cmp_int.h 23 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589
  1. /*
  2. * Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved.
  3. * Copyright Nokia 2007-2019
  4. * Copyright Siemens AG 2015-2019
  5. *
  6. * Licensed under the Apache License 2.0 (the "License"). You may not use
  7. * this file except in compliance with the License. You can obtain a copy
  8. * in the file LICENSE in the source distribution or at
  9. * https://www.openssl.org/source/license.html
  10. *
  11. * CMP implementation by Martin Peylo, Miikka Viljanen, and David von Oheimb.
  12. */
  13. #ifndef OSSL_HEADER_CMP_INT_H
  14. # define OSSL_HEADER_CMP_INT_H
  15. # include "internal/cryptlib.h"
  16. # include <openssl/cmp.h>
  17. # include <openssl/err.h>
  18. /* explicit #includes not strictly needed since implied by the above: */
  19. # include <openssl/crmf.h>
  20. # include <openssl/ossl_typ.h>
  21. # include <openssl/safestack.h>
  22. # include <openssl/x509.h>
  23. # include <openssl/x509v3.h>
  24. /*
  25. * ##########################################################################
  26. * ASN.1 DECLARATIONS
  27. * ##########################################################################
  28. */
  29. /*-
  30. * RevAnnContent ::= SEQUENCE {
  31. * status PKIStatus,
  32. * certId CertId,
  33. * willBeRevokedAt GeneralizedTime,
  34. * badSinceDate GeneralizedTime,
  35. * crlDetails Extensions OPTIONAL
  36. * -- extra CRL details (e.g., crl number, reason, location, etc.)
  37. * }
  38. */
  39. typedef struct OSSL_cmp_revanncontent_st {
  40. ASN1_INTEGER *status;
  41. OSSL_CRMF_CERTID *certId;
  42. ASN1_GENERALIZEDTIME *willBeRevokedAt;
  43. ASN1_GENERALIZEDTIME *badSinceDate;
  44. X509_EXTENSIONS *crlDetails;
  45. } OSSL_CMP_REVANNCONTENT;
  46. DECLARE_ASN1_FUNCTIONS(OSSL_CMP_REVANNCONTENT)
  47. /*-
  48. * Challenge ::= SEQUENCE {
  49. * owf AlgorithmIdentifier OPTIONAL,
  50. *
  51. * -- MUST be present in the first Challenge; MAY be omitted in
  52. * -- any subsequent Challenge in POPODecKeyChallContent (if
  53. * -- omitted, then the owf used in the immediately preceding
  54. * -- Challenge is to be used).
  55. *
  56. * witness OCTET STRING,
  57. * -- the result of applying the one-way function (owf) to a
  58. * -- randomly-generated INTEGER, A. [Note that a different
  59. * -- INTEGER MUST be used for each Challenge.]
  60. * challenge OCTET STRING
  61. * -- the encryption (under the public key for which the cert.
  62. * -- request is being made) of Rand, where Rand is specified as
  63. * -- Rand ::= SEQUENCE {
  64. * -- int INTEGER,
  65. * -- - the randomly-generated INTEGER A (above)
  66. * -- sender GeneralName
  67. * -- - the sender's name (as included in PKIHeader)
  68. * -- }
  69. * }
  70. */
  71. typedef struct OSSL_cmp_challenge_st {
  72. X509_ALGOR *owf;
  73. ASN1_OCTET_STRING *witness;
  74. ASN1_OCTET_STRING *challenge;
  75. } OSSL_CMP_CHALLENGE;
  76. DECLARE_ASN1_FUNCTIONS(OSSL_CMP_CHALLENGE)
  77. /*-
  78. * CAKeyUpdAnnContent ::= SEQUENCE {
  79. * oldWithNew Certificate,
  80. * newWithOld Certificate,
  81. * newWithNew Certificate
  82. * }
  83. */
  84. typedef struct OSSL_cmp_cakeyupdanncontent_st {
  85. X509 *oldWithNew;
  86. X509 *newWithOld;
  87. X509 *newWithNew;
  88. } OSSL_CMP_CAKEYUPDANNCONTENT;
  89. DECLARE_ASN1_FUNCTIONS(OSSL_CMP_CAKEYUPDANNCONTENT)
  90. /*-
  91. * declared already here as it will be used in OSSL_CMP_MSG (nested) and
  92. * infoType and infoValue
  93. */
  94. typedef STACK_OF(OSSL_CMP_MSG) OSSL_CMP_MSGS;
  95. DECLARE_ASN1_FUNCTIONS(OSSL_CMP_MSGS)
  96. /*-
  97. * InfoTypeAndValue ::= SEQUENCE {
  98. * infoType OBJECT IDENTIFIER,
  99. * infoValue ANY DEFINED BY infoType OPTIONAL
  100. * }
  101. */
  102. struct OSSL_cmp_itav_st {
  103. ASN1_OBJECT *infoType;
  104. union {
  105. char *ptr;
  106. /* NID_id_it_caProtEncCert - CA Protocol Encryption Certificate */
  107. X509 *caProtEncCert;
  108. /* NID_id_it_signKeyPairTypes - Signing Key Pair Types */
  109. STACK_OF(X509_ALGOR) *signKeyPairTypes;
  110. /* NID_id_it_encKeyPairTypes - Encryption/Key Agreement Key Pair Types */
  111. STACK_OF(X509_ALGOR) *encKeyPairTypes;
  112. /* NID_id_it_preferredSymmAlg - Preferred Symmetric Algorithm */
  113. X509_ALGOR *preferredSymmAlg;
  114. /* NID_id_it_caKeyUpdateInfo - Updated CA Key Pair */
  115. OSSL_CMP_CAKEYUPDANNCONTENT *caKeyUpdateInfo;
  116. /* NID_id_it_currentCRL - CRL */
  117. X509_CRL *currentCRL;
  118. /* NID_id_it_unsupportedOIDs - Unsupported Object Identifiers */
  119. STACK_OF(ASN1_OBJECT) *unsupportedOIDs;
  120. /* NID_id_it_keyPairParamReq - Key Pair Parameters Request */
  121. ASN1_OBJECT *keyPairParamReq;
  122. /* NID_id_it_keyPairParamRep - Key Pair Parameters Response */
  123. X509_ALGOR *keyPairParamRep;
  124. /* NID_id_it_revPassphrase - Revocation Passphrase */
  125. OSSL_CRMF_ENCRYPTEDVALUE *revPassphrase;
  126. /* NID_id_it_implicitConfirm - ImplicitConfirm */
  127. ASN1_NULL *implicitConfirm;
  128. /* NID_id_it_confirmWaitTime - ConfirmWaitTime */
  129. ASN1_GENERALIZEDTIME *confirmWaitTime;
  130. /* NID_id_it_origPKIMessage - origPKIMessage */
  131. OSSL_CMP_MSGS *origPKIMessage;
  132. /* NID_id_it_suppLangTags - Supported Language Tags */
  133. STACK_OF(ASN1_UTF8STRING) *suppLangTagsValue;
  134. /* this is to be used for so far undeclared objects */
  135. ASN1_TYPE *other;
  136. } infoValue;
  137. } /* OSSL_CMP_ITAV */;
  138. DECLARE_ASN1_FUNCTIONS(OSSL_CMP_ITAV)
  139. DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_ITAV)
  140. typedef struct OSSL_cmp_certorenccert_st {
  141. int type;
  142. union {
  143. X509 *certificate;
  144. OSSL_CRMF_ENCRYPTEDVALUE *encryptedCert;
  145. } value;
  146. } OSSL_CMP_CERTORENCCERT;
  147. DECLARE_ASN1_FUNCTIONS(OSSL_CMP_CERTORENCCERT)
  148. /*-
  149. * CertifiedKeyPair ::= SEQUENCE {
  150. * certOrEncCert CertOrEncCert,
  151. * privateKey [0] EncryptedValue OPTIONAL,
  152. * -- see [CRMF] for comment on encoding
  153. * publicationInfo [1] PKIPublicationInfo OPTIONAL
  154. * }
  155. */
  156. typedef struct OSSL_cmp_certifiedkeypair_st {
  157. OSSL_CMP_CERTORENCCERT *certOrEncCert;
  158. OSSL_CRMF_ENCRYPTEDVALUE *privateKey;
  159. OSSL_CRMF_PKIPUBLICATIONINFO *publicationInfo;
  160. } OSSL_CMP_CERTIFIEDKEYPAIR;
  161. DECLARE_ASN1_FUNCTIONS(OSSL_CMP_CERTIFIEDKEYPAIR)
  162. /*-
  163. * PKIStatusInfo ::= SEQUENCE {
  164. * status PKIStatus,
  165. * statusString PKIFreeText OPTIONAL,
  166. * failInfo PKIFailureInfo OPTIONAL
  167. * }
  168. */
  169. struct OSSL_cmp_pkisi_st {
  170. OSSL_CMP_PKISTATUS *status;
  171. OSSL_CMP_PKIFREETEXT *statusString;
  172. OSSL_CMP_PKIFAILUREINFO *failInfo;
  173. } /* OSSL_CMP_PKISI */;
  174. DECLARE_ASN1_FUNCTIONS(OSSL_CMP_PKISI)
  175. DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_PKISI)
  176. /*-
  177. * RevReqContent ::= SEQUENCE OF RevDetails
  178. *
  179. * RevDetails ::= SEQUENCE {
  180. * certDetails CertTemplate,
  181. * crlEntryDetails Extensions OPTIONAL
  182. * }
  183. */
  184. typedef struct OSSL_cmp_revdetails_st {
  185. OSSL_CRMF_CERTTEMPLATE *certDetails;
  186. X509_EXTENSIONS *crlEntryDetails;
  187. } OSSL_CMP_REVDETAILS;
  188. DECLARE_ASN1_FUNCTIONS(OSSL_CMP_REVDETAILS)
  189. DEFINE_STACK_OF(OSSL_CMP_REVDETAILS)
  190. /*-
  191. * RevRepContent ::= SEQUENCE {
  192. * status SEQUENCE SIZE (1..MAX) OF PKIStatusInfo,
  193. * -- in same order as was sent in RevReqContent
  194. * revCerts [0] SEQUENCE SIZE (1..MAX) OF CertId
  195. * OPTIONAL,
  196. * -- IDs for which revocation was requested
  197. * -- (same order as status)
  198. * crls [1] SEQUENCE SIZE (1..MAX) OF CertificateList
  199. * OPTIONAL
  200. * -- the resulting CRLs (there may be more than one)
  201. * }
  202. */
  203. struct OSSL_cmp_revrepcontent_st {
  204. STACK_OF(OSSL_CMP_PKISI) *status;
  205. STACK_OF(OSSL_CRMF_CERTID) *revCerts;
  206. STACK_OF(X509_CRL) *crls;
  207. } /* OSSL_CMP_REVREPCONTENT */;
  208. DECLARE_ASN1_FUNCTIONS(OSSL_CMP_REVREPCONTENT)
  209. /*-
  210. * KeyRecRepContent ::= SEQUENCE {
  211. * status PKIStatusInfo,
  212. * newSigCert [0] Certificate OPTIONAL,
  213. * caCerts [1] SEQUENCE SIZE (1..MAX) OF
  214. * Certificate OPTIONAL,
  215. * keyPairHist [2] SEQUENCE SIZE (1..MAX) OF
  216. * CertifiedKeyPair OPTIONAL
  217. * }
  218. */
  219. typedef struct OSSL_cmp_keyrecrepcontent_st {
  220. OSSL_CMP_PKISI *status;
  221. X509 *newSigCert;
  222. STACK_OF(X509) *caCerts;
  223. STACK_OF(OSSL_CMP_CERTIFIEDKEYPAIR) *keyPairHist;
  224. } OSSL_CMP_KEYRECREPCONTENT;
  225. DECLARE_ASN1_FUNCTIONS(OSSL_CMP_KEYRECREPCONTENT)
  226. /*-
  227. * ErrorMsgContent ::= SEQUENCE {
  228. * pKIStatusInfo PKIStatusInfo,
  229. * errorCode INTEGER OPTIONAL,
  230. * -- implementation-specific error codes
  231. * errorDetails PKIFreeText OPTIONAL
  232. * -- implementation-specific error details
  233. * }
  234. */
  235. typedef struct OSSL_cmp_errormsgcontent_st {
  236. OSSL_CMP_PKISI *pKIStatusInfo;
  237. ASN1_INTEGER *errorCode;
  238. OSSL_CMP_PKIFREETEXT *errorDetails;
  239. } OSSL_CMP_ERRORMSGCONTENT;
  240. DECLARE_ASN1_FUNCTIONS(OSSL_CMP_ERRORMSGCONTENT)
  241. /*-
  242. * CertConfirmContent ::= SEQUENCE OF CertStatus
  243. *
  244. * CertStatus ::= SEQUENCE {
  245. * certHash OCTET STRING,
  246. * -- the hash of the certificate, using the same hash algorithm
  247. * -- as is used to create and verify the certificate signature
  248. * certReqId INTEGER,
  249. * -- to match this confirmation with the corresponding req/rep
  250. * statusInfo PKIStatusInfo OPTIONAL
  251. * }
  252. */
  253. struct OSSL_cmp_certstatus_st {
  254. ASN1_OCTET_STRING *certHash;
  255. ASN1_INTEGER *certReqId;
  256. OSSL_CMP_PKISI *statusInfo;
  257. } /* OSSL_CMP_CERTSTATUS */;
  258. DECLARE_ASN1_FUNCTIONS(OSSL_CMP_CERTSTATUS)
  259. typedef STACK_OF(OSSL_CMP_CERTSTATUS) OSSL_CMP_CERTCONFIRMCONTENT;
  260. DECLARE_ASN1_FUNCTIONS(OSSL_CMP_CERTCONFIRMCONTENT)
  261. /*-
  262. * CertResponse ::= SEQUENCE {
  263. * certReqId INTEGER,
  264. * -- to match this response with corresponding request (a value
  265. * -- of -1 is to be used if certReqId is not specified in the
  266. * -- corresponding request)
  267. * status PKIStatusInfo,
  268. * certifiedKeyPair CertifiedKeyPair OPTIONAL,
  269. * rspInfo OCTET STRING OPTIONAL
  270. * -- analogous to the id-regInfo-utf8Pairs string defined
  271. * -- for regInfo in CertReqMsg [CRMF]
  272. * }
  273. */
  274. struct OSSL_cmp_certresponse_st {
  275. ASN1_INTEGER *certReqId;
  276. OSSL_CMP_PKISI *status;
  277. OSSL_CMP_CERTIFIEDKEYPAIR *certifiedKeyPair;
  278. ASN1_OCTET_STRING *rspInfo;
  279. } /* OSSL_CMP_CERTRESPONSE */;
  280. DECLARE_ASN1_FUNCTIONS(OSSL_CMP_CERTRESPONSE)
  281. /*-
  282. * CertRepMessage ::= SEQUENCE {
  283. * caPubs [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate
  284. * OPTIONAL,
  285. * response SEQUENCE OF CertResponse
  286. * }
  287. */
  288. struct OSSL_cmp_certrepmessage_st {
  289. STACK_OF(X509) *caPubs;
  290. STACK_OF(OSSL_CMP_CERTRESPONSE) *response;
  291. } /* OSSL_CMP_CERTREPMESSAGE */;
  292. DECLARE_ASN1_FUNCTIONS(OSSL_CMP_CERTREPMESSAGE)
  293. /*-
  294. * PollReqContent ::= SEQUENCE OF SEQUENCE {
  295. * certReqId INTEGER
  296. * }
  297. */
  298. typedef struct OSSL_cmp_pollreq_st {
  299. ASN1_INTEGER *certReqId;
  300. } OSSL_CMP_POLLREQ;
  301. DECLARE_ASN1_FUNCTIONS(OSSL_CMP_POLLREQ)
  302. DEFINE_STACK_OF(OSSL_CMP_POLLREQ)
  303. typedef STACK_OF(OSSL_CMP_POLLREQ) OSSL_CMP_POLLREQCONTENT;
  304. DECLARE_ASN1_FUNCTIONS(OSSL_CMP_POLLREQCONTENT)
  305. /*-
  306. * PollRepContent ::= SEQUENCE OF SEQUENCE {
  307. * certReqId INTEGER,
  308. * checkAfter INTEGER, -- time in seconds
  309. * reason PKIFreeText OPTIONAL
  310. * }
  311. */
  312. struct OSSL_cmp_pollrep_st {
  313. ASN1_INTEGER *certReqId;
  314. ASN1_INTEGER *checkAfter;
  315. OSSL_CMP_PKIFREETEXT *reason;
  316. } /* OSSL_CMP_POLLREP */;
  317. DECLARE_ASN1_FUNCTIONS(OSSL_CMP_POLLREP)
  318. DEFINE_STACK_OF(OSSL_CMP_POLLREP)
  319. DECLARE_ASN1_FUNCTIONS(OSSL_CMP_POLLREPCONTENT)
  320. /*-
  321. * PKIHeader ::= SEQUENCE {
  322. * pvno INTEGER { cmp1999(1), cmp2000(2) },
  323. * sender GeneralName,
  324. * -- identifies the sender
  325. * recipient GeneralName,
  326. * -- identifies the intended recipient
  327. * messageTime [0] GeneralizedTime OPTIONAL,
  328. * -- time of production of this message (used when sender
  329. * -- believes that the transport will be "suitable"; i.e.,
  330. * -- that the time will still be meaningful upon receipt)
  331. * protectionAlg [1] AlgorithmIdentifier OPTIONAL,
  332. * -- algorithm used for calculation of protection bits
  333. * senderKID [2] KeyIdentifier OPTIONAL,
  334. * recipKID [3] KeyIdentifier OPTIONAL,
  335. * -- to identify specific keys used for protection
  336. * transactionID [4] OCTET STRING OPTIONAL,
  337. * -- identifies the transaction; i.e., this will be the same in
  338. * -- corresponding request, response, certConf, and PKIConf
  339. * -- messages
  340. * senderNonce [5] OCTET STRING OPTIONAL,
  341. * recipNonce [6] OCTET STRING OPTIONAL,
  342. * -- nonces used to provide replay protection, senderNonce
  343. * -- is inserted by the creator of this message; recipNonce
  344. * -- is a nonce previously inserted in a related message by
  345. * -- the intended recipient of this message
  346. * freeText [7] PKIFreeText OPTIONAL,
  347. * -- this may be used to indicate context-specific instructions
  348. * -- (this field is intended for human consumption)
  349. * generalInfo [8] SEQUENCE SIZE (1..MAX) OF
  350. * InfoTypeAndValue OPTIONAL
  351. * -- this may be used to convey context-specific information
  352. * -- (this field not primarily intended for human consumption)
  353. * }
  354. */
  355. struct OSSL_cmp_pkiheader_st {
  356. ASN1_INTEGER *pvno;
  357. GENERAL_NAME *sender;
  358. GENERAL_NAME *recipient;
  359. ASN1_GENERALIZEDTIME *messageTime; /* 0 */
  360. X509_ALGOR *protectionAlg; /* 1 */
  361. ASN1_OCTET_STRING *senderKID; /* 2 */
  362. ASN1_OCTET_STRING *recipKID; /* 3 */
  363. ASN1_OCTET_STRING *transactionID; /* 4 */
  364. ASN1_OCTET_STRING *senderNonce; /* 5 */
  365. ASN1_OCTET_STRING *recipNonce; /* 6 */
  366. OSSL_CMP_PKIFREETEXT *freeText; /* 7 */
  367. STACK_OF(OSSL_CMP_ITAV) *generalInfo; /* 8 */
  368. } /* OSSL_CMP_PKIHEADER */;
  369. typedef STACK_OF(OSSL_CMP_CHALLENGE) OSSL_CMP_POPODECKEYCHALLCONTENT;
  370. DECLARE_ASN1_FUNCTIONS(OSSL_CMP_POPODECKEYCHALLCONTENT)
  371. typedef STACK_OF(ASN1_INTEGER) OSSL_CMP_POPODECKEYRESPCONTENT;
  372. DECLARE_ASN1_FUNCTIONS(OSSL_CMP_POPODECKEYRESPCONTENT)
  373. typedef STACK_OF(OSSL_CMP_REVDETAILS) OSSL_CMP_REVREQCONTENT;
  374. DECLARE_ASN1_FUNCTIONS(OSSL_CMP_REVREQCONTENT)
  375. typedef STACK_OF(X509_CRL) OSSL_CMP_CRLANNCONTENT;
  376. DECLARE_ASN1_FUNCTIONS(OSSL_CMP_CRLANNCONTENT)
  377. typedef STACK_OF(OSSL_CMP_ITAV) OSSL_CMP_GENMSGCONTENT;
  378. DECLARE_ASN1_FUNCTIONS(OSSL_CMP_GENMSGCONTENT)
  379. typedef STACK_OF(OSSL_CMP_ITAV) OSSL_CMP_GENREPCONTENT;
  380. DECLARE_ASN1_FUNCTIONS(OSSL_CMP_GENREPCONTENT)
  381. /*-
  382. * PKIBody ::= CHOICE { -- message-specific body elements
  383. * ir [0] CertReqMessages, --Initialization Request
  384. * ip [1] CertRepMessage, --Initialization Response
  385. * cr [2] CertReqMessages, --Certification Request
  386. * cp [3] CertRepMessage, --Certification Response
  387. * p10cr [4] CertificationRequest, --imported from [PKCS10]
  388. * popdecc [5] POPODecKeyChallContent, --pop Challenge
  389. * popdecr [6] POPODecKeyRespContent, --pop Response
  390. * kur [7] CertReqMessages, --Key Update Request
  391. * kup [8] CertRepMessage, --Key Update Response
  392. * krr [9] CertReqMessages, --Key Recovery Request
  393. * krp [10] KeyRecRepContent, --Key Recovery Response
  394. * rr [11] RevReqContent, --Revocation Request
  395. * rp [12] RevRepContent, --Revocation Response
  396. * ccr [13] CertReqMessages, --Cross-Cert. Request
  397. * ccp [14] CertRepMessage, --Cross-Cert. Response
  398. * ckuann [15] CAKeyUpdAnnContent, --CA Key Update Ann.
  399. * cann [16] CertAnnContent, --Certificate Ann.
  400. * rann [17] RevAnnContent, --Revocation Ann.
  401. * crlann [18] CRLAnnContent, --CRL Announcement
  402. * pkiconf [19] PKIConfirmContent, --Confirmation
  403. * nested [20] NestedMessageContent, --Nested Message
  404. * genm [21] GenMsgContent, --General Message
  405. * genp [22] GenRepContent, --General Response
  406. * error [23] ErrorMsgContent, --Error Message
  407. * certConf [24] CertConfirmContent, --Certificate confirm
  408. * pollReq [25] PollReqContent, --Polling request
  409. * pollRep [26] PollRepContent --Polling response
  410. */
  411. typedef struct OSSL_cmp_pkibody_st {
  412. int type;
  413. union {
  414. OSSL_CRMF_MSGS *ir; /* 0 */
  415. OSSL_CMP_CERTREPMESSAGE *ip; /* 1 */
  416. OSSL_CRMF_MSGS *cr; /* 2 */
  417. OSSL_CMP_CERTREPMESSAGE *cp; /* 3 */
  418. /* p10cr [4] CertificationRequest, --imported from [PKCS10] */
  419. /*
  420. * PKCS10_CERTIFICATIONREQUEST is effectively X509_REQ
  421. * so it is used directly
  422. */
  423. X509_REQ *p10cr; /* 4 */
  424. /* popdecc [5] POPODecKeyChallContent, --pop Challenge */
  425. /* POPODecKeyChallContent ::= SEQUENCE OF Challenge */
  426. OSSL_CMP_POPODECKEYCHALLCONTENT *popdecc; /* 5 */
  427. /* popdecr [6] POPODecKeyRespContent, --pop Response */
  428. /* POPODecKeyRespContent ::= SEQUENCE OF INTEGER */
  429. OSSL_CMP_POPODECKEYRESPCONTENT *popdecr; /* 6 */
  430. OSSL_CRMF_MSGS *kur; /* 7 */
  431. OSSL_CMP_CERTREPMESSAGE *kup; /* 8 */
  432. OSSL_CRMF_MSGS *krr; /* 9 */
  433. /* krp [10] KeyRecRepContent, --Key Recovery Response */
  434. OSSL_CMP_KEYRECREPCONTENT *krp; /* 10 */
  435. /* rr [11] RevReqContent, --Revocation Request */
  436. OSSL_CMP_REVREQCONTENT *rr; /* 11 */
  437. /* rp [12] RevRepContent, --Revocation Response */
  438. OSSL_CMP_REVREPCONTENT *rp; /* 12 */
  439. /* ccr [13] CertReqMessages, --Cross-Cert. Request */
  440. OSSL_CRMF_MSGS *ccr; /* 13 */
  441. /* ccp [14] CertRepMessage, --Cross-Cert. Response */
  442. OSSL_CMP_CERTREPMESSAGE *ccp; /* 14 */
  443. /* ckuann [15] CAKeyUpdAnnContent, --CA Key Update Ann. */
  444. OSSL_CMP_CAKEYUPDANNCONTENT *ckuann; /* 15 */
  445. /* cann [16] CertAnnContent, --Certificate Ann. */
  446. /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */
  447. X509 *cann; /* 16 */
  448. /* rann [17] RevAnnContent, --Revocation Ann. */
  449. OSSL_CMP_REVANNCONTENT *rann; /* 17 */
  450. /* crlann [18] CRLAnnContent, --CRL Announcement */
  451. /* CRLAnnContent ::= SEQUENCE OF CertificateList */
  452. OSSL_CMP_CRLANNCONTENT *crlann;
  453. /* PKIConfirmContent ::= NULL */
  454. /* pkiconf [19] PKIConfirmContent, --Confirmation */
  455. /* OSSL_CMP_PKICONFIRMCONTENT would be only a typedef of ASN1_NULL */
  456. /* OSSL_CMP_CONFIRMCONTENT *pkiconf; */
  457. /*
  458. * NOTE: this should ASN1_NULL according to the RFC
  459. * but there might be a struct in it when sent from faulty servers...
  460. */
  461. ASN1_TYPE *pkiconf; /* 19 */
  462. /* nested [20] NestedMessageContent, --Nested Message */
  463. /* NestedMessageContent ::= PKIMessages */
  464. OSSL_CMP_MSGS *nested; /* 20 */
  465. /* genm [21] GenMsgContent, --General Message */
  466. /* GenMsgContent ::= SEQUENCE OF InfoTypeAndValue */
  467. OSSL_CMP_GENMSGCONTENT *genm; /* 21 */
  468. /* genp [22] GenRepContent, --General Response */
  469. /* GenRepContent ::= SEQUENCE OF InfoTypeAndValue */
  470. OSSL_CMP_GENREPCONTENT *genp; /* 22 */
  471. /* error [23] ErrorMsgContent, --Error Message */
  472. OSSL_CMP_ERRORMSGCONTENT *error; /* 23 */
  473. /* certConf [24] CertConfirmContent, --Certificate confirm */
  474. OSSL_CMP_CERTCONFIRMCONTENT *certConf; /* 24 */
  475. /* pollReq [25] PollReqContent, --Polling request */
  476. OSSL_CMP_POLLREQCONTENT *pollReq;
  477. /* pollRep [26] PollRepContent --Polling response */
  478. OSSL_CMP_POLLREPCONTENT *pollRep;
  479. } value;
  480. } OSSL_CMP_PKIBODY;
  481. DECLARE_ASN1_FUNCTIONS(OSSL_CMP_PKIBODY)
  482. /*-
  483. * PKIProtection ::= BIT STRING
  484. *
  485. * PKIMessages ::= SEQUENCE SIZE (1..MAX) OF PKIMessage
  486. *
  487. * PKIMessage ::= SEQUENCE {
  488. * header PKIHeader,
  489. * body PKIBody,
  490. * protection [0] PKIProtection OPTIONAL,
  491. * extraCerts [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate
  492. * OPTIONAL
  493. * }
  494. */
  495. struct OSSL_cmp_msg_st {
  496. OSSL_CMP_PKIHEADER *header;
  497. OSSL_CMP_PKIBODY *body;
  498. ASN1_BIT_STRING *protection; /* 0 */
  499. /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */
  500. STACK_OF(X509) *extraCerts; /* 1 */
  501. } /* OSSL_CMP_MSG */;
  502. DECLARE_ASN1_FUNCTIONS(OSSL_CMP_MSG)
  503. /*-
  504. * ProtectedPart ::= SEQUENCE {
  505. * header PKIHeader,
  506. * body PKIBody
  507. * }
  508. */
  509. typedef struct cmp_protectedpart_st {
  510. OSSL_CMP_PKIHEADER *header;
  511. OSSL_CMP_PKIBODY *body;
  512. } CMP_PROTECTEDPART;
  513. DECLARE_ASN1_FUNCTIONS(CMP_PROTECTEDPART)
  514. /*-
  515. * this is not defined here as it is already in CRMF:
  516. * id-PasswordBasedMac OBJECT IDENTIFIER ::= {1 2 840 113533 7 66 13}
  517. * PBMParameter ::= SEQUENCE {
  518. * salt OCTET STRING,
  519. * -- note: implementations MAY wish to limit acceptable sizes
  520. * -- of this string to values appropriate for their environment
  521. * -- in order to reduce the risk of denial-of-service attacks
  522. * owf AlgorithmIdentifier,
  523. * -- AlgId for a One-Way Function (SHA-1 recommended)
  524. * iterationCount INTEGER,
  525. * -- number of times the OWF is applied
  526. * -- note: implementations MAY wish to limit acceptable sizes
  527. * -- of this integer to values appropriate for their environment
  528. * -- in order to reduce the risk of denial-of-service attacks
  529. * mac AlgorithmIdentifier
  530. * -- the MAC AlgId (e.g., DES-MAC, Triple-DES-MAC [PKCS11],
  531. * } -- or HMAC [RFC2104, RFC2202])
  532. */
  533. /*-
  534. * TODO: this is not yet defined here - but DH is anyway not used yet
  535. *
  536. * id-DHBasedMac OBJECT IDENTIFIER ::= {1 2 840 113533 7 66 30}
  537. * DHBMParameter ::= SEQUENCE {
  538. * owf AlgorithmIdentifier,
  539. * -- AlgId for a One-Way Function (SHA-1 recommended)
  540. * mac AlgorithmIdentifier
  541. * -- the MAC AlgId (e.g., DES-MAC, Triple-DES-MAC [PKCS11],
  542. * } -- or HMAC [RFC2104, RFC2202])
  543. */
  544. /*-
  545. * The following is not cared for, because it is described in section 5.2.5
  546. * that this is beyond the scope of CMP
  547. * OOBCert ::= CMPCertificate
  548. *
  549. * OOBCertHash ::= SEQUENCE {
  550. * hashAlg [0] AlgorithmIdentifier OPTIONAL,
  551. * certId [1] CertId OPTIONAL,
  552. * hashVal BIT STRING
  553. * -- hashVal is calculated over the DER encoding of the
  554. * -- self-signed certificate with the identifier certID.
  555. * }
  556. */
  557. #endif /* !defined OSSL_HEADER_CMP_INT_H */