| 1 | /*-
|
|---|
| 2 | * {- join("\n * ", @autowarntext) -}
|
|---|
| 3 | *
|
|---|
| 4 | * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
|
|---|
| 5 | * Copyright Nokia 2007-2019
|
|---|
| 6 | * Copyright Siemens AG 2015-2019
|
|---|
| 7 | *
|
|---|
| 8 | * Licensed under the Apache License 2.0 (the "License"). You may not use
|
|---|
| 9 | * this file except in compliance with the License. You can obtain a copy
|
|---|
| 10 | * in the file LICENSE in the source distribution or at
|
|---|
| 11 | * https://www.openssl.org/source/license.html
|
|---|
| 12 | *
|
|---|
| 13 | * CRMF (RFC 4211) implementation by M. Peylo, M. Viljanen, and D. von Oheimb.
|
|---|
| 14 | */
|
|---|
| 15 |
|
|---|
| 16 | {-
|
|---|
| 17 | use OpenSSL::stackhash qw(generate_stack_macros);
|
|---|
| 18 | -}
|
|---|
| 19 |
|
|---|
| 20 | #ifndef OPENSSL_CRMF_H
|
|---|
| 21 | # define OPENSSL_CRMF_H
|
|---|
| 22 |
|
|---|
| 23 | # include <openssl/opensslconf.h>
|
|---|
| 24 |
|
|---|
| 25 | # ifndef OPENSSL_NO_CRMF
|
|---|
| 26 | # include <openssl/opensslv.h>
|
|---|
| 27 | # include <openssl/safestack.h>
|
|---|
| 28 | # include <openssl/crmferr.h>
|
|---|
| 29 | # include <openssl/x509v3.h> /* for GENERAL_NAME etc. */
|
|---|
| 30 |
|
|---|
| 31 | /* explicit #includes not strictly needed since implied by the above: */
|
|---|
| 32 | # include <openssl/types.h>
|
|---|
| 33 | # include <openssl/x509.h>
|
|---|
| 34 |
|
|---|
| 35 | # ifdef __cplusplus
|
|---|
| 36 | extern "C" {
|
|---|
| 37 | # endif
|
|---|
| 38 |
|
|---|
| 39 | # define OSSL_CRMF_POPOPRIVKEY_THISMESSAGE 0
|
|---|
| 40 | # define OSSL_CRMF_POPOPRIVKEY_SUBSEQUENTMESSAGE 1
|
|---|
| 41 | # define OSSL_CRMF_POPOPRIVKEY_DHMAC 2
|
|---|
| 42 | # define OSSL_CRMF_POPOPRIVKEY_AGREEMAC 3
|
|---|
| 43 | # define OSSL_CRMF_POPOPRIVKEY_ENCRYPTEDKEY 4
|
|---|
| 44 |
|
|---|
| 45 | # define OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT 0
|
|---|
| 46 | # define OSSL_CRMF_SUBSEQUENTMESSAGE_CHALLENGERESP 1
|
|---|
| 47 |
|
|---|
| 48 | typedef struct ossl_crmf_encryptedvalue_st OSSL_CRMF_ENCRYPTEDVALUE;
|
|---|
| 49 | DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDVALUE)
|
|---|
| 50 | typedef struct ossl_crmf_msg_st OSSL_CRMF_MSG;
|
|---|
| 51 | DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSG)
|
|---|
| 52 | DECLARE_ASN1_DUP_FUNCTION(OSSL_CRMF_MSG)
|
|---|
| 53 | {-
|
|---|
| 54 | generate_stack_macros("OSSL_CRMF_MSG");
|
|---|
| 55 | -}
|
|---|
| 56 | typedef struct ossl_crmf_attributetypeandvalue_st OSSL_CRMF_ATTRIBUTETYPEANDVALUE;
|
|---|
| 57 | typedef struct ossl_crmf_pbmparameter_st OSSL_CRMF_PBMPARAMETER;
|
|---|
| 58 | DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_PBMPARAMETER)
|
|---|
| 59 | typedef struct ossl_crmf_poposigningkey_st OSSL_CRMF_POPOSIGNINGKEY;
|
|---|
| 60 | typedef struct ossl_crmf_certrequest_st OSSL_CRMF_CERTREQUEST;
|
|---|
| 61 | typedef struct ossl_crmf_certid_st OSSL_CRMF_CERTID;
|
|---|
| 62 | DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_CERTID)
|
|---|
| 63 | DECLARE_ASN1_DUP_FUNCTION(OSSL_CRMF_CERTID)
|
|---|
| 64 | {-
|
|---|
| 65 | generate_stack_macros("OSSL_CRMF_CERTID");
|
|---|
| 66 | -}
|
|---|
| 67 |
|
|---|
| 68 | typedef struct ossl_crmf_pkipublicationinfo_st OSSL_CRMF_PKIPUBLICATIONINFO;
|
|---|
| 69 | DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_PKIPUBLICATIONINFO)
|
|---|
| 70 | typedef struct ossl_crmf_singlepubinfo_st OSSL_CRMF_SINGLEPUBINFO;
|
|---|
| 71 | DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_SINGLEPUBINFO)
|
|---|
| 72 | typedef struct ossl_crmf_certtemplate_st OSSL_CRMF_CERTTEMPLATE;
|
|---|
| 73 | DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_CERTTEMPLATE)
|
|---|
| 74 | typedef STACK_OF(OSSL_CRMF_MSG) OSSL_CRMF_MSGS;
|
|---|
| 75 | DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSGS)
|
|---|
| 76 |
|
|---|
| 77 | typedef struct ossl_crmf_optionalvalidity_st OSSL_CRMF_OPTIONALVALIDITY;
|
|---|
| 78 |
|
|---|
| 79 | /* crmf_pbm.c */
|
|---|
| 80 | OSSL_CRMF_PBMPARAMETER *OSSL_CRMF_pbmp_new(OSSL_LIB_CTX *libctx, size_t slen,
|
|---|
| 81 | int owfnid, size_t itercnt,
|
|---|
| 82 | int macnid);
|
|---|
| 83 | int OSSL_CRMF_pbm_new(OSSL_LIB_CTX *libctx, const char *propq,
|
|---|
| 84 | const OSSL_CRMF_PBMPARAMETER *pbmp,
|
|---|
| 85 | const unsigned char *msg, size_t msglen,
|
|---|
| 86 | const unsigned char *sec, size_t seclen,
|
|---|
| 87 | unsigned char **mac, size_t *maclen);
|
|---|
| 88 |
|
|---|
| 89 | /* crmf_lib.c */
|
|---|
| 90 | int OSSL_CRMF_MSG_set1_regCtrl_regToken(OSSL_CRMF_MSG *msg,
|
|---|
| 91 | const ASN1_UTF8STRING *tok);
|
|---|
| 92 | ASN1_UTF8STRING
|
|---|
| 93 | *OSSL_CRMF_MSG_get0_regCtrl_regToken(const OSSL_CRMF_MSG *msg);
|
|---|
| 94 | int OSSL_CRMF_MSG_set1_regCtrl_authenticator(OSSL_CRMF_MSG *msg,
|
|---|
| 95 | const ASN1_UTF8STRING *auth);
|
|---|
| 96 | ASN1_UTF8STRING
|
|---|
| 97 | *OSSL_CRMF_MSG_get0_regCtrl_authenticator(const OSSL_CRMF_MSG *msg);
|
|---|
| 98 | int
|
|---|
| 99 | OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo(OSSL_CRMF_PKIPUBLICATIONINFO *pi,
|
|---|
| 100 | OSSL_CRMF_SINGLEPUBINFO *spi);
|
|---|
| 101 | # define OSSL_CRMF_PUB_METHOD_DONTCARE 0
|
|---|
| 102 | # define OSSL_CRMF_PUB_METHOD_X500 1
|
|---|
| 103 | # define OSSL_CRMF_PUB_METHOD_WEB 2
|
|---|
| 104 | # define OSSL_CRMF_PUB_METHOD_LDAP 3
|
|---|
| 105 | int OSSL_CRMF_MSG_set0_SinglePubInfo(OSSL_CRMF_SINGLEPUBINFO *spi,
|
|---|
| 106 | int method, GENERAL_NAME *nm);
|
|---|
| 107 | # define OSSL_CRMF_PUB_ACTION_DONTPUBLISH 0
|
|---|
| 108 | # define OSSL_CRMF_PUB_ACTION_PLEASEPUBLISH 1
|
|---|
| 109 | int OSSL_CRMF_MSG_set_PKIPublicationInfo_action(OSSL_CRMF_PKIPUBLICATIONINFO *pi,
|
|---|
| 110 | int action);
|
|---|
| 111 | int OSSL_CRMF_MSG_set1_regCtrl_pkiPublicationInfo(OSSL_CRMF_MSG *msg,
|
|---|
| 112 | const OSSL_CRMF_PKIPUBLICATIONINFO *pi);
|
|---|
| 113 | OSSL_CRMF_PKIPUBLICATIONINFO
|
|---|
| 114 | *OSSL_CRMF_MSG_get0_regCtrl_pkiPublicationInfo(const OSSL_CRMF_MSG *msg);
|
|---|
| 115 | int OSSL_CRMF_MSG_set1_regCtrl_protocolEncrKey(OSSL_CRMF_MSG *msg,
|
|---|
| 116 | const X509_PUBKEY *pubkey);
|
|---|
| 117 | X509_PUBKEY
|
|---|
| 118 | *OSSL_CRMF_MSG_get0_regCtrl_protocolEncrKey(const OSSL_CRMF_MSG *msg);
|
|---|
| 119 | int OSSL_CRMF_MSG_set1_regCtrl_oldCertID(OSSL_CRMF_MSG *msg,
|
|---|
| 120 | const OSSL_CRMF_CERTID *cid);
|
|---|
| 121 | OSSL_CRMF_CERTID
|
|---|
| 122 | *OSSL_CRMF_MSG_get0_regCtrl_oldCertID(const OSSL_CRMF_MSG *msg);
|
|---|
| 123 | OSSL_CRMF_CERTID *OSSL_CRMF_CERTID_gen(const X509_NAME *issuer,
|
|---|
| 124 | const ASN1_INTEGER *serial);
|
|---|
| 125 |
|
|---|
| 126 | int OSSL_CRMF_MSG_set1_regInfo_utf8Pairs(OSSL_CRMF_MSG *msg,
|
|---|
| 127 | const ASN1_UTF8STRING *utf8pairs);
|
|---|
| 128 | ASN1_UTF8STRING
|
|---|
| 129 | *OSSL_CRMF_MSG_get0_regInfo_utf8Pairs(const OSSL_CRMF_MSG *msg);
|
|---|
| 130 | int OSSL_CRMF_MSG_set1_regInfo_certReq(OSSL_CRMF_MSG *msg,
|
|---|
| 131 | const OSSL_CRMF_CERTREQUEST *cr);
|
|---|
| 132 | OSSL_CRMF_CERTREQUEST
|
|---|
| 133 | *OSSL_CRMF_MSG_get0_regInfo_certReq(const OSSL_CRMF_MSG *msg);
|
|---|
| 134 |
|
|---|
| 135 | int OSSL_CRMF_MSG_set0_validity(OSSL_CRMF_MSG *crm,
|
|---|
| 136 | ASN1_TIME *notBefore, ASN1_TIME *notAfter);
|
|---|
| 137 | int OSSL_CRMF_MSG_set_certReqId(OSSL_CRMF_MSG *crm, int rid);
|
|---|
| 138 | int OSSL_CRMF_MSG_get_certReqId(const OSSL_CRMF_MSG *crm);
|
|---|
| 139 | int OSSL_CRMF_MSG_set0_extensions(OSSL_CRMF_MSG *crm, X509_EXTENSIONS *exts);
|
|---|
| 140 |
|
|---|
| 141 | int OSSL_CRMF_MSG_push0_extension(OSSL_CRMF_MSG *crm, X509_EXTENSION *ext);
|
|---|
| 142 | # define OSSL_CRMF_POPO_NONE -1
|
|---|
| 143 | # define OSSL_CRMF_POPO_RAVERIFIED 0
|
|---|
| 144 | # define OSSL_CRMF_POPO_SIGNATURE 1
|
|---|
| 145 | # define OSSL_CRMF_POPO_KEYENC 2
|
|---|
| 146 | # define OSSL_CRMF_POPO_KEYAGREE 3
|
|---|
| 147 | int OSSL_CRMF_MSG_create_popo(int meth, OSSL_CRMF_MSG *crm,
|
|---|
| 148 | EVP_PKEY *pkey, const EVP_MD *digest,
|
|---|
| 149 | OSSL_LIB_CTX *libctx, const char *propq);
|
|---|
| 150 | int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs,
|
|---|
| 151 | int rid, int acceptRAVerified,
|
|---|
| 152 | OSSL_LIB_CTX *libctx, const char *propq);
|
|---|
| 153 | OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm);
|
|---|
| 154 | const ASN1_INTEGER
|
|---|
| 155 | *OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
|
|---|
| 156 | const X509_NAME
|
|---|
| 157 | *OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl);
|
|---|
| 158 | const X509_NAME
|
|---|
| 159 | *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl);
|
|---|
| 160 | X509_EXTENSIONS
|
|---|
| 161 | *OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl);
|
|---|
| 162 | const X509_NAME
|
|---|
| 163 | *OSSL_CRMF_CERTID_get0_issuer(const OSSL_CRMF_CERTID *cid);
|
|---|
| 164 | const ASN1_INTEGER
|
|---|
| 165 | *OSSL_CRMF_CERTID_get0_serialNumber(const OSSL_CRMF_CERTID *cid);
|
|---|
| 166 | int OSSL_CRMF_CERTTEMPLATE_fill(OSSL_CRMF_CERTTEMPLATE *tmpl,
|
|---|
| 167 | EVP_PKEY *pubkey,
|
|---|
| 168 | const X509_NAME *subject,
|
|---|
| 169 | const X509_NAME *issuer,
|
|---|
| 170 | const ASN1_INTEGER *serial);
|
|---|
| 171 | X509
|
|---|
| 172 | *OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert(const OSSL_CRMF_ENCRYPTEDVALUE *ecert,
|
|---|
| 173 | OSSL_LIB_CTX *libctx, const char *propq,
|
|---|
| 174 | EVP_PKEY *pkey);
|
|---|
| 175 |
|
|---|
| 176 | # ifdef __cplusplus
|
|---|
| 177 | }
|
|---|
| 178 | # endif
|
|---|
| 179 | # endif /* !defined(OPENSSL_NO_CRMF) */
|
|---|
| 180 | #endif /* !defined(OPENSSL_CRMF_H) */
|
|---|
