include/openssl/crmf.h

   1 /*-
   2  * Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
   3  * Copyright Nokia 2007-2019
   4  * Copyright Siemens AG 2015-2019
   5  *
   6  * Licensed under the Apache License 2.0 (the "License").  You may not use
   7  * this file except in compliance with the License.  You can obtain a copy
   8  * in the file LICENSE in the source distribution or at
   9  * https://www.openssl.org/source/license.html
  10  *
  11  * CRMF (RFC 4211) implementation by M. Peylo, M. Viljanen, and D. von Oheimb.
  12  */
  13
  14 #ifndef OPENSSL_CRMF_H
  15 # define OPENSSL_CRMF_H
  16
  17 # include <openssl/opensslconf.h>
  18
  19 # ifndef OPENSSL_NO_CRMF
  20 #  include <openssl/opensslv.h>
  21 #  include <openssl/safestack.h>
  22 #  include <openssl/crmferr.h>
  23 #  include <openssl/x509v3.h> /* for GENERAL_NAME etc. */
  24
  25 /* explicit #includes not strictly needed since implied by the above: */
  26 #  include <openssl/types.h>
  27 #  include <openssl/x509.h>
  28
  29 #  ifdef __cplusplus
  30 extern "C" {
  31 #  endif
  32
  33 DEFINE_OR_DECLARE_STACK_OF(OSSL_CRMF_MSG)
  34 DEFINE_OR_DECLARE_STACK_OF(OSSL_CRMF_CERTID)
  35
  36 #  define OSSL_CRMF_POPOPRIVKEY_THISMESSAGE          0
  37 #  define OSSL_CRMF_POPOPRIVKEY_SUBSEQUENTMESSAGE    1
  38 #  define OSSL_CRMF_POPOPRIVKEY_DHMAC                2
  39 #  define OSSL_CRMF_POPOPRIVKEY_AGREEMAC             3
  40 #  define OSSL_CRMF_POPOPRIVKEY_ENCRYPTEDKEY         4
  41
  42 #  define OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT       0
  43 #  define OSSL_CRMF_SUBSEQUENTMESSAGE_CHALLENGERESP  1
  44
  45 typedef struct ossl_crmf_encryptedvalue_st OSSL_CRMF_ENCRYPTEDVALUE;
  46 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDVALUE)
  47 typedef struct ossl_crmf_msg_st OSSL_CRMF_MSG;
  48 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSG)
  49 typedef struct ossl_crmf_attributetypeandvalue_st OSSL_CRMF_ATTRIBUTETYPEANDVALUE;
  50 typedef struct ossl_crmf_pbmparameter_st OSSL_CRMF_PBMPARAMETER;
  51 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_PBMPARAMETER)
  52 typedef struct ossl_crmf_poposigningkey_st OSSL_CRMF_POPOSIGNINGKEY;
  53 typedef struct ossl_crmf_certrequest_st OSSL_CRMF_CERTREQUEST;
  54 typedef struct ossl_crmf_certid_st OSSL_CRMF_CERTID;
  55 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_CERTID)
  56
  57 typedef struct ossl_crmf_pkipublicationinfo_st OSSL_CRMF_PKIPUBLICATIONINFO;
  58 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_PKIPUBLICATIONINFO)
  59 typedef struct ossl_crmf_singlepubinfo_st OSSL_CRMF_SINGLEPUBINFO;
  60 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_SINGLEPUBINFO)
  61 typedef struct ossl_crmf_certtemplate_st OSSL_CRMF_CERTTEMPLATE;
  62 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_CERTTEMPLATE)
  63 typedef STACK_OF(OSSL_CRMF_MSG) OSSL_CRMF_MSGS;
  64 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSGS)
  65
  66 typedef struct ossl_crmf_optionalvalidity_st OSSL_CRMF_OPTIONALVALIDITY;
  67
  68 /* crmf_pbm.c */
  69 OSSL_CRMF_PBMPARAMETER *OSSL_CRMF_pbmp_new(size_t slen, int owfnid,
  70                                            int itercnt, int macnid);
  71 int OSSL_CRMF_pbm_new(const OSSL_CRMF_PBMPARAMETER *pbmp,
  72                       const unsigned char *msg, size_t msglen,
  73                       const unsigned char *sec, size_t seclen,
  74                       unsigned char **mac, size_t *maclen);
  75
  76 /* crmf_lib.c */
  77 int OSSL_CRMF_MSG_set1_regCtrl_regToken(OSSL_CRMF_MSG *msg,
  78                                         const ASN1_UTF8STRING *tok);
  79 int OSSL_CRMF_MSG_set1_regCtrl_authenticator(OSSL_CRMF_MSG *msg,
  80                                              const ASN1_UTF8STRING *auth);
  81 int
  82 OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo(OSSL_CRMF_PKIPUBLICATIONINFO *pi,
  83                                                      OSSL_CRMF_SINGLEPUBINFO *spi);
  84 #  define OSSL_CRMF_PUB_METHOD_DONTCARE 0
  85 #  define OSSL_CRMF_PUB_METHOD_X500     1
  86 #  define OSSL_CRMF_PUB_METHOD_WEB      2
  87 #  define OSSL_CRMF_PUB_METHOD_LDAP     3
  88 int OSSL_CRMF_MSG_set0_SinglePubInfo(OSSL_CRMF_SINGLEPUBINFO *spi,
  89                                      int method, GENERAL_NAME *nm);
  90 #  define OSSL_CRMF_PUB_ACTION_DONTPUBLISH   0
  91 #  define OSSL_CRMF_PUB_ACTION_PLEASEPUBLISH 1
  92 int OSSL_CRMF_MSG_set_PKIPublicationInfo_action(OSSL_CRMF_PKIPUBLICATIONINFO *pi,
  93                                                 int action);
  94 int OSSL_CRMF_MSG_set1_regCtrl_pkiPublicationInfo(OSSL_CRMF_MSG *msg,
  95                                                   const OSSL_CRMF_PKIPUBLICATIONINFO *pi);
  96 int OSSL_CRMF_MSG_set1_regCtrl_protocolEncrKey(OSSL_CRMF_MSG *msg,
  97                                                const X509_PUBKEY *pubkey);
  98 int OSSL_CRMF_MSG_set1_regCtrl_oldCertID(OSSL_CRMF_MSG *msg,
  99                                          const OSSL_CRMF_CERTID *cid);
 100 OSSL_CRMF_CERTID *OSSL_CRMF_CERTID_gen(const X509_NAME *issuer,
 101                                        const ASN1_INTEGER *serial);
 102
 103 int OSSL_CRMF_MSG_set1_regInfo_utf8Pairs(OSSL_CRMF_MSG *msg,
 104                                          const ASN1_UTF8STRING *utf8pairs);
 105 int OSSL_CRMF_MSG_set1_regInfo_certReq(OSSL_CRMF_MSG *msg,
 106                                        const OSSL_CRMF_CERTREQUEST *cr);
 107
 108 int OSSL_CRMF_MSG_set_validity(OSSL_CRMF_MSG *crm, time_t from, time_t to);
 109 int OSSL_CRMF_MSG_set_certReqId(OSSL_CRMF_MSG *crm, int rid);
 110 int OSSL_CRMF_MSG_get_certReqId(const OSSL_CRMF_MSG *crm);
 111 int OSSL_CRMF_MSG_set0_extensions(OSSL_CRMF_MSG *crm, X509_EXTENSIONS *exts);
 112
 113 int OSSL_CRMF_MSG_push0_extension(OSSL_CRMF_MSG *crm, X509_EXTENSION *ext);
 114 #  define OSSL_CRMF_POPO_NONE       -1
 115 #  define OSSL_CRMF_POPO_RAVERIFIED 0
 116 #  define OSSL_CRMF_POPO_SIGNATURE  1
 117 #  define OSSL_CRMF_POPO_KEYENC     2
 118 #  define OSSL_CRMF_POPO_KEYAGREE   3
 119 int OSSL_CRMF_MSG_create_popo(OSSL_CRMF_MSG *crm, EVP_PKEY *pkey,
 120                               int dgst, int ppmtd);
 121 int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs,
 122                                int rid, int acceptRAVerified);
 123 OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm);
 124 ASN1_INTEGER
 125 *OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 126 const X509_NAME
 127 *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 128 const X509_NAME
 129 *OSSL_CRMF_CERTID_get0_issuer(const OSSL_CRMF_CERTID *cid);
 130 ASN1_INTEGER *OSSL_CRMF_CERTID_get0_serialNumber(const OSSL_CRMF_CERTID *cid);
 131 int OSSL_CRMF_CERTTEMPLATE_fill(OSSL_CRMF_CERTTEMPLATE *tmpl,
 132                                 EVP_PKEY *pubkey,
 133                                 const X509_NAME *subject,
 134                                 const X509_NAME *issuer,
 135                                 const ASN1_INTEGER *serial);
 136 X509
 137 *OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert(const OSSL_CRMF_ENCRYPTEDVALUE *ecert,
 138                                        EVP_PKEY *pkey);
 139
 140 #  ifdef __cplusplus
 141 }
 142 #  endif
 143 # endif /* !defined(OPENSSL_NO_CRMF) */
 144 #endif /* !defined(OPENSSL_CRMF_H) */