1/*-
2 * {- join("\n * ", @autowarntext) -}
3 *
4 * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
5 * Copyright Nokia 2007-2019
6 * Copyright Siemens AG 2015-2019
7 *
8 * Licensed under the Apache License 2.0 (the "License").  You may not use
9 * this file except in compliance with the License.  You can obtain a copy
10 * in the file LICENSE in the source distribution or at
11 * https://www.openssl.org/source/license.html
12 *
13 * CRMF (RFC 4211) implementation by M. Peylo, M. Viljanen, and D. von Oheimb.
14 */
15
16{-
17use OpenSSL::stackhash qw(generate_stack_macros);
18-}
19
20#ifndef OPENSSL_CRMF_H
21# define OPENSSL_CRMF_H
22
23# include <openssl/opensslconf.h>
24
25# ifndef OPENSSL_NO_CRMF
26#  include <openssl/opensslv.h>
27#  include <openssl/safestack.h>
28#  include <openssl/crmferr.h>
29#  include <openssl/x509v3.h> /* for GENERAL_NAME etc. */
30
31/* explicit #includes not strictly needed since implied by the above: */
32#  include <openssl/types.h>
33#  include <openssl/x509.h>
34
35#  ifdef __cplusplus
36extern "C" {
37#  endif
38
39#  define OSSL_CRMF_POPOPRIVKEY_THISMESSAGE          0
40#  define OSSL_CRMF_POPOPRIVKEY_SUBSEQUENTMESSAGE    1
41#  define OSSL_CRMF_POPOPRIVKEY_DHMAC                2
42#  define OSSL_CRMF_POPOPRIVKEY_AGREEMAC             3
43#  define OSSL_CRMF_POPOPRIVKEY_ENCRYPTEDKEY         4
44
45#  define OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT       0
46#  define OSSL_CRMF_SUBSEQUENTMESSAGE_CHALLENGERESP  1
47
48typedef struct ossl_crmf_encryptedvalue_st OSSL_CRMF_ENCRYPTEDVALUE;
49DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDVALUE)
50typedef struct ossl_crmf_msg_st OSSL_CRMF_MSG;
51DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSG)
52DECLARE_ASN1_DUP_FUNCTION(OSSL_CRMF_MSG)
53{-
54    generate_stack_macros("OSSL_CRMF_MSG");
55-}
56typedef struct ossl_crmf_attributetypeandvalue_st OSSL_CRMF_ATTRIBUTETYPEANDVALUE;
57typedef struct ossl_crmf_pbmparameter_st OSSL_CRMF_PBMPARAMETER;
58DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_PBMPARAMETER)
59typedef struct ossl_crmf_poposigningkey_st OSSL_CRMF_POPOSIGNINGKEY;
60typedef struct ossl_crmf_certrequest_st OSSL_CRMF_CERTREQUEST;
61typedef struct ossl_crmf_certid_st OSSL_CRMF_CERTID;
62DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_CERTID)
63DECLARE_ASN1_DUP_FUNCTION(OSSL_CRMF_CERTID)
64{-
65    generate_stack_macros("OSSL_CRMF_CERTID");
66-}
67
68typedef struct ossl_crmf_pkipublicationinfo_st OSSL_CRMF_PKIPUBLICATIONINFO;
69DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_PKIPUBLICATIONINFO)
70typedef struct ossl_crmf_singlepubinfo_st OSSL_CRMF_SINGLEPUBINFO;
71DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_SINGLEPUBINFO)
72typedef struct ossl_crmf_certtemplate_st OSSL_CRMF_CERTTEMPLATE;
73DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_CERTTEMPLATE)
74typedef STACK_OF(OSSL_CRMF_MSG) OSSL_CRMF_MSGS;
75DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSGS)
76
77typedef struct ossl_crmf_optionalvalidity_st OSSL_CRMF_OPTIONALVALIDITY;
78
79/* crmf_pbm.c */
80OSSL_CRMF_PBMPARAMETER *OSSL_CRMF_pbmp_new(OSSL_LIB_CTX *libctx, size_t slen,
81                                           int owfnid, size_t itercnt,
82                                           int macnid);
83int OSSL_CRMF_pbm_new(OSSL_LIB_CTX *libctx, const char *propq,
84                      const OSSL_CRMF_PBMPARAMETER *pbmp,
85                      const unsigned char *msg, size_t msglen,
86                      const unsigned char *sec, size_t seclen,
87                      unsigned char **mac, size_t *maclen);
88
89/* crmf_lib.c */
90int OSSL_CRMF_MSG_set1_regCtrl_regToken(OSSL_CRMF_MSG *msg,
91                                        const ASN1_UTF8STRING *tok);
92ASN1_UTF8STRING
93*OSSL_CRMF_MSG_get0_regCtrl_regToken(const OSSL_CRMF_MSG *msg);
94int OSSL_CRMF_MSG_set1_regCtrl_authenticator(OSSL_CRMF_MSG *msg,
95                                             const ASN1_UTF8STRING *auth);
96ASN1_UTF8STRING
97*OSSL_CRMF_MSG_get0_regCtrl_authenticator(const OSSL_CRMF_MSG *msg);
98int
99OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo(OSSL_CRMF_PKIPUBLICATIONINFO *pi,
100                                                     OSSL_CRMF_SINGLEPUBINFO *spi);
101#  define OSSL_CRMF_PUB_METHOD_DONTCARE 0
102#  define OSSL_CRMF_PUB_METHOD_X500     1
103#  define OSSL_CRMF_PUB_METHOD_WEB      2
104#  define OSSL_CRMF_PUB_METHOD_LDAP     3
105int OSSL_CRMF_MSG_set0_SinglePubInfo(OSSL_CRMF_SINGLEPUBINFO *spi,
106                                     int method, GENERAL_NAME *nm);
107#  define OSSL_CRMF_PUB_ACTION_DONTPUBLISH   0
108#  define OSSL_CRMF_PUB_ACTION_PLEASEPUBLISH 1
109int OSSL_CRMF_MSG_set_PKIPublicationInfo_action(OSSL_CRMF_PKIPUBLICATIONINFO *pi,
110                                                int action);
111int OSSL_CRMF_MSG_set1_regCtrl_pkiPublicationInfo(OSSL_CRMF_MSG *msg,
112                                                  const OSSL_CRMF_PKIPUBLICATIONINFO *pi);
113OSSL_CRMF_PKIPUBLICATIONINFO
114*OSSL_CRMF_MSG_get0_regCtrl_pkiPublicationInfo(const OSSL_CRMF_MSG *msg);
115int OSSL_CRMF_MSG_set1_regCtrl_protocolEncrKey(OSSL_CRMF_MSG *msg,
116                                               const X509_PUBKEY *pubkey);
117X509_PUBKEY
118*OSSL_CRMF_MSG_get0_regCtrl_protocolEncrKey(const OSSL_CRMF_MSG *msg);
119int OSSL_CRMF_MSG_set1_regCtrl_oldCertID(OSSL_CRMF_MSG *msg,
120                                         const OSSL_CRMF_CERTID *cid);
121OSSL_CRMF_CERTID
122*OSSL_CRMF_MSG_get0_regCtrl_oldCertID(const OSSL_CRMF_MSG *msg);
123OSSL_CRMF_CERTID *OSSL_CRMF_CERTID_gen(const X509_NAME *issuer,
124                                       const ASN1_INTEGER *serial);
125
126int OSSL_CRMF_MSG_set1_regInfo_utf8Pairs(OSSL_CRMF_MSG *msg,
127                                         const ASN1_UTF8STRING *utf8pairs);
128ASN1_UTF8STRING
129*OSSL_CRMF_MSG_get0_regInfo_utf8Pairs(const OSSL_CRMF_MSG *msg);
130int OSSL_CRMF_MSG_set1_regInfo_certReq(OSSL_CRMF_MSG *msg,
131                                       const OSSL_CRMF_CERTREQUEST *cr);
132OSSL_CRMF_CERTREQUEST
133*OSSL_CRMF_MSG_get0_regInfo_certReq(const OSSL_CRMF_MSG *msg);
134
135int OSSL_CRMF_MSG_set0_validity(OSSL_CRMF_MSG *crm,
136                                ASN1_TIME *notBefore, ASN1_TIME *notAfter);
137int OSSL_CRMF_MSG_set_certReqId(OSSL_CRMF_MSG *crm, int rid);
138int OSSL_CRMF_MSG_get_certReqId(const OSSL_CRMF_MSG *crm);
139int OSSL_CRMF_MSG_set0_extensions(OSSL_CRMF_MSG *crm, X509_EXTENSIONS *exts);
140
141int OSSL_CRMF_MSG_push0_extension(OSSL_CRMF_MSG *crm, X509_EXTENSION *ext);
142#  define OSSL_CRMF_POPO_NONE       -1
143#  define OSSL_CRMF_POPO_RAVERIFIED 0
144#  define OSSL_CRMF_POPO_SIGNATURE  1
145#  define OSSL_CRMF_POPO_KEYENC     2
146#  define OSSL_CRMF_POPO_KEYAGREE   3
147int OSSL_CRMF_MSG_create_popo(int meth, OSSL_CRMF_MSG *crm,
148                              EVP_PKEY *pkey, const EVP_MD *digest,
149                              OSSL_LIB_CTX *libctx, const char *propq);
150int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs,
151                               int rid, int acceptRAVerified,
152                               OSSL_LIB_CTX *libctx, const char *propq);
153OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm);
154const ASN1_INTEGER
155*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
156const X509_NAME
157*OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl);
158const X509_NAME
159*OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl);
160X509_EXTENSIONS
161*OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl);
162const X509_NAME
163*OSSL_CRMF_CERTID_get0_issuer(const OSSL_CRMF_CERTID *cid);
164const ASN1_INTEGER
165*OSSL_CRMF_CERTID_get0_serialNumber(const OSSL_CRMF_CERTID *cid);
166int OSSL_CRMF_CERTTEMPLATE_fill(OSSL_CRMF_CERTTEMPLATE *tmpl,
167                                EVP_PKEY *pubkey,
168                                const X509_NAME *subject,
169                                const X509_NAME *issuer,
170                                const ASN1_INTEGER *serial);
171X509
172*OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert(const OSSL_CRMF_ENCRYPTEDVALUE *ecert,
173                                       OSSL_LIB_CTX *libctx, const char *propq,
174                                       EVP_PKEY *pkey);
175
176#  ifdef __cplusplus
177}
178#  endif
179# endif /* !defined(OPENSSL_NO_CRMF) */
180#endif /* !defined(OPENSSL_CRMF_H) */
181