1/*- 2 * {- join("\n * ", @autowarntext) -} 3 * 4 * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. 5 * Copyright Nokia 2007-2019 6 * Copyright Siemens AG 2015-2019 7 * 8 * Licensed under the Apache License 2.0 (the "License"). You may not use 9 * this file except in compliance with the License. You can obtain a copy 10 * in the file LICENSE in the source distribution or at 11 * https://www.openssl.org/source/license.html 12 * 13 * CRMF (RFC 4211) implementation by M. Peylo, M. Viljanen, and D. von Oheimb. 14 */ 15 16{- 17use OpenSSL::stackhash qw(generate_stack_macros); 18-} 19 20#ifndef OPENSSL_CRMF_H 21# define OPENSSL_CRMF_H 22 23# include <openssl/opensslconf.h> 24 25# ifndef OPENSSL_NO_CRMF 26# include <openssl/opensslv.h> 27# include <openssl/safestack.h> 28# include <openssl/crmferr.h> 29# include <openssl/x509v3.h> /* for GENERAL_NAME etc. */ 30 31/* explicit #includes not strictly needed since implied by the above: */ 32# include <openssl/types.h> 33# include <openssl/x509.h> 34 35# ifdef __cplusplus 36extern "C" { 37# endif 38 39# define OSSL_CRMF_POPOPRIVKEY_THISMESSAGE 0 40# define OSSL_CRMF_POPOPRIVKEY_SUBSEQUENTMESSAGE 1 41# define OSSL_CRMF_POPOPRIVKEY_DHMAC 2 42# define OSSL_CRMF_POPOPRIVKEY_AGREEMAC 3 43# define OSSL_CRMF_POPOPRIVKEY_ENCRYPTEDKEY 4 44 45# define OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT 0 46# define OSSL_CRMF_SUBSEQUENTMESSAGE_CHALLENGERESP 1 47 48typedef struct ossl_crmf_encryptedvalue_st OSSL_CRMF_ENCRYPTEDVALUE; 49DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDVALUE) 50typedef struct ossl_crmf_msg_st OSSL_CRMF_MSG; 51DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSG) 52DECLARE_ASN1_DUP_FUNCTION(OSSL_CRMF_MSG) 53{- 54 generate_stack_macros("OSSL_CRMF_MSG"); 55-} 56typedef struct ossl_crmf_attributetypeandvalue_st OSSL_CRMF_ATTRIBUTETYPEANDVALUE; 57typedef struct ossl_crmf_pbmparameter_st OSSL_CRMF_PBMPARAMETER; 58DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_PBMPARAMETER) 59typedef struct ossl_crmf_poposigningkey_st OSSL_CRMF_POPOSIGNINGKEY; 60typedef struct ossl_crmf_certrequest_st OSSL_CRMF_CERTREQUEST; 61typedef struct ossl_crmf_certid_st OSSL_CRMF_CERTID; 62DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_CERTID) 63DECLARE_ASN1_DUP_FUNCTION(OSSL_CRMF_CERTID) 64{- 65 generate_stack_macros("OSSL_CRMF_CERTID"); 66-} 67 68typedef struct ossl_crmf_pkipublicationinfo_st OSSL_CRMF_PKIPUBLICATIONINFO; 69DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_PKIPUBLICATIONINFO) 70typedef struct ossl_crmf_singlepubinfo_st OSSL_CRMF_SINGLEPUBINFO; 71DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_SINGLEPUBINFO) 72typedef struct ossl_crmf_certtemplate_st OSSL_CRMF_CERTTEMPLATE; 73DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_CERTTEMPLATE) 74typedef STACK_OF(OSSL_CRMF_MSG) OSSL_CRMF_MSGS; 75DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSGS) 76 77typedef struct ossl_crmf_optionalvalidity_st OSSL_CRMF_OPTIONALVALIDITY; 78 79/* crmf_pbm.c */ 80OSSL_CRMF_PBMPARAMETER *OSSL_CRMF_pbmp_new(OSSL_LIB_CTX *libctx, size_t slen, 81 int owfnid, size_t itercnt, 82 int macnid); 83int OSSL_CRMF_pbm_new(OSSL_LIB_CTX *libctx, const char *propq, 84 const OSSL_CRMF_PBMPARAMETER *pbmp, 85 const unsigned char *msg, size_t msglen, 86 const unsigned char *sec, size_t seclen, 87 unsigned char **mac, size_t *maclen); 88 89/* crmf_lib.c */ 90int OSSL_CRMF_MSG_set1_regCtrl_regToken(OSSL_CRMF_MSG *msg, 91 const ASN1_UTF8STRING *tok); 92ASN1_UTF8STRING 93*OSSL_CRMF_MSG_get0_regCtrl_regToken(const OSSL_CRMF_MSG *msg); 94int OSSL_CRMF_MSG_set1_regCtrl_authenticator(OSSL_CRMF_MSG *msg, 95 const ASN1_UTF8STRING *auth); 96ASN1_UTF8STRING 97*OSSL_CRMF_MSG_get0_regCtrl_authenticator(const OSSL_CRMF_MSG *msg); 98int 99OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo(OSSL_CRMF_PKIPUBLICATIONINFO *pi, 100 OSSL_CRMF_SINGLEPUBINFO *spi); 101# define OSSL_CRMF_PUB_METHOD_DONTCARE 0 102# define OSSL_CRMF_PUB_METHOD_X500 1 103# define OSSL_CRMF_PUB_METHOD_WEB 2 104# define OSSL_CRMF_PUB_METHOD_LDAP 3 105int OSSL_CRMF_MSG_set0_SinglePubInfo(OSSL_CRMF_SINGLEPUBINFO *spi, 106 int method, GENERAL_NAME *nm); 107# define OSSL_CRMF_PUB_ACTION_DONTPUBLISH 0 108# define OSSL_CRMF_PUB_ACTION_PLEASEPUBLISH 1 109int OSSL_CRMF_MSG_set_PKIPublicationInfo_action(OSSL_CRMF_PKIPUBLICATIONINFO *pi, 110 int action); 111int OSSL_CRMF_MSG_set1_regCtrl_pkiPublicationInfo(OSSL_CRMF_MSG *msg, 112 const OSSL_CRMF_PKIPUBLICATIONINFO *pi); 113OSSL_CRMF_PKIPUBLICATIONINFO 114*OSSL_CRMF_MSG_get0_regCtrl_pkiPublicationInfo(const OSSL_CRMF_MSG *msg); 115int OSSL_CRMF_MSG_set1_regCtrl_protocolEncrKey(OSSL_CRMF_MSG *msg, 116 const X509_PUBKEY *pubkey); 117X509_PUBKEY 118*OSSL_CRMF_MSG_get0_regCtrl_protocolEncrKey(const OSSL_CRMF_MSG *msg); 119int OSSL_CRMF_MSG_set1_regCtrl_oldCertID(OSSL_CRMF_MSG *msg, 120 const OSSL_CRMF_CERTID *cid); 121OSSL_CRMF_CERTID 122*OSSL_CRMF_MSG_get0_regCtrl_oldCertID(const OSSL_CRMF_MSG *msg); 123OSSL_CRMF_CERTID *OSSL_CRMF_CERTID_gen(const X509_NAME *issuer, 124 const ASN1_INTEGER *serial); 125 126int OSSL_CRMF_MSG_set1_regInfo_utf8Pairs(OSSL_CRMF_MSG *msg, 127 const ASN1_UTF8STRING *utf8pairs); 128ASN1_UTF8STRING 129*OSSL_CRMF_MSG_get0_regInfo_utf8Pairs(const OSSL_CRMF_MSG *msg); 130int OSSL_CRMF_MSG_set1_regInfo_certReq(OSSL_CRMF_MSG *msg, 131 const OSSL_CRMF_CERTREQUEST *cr); 132OSSL_CRMF_CERTREQUEST 133*OSSL_CRMF_MSG_get0_regInfo_certReq(const OSSL_CRMF_MSG *msg); 134 135int OSSL_CRMF_MSG_set0_validity(OSSL_CRMF_MSG *crm, 136 ASN1_TIME *notBefore, ASN1_TIME *notAfter); 137int OSSL_CRMF_MSG_set_certReqId(OSSL_CRMF_MSG *crm, int rid); 138int OSSL_CRMF_MSG_get_certReqId(const OSSL_CRMF_MSG *crm); 139int OSSL_CRMF_MSG_set0_extensions(OSSL_CRMF_MSG *crm, X509_EXTENSIONS *exts); 140 141int OSSL_CRMF_MSG_push0_extension(OSSL_CRMF_MSG *crm, X509_EXTENSION *ext); 142# define OSSL_CRMF_POPO_NONE -1 143# define OSSL_CRMF_POPO_RAVERIFIED 0 144# define OSSL_CRMF_POPO_SIGNATURE 1 145# define OSSL_CRMF_POPO_KEYENC 2 146# define OSSL_CRMF_POPO_KEYAGREE 3 147int OSSL_CRMF_MSG_create_popo(int meth, OSSL_CRMF_MSG *crm, 148 EVP_PKEY *pkey, const EVP_MD *digest, 149 OSSL_LIB_CTX *libctx, const char *propq); 150int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs, 151 int rid, int acceptRAVerified, 152 OSSL_LIB_CTX *libctx, const char *propq); 153OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm); 154const ASN1_INTEGER 155*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl); 156const X509_NAME 157*OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl); 158const X509_NAME 159*OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl); 160X509_EXTENSIONS 161*OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl); 162const X509_NAME 163*OSSL_CRMF_CERTID_get0_issuer(const OSSL_CRMF_CERTID *cid); 164const ASN1_INTEGER 165*OSSL_CRMF_CERTID_get0_serialNumber(const OSSL_CRMF_CERTID *cid); 166int OSSL_CRMF_CERTTEMPLATE_fill(OSSL_CRMF_CERTTEMPLATE *tmpl, 167 EVP_PKEY *pubkey, 168 const X509_NAME *subject, 169 const X509_NAME *issuer, 170 const ASN1_INTEGER *serial); 171X509 172*OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert(const OSSL_CRMF_ENCRYPTEDVALUE *ecert, 173 OSSL_LIB_CTX *libctx, const char *propq, 174 EVP_PKEY *pkey); 175 176# ifdef __cplusplus 177} 178# endif 179# endif /* !defined(OPENSSL_NO_CRMF) */ 180#endif /* !defined(OPENSSL_CRMF_H) */ 181