xref: /dragonfly/crypto/libressl/crypto/ts/ts_local.h (revision 961e30ea7dc61d1112b778ea4981eac68129fb86)
1 /* $OpenBSD: ts_local.h,v 1.2 2022/09/11 17:31:19 tb Exp $ */
2 /* Written by Zoltan Glozik (zglozik@opentsa.org) for the OpenSSL
3  * project 2002, 2003, 2004.
4  */
5 /* ====================================================================
6  * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  *
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  *
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in
17  *    the documentation and/or other materials provided with the
18  *    distribution.
19  *
20  * 3. All advertising materials mentioning features or use of this
21  *    software must display the following acknowledgment:
22  *    "This product includes software developed by the OpenSSL Project
23  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24  *
25  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26  *    endorse or promote products derived from this software without
27  *    prior written permission. For written permission, please contact
28  *    licensing@OpenSSL.org.
29  *
30  * 5. Products derived from this software may not be called "OpenSSL"
31  *    nor may "OpenSSL" appear in their names without prior written
32  *    permission of the OpenSSL Project.
33  *
34  * 6. Redistributions of any form whatsoever must retain the following
35  *    acknowledgment:
36  *    "This product includes software developed by the OpenSSL Project
37  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38  *
39  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
43  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50  * OF THE POSSIBILITY OF SUCH DAMAGE.
51  * ====================================================================
52  *
53  * This product includes cryptographic software written by Eric Young
54  * (eay@cryptsoft.com).  This product includes software written by Tim
55  * Hudson (tjh@cryptsoft.com).
56  *
57  */
58 
59 #ifndef HEADER_TS_LOCAL_H
60 #define HEADER_TS_LOCAL_H
61 
62 __BEGIN_HIDDEN_DECLS
63 
64 /*
65  * MessageImprint ::= SEQUENCE  {
66  *      hashAlgorithm                AlgorithmIdentifier,
67  *      hashedMessage                OCTET STRING  }
68  */
69 
70 struct TS_msg_imprint_st {
71           X509_ALGOR *hash_algo;
72           ASN1_OCTET_STRING *hashed_msg;
73 };
74 
75 /*
76  * TimeStampReq ::= SEQUENCE  {
77  *    version                  INTEGER  { v1(1) },
78  *    messageImprint           MessageImprint,
79  *      --a hash algorithm OID and the hash value of the data to be
80  *      --time-stamped
81  *    reqPolicy                TSAPolicyId                OPTIONAL,
82  *    nonce                    INTEGER                    OPTIONAL,
83  *    certReq                  BOOLEAN                    DEFAULT FALSE,
84  *    extensions               [0] IMPLICIT Extensions    OPTIONAL  }
85  */
86 
87 struct TS_req_st {
88           ASN1_INTEGER *version;
89           TS_MSG_IMPRINT *msg_imprint;
90           ASN1_OBJECT *policy_id;                 /* OPTIONAL */
91           ASN1_INTEGER *nonce;                    /* OPTIONAL */
92           ASN1_BOOLEAN cert_req;                  /* DEFAULT FALSE */
93           STACK_OF(X509_EXTENSION) *extensions;   /* [0] OPTIONAL */
94 };
95 
96 /*
97  * Accuracy ::= SEQUENCE {
98  *                 seconds        INTEGER           OPTIONAL,
99  *                 millis     [0] INTEGER  (1..999) OPTIONAL,
100  *                 micros     [1] INTEGER  (1..999) OPTIONAL  }
101  */
102 
103 struct TS_accuracy_st {
104           ASN1_INTEGER *seconds;
105           ASN1_INTEGER *millis;
106           ASN1_INTEGER *micros;
107 };
108 
109 /*
110  * TSTInfo ::= SEQUENCE  {
111  *     version                      INTEGER  { v1(1) },
112  *     policy                       TSAPolicyId,
113  *     messageImprint               MessageImprint,
114  *       -- MUST have the same value as the similar field in
115  *       -- TimeStampReq
116  *     serialNumber                 INTEGER,
117  *      -- Time-Stamping users MUST be ready to accommodate integers
118  *      -- up to 160 bits.
119  *     genTime                      GeneralizedTime,
120  *     accuracy                     Accuracy                 OPTIONAL,
121  *     ordering                     BOOLEAN             DEFAULT FALSE,
122  *     nonce                        INTEGER                  OPTIONAL,
123  *       -- MUST be present if the similar field was present
124  *       -- in TimeStampReq.  In that case it MUST have the same value.
125  *     tsa                          [0] GeneralName          OPTIONAL,
126  *     extensions                   [1] IMPLICIT Extensions  OPTIONAL   }
127  */
128 
129 struct TS_tst_info_st {
130           ASN1_INTEGER *version;
131           ASN1_OBJECT *policy_id;
132           TS_MSG_IMPRINT *msg_imprint;
133           ASN1_INTEGER *serial;
134           ASN1_GENERALIZEDTIME *time;
135           TS_ACCURACY *accuracy;
136           ASN1_BOOLEAN ordering;
137           ASN1_INTEGER *nonce;
138           GENERAL_NAME *tsa;
139           STACK_OF(X509_EXTENSION) *extensions;
140 };
141 
142 /*
143  * PKIStatusInfo ::= SEQUENCE {
144  *     status        PKIStatus,
145  *     statusString  PKIFreeText     OPTIONAL,
146  *     failInfo      PKIFailureInfo  OPTIONAL  }
147  *
148  * From RFC 1510 - section 3.1.1:
149  * PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String
150  *        -- text encoded as UTF-8 String (note:  each UTF8String SHOULD
151  *        -- include an RFC 1766 language tag to indicate the language
152  *        -- of the contained text)
153  */
154 
155 struct TS_status_info_st {
156           ASN1_INTEGER *status;
157           STACK_OF(ASN1_UTF8STRING) *text;
158           ASN1_BIT_STRING *failure_info;
159 };
160 
161 /*
162  * TimeStampResp ::= SEQUENCE  {
163  *      status                  PKIStatusInfo,
164  *      timeStampToken          TimeStampToken     OPTIONAL }
165  */
166 
167 struct TS_resp_st {
168           TS_STATUS_INFO *status_info;
169           PKCS7 *token;
170           TS_TST_INFO *tst_info;
171 };
172 
173 /* The structure below would belong to the ESS component. */
174 
175 /*
176  * IssuerSerial ::= SEQUENCE {
177  *        issuer                   GeneralNames,
178  *        serialNumber             CertificateSerialNumber
179  *        }
180  */
181 
182 struct ESS_issuer_serial {
183           STACK_OF(GENERAL_NAME)        *issuer;
184           ASN1_INTEGER                  *serial;
185 };
186 
187 /*
188  * ESSCertID ::=  SEQUENCE {
189  *      certHash                 Hash,
190  *      issuerSerial             IssuerSerial OPTIONAL
191  * }
192  */
193 
194 struct ESS_cert_id {
195           ASN1_OCTET_STRING *hash;      /* Always SHA-1 digest. */
196           ESS_ISSUER_SERIAL *issuer_serial;
197 };
198 
199 /*
200  * SigningCertificate ::=  SEQUENCE {
201  *        certs        SEQUENCE OF ESSCertID,
202  *        policies     SEQUENCE OF PolicyInformation OPTIONAL
203  * }
204  */
205 
206 struct ESS_signing_cert {
207           STACK_OF(ESS_CERT_ID) *cert_ids;
208           STACK_OF(POLICYINFO) *policy_info;
209 };
210 
211 /*
212  * ESSCertIDv2 ::=  SEQUENCE {
213  *     hashAlgorithm           AlgorithmIdentifier
214  *            DEFAULT {algorithm id-sha256},
215  *     certHash                 Hash,
216  *     issuerSerial             IssuerSerial OPTIONAL }
217  */
218 
219 struct ESS_cert_id_v2 {
220           X509_ALGOR *hash_alg;         /* Default SHA-256. */
221           ASN1_OCTET_STRING *hash;
222           ESS_ISSUER_SERIAL *issuer_serial;
223 };
224 
225 /*
226  * SigningCertificateV2 ::=  SEQUENCE {
227  *     certs        SEQUENCE OF ESSCertIDv2,
228  *     policies     SEQUENCE OF PolicyInformation OPTIONAL }
229  */
230 
231 struct ESS_signing_cert_v2 {
232           STACK_OF(ESS_CERT_ID_V2) *cert_ids;
233           STACK_OF(POLICYINFO) *policy_info;
234 };
235 
236 struct TS_resp_ctx {
237           X509                *signer_cert;
238           EVP_PKEY  *signer_key;
239           STACK_OF(X509)      *certs;   /* Certs to include in signed data. */
240           STACK_OF(ASN1_OBJECT)         *policies;          /* Acceptable policies. */
241           ASN1_OBJECT         *default_policy; /* It may appear in policies, too. */
242           STACK_OF(EVP_MD)    *mds;     /* Acceptable message digests. */
243           ASN1_INTEGER        *seconds; /* accuracy, 0 means not specified. */
244           ASN1_INTEGER        *millis;  /* accuracy, 0 means not specified. */
245           ASN1_INTEGER        *micros;  /* accuracy, 0 means not specified. */
246           unsigned  clock_precision_digits; /* fraction of seconds in
247                                                                time stamp token. */
248           unsigned  flags;              /* Optional info, see values above. */
249 
250           /* Callback functions. */
251           TS_serial_cb serial_cb;
252           void *serial_cb_data;         /* User data for serial_cb. */
253 
254           TS_time_cb time_cb;
255           void *time_cb_data; /* User data for time_cb. */
256 
257           TS_extension_cb extension_cb;
258           void *extension_cb_data;      /* User data for extension_cb. */
259 
260           /* These members are used only while creating the response. */
261           TS_REQ              *request;
262           TS_RESP             *response;
263           TS_TST_INFO         *tst_info;
264 };
265 
266 /* Context structure for the generic verify method. */
267 
268 struct TS_verify_ctx {
269           /* Set this to the union of TS_VFY_... flags you want to carry out. */
270           unsigned  flags;
271 
272           /* Must be set only with TS_VFY_SIGNATURE. certs is optional. */
273           X509_STORE          *store;
274           STACK_OF(X509)      *certs;
275 
276           /* Must be set only with TS_VFY_POLICY. */
277           ASN1_OBJECT         *policy;
278 
279           /* Must be set only with TS_VFY_IMPRINT. If md_alg is NULL,
280              the algorithm from the response is used. */
281           X509_ALGOR          *md_alg;
282           unsigned char       *imprint;
283           unsigned  imprint_len;
284 
285           /* Must be set only with TS_VFY_DATA. */
286           BIO                 *data;
287 
288           /* Must be set only with TS_VFY_TSA_NAME. */
289           ASN1_INTEGER        *nonce;
290 
291           /* Must be set only with TS_VFY_TSA_NAME. */
292           GENERAL_NAME        *tsa_name;
293 };
294 
295 /*
296  * Public OpenSSL API that we do not currently want to expose.
297  */
298 
299 ESS_CERT_ID_V2 *ESS_CERT_ID_V2_new(void);
300 void ESS_CERT_ID_V2_free(ESS_CERT_ID_V2 *a);
301 int i2d_ESS_CERT_ID_V2(const ESS_CERT_ID_V2 *a, unsigned char **pp);
302 ESS_CERT_ID_V2 *d2i_ESS_CERT_ID_V2(ESS_CERT_ID_V2 **a, const unsigned char **pp,
303     long length);
304 ESS_CERT_ID_V2 *ESS_CERT_ID_V2_dup(ESS_CERT_ID_V2 *a);
305 
306 ESS_SIGNING_CERT_V2 *ESS_SIGNING_CERT_V2_new(void);
307 void ESS_SIGNING_CERT_V2_free(ESS_SIGNING_CERT_V2 *a);
308 int i2d_ESS_SIGNING_CERT_V2(const ESS_SIGNING_CERT_V2 *a,
309     unsigned char **pp);
310 ESS_SIGNING_CERT_V2 *d2i_ESS_SIGNING_CERT_V2(ESS_SIGNING_CERT_V2 **a,
311     const unsigned char **pp, long length);
312 ESS_SIGNING_CERT_V2 *ESS_SIGNING_CERT_V2_dup(ESS_SIGNING_CERT_V2 *a);
313 
314 __END_HIDDEN_DECLS
315 
316 #endif /* HEADER_TS_LOCAL_H */
317