[thirdparty/openssl.git] / include / openssl / crmf.h

/*-
 * Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved.
 * Copyright Nokia 2007-2019
 * Copyright Siemens AG 2015-2019
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 *
 * CRMF (RFC 4211) implementation by M. Peylo, M. Viljanen, and D. von Oheimb.
 */

#ifndef OSSL_HEADER_CRMF_H
# define OSSL_HEADER_CRMF_H

# include <openssl/opensslconf.h>

# ifndef OPENSSL_NO_CRMF
#  include <openssl/opensslv.h>
#  include <openssl/safestack.h>
#  include <openssl/crmferr.h>
#  include <openssl/x509v3.h> /* for GENERAL_NAME etc. */

/* explicit #includes not strictly needed since implied by the above: */
#  include <openssl/ossl_typ.h>
#  include <openssl/x509.h>

#  ifdef  __cplusplus
extern "C" {
#  endif

#  define OSSL_CRMF_POPOPRIVKEY_THISMESSAGE          0
#  define OSSL_CRMF_POPOPRIVKEY_SUBSEQUENTMESSAGE    1
#  define OSSL_CRMF_POPOPRIVKEY_DHMAC                2
#  define OSSL_CRMF_POPOPRIVKEY_AGREEMAC             3
#  define OSSL_CRMF_POPOPRIVKEY_ENCRYPTEDKEY         4

#  define OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT       0
#  define OSSL_CRMF_SUBSEQUENTMESSAGE_CHALLENGERESP  1

typedef struct OSSL_crmf_encryptedvalue_st OSSL_CRMF_ENCRYPTEDVALUE;
DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDVALUE)
typedef struct OSSL_crmf_msg_st OSSL_CRMF_MSG;
DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSG)
DEFINE_STACK_OF(OSSL_CRMF_MSG)
typedef struct OSSL_crmf_attributetypeandvalue_st OSSL_CRMF_ATTRIBUTETYPEANDVALUE;
typedef struct OSSL_crmf_pbmparameter_st OSSL_CRMF_PBMPARAMETER;
DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_PBMPARAMETER)
typedef struct OSSL_crmf_poposigningkey_st OSSL_CRMF_POPOSIGNINGKEY;
typedef struct OSSL_crmf_certrequest_st OSSL_CRMF_CERTREQUEST;
typedef struct OSSL_crmf_certid_st OSSL_CRMF_CERTID;
DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_CERTID)
DEFINE_STACK_OF(OSSL_CRMF_CERTID)

typedef struct OSSL_crmf_pkipublicationinfo_st OSSL_CRMF_PKIPUBLICATIONINFO;
DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_PKIPUBLICATIONINFO)
typedef struct OSSL_crmf_singlepubinfo_st OSSL_CRMF_SINGLEPUBINFO;
DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_SINGLEPUBINFO)
typedef struct OSSL_crmf_certtemplate_st OSSL_CRMF_CERTTEMPLATE;
DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_CERTTEMPLATE)
typedef STACK_OF(OSSL_CRMF_MSG) OSSL_CRMF_MSGS;
DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSGS)

typedef struct OSSL_crmf_optionalvalidity_st OSSL_CRMF_OPTIONALVALIDITY;

/* crmf_pbm.c */
OSSL_CRMF_PBMPARAMETER *OSSL_CRMF_pbmp_new(size_t slen, int owfnid,
                                           int itercnt, int macnid);
int OSSL_CRMF_pbm_new(const OSSL_CRMF_PBMPARAMETER *pbmp,
                      const unsigned char *msg, size_t msglen,
                      const unsigned char *sec, size_t seclen,
                      unsigned char **mac, size_t *maclen);

/* crmf_lib.c */
int OSSL_CRMF_MSG_set1_regCtrl_regToken(OSSL_CRMF_MSG *msg,
                                        const ASN1_UTF8STRING *tok);
int OSSL_CRMF_MSG_set1_regCtrl_authenticator(OSSL_CRMF_MSG *msg,
                                             const ASN1_UTF8STRING *auth);
int OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo(
                                               OSSL_CRMF_PKIPUBLICATIONINFO *pi,
                                               OSSL_CRMF_SINGLEPUBINFO *spi);
#  define OSSL_CRMF_PUB_METHOD_DONTCARE 0
#  define OSSL_CRMF_PUB_METHOD_X500     1
#  define OSSL_CRMF_PUB_METHOD_WEB      2
#  define OSSL_CRMF_PUB_METHOD_LDAP     3
int OSSL_CRMF_MSG_set0_SinglePubInfo(OSSL_CRMF_SINGLEPUBINFO *spi,
                                     int method, GENERAL_NAME *nm);
#  define OSSL_CRMF_PUB_ACTION_DONTPUBLISH   0
#  define OSSL_CRMF_PUB_ACTION_PLEASEPUBLISH 1
int OSSL_CRMF_MSG_set_PKIPublicationInfo_action(
                                  OSSL_CRMF_PKIPUBLICATIONINFO *pi, int action);
int OSSL_CRMF_MSG_set1_regCtrl_pkiPublicationInfo(OSSL_CRMF_MSG *msg,
                                        const OSSL_CRMF_PKIPUBLICATIONINFO *pi);
int OSSL_CRMF_MSG_set1_regCtrl_protocolEncrKey(OSSL_CRMF_MSG *msg,
                                               const X509_PUBKEY *pubkey);
int OSSL_CRMF_MSG_set1_regCtrl_oldCertID(OSSL_CRMF_MSG *msg,
                                         const OSSL_CRMF_CERTID *cid);
OSSL_CRMF_CERTID *OSSL_CRMF_CERTID_gen(const X509_NAME *issuer,
                                       const ASN1_INTEGER *serial);

int OSSL_CRMF_MSG_set1_regInfo_utf8Pairs(OSSL_CRMF_MSG *msg,
                                         const ASN1_UTF8STRING *utf8pairs);
int OSSL_CRMF_MSG_set1_regInfo_certReq(OSSL_CRMF_MSG *msg,
                                       const OSSL_CRMF_CERTREQUEST *cr);

int OSSL_CRMF_MSG_set_validity(OSSL_CRMF_MSG *crm, time_t from, time_t to);
int OSSL_CRMF_MSG_set_certReqId(OSSL_CRMF_MSG *crm, int rid);
int OSSL_CRMF_MSG_get_certReqId(OSSL_CRMF_MSG *crm);
int OSSL_CRMF_MSG_set0_extensions(OSSL_CRMF_MSG *crm, X509_EXTENSIONS *exts);

int OSSL_CRMF_MSG_push0_extension(OSSL_CRMF_MSG *crm, const X509_EXTENSION *ext);
#  define OSSL_CRMF_POPO_NONE      -1
#  define OSSL_CRMF_POPO_RAVERIFIED 0
#  define OSSL_CRMF_POPO_SIGNATURE  1
#  define OSSL_CRMF_POPO_KEYENC     2
#  define OSSL_CRMF_POPO_KEYAGREE   3
int OSSL_CRMF_MSG_create_popo(OSSL_CRMF_MSG *crm, EVP_PKEY *pkey,
                              int dgst, int ppmtd);
int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs,
                               int rid, int acceptRAVerified);
OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm);
ASN1_INTEGER *OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(OSSL_CRMF_CERTTEMPLATE *t);
X509_NAME *OSSL_CRMF_CERTTEMPLATE_get0_issuer(OSSL_CRMF_CERTTEMPLATE *tmpl);
int OSSL_CRMF_CERTTEMPLATE_fill(OSSL_CRMF_CERTTEMPLATE *tmpl,
                                EVP_PKEY *pubkey,
                                const X509_NAME *subject,
                                const X509_NAME *issuer,
                                const ASN1_INTEGER *serial);
X509 *OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert(OSSL_CRMF_ENCRYPTEDVALUE *ecert,
                                            EVP_PKEY *pkey);

#  ifdef __cplusplus
}
#  endif
# endif /* !defined OPENSSL_NO_CRMF */
#endif /* !defined OSSL_HEADER_CRMF_H */
Commit	Line	Data
a61b7f2f	1	/*-
8869ad4a AK	2	* Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved.
	3	* Copyright Nokia 2007-2019
	4	* Copyright Siemens AG 2015-2019
2a3b52ea	5	*
ce9b9964	6	* Licensed under the Apache License 2.0 (the "License"). You may not use
2a3b52ea DO	7	* this file except in compliance with the License. You can obtain a copy
	8	* in the file LICENSE in the source distribution or at
	9	* https://www.openssl.org/source/license.html
	10	*
a61b7f2f	11	* CRMF (RFC 4211) implementation by M. Peylo, M. Viljanen, and D. von Oheimb.
2a3b52ea DO	12	*/
	13
	14	#ifndef OSSL_HEADER_CRMF_H
	15	# define OSSL_HEADER_CRMF_H
	16
	17	# include <openssl/opensslconf.h>
	18
538f38db	19	# ifndef OPENSSL_NO_CRMF
2a3b52ea DO	20	# include <openssl/opensslv.h>
	21	# include <openssl/safestack.h>
	22	# include <openssl/crmferr.h>
	23	# include <openssl/x509v3.h> /* for GENERAL_NAME etc. */
	24
	25	/* explicit #includes not strictly needed since implied by the above: */
	26	# include <openssl/ossl_typ.h>
	27	# include <openssl/x509.h>
	28
	29	# ifdef __cplusplus
	30	extern "C" {
	31	# endif
	32
	33	# define OSSL_CRMF_POPOPRIVKEY_THISMESSAGE 0
	34	# define OSSL_CRMF_POPOPRIVKEY_SUBSEQUENTMESSAGE 1
	35	# define OSSL_CRMF_POPOPRIVKEY_DHMAC 2
	36	# define OSSL_CRMF_POPOPRIVKEY_AGREEMAC 3
	37	# define OSSL_CRMF_POPOPRIVKEY_ENCRYPTEDKEY 4
	38
	39	# define OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT 0
	40	# define OSSL_CRMF_SUBSEQUENTMESSAGE_CHALLENGERESP 1
	41
a61b7f2f	42	typedef struct OSSL_crmf_encryptedvalue_st OSSL_CRMF_ENCRYPTEDVALUE;
2a3b52ea DO	43	DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDVALUE)
	44	typedef struct OSSL_crmf_msg_st OSSL_CRMF_MSG;
	45	DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSG)
	46	DEFINE_STACK_OF(OSSL_CRMF_MSG)
	47	typedef struct OSSL_crmf_attributetypeandvalue_st OSSL_CRMF_ATTRIBUTETYPEANDVALUE;
	48	typedef struct OSSL_crmf_pbmparameter_st OSSL_CRMF_PBMPARAMETER;
	49	DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_PBMPARAMETER)
	50	typedef struct OSSL_crmf_poposigningkey_st OSSL_CRMF_POPOSIGNINGKEY;
	51	typedef struct OSSL_crmf_certrequest_st OSSL_CRMF_CERTREQUEST;
	52	typedef struct OSSL_crmf_certid_st OSSL_CRMF_CERTID;
	53	DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_CERTID)
	54	DEFINE_STACK_OF(OSSL_CRMF_CERTID)
	55
	56	typedef struct OSSL_crmf_pkipublicationinfo_st OSSL_CRMF_PKIPUBLICATIONINFO;
	57	DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_PKIPUBLICATIONINFO)
	58	typedef struct OSSL_crmf_singlepubinfo_st OSSL_CRMF_SINGLEPUBINFO;
	59	DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_SINGLEPUBINFO)
	60	typedef struct OSSL_crmf_certtemplate_st OSSL_CRMF_CERTTEMPLATE;
	61	DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_CERTTEMPLATE)
	62	typedef STACK_OF(OSSL_CRMF_MSG) OSSL_CRMF_MSGS;
	63	DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSGS)
	64
	65	typedef struct OSSL_crmf_optionalvalidity_st OSSL_CRMF_OPTIONALVALIDITY;
	66
	67	/* crmf_pbm.c */
	68	OSSL_CRMF_PBMPARAMETER *OSSL_CRMF_pbmp_new(size_t slen, int owfnid,
	69	int itercnt, int macnid);
	70	int OSSL_CRMF_pbm_new(const OSSL_CRMF_PBMPARAMETER *pbmp,
	71	const unsigned char *msg, size_t msglen,
	72	const unsigned char *sec, size_t seclen,
a61b7f2f	73	unsigned char *mac, size_t maclen);
2a3b52ea DO	74
	75	/* crmf_lib.c */
	76	int OSSL_CRMF_MSG_set1_regCtrl_regToken(OSSL_CRMF_MSG *msg,
	77	const ASN1_UTF8STRING *tok);
	78	int OSSL_CRMF_MSG_set1_regCtrl_authenticator(OSSL_CRMF_MSG *msg,
	79	const ASN1_UTF8STRING *auth);
	80	int OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo(
	81	OSSL_CRMF_PKIPUBLICATIONINFO *pi,
	82	OSSL_CRMF_SINGLEPUBINFO *spi);
	83	# define OSSL_CRMF_PUB_METHOD_DONTCARE 0
	84	# define OSSL_CRMF_PUB_METHOD_X500 1
	85	# define OSSL_CRMF_PUB_METHOD_WEB 2
	86	# define OSSL_CRMF_PUB_METHOD_LDAP 3
	87	int OSSL_CRMF_MSG_set0_SinglePubInfo(OSSL_CRMF_SINGLEPUBINFO *spi,
	88	int method, GENERAL_NAME *nm);
	89	# define OSSL_CRMF_PUB_ACTION_DONTPUBLISH 0
	90	# define OSSL_CRMF_PUB_ACTION_PLEASEPUBLISH 1
	91	int OSSL_CRMF_MSG_set_PKIPublicationInfo_action(
	92	OSSL_CRMF_PKIPUBLICATIONINFO *pi, int action);
	93	int OSSL_CRMF_MSG_set1_regCtrl_pkiPublicationInfo(OSSL_CRMF_MSG *msg,
	94	const OSSL_CRMF_PKIPUBLICATIONINFO *pi);
	95	int OSSL_CRMF_MSG_set1_regCtrl_protocolEncrKey(OSSL_CRMF_MSG *msg,
	96	const X509_PUBKEY *pubkey);
	97	int OSSL_CRMF_MSG_set1_regCtrl_oldCertID(OSSL_CRMF_MSG *msg,
	98	const OSSL_CRMF_CERTID *cid);
	99	OSSL_CRMF_CERTID OSSL_CRMF_CERTID_gen(const X509_NAME issuer,
	100	const ASN1_INTEGER *serial);
	101
	102	int OSSL_CRMF_MSG_set1_regInfo_utf8Pairs(OSSL_CRMF_MSG *msg,
	103	const ASN1_UTF8STRING *utf8pairs);
	104	int OSSL_CRMF_MSG_set1_regInfo_certReq(OSSL_CRMF_MSG *msg,
	105	const OSSL_CRMF_CERTREQUEST *cr);
	106
	107	int OSSL_CRMF_MSG_set_validity(OSSL_CRMF_MSG *crm, time_t from, time_t to);
	108	int OSSL_CRMF_MSG_set_certReqId(OSSL_CRMF_MSG *crm, int rid);
	109	int OSSL_CRMF_MSG_get_certReqId(OSSL_CRMF_MSG *crm);
	110	int OSSL_CRMF_MSG_set0_extensions(OSSL_CRMF_MSG crm, X509_EXTENSIONS exts);
	111
	112	int OSSL_CRMF_MSG_push0_extension(OSSL_CRMF_MSG crm, const X509_EXTENSION ext);
	113	# define OSSL_CRMF_POPO_NONE -1
	114	# define OSSL_CRMF_POPO_RAVERIFIED 0
	115	# define OSSL_CRMF_POPO_SIGNATURE 1
	116	# define OSSL_CRMF_POPO_KEYENC 2
	117	# define OSSL_CRMF_POPO_KEYAGREE 3
a61b7f2f	118	int OSSL_CRMF_MSG_create_popo(OSSL_CRMF_MSG crm, EVP_PKEY pkey,
2a3b52ea DO	119	int dgst, int ppmtd);
	120	int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs,
	121	int rid, int acceptRAVerified);
	122	OSSL_CRMF_CERTTEMPLATE OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG crm);
	123	ASN1_INTEGER OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(OSSL_CRMF_CERTTEMPLATE t);
	124	X509_NAME OSSL_CRMF_CERTTEMPLATE_get0_issuer(OSSL_CRMF_CERTTEMPLATE tmpl);
	125	int OSSL_CRMF_CERTTEMPLATE_fill(OSSL_CRMF_CERTTEMPLATE *tmpl,
a61b7f2f	126	EVP_PKEY *pubkey,
2a3b52ea DO	127	const X509_NAME *subject,
	128	const X509_NAME *issuer,
	129	const ASN1_INTEGER *serial);
	130	X509 OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert(OSSL_CRMF_ENCRYPTEDVALUE ecert,
	131	EVP_PKEY *pkey);
	132
	133	# ifdef __cplusplus
	134	}
	135	# endif
538f38db	136	# endif /* !defined OPENSSL_NO_CRMF */
2a3b52ea	137	#endif /* !defined OSSL_HEADER_CRMF_H */