overwritten when the script is next run.
393  */
394 void ERR_load_PKCS7_strings(void);
395 
396 /* Error codes for the PKCS7 functions. */
397 
398 /* Function codes. */
399 #define PKCS7_F_B64_READ_PKCS7 120
400 #define PKCS7_F_B64_WRITE_PKCS7 121
401 #define PKCS7_F_DO_PKCS7_SIGNED_ATTRIB 136
402 #define PKCS7_F_I2D_PKCS7_BIO_STREAM 140
403 #define PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME 135
404 #define PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP 118
405 #define PKCS7_F_PKCS7_ADD_CERTIFICATE 100
406 #define PKCS7_F_PKCS7_ADD_CRL 101
407 #define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO 102
408 #define PKCS7_F_PKCS7_ADD_SIGNATURE 131
409 #define PKCS7_F_PKCS7_ADD_SIGNER 103
410 #define PKCS7_F_PKCS7_BIO_ADD_DIGEST 125
411 #define PKCS7_F_PKCS7_COPY_EXISTING_DIGEST 138
412 #define PKCS7_F_PKCS7_CTRL 104
413 #define PKCS7_F_PKCS7_DATADECODE 112
414 #define PKCS7_F_PKCS7_DATAFINAL 128
415 #define PKCS7_F_PKCS7_DATAINIT 105
416 #define PKCS7_F_PKCS7_DATASIGN 106
417 #define PKCS7_F_PKCS7_DATAVERIFY 107
418 #define PKCS7_F_PKCS7_DECRYPT 114
419 #define PKCS7_F_PKCS7_DECRYPT_RINFO 133
420 #define PKCS7_F_PKCS7_ENCODE_RINFO 132
421 #define PKCS7_F_PKCS7_ENCRYPT 115
422 #define PKCS7_F_PKCS7_FINAL 134
423 #define PKCS7_F_PKCS7_FIND_DIGEST 127
424 #define PKCS7_F_PKCS7_GET0_SIGNERS 124
425 #define PKCS7_F_PKCS7_RECIP_INFO_SET 130
426 #define PKCS7_F_PKCS7_SET_CIPHER 108
427 #define PKCS7_F_PKCS7_SET_CONTENT 109
428 #define PKCS7_F_PKCS7_SET_DIGEST 126
429 #define PKCS7_F_PKCS7_SET_TYPE 110
430 #define PKCS7_F_PKCS7_SIGN 116
431 #define PKCS7_F_PKCS7_SIGNATUREVERIFY 113
432 #define PKCS7_F_PKCS7_SIGNER_INFO_SET 129
433 #define PKCS7_F_PKCS7_SIGNER_INFO_SIGN 139
434 #define PKCS7_F_PKCS7_SIGN_ADD_SIGNER 137
435 #define PKCS7_F_PKCS7_SIMPLE_SMIMECAP 119
436 #define PKCS7_F_PKCS7_VERIFY 117
437 #define PKCS7_F_SMIME_READ_PKCS7 122
438 #define PKCS7_F_SMIME_TEXT 123
439 
440 /* Reason codes. */
441 #define PKCS7_R_CERTIFICATE_VERIFY_ERROR 117
442 #define PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 144
443 #define PKCS7_R_CIPHER_NOT_INITIALIZED 116
444 #define PKCS7_R_CONTENT_AND_DATA_PRESENT 118
445 #define PKCS7_R_CTRL_ERROR 152
446 #define PKCS7_R_DECODE_ERROR 130
447 #define PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH 100
448 #define PKCS7_R_DECRYPT_ERROR 119
449 #define PKCS7_R_DIGEST_FAILURE 101
450 #define PKCS7_R_ENCRYPTION_CTRL_FAILURE 149
451 #define PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 150
452 #define PKCS7_R_ERROR_ADDING_RECIPIENT 120
453 #define PKCS7_R_ERROR_SETTING_CIPHER 121
454 #define PKCS7_R_INVALID_MIME_TYPE 131
455 #define PKCS7_R_INVALID_NULL_POINTER 143
456 #define PKCS7_R_MIME_NO_CONTENT_TYPE 132
457 #define PKCS7_R_MIME_PARSE_ERROR 133
458 #define PKCS7_R_MIME_SIG_PARSE_ERROR 134
459 #define PKCS7_R_MISSING_CERIPEND_INFO 103
460 #define PKCS7_R_NO_CONTENT 122
461 #define PKCS7_R_NO_CONTENT_TYPE 135
462 #define PKCS7_R_NO_DEFAULT_DIGEST 151
463 #define PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND 154
464 #define PKCS7_R_NO_MULTIPART_BODY_FAILURE 136
465 #define PKCS7_R_NO_MULTIPART_BOUNDARY 137
466 #define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE 115
467 #define PKCS7_R_NO_RECIPIENT_MATCHES_KEY 146
468 #define PKCS7_R_NO_SIGNATURES_ON_DATA 123
469 #define PKCS7_R_NO_SIGNERS 142
470 #define PKCS7_R_NO_SIG_CONTENT_TYPE 138
471 #define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE 104
472 #define PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR 124
473 #define PKCS7_R_PKCS7_ADD_SIGNER_ERROR 153
474 #define PKCS7_R_PKCS7_DATAFINAL 126
475 #define PKCS7_R_PKCS7_DATAFINAL_ERROR 125
476 #define PKCS7_R_PKCS7_DATASIGN 145
477 #define PKCS7_R_PKCS7_PARSE_ERROR 139
478 #define PKCS7_R_PKCS7_SIG_PARSE_ERROR 140
479 #define PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 127
480 #define PKCS7_R_SIGNATURE_FAILURE 105
481 #define PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND 128
482 #define PKCS7_R_SIGNING_CTRL_FAILURE 147
483 #define PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 148
484 #define PKCS7_R_SIG_INVALID_MIME_TYPE 141
485 #define PKCS7_R_SMIME_TEXT_ERROR 129
486 #define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE 106
487 #define PKCS7_R_UNABLE_TO_FIND_MEM_BIO 107
488 #define PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST 108
489 #define PKCS7_R_UNKNOWN_DIGEST_TYPE 109
490 #define PKCS7_R_UNKNOWN_OPERATION 110
491 #define PKCS7_R_UNSUPPORTED_CIPHER_TYPE 111
492 #define PKCS7_R_UNSUPPORTED_CONTENT_TYPE 112
493 #define PKCS7_R_WRONG_CONTENT_TYPE 113
494 #define PKCS7_R_WRONG_PKCS7_TYPE 114
495 
496 #ifdef __cplusplus
497 }
498 #endif
499 #endif