2 * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 * MessageImprint ::= SEQUENCE {
12 * hashAlgorithm AlgorithmIdentifier,
13 * hashedMessage OCTET STRING }
15 struct TS_msg_imprint_st
{
16 X509_ALGOR
*hash_algo
;
17 ASN1_OCTET_STRING
*hashed_msg
;
21 * TimeStampResp ::= SEQUENCE {
22 * status PKIStatusInfo,
23 * timeStampToken TimeStampToken OPTIONAL }
26 TS_STATUS_INFO
*status_info
;
28 TS_TST_INFO
*tst_info
;
32 * TimeStampReq ::= SEQUENCE {
33 * version INTEGER { v1(1) },
34 * messageImprint MessageImprint,
35 * --a hash algorithm OID and the hash value of the data to be
37 * reqPolicy TSAPolicyId OPTIONAL,
38 * nonce INTEGER OPTIONAL,
39 * certReq BOOLEAN DEFAULT FALSE,
40 * extensions [0] IMPLICIT Extensions OPTIONAL }
43 ASN1_INTEGER
*version
;
44 TS_MSG_IMPRINT
*msg_imprint
;
45 ASN1_OBJECT
*policy_id
;
47 ASN1_BOOLEAN cert_req
;
48 STACK_OF(X509_EXTENSION
) *extensions
;
52 * Accuracy ::= SEQUENCE {
53 * seconds INTEGER OPTIONAL,
54 * millis [0] INTEGER (1..999) OPTIONAL,
55 * micros [1] INTEGER (1..999) OPTIONAL }
57 struct TS_accuracy_st
{
58 ASN1_INTEGER
*seconds
;
64 * TSTInfo ::= SEQUENCE {
65 * version INTEGER { v1(1) },
67 * messageImprint MessageImprint,
68 * -- MUST have the same value as the similar field in
70 * serialNumber INTEGER,
71 * -- Time-Stamping users MUST be ready to accommodate integers
73 * genTime GeneralizedTime,
74 * accuracy Accuracy OPTIONAL,
75 * ordering BOOLEAN DEFAULT FALSE,
76 * nonce INTEGER OPTIONAL,
77 * -- MUST be present if the similar field was present
78 * -- in TimeStampReq. In that case it MUST have the same value.
79 * tsa [0] GeneralName OPTIONAL,
80 * extensions [1] IMPLICIT Extensions OPTIONAL }
82 struct TS_tst_info_st
{
83 ASN1_INTEGER
*version
;
84 ASN1_OBJECT
*policy_id
;
85 TS_MSG_IMPRINT
*msg_imprint
;
87 ASN1_GENERALIZEDTIME
*time
;
88 TS_ACCURACY
*accuracy
;
89 ASN1_BOOLEAN ordering
;
92 STACK_OF(X509_EXTENSION
) *extensions
;
95 struct TS_status_info_st
{
97 STACK_OF(ASN1_UTF8STRING
) *text
;
98 ASN1_BIT_STRING
*failure_info
;
103 EVP_PKEY
*signer_key
;
104 const EVP_MD
*signer_md
;
105 const EVP_MD
*ess_cert_id_digest
;
106 STACK_OF(X509
) *certs
; /* Certs to include in signed data. */
107 STACK_OF(ASN1_OBJECT
) *policies
; /* Acceptable policies. */
108 ASN1_OBJECT
*default_policy
; /* It may appear in policies, too. */
109 STACK_OF(EVP_MD
) *mds
; /* Acceptable message digests. */
110 ASN1_INTEGER
*seconds
; /* accuracy, 0 means not specified. */
111 ASN1_INTEGER
*millis
; /* accuracy, 0 means not specified. */
112 ASN1_INTEGER
*micros
; /* accuracy, 0 means not specified. */
113 unsigned clock_precision_digits
; /* fraction of seconds in time stamp
115 unsigned flags
; /* Optional info, see values above. */
116 /* Callback functions. */
117 TS_serial_cb serial_cb
;
118 void *serial_cb_data
; /* User data for serial_cb. */
120 void *time_cb_data
; /* User data for time_cb. */
121 TS_extension_cb extension_cb
;
122 void *extension_cb_data
; /* User data for extension_cb. */
123 /* These members are used only while creating the response. */
126 TS_TST_INFO
*tst_info
;
129 struct TS_verify_ctx
{
130 /* Set this to the union of TS_VFY_... flags you want to carry out. */
132 /* Must be set only with TS_VFY_SIGNATURE. certs is optional. */
134 STACK_OF(X509
) *certs
;
135 /* Must be set only with TS_VFY_POLICY. */
138 * Must be set only with TS_VFY_IMPRINT. If md_alg is NULL, the
139 * algorithm from the response is used.
142 unsigned char *imprint
;
143 unsigned imprint_len
;
144 /* Must be set only with TS_VFY_DATA. */
146 /* Must be set only with TS_VFY_TSA_NAME. */
148 /* Must be set only with TS_VFY_TSA_NAME. */
149 GENERAL_NAME
*tsa_name
;