2 * Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright Nokia 2007-2019
4 * Copyright Siemens AG 2015-2019
6 * Licensed under the Apache License 2.0 (the "License"). You may not use
7 * this file except in compliance with the License. You can obtain a copy
8 * in the file LICENSE in the source distribution or at
9 * https://www.openssl.org/source/license.html
11 * CRMF (RFC 4211) implementation by M. Peylo, M. Viljanen, and D. von Oheimb.
14 #ifndef OPENSSL_CRMF_H
15 # define OPENSSL_CRMF_H
17 # include <openssl/opensslconf.h>
19 # ifndef OPENSSL_NO_CRMF
20 # include <openssl/opensslv.h>
21 # include <openssl/safestack.h>
22 # include <openssl/crmferr.h>
23 # include <openssl/x509v3.h> /* for GENERAL_NAME etc. */
25 /* explicit #includes not strictly needed since implied by the above: */
26 # include <openssl/types.h>
27 # include <openssl/x509.h>
33 # define OSSL_CRMF_POPOPRIVKEY_THISMESSAGE 0
34 # define OSSL_CRMF_POPOPRIVKEY_SUBSEQUENTMESSAGE 1
35 # define OSSL_CRMF_POPOPRIVKEY_DHMAC 2
36 # define OSSL_CRMF_POPOPRIVKEY_AGREEMAC 3
37 # define OSSL_CRMF_POPOPRIVKEY_ENCRYPTEDKEY 4
39 # define OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT 0
40 # define OSSL_CRMF_SUBSEQUENTMESSAGE_CHALLENGERESP 1
42 typedef struct ossl_crmf_encryptedvalue_st OSSL_CRMF_ENCRYPTEDVALUE
;
43 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDVALUE
)
44 typedef struct ossl_crmf_msg_st OSSL_CRMF_MSG
;
45 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSG
)
46 DECLARE_ASN1_DUP_FUNCTION(OSSL_CRMF_MSG
)
47 DEFINE_OR_DECLARE_STACK_OF(OSSL_CRMF_MSG
)
48 typedef struct ossl_crmf_attributetypeandvalue_st OSSL_CRMF_ATTRIBUTETYPEANDVALUE
;
49 typedef struct ossl_crmf_pbmparameter_st OSSL_CRMF_PBMPARAMETER
;
50 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_PBMPARAMETER
)
51 typedef struct ossl_crmf_poposigningkey_st OSSL_CRMF_POPOSIGNINGKEY
;
52 typedef struct ossl_crmf_certrequest_st OSSL_CRMF_CERTREQUEST
;
53 typedef struct ossl_crmf_certid_st OSSL_CRMF_CERTID
;
54 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_CERTID
)
55 DECLARE_ASN1_DUP_FUNCTION(OSSL_CRMF_CERTID
)
56 DEFINE_OR_DECLARE_STACK_OF(OSSL_CRMF_CERTID
)
58 typedef struct ossl_crmf_pkipublicationinfo_st OSSL_CRMF_PKIPUBLICATIONINFO
;
59 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_PKIPUBLICATIONINFO
)
60 typedef struct ossl_crmf_singlepubinfo_st OSSL_CRMF_SINGLEPUBINFO
;
61 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_SINGLEPUBINFO
)
62 typedef struct ossl_crmf_certtemplate_st OSSL_CRMF_CERTTEMPLATE
;
63 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_CERTTEMPLATE
)
64 typedef STACK_OF(OSSL_CRMF_MSG
) OSSL_CRMF_MSGS
;
65 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSGS
)
67 typedef struct ossl_crmf_optionalvalidity_st OSSL_CRMF_OPTIONALVALIDITY
;
70 OSSL_CRMF_PBMPARAMETER
*OSSL_CRMF_pbmp_new(size_t slen
, int owfnid
,
71 int itercnt
, int macnid
);
72 int OSSL_CRMF_pbm_new(const OSSL_CRMF_PBMPARAMETER
*pbmp
,
73 const unsigned char *msg
, size_t msglen
,
74 const unsigned char *sec
, size_t seclen
,
75 unsigned char **mac
, size_t *maclen
);
78 int OSSL_CRMF_MSG_set1_regCtrl_regToken(OSSL_CRMF_MSG
*msg
,
79 const ASN1_UTF8STRING
*tok
);
80 int OSSL_CRMF_MSG_set1_regCtrl_authenticator(OSSL_CRMF_MSG
*msg
,
81 const ASN1_UTF8STRING
*auth
);
83 OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo(OSSL_CRMF_PKIPUBLICATIONINFO
*pi
,
84 OSSL_CRMF_SINGLEPUBINFO
*spi
);
85 # define OSSL_CRMF_PUB_METHOD_DONTCARE 0
86 # define OSSL_CRMF_PUB_METHOD_X500 1
87 # define OSSL_CRMF_PUB_METHOD_WEB 2
88 # define OSSL_CRMF_PUB_METHOD_LDAP 3
89 int OSSL_CRMF_MSG_set0_SinglePubInfo(OSSL_CRMF_SINGLEPUBINFO
*spi
,
90 int method
, GENERAL_NAME
*nm
);
91 # define OSSL_CRMF_PUB_ACTION_DONTPUBLISH 0
92 # define OSSL_CRMF_PUB_ACTION_PLEASEPUBLISH 1
93 int OSSL_CRMF_MSG_set_PKIPublicationInfo_action(OSSL_CRMF_PKIPUBLICATIONINFO
*pi
,
95 int OSSL_CRMF_MSG_set1_regCtrl_pkiPublicationInfo(OSSL_CRMF_MSG
*msg
,
96 const OSSL_CRMF_PKIPUBLICATIONINFO
*pi
);
97 int OSSL_CRMF_MSG_set1_regCtrl_protocolEncrKey(OSSL_CRMF_MSG
*msg
,
98 const X509_PUBKEY
*pubkey
);
99 int OSSL_CRMF_MSG_set1_regCtrl_oldCertID(OSSL_CRMF_MSG
*msg
,
100 const OSSL_CRMF_CERTID
*cid
);
101 OSSL_CRMF_CERTID
*OSSL_CRMF_CERTID_gen(const X509_NAME
*issuer
,
102 const ASN1_INTEGER
*serial
);
104 int OSSL_CRMF_MSG_set1_regInfo_utf8Pairs(OSSL_CRMF_MSG
*msg
,
105 const ASN1_UTF8STRING
*utf8pairs
);
106 int OSSL_CRMF_MSG_set1_regInfo_certReq(OSSL_CRMF_MSG
*msg
,
107 const OSSL_CRMF_CERTREQUEST
*cr
);
109 int OSSL_CRMF_MSG_set0_validity(OSSL_CRMF_MSG
*crm
,
110 ASN1_TIME
*notBefore
, ASN1_TIME
*notAfter
);
111 int OSSL_CRMF_MSG_set_certReqId(OSSL_CRMF_MSG
*crm
, int rid
);
112 int OSSL_CRMF_MSG_get_certReqId(const OSSL_CRMF_MSG
*crm
);
113 int OSSL_CRMF_MSG_set0_extensions(OSSL_CRMF_MSG
*crm
, X509_EXTENSIONS
*exts
);
115 int OSSL_CRMF_MSG_push0_extension(OSSL_CRMF_MSG
*crm
, X509_EXTENSION
*ext
);
116 # define OSSL_CRMF_POPO_NONE -1
117 # define OSSL_CRMF_POPO_RAVERIFIED 0
118 # define OSSL_CRMF_POPO_SIGNATURE 1
119 # define OSSL_CRMF_POPO_KEYENC 2
120 # define OSSL_CRMF_POPO_KEYAGREE 3
121 int OSSL_CRMF_MSG_create_popo(OSSL_CRMF_MSG
*crm
, EVP_PKEY
*pkey
,
122 int dgst
, int ppmtd
);
123 int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS
*reqs
,
124 int rid
, int acceptRAVerified
);
125 OSSL_CRMF_CERTTEMPLATE
*OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG
*crm
);
127 *OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE
*tmpl
);
129 *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE
*tmpl
);
131 *OSSL_CRMF_CERTID_get0_issuer(const OSSL_CRMF_CERTID
*cid
);
132 ASN1_INTEGER
*OSSL_CRMF_CERTID_get0_serialNumber(const OSSL_CRMF_CERTID
*cid
);
133 int OSSL_CRMF_CERTTEMPLATE_fill(OSSL_CRMF_CERTTEMPLATE
*tmpl
,
135 const X509_NAME
*subject
,
136 const X509_NAME
*issuer
,
137 const ASN1_INTEGER
*serial
);
139 *OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert(const OSSL_CRMF_ENCRYPTEDVALUE
*ecert
,
145 # endif /* !defined(OPENSSL_NO_CRMF) */
146 #endif /* !defined(OPENSSL_CRMF_H) */