pkcs7.h

00001 /* pkcs7.h
00002  *
00003  * Copyright (C) 2006-2017 wolfSSL Inc.
00004  *
00005  * This file is part of wolfSSL.
00006  *
00007  * wolfSSL is free software; you can redistribute it and/or modify
00008  * it under the terms of the GNU General Public License as published by
00009  * the Free Software Foundation; either version 2 of the License, or
00010  * (at your option) any later version.
00011  *
00012  * wolfSSL is distributed in the hope that it will be useful,
00013  * but WITHOUT ANY WARRANTY; without even the implied warranty of
00014  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00015  * GNU General Public License for more details.
00016  *
00017  * You should have received a copy of the GNU General Public License
00018  * along with this program; if not, write to the Free Software
00019  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
00020  */
00021 
00022 /*!
00023     \file wolfssl/wolfcrypt/pkcs7.h
00024 */
00025 
00026 #ifndef WOLF_CRYPT_PKCS7_H
00027 #define WOLF_CRYPT_PKCS7_H
00028 
00029 #include <wolfcrypt/types.h>
00030 
00031 #ifdef HAVE_PKCS7
00032 
00033 #ifndef NO_ASN
00034     #include <wolfcrypt/asn.h>
00035 #endif
00036 #include <wolfcrypt/asn_public.h>
00037 #include <wolfcrypt/random.h>
00038 #ifndef NO_AES
00039     #include <wolfcrypt/aes.h>
00040 #endif
00041 #ifndef NO_DES3
00042     #include <wolfcrypt/des3.h>
00043 #endif
00044 
00045 #ifdef __cplusplus
00046     extern "C" {
00047 #endif
00048 
00049 /* Max number of certificates that PKCS7 structure can parse */
00050 #ifndef MAX_PKCS7_CERTS
00051 #define MAX_PKCS7_CERTS 4
00052 #endif
00053 
00054 /* PKCS#7 content types, ref RFC 2315 (Section 14) */
00055 enum PKCS7_TYPES {
00056     PKCS7_MSG                 = 650,   /* 1.2.840.113549.1.7   */
00057     DATA                      = 651,   /* 1.2.840.113549.1.7.1 */
00058     SIGNED_DATA               = 652,   /* 1.2.840.113549.1.7.2 */
00059     ENVELOPED_DATA            = 653,   /* 1.2.840.113549.1.7.3 */
00060     SIGNED_AND_ENVELOPED_DATA = 654,   /* 1.2.840.113549.1.7.4 */
00061     DIGESTED_DATA             = 655,   /* 1.2.840.113549.1.7.5 */
00062     ENCRYPTED_DATA            = 656    /* 1.2.840.113549.1.7.6 */
00063 };
00064 
00065 enum Pkcs7_Misc {
00066     PKCS7_NONCE_SZ        = 16,
00067     MAX_ENCRYPTED_KEY_SZ  = 512,    /* max enc. key size, RSA <= 4096 */
00068     MAX_CONTENT_KEY_LEN   = 32,     /* highest current cipher is AES-256-CBC */
00069     MAX_CONTENT_IV_SIZE   = 16,     /* highest current is AES128 */
00070 #ifndef NO_AES
00071     MAX_CONTENT_BLOCK_LEN = AES_BLOCK_SIZE,
00072 #else
00073     MAX_CONTENT_BLOCK_LEN = DES_BLOCK_SIZE,
00074 #endif
00075     MAX_RECIP_SZ          = MAX_VERSION_SZ +
00076                             MAX_SEQ_SZ + ASN_NAME_MAX + MAX_SN_SZ +
00077                             MAX_SEQ_SZ + MAX_ALGO_SZ + 1 + MAX_ENCRYPTED_KEY_SZ
00078 };
00079 
00080 
00081 typedef struct PKCS7Attrib {
00082     byte* oid;
00083     word32 oidSz;
00084     byte* value;
00085     word32 valueSz;
00086 } PKCS7Attrib;
00087 
00088 
00089 typedef struct PKCS7DecodedAttrib {
00090     struct PKCS7DecodedAttrib* next;
00091     byte* oid;
00092     word32 oidSz;
00093     byte* value;
00094     word32 valueSz;
00095 } PKCS7DecodedAttrib;
00096 
00097 
00098 /* Public Structure Warning:
00099  * Existing members must not be changed to maintain backwards compatibility! 
00100  */
00101 typedef struct PKCS7 {
00102     WC_RNG* rng;
00103     PKCS7Attrib* signedAttribs;
00104     byte*  content;               /* inner content, not owner             */
00105     byte*  singleCert;            /* recipient cert, DER, not owner       */
00106     byte*  issuer;                /* issuer name of singleCert            */
00107     byte*  privateKey;            /* private key, DER, not owner          */
00108     void*  heap;                  /* heap hint for dynamic memory         */
00109 #ifdef ASN_BER_TO_DER
00110     byte*  der;                   /* DER encoded version of message       */
00111 #endif
00112     byte*  cert[MAX_PKCS7_CERTS];
00113 
00114     /* Encrypted-data Content Type */
00115     byte*        encryptionKey;         /* block cipher encryption key */
00116     PKCS7Attrib* unprotectedAttribs;    /* optional */
00117     PKCS7DecodedAttrib* decodedAttrib;  /* linked list of decoded attribs */
00118 
00119     /* Enveloped-data optional ukm, not owner */
00120     byte*  ukm;
00121     word32 ukmSz;
00122 
00123     word32 encryptionKeySz;       /* size of key buffer, bytes */
00124     word32 unprotectedAttribsSz;
00125     word32 contentSz;             /* content size                         */
00126     word32 singleCertSz;          /* size of recipient cert buffer, bytes */
00127     word32 issuerSz;              /* length of issuer name                */
00128     word32 issuerSnSz;            /* length of serial number              */
00129 
00130     word32 publicKeySz;
00131     word32 publicKeyOID;          /* key OID (RSAk, ECDSAk, etc) */
00132     word32 privateKeySz;          /* size of private key buffer, bytes    */
00133     word32 signedAttribsSz;
00134     int contentOID;               /* PKCS#7 content type OID sum          */
00135     int hashOID;
00136     int encryptOID;               /* key encryption algorithm OID         */
00137     int keyWrapOID;               /* key wrap algorithm OID               */
00138     int keyAgreeOID;              /* key agreement algorithm OID          */
00139     int devId;                    /* device ID for HW based private key   */
00140     byte issuerHash[KEYID_SIZE];  /* hash of all alt Names                */
00141     byte issuerSn[MAX_SN_SZ];     /* singleCert's serial number           */
00142     byte publicKey[MAX_RSA_INT_SZ + MAX_RSA_E_SZ]; /* MAX RSA key size (m + e)*/
00143     word32 certSz[MAX_PKCS7_CERTS];
00144     
00145      /* flags - up to 16-bits */
00146     word16 isDynamic:1;
00147 
00148     /* !! NEW DATA MEMBERS MUST BE ADDED AT END !! */
00149 } PKCS7;
00150 
00151 
00152 WOLFSSL_API PKCS7* wc_PKCS7_New(void* heap, int devId);
00153 WOLFSSL_API int  wc_PKCS7_Init(PKCS7* pkcs7, void* heap, int devId);
00154 WOLFSSL_API int  wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz);
00155 WOLFSSL_API void wc_PKCS7_Free(PKCS7* pkcs7);
00156 
00157 WOLFSSL_API int wc_PKCS7_GetAttributeValue(PKCS7* pkcs7, const byte* oid,
00158         word32 oidSz, byte* out, word32* outSz);
00159 WOLFSSL_API int  wc_PKCS7_EncodeData(PKCS7* pkcs7, byte* output,
00160                                        word32 outputSz);
00161 WOLFSSL_API int  wc_PKCS7_EncodeSignedData(PKCS7* pkcs7,
00162                                        byte* output, word32 outputSz);
00163 WOLFSSL_API int  wc_PKCS7_VerifySignedData(PKCS7* pkcs7,
00164                                        byte* pkiMsg, word32 pkiMsgSz);
00165 WOLFSSL_API int  wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7,
00166                                           byte* output, word32 outputSz);
00167 WOLFSSL_API int  wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
00168                                           word32 pkiMsgSz, byte* output,
00169                                           word32 outputSz);
00170 
00171 WOLFSSL_API int wc_PKCS7_GetPadSize(word32 inputSz, word32 blockSz);
00172 WOLFSSL_API int wc_PKCS7_PadData(byte* in, word32 inSz, byte* out, word32 outSz,
00173                                  word32 blockSz);
00174 
00175 #ifndef NO_PKCS7_ENCRYPTED_DATA
00176 WOLFSSL_API int  wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7,
00177                                           byte* output, word32 outputSz);
00178 WOLFSSL_API int  wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* pkiMsg,
00179                                           word32 pkiMsgSz, byte* output,
00180                                           word32 outputSz);
00181 #endif /* NO_PKCS7_ENCRYPTED_DATA */
00182 
00183 #ifdef __cplusplus
00184     } /* extern "C" */
00185 #endif
00186 
00187 #endif /* HAVE_PKCS7 */
00188 #endif /* WOLF_CRYPT_PKCS7_H */
00189 
00190