1e1051a39Sopenharmony_ci/* 2e1051a39Sopenharmony_ci * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. 3e1051a39Sopenharmony_ci * Copyright Nokia 2007-2019 4e1051a39Sopenharmony_ci * Copyright Siemens AG 2015-2019 5e1051a39Sopenharmony_ci * 6e1051a39Sopenharmony_ci * Licensed under the Apache License 2.0 (the "License"). You may not use 7e1051a39Sopenharmony_ci * this file except in compliance with the License. You can obtain a copy 8e1051a39Sopenharmony_ci * in the file LICENSE in the source distribution or at 9e1051a39Sopenharmony_ci * https://www.openssl.org/source/license.html 10e1051a39Sopenharmony_ci */ 11e1051a39Sopenharmony_ci 12e1051a39Sopenharmony_ci#include <openssl/asn1t.h> 13e1051a39Sopenharmony_ci 14e1051a39Sopenharmony_ci#include "cmp_local.h" 15e1051a39Sopenharmony_ci 16e1051a39Sopenharmony_ci/* explicit #includes not strictly needed since implied by the above: */ 17e1051a39Sopenharmony_ci#include <openssl/cmp.h> 18e1051a39Sopenharmony_ci#include <openssl/crmf.h> 19e1051a39Sopenharmony_ci 20e1051a39Sopenharmony_ci/* ASN.1 declarations from RFC4210 */ 21e1051a39Sopenharmony_ciASN1_SEQUENCE(OSSL_CMP_REVANNCONTENT) = { 22e1051a39Sopenharmony_ci /* OSSL_CMP_PKISTATUS is effectively ASN1_INTEGER so it is used directly */ 23e1051a39Sopenharmony_ci ASN1_SIMPLE(OSSL_CMP_REVANNCONTENT, status, ASN1_INTEGER), 24e1051a39Sopenharmony_ci ASN1_SIMPLE(OSSL_CMP_REVANNCONTENT, certId, OSSL_CRMF_CERTID), 25e1051a39Sopenharmony_ci ASN1_SIMPLE(OSSL_CMP_REVANNCONTENT, willBeRevokedAt, ASN1_GENERALIZEDTIME), 26e1051a39Sopenharmony_ci ASN1_SIMPLE(OSSL_CMP_REVANNCONTENT, badSinceDate, ASN1_GENERALIZEDTIME), 27e1051a39Sopenharmony_ci ASN1_OPT(OSSL_CMP_REVANNCONTENT, crlDetails, X509_EXTENSIONS) 28e1051a39Sopenharmony_ci} ASN1_SEQUENCE_END(OSSL_CMP_REVANNCONTENT) 29e1051a39Sopenharmony_ciIMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_REVANNCONTENT) 30e1051a39Sopenharmony_ci 31e1051a39Sopenharmony_ci 32e1051a39Sopenharmony_ciASN1_SEQUENCE(OSSL_CMP_CHALLENGE) = { 33e1051a39Sopenharmony_ci ASN1_OPT(OSSL_CMP_CHALLENGE, owf, X509_ALGOR), 34e1051a39Sopenharmony_ci ASN1_SIMPLE(OSSL_CMP_CHALLENGE, witness, ASN1_OCTET_STRING), 35e1051a39Sopenharmony_ci ASN1_SIMPLE(OSSL_CMP_CHALLENGE, challenge, ASN1_OCTET_STRING) 36e1051a39Sopenharmony_ci} ASN1_SEQUENCE_END(OSSL_CMP_CHALLENGE) 37e1051a39Sopenharmony_ciIMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CHALLENGE) 38e1051a39Sopenharmony_ci 39e1051a39Sopenharmony_ci 40e1051a39Sopenharmony_ciASN1_ITEM_TEMPLATE(OSSL_CMP_POPODECKEYCHALLCONTENT) = 41e1051a39Sopenharmony_ci ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, 42e1051a39Sopenharmony_ci OSSL_CMP_POPODECKEYCHALLCONTENT, OSSL_CMP_CHALLENGE) 43e1051a39Sopenharmony_ciASN1_ITEM_TEMPLATE_END(OSSL_CMP_POPODECKEYCHALLCONTENT) 44e1051a39Sopenharmony_ci 45e1051a39Sopenharmony_ci 46e1051a39Sopenharmony_ciASN1_ITEM_TEMPLATE(OSSL_CMP_POPODECKEYRESPCONTENT) = 47e1051a39Sopenharmony_ci ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, 48e1051a39Sopenharmony_ci OSSL_CMP_POPODECKEYRESPCONTENT, ASN1_INTEGER) 49e1051a39Sopenharmony_ciASN1_ITEM_TEMPLATE_END(OSSL_CMP_POPODECKEYRESPCONTENT) 50e1051a39Sopenharmony_ci 51e1051a39Sopenharmony_ci 52e1051a39Sopenharmony_ciASN1_SEQUENCE(OSSL_CMP_CAKEYUPDANNCONTENT) = { 53e1051a39Sopenharmony_ci /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */ 54e1051a39Sopenharmony_ci ASN1_SIMPLE(OSSL_CMP_CAKEYUPDANNCONTENT, oldWithNew, X509), 55e1051a39Sopenharmony_ci /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */ 56e1051a39Sopenharmony_ci ASN1_SIMPLE(OSSL_CMP_CAKEYUPDANNCONTENT, newWithOld, X509), 57e1051a39Sopenharmony_ci /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */ 58e1051a39Sopenharmony_ci ASN1_SIMPLE(OSSL_CMP_CAKEYUPDANNCONTENT, newWithNew, X509) 59e1051a39Sopenharmony_ci} ASN1_SEQUENCE_END(OSSL_CMP_CAKEYUPDANNCONTENT) 60e1051a39Sopenharmony_ciIMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CAKEYUPDANNCONTENT) 61e1051a39Sopenharmony_ci 62e1051a39Sopenharmony_ci 63e1051a39Sopenharmony_ciASN1_SEQUENCE(OSSL_CMP_ERRORMSGCONTENT) = { 64e1051a39Sopenharmony_ci ASN1_SIMPLE(OSSL_CMP_ERRORMSGCONTENT, pKIStatusInfo, OSSL_CMP_PKISI), 65e1051a39Sopenharmony_ci ASN1_OPT(OSSL_CMP_ERRORMSGCONTENT, errorCode, ASN1_INTEGER), 66e1051a39Sopenharmony_ci /* 67e1051a39Sopenharmony_ci * OSSL_CMP_PKIFREETEXT is effectively a sequence of ASN1_UTF8STRING 68e1051a39Sopenharmony_ci * so it is used directly 69e1051a39Sopenharmony_ci * 70e1051a39Sopenharmony_ci */ 71e1051a39Sopenharmony_ci ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ERRORMSGCONTENT, errorDetails, 72e1051a39Sopenharmony_ci ASN1_UTF8STRING) 73e1051a39Sopenharmony_ci} ASN1_SEQUENCE_END(OSSL_CMP_ERRORMSGCONTENT) 74e1051a39Sopenharmony_ciIMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_ERRORMSGCONTENT) 75e1051a39Sopenharmony_ci 76e1051a39Sopenharmony_ciASN1_ADB_TEMPLATE(infotypeandvalue_default) = ASN1_OPT(OSSL_CMP_ITAV, 77e1051a39Sopenharmony_ci infoValue.other, 78e1051a39Sopenharmony_ci ASN1_ANY); 79e1051a39Sopenharmony_ci/* ITAV means InfoTypeAndValue */ 80e1051a39Sopenharmony_ciASN1_ADB(OSSL_CMP_ITAV) = { 81e1051a39Sopenharmony_ci /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */ 82e1051a39Sopenharmony_ci ADB_ENTRY(NID_id_it_caProtEncCert, ASN1_OPT(OSSL_CMP_ITAV, 83e1051a39Sopenharmony_ci infoValue.caProtEncCert, X509)), 84e1051a39Sopenharmony_ci ADB_ENTRY(NID_id_it_signKeyPairTypes, 85e1051a39Sopenharmony_ci ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ITAV, 86e1051a39Sopenharmony_ci infoValue.signKeyPairTypes, X509_ALGOR)), 87e1051a39Sopenharmony_ci ADB_ENTRY(NID_id_it_encKeyPairTypes, 88e1051a39Sopenharmony_ci ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ITAV, 89e1051a39Sopenharmony_ci infoValue.encKeyPairTypes, X509_ALGOR)), 90e1051a39Sopenharmony_ci ADB_ENTRY(NID_id_it_preferredSymmAlg, 91e1051a39Sopenharmony_ci ASN1_OPT(OSSL_CMP_ITAV, infoValue.preferredSymmAlg, 92e1051a39Sopenharmony_ci X509_ALGOR)), 93e1051a39Sopenharmony_ci ADB_ENTRY(NID_id_it_caKeyUpdateInfo, 94e1051a39Sopenharmony_ci ASN1_OPT(OSSL_CMP_ITAV, infoValue.caKeyUpdateInfo, 95e1051a39Sopenharmony_ci OSSL_CMP_CAKEYUPDANNCONTENT)), 96e1051a39Sopenharmony_ci ADB_ENTRY(NID_id_it_currentCRL, 97e1051a39Sopenharmony_ci ASN1_OPT(OSSL_CMP_ITAV, infoValue.currentCRL, X509_CRL)), 98e1051a39Sopenharmony_ci ADB_ENTRY(NID_id_it_unsupportedOIDs, 99e1051a39Sopenharmony_ci ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ITAV, 100e1051a39Sopenharmony_ci infoValue.unsupportedOIDs, ASN1_OBJECT)), 101e1051a39Sopenharmony_ci ADB_ENTRY(NID_id_it_keyPairParamReq, 102e1051a39Sopenharmony_ci ASN1_OPT(OSSL_CMP_ITAV, infoValue.keyPairParamReq, 103e1051a39Sopenharmony_ci ASN1_OBJECT)), 104e1051a39Sopenharmony_ci ADB_ENTRY(NID_id_it_keyPairParamRep, 105e1051a39Sopenharmony_ci ASN1_OPT(OSSL_CMP_ITAV, infoValue.keyPairParamRep, 106e1051a39Sopenharmony_ci X509_ALGOR)), 107e1051a39Sopenharmony_ci ADB_ENTRY(NID_id_it_revPassphrase, 108e1051a39Sopenharmony_ci ASN1_OPT(OSSL_CMP_ITAV, infoValue.revPassphrase, 109e1051a39Sopenharmony_ci OSSL_CRMF_ENCRYPTEDVALUE)), 110e1051a39Sopenharmony_ci ADB_ENTRY(NID_id_it_implicitConfirm, 111e1051a39Sopenharmony_ci ASN1_OPT(OSSL_CMP_ITAV, infoValue.implicitConfirm, 112e1051a39Sopenharmony_ci ASN1_NULL)), 113e1051a39Sopenharmony_ci ADB_ENTRY(NID_id_it_confirmWaitTime, 114e1051a39Sopenharmony_ci ASN1_OPT(OSSL_CMP_ITAV, infoValue.confirmWaitTime, 115e1051a39Sopenharmony_ci ASN1_GENERALIZEDTIME)), 116e1051a39Sopenharmony_ci ADB_ENTRY(NID_id_it_origPKIMessage, 117e1051a39Sopenharmony_ci ASN1_OPT(OSSL_CMP_ITAV, infoValue.origPKIMessage, 118e1051a39Sopenharmony_ci OSSL_CMP_MSGS)), 119e1051a39Sopenharmony_ci ADB_ENTRY(NID_id_it_suppLangTags, 120e1051a39Sopenharmony_ci ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ITAV, infoValue.suppLangTagsValue, 121e1051a39Sopenharmony_ci ASN1_UTF8STRING)), 122e1051a39Sopenharmony_ci} ASN1_ADB_END(OSSL_CMP_ITAV, 0, infoType, 0, 123e1051a39Sopenharmony_ci &infotypeandvalue_default_tt, NULL); 124e1051a39Sopenharmony_ci 125e1051a39Sopenharmony_ci 126e1051a39Sopenharmony_ciASN1_SEQUENCE(OSSL_CMP_ITAV) = { 127e1051a39Sopenharmony_ci ASN1_SIMPLE(OSSL_CMP_ITAV, infoType, ASN1_OBJECT), 128e1051a39Sopenharmony_ci ASN1_ADB_OBJECT(OSSL_CMP_ITAV) 129e1051a39Sopenharmony_ci} ASN1_SEQUENCE_END(OSSL_CMP_ITAV) 130e1051a39Sopenharmony_ciIMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_ITAV) 131e1051a39Sopenharmony_ciIMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CMP_ITAV) 132e1051a39Sopenharmony_ci 133e1051a39Sopenharmony_ciOSSL_CMP_ITAV *OSSL_CMP_ITAV_create(ASN1_OBJECT *type, ASN1_TYPE *value) 134e1051a39Sopenharmony_ci{ 135e1051a39Sopenharmony_ci OSSL_CMP_ITAV *itav; 136e1051a39Sopenharmony_ci 137e1051a39Sopenharmony_ci if (type == NULL || (itav = OSSL_CMP_ITAV_new()) == NULL) 138e1051a39Sopenharmony_ci return NULL; 139e1051a39Sopenharmony_ci OSSL_CMP_ITAV_set0(itav, type, value); 140e1051a39Sopenharmony_ci return itav; 141e1051a39Sopenharmony_ci} 142e1051a39Sopenharmony_ci 143e1051a39Sopenharmony_civoid OSSL_CMP_ITAV_set0(OSSL_CMP_ITAV *itav, ASN1_OBJECT *type, 144e1051a39Sopenharmony_ci ASN1_TYPE *value) 145e1051a39Sopenharmony_ci{ 146e1051a39Sopenharmony_ci itav->infoType = type; 147e1051a39Sopenharmony_ci itav->infoValue.other = value; 148e1051a39Sopenharmony_ci} 149e1051a39Sopenharmony_ci 150e1051a39Sopenharmony_ciASN1_OBJECT *OSSL_CMP_ITAV_get0_type(const OSSL_CMP_ITAV *itav) 151e1051a39Sopenharmony_ci{ 152e1051a39Sopenharmony_ci if (itav == NULL) 153e1051a39Sopenharmony_ci return NULL; 154e1051a39Sopenharmony_ci return itav->infoType; 155e1051a39Sopenharmony_ci} 156e1051a39Sopenharmony_ci 157e1051a39Sopenharmony_ciASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav) 158e1051a39Sopenharmony_ci{ 159e1051a39Sopenharmony_ci if (itav == NULL) 160e1051a39Sopenharmony_ci return NULL; 161e1051a39Sopenharmony_ci return itav->infoValue.other; 162e1051a39Sopenharmony_ci} 163e1051a39Sopenharmony_ci 164e1051a39Sopenharmony_ciint OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p, 165e1051a39Sopenharmony_ci OSSL_CMP_ITAV *itav) 166e1051a39Sopenharmony_ci{ 167e1051a39Sopenharmony_ci int created = 0; 168e1051a39Sopenharmony_ci 169e1051a39Sopenharmony_ci if (itav_sk_p == NULL || itav == NULL) { 170e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); 171e1051a39Sopenharmony_ci goto err; 172e1051a39Sopenharmony_ci } 173e1051a39Sopenharmony_ci 174e1051a39Sopenharmony_ci if (*itav_sk_p == NULL) { 175e1051a39Sopenharmony_ci if ((*itav_sk_p = sk_OSSL_CMP_ITAV_new_null()) == NULL) 176e1051a39Sopenharmony_ci goto err; 177e1051a39Sopenharmony_ci created = 1; 178e1051a39Sopenharmony_ci } 179e1051a39Sopenharmony_ci if (!sk_OSSL_CMP_ITAV_push(*itav_sk_p, itav)) 180e1051a39Sopenharmony_ci goto err; 181e1051a39Sopenharmony_ci return 1; 182e1051a39Sopenharmony_ci 183e1051a39Sopenharmony_ci err: 184e1051a39Sopenharmony_ci if (created != 0) { 185e1051a39Sopenharmony_ci sk_OSSL_CMP_ITAV_free(*itav_sk_p); 186e1051a39Sopenharmony_ci *itav_sk_p = NULL; 187e1051a39Sopenharmony_ci } 188e1051a39Sopenharmony_ci return 0; 189e1051a39Sopenharmony_ci} 190e1051a39Sopenharmony_ci 191e1051a39Sopenharmony_ci/* get ASN.1 encoded integer, return -1 on error */ 192e1051a39Sopenharmony_ciint ossl_cmp_asn1_get_int(const ASN1_INTEGER *a) 193e1051a39Sopenharmony_ci{ 194e1051a39Sopenharmony_ci int64_t res; 195e1051a39Sopenharmony_ci 196e1051a39Sopenharmony_ci if (!ASN1_INTEGER_get_int64(&res, a)) { 197e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_CMP, ASN1_R_INVALID_NUMBER); 198e1051a39Sopenharmony_ci return -1; 199e1051a39Sopenharmony_ci } 200e1051a39Sopenharmony_ci if (res < INT_MIN) { 201e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_CMP, ASN1_R_TOO_SMALL); 202e1051a39Sopenharmony_ci return -1; 203e1051a39Sopenharmony_ci } 204e1051a39Sopenharmony_ci if (res > INT_MAX) { 205e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_CMP, ASN1_R_TOO_LARGE); 206e1051a39Sopenharmony_ci return -1; 207e1051a39Sopenharmony_ci } 208e1051a39Sopenharmony_ci return (int)res; 209e1051a39Sopenharmony_ci} 210e1051a39Sopenharmony_ci 211e1051a39Sopenharmony_cistatic int ossl_cmp_msg_cb(int operation, ASN1_VALUE **pval, 212e1051a39Sopenharmony_ci const ASN1_ITEM *it, void *exarg) 213e1051a39Sopenharmony_ci{ 214e1051a39Sopenharmony_ci OSSL_CMP_MSG *msg = (OSSL_CMP_MSG *)*pval; 215e1051a39Sopenharmony_ci 216e1051a39Sopenharmony_ci switch (operation) { 217e1051a39Sopenharmony_ci case ASN1_OP_FREE_POST: 218e1051a39Sopenharmony_ci OPENSSL_free(msg->propq); 219e1051a39Sopenharmony_ci break; 220e1051a39Sopenharmony_ci 221e1051a39Sopenharmony_ci case ASN1_OP_DUP_POST: 222e1051a39Sopenharmony_ci { 223e1051a39Sopenharmony_ci OSSL_CMP_MSG *old = exarg; 224e1051a39Sopenharmony_ci 225e1051a39Sopenharmony_ci if (!ossl_cmp_msg_set0_libctx(msg, old->libctx, old->propq)) 226e1051a39Sopenharmony_ci return 0; 227e1051a39Sopenharmony_ci } 228e1051a39Sopenharmony_ci break; 229e1051a39Sopenharmony_ci case ASN1_OP_GET0_LIBCTX: 230e1051a39Sopenharmony_ci { 231e1051a39Sopenharmony_ci OSSL_LIB_CTX **libctx = exarg; 232e1051a39Sopenharmony_ci 233e1051a39Sopenharmony_ci *libctx = msg->libctx; 234e1051a39Sopenharmony_ci } 235e1051a39Sopenharmony_ci break; 236e1051a39Sopenharmony_ci case ASN1_OP_GET0_PROPQ: 237e1051a39Sopenharmony_ci { 238e1051a39Sopenharmony_ci const char **propq = exarg; 239e1051a39Sopenharmony_ci 240e1051a39Sopenharmony_ci *propq = msg->propq; 241e1051a39Sopenharmony_ci } 242e1051a39Sopenharmony_ci break; 243e1051a39Sopenharmony_ci default: 244e1051a39Sopenharmony_ci break; 245e1051a39Sopenharmony_ci } 246e1051a39Sopenharmony_ci 247e1051a39Sopenharmony_ci return 1; 248e1051a39Sopenharmony_ci} 249e1051a39Sopenharmony_ci 250e1051a39Sopenharmony_ciASN1_CHOICE(OSSL_CMP_CERTORENCCERT) = { 251e1051a39Sopenharmony_ci /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */ 252e1051a39Sopenharmony_ci ASN1_EXP(OSSL_CMP_CERTORENCCERT, value.certificate, X509, 0), 253e1051a39Sopenharmony_ci ASN1_EXP(OSSL_CMP_CERTORENCCERT, value.encryptedCert, 254e1051a39Sopenharmony_ci OSSL_CRMF_ENCRYPTEDVALUE, 1), 255e1051a39Sopenharmony_ci} ASN1_CHOICE_END(OSSL_CMP_CERTORENCCERT) 256e1051a39Sopenharmony_ciIMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTORENCCERT) 257e1051a39Sopenharmony_ci 258e1051a39Sopenharmony_ci 259e1051a39Sopenharmony_ciASN1_SEQUENCE(OSSL_CMP_CERTIFIEDKEYPAIR) = { 260e1051a39Sopenharmony_ci ASN1_SIMPLE(OSSL_CMP_CERTIFIEDKEYPAIR, certOrEncCert, 261e1051a39Sopenharmony_ci OSSL_CMP_CERTORENCCERT), 262e1051a39Sopenharmony_ci ASN1_EXP_OPT(OSSL_CMP_CERTIFIEDKEYPAIR, privateKey, 263e1051a39Sopenharmony_ci OSSL_CRMF_ENCRYPTEDVALUE, 0), 264e1051a39Sopenharmony_ci ASN1_EXP_OPT(OSSL_CMP_CERTIFIEDKEYPAIR, publicationInfo, 265e1051a39Sopenharmony_ci OSSL_CRMF_PKIPUBLICATIONINFO, 1) 266e1051a39Sopenharmony_ci} ASN1_SEQUENCE_END(OSSL_CMP_CERTIFIEDKEYPAIR) 267e1051a39Sopenharmony_ciIMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTIFIEDKEYPAIR) 268e1051a39Sopenharmony_ci 269e1051a39Sopenharmony_ci 270e1051a39Sopenharmony_ciASN1_SEQUENCE(OSSL_CMP_REVDETAILS) = { 271e1051a39Sopenharmony_ci ASN1_SIMPLE(OSSL_CMP_REVDETAILS, certDetails, OSSL_CRMF_CERTTEMPLATE), 272e1051a39Sopenharmony_ci ASN1_OPT(OSSL_CMP_REVDETAILS, crlEntryDetails, X509_EXTENSIONS) 273e1051a39Sopenharmony_ci} ASN1_SEQUENCE_END(OSSL_CMP_REVDETAILS) 274e1051a39Sopenharmony_ciIMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_REVDETAILS) 275e1051a39Sopenharmony_ci 276e1051a39Sopenharmony_ci 277e1051a39Sopenharmony_ciASN1_ITEM_TEMPLATE(OSSL_CMP_REVREQCONTENT) = 278e1051a39Sopenharmony_ci ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_REVREQCONTENT, 279e1051a39Sopenharmony_ci OSSL_CMP_REVDETAILS) 280e1051a39Sopenharmony_ciASN1_ITEM_TEMPLATE_END(OSSL_CMP_REVREQCONTENT) 281e1051a39Sopenharmony_ci 282e1051a39Sopenharmony_ci 283e1051a39Sopenharmony_ciASN1_SEQUENCE(OSSL_CMP_REVREPCONTENT) = { 284e1051a39Sopenharmony_ci ASN1_SEQUENCE_OF(OSSL_CMP_REVREPCONTENT, status, OSSL_CMP_PKISI), 285e1051a39Sopenharmony_ci ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_REVREPCONTENT, revCerts, OSSL_CRMF_CERTID, 286e1051a39Sopenharmony_ci 0), 287e1051a39Sopenharmony_ci ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_REVREPCONTENT, crls, X509_CRL, 1) 288e1051a39Sopenharmony_ci} ASN1_SEQUENCE_END(OSSL_CMP_REVREPCONTENT) 289e1051a39Sopenharmony_ciIMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_REVREPCONTENT) 290e1051a39Sopenharmony_ci 291e1051a39Sopenharmony_ci 292e1051a39Sopenharmony_ciASN1_SEQUENCE(OSSL_CMP_KEYRECREPCONTENT) = { 293e1051a39Sopenharmony_ci ASN1_SIMPLE(OSSL_CMP_KEYRECREPCONTENT, status, OSSL_CMP_PKISI), 294e1051a39Sopenharmony_ci ASN1_EXP_OPT(OSSL_CMP_KEYRECREPCONTENT, newSigCert, X509, 0), 295e1051a39Sopenharmony_ci ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_KEYRECREPCONTENT, caCerts, X509, 1), 296e1051a39Sopenharmony_ci ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_KEYRECREPCONTENT, keyPairHist, 297e1051a39Sopenharmony_ci OSSL_CMP_CERTIFIEDKEYPAIR, 2) 298e1051a39Sopenharmony_ci} ASN1_SEQUENCE_END(OSSL_CMP_KEYRECREPCONTENT) 299e1051a39Sopenharmony_ciIMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_KEYRECREPCONTENT) 300e1051a39Sopenharmony_ci 301e1051a39Sopenharmony_ci 302e1051a39Sopenharmony_ciASN1_ITEM_TEMPLATE(OSSL_CMP_PKISTATUS) = 303e1051a39Sopenharmony_ci ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_UNIVERSAL, 0, status, ASN1_INTEGER) 304e1051a39Sopenharmony_ciASN1_ITEM_TEMPLATE_END(OSSL_CMP_PKISTATUS) 305e1051a39Sopenharmony_ci 306e1051a39Sopenharmony_ciASN1_SEQUENCE(OSSL_CMP_PKISI) = { 307e1051a39Sopenharmony_ci ASN1_SIMPLE(OSSL_CMP_PKISI, status, OSSL_CMP_PKISTATUS), 308e1051a39Sopenharmony_ci /* 309e1051a39Sopenharmony_ci * CMP_PKIFREETEXT is effectively a sequence of ASN1_UTF8STRING 310e1051a39Sopenharmony_ci * so it is used directly 311e1051a39Sopenharmony_ci */ 312e1051a39Sopenharmony_ci ASN1_SEQUENCE_OF_OPT(OSSL_CMP_PKISI, statusString, ASN1_UTF8STRING), 313e1051a39Sopenharmony_ci /* 314e1051a39Sopenharmony_ci * OSSL_CMP_PKIFAILUREINFO is effectively ASN1_BIT_STRING so used directly 315e1051a39Sopenharmony_ci */ 316e1051a39Sopenharmony_ci ASN1_OPT(OSSL_CMP_PKISI, failInfo, ASN1_BIT_STRING) 317e1051a39Sopenharmony_ci} ASN1_SEQUENCE_END(OSSL_CMP_PKISI) 318e1051a39Sopenharmony_ciIMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_PKISI) 319e1051a39Sopenharmony_ciIMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CMP_PKISI) 320e1051a39Sopenharmony_ci 321e1051a39Sopenharmony_ciASN1_SEQUENCE(OSSL_CMP_CERTSTATUS) = { 322e1051a39Sopenharmony_ci ASN1_SIMPLE(OSSL_CMP_CERTSTATUS, certHash, ASN1_OCTET_STRING), 323e1051a39Sopenharmony_ci ASN1_SIMPLE(OSSL_CMP_CERTSTATUS, certReqId, ASN1_INTEGER), 324e1051a39Sopenharmony_ci ASN1_OPT(OSSL_CMP_CERTSTATUS, statusInfo, OSSL_CMP_PKISI) 325e1051a39Sopenharmony_ci} ASN1_SEQUENCE_END(OSSL_CMP_CERTSTATUS) 326e1051a39Sopenharmony_ciIMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTSTATUS) 327e1051a39Sopenharmony_ci 328e1051a39Sopenharmony_ciASN1_ITEM_TEMPLATE(OSSL_CMP_CERTCONFIRMCONTENT) = 329e1051a39Sopenharmony_ci ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_CERTCONFIRMCONTENT, 330e1051a39Sopenharmony_ci OSSL_CMP_CERTSTATUS) 331e1051a39Sopenharmony_ciASN1_ITEM_TEMPLATE_END(OSSL_CMP_CERTCONFIRMCONTENT) 332e1051a39Sopenharmony_ci 333e1051a39Sopenharmony_ciASN1_SEQUENCE(OSSL_CMP_CERTRESPONSE) = { 334e1051a39Sopenharmony_ci ASN1_SIMPLE(OSSL_CMP_CERTRESPONSE, certReqId, ASN1_INTEGER), 335e1051a39Sopenharmony_ci ASN1_SIMPLE(OSSL_CMP_CERTRESPONSE, status, OSSL_CMP_PKISI), 336e1051a39Sopenharmony_ci ASN1_OPT(OSSL_CMP_CERTRESPONSE, certifiedKeyPair, 337e1051a39Sopenharmony_ci OSSL_CMP_CERTIFIEDKEYPAIR), 338e1051a39Sopenharmony_ci ASN1_OPT(OSSL_CMP_CERTRESPONSE, rspInfo, ASN1_OCTET_STRING) 339e1051a39Sopenharmony_ci} ASN1_SEQUENCE_END(OSSL_CMP_CERTRESPONSE) 340e1051a39Sopenharmony_ciIMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTRESPONSE) 341e1051a39Sopenharmony_ci 342e1051a39Sopenharmony_ciASN1_SEQUENCE(OSSL_CMP_POLLREQ) = { 343e1051a39Sopenharmony_ci ASN1_SIMPLE(OSSL_CMP_POLLREQ, certReqId, ASN1_INTEGER) 344e1051a39Sopenharmony_ci} ASN1_SEQUENCE_END(OSSL_CMP_POLLREQ) 345e1051a39Sopenharmony_ciIMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_POLLREQ) 346e1051a39Sopenharmony_ci 347e1051a39Sopenharmony_ciASN1_ITEM_TEMPLATE(OSSL_CMP_POLLREQCONTENT) = 348e1051a39Sopenharmony_ci ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_POLLREQCONTENT, 349e1051a39Sopenharmony_ci OSSL_CMP_POLLREQ) 350e1051a39Sopenharmony_ciASN1_ITEM_TEMPLATE_END(OSSL_CMP_POLLREQCONTENT) 351e1051a39Sopenharmony_ci 352e1051a39Sopenharmony_ciASN1_SEQUENCE(OSSL_CMP_POLLREP) = { 353e1051a39Sopenharmony_ci ASN1_SIMPLE(OSSL_CMP_POLLREP, certReqId, ASN1_INTEGER), 354e1051a39Sopenharmony_ci ASN1_SIMPLE(OSSL_CMP_POLLREP, checkAfter, ASN1_INTEGER), 355e1051a39Sopenharmony_ci ASN1_SEQUENCE_OF_OPT(OSSL_CMP_POLLREP, reason, ASN1_UTF8STRING), 356e1051a39Sopenharmony_ci} ASN1_SEQUENCE_END(OSSL_CMP_POLLREP) 357e1051a39Sopenharmony_ciIMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_POLLREP) 358e1051a39Sopenharmony_ci 359e1051a39Sopenharmony_ciASN1_ITEM_TEMPLATE(OSSL_CMP_POLLREPCONTENT) = 360e1051a39Sopenharmony_ci ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, 361e1051a39Sopenharmony_ci OSSL_CMP_POLLREPCONTENT, 362e1051a39Sopenharmony_ci OSSL_CMP_POLLREP) 363e1051a39Sopenharmony_ciASN1_ITEM_TEMPLATE_END(OSSL_CMP_POLLREPCONTENT) 364e1051a39Sopenharmony_ci 365e1051a39Sopenharmony_ciASN1_SEQUENCE(OSSL_CMP_CERTREPMESSAGE) = { 366e1051a39Sopenharmony_ci /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */ 367e1051a39Sopenharmony_ci ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_CERTREPMESSAGE, caPubs, X509, 1), 368e1051a39Sopenharmony_ci ASN1_SEQUENCE_OF(OSSL_CMP_CERTREPMESSAGE, response, OSSL_CMP_CERTRESPONSE) 369e1051a39Sopenharmony_ci} ASN1_SEQUENCE_END(OSSL_CMP_CERTREPMESSAGE) 370e1051a39Sopenharmony_ciIMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTREPMESSAGE) 371e1051a39Sopenharmony_ci 372e1051a39Sopenharmony_ciASN1_ITEM_TEMPLATE(OSSL_CMP_GENMSGCONTENT) = 373e1051a39Sopenharmony_ci ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_GENMSGCONTENT, 374e1051a39Sopenharmony_ci OSSL_CMP_ITAV) 375e1051a39Sopenharmony_ciASN1_ITEM_TEMPLATE_END(OSSL_CMP_GENMSGCONTENT) 376e1051a39Sopenharmony_ci 377e1051a39Sopenharmony_ciASN1_ITEM_TEMPLATE(OSSL_CMP_GENREPCONTENT) = 378e1051a39Sopenharmony_ci ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_GENREPCONTENT, 379e1051a39Sopenharmony_ci OSSL_CMP_ITAV) 380e1051a39Sopenharmony_ciASN1_ITEM_TEMPLATE_END(OSSL_CMP_GENREPCONTENT) 381e1051a39Sopenharmony_ci 382e1051a39Sopenharmony_ciASN1_ITEM_TEMPLATE(OSSL_CMP_CRLANNCONTENT) = 383e1051a39Sopenharmony_ci ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, 384e1051a39Sopenharmony_ci OSSL_CMP_CRLANNCONTENT, X509_CRL) 385e1051a39Sopenharmony_ciASN1_ITEM_TEMPLATE_END(OSSL_CMP_CRLANNCONTENT) 386e1051a39Sopenharmony_ci 387e1051a39Sopenharmony_ciASN1_CHOICE(OSSL_CMP_PKIBODY) = { 388e1051a39Sopenharmony_ci ASN1_EXP(OSSL_CMP_PKIBODY, value.ir, OSSL_CRMF_MSGS, 0), 389e1051a39Sopenharmony_ci ASN1_EXP(OSSL_CMP_PKIBODY, value.ip, OSSL_CMP_CERTREPMESSAGE, 1), 390e1051a39Sopenharmony_ci ASN1_EXP(OSSL_CMP_PKIBODY, value.cr, OSSL_CRMF_MSGS, 2), 391e1051a39Sopenharmony_ci ASN1_EXP(OSSL_CMP_PKIBODY, value.cp, OSSL_CMP_CERTREPMESSAGE, 3), 392e1051a39Sopenharmony_ci ASN1_EXP(OSSL_CMP_PKIBODY, value.p10cr, X509_REQ, 4), 393e1051a39Sopenharmony_ci ASN1_EXP(OSSL_CMP_PKIBODY, value.popdecc, 394e1051a39Sopenharmony_ci OSSL_CMP_POPODECKEYCHALLCONTENT, 5), 395e1051a39Sopenharmony_ci ASN1_EXP(OSSL_CMP_PKIBODY, value.popdecr, 396e1051a39Sopenharmony_ci OSSL_CMP_POPODECKEYRESPCONTENT, 6), 397e1051a39Sopenharmony_ci ASN1_EXP(OSSL_CMP_PKIBODY, value.kur, OSSL_CRMF_MSGS, 7), 398e1051a39Sopenharmony_ci ASN1_EXP(OSSL_CMP_PKIBODY, value.kup, OSSL_CMP_CERTREPMESSAGE, 8), 399e1051a39Sopenharmony_ci ASN1_EXP(OSSL_CMP_PKIBODY, value.krr, OSSL_CRMF_MSGS, 9), 400e1051a39Sopenharmony_ci ASN1_EXP(OSSL_CMP_PKIBODY, value.krp, OSSL_CMP_KEYRECREPCONTENT, 10), 401e1051a39Sopenharmony_ci ASN1_EXP(OSSL_CMP_PKIBODY, value.rr, OSSL_CMP_REVREQCONTENT, 11), 402e1051a39Sopenharmony_ci ASN1_EXP(OSSL_CMP_PKIBODY, value.rp, OSSL_CMP_REVREPCONTENT, 12), 403e1051a39Sopenharmony_ci ASN1_EXP(OSSL_CMP_PKIBODY, value.ccr, OSSL_CRMF_MSGS, 13), 404e1051a39Sopenharmony_ci ASN1_EXP(OSSL_CMP_PKIBODY, value.ccp, OSSL_CMP_CERTREPMESSAGE, 14), 405e1051a39Sopenharmony_ci ASN1_EXP(OSSL_CMP_PKIBODY, value.ckuann, OSSL_CMP_CAKEYUPDANNCONTENT, 15), 406e1051a39Sopenharmony_ci ASN1_EXP(OSSL_CMP_PKIBODY, value.cann, X509, 16), 407e1051a39Sopenharmony_ci ASN1_EXP(OSSL_CMP_PKIBODY, value.rann, OSSL_CMP_REVANNCONTENT, 17), 408e1051a39Sopenharmony_ci ASN1_EXP(OSSL_CMP_PKIBODY, value.crlann, OSSL_CMP_CRLANNCONTENT, 18), 409e1051a39Sopenharmony_ci ASN1_EXP(OSSL_CMP_PKIBODY, value.pkiconf, ASN1_ANY, 19), 410e1051a39Sopenharmony_ci ASN1_EXP(OSSL_CMP_PKIBODY, value.nested, OSSL_CMP_MSGS, 20), 411e1051a39Sopenharmony_ci ASN1_EXP(OSSL_CMP_PKIBODY, value.genm, OSSL_CMP_GENMSGCONTENT, 21), 412e1051a39Sopenharmony_ci ASN1_EXP(OSSL_CMP_PKIBODY, value.genp, OSSL_CMP_GENREPCONTENT, 22), 413e1051a39Sopenharmony_ci ASN1_EXP(OSSL_CMP_PKIBODY, value.error, OSSL_CMP_ERRORMSGCONTENT, 23), 414e1051a39Sopenharmony_ci ASN1_EXP(OSSL_CMP_PKIBODY, value.certConf, OSSL_CMP_CERTCONFIRMCONTENT, 24), 415e1051a39Sopenharmony_ci ASN1_EXP(OSSL_CMP_PKIBODY, value.pollReq, OSSL_CMP_POLLREQCONTENT, 25), 416e1051a39Sopenharmony_ci ASN1_EXP(OSSL_CMP_PKIBODY, value.pollRep, OSSL_CMP_POLLREPCONTENT, 26), 417e1051a39Sopenharmony_ci} ASN1_CHOICE_END(OSSL_CMP_PKIBODY) 418e1051a39Sopenharmony_ciIMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_PKIBODY) 419e1051a39Sopenharmony_ci 420e1051a39Sopenharmony_ciASN1_SEQUENCE(OSSL_CMP_PKIHEADER) = { 421e1051a39Sopenharmony_ci ASN1_SIMPLE(OSSL_CMP_PKIHEADER, pvno, ASN1_INTEGER), 422e1051a39Sopenharmony_ci ASN1_SIMPLE(OSSL_CMP_PKIHEADER, sender, GENERAL_NAME), 423e1051a39Sopenharmony_ci ASN1_SIMPLE(OSSL_CMP_PKIHEADER, recipient, GENERAL_NAME), 424e1051a39Sopenharmony_ci ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, messageTime, ASN1_GENERALIZEDTIME, 0), 425e1051a39Sopenharmony_ci ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, protectionAlg, X509_ALGOR, 1), 426e1051a39Sopenharmony_ci ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, senderKID, ASN1_OCTET_STRING, 2), 427e1051a39Sopenharmony_ci ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, recipKID, ASN1_OCTET_STRING, 3), 428e1051a39Sopenharmony_ci ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, transactionID, ASN1_OCTET_STRING, 4), 429e1051a39Sopenharmony_ci ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, senderNonce, ASN1_OCTET_STRING, 5), 430e1051a39Sopenharmony_ci ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, recipNonce, ASN1_OCTET_STRING, 6), 431e1051a39Sopenharmony_ci /* 432e1051a39Sopenharmony_ci * OSSL_CMP_PKIFREETEXT is effectively a sequence of ASN1_UTF8STRING 433e1051a39Sopenharmony_ci * so it is used directly 434e1051a39Sopenharmony_ci */ 435e1051a39Sopenharmony_ci ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_PKIHEADER, freeText, ASN1_UTF8STRING, 7), 436e1051a39Sopenharmony_ci ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_PKIHEADER, generalInfo, 437e1051a39Sopenharmony_ci OSSL_CMP_ITAV, 8) 438e1051a39Sopenharmony_ci} ASN1_SEQUENCE_END(OSSL_CMP_PKIHEADER) 439e1051a39Sopenharmony_ciIMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_PKIHEADER) 440e1051a39Sopenharmony_ci 441e1051a39Sopenharmony_ciASN1_SEQUENCE(OSSL_CMP_PROTECTEDPART) = { 442e1051a39Sopenharmony_ci ASN1_SIMPLE(OSSL_CMP_MSG, header, OSSL_CMP_PKIHEADER), 443e1051a39Sopenharmony_ci ASN1_SIMPLE(OSSL_CMP_MSG, body, OSSL_CMP_PKIBODY) 444e1051a39Sopenharmony_ci} ASN1_SEQUENCE_END(OSSL_CMP_PROTECTEDPART) 445e1051a39Sopenharmony_ciIMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_PROTECTEDPART) 446e1051a39Sopenharmony_ci 447e1051a39Sopenharmony_ciASN1_SEQUENCE_cb(OSSL_CMP_MSG, ossl_cmp_msg_cb) = { 448e1051a39Sopenharmony_ci ASN1_SIMPLE(OSSL_CMP_MSG, header, OSSL_CMP_PKIHEADER), 449e1051a39Sopenharmony_ci ASN1_SIMPLE(OSSL_CMP_MSG, body, OSSL_CMP_PKIBODY), 450e1051a39Sopenharmony_ci ASN1_EXP_OPT(OSSL_CMP_MSG, protection, ASN1_BIT_STRING, 0), 451e1051a39Sopenharmony_ci /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */ 452e1051a39Sopenharmony_ci ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_MSG, extraCerts, X509, 1) 453e1051a39Sopenharmony_ci} ASN1_SEQUENCE_END_cb(OSSL_CMP_MSG, OSSL_CMP_MSG) 454e1051a39Sopenharmony_ciIMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CMP_MSG) 455e1051a39Sopenharmony_ci 456e1051a39Sopenharmony_ciASN1_ITEM_TEMPLATE(OSSL_CMP_MSGS) = 457e1051a39Sopenharmony_ci ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_MSGS, 458e1051a39Sopenharmony_ci OSSL_CMP_MSG) 459e1051a39Sopenharmony_ciASN1_ITEM_TEMPLATE_END(OSSL_CMP_MSGS) 460