]> git.ipfire.org Git - thirdparty/openssl.git/blobdiff - crypto/x509/x509_acert.c
projects / thirdparty / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Add RFC 5755 attribute certificate support
[thirdparty/openssl.git] / crypto / x509 / x509_acert.c
diff --git a/crypto/x509/x509_acert.c b/crypto/x509/x509_acert.c
new file mode 100644 (file)
index 0000000..9a1c298
--- /dev/null
+++ b/crypto/x509/x509_acert.c
@@ -0,0 +1,75 @@
+/*
+ * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include "x509_acert.h"
+
+/*
+ * OpenSSL ASN.1 template translation of RFC 5755 4.1.
+ */
+
+ASN1_SEQUENCE(OSSL_OBJECT_DIGEST_INFO) = {
+    ASN1_EMBED(OSSL_OBJECT_DIGEST_INFO, digestedObjectType, ASN1_ENUMERATED),
+    ASN1_OPT(OSSL_OBJECT_DIGEST_INFO, otherObjectTypeID, ASN1_OBJECT),
+    ASN1_EMBED(OSSL_OBJECT_DIGEST_INFO, digestAlgorithm, X509_ALGOR),
+    ASN1_EMBED(OSSL_OBJECT_DIGEST_INFO, objectDigest, ASN1_BIT_STRING),
+} ASN1_SEQUENCE_END(OSSL_OBJECT_DIGEST_INFO)
+
+ASN1_SEQUENCE(OSSL_ISSUER_SERIAL) = {
+    ASN1_SEQUENCE_OF(OSSL_ISSUER_SERIAL, issuer, GENERAL_NAME),
+    ASN1_EMBED(OSSL_ISSUER_SERIAL, serial, ASN1_INTEGER),
+    ASN1_OPT(OSSL_ISSUER_SERIAL, issuerUID, ASN1_BIT_STRING),
+} ASN1_SEQUENCE_END(OSSL_ISSUER_SERIAL)
+
+ASN1_SEQUENCE(X509_ACERT_ISSUER_V2FORM) = {
+    ASN1_SEQUENCE_OF_OPT(X509_ACERT_ISSUER_V2FORM, issuerName, GENERAL_NAME),
+    ASN1_IMP_OPT(X509_ACERT_ISSUER_V2FORM, baseCertificateId, OSSL_ISSUER_SERIAL, 0),
+    ASN1_IMP_OPT(X509_ACERT_ISSUER_V2FORM, objectDigestInfo, OSSL_OBJECT_DIGEST_INFO, 1),
+} ASN1_SEQUENCE_END(X509_ACERT_ISSUER_V2FORM)
+
+ASN1_CHOICE(X509_ACERT_ISSUER) = {
+    ASN1_SEQUENCE_OF(X509_ACERT_ISSUER, u.v1Form, GENERAL_NAME),
+    ASN1_IMP(X509_ACERT_ISSUER, u.v2Form, X509_ACERT_ISSUER_V2FORM, 0),
+} ASN1_CHOICE_END(X509_ACERT_ISSUER)
+
+ASN1_SEQUENCE(X509_HOLDER) = {
+    ASN1_IMP_OPT(X509_HOLDER, baseCertificateID, OSSL_ISSUER_SERIAL, 0),
+    ASN1_IMP_SEQUENCE_OF_OPT(X509_HOLDER, entityName, GENERAL_NAME, 1),
+    ASN1_IMP_OPT(X509_HOLDER, objectDigestInfo, OSSL_OBJECT_DIGEST_INFO, 2),
+} ASN1_SEQUENCE_END(X509_HOLDER)
+
+ASN1_SEQUENCE(X509_ACERT_INFO) = {
+    ASN1_EMBED(X509_ACERT_INFO, version, ASN1_INTEGER),
+    ASN1_EMBED(X509_ACERT_INFO, holder, X509_HOLDER),
+    ASN1_EMBED(X509_ACERT_INFO, issuer, X509_ACERT_ISSUER),
+    ASN1_EMBED(X509_ACERT_INFO, signature, X509_ALGOR),
+    ASN1_EMBED(X509_ACERT_INFO, serialNumber, ASN1_INTEGER),
+    ASN1_EMBED(X509_ACERT_INFO, validityPeriod, X509_VAL),
+    ASN1_SEQUENCE_OF(X509_ACERT_INFO, attributes, X509_ATTRIBUTE),
+    ASN1_OPT(X509_ACERT_INFO, issuerUID, ASN1_BIT_STRING),
+    ASN1_SEQUENCE_OF_OPT(X509_ACERT_INFO, extensions, X509_EXTENSION),
+} ASN1_SEQUENCE_END(X509_ACERT_INFO)
+
+ASN1_SEQUENCE(X509_ACERT) = {
+    ASN1_SIMPLE(X509_ACERT, acinfo, X509_ACERT_INFO),
+    ASN1_EMBED(X509_ACERT, sig_alg, X509_ALGOR),
+    ASN1_EMBED(X509_ACERT, signature, ASN1_BIT_STRING),
+} ASN1_SEQUENCE_END(X509_ACERT)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_ACERT)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_ACERT)
+IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X509_ACERT_INFO)
+IMPLEMENT_ASN1_ALLOC_FUNCTIONS(OSSL_ISSUER_SERIAL)
+IMPLEMENT_ASN1_ALLOC_FUNCTIONS(OSSL_OBJECT_DIGEST_INFO)
+IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X509_ACERT_ISSUER_V2FORM)
+
+IMPLEMENT_PEM_rw(X509_ACERT, X509_ACERT, PEM_STRING_ACERT, X509_ACERT)
+
A mirror of the official openssl repository