ts_local.h 5.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152
  1. /*
  2. * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. /*-
  10. * MessageImprint ::= SEQUENCE {
  11. * hashAlgorithm AlgorithmIdentifier,
  12. * hashedMessage OCTET STRING }
  13. */
  14. struct TS_msg_imprint_st {
  15. X509_ALGOR *hash_algo;
  16. ASN1_OCTET_STRING *hashed_msg;
  17. };
  18. /*-
  19. * TimeStampResp ::= SEQUENCE {
  20. * status PKIStatusInfo,
  21. * timeStampToken TimeStampToken OPTIONAL }
  22. */
  23. struct TS_resp_st {
  24. TS_STATUS_INFO *status_info;
  25. PKCS7 *token;
  26. TS_TST_INFO *tst_info;
  27. };
  28. /*-
  29. * TimeStampReq ::= SEQUENCE {
  30. * version INTEGER { v1(1) },
  31. * messageImprint MessageImprint,
  32. * --a hash algorithm OID and the hash value of the data to be
  33. * --time-stamped
  34. * reqPolicy TSAPolicyId OPTIONAL,
  35. * nonce INTEGER OPTIONAL,
  36. * certReq BOOLEAN DEFAULT FALSE,
  37. * extensions [0] IMPLICIT Extensions OPTIONAL }
  38. */
  39. struct TS_req_st {
  40. ASN1_INTEGER *version;
  41. TS_MSG_IMPRINT *msg_imprint;
  42. ASN1_OBJECT *policy_id;
  43. ASN1_INTEGER *nonce;
  44. ASN1_BOOLEAN cert_req;
  45. STACK_OF(X509_EXTENSION) *extensions;
  46. };
  47. /*-
  48. * Accuracy ::= SEQUENCE {
  49. * seconds INTEGER OPTIONAL,
  50. * millis [0] INTEGER (1..999) OPTIONAL,
  51. * micros [1] INTEGER (1..999) OPTIONAL }
  52. */
  53. struct TS_accuracy_st {
  54. ASN1_INTEGER *seconds;
  55. ASN1_INTEGER *millis;
  56. ASN1_INTEGER *micros;
  57. };
  58. /*-
  59. * TSTInfo ::= SEQUENCE {
  60. * version INTEGER { v1(1) },
  61. * policy TSAPolicyId,
  62. * messageImprint MessageImprint,
  63. * -- MUST have the same value as the similar field in
  64. * -- TimeStampReq
  65. * serialNumber INTEGER,
  66. * -- Time-Stamping users MUST be ready to accommodate integers
  67. * -- up to 160 bits.
  68. * genTime GeneralizedTime,
  69. * accuracy Accuracy OPTIONAL,
  70. * ordering BOOLEAN DEFAULT FALSE,
  71. * nonce INTEGER OPTIONAL,
  72. * -- MUST be present if the similar field was present
  73. * -- in TimeStampReq. In that case it MUST have the same value.
  74. * tsa [0] GeneralName OPTIONAL,
  75. * extensions [1] IMPLICIT Extensions OPTIONAL }
  76. */
  77. struct TS_tst_info_st {
  78. ASN1_INTEGER *version;
  79. ASN1_OBJECT *policy_id;
  80. TS_MSG_IMPRINT *msg_imprint;
  81. ASN1_INTEGER *serial;
  82. ASN1_GENERALIZEDTIME *time;
  83. TS_ACCURACY *accuracy;
  84. ASN1_BOOLEAN ordering;
  85. ASN1_INTEGER *nonce;
  86. GENERAL_NAME *tsa;
  87. STACK_OF(X509_EXTENSION) *extensions;
  88. };
  89. struct TS_status_info_st {
  90. ASN1_INTEGER *status;
  91. STACK_OF(ASN1_UTF8STRING) *text;
  92. ASN1_BIT_STRING *failure_info;
  93. };
  94. struct TS_resp_ctx {
  95. X509 *signer_cert;
  96. EVP_PKEY *signer_key;
  97. const EVP_MD *signer_md;
  98. const EVP_MD *ess_cert_id_digest;
  99. STACK_OF(X509) *certs; /* Certs to include in signed data. */
  100. STACK_OF(ASN1_OBJECT) *policies; /* Acceptable policies. */
  101. ASN1_OBJECT *default_policy; /* It may appear in policies, too. */
  102. STACK_OF(EVP_MD) *mds; /* Acceptable message digests. */
  103. ASN1_INTEGER *seconds; /* accuracy, 0 means not specified. */
  104. ASN1_INTEGER *millis; /* accuracy, 0 means not specified. */
  105. ASN1_INTEGER *micros; /* accuracy, 0 means not specified. */
  106. unsigned clock_precision_digits; /* fraction of seconds in time stamp
  107. * token. */
  108. unsigned flags; /* Optional info, see values above. */
  109. /* Callback functions. */
  110. TS_serial_cb serial_cb;
  111. void *serial_cb_data; /* User data for serial_cb. */
  112. TS_time_cb time_cb;
  113. void *time_cb_data; /* User data for time_cb. */
  114. TS_extension_cb extension_cb;
  115. void *extension_cb_data; /* User data for extension_cb. */
  116. /* These members are used only while creating the response. */
  117. TS_REQ *request;
  118. TS_RESP *response;
  119. TS_TST_INFO *tst_info;
  120. OSSL_LIB_CTX *libctx;
  121. char *propq;
  122. };
  123. struct TS_verify_ctx {
  124. /* Set this to the union of TS_VFY_... flags you want to carry out. */
  125. unsigned flags;
  126. /* Must be set only with TS_VFY_SIGNATURE. certs is optional. */
  127. X509_STORE *store;
  128. STACK_OF(X509) *certs;
  129. /* Must be set only with TS_VFY_POLICY. */
  130. ASN1_OBJECT *policy;
  131. /*
  132. * Must be set only with TS_VFY_IMPRINT. If md_alg is NULL, the
  133. * algorithm from the response is used.
  134. */
  135. X509_ALGOR *md_alg;
  136. unsigned char *imprint;
  137. unsigned imprint_len;
  138. /* Must be set only with TS_VFY_DATA. */
  139. BIO *data;
  140. /* Must be set only with TS_VFY_TSA_NAME. */
  141. ASN1_INTEGER *nonce;
  142. /* Must be set only with TS_VFY_TSA_NAME. */
  143. GENERAL_NAME *tsa_name;
  144. };