2 * Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright Nokia 2007-2018
4 * Copyright Siemens AG 2015-2018
6 * Licensed under the Apache License 2.0 (the "License"). You may not use
7 * this file except in compliance with the License. You can obtain a copy
8 * in the file LICENSE in the source distribution or at
9 * https://www.openssl.org/source/license.html
11 * CRMF implementation by Martin Peylo, Miikka Viljanen, and David von Oheimb.
14 #include <openssl/asn1t.h>
18 /* explicit #includes not strictly needed since implied by the above: */
19 #include <openssl/crmf.h>
21 ASN1_SEQUENCE(OSSL_CRMF_PRIVATEKEYINFO
) = {
22 ASN1_SIMPLE(OSSL_CRMF_PRIVATEKEYINFO
, version
, ASN1_INTEGER
),
23 ASN1_SIMPLE(OSSL_CRMF_PRIVATEKEYINFO
, privateKeyAlgorithm
, X509_ALGOR
),
24 ASN1_SIMPLE(OSSL_CRMF_PRIVATEKEYINFO
, privateKey
, ASN1_OCTET_STRING
),
25 ASN1_IMP_SET_OF_OPT(OSSL_CRMF_PRIVATEKEYINFO
, attributes
, X509_ATTRIBUTE
, 0)
26 } ASN1_SEQUENCE_END(OSSL_CRMF_PRIVATEKEYINFO
)
27 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_PRIVATEKEYINFO
)
30 ASN1_CHOICE(OSSL_CRMF_ENCKEYWITHID_IDENTIFIER
) = {
31 ASN1_SIMPLE(OSSL_CRMF_ENCKEYWITHID_IDENTIFIER
, value
.string
, ASN1_UTF8STRING
),
32 ASN1_SIMPLE(OSSL_CRMF_ENCKEYWITHID_IDENTIFIER
, value
.generalName
, GENERAL_NAME
)
33 } ASN1_CHOICE_END(OSSL_CRMF_ENCKEYWITHID_IDENTIFIER
)
34 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_ENCKEYWITHID_IDENTIFIER
)
37 ASN1_SEQUENCE(OSSL_CRMF_ENCKEYWITHID
) = {
38 ASN1_SIMPLE(OSSL_CRMF_ENCKEYWITHID
, privateKey
, OSSL_CRMF_PRIVATEKEYINFO
),
39 ASN1_OPT(OSSL_CRMF_ENCKEYWITHID
, identifier
,
40 OSSL_CRMF_ENCKEYWITHID_IDENTIFIER
)
41 } ASN1_SEQUENCE_END(OSSL_CRMF_ENCKEYWITHID
)
42 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_ENCKEYWITHID
)
45 ASN1_SEQUENCE(OSSL_CRMF_CERTID
) = {
46 ASN1_SIMPLE(OSSL_CRMF_CERTID
, issuer
, GENERAL_NAME
),
47 ASN1_SIMPLE(OSSL_CRMF_CERTID
, serialNumber
, ASN1_INTEGER
)
48 } ASN1_SEQUENCE_END(OSSL_CRMF_CERTID
)
49 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_CERTID
)
50 IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CRMF_CERTID
)
53 ASN1_SEQUENCE(OSSL_CRMF_ENCRYPTEDVALUE
) = {
54 ASN1_IMP_OPT(OSSL_CRMF_ENCRYPTEDVALUE
, intendedAlg
, X509_ALGOR
, 0),
55 ASN1_IMP_OPT(OSSL_CRMF_ENCRYPTEDVALUE
, symmAlg
, X509_ALGOR
, 1),
56 ASN1_IMP_OPT(OSSL_CRMF_ENCRYPTEDVALUE
, encSymmKey
, ASN1_BIT_STRING
, 2),
57 ASN1_IMP_OPT(OSSL_CRMF_ENCRYPTEDVALUE
, keyAlg
, X509_ALGOR
, 3),
58 ASN1_IMP_OPT(OSSL_CRMF_ENCRYPTEDVALUE
, valueHint
, ASN1_OCTET_STRING
, 4),
59 ASN1_SIMPLE(OSSL_CRMF_ENCRYPTEDVALUE
, encValue
, ASN1_BIT_STRING
)
60 } ASN1_SEQUENCE_END(OSSL_CRMF_ENCRYPTEDVALUE
)
61 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDVALUE
)
63 ASN1_SEQUENCE(OSSL_CRMF_SINGLEPUBINFO
) = {
64 ASN1_SIMPLE(OSSL_CRMF_SINGLEPUBINFO
, pubMethod
, ASN1_INTEGER
),
65 ASN1_SIMPLE(OSSL_CRMF_SINGLEPUBINFO
, pubLocation
, GENERAL_NAME
)
66 } ASN1_SEQUENCE_END(OSSL_CRMF_SINGLEPUBINFO
)
67 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_SINGLEPUBINFO
)
70 ASN1_SEQUENCE(OSSL_CRMF_PKIPUBLICATIONINFO
) = {
71 ASN1_SIMPLE(OSSL_CRMF_PKIPUBLICATIONINFO
, action
, ASN1_INTEGER
),
72 ASN1_SEQUENCE_OF_OPT(OSSL_CRMF_PKIPUBLICATIONINFO
, pubInfos
,
73 OSSL_CRMF_SINGLEPUBINFO
)
74 } ASN1_SEQUENCE_END(OSSL_CRMF_PKIPUBLICATIONINFO
)
75 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_PKIPUBLICATIONINFO
)
76 IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CRMF_PKIPUBLICATIONINFO
)
79 ASN1_SEQUENCE(OSSL_CRMF_PKMACVALUE
) = {
80 ASN1_SIMPLE(OSSL_CRMF_PKMACVALUE
, algId
, X509_ALGOR
),
81 ASN1_SIMPLE(OSSL_CRMF_PKMACVALUE
, value
, ASN1_BIT_STRING
)
82 } ASN1_SEQUENCE_END(OSSL_CRMF_PKMACVALUE
)
83 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_PKMACVALUE
)
86 ASN1_CHOICE(OSSL_CRMF_POPOPRIVKEY
) = {
87 ASN1_IMP(OSSL_CRMF_POPOPRIVKEY
, value
.thisMessage
, ASN1_BIT_STRING
, 0),
88 ASN1_IMP(OSSL_CRMF_POPOPRIVKEY
, value
.subsequentMessage
, ASN1_INTEGER
, 1),
89 ASN1_IMP(OSSL_CRMF_POPOPRIVKEY
, value
.dhMAC
, ASN1_BIT_STRING
, 2),
90 ASN1_IMP(OSSL_CRMF_POPOPRIVKEY
, value
.agreeMAC
, OSSL_CRMF_PKMACVALUE
, 3),
92 * TODO: This is not ASN1_NULL but CMS_ENVELOPEDDATA which should be somehow
93 * taken from crypto/cms which exists now - this is not used anywhere so far
95 ASN1_IMP(OSSL_CRMF_POPOPRIVKEY
, value
.encryptedKey
, ASN1_NULL
, 4),
96 } ASN1_CHOICE_END(OSSL_CRMF_POPOPRIVKEY
)
97 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_POPOPRIVKEY
)
100 ASN1_SEQUENCE(OSSL_CRMF_PBMPARAMETER
) = {
101 ASN1_SIMPLE(OSSL_CRMF_PBMPARAMETER
, salt
, ASN1_OCTET_STRING
),
102 ASN1_SIMPLE(OSSL_CRMF_PBMPARAMETER
, owf
, X509_ALGOR
),
103 ASN1_SIMPLE(OSSL_CRMF_PBMPARAMETER
, iterationCount
, ASN1_INTEGER
),
104 ASN1_SIMPLE(OSSL_CRMF_PBMPARAMETER
, mac
, X509_ALGOR
)
105 } ASN1_SEQUENCE_END(OSSL_CRMF_PBMPARAMETER
)
106 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_PBMPARAMETER
)
109 ASN1_CHOICE(OSSL_CRMF_POPOSIGNINGKEYINPUT_AUTHINFO
) = {
110 ASN1_EXP(OSSL_CRMF_POPOSIGNINGKEYINPUT_AUTHINFO
, value
.sender
,
112 ASN1_SIMPLE(OSSL_CRMF_POPOSIGNINGKEYINPUT_AUTHINFO
, value
.publicKeyMAC
,
113 OSSL_CRMF_PKMACVALUE
)
114 } ASN1_CHOICE_END(OSSL_CRMF_POPOSIGNINGKEYINPUT_AUTHINFO
)
115 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_POPOSIGNINGKEYINPUT_AUTHINFO
)
118 ASN1_SEQUENCE(OSSL_CRMF_POPOSIGNINGKEYINPUT
) = {
119 ASN1_SIMPLE(OSSL_CRMF_POPOSIGNINGKEYINPUT
, authInfo
,
120 OSSL_CRMF_POPOSIGNINGKEYINPUT_AUTHINFO
),
121 ASN1_SIMPLE(OSSL_CRMF_POPOSIGNINGKEYINPUT
, publicKey
, X509_PUBKEY
)
122 } ASN1_SEQUENCE_END(OSSL_CRMF_POPOSIGNINGKEYINPUT
)
123 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_POPOSIGNINGKEYINPUT
)
126 ASN1_SEQUENCE(OSSL_CRMF_POPOSIGNINGKEY
) = {
127 ASN1_IMP_OPT(OSSL_CRMF_POPOSIGNINGKEY
, poposkInput
,
128 OSSL_CRMF_POPOSIGNINGKEYINPUT
, 0),
129 ASN1_SIMPLE(OSSL_CRMF_POPOSIGNINGKEY
, algorithmIdentifier
, X509_ALGOR
),
130 ASN1_SIMPLE(OSSL_CRMF_POPOSIGNINGKEY
, signature
, ASN1_BIT_STRING
)
131 } ASN1_SEQUENCE_END(OSSL_CRMF_POPOSIGNINGKEY
)
132 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_POPOSIGNINGKEY
)
135 ASN1_CHOICE(OSSL_CRMF_POPO
) = {
136 ASN1_IMP(OSSL_CRMF_POPO
, value
.raVerified
, ASN1_NULL
, 0),
137 ASN1_IMP(OSSL_CRMF_POPO
, value
.signature
, OSSL_CRMF_POPOSIGNINGKEY
, 1),
138 ASN1_EXP(OSSL_CRMF_POPO
, value
.keyEncipherment
, OSSL_CRMF_POPOPRIVKEY
, 2),
139 ASN1_EXP(OSSL_CRMF_POPO
, value
.keyAgreement
, OSSL_CRMF_POPOPRIVKEY
, 3)
140 } ASN1_CHOICE_END(OSSL_CRMF_POPO
)
141 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_POPO
)
144 ASN1_ADB_TEMPLATE(attributetypeandvalue_default
) = ASN1_OPT(
145 OSSL_CRMF_ATTRIBUTETYPEANDVALUE
, value
.other
, ASN1_ANY
);
146 ASN1_ADB(OSSL_CRMF_ATTRIBUTETYPEANDVALUE
) = {
147 ADB_ENTRY(NID_id_regCtrl_regToken
,
148 ASN1_SIMPLE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE
,
149 value
.regToken
, ASN1_UTF8STRING
)),
150 ADB_ENTRY(NID_id_regCtrl_authenticator
,
151 ASN1_SIMPLE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE
,
152 value
.authenticator
, ASN1_UTF8STRING
)),
153 ADB_ENTRY(NID_id_regCtrl_pkiPublicationInfo
,
154 ASN1_SIMPLE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE
,
155 value
.pkiPublicationInfo
,
156 OSSL_CRMF_PKIPUBLICATIONINFO
)),
157 ADB_ENTRY(NID_id_regCtrl_oldCertID
,
158 ASN1_SIMPLE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE
,
159 value
.oldCertID
, OSSL_CRMF_CERTID
)),
160 ADB_ENTRY(NID_id_regCtrl_protocolEncrKey
,
161 ASN1_SIMPLE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE
,
162 value
.protocolEncrKey
, X509_PUBKEY
)),
163 ADB_ENTRY(NID_id_regInfo_utf8Pairs
,
164 ASN1_SIMPLE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE
,
165 value
.utf8Pairs
, ASN1_UTF8STRING
)),
166 ADB_ENTRY(NID_id_regInfo_certReq
,
167 ASN1_SIMPLE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE
,
168 value
.certReq
, OSSL_CRMF_CERTREQUEST
)),
169 } ASN1_ADB_END(OSSL_CRMF_ATTRIBUTETYPEANDVALUE
, 0, type
, 0,
170 &attributetypeandvalue_default_tt
, NULL
);
173 ASN1_SEQUENCE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE
) = {
174 ASN1_SIMPLE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE
, type
, ASN1_OBJECT
),
175 ASN1_ADB_OBJECT(OSSL_CRMF_ATTRIBUTETYPEANDVALUE
)
176 } ASN1_SEQUENCE_END(OSSL_CRMF_ATTRIBUTETYPEANDVALUE
)
178 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_ATTRIBUTETYPEANDVALUE
)
179 IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CRMF_ATTRIBUTETYPEANDVALUE
)
182 ASN1_SEQUENCE(OSSL_CRMF_OPTIONALVALIDITY
) = {
183 ASN1_EXP_OPT(OSSL_CRMF_OPTIONALVALIDITY
, notBefore
, ASN1_TIME
, 0),
184 ASN1_EXP_OPT(OSSL_CRMF_OPTIONALVALIDITY
, notAfter
, ASN1_TIME
, 1)
185 } ASN1_SEQUENCE_END(OSSL_CRMF_OPTIONALVALIDITY
)
186 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_OPTIONALVALIDITY
)
189 ASN1_SEQUENCE(OSSL_CRMF_CERTTEMPLATE
) = {
190 ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE
, version
, ASN1_INTEGER
, 0),
192 * serialNumber MUST be omitted. This field is assigned by the CA
193 * during certificate creation.
195 ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE
, serialNumber
, ASN1_INTEGER
, 1),
197 * signingAlg MUST be omitted. This field is assigned by the CA
198 * during certificate creation.
200 ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE
, signingAlg
, X509_ALGOR
, 2),
201 ASN1_EXP_OPT(OSSL_CRMF_CERTTEMPLATE
, issuer
, X509_NAME
, 3),
202 ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE
, validity
,
203 OSSL_CRMF_OPTIONALVALIDITY
, 4),
204 ASN1_EXP_OPT(OSSL_CRMF_CERTTEMPLATE
, subject
, X509_NAME
, 5),
205 ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE
, publicKey
, X509_PUBKEY
, 6),
206 /* issuerUID is deprecated in version 2 */
207 ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE
, issuerUID
, ASN1_BIT_STRING
, 7),
208 /* subjectUID is deprecated in version 2 */
209 ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE
, subjectUID
, ASN1_BIT_STRING
, 8),
210 ASN1_IMP_SEQUENCE_OF_OPT(OSSL_CRMF_CERTTEMPLATE
, extensions
,
212 } ASN1_SEQUENCE_END(OSSL_CRMF_CERTTEMPLATE
)
213 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_CERTTEMPLATE
)
216 ASN1_SEQUENCE(OSSL_CRMF_CERTREQUEST
) = {
217 ASN1_SIMPLE(OSSL_CRMF_CERTREQUEST
, certReqId
, ASN1_INTEGER
),
218 ASN1_SIMPLE(OSSL_CRMF_CERTREQUEST
, certTemplate
, OSSL_CRMF_CERTTEMPLATE
),
219 ASN1_SEQUENCE_OF_OPT(OSSL_CRMF_CERTREQUEST
, controls
,
220 OSSL_CRMF_ATTRIBUTETYPEANDVALUE
)
221 } ASN1_SEQUENCE_END(OSSL_CRMF_CERTREQUEST
)
222 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_CERTREQUEST
)
223 IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CRMF_CERTREQUEST
)
226 ASN1_SEQUENCE(OSSL_CRMF_MSG
) = {
227 ASN1_SIMPLE(OSSL_CRMF_MSG
, certReq
, OSSL_CRMF_CERTREQUEST
),
228 ASN1_OPT(OSSL_CRMF_MSG
, popo
, OSSL_CRMF_POPO
),
229 ASN1_SEQUENCE_OF_OPT(OSSL_CRMF_MSG
, regInfo
,
230 OSSL_CRMF_ATTRIBUTETYPEANDVALUE
)
231 } ASN1_SEQUENCE_END(OSSL_CRMF_MSG
)
232 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_MSG
)
235 ASN1_ITEM_TEMPLATE(OSSL_CRMF_MSGS
) =
236 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF
, 0,
237 OSSL_CRMF_MSGS
, OSSL_CRMF_MSG
)
238 ASN1_ITEM_TEMPLATE_END(OSSL_CRMF_MSGS
)
239 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_MSGS
)