2014-01-11 02:17:03 +04:00
|
|
|
/* pkcs7.h
|
|
|
|
*
|
|
|
|
* Copyright (C) 2006-2013 wolfSSL Inc.
|
|
|
|
*
|
|
|
|
* This file is part of CyaSSL.
|
|
|
|
*
|
|
|
|
* CyaSSL is free software; you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
|
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
|
|
* (at your option) any later version.
|
|
|
|
*
|
|
|
|
* CyaSSL is distributed in the hope that it will be useful,
|
|
|
|
* * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
|
|
#ifdef HAVE_PKCS7
|
|
|
|
|
|
|
|
#ifndef CTAO_CRYPT_PKCS7_H
|
|
|
|
#define CTAO_CRYPT_PKCS7_H
|
|
|
|
|
|
|
|
#include <cyassl/ctaocrypt/types.h>
|
|
|
|
#include <cyassl/ctaocrypt/asn.h>
|
|
|
|
#include <cyassl/ctaocrypt/asn_public.h>
|
|
|
|
#include <cyassl/ctaocrypt/random.h>
|
|
|
|
#include <cyassl/ctaocrypt/des3.h>
|
|
|
|
|
|
|
|
#ifdef __cplusplus
|
|
|
|
extern "C" {
|
|
|
|
#endif
|
|
|
|
|
2014-01-17 00:29:37 +04:00
|
|
|
/* PKCS#7 content types, ref RFC 2315 (Section 14) */
|
2014-01-11 02:17:03 +04:00
|
|
|
enum PKCS7_TYPES {
|
2014-01-17 00:29:37 +04:00
|
|
|
PKCS7_MSG = 650, /* 1.2.840.113549.1.7 */
|
2014-01-11 02:17:03 +04:00
|
|
|
DATA = 651, /* 1.2.840.113549.1.7.1 */
|
|
|
|
SIGNED_DATA = 652, /* 1.2.840.113549.1.7.2 */
|
|
|
|
ENVELOPED_DATA = 653, /* 1.2.840.113549.1.7.3 */
|
|
|
|
SIGNED_AND_ENVELOPED_DATA = 654, /* 1.2.840.113549.1.7.4 */
|
|
|
|
DIGESTED_DATA = 655, /* 1.2.840.113549.1.7.5 */
|
|
|
|
ENCRYPTED_DATA = 656 /* 1.2.840.113549.1.7.6 */
|
|
|
|
};
|
|
|
|
|
|
|
|
enum Pkcs7_Misc {
|
2014-01-21 23:45:15 +04:00
|
|
|
PKCS7_NONCE_SZ = 16,
|
2014-01-17 00:29:37 +04:00
|
|
|
MAX_ENCRYPTED_KEY_SZ = 512, /* max enc. key size, RSA <= 4096 */
|
|
|
|
MAX_CONTENT_KEY_LEN = DES3_KEYLEN, /* highest current cipher is 3DES */
|
2014-01-11 02:17:03 +04:00
|
|
|
MAX_RECIP_SZ = MAX_VERSION_SZ +
|
|
|
|
MAX_SEQ_SZ + ASN_NAME_MAX + MAX_SN_SZ +
|
2014-01-11 03:17:02 +04:00
|
|
|
MAX_SEQ_SZ + MAX_ALGO_SZ + 1 + MAX_ENCRYPTED_KEY_SZ
|
2014-01-11 02:17:03 +04:00
|
|
|
};
|
|
|
|
|
2014-01-13 22:58:01 +04:00
|
|
|
|
|
|
|
typedef struct PKCS7Attrib {
|
|
|
|
byte* oid;
|
|
|
|
word32 oidSz;
|
|
|
|
byte* value;
|
|
|
|
word32 valueSz;
|
|
|
|
} PKCS7Attrib;
|
|
|
|
|
|
|
|
|
|
|
|
typedef struct PKCS7 {
|
2014-01-24 01:48:18 +04:00
|
|
|
byte* content; /* inner content, not owner */
|
|
|
|
word32 contentSz; /* content size */
|
|
|
|
int contentOID; /* PKCS#7 content type OID sum */
|
2014-01-13 22:58:01 +04:00
|
|
|
|
2014-01-16 00:31:51 +04:00
|
|
|
RNG* rng;
|
|
|
|
|
2014-01-13 22:58:01 +04:00
|
|
|
int hashOID;
|
2014-01-24 01:48:18 +04:00
|
|
|
int encryptOID; /* key encryption algorithm OID */
|
2014-01-13 22:58:01 +04:00
|
|
|
|
2014-01-24 01:48:18 +04:00
|
|
|
byte* singleCert; /* recipient cert, DER, not owner */
|
2014-01-15 09:57:55 +04:00
|
|
|
word32 singleCertSz; /* size of recipient cert buffer, bytes */
|
2014-01-24 01:48:18 +04:00
|
|
|
byte issuerHash[SHA_SIZE]; /* hash of all alt Names */
|
|
|
|
byte* issuer; /* issuer name of singleCert */
|
|
|
|
word32 issuerSz; /* length of issuer name */
|
|
|
|
byte issuerSn[MAX_SN_SZ]; /* singleCert's serial number */
|
|
|
|
word32 issuerSnSz; /* length of serial number */
|
2014-01-16 00:31:51 +04:00
|
|
|
byte publicKey[512];
|
|
|
|
word32 publicKeySz;
|
2014-01-24 01:48:18 +04:00
|
|
|
byte* privateKey; /* private key, DER, not owner */
|
|
|
|
word32 privateKeySz; /* size of private key buffer, bytes */
|
2014-01-13 22:58:01 +04:00
|
|
|
|
2014-01-16 00:31:51 +04:00
|
|
|
PKCS7Attrib* signedAttribs;
|
|
|
|
word32 signedAttribsSz;
|
2014-01-13 22:58:01 +04:00
|
|
|
} PKCS7;
|
|
|
|
|
|
|
|
|
2014-01-11 02:17:03 +04:00
|
|
|
CYASSL_LOCAL int SetContentType(int pkcs7TypeOID, byte* output);
|
2014-01-15 09:57:55 +04:00
|
|
|
CYASSL_LOCAL int GetContentType(const byte* input, word32* inOutIdx,
|
|
|
|
word32* oid, word32 maxIdx);
|
2014-01-11 03:17:02 +04:00
|
|
|
CYASSL_LOCAL int CreateRecipientInfo(const byte* cert, word32 certSz,
|
|
|
|
int keyEncAlgo, int blockKeySz,
|
|
|
|
RNG* rng, byte* contentKeyPlain,
|
|
|
|
byte* contentKeyEnc,
|
|
|
|
int* keyEncSz, byte* out, word32 outSz);
|
2014-01-11 02:17:03 +04:00
|
|
|
|
2014-01-13 22:58:01 +04:00
|
|
|
CYASSL_API int PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz);
|
2014-01-20 22:51:26 +04:00
|
|
|
CYASSL_API void PKCS7_Free(PKCS7* pkcs7);
|
2014-01-13 22:58:01 +04:00
|
|
|
CYASSL_API int PKCS7_EncodeData(PKCS7* pkcs7, byte* output, word32 outputSz);
|
|
|
|
CYASSL_API int PKCS7_EncodeSignedData(PKCS7* pkcs7,
|
|
|
|
byte* output, word32 outputSz);
|
2014-01-21 03:52:41 +04:00
|
|
|
CYASSL_API int PKCS7_VerifySignedData(PKCS7* pkcs7,
|
|
|
|
byte* pkiMsg, word32 pkiMsgSz);
|
2014-01-18 02:07:40 +04:00
|
|
|
CYASSL_API int PKCS7_EncodeEnvelopedData(PKCS7* pkcs7,
|
|
|
|
byte* output, word32 outputSz);
|
2014-01-15 09:57:55 +04:00
|
|
|
CYASSL_API int PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
|
|
|
|
word32 pkiMsgSz, byte* output,
|
|
|
|
word32 outputSz);
|
2014-01-13 22:58:01 +04:00
|
|
|
|
2014-01-11 02:17:03 +04:00
|
|
|
#ifdef __cplusplus
|
|
|
|
} /* extern "C" */
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#endif /* CTAO_CRYPT_PKCS7_H */
|
|
|
|
|
|
|
|
#endif /* HAVE_PKCS7 */
|
|
|
|
|