VirtualBox

source: vbox/trunk/include/iprt/crypto/taf.h@ 66064

Last change on this file since 66064 was 62474, checked in by vboxsync, 8 years ago

(C) 2016

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 7.1 KB
Line 
1/** @file
2 * IPRT - Crypto - Trust Anchor Format (RFC-5914).
3 */
4
5/*
6 * Copyright (C) 2006-2016 Oracle Corporation
7 *
8 * This file is part of VirtualBox Open Source Edition (OSE), as
9 * available from http://www.virtualbox.org. This file is free software;
10 * you can redistribute it and/or modify it under the terms of the GNU
11 * General Public License (GPL) as published by the Free Software
12 * Foundation, in version 2 as it comes in the "COPYING" file of the
13 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
14 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
15 *
16 * The contents of this file may alternatively be used under the terms
17 * of the Common Development and Distribution License Version 1.0
18 * (CDDL) only, as it comes in the "COPYING.CDDL" file of the
19 * VirtualBox OSE distribution, in which case the provisions of the
20 * CDDL are applicable instead of those of the GPL.
21 *
22 * You may elect to license modified versions of this file under the
23 * terms and conditions of either the GPL or the CDDL or both.
24 */
25
26#ifndef ___iprt_crypto_taf_h
27#define ___iprt_crypto_taf_h
28
29#include <iprt/asn1.h>
30#include <iprt/crypto/x509.h>
31
32
33RT_C_DECLS_BEGIN
34
35/** @defgroup grp_rt_crtaf RTCrTaf - Trust Anchor Format (RFC-5914)
36 * @ingroup grp_rt_crypto
37 * @{
38 */
39
40
41/**
42 * RFC-5914 CertPathControls (IPRT representation).
43 */
44typedef struct RTCRTAFCERTPATHCONTROLS
45{
46 /** Sequence core. */
47 RTASN1SEQUENCECORE SeqCore;
48 /** The trust anchor subject. For use in path construction. */
49 RTCRX509NAME TaName;
50 /** Certificate, optional, implicit tag 0. */
51 RTCRX509CERTIFICATE Certificate;
52 /** Certificate policies, optional, implicit tag 1.
53 * @remarks This is an ASN.1 SEQUENCE, not an ASN.1 SET as the name
54 * mistakenly might be taken to indicate. */
55 RTCRX509CERTIFICATEPOLICIES PolicySet;
56 /** Policy flags, optional, implicit tag 2. */
57 RTASN1BITSTRING PolicyFlags;
58 /** Name constraints, optional, implicit tag 3. */
59 RTCRX509NAMECONSTRAINTS NameConstr;
60 /** Path length constraints, optional, implicit tag 4. */
61 RTASN1INTEGER PathLenConstraint;
62} RTCRTAFCERTPATHCONTROLS;
63/** Pointer to the IPRT representation of a RFC-5914 CertPathControls. */
64typedef RTCRTAFCERTPATHCONTROLS *PRTCRTAFCERTPATHCONTROLS;
65/** Pointer to the const IPRT representation of a RFC-5914 CertPathControls. */
66typedef RTCRTAFCERTPATHCONTROLS const *PCRTCRTAFCERTPATHCONTROLS;
67RTASN1TYPE_STANDARD_PROTOTYPES(RTCRTAFCERTPATHCONTROLS, RTDECL, RTCrTafCertPathControls, SeqCore.Asn1Core);
68
69/** @name Bit definitions for RTCRTAFCERTPATHCONTROL::PolicyFlags
70 * @{ */
71#define RTCRTAFCERTPOLICYFLAGS_INHIBIT_POLICY_MAPPING 0
72#define RTCRTAFCERTPOLICYFLAGS_REQUIRE_EXPLICIT_POLICY 1
73#define RTCRTAFCERTPOLICYFLAGS_INHIBIT_ANY_POLICY 2
74/** @} */
75
76
77/**
78 * RFC-5914 TrustAnchorInfo (IPRT representation).
79 */
80typedef struct RTCRTAFTRUSTANCHORINFO
81{
82 /** Sequence core. */
83 RTASN1SEQUENCECORE SeqCore;
84 /** The version number (defaults to v1). */
85 RTASN1INTEGER Version;
86 /** The public key of the trust anchor. */
87 RTCRX509SUBJECTPUBLICKEYINFO PubKey;
88 /** Key identifier. */
89 RTASN1OCTETSTRING KeyIdentifier;
90 /** Trust anchor title, optional, size 1 to 64. */
91 RTASN1STRING TaTitle;
92 /** Certificate path controls, optional. */
93 RTCRTAFCERTPATHCONTROLS CertPath;
94 /** Extensions, explicit optional, context tag 1. */
95 struct
96 {
97 /** Context tag 1. */
98 RTASN1CONTEXTTAG1 CtxTag1;
99 /** The extensions. */
100 RTCRX509EXTENSIONS Exts;
101 } T1;
102 /** Title language tag, implicit optional, context tag 2.
103 * Defaults to "en". */
104 RTASN1STRING TaTitleLangTag;
105} RTCRTAFTRUSTANCHORINFO;
106/** Pointer to the IPRT representation of a RFC-5914 TrustAnchorInfo. */
107typedef RTCRTAFTRUSTANCHORINFO *PRTCRTAFTRUSTANCHORINFO;
108/** Pointer to the const IPRT representation of a RFC-5914 TrustAnchorInfo. */
109typedef RTCRTAFTRUSTANCHORINFO const *PCRTCRTAFTRUSTANCHORINFO;
110RTASN1TYPE_STANDARD_PROTOTYPES(RTCRTAFTRUSTANCHORINFO, RTDECL, RTCrTafTrustAnchorInfo, SeqCore.Asn1Core);
111
112/** TrustAnchorInfo version 1. */
113#define RTCRTAFTRUSTANCHORINFO_V1 1
114
115
116/** Indicates what kind of value a TrustAnchorChoice structure contains. */
117typedef enum RTCRTAFTRUSTANCHORCHOICEVAL
118{
119 /** Invalid zero value. */
120 RTCRTAFTRUSTANCHORCHOICEVAL_INVALID = 0,
121 /** RTCRTAFTRUSTANCHORCHOICE::u.pCertificate. */
122 RTCRTAFTRUSTANCHORCHOICEVAL_CERTIFICATE,
123 /** RTCRTAFTRUSTANCHORCHOICE::u.pT1. */
124 RTCRTAFTRUSTANCHORCHOICEVAL_TBS_CERTIFICATE,
125 /** RTCRTAFTRUSTANCHORCHOICE::u.pT2. */
126 RTCRTAFTRUSTANCHORCHOICEVAL_TRUST_ANCHOR_INFO,
127 /** End of valid choices. */
128 RTCRTAFTRUSTANCHORCHOICEVAL_END,
129 /** Make sure it's (at least) 32-bit wide. */
130 RTCRTAFTRUSTANCHORCHOICEVAL_32BIT_HACK = 0x7fffffff
131} RTCRTAFTRUSTANCHORCHOICEVAL;
132
133
134/**
135 * RFC-5914 TrustAnchorChoice (IPRT representation).
136 */
137typedef struct RTCRTAFTRUSTANCHORCHOICE
138{
139 /** Dummy object for simplifying everything. */
140 RTASN1DUMMY Dummy;
141 /** Allocation for the valid member (to optimize space usage). */
142 RTASN1ALLOCATION Allocation;
143 /** Indicates which of the pointers are valid. */
144 RTCRTAFTRUSTANCHORCHOICEVAL enmChoice;
145 /** Choice union. */
146 union
147 {
148 /** Generic ASN.1 core pointer for the choice. */
149 PRTASN1CORE pAsn1Core;
150 /** Choice 0: X509 certificate. */
151 PRTCRX509CERTIFICATE pCertificate;
152 /** Choice 1: To-be-signed certificate part. This may differ from the
153 * TBSCertificate member of the original certificate. */
154 struct
155 {
156 /** Explicit context tag. */
157 RTASN1CONTEXTTAG1 CtxTag1;
158 /** Pointer to the TBS certificate structure. */
159 RTCRX509TBSCERTIFICATE TbsCert;
160 } *pT1;
161
162 /** Choice 2: To-be-signed certificate part. This may differ from the
163 * TBSCertificate member of the original certificate. */
164 struct
165 {
166 /** Explicit context tag. */
167 RTASN1CONTEXTTAG2 CtxTag2;
168 /** Pointer to the trust anchor infomration structure. */
169 RTCRTAFTRUSTANCHORINFO TaInfo;
170 } *pT2;
171 } u;
172} RTCRTAFTRUSTANCHORCHOICE;
173/** Pointer to the IPRT representation of a RFC-5914 TrustAnchorChoice. */
174typedef RTCRTAFTRUSTANCHORCHOICE *PRTCRTAFTRUSTANCHORCHOICE;
175/** Pointer to the const IPRT representation of a RFC-5914 TrustAnchorChoice. */
176typedef RTCRTAFTRUSTANCHORCHOICE const *PCRTCRTAFTRUSTANCHORCHOICE;
177RTASN1TYPE_STANDARD_PROTOTYPES(RTCRTAFTRUSTANCHORCHOICE, RTDECL, RTCrTafTrustAnchorChoice, Dummy.Asn1Core);
178
179/*
180 * RFC-5914 TrustAnchorList (IPRT representation).
181 */
182RTASN1_IMPL_GEN_SEQ_OF_TYPEDEFS_AND_PROTOS(RTCRTAFTRUSTANCHORLIST, RTCRTAFTRUSTANCHORCHOICE, RTDECL, RTCrTafTrustAnchorList);
183
184/** @} */
185
186RT_C_DECLS_END
187
188#endif
189
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette