]>
Commit | Line | Data |
---|---|---|
7960dbec | 1 | /* |
798f9329 MC |
2 | * {- join("\n * ", @autowarntext) -} |
3 | * | |
4333b89f | 4 | * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. |
8869ad4a AK |
5 | * Copyright Nokia 2007-2019 |
6 | * Copyright Siemens AG 2015-2019 | |
7 | * | |
8 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
9 | * this file except in compliance with the License. You can obtain a copy | |
10 | * in the file LICENSE in the source distribution or at | |
11 | * https://www.openssl.org/source/license.html | |
8869ad4a AK |
12 | */ |
13 | ||
798f9329 MC |
14 | {- |
15 | use OpenSSL::stackhash qw(generate_stack_macros); | |
16 | -} | |
17 | ||
ae4186b0 DMSP |
18 | #ifndef OPENSSL_CMP_H |
19 | # define OPENSSL_CMP_H | |
8869ad4a AK |
20 | |
21 | # include <openssl/opensslconf.h> | |
22 | # ifndef OPENSSL_NO_CMP | |
23 | ||
24 | # include <openssl/crmf.h> | |
25 | # include <openssl/cmperr.h> | |
7960dbec | 26 | # include <openssl/cmp_util.h> |
29f178bd | 27 | # include <openssl/http.h> |
8869ad4a AK |
28 | |
29 | /* explicit #includes not strictly needed since implied by the above: */ | |
50cd4768 | 30 | # include <openssl/types.h> |
8869ad4a AK |
31 | # include <openssl/safestack.h> |
32 | # include <openssl/x509.h> | |
33 | # include <openssl/x509v3.h> | |
34 | ||
235595c4 | 35 | # ifdef __cplusplus |
8869ad4a AK |
36 | extern "C" { |
37 | # endif | |
38 | ||
c4ad4e5b DDO |
39 | # define OSSL_CMP_PVNO_2 2 |
40 | # define OSSL_CMP_PVNO_3 3 | |
41 | # define OSSL_CMP_PVNO OSSL_CMP_PVNO_2 /* v2 is the default */ | |
8869ad4a AK |
42 | |
43 | /*- | |
44 | * PKIFailureInfo ::= BIT STRING { | |
45 | * -- since we can fail in more than one way! | |
46 | * -- More codes may be added in the future if/when required. | |
47 | * badAlg (0), | |
48 | * -- unrecognized or unsupported Algorithm Identifier | |
49 | * badMessageCheck (1), | |
50 | * -- integrity check failed (e.g., signature did not verify) | |
51 | * badRequest (2), | |
52 | * -- transaction not permitted or supported | |
53 | * badTime (3), | |
54 | * -- messageTime was not sufficiently close to the system time, | |
55 | * -- as defined by local policy | |
56 | * badCertId (4), | |
57 | * -- no certificate could be found matching the provided criteria | |
58 | * badDataFormat (5), | |
59 | * -- the data submitted has the wrong format | |
60 | * wrongAuthority (6), | |
61 | * -- the authority indicated in the request is different from the | |
62 | * -- one creating the response token | |
63 | * incorrectData (7), | |
64 | * -- the requester's data is incorrect (for notary services) | |
65 | * missingTimeStamp (8), | |
66 | * -- when the timestamp is missing but should be there | |
67 | * -- (by policy) | |
68 | * badPOP (9), | |
69 | * -- the proof-of-possession failed | |
70 | * certRevoked (10), | |
71 | * -- the certificate has already been revoked | |
72 | * certConfirmed (11), | |
73 | * -- the certificate has already been confirmed | |
74 | * wrongIntegrity (12), | |
75 | * -- invalid integrity, password based instead of signature or | |
76 | * -- vice versa | |
77 | * badRecipientNonce (13), | |
78 | * -- invalid recipient nonce, either missing or wrong value | |
79 | * timeNotAvailable (14), | |
80 | * -- the TSA's time source is not available | |
81 | * unacceptedPolicy (15), | |
82 | * -- the requested TSA policy is not supported by the TSA. | |
83 | * unacceptedExtension (16), | |
84 | * -- the requested extension is not supported by the TSA. | |
85 | * addInfoNotAvailable (17), | |
86 | * -- the additional information requested could not be | |
87 | * -- understood or is not available | |
88 | * badSenderNonce (18), | |
89 | * -- invalid sender nonce, either missing or wrong size | |
90 | * badCertTemplate (19), | |
91 | * -- invalid cert. template or missing mandatory information | |
92 | * signerNotTrusted (20), | |
93 | * -- signer of the message unknown or not trusted | |
94 | * transactionIdInUse (21), | |
95 | * -- the transaction identifier is already in use | |
96 | * unsupportedVersion (22), | |
97 | * -- the version of the message is not supported | |
98 | * notAuthorized (23), | |
99 | * -- the sender was not authorized to make the preceding | |
100 | * -- request or perform the preceding action | |
101 | * systemUnavail (24), | |
102 | * -- the request cannot be handled due to system unavailability | |
103 | * systemFailure (25), | |
104 | * -- the request cannot be handled due to system failure | |
105 | * duplicateCertReq (26) | |
106 | * -- certificate cannot be issued because a duplicate | |
107 | * -- certificate already exists | |
108 | * } | |
109 | */ | |
110 | # define OSSL_CMP_PKIFAILUREINFO_badAlg 0 | |
111 | # define OSSL_CMP_PKIFAILUREINFO_badMessageCheck 1 | |
112 | # define OSSL_CMP_PKIFAILUREINFO_badRequest 2 | |
113 | # define OSSL_CMP_PKIFAILUREINFO_badTime 3 | |
114 | # define OSSL_CMP_PKIFAILUREINFO_badCertId 4 | |
115 | # define OSSL_CMP_PKIFAILUREINFO_badDataFormat 5 | |
116 | # define OSSL_CMP_PKIFAILUREINFO_wrongAuthority 6 | |
117 | # define OSSL_CMP_PKIFAILUREINFO_incorrectData 7 | |
118 | # define OSSL_CMP_PKIFAILUREINFO_missingTimeStamp 8 | |
119 | # define OSSL_CMP_PKIFAILUREINFO_badPOP 9 | |
120 | # define OSSL_CMP_PKIFAILUREINFO_certRevoked 10 | |
121 | # define OSSL_CMP_PKIFAILUREINFO_certConfirmed 11 | |
122 | # define OSSL_CMP_PKIFAILUREINFO_wrongIntegrity 12 | |
123 | # define OSSL_CMP_PKIFAILUREINFO_badRecipientNonce 13 | |
124 | # define OSSL_CMP_PKIFAILUREINFO_timeNotAvailable 14 | |
125 | # define OSSL_CMP_PKIFAILUREINFO_unacceptedPolicy 15 | |
126 | # define OSSL_CMP_PKIFAILUREINFO_unacceptedExtension 16 | |
127 | # define OSSL_CMP_PKIFAILUREINFO_addInfoNotAvailable 17 | |
128 | # define OSSL_CMP_PKIFAILUREINFO_badSenderNonce 18 | |
129 | # define OSSL_CMP_PKIFAILUREINFO_badCertTemplate 19 | |
130 | # define OSSL_CMP_PKIFAILUREINFO_signerNotTrusted 20 | |
131 | # define OSSL_CMP_PKIFAILUREINFO_transactionIdInUse 21 | |
132 | # define OSSL_CMP_PKIFAILUREINFO_unsupportedVersion 22 | |
133 | # define OSSL_CMP_PKIFAILUREINFO_notAuthorized 23 | |
134 | # define OSSL_CMP_PKIFAILUREINFO_systemUnavail 24 | |
135 | # define OSSL_CMP_PKIFAILUREINFO_systemFailure 25 | |
136 | # define OSSL_CMP_PKIFAILUREINFO_duplicateCertReq 26 | |
137 | # define OSSL_CMP_PKIFAILUREINFO_MAX 26 | |
138 | # define OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN \ | |
235595c4 | 139 | ((1 << (OSSL_CMP_PKIFAILUREINFO_MAX + 1)) - 1) |
8869ad4a | 140 | # if OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN > INT_MAX |
235595c4 | 141 | # error CMP_PKIFAILUREINFO_MAX bit pattern does not fit in type int |
8869ad4a AK |
142 | # endif |
143 | ||
144 | typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO; | |
145 | ||
146 | # define OSSL_CMP_CTX_FAILINFO_badAlg (1 << 0) | |
147 | # define OSSL_CMP_CTX_FAILINFO_badMessageCheck (1 << 1) | |
148 | # define OSSL_CMP_CTX_FAILINFO_badRequest (1 << 2) | |
149 | # define OSSL_CMP_CTX_FAILINFO_badTime (1 << 3) | |
150 | # define OSSL_CMP_CTX_FAILINFO_badCertId (1 << 4) | |
151 | # define OSSL_CMP_CTX_FAILINFO_badDataFormat (1 << 5) | |
152 | # define OSSL_CMP_CTX_FAILINFO_wrongAuthority (1 << 6) | |
153 | # define OSSL_CMP_CTX_FAILINFO_incorrectData (1 << 7) | |
154 | # define OSSL_CMP_CTX_FAILINFO_missingTimeStamp (1 << 8) | |
155 | # define OSSL_CMP_CTX_FAILINFO_badPOP (1 << 9) | |
156 | # define OSSL_CMP_CTX_FAILINFO_certRevoked (1 << 10) | |
157 | # define OSSL_CMP_CTX_FAILINFO_certConfirmed (1 << 11) | |
158 | # define OSSL_CMP_CTX_FAILINFO_wrongIntegrity (1 << 12) | |
159 | # define OSSL_CMP_CTX_FAILINFO_badRecipientNonce (1 << 13) | |
160 | # define OSSL_CMP_CTX_FAILINFO_timeNotAvailable (1 << 14) | |
161 | # define OSSL_CMP_CTX_FAILINFO_unacceptedPolicy (1 << 15) | |
162 | # define OSSL_CMP_CTX_FAILINFO_unacceptedExtension (1 << 16) | |
163 | # define OSSL_CMP_CTX_FAILINFO_addInfoNotAvailable (1 << 17) | |
164 | # define OSSL_CMP_CTX_FAILINFO_badSenderNonce (1 << 18) | |
165 | # define OSSL_CMP_CTX_FAILINFO_badCertTemplate (1 << 19) | |
166 | # define OSSL_CMP_CTX_FAILINFO_signerNotTrusted (1 << 20) | |
167 | # define OSSL_CMP_CTX_FAILINFO_transactionIdInUse (1 << 21) | |
168 | # define OSSL_CMP_CTX_FAILINFO_unsupportedVersion (1 << 22) | |
169 | # define OSSL_CMP_CTX_FAILINFO_notAuthorized (1 << 23) | |
170 | # define OSSL_CMP_CTX_FAILINFO_systemUnavail (1 << 24) | |
171 | # define OSSL_CMP_CTX_FAILINFO_systemFailure (1 << 25) | |
172 | # define OSSL_CMP_CTX_FAILINFO_duplicateCertReq (1 << 26) | |
173 | ||
174 | /*- | |
175 | * PKIStatus ::= INTEGER { | |
176 | * accepted (0), | |
177 | * -- you got exactly what you asked for | |
178 | * grantedWithMods (1), | |
179 | * -- you got something like what you asked for; the | |
180 | * -- requester is responsible for ascertaining the differences | |
181 | * rejection (2), | |
182 | * -- you don't get it, more information elsewhere in the message | |
183 | * waiting (3), | |
184 | * -- the request body part has not yet been processed; expect to | |
185 | * -- hear more later (note: proper handling of this status | |
186 | * -- response MAY use the polling req/rep PKIMessages specified | |
187 | * -- in Section 5.3.22; alternatively, polling in the underlying | |
188 | * -- transport layer MAY have some utility in this regard) | |
189 | * revocationWarning (4), | |
190 | * -- this message contains a warning that a revocation is | |
191 | * -- imminent | |
192 | * revocationNotification (5), | |
193 | * -- notification that a revocation has occurred | |
194 | * keyUpdateWarning (6) | |
195 | * -- update already done for the oldCertId specified in | |
196 | * -- CertReqMsg | |
197 | * } | |
198 | */ | |
199 | # define OSSL_CMP_PKISTATUS_accepted 0 | |
200 | # define OSSL_CMP_PKISTATUS_grantedWithMods 1 | |
201 | # define OSSL_CMP_PKISTATUS_rejection 2 | |
202 | # define OSSL_CMP_PKISTATUS_waiting 3 | |
203 | # define OSSL_CMP_PKISTATUS_revocationWarning 4 | |
204 | # define OSSL_CMP_PKISTATUS_revocationNotification 5 | |
205 | # define OSSL_CMP_PKISTATUS_keyUpdateWarning 6 | |
206 | ||
207 | typedef ASN1_INTEGER OSSL_CMP_PKISTATUS; | |
208 | DECLARE_ASN1_ITEM(OSSL_CMP_PKISTATUS) | |
209 | ||
210 | # define OSSL_CMP_CERTORENCCERT_CERTIFICATE 0 | |
211 | # define OSSL_CMP_CERTORENCCERT_ENCRYPTEDCERT 1 | |
212 | ||
213 | /* data type declarations */ | |
7960dbec DDO |
214 | typedef struct ossl_cmp_ctx_st OSSL_CMP_CTX; |
215 | typedef struct ossl_cmp_pkiheader_st OSSL_CMP_PKIHEADER; | |
8869ad4a | 216 | DECLARE_ASN1_FUNCTIONS(OSSL_CMP_PKIHEADER) |
7960dbec | 217 | typedef struct ossl_cmp_msg_st OSSL_CMP_MSG; |
62dcd2aa | 218 | DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_MSG) |
8869ad4a | 219 | DECLARE_ASN1_ENCODE_FUNCTIONS(OSSL_CMP_MSG, OSSL_CMP_MSG, OSSL_CMP_MSG) |
7960dbec | 220 | typedef struct ossl_cmp_certstatus_st OSSL_CMP_CERTSTATUS; |
798f9329 MC |
221 | {- |
222 | generate_stack_macros("OSSL_CMP_CERTSTATUS"); | |
223 | -} | |
7960dbec | 224 | typedef struct ossl_cmp_itav_st OSSL_CMP_ITAV; |
62dcd2aa | 225 | DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_ITAV) |
798f9329 MC |
226 | {- |
227 | generate_stack_macros("OSSL_CMP_ITAV"); | |
228 | -} | |
7960dbec DDO |
229 | typedef struct ossl_cmp_revrepcontent_st OSSL_CMP_REVREPCONTENT; |
230 | typedef struct ossl_cmp_pkisi_st OSSL_CMP_PKISI; | |
62dcd2aa DDO |
231 | DECLARE_ASN1_FUNCTIONS(OSSL_CMP_PKISI) |
232 | DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_PKISI) | |
798f9329 MC |
233 | {- |
234 | generate_stack_macros("OSSL_CMP_PKISI"); | |
235 | -} | |
7960dbec | 236 | typedef struct ossl_cmp_certrepmessage_st OSSL_CMP_CERTREPMESSAGE; |
798f9329 MC |
237 | {- |
238 | generate_stack_macros("OSSL_CMP_CERTREPMESSAGE"); | |
239 | -} | |
7960dbec | 240 | typedef struct ossl_cmp_pollrep_st OSSL_CMP_POLLREP; |
8869ad4a | 241 | typedef STACK_OF(OSSL_CMP_POLLREP) OSSL_CMP_POLLREPCONTENT; |
7960dbec | 242 | typedef struct ossl_cmp_certresponse_st OSSL_CMP_CERTRESPONSE; |
798f9329 MC |
243 | {- |
244 | generate_stack_macros("OSSL_CMP_CERTRESPONSE"); | |
245 | -} | |
8869ad4a AK |
246 | typedef STACK_OF(ASN1_UTF8STRING) OSSL_CMP_PKIFREETEXT; |
247 | ||
7960dbec DDO |
248 | /* |
249 | * function DECLARATIONS | |
250 | */ | |
251 | ||
8869ad4a AK |
252 | /* from cmp_asn.c */ |
253 | OSSL_CMP_ITAV *OSSL_CMP_ITAV_create(ASN1_OBJECT *type, ASN1_TYPE *value); | |
254 | void OSSL_CMP_ITAV_set0(OSSL_CMP_ITAV *itav, ASN1_OBJECT *type, | |
255 | ASN1_TYPE *value); | |
256 | ASN1_OBJECT *OSSL_CMP_ITAV_get0_type(const OSSL_CMP_ITAV *itav); | |
257 | ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav); | |
258 | int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p, | |
259 | OSSL_CMP_ITAV *itav); | |
260 | void OSSL_CMP_ITAV_free(OSSL_CMP_ITAV *itav); | |
261 | void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg); | |
7960dbec DDO |
262 | |
263 | /* from cmp_ctx.c */ | |
b4250010 | 264 | OSSL_CMP_CTX *OSSL_CMP_CTX_new(OSSL_LIB_CTX *libctx, const char *propq); |
7960dbec DDO |
265 | void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx); |
266 | int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx); | |
8f965908 | 267 | /* CMP general options: */ |
7960dbec | 268 | # define OSSL_CMP_OPT_LOG_VERBOSITY 0 |
8f965908 DDO |
269 | /* CMP transfer options: */ |
270 | # define OSSL_CMP_OPT_KEEP_ALIVE 10 | |
271 | # define OSSL_CMP_OPT_MSG_TIMEOUT 11 | |
272 | # define OSSL_CMP_OPT_TOTAL_TIMEOUT 12 | |
273 | /* CMP request options: */ | |
274 | # define OSSL_CMP_OPT_VALIDITY_DAYS 20 | |
275 | # define OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT 21 | |
276 | # define OSSL_CMP_OPT_SUBJECTALTNAME_CRITICAL 22 | |
277 | # define OSSL_CMP_OPT_POLICIES_CRITICAL 23 | |
278 | # define OSSL_CMP_OPT_POPO_METHOD 24 | |
279 | # define OSSL_CMP_OPT_IMPLICIT_CONFIRM 25 | |
280 | # define OSSL_CMP_OPT_DISABLE_CONFIRM 26 | |
281 | # define OSSL_CMP_OPT_REVOCATION_REASON 27 | |
282 | /* CMP protection options: */ | |
283 | # define OSSL_CMP_OPT_UNPROTECTED_SEND 30 | |
284 | # define OSSL_CMP_OPT_UNPROTECTED_ERRORS 31 | |
285 | # define OSSL_CMP_OPT_OWF_ALGNID 32 | |
286 | # define OSSL_CMP_OPT_MAC_ALGNID 33 | |
287 | # define OSSL_CMP_OPT_DIGEST_ALGNID 34 | |
288 | # define OSSL_CMP_OPT_IGNORE_KEYUSAGE 35 | |
289 | # define OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR 36 | |
7960dbec DDO |
290 | int OSSL_CMP_CTX_set_option(OSSL_CMP_CTX *ctx, int opt, int val); |
291 | int OSSL_CMP_CTX_get_option(const OSSL_CMP_CTX *ctx, int opt); | |
292 | /* CMP-specific callback for logging and outputting the error queue: */ | |
7e765f46 | 293 | int OSSL_CMP_CTX_set_log_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_log_cb_t cb); |
3dbc5156 | 294 | # define OSSL_CMP_CTX_set_log_verbosity(ctx, level) \ |
7960dbec | 295 | OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_LOG_VERBOSITY, level) |
c4a9e3eb | 296 | void OSSL_CMP_CTX_print_errors(const OSSL_CMP_CTX *ctx); |
7960dbec DDO |
297 | /* message transfer: */ |
298 | int OSSL_CMP_CTX_set1_serverPath(OSSL_CMP_CTX *ctx, const char *path); | |
4b1fe471 | 299 | int OSSL_CMP_CTX_set1_server(OSSL_CMP_CTX *ctx, const char *address); |
7960dbec | 300 | int OSSL_CMP_CTX_set_serverPort(OSSL_CMP_CTX *ctx, int port); |
afe554c2 DDO |
301 | int OSSL_CMP_CTX_set1_proxy(OSSL_CMP_CTX *ctx, const char *name); |
302 | int OSSL_CMP_CTX_set1_no_proxy(OSSL_CMP_CTX *ctx, const char *names); | |
29f178bd | 303 | int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_HTTP_bio_cb_t cb); |
7960dbec DDO |
304 | int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg); |
305 | void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX *ctx); | |
7e765f46 | 306 | typedef OSSL_CMP_MSG *(*OSSL_CMP_transfer_cb_t) (OSSL_CMP_CTX *ctx, |
29f178bd | 307 | const OSSL_CMP_MSG *req); |
7e765f46 | 308 | int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_transfer_cb_t cb); |
7960dbec DDO |
309 | int OSSL_CMP_CTX_set_transfer_cb_arg(OSSL_CMP_CTX *ctx, void *arg); |
310 | void *OSSL_CMP_CTX_get_transfer_cb_arg(const OSSL_CMP_CTX *ctx); | |
311 | /* server authentication: */ | |
312 | int OSSL_CMP_CTX_set1_srvCert(OSSL_CMP_CTX *ctx, X509 *cert); | |
313 | int OSSL_CMP_CTX_set1_expected_sender(OSSL_CMP_CTX *ctx, const X509_NAME *name); | |
314 | int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store); | |
6be83cc6 | 315 | #define OSSL_CMP_CTX_set0_trusted OSSL_CMP_CTX_set0_trustedStore |
7960dbec | 316 | X509_STORE *OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX *ctx); |
6be83cc6 | 317 | #define OSSL_CMP_CTX_get0_trusted OSSL_CMP_CTX_get0_trustedStore |
0b86eefd DDO |
318 | int OSSL_CMP_CTX_set1_untrusted(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs); |
319 | STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted(const OSSL_CMP_CTX *ctx); | |
7960dbec | 320 | /* client authentication: */ |
63f1883d | 321 | int OSSL_CMP_CTX_set1_cert(OSSL_CMP_CTX *ctx, X509 *cert); |
15076c26 DDO |
322 | int OSSL_CMP_CTX_build_cert_chain(OSSL_CMP_CTX *ctx, X509_STORE *own_trusted, |
323 | STACK_OF(X509) *candidates); | |
7960dbec DDO |
324 | int OSSL_CMP_CTX_set1_pkey(OSSL_CMP_CTX *ctx, EVP_PKEY *pkey); |
325 | int OSSL_CMP_CTX_set1_referenceValue(OSSL_CMP_CTX *ctx, | |
326 | const unsigned char *ref, int len); | |
327 | int OSSL_CMP_CTX_set1_secretValue(OSSL_CMP_CTX *ctx, const unsigned char *sec, | |
328 | const int len); | |
329 | /* CMP message header and extra certificates: */ | |
330 | int OSSL_CMP_CTX_set1_recipient(OSSL_CMP_CTX *ctx, const X509_NAME *name); | |
331 | int OSSL_CMP_CTX_push0_geninfo_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav); | |
332 | int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx, | |
333 | STACK_OF(X509) *extraCertsOut); | |
334 | /* certificate template: */ | |
335 | int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey); | |
336 | EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv); | |
337 | int OSSL_CMP_CTX_set1_issuer(OSSL_CMP_CTX *ctx, const X509_NAME *name); | |
338 | int OSSL_CMP_CTX_set1_subjectName(OSSL_CMP_CTX *ctx, const X509_NAME *name); | |
143be474 DDO |
339 | int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx, |
340 | const GENERAL_NAME *name); | |
7960dbec DDO |
341 | int OSSL_CMP_CTX_set0_reqExtensions(OSSL_CMP_CTX *ctx, X509_EXTENSIONS *exts); |
342 | int OSSL_CMP_CTX_reqExtensions_have_SAN(OSSL_CMP_CTX *ctx); | |
343 | int OSSL_CMP_CTX_push0_policy(OSSL_CMP_CTX *ctx, POLICYINFO *pinfo); | |
344 | int OSSL_CMP_CTX_set1_oldCert(OSSL_CMP_CTX *ctx, X509 *cert); | |
345 | int OSSL_CMP_CTX_set1_p10CSR(OSSL_CMP_CTX *ctx, const X509_REQ *csr); | |
346 | /* misc body contents: */ | |
347 | int OSSL_CMP_CTX_push0_genm_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav); | |
348 | /* certificate confirmation: */ | |
7e765f46 | 349 | typedef int (*OSSL_CMP_certConf_cb_t) (OSSL_CMP_CTX *ctx, X509 *cert, |
7960dbec | 350 | int fail_info, const char **txt); |
15076c26 DDO |
351 | int OSSL_CMP_certConf_cb(OSSL_CMP_CTX *ctx, X509 *cert, int fail_info, |
352 | const char **text); | |
7e765f46 | 353 | int OSSL_CMP_CTX_set_certConf_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_certConf_cb_t cb); |
7960dbec DDO |
354 | int OSSL_CMP_CTX_set_certConf_cb_arg(OSSL_CMP_CTX *ctx, void *arg); |
355 | void *OSSL_CMP_CTX_get_certConf_cb_arg(const OSSL_CMP_CTX *ctx); | |
356 | /* result fetching: */ | |
357 | int OSSL_CMP_CTX_get_status(const OSSL_CMP_CTX *ctx); | |
358 | OSSL_CMP_PKIFREETEXT *OSSL_CMP_CTX_get0_statusString(const OSSL_CMP_CTX *ctx); | |
359 | int OSSL_CMP_CTX_get_failInfoCode(const OSSL_CMP_CTX *ctx); | |
360 | # define OSSL_CMP_PKISI_BUFLEN 1024 | |
b6fbef11 | 361 | X509 *OSSL_CMP_CTX_get0_validatedSrvCert(const OSSL_CMP_CTX *ctx); |
7960dbec | 362 | X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx); |
39082af2 | 363 | STACK_OF(X509) *OSSL_CMP_CTX_get1_newChain(const OSSL_CMP_CTX *ctx); |
7960dbec DDO |
364 | STACK_OF(X509) *OSSL_CMP_CTX_get1_caPubs(const OSSL_CMP_CTX *ctx); |
365 | STACK_OF(X509) *OSSL_CMP_CTX_get1_extraCertsIn(const OSSL_CMP_CTX *ctx); | |
7960dbec DDO |
366 | int OSSL_CMP_CTX_set1_transactionID(OSSL_CMP_CTX *ctx, |
367 | const ASN1_OCTET_STRING *id); | |
368 | int OSSL_CMP_CTX_set1_senderNonce(OSSL_CMP_CTX *ctx, | |
369 | const ASN1_OCTET_STRING *nonce); | |
8869ad4a | 370 | |
4dde554c | 371 | /* from cmp_status.c */ |
62dcd2aa | 372 | char *OSSL_CMP_CTX_snprint_PKIStatus(const OSSL_CMP_CTX *ctx, char *buf, |
4dde554c | 373 | size_t bufsize); |
62dcd2aa DDO |
374 | char *OSSL_CMP_snprint_PKIStatusInfo(const OSSL_CMP_PKISI *statusInfo, |
375 | char *buf, size_t bufsize); | |
376 | OSSL_CMP_PKISI * | |
377 | OSSL_CMP_STATUSINFO_new(int status, int fail_info, const char *text); | |
4dde554c DDO |
378 | |
379 | /* from cmp_hdr.c */ | |
143be474 DDO |
380 | ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_transactionID(const |
381 | OSSL_CMP_PKIHEADER *hdr); | |
4dde554c DDO |
382 | ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_recipNonce(const OSSL_CMP_PKIHEADER *hdr); |
383 | ||
3dbc5156 | 384 | /* from cmp_msg.c */ |
3dbc5156 | 385 | OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg); |
7df56ada | 386 | int OSSL_CMP_MSG_get_bodytype(const OSSL_CMP_MSG *msg); |
143be474 | 387 | int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg); |
593d6554 | 388 | OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid); |
c6313780 MC |
389 | OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file, OSSL_LIB_CTX *libctx, |
390 | const char *propq); | |
1202de44 | 391 | int OSSL_CMP_MSG_write(const char *file, const OSSL_CMP_MSG *msg); |
ae8483d2 DDO |
392 | OSSL_CMP_MSG *d2i_OSSL_CMP_MSG_bio(BIO *bio, OSSL_CMP_MSG **msg); |
393 | int i2d_OSSL_CMP_MSG_bio(BIO *bio, const OSSL_CMP_MSG *msg); | |
3dbc5156 | 394 | |
31b28ad9 DDO |
395 | /* from cmp_vfy.c */ |
396 | int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg); | |
c4a9e3eb | 397 | int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx, |
31b28ad9 DDO |
398 | X509_STORE *trusted_store, X509 *cert); |
399 | ||
afe554c2 DDO |
400 | /* from cmp_http.c */ |
401 | OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx, | |
402 | const OSSL_CMP_MSG *req); | |
403 | ||
62dcd2aa DDO |
404 | /* from cmp_server.c */ |
405 | typedef struct ossl_cmp_srv_ctx_st OSSL_CMP_SRV_CTX; | |
406 | OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx, | |
407 | const OSSL_CMP_MSG *req); | |
408 | OSSL_CMP_MSG * OSSL_CMP_CTX_server_perform(OSSL_CMP_CTX *client_ctx, | |
409 | const OSSL_CMP_MSG *req); | |
b4250010 | 410 | OSSL_CMP_SRV_CTX *OSSL_CMP_SRV_CTX_new(OSSL_LIB_CTX *libctx, const char *propq); |
62dcd2aa DDO |
411 | void OSSL_CMP_SRV_CTX_free(OSSL_CMP_SRV_CTX *srv_ctx); |
412 | typedef OSSL_CMP_PKISI *(*OSSL_CMP_SRV_cert_request_cb_t) | |
413 | (OSSL_CMP_SRV_CTX *srv_ctx, const OSSL_CMP_MSG *req, int certReqId, | |
414 | const OSSL_CRMF_MSG *crm, const X509_REQ *p10cr, | |
415 | X509 **certOut, STACK_OF(X509) **chainOut, STACK_OF(X509) **caPubs); | |
416 | typedef OSSL_CMP_PKISI *(*OSSL_CMP_SRV_rr_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx, | |
417 | const OSSL_CMP_MSG *req, | |
418 | const X509_NAME *issuer, | |
419 | const ASN1_INTEGER *serial); | |
420 | typedef int (*OSSL_CMP_SRV_genm_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx, | |
421 | const OSSL_CMP_MSG *req, | |
422 | const STACK_OF(OSSL_CMP_ITAV) *in, | |
423 | STACK_OF(OSSL_CMP_ITAV) **out); | |
424 | typedef void (*OSSL_CMP_SRV_error_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx, | |
425 | const OSSL_CMP_MSG *req, | |
426 | const OSSL_CMP_PKISI *statusInfo, | |
427 | const ASN1_INTEGER *errorCode, | |
143be474 | 428 | const OSSL_CMP_PKIFREETEXT *errDetails); |
62dcd2aa DDO |
429 | typedef int (*OSSL_CMP_SRV_certConf_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx, |
430 | const OSSL_CMP_MSG *req, | |
431 | int certReqId, | |
432 | const ASN1_OCTET_STRING *certHash, | |
433 | const OSSL_CMP_PKISI *si); | |
434 | typedef int (*OSSL_CMP_SRV_pollReq_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx, | |
435 | const OSSL_CMP_MSG *req, int certReqId, | |
436 | OSSL_CMP_MSG **certReq, | |
437 | int64_t *check_after); | |
438 | int OSSL_CMP_SRV_CTX_init(OSSL_CMP_SRV_CTX *srv_ctx, void *custom_ctx, | |
439 | OSSL_CMP_SRV_cert_request_cb_t process_cert_request, | |
440 | OSSL_CMP_SRV_rr_cb_t process_rr, | |
441 | OSSL_CMP_SRV_genm_cb_t process_genm, | |
442 | OSSL_CMP_SRV_error_cb_t process_error, | |
443 | OSSL_CMP_SRV_certConf_cb_t process_certConf, | |
444 | OSSL_CMP_SRV_pollReq_cb_t process_pollReq); | |
445 | OSSL_CMP_CTX *OSSL_CMP_SRV_CTX_get0_cmp_ctx(const OSSL_CMP_SRV_CTX *srv_ctx); | |
446 | void *OSSL_CMP_SRV_CTX_get0_custom_ctx(const OSSL_CMP_SRV_CTX *srv_ctx); | |
447 | int OSSL_CMP_SRV_CTX_set_send_unprotected_errors(OSSL_CMP_SRV_CTX *srv_ctx, | |
448 | int val); | |
449 | int OSSL_CMP_SRV_CTX_set_accept_unprotected(OSSL_CMP_SRV_CTX *srv_ctx, int val); | |
450 | int OSSL_CMP_SRV_CTX_set_accept_raverified(OSSL_CMP_SRV_CTX *srv_ctx, int val); | |
451 | int OSSL_CMP_SRV_CTX_set_grant_implicit_confirm(OSSL_CMP_SRV_CTX *srv_ctx, | |
452 | int val); | |
453 | ||
7e765f46 | 454 | /* from cmp_client.c */ |
299e0f1e DDO |
455 | X509 *OSSL_CMP_exec_certreq(OSSL_CMP_CTX *ctx, int req_type, |
456 | const OSSL_CRMF_MSG *crm); | |
457 | # define OSSL_CMP_IR 0 | |
458 | # define OSSL_CMP_CR 2 | |
459 | # define OSSL_CMP_P10CR 4 | |
460 | # define OSSL_CMP_KUR 7 | |
461 | # define OSSL_CMP_exec_IR_ses(ctx) \ | |
462 | OSSL_CMP_exec_certreq(ctx, OSSL_CMP_IR, NULL) | |
463 | # define OSSL_CMP_exec_CR_ses(ctx) \ | |
464 | OSSL_CMP_exec_certreq(ctx, OSSL_CMP_CR, NULL) | |
465 | # define OSSL_CMP_exec_P10CR_ses(ctx) \ | |
466 | OSSL_CMP_exec_certreq(ctx, OSSL_CMP_P10CR, NULL) | |
467 | # define OSSL_CMP_exec_KUR_ses(ctx) \ | |
468 | OSSL_CMP_exec_certreq(ctx, OSSL_CMP_KUR, NULL) | |
469 | int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type, | |
470 | const OSSL_CRMF_MSG *crm, int *checkAfter); | |
3d46c81a | 471 | int OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx); |
7e765f46 DDO |
472 | STACK_OF(OSSL_CMP_ITAV) *OSSL_CMP_exec_GENM_ses(OSSL_CMP_CTX *ctx); |
473 | ||
3dbc5156 | 474 | # ifdef __cplusplus |
8869ad4a | 475 | } |
3dbc5156 | 476 | # endif |
62dcd2aa DDO |
477 | # endif /* !defined(OPENSSL_NO_CMP) */ |
478 | #endif /* !defined(OPENSSL_CMP_H) */ |