1e1051a39Sopenharmony_ci/* 2e1051a39Sopenharmony_ci * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved. 3e1051a39Sopenharmony_ci * Copyright Nokia 2007-2019 4e1051a39Sopenharmony_ci * Copyright Siemens AG 2015-2019 5e1051a39Sopenharmony_ci * 6e1051a39Sopenharmony_ci * Licensed under the Apache License 2.0 (the "License"). You may not use 7e1051a39Sopenharmony_ci * this file except in compliance with the License. You can obtain a copy 8e1051a39Sopenharmony_ci * in the file LICENSE in the source distribution or at 9e1051a39Sopenharmony_ci * https://www.openssl.org/source/license.html 10e1051a39Sopenharmony_ci */ 11e1051a39Sopenharmony_ci 12e1051a39Sopenharmony_ci#ifndef OSSL_CRYPTO_CMP_LOCAL_H 13e1051a39Sopenharmony_ci# define OSSL_CRYPTO_CMP_LOCAL_H 14e1051a39Sopenharmony_ci 15e1051a39Sopenharmony_ci# include "internal/cryptlib.h" 16e1051a39Sopenharmony_ci 17e1051a39Sopenharmony_ci# include <openssl/cmp.h> 18e1051a39Sopenharmony_ci# include <openssl/err.h> 19e1051a39Sopenharmony_ci 20e1051a39Sopenharmony_ci/* explicit #includes not strictly needed since implied by the above: */ 21e1051a39Sopenharmony_ci# include <openssl/crmf.h> 22e1051a39Sopenharmony_ci# include <openssl/types.h> 23e1051a39Sopenharmony_ci# include <openssl/safestack.h> 24e1051a39Sopenharmony_ci# include <openssl/x509.h> 25e1051a39Sopenharmony_ci# include <openssl/x509v3.h> 26e1051a39Sopenharmony_ci# include "crypto/x509.h" 27e1051a39Sopenharmony_ci 28e1051a39Sopenharmony_ci#define IS_NULL_DN(name) (X509_NAME_get_entry(name, 0) == NULL) 29e1051a39Sopenharmony_ci 30e1051a39Sopenharmony_ci/* 31e1051a39Sopenharmony_ci * this structure is used to store the context for CMP sessions 32e1051a39Sopenharmony_ci */ 33e1051a39Sopenharmony_cistruct ossl_cmp_ctx_st { 34e1051a39Sopenharmony_ci OSSL_LIB_CTX *libctx; 35e1051a39Sopenharmony_ci char *propq; 36e1051a39Sopenharmony_ci OSSL_CMP_log_cb_t log_cb; /* log callback for error/debug/etc. output */ 37e1051a39Sopenharmony_ci OSSL_CMP_severity log_verbosity; /* level of verbosity of log output */ 38e1051a39Sopenharmony_ci 39e1051a39Sopenharmony_ci /* message transfer */ 40e1051a39Sopenharmony_ci OSSL_CMP_transfer_cb_t transfer_cb; /* default: OSSL_CMP_MSG_http_perform */ 41e1051a39Sopenharmony_ci void *transfer_cb_arg; /* allows to store optional argument to cb */ 42e1051a39Sopenharmony_ci /* HTTP-based transfer */ 43e1051a39Sopenharmony_ci OSSL_HTTP_REQ_CTX *http_ctx; 44e1051a39Sopenharmony_ci char *serverPath; 45e1051a39Sopenharmony_ci char *server; 46e1051a39Sopenharmony_ci int serverPort; 47e1051a39Sopenharmony_ci char *proxy; 48e1051a39Sopenharmony_ci char *no_proxy; 49e1051a39Sopenharmony_ci int keep_alive; /* persistent connection: 0=no, 1=prefer, 2=require */ 50e1051a39Sopenharmony_ci int msg_timeout; /* max seconds to wait for each CMP message round trip */ 51e1051a39Sopenharmony_ci int total_timeout; /* max number of seconds an enrollment may take, incl. */ 52e1051a39Sopenharmony_ci /* attempts polling for a response if a 'waiting' PKIStatus is received */ 53e1051a39Sopenharmony_ci time_t end_time; /* session start time + totaltimeout */ 54e1051a39Sopenharmony_ci OSSL_HTTP_bio_cb_t http_cb; 55e1051a39Sopenharmony_ci void *http_cb_arg; /* allows to store optional argument to cb */ 56e1051a39Sopenharmony_ci 57e1051a39Sopenharmony_ci /* server authentication */ 58e1051a39Sopenharmony_ci /* 59e1051a39Sopenharmony_ci * unprotectedErrors may be set as workaround for broken server responses: 60e1051a39Sopenharmony_ci * accept missing or invalid protection of regular error messages, negative 61e1051a39Sopenharmony_ci * certificate responses (ip/cp/kup), revocation responses (rp), and PKIConf 62e1051a39Sopenharmony_ci */ 63e1051a39Sopenharmony_ci int unprotectedErrors; 64e1051a39Sopenharmony_ci X509 *srvCert; /* certificate used to identify the server */ 65e1051a39Sopenharmony_ci X509 *validatedSrvCert; /* caches any already validated server cert */ 66e1051a39Sopenharmony_ci X509_NAME *expected_sender; /* expected sender in header of response */ 67e1051a39Sopenharmony_ci X509_STORE *trusted; /* trust store maybe w CRLs and cert verify callback */ 68e1051a39Sopenharmony_ci STACK_OF(X509) *untrusted; /* untrusted (intermediate CA) certs */ 69e1051a39Sopenharmony_ci int ignore_keyusage; /* ignore key usage entry when validating certs */ 70e1051a39Sopenharmony_ci /* 71e1051a39Sopenharmony_ci * permitTAInExtraCertsForIR allows use of root certs in extracerts 72e1051a39Sopenharmony_ci * when validating message protection; this is used for 3GPP-style E.7 73e1051a39Sopenharmony_ci */ 74e1051a39Sopenharmony_ci int permitTAInExtraCertsForIR; 75e1051a39Sopenharmony_ci 76e1051a39Sopenharmony_ci /* client authentication */ 77e1051a39Sopenharmony_ci int unprotectedSend; /* send unprotected PKI messages */ 78e1051a39Sopenharmony_ci X509 *cert; /* protection cert used to identify and sign for MSG_SIG_ALG */ 79e1051a39Sopenharmony_ci STACK_OF(X509) *chain; /* (cached) chain of protection cert including it */ 80e1051a39Sopenharmony_ci EVP_PKEY *pkey; /* the key pair corresponding to cert */ 81e1051a39Sopenharmony_ci ASN1_OCTET_STRING *referenceValue; /* optional user name for MSG_MAC_ALG */ 82e1051a39Sopenharmony_ci ASN1_OCTET_STRING *secretValue; /* password/shared secret for MSG_MAC_ALG */ 83e1051a39Sopenharmony_ci /* PBMParameters for MSG_MAC_ALG */ 84e1051a39Sopenharmony_ci size_t pbm_slen; /* salt length, currently fixed to 16 */ 85e1051a39Sopenharmony_ci EVP_MD *pbm_owf; /* one-way function (OWF), default: SHA256 */ 86e1051a39Sopenharmony_ci int pbm_itercnt; /* OWF iteration count, currently fixed to 500 */ 87e1051a39Sopenharmony_ci int pbm_mac; /* NID of MAC algorithm, default: HMAC-SHA1 as per RFC 4210 */ 88e1051a39Sopenharmony_ci 89e1051a39Sopenharmony_ci /* CMP message header and extra certificates */ 90e1051a39Sopenharmony_ci X509_NAME *recipient; /* to set in recipient in pkiheader */ 91e1051a39Sopenharmony_ci EVP_MD *digest; /* digest used in MSG_SIG_ALG and POPO, default SHA256 */ 92e1051a39Sopenharmony_ci ASN1_OCTET_STRING *transactionID; /* the current transaction ID */ 93e1051a39Sopenharmony_ci ASN1_OCTET_STRING *senderNonce; /* last nonce sent */ 94e1051a39Sopenharmony_ci ASN1_OCTET_STRING *recipNonce; /* last nonce received */ 95e1051a39Sopenharmony_ci ASN1_UTF8STRING *freeText; /* optional string to include each msg */ 96e1051a39Sopenharmony_ci STACK_OF(OSSL_CMP_ITAV) *geninfo_ITAVs; 97e1051a39Sopenharmony_ci int implicitConfirm; /* set implicitConfirm in IR/KUR/CR messages */ 98e1051a39Sopenharmony_ci int disableConfirm; /* disable certConf in IR/KUR/CR for broken servers */ 99e1051a39Sopenharmony_ci STACK_OF(X509) *extraCertsOut; /* to be included in request messages */ 100e1051a39Sopenharmony_ci 101e1051a39Sopenharmony_ci /* certificate template */ 102e1051a39Sopenharmony_ci EVP_PKEY *newPkey; /* explicit new private/public key for cert enrollment */ 103e1051a39Sopenharmony_ci int newPkey_priv; /* flag indicating if newPkey contains private key */ 104e1051a39Sopenharmony_ci X509_NAME *issuer; /* issuer name to used in cert template */ 105e1051a39Sopenharmony_ci int days; /* Number of days new certificates are asked to be valid for */ 106e1051a39Sopenharmony_ci X509_NAME *subjectName; /* subject name to be used in cert template */ 107e1051a39Sopenharmony_ci STACK_OF(GENERAL_NAME) *subjectAltNames; /* to add to the cert template */ 108e1051a39Sopenharmony_ci int SubjectAltName_nodefault; 109e1051a39Sopenharmony_ci int setSubjectAltNameCritical; 110e1051a39Sopenharmony_ci X509_EXTENSIONS *reqExtensions; /* exts to be added to cert template */ 111e1051a39Sopenharmony_ci CERTIFICATEPOLICIES *policies; /* policies to be included in extensions */ 112e1051a39Sopenharmony_ci int setPoliciesCritical; 113e1051a39Sopenharmony_ci int popoMethod; /* Proof-of-possession mechanism; default: signature */ 114e1051a39Sopenharmony_ci X509 *oldCert; /* cert to be updated (via KUR) or to be revoked (via RR) */ 115e1051a39Sopenharmony_ci X509_REQ *p10CSR; /* for P10CR: PKCS#10 CSR to be sent */ 116e1051a39Sopenharmony_ci 117e1051a39Sopenharmony_ci /* misc body contents */ 118e1051a39Sopenharmony_ci int revocationReason; /* revocation reason code to be included in RR */ 119e1051a39Sopenharmony_ci STACK_OF(OSSL_CMP_ITAV) *genm_ITAVs; /* content of general message */ 120e1051a39Sopenharmony_ci 121e1051a39Sopenharmony_ci /* result returned in responses */ 122e1051a39Sopenharmony_ci int status; /* PKIStatus of last received IP/CP/KUP/RP/error or -1 */ 123e1051a39Sopenharmony_ci OSSL_CMP_PKIFREETEXT *statusString; /* of last IP/CP/KUP/RP/error */ 124e1051a39Sopenharmony_ci int failInfoCode; /* failInfoCode of last received IP/CP/KUP/error, or -1 */ 125e1051a39Sopenharmony_ci X509 *newCert; /* newly enrolled cert received from the CA */ 126e1051a39Sopenharmony_ci STACK_OF(X509) *newChain; /* chain of newly enrolled cert received */ 127e1051a39Sopenharmony_ci STACK_OF(X509) *caPubs; /* CA certs received from server (in IP message) */ 128e1051a39Sopenharmony_ci STACK_OF(X509) *extraCertsIn; /* extraCerts received from server */ 129e1051a39Sopenharmony_ci 130e1051a39Sopenharmony_ci /* certificate confirmation */ 131e1051a39Sopenharmony_ci OSSL_CMP_certConf_cb_t certConf_cb; /* callback for app checking new cert */ 132e1051a39Sopenharmony_ci void *certConf_cb_arg; /* allows to store an argument individual to cb */ 133e1051a39Sopenharmony_ci} /* OSSL_CMP_CTX */; 134e1051a39Sopenharmony_ci 135e1051a39Sopenharmony_ci/* 136e1051a39Sopenharmony_ci * ########################################################################## 137e1051a39Sopenharmony_ci * ASN.1 DECLARATIONS 138e1051a39Sopenharmony_ci * ########################################################################## 139e1051a39Sopenharmony_ci */ 140e1051a39Sopenharmony_ci 141e1051a39Sopenharmony_ci/*- 142e1051a39Sopenharmony_ci * RevAnnContent ::= SEQUENCE { 143e1051a39Sopenharmony_ci * status PKIStatus, 144e1051a39Sopenharmony_ci * certId CertId, 145e1051a39Sopenharmony_ci * willBeRevokedAt GeneralizedTime, 146e1051a39Sopenharmony_ci * badSinceDate GeneralizedTime, 147e1051a39Sopenharmony_ci * crlDetails Extensions OPTIONAL 148e1051a39Sopenharmony_ci * -- extra CRL details (e.g., crl number, reason, location, etc.) 149e1051a39Sopenharmony_ci * } 150e1051a39Sopenharmony_ci */ 151e1051a39Sopenharmony_citypedef struct ossl_cmp_revanncontent_st { 152e1051a39Sopenharmony_ci ASN1_INTEGER *status; 153e1051a39Sopenharmony_ci OSSL_CRMF_CERTID *certId; 154e1051a39Sopenharmony_ci ASN1_GENERALIZEDTIME *willBeRevokedAt; 155e1051a39Sopenharmony_ci ASN1_GENERALIZEDTIME *badSinceDate; 156e1051a39Sopenharmony_ci X509_EXTENSIONS *crlDetails; 157e1051a39Sopenharmony_ci} OSSL_CMP_REVANNCONTENT; 158e1051a39Sopenharmony_ciDECLARE_ASN1_FUNCTIONS(OSSL_CMP_REVANNCONTENT) 159e1051a39Sopenharmony_ci 160e1051a39Sopenharmony_ci/*- 161e1051a39Sopenharmony_ci * Challenge ::= SEQUENCE { 162e1051a39Sopenharmony_ci * owf AlgorithmIdentifier OPTIONAL, 163e1051a39Sopenharmony_ci * 164e1051a39Sopenharmony_ci * -- MUST be present in the first Challenge; MAY be omitted in 165e1051a39Sopenharmony_ci * -- any subsequent Challenge in POPODecKeyChallContent (if 166e1051a39Sopenharmony_ci * -- omitted, then the owf used in the immediately preceding 167e1051a39Sopenharmony_ci * -- Challenge is to be used). 168e1051a39Sopenharmony_ci * 169e1051a39Sopenharmony_ci * witness OCTET STRING, 170e1051a39Sopenharmony_ci * -- the result of applying the one-way function (owf) to a 171e1051a39Sopenharmony_ci * -- randomly-generated INTEGER, A. [Note that a different 172e1051a39Sopenharmony_ci * -- INTEGER MUST be used for each Challenge.] 173e1051a39Sopenharmony_ci * challenge OCTET STRING 174e1051a39Sopenharmony_ci * -- the encryption (under the public key for which the cert. 175e1051a39Sopenharmony_ci * -- request is being made) of Rand, where Rand is specified as 176e1051a39Sopenharmony_ci * -- Rand ::= SEQUENCE { 177e1051a39Sopenharmony_ci * -- int INTEGER, 178e1051a39Sopenharmony_ci * -- - the randomly-generated INTEGER A (above) 179e1051a39Sopenharmony_ci * -- sender GeneralName 180e1051a39Sopenharmony_ci * -- - the sender's name (as included in PKIHeader) 181e1051a39Sopenharmony_ci * -- } 182e1051a39Sopenharmony_ci * } 183e1051a39Sopenharmony_ci */ 184e1051a39Sopenharmony_citypedef struct ossl_cmp_challenge_st { 185e1051a39Sopenharmony_ci X509_ALGOR *owf; 186e1051a39Sopenharmony_ci ASN1_OCTET_STRING *witness; 187e1051a39Sopenharmony_ci ASN1_OCTET_STRING *challenge; 188e1051a39Sopenharmony_ci} OSSL_CMP_CHALLENGE; 189e1051a39Sopenharmony_ciDECLARE_ASN1_FUNCTIONS(OSSL_CMP_CHALLENGE) 190e1051a39Sopenharmony_ci 191e1051a39Sopenharmony_ci/*- 192e1051a39Sopenharmony_ci * CAKeyUpdAnnContent ::= SEQUENCE { 193e1051a39Sopenharmony_ci * oldWithNew Certificate, 194e1051a39Sopenharmony_ci * newWithOld Certificate, 195e1051a39Sopenharmony_ci * newWithNew Certificate 196e1051a39Sopenharmony_ci * } 197e1051a39Sopenharmony_ci */ 198e1051a39Sopenharmony_citypedef struct ossl_cmp_cakeyupdanncontent_st { 199e1051a39Sopenharmony_ci X509 *oldWithNew; 200e1051a39Sopenharmony_ci X509 *newWithOld; 201e1051a39Sopenharmony_ci X509 *newWithNew; 202e1051a39Sopenharmony_ci} OSSL_CMP_CAKEYUPDANNCONTENT; 203e1051a39Sopenharmony_ciDECLARE_ASN1_FUNCTIONS(OSSL_CMP_CAKEYUPDANNCONTENT) 204e1051a39Sopenharmony_ci 205e1051a39Sopenharmony_ci/*- 206e1051a39Sopenharmony_ci * declared already here as it will be used in OSSL_CMP_MSG (nested) and 207e1051a39Sopenharmony_ci * infoType and infoValue 208e1051a39Sopenharmony_ci */ 209e1051a39Sopenharmony_citypedef STACK_OF(OSSL_CMP_MSG) OSSL_CMP_MSGS; 210e1051a39Sopenharmony_ciDECLARE_ASN1_FUNCTIONS(OSSL_CMP_MSGS) 211e1051a39Sopenharmony_ci 212e1051a39Sopenharmony_ci/*- 213e1051a39Sopenharmony_ci * InfoTypeAndValue ::= SEQUENCE { 214e1051a39Sopenharmony_ci * infoType OBJECT IDENTIFIER, 215e1051a39Sopenharmony_ci * infoValue ANY DEFINED BY infoType OPTIONAL 216e1051a39Sopenharmony_ci * } 217e1051a39Sopenharmony_ci */ 218e1051a39Sopenharmony_cistruct ossl_cmp_itav_st { 219e1051a39Sopenharmony_ci ASN1_OBJECT *infoType; 220e1051a39Sopenharmony_ci union { 221e1051a39Sopenharmony_ci char *ptr; 222e1051a39Sopenharmony_ci /* NID_id_it_caProtEncCert - CA Protocol Encryption Certificate */ 223e1051a39Sopenharmony_ci X509 *caProtEncCert; 224e1051a39Sopenharmony_ci /* NID_id_it_signKeyPairTypes - Signing Key Pair Types */ 225e1051a39Sopenharmony_ci STACK_OF(X509_ALGOR) *signKeyPairTypes; 226e1051a39Sopenharmony_ci /* NID_id_it_encKeyPairTypes - Encryption/Key Agreement Key Pair Types */ 227e1051a39Sopenharmony_ci STACK_OF(X509_ALGOR) *encKeyPairTypes; 228e1051a39Sopenharmony_ci /* NID_id_it_preferredSymmAlg - Preferred Symmetric Algorithm */ 229e1051a39Sopenharmony_ci X509_ALGOR *preferredSymmAlg; 230e1051a39Sopenharmony_ci /* NID_id_it_caKeyUpdateInfo - Updated CA Key Pair */ 231e1051a39Sopenharmony_ci OSSL_CMP_CAKEYUPDANNCONTENT *caKeyUpdateInfo; 232e1051a39Sopenharmony_ci /* NID_id_it_currentCRL - CRL */ 233e1051a39Sopenharmony_ci X509_CRL *currentCRL; 234e1051a39Sopenharmony_ci /* NID_id_it_unsupportedOIDs - Unsupported Object Identifiers */ 235e1051a39Sopenharmony_ci STACK_OF(ASN1_OBJECT) *unsupportedOIDs; 236e1051a39Sopenharmony_ci /* NID_id_it_keyPairParamReq - Key Pair Parameters Request */ 237e1051a39Sopenharmony_ci ASN1_OBJECT *keyPairParamReq; 238e1051a39Sopenharmony_ci /* NID_id_it_keyPairParamRep - Key Pair Parameters Response */ 239e1051a39Sopenharmony_ci X509_ALGOR *keyPairParamRep; 240e1051a39Sopenharmony_ci /* NID_id_it_revPassphrase - Revocation Passphrase */ 241e1051a39Sopenharmony_ci OSSL_CRMF_ENCRYPTEDVALUE *revPassphrase; 242e1051a39Sopenharmony_ci /* NID_id_it_implicitConfirm - ImplicitConfirm */ 243e1051a39Sopenharmony_ci ASN1_NULL *implicitConfirm; 244e1051a39Sopenharmony_ci /* NID_id_it_confirmWaitTime - ConfirmWaitTime */ 245e1051a39Sopenharmony_ci ASN1_GENERALIZEDTIME *confirmWaitTime; 246e1051a39Sopenharmony_ci /* NID_id_it_origPKIMessage - origPKIMessage */ 247e1051a39Sopenharmony_ci OSSL_CMP_MSGS *origPKIMessage; 248e1051a39Sopenharmony_ci /* NID_id_it_suppLangTags - Supported Language Tags */ 249e1051a39Sopenharmony_ci STACK_OF(ASN1_UTF8STRING) *suppLangTagsValue; 250e1051a39Sopenharmony_ci /* this is to be used for so far undeclared objects */ 251e1051a39Sopenharmony_ci ASN1_TYPE *other; 252e1051a39Sopenharmony_ci } infoValue; 253e1051a39Sopenharmony_ci} /* OSSL_CMP_ITAV */; 254e1051a39Sopenharmony_ciDECLARE_ASN1_FUNCTIONS(OSSL_CMP_ITAV) 255e1051a39Sopenharmony_ci 256e1051a39Sopenharmony_citypedef struct ossl_cmp_certorenccert_st { 257e1051a39Sopenharmony_ci int type; 258e1051a39Sopenharmony_ci union { 259e1051a39Sopenharmony_ci X509 *certificate; 260e1051a39Sopenharmony_ci OSSL_CRMF_ENCRYPTEDVALUE *encryptedCert; 261e1051a39Sopenharmony_ci } value; 262e1051a39Sopenharmony_ci} OSSL_CMP_CERTORENCCERT; 263e1051a39Sopenharmony_ciDECLARE_ASN1_FUNCTIONS(OSSL_CMP_CERTORENCCERT) 264e1051a39Sopenharmony_ci 265e1051a39Sopenharmony_ci/*- 266e1051a39Sopenharmony_ci * CertifiedKeyPair ::= SEQUENCE { 267e1051a39Sopenharmony_ci * certOrEncCert CertOrEncCert, 268e1051a39Sopenharmony_ci * privateKey [0] EncryptedValue OPTIONAL, 269e1051a39Sopenharmony_ci * -- see [CRMF] for comment on encoding 270e1051a39Sopenharmony_ci * publicationInfo [1] PKIPublicationInfo OPTIONAL 271e1051a39Sopenharmony_ci * } 272e1051a39Sopenharmony_ci */ 273e1051a39Sopenharmony_citypedef struct ossl_cmp_certifiedkeypair_st { 274e1051a39Sopenharmony_ci OSSL_CMP_CERTORENCCERT *certOrEncCert; 275e1051a39Sopenharmony_ci OSSL_CRMF_ENCRYPTEDVALUE *privateKey; 276e1051a39Sopenharmony_ci OSSL_CRMF_PKIPUBLICATIONINFO *publicationInfo; 277e1051a39Sopenharmony_ci} OSSL_CMP_CERTIFIEDKEYPAIR; 278e1051a39Sopenharmony_ciDECLARE_ASN1_FUNCTIONS(OSSL_CMP_CERTIFIEDKEYPAIR) 279e1051a39Sopenharmony_ci 280e1051a39Sopenharmony_ci/*- 281e1051a39Sopenharmony_ci * PKIStatusInfo ::= SEQUENCE { 282e1051a39Sopenharmony_ci * status PKIStatus, 283e1051a39Sopenharmony_ci * statusString PKIFreeText OPTIONAL, 284e1051a39Sopenharmony_ci * failInfo PKIFailureInfo OPTIONAL 285e1051a39Sopenharmony_ci * } 286e1051a39Sopenharmony_ci */ 287e1051a39Sopenharmony_cistruct ossl_cmp_pkisi_st { 288e1051a39Sopenharmony_ci OSSL_CMP_PKISTATUS *status; 289e1051a39Sopenharmony_ci OSSL_CMP_PKIFREETEXT *statusString; 290e1051a39Sopenharmony_ci OSSL_CMP_PKIFAILUREINFO *failInfo; 291e1051a39Sopenharmony_ci} /* OSSL_CMP_PKISI */; 292e1051a39Sopenharmony_ci 293e1051a39Sopenharmony_ci/*- 294e1051a39Sopenharmony_ci * RevReqContent ::= SEQUENCE OF RevDetails 295e1051a39Sopenharmony_ci * 296e1051a39Sopenharmony_ci * RevDetails ::= SEQUENCE { 297e1051a39Sopenharmony_ci * certDetails CertTemplate, 298e1051a39Sopenharmony_ci * crlEntryDetails Extensions OPTIONAL 299e1051a39Sopenharmony_ci * } 300e1051a39Sopenharmony_ci */ 301e1051a39Sopenharmony_cistruct ossl_cmp_revdetails_st { 302e1051a39Sopenharmony_ci OSSL_CRMF_CERTTEMPLATE *certDetails; 303e1051a39Sopenharmony_ci X509_EXTENSIONS *crlEntryDetails; 304e1051a39Sopenharmony_ci} /* OSSL_CMP_REVDETAILS */; 305e1051a39Sopenharmony_citypedef struct ossl_cmp_revdetails_st OSSL_CMP_REVDETAILS; 306e1051a39Sopenharmony_ciDECLARE_ASN1_FUNCTIONS(OSSL_CMP_REVDETAILS) 307e1051a39Sopenharmony_ciDEFINE_STACK_OF(OSSL_CMP_REVDETAILS) 308e1051a39Sopenharmony_ci 309e1051a39Sopenharmony_ci/*- 310e1051a39Sopenharmony_ci * RevRepContent ::= SEQUENCE { 311e1051a39Sopenharmony_ci * status SEQUENCE SIZE (1..MAX) OF PKIStatusInfo, 312e1051a39Sopenharmony_ci * -- in same order as was sent in RevReqContent 313e1051a39Sopenharmony_ci * revCerts [0] SEQUENCE SIZE (1..MAX) OF CertId 314e1051a39Sopenharmony_ci * OPTIONAL, 315e1051a39Sopenharmony_ci * -- IDs for which revocation was requested 316e1051a39Sopenharmony_ci * -- (same order as status) 317e1051a39Sopenharmony_ci * crls [1] SEQUENCE SIZE (1..MAX) OF CertificateList 318e1051a39Sopenharmony_ci * OPTIONAL 319e1051a39Sopenharmony_ci * -- the resulting CRLs (there may be more than one) 320e1051a39Sopenharmony_ci * } 321e1051a39Sopenharmony_ci */ 322e1051a39Sopenharmony_cistruct ossl_cmp_revrepcontent_st { 323e1051a39Sopenharmony_ci STACK_OF(OSSL_CMP_PKISI) *status; 324e1051a39Sopenharmony_ci STACK_OF(OSSL_CRMF_CERTID) *revCerts; 325e1051a39Sopenharmony_ci STACK_OF(X509_CRL) *crls; 326e1051a39Sopenharmony_ci} /* OSSL_CMP_REVREPCONTENT */; 327e1051a39Sopenharmony_ciDECLARE_ASN1_FUNCTIONS(OSSL_CMP_REVREPCONTENT) 328e1051a39Sopenharmony_ci 329e1051a39Sopenharmony_ci/*- 330e1051a39Sopenharmony_ci * KeyRecRepContent ::= SEQUENCE { 331e1051a39Sopenharmony_ci * status PKIStatusInfo, 332e1051a39Sopenharmony_ci * newSigCert [0] Certificate OPTIONAL, 333e1051a39Sopenharmony_ci * caCerts [1] SEQUENCE SIZE (1..MAX) OF 334e1051a39Sopenharmony_ci * Certificate OPTIONAL, 335e1051a39Sopenharmony_ci * keyPairHist [2] SEQUENCE SIZE (1..MAX) OF 336e1051a39Sopenharmony_ci * CertifiedKeyPair OPTIONAL 337e1051a39Sopenharmony_ci * } 338e1051a39Sopenharmony_ci */ 339e1051a39Sopenharmony_citypedef struct ossl_cmp_keyrecrepcontent_st { 340e1051a39Sopenharmony_ci OSSL_CMP_PKISI *status; 341e1051a39Sopenharmony_ci X509 *newSigCert; 342e1051a39Sopenharmony_ci STACK_OF(X509) *caCerts; 343e1051a39Sopenharmony_ci STACK_OF(OSSL_CMP_CERTIFIEDKEYPAIR) *keyPairHist; 344e1051a39Sopenharmony_ci} OSSL_CMP_KEYRECREPCONTENT; 345e1051a39Sopenharmony_ciDECLARE_ASN1_FUNCTIONS(OSSL_CMP_KEYRECREPCONTENT) 346e1051a39Sopenharmony_ci 347e1051a39Sopenharmony_ci/*- 348e1051a39Sopenharmony_ci * ErrorMsgContent ::= SEQUENCE { 349e1051a39Sopenharmony_ci * pKIStatusInfo PKIStatusInfo, 350e1051a39Sopenharmony_ci * errorCode INTEGER OPTIONAL, 351e1051a39Sopenharmony_ci * -- implementation-specific error codes 352e1051a39Sopenharmony_ci * errorDetails PKIFreeText OPTIONAL 353e1051a39Sopenharmony_ci * -- implementation-specific error details 354e1051a39Sopenharmony_ci * } 355e1051a39Sopenharmony_ci */ 356e1051a39Sopenharmony_citypedef struct ossl_cmp_errormsgcontent_st { 357e1051a39Sopenharmony_ci OSSL_CMP_PKISI *pKIStatusInfo; 358e1051a39Sopenharmony_ci ASN1_INTEGER *errorCode; 359e1051a39Sopenharmony_ci OSSL_CMP_PKIFREETEXT *errorDetails; 360e1051a39Sopenharmony_ci} OSSL_CMP_ERRORMSGCONTENT; 361e1051a39Sopenharmony_ciDECLARE_ASN1_FUNCTIONS(OSSL_CMP_ERRORMSGCONTENT) 362e1051a39Sopenharmony_ci 363e1051a39Sopenharmony_ci/*- 364e1051a39Sopenharmony_ci * CertConfirmContent ::= SEQUENCE OF CertStatus 365e1051a39Sopenharmony_ci * 366e1051a39Sopenharmony_ci * CertStatus ::= SEQUENCE { 367e1051a39Sopenharmony_ci * certHash OCTET STRING, 368e1051a39Sopenharmony_ci * -- the hash of the certificate, using the same hash algorithm 369e1051a39Sopenharmony_ci * -- as is used to create and verify the certificate signature 370e1051a39Sopenharmony_ci * certReqId INTEGER, 371e1051a39Sopenharmony_ci * -- to match this confirmation with the corresponding req/rep 372e1051a39Sopenharmony_ci * statusInfo PKIStatusInfo OPTIONAL 373e1051a39Sopenharmony_ci * } 374e1051a39Sopenharmony_ci */ 375e1051a39Sopenharmony_cistruct ossl_cmp_certstatus_st { 376e1051a39Sopenharmony_ci ASN1_OCTET_STRING *certHash; 377e1051a39Sopenharmony_ci ASN1_INTEGER *certReqId; 378e1051a39Sopenharmony_ci OSSL_CMP_PKISI *statusInfo; 379e1051a39Sopenharmony_ci} /* OSSL_CMP_CERTSTATUS */; 380e1051a39Sopenharmony_ciDECLARE_ASN1_FUNCTIONS(OSSL_CMP_CERTSTATUS) 381e1051a39Sopenharmony_citypedef STACK_OF(OSSL_CMP_CERTSTATUS) OSSL_CMP_CERTCONFIRMCONTENT; 382e1051a39Sopenharmony_ciDECLARE_ASN1_FUNCTIONS(OSSL_CMP_CERTCONFIRMCONTENT) 383e1051a39Sopenharmony_ci 384e1051a39Sopenharmony_ci/*- 385e1051a39Sopenharmony_ci * CertResponse ::= SEQUENCE { 386e1051a39Sopenharmony_ci * certReqId INTEGER, 387e1051a39Sopenharmony_ci * -- to match this response with corresponding request (a value 388e1051a39Sopenharmony_ci * -- of -1 is to be used if certReqId is not specified in the 389e1051a39Sopenharmony_ci * -- corresponding request) 390e1051a39Sopenharmony_ci * status PKIStatusInfo, 391e1051a39Sopenharmony_ci * certifiedKeyPair CertifiedKeyPair OPTIONAL, 392e1051a39Sopenharmony_ci * rspInfo OCTET STRING OPTIONAL 393e1051a39Sopenharmony_ci * -- analogous to the id-regInfo-utf8Pairs string defined 394e1051a39Sopenharmony_ci * -- for regInfo in CertReqMsg [CRMF] 395e1051a39Sopenharmony_ci * } 396e1051a39Sopenharmony_ci */ 397e1051a39Sopenharmony_cistruct ossl_cmp_certresponse_st { 398e1051a39Sopenharmony_ci ASN1_INTEGER *certReqId; 399e1051a39Sopenharmony_ci OSSL_CMP_PKISI *status; 400e1051a39Sopenharmony_ci OSSL_CMP_CERTIFIEDKEYPAIR *certifiedKeyPair; 401e1051a39Sopenharmony_ci ASN1_OCTET_STRING *rspInfo; 402e1051a39Sopenharmony_ci} /* OSSL_CMP_CERTRESPONSE */; 403e1051a39Sopenharmony_ciDECLARE_ASN1_FUNCTIONS(OSSL_CMP_CERTRESPONSE) 404e1051a39Sopenharmony_ci 405e1051a39Sopenharmony_ci/*- 406e1051a39Sopenharmony_ci * CertRepMessage ::= SEQUENCE { 407e1051a39Sopenharmony_ci * caPubs [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate 408e1051a39Sopenharmony_ci * OPTIONAL, 409e1051a39Sopenharmony_ci * response SEQUENCE OF CertResponse 410e1051a39Sopenharmony_ci * } 411e1051a39Sopenharmony_ci */ 412e1051a39Sopenharmony_cistruct ossl_cmp_certrepmessage_st { 413e1051a39Sopenharmony_ci STACK_OF(X509) *caPubs; 414e1051a39Sopenharmony_ci STACK_OF(OSSL_CMP_CERTRESPONSE) *response; 415e1051a39Sopenharmony_ci} /* OSSL_CMP_CERTREPMESSAGE */; 416e1051a39Sopenharmony_ciDECLARE_ASN1_FUNCTIONS(OSSL_CMP_CERTREPMESSAGE) 417e1051a39Sopenharmony_ci 418e1051a39Sopenharmony_ci/*- 419e1051a39Sopenharmony_ci * PollReqContent ::= SEQUENCE OF SEQUENCE { 420e1051a39Sopenharmony_ci * certReqId INTEGER 421e1051a39Sopenharmony_ci * } 422e1051a39Sopenharmony_ci */ 423e1051a39Sopenharmony_citypedef struct ossl_cmp_pollreq_st { 424e1051a39Sopenharmony_ci ASN1_INTEGER *certReqId; 425e1051a39Sopenharmony_ci} OSSL_CMP_POLLREQ; 426e1051a39Sopenharmony_ciDECLARE_ASN1_FUNCTIONS(OSSL_CMP_POLLREQ) 427e1051a39Sopenharmony_ciDEFINE_STACK_OF(OSSL_CMP_POLLREQ) 428e1051a39Sopenharmony_citypedef STACK_OF(OSSL_CMP_POLLREQ) OSSL_CMP_POLLREQCONTENT; 429e1051a39Sopenharmony_ciDECLARE_ASN1_FUNCTIONS(OSSL_CMP_POLLREQCONTENT) 430e1051a39Sopenharmony_ci 431e1051a39Sopenharmony_ci/*- 432e1051a39Sopenharmony_ci * PollRepContent ::= SEQUENCE OF SEQUENCE { 433e1051a39Sopenharmony_ci * certReqId INTEGER, 434e1051a39Sopenharmony_ci * checkAfter INTEGER, -- time in seconds 435e1051a39Sopenharmony_ci * reason PKIFreeText OPTIONAL 436e1051a39Sopenharmony_ci * } 437e1051a39Sopenharmony_ci */ 438e1051a39Sopenharmony_cistruct ossl_cmp_pollrep_st { 439e1051a39Sopenharmony_ci ASN1_INTEGER *certReqId; 440e1051a39Sopenharmony_ci ASN1_INTEGER *checkAfter; 441e1051a39Sopenharmony_ci OSSL_CMP_PKIFREETEXT *reason; 442e1051a39Sopenharmony_ci} /* OSSL_CMP_POLLREP */; 443e1051a39Sopenharmony_ciDECLARE_ASN1_FUNCTIONS(OSSL_CMP_POLLREP) 444e1051a39Sopenharmony_ciDEFINE_STACK_OF(OSSL_CMP_POLLREP) 445e1051a39Sopenharmony_ciDECLARE_ASN1_FUNCTIONS(OSSL_CMP_POLLREPCONTENT) 446e1051a39Sopenharmony_ci 447e1051a39Sopenharmony_ci/*- 448e1051a39Sopenharmony_ci * PKIHeader ::= SEQUENCE { 449e1051a39Sopenharmony_ci * pvno INTEGER { cmp1999(1), cmp2000(2) }, 450e1051a39Sopenharmony_ci * sender GeneralName, 451e1051a39Sopenharmony_ci * -- identifies the sender 452e1051a39Sopenharmony_ci * recipient GeneralName, 453e1051a39Sopenharmony_ci * -- identifies the intended recipient 454e1051a39Sopenharmony_ci * messageTime [0] GeneralizedTime OPTIONAL, 455e1051a39Sopenharmony_ci * -- time of production of this message (used when sender 456e1051a39Sopenharmony_ci * -- believes that the transport will be "suitable"; i.e., 457e1051a39Sopenharmony_ci * -- that the time will still be meaningful upon receipt) 458e1051a39Sopenharmony_ci * protectionAlg [1] AlgorithmIdentifier OPTIONAL, 459e1051a39Sopenharmony_ci * -- algorithm used for calculation of protection bits 460e1051a39Sopenharmony_ci * senderKID [2] KeyIdentifier OPTIONAL, 461e1051a39Sopenharmony_ci * recipKID [3] KeyIdentifier OPTIONAL, 462e1051a39Sopenharmony_ci * -- to identify specific keys used for protection 463e1051a39Sopenharmony_ci * transactionID [4] OCTET STRING OPTIONAL, 464e1051a39Sopenharmony_ci * -- identifies the transaction; i.e., this will be the same in 465e1051a39Sopenharmony_ci * -- corresponding request, response, certConf, and PKIConf 466e1051a39Sopenharmony_ci * -- messages 467e1051a39Sopenharmony_ci * senderNonce [5] OCTET STRING OPTIONAL, 468e1051a39Sopenharmony_ci * recipNonce [6] OCTET STRING OPTIONAL, 469e1051a39Sopenharmony_ci * -- nonces used to provide replay protection, senderNonce 470e1051a39Sopenharmony_ci * -- is inserted by the creator of this message; recipNonce 471e1051a39Sopenharmony_ci * -- is a nonce previously inserted in a related message by 472e1051a39Sopenharmony_ci * -- the intended recipient of this message 473e1051a39Sopenharmony_ci * freeText [7] PKIFreeText OPTIONAL, 474e1051a39Sopenharmony_ci * -- this may be used to indicate context-specific instructions 475e1051a39Sopenharmony_ci * -- (this field is intended for human consumption) 476e1051a39Sopenharmony_ci * generalInfo [8] SEQUENCE SIZE (1..MAX) OF 477e1051a39Sopenharmony_ci * InfoTypeAndValue OPTIONAL 478e1051a39Sopenharmony_ci * -- this may be used to convey context-specific information 479e1051a39Sopenharmony_ci * -- (this field not primarily intended for human consumption) 480e1051a39Sopenharmony_ci * } 481e1051a39Sopenharmony_ci */ 482e1051a39Sopenharmony_cistruct ossl_cmp_pkiheader_st { 483e1051a39Sopenharmony_ci ASN1_INTEGER *pvno; 484e1051a39Sopenharmony_ci GENERAL_NAME *sender; 485e1051a39Sopenharmony_ci GENERAL_NAME *recipient; 486e1051a39Sopenharmony_ci ASN1_GENERALIZEDTIME *messageTime; /* 0 */ 487e1051a39Sopenharmony_ci X509_ALGOR *protectionAlg; /* 1 */ 488e1051a39Sopenharmony_ci ASN1_OCTET_STRING *senderKID; /* 2 */ 489e1051a39Sopenharmony_ci ASN1_OCTET_STRING *recipKID; /* 3 */ 490e1051a39Sopenharmony_ci ASN1_OCTET_STRING *transactionID; /* 4 */ 491e1051a39Sopenharmony_ci ASN1_OCTET_STRING *senderNonce; /* 5 */ 492e1051a39Sopenharmony_ci ASN1_OCTET_STRING *recipNonce; /* 6 */ 493e1051a39Sopenharmony_ci OSSL_CMP_PKIFREETEXT *freeText; /* 7 */ 494e1051a39Sopenharmony_ci STACK_OF(OSSL_CMP_ITAV) *generalInfo; /* 8 */ 495e1051a39Sopenharmony_ci} /* OSSL_CMP_PKIHEADER */; 496e1051a39Sopenharmony_ci 497e1051a39Sopenharmony_citypedef STACK_OF(OSSL_CMP_CHALLENGE) OSSL_CMP_POPODECKEYCHALLCONTENT; 498e1051a39Sopenharmony_ciDECLARE_ASN1_FUNCTIONS(OSSL_CMP_POPODECKEYCHALLCONTENT) 499e1051a39Sopenharmony_citypedef STACK_OF(ASN1_INTEGER) OSSL_CMP_POPODECKEYRESPCONTENT; 500e1051a39Sopenharmony_ciDECLARE_ASN1_FUNCTIONS(OSSL_CMP_POPODECKEYRESPCONTENT) 501e1051a39Sopenharmony_citypedef STACK_OF(OSSL_CMP_REVDETAILS) OSSL_CMP_REVREQCONTENT; 502e1051a39Sopenharmony_ciDECLARE_ASN1_FUNCTIONS(OSSL_CMP_REVREQCONTENT) 503e1051a39Sopenharmony_citypedef STACK_OF(X509_CRL) OSSL_CMP_CRLANNCONTENT; 504e1051a39Sopenharmony_ciDECLARE_ASN1_FUNCTIONS(OSSL_CMP_CRLANNCONTENT) 505e1051a39Sopenharmony_citypedef STACK_OF(OSSL_CMP_ITAV) OSSL_CMP_GENMSGCONTENT; 506e1051a39Sopenharmony_ciDECLARE_ASN1_FUNCTIONS(OSSL_CMP_GENMSGCONTENT) 507e1051a39Sopenharmony_citypedef STACK_OF(OSSL_CMP_ITAV) OSSL_CMP_GENREPCONTENT; 508e1051a39Sopenharmony_ciDECLARE_ASN1_FUNCTIONS(OSSL_CMP_GENREPCONTENT) 509e1051a39Sopenharmony_ci 510e1051a39Sopenharmony_ci/*- 511e1051a39Sopenharmony_ci * PKIBody ::= CHOICE { -- message-specific body elements 512e1051a39Sopenharmony_ci * ir [0] CertReqMessages, --Initialization Request 513e1051a39Sopenharmony_ci * ip [1] CertRepMessage, --Initialization Response 514e1051a39Sopenharmony_ci * cr [2] CertReqMessages, --Certification Request 515e1051a39Sopenharmony_ci * cp [3] CertRepMessage, --Certification Response 516e1051a39Sopenharmony_ci * p10cr [4] CertificationRequest, --imported from [PKCS10] 517e1051a39Sopenharmony_ci * popdecc [5] POPODecKeyChallContent, --pop Challenge 518e1051a39Sopenharmony_ci * popdecr [6] POPODecKeyRespContent, --pop Response 519e1051a39Sopenharmony_ci * kur [7] CertReqMessages, --Key Update Request 520e1051a39Sopenharmony_ci * kup [8] CertRepMessage, --Key Update Response 521e1051a39Sopenharmony_ci * krr [9] CertReqMessages, --Key Recovery Request 522e1051a39Sopenharmony_ci * krp [10] KeyRecRepContent, --Key Recovery Response 523e1051a39Sopenharmony_ci * rr [11] RevReqContent, --Revocation Request 524e1051a39Sopenharmony_ci * rp [12] RevRepContent, --Revocation Response 525e1051a39Sopenharmony_ci * ccr [13] CertReqMessages, --Cross-Cert. Request 526e1051a39Sopenharmony_ci * ccp [14] CertRepMessage, --Cross-Cert. Response 527e1051a39Sopenharmony_ci * ckuann [15] CAKeyUpdAnnContent, --CA Key Update Ann. 528e1051a39Sopenharmony_ci * cann [16] CertAnnContent, --Certificate Ann. 529e1051a39Sopenharmony_ci * rann [17] RevAnnContent, --Revocation Ann. 530e1051a39Sopenharmony_ci * crlann [18] CRLAnnContent, --CRL Announcement 531e1051a39Sopenharmony_ci * pkiconf [19] PKIConfirmContent, --Confirmation 532e1051a39Sopenharmony_ci * nested [20] NestedMessageContent, --Nested Message 533e1051a39Sopenharmony_ci * genm [21] GenMsgContent, --General Message 534e1051a39Sopenharmony_ci * genp [22] GenRepContent, --General Response 535e1051a39Sopenharmony_ci * error [23] ErrorMsgContent, --Error Message 536e1051a39Sopenharmony_ci * certConf [24] CertConfirmContent, --Certificate confirm 537e1051a39Sopenharmony_ci * pollReq [25] PollReqContent, --Polling request 538e1051a39Sopenharmony_ci * pollRep [26] PollRepContent --Polling response 539e1051a39Sopenharmony_ci * } 540e1051a39Sopenharmony_ci */ 541e1051a39Sopenharmony_citypedef struct ossl_cmp_pkibody_st { 542e1051a39Sopenharmony_ci int type; 543e1051a39Sopenharmony_ci union { 544e1051a39Sopenharmony_ci OSSL_CRMF_MSGS *ir; /* 0 */ 545e1051a39Sopenharmony_ci OSSL_CMP_CERTREPMESSAGE *ip; /* 1 */ 546e1051a39Sopenharmony_ci OSSL_CRMF_MSGS *cr; /* 2 */ 547e1051a39Sopenharmony_ci OSSL_CMP_CERTREPMESSAGE *cp; /* 3 */ 548e1051a39Sopenharmony_ci /*- 549e1051a39Sopenharmony_ci * p10cr [4] CertificationRequest, --imported from [PKCS10] 550e1051a39Sopenharmony_ci * 551e1051a39Sopenharmony_ci * PKCS10_CERTIFICATIONREQUEST is effectively X509_REQ 552e1051a39Sopenharmony_ci * so it is used directly 553e1051a39Sopenharmony_ci */ 554e1051a39Sopenharmony_ci X509_REQ *p10cr; /* 4 */ 555e1051a39Sopenharmony_ci /*- 556e1051a39Sopenharmony_ci * popdecc [5] POPODecKeyChallContent, --pop Challenge 557e1051a39Sopenharmony_ci * 558e1051a39Sopenharmony_ci * POPODecKeyChallContent ::= SEQUENCE OF Challenge 559e1051a39Sopenharmony_ci */ 560e1051a39Sopenharmony_ci OSSL_CMP_POPODECKEYCHALLCONTENT *popdecc; /* 5 */ 561e1051a39Sopenharmony_ci /*- 562e1051a39Sopenharmony_ci * popdecr [6] POPODecKeyRespContent, --pop Response 563e1051a39Sopenharmony_ci * 564e1051a39Sopenharmony_ci * POPODecKeyRespContent ::= SEQUENCE OF INTEGER 565e1051a39Sopenharmony_ci */ 566e1051a39Sopenharmony_ci OSSL_CMP_POPODECKEYRESPCONTENT *popdecr; /* 6 */ 567e1051a39Sopenharmony_ci OSSL_CRMF_MSGS *kur; /* 7 */ 568e1051a39Sopenharmony_ci OSSL_CMP_CERTREPMESSAGE *kup; /* 8 */ 569e1051a39Sopenharmony_ci OSSL_CRMF_MSGS *krr; /* 9 */ 570e1051a39Sopenharmony_ci 571e1051a39Sopenharmony_ci /*- 572e1051a39Sopenharmony_ci * krp [10] KeyRecRepContent, --Key Recovery Response 573e1051a39Sopenharmony_ci */ 574e1051a39Sopenharmony_ci OSSL_CMP_KEYRECREPCONTENT *krp; /* 10 */ 575e1051a39Sopenharmony_ci /*- 576e1051a39Sopenharmony_ci * rr [11] RevReqContent, --Revocation Request 577e1051a39Sopenharmony_ci */ 578e1051a39Sopenharmony_ci OSSL_CMP_REVREQCONTENT *rr; /* 11 */ 579e1051a39Sopenharmony_ci /*- 580e1051a39Sopenharmony_ci * rp [12] RevRepContent, --Revocation Response 581e1051a39Sopenharmony_ci */ 582e1051a39Sopenharmony_ci OSSL_CMP_REVREPCONTENT *rp; /* 12 */ 583e1051a39Sopenharmony_ci /*- 584e1051a39Sopenharmony_ci * ccr [13] CertReqMessages, --Cross-Cert. Request 585e1051a39Sopenharmony_ci */ 586e1051a39Sopenharmony_ci OSSL_CRMF_MSGS *ccr; /* 13 */ 587e1051a39Sopenharmony_ci /*- 588e1051a39Sopenharmony_ci * ccp [14] CertRepMessage, --Cross-Cert. Response 589e1051a39Sopenharmony_ci */ 590e1051a39Sopenharmony_ci OSSL_CMP_CERTREPMESSAGE *ccp; /* 14 */ 591e1051a39Sopenharmony_ci /*- 592e1051a39Sopenharmony_ci * ckuann [15] CAKeyUpdAnnContent, --CA Key Update Ann. 593e1051a39Sopenharmony_ci */ 594e1051a39Sopenharmony_ci OSSL_CMP_CAKEYUPDANNCONTENT *ckuann; /* 15 */ 595e1051a39Sopenharmony_ci /*- 596e1051a39Sopenharmony_ci * cann [16] CertAnnContent, --Certificate Ann. 597e1051a39Sopenharmony_ci * OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly 598e1051a39Sopenharmony_ci */ 599e1051a39Sopenharmony_ci X509 *cann; /* 16 */ 600e1051a39Sopenharmony_ci /*- 601e1051a39Sopenharmony_ci * rann [17] RevAnnContent, --Revocation Ann. 602e1051a39Sopenharmony_ci */ 603e1051a39Sopenharmony_ci OSSL_CMP_REVANNCONTENT *rann; /* 17 */ 604e1051a39Sopenharmony_ci /*- 605e1051a39Sopenharmony_ci * crlann [18] CRLAnnContent, --CRL Announcement 606e1051a39Sopenharmony_ci * CRLAnnContent ::= SEQUENCE OF CertificateList 607e1051a39Sopenharmony_ci */ 608e1051a39Sopenharmony_ci OSSL_CMP_CRLANNCONTENT *crlann; /* 18 */ 609e1051a39Sopenharmony_ci /*- 610e1051a39Sopenharmony_ci * PKIConfirmContent ::= NULL 611e1051a39Sopenharmony_ci * pkiconf [19] PKIConfirmContent, --Confirmation 612e1051a39Sopenharmony_ci * OSSL_CMP_PKICONFIRMCONTENT would be only a typedef of ASN1_NULL 613e1051a39Sopenharmony_ci * OSSL_CMP_CONFIRMCONTENT *pkiconf; 614e1051a39Sopenharmony_ci * 615e1051a39Sopenharmony_ci * NOTE: this should ASN1_NULL according to the RFC 616e1051a39Sopenharmony_ci * but there might be a struct in it when sent from faulty servers... 617e1051a39Sopenharmony_ci */ 618e1051a39Sopenharmony_ci ASN1_TYPE *pkiconf; /* 19 */ 619e1051a39Sopenharmony_ci /*- 620e1051a39Sopenharmony_ci * nested [20] NestedMessageContent, --Nested Message 621e1051a39Sopenharmony_ci * NestedMessageContent ::= PKIMessages 622e1051a39Sopenharmony_ci */ 623e1051a39Sopenharmony_ci OSSL_CMP_MSGS *nested; /* 20 */ 624e1051a39Sopenharmony_ci /*- 625e1051a39Sopenharmony_ci * genm [21] GenMsgContent, --General Message 626e1051a39Sopenharmony_ci * GenMsgContent ::= SEQUENCE OF InfoTypeAndValue 627e1051a39Sopenharmony_ci */ 628e1051a39Sopenharmony_ci OSSL_CMP_GENMSGCONTENT *genm; /* 21 */ 629e1051a39Sopenharmony_ci /*- 630e1051a39Sopenharmony_ci * genp [22] GenRepContent, --General Response 631e1051a39Sopenharmony_ci * GenRepContent ::= SEQUENCE OF InfoTypeAndValue 632e1051a39Sopenharmony_ci */ 633e1051a39Sopenharmony_ci OSSL_CMP_GENREPCONTENT *genp; /* 22 */ 634e1051a39Sopenharmony_ci /*- 635e1051a39Sopenharmony_ci * error [23] ErrorMsgContent, --Error Message 636e1051a39Sopenharmony_ci */ 637e1051a39Sopenharmony_ci OSSL_CMP_ERRORMSGCONTENT *error; /* 23 */ 638e1051a39Sopenharmony_ci /*- 639e1051a39Sopenharmony_ci * certConf [24] CertConfirmContent, --Certificate confirm 640e1051a39Sopenharmony_ci */ 641e1051a39Sopenharmony_ci OSSL_CMP_CERTCONFIRMCONTENT *certConf; /* 24 */ 642e1051a39Sopenharmony_ci /*- 643e1051a39Sopenharmony_ci * pollReq [25] PollReqContent, --Polling request 644e1051a39Sopenharmony_ci */ 645e1051a39Sopenharmony_ci OSSL_CMP_POLLREQCONTENT *pollReq; /* 25 */ 646e1051a39Sopenharmony_ci /*- 647e1051a39Sopenharmony_ci * pollRep [26] PollRepContent --Polling response 648e1051a39Sopenharmony_ci */ 649e1051a39Sopenharmony_ci OSSL_CMP_POLLREPCONTENT *pollRep; /* 26 */ 650e1051a39Sopenharmony_ci } value; 651e1051a39Sopenharmony_ci} OSSL_CMP_PKIBODY; 652e1051a39Sopenharmony_ciDECLARE_ASN1_FUNCTIONS(OSSL_CMP_PKIBODY) 653e1051a39Sopenharmony_ci 654e1051a39Sopenharmony_ci/*- 655e1051a39Sopenharmony_ci * PKIProtection ::= BIT STRING 656e1051a39Sopenharmony_ci * 657e1051a39Sopenharmony_ci * PKIMessages ::= SEQUENCE SIZE (1..MAX) OF PKIMessage 658e1051a39Sopenharmony_ci * 659e1051a39Sopenharmony_ci * PKIMessage ::= SEQUENCE { 660e1051a39Sopenharmony_ci * header PKIHeader, 661e1051a39Sopenharmony_ci * body PKIBody, 662e1051a39Sopenharmony_ci * protection [0] PKIProtection OPTIONAL, 663e1051a39Sopenharmony_ci * extraCerts [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate 664e1051a39Sopenharmony_ci * OPTIONAL 665e1051a39Sopenharmony_ci * } 666e1051a39Sopenharmony_ci */ 667e1051a39Sopenharmony_cistruct ossl_cmp_msg_st { 668e1051a39Sopenharmony_ci OSSL_CMP_PKIHEADER *header; 669e1051a39Sopenharmony_ci OSSL_CMP_PKIBODY *body; 670e1051a39Sopenharmony_ci ASN1_BIT_STRING *protection; /* 0 */ 671e1051a39Sopenharmony_ci /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */ 672e1051a39Sopenharmony_ci STACK_OF(X509) *extraCerts; /* 1 */ 673e1051a39Sopenharmony_ci OSSL_LIB_CTX *libctx; 674e1051a39Sopenharmony_ci char *propq; 675e1051a39Sopenharmony_ci} /* OSSL_CMP_MSG */; 676e1051a39Sopenharmony_ciOSSL_CMP_MSG *OSSL_CMP_MSG_new(OSSL_LIB_CTX *libctx, const char *propq); 677e1051a39Sopenharmony_civoid OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg); 678e1051a39Sopenharmony_ci 679e1051a39Sopenharmony_ci/*- 680e1051a39Sopenharmony_ci * ProtectedPart ::= SEQUENCE { 681e1051a39Sopenharmony_ci * header PKIHeader, 682e1051a39Sopenharmony_ci * body PKIBody 683e1051a39Sopenharmony_ci * } 684e1051a39Sopenharmony_ci */ 685e1051a39Sopenharmony_citypedef struct ossl_cmp_protectedpart_st { 686e1051a39Sopenharmony_ci OSSL_CMP_PKIHEADER *header; 687e1051a39Sopenharmony_ci OSSL_CMP_PKIBODY *body; 688e1051a39Sopenharmony_ci} OSSL_CMP_PROTECTEDPART; 689e1051a39Sopenharmony_ciDECLARE_ASN1_FUNCTIONS(OSSL_CMP_PROTECTEDPART) 690e1051a39Sopenharmony_ci 691e1051a39Sopenharmony_ci/*- 692e1051a39Sopenharmony_ci * this is not defined here as it is already in CRMF: 693e1051a39Sopenharmony_ci * id-PasswordBasedMac OBJECT IDENTIFIER ::= {1 2 840 113533 7 66 13} 694e1051a39Sopenharmony_ci * PBMParameter ::= SEQUENCE { 695e1051a39Sopenharmony_ci * salt OCTET STRING, 696e1051a39Sopenharmony_ci * -- note: implementations MAY wish to limit acceptable sizes 697e1051a39Sopenharmony_ci * -- of this string to values appropriate for their environment 698e1051a39Sopenharmony_ci * -- in order to reduce the risk of denial-of-service attacks 699e1051a39Sopenharmony_ci * owf AlgorithmIdentifier, 700e1051a39Sopenharmony_ci * -- AlgId for a One-Way Function (SHA-1 recommended) 701e1051a39Sopenharmony_ci * iterationCount INTEGER, 702e1051a39Sopenharmony_ci * -- number of times the OWF is applied 703e1051a39Sopenharmony_ci * -- note: implementations MAY wish to limit acceptable sizes 704e1051a39Sopenharmony_ci * -- of this integer to values appropriate for their environment 705e1051a39Sopenharmony_ci * -- in order to reduce the risk of denial-of-service attacks 706e1051a39Sopenharmony_ci * mac AlgorithmIdentifier 707e1051a39Sopenharmony_ci * -- the MAC AlgId (e.g., DES-MAC, Triple-DES-MAC [PKCS11], 708e1051a39Sopenharmony_ci * } -- or HMAC [RFC2104, RFC2202]) 709e1051a39Sopenharmony_ci */ 710e1051a39Sopenharmony_ci/*- 711e1051a39Sopenharmony_ci * id-DHBasedMac OBJECT IDENTIFIER ::= {1 2 840 113533 7 66 30} 712e1051a39Sopenharmony_ci * DHBMParameter ::= SEQUENCE { 713e1051a39Sopenharmony_ci * owf AlgorithmIdentifier, 714e1051a39Sopenharmony_ci * -- AlgId for a One-Way Function (SHA-1 recommended) 715e1051a39Sopenharmony_ci * mac AlgorithmIdentifier 716e1051a39Sopenharmony_ci * -- the MAC AlgId (e.g., DES-MAC, Triple-DES-MAC [PKCS11], 717e1051a39Sopenharmony_ci * } -- or HMAC [RFC2104, RFC2202]) 718e1051a39Sopenharmony_ci */ 719e1051a39Sopenharmony_ci/*- 720e1051a39Sopenharmony_ci * The following is not cared for, because it is described in section 5.2.5 721e1051a39Sopenharmony_ci * that this is beyond the scope of CMP 722e1051a39Sopenharmony_ci * OOBCert ::= CMPCertificate 723e1051a39Sopenharmony_ci * 724e1051a39Sopenharmony_ci * OOBCertHash ::= SEQUENCE { 725e1051a39Sopenharmony_ci * hashAlg [0] AlgorithmIdentifier OPTIONAL, 726e1051a39Sopenharmony_ci * certId [1] CertId OPTIONAL, 727e1051a39Sopenharmony_ci * hashVal BIT STRING 728e1051a39Sopenharmony_ci * -- hashVal is calculated over the DER encoding of the 729e1051a39Sopenharmony_ci * -- self-signed certificate with the identifier certID. 730e1051a39Sopenharmony_ci * } 731e1051a39Sopenharmony_ci */ 732e1051a39Sopenharmony_ci 733e1051a39Sopenharmony_ci/* from cmp_asn.c */ 734e1051a39Sopenharmony_ciint ossl_cmp_asn1_get_int(const ASN1_INTEGER *a); 735e1051a39Sopenharmony_ci 736e1051a39Sopenharmony_ci/* from cmp_util.c */ 737e1051a39Sopenharmony_ciconst char *ossl_cmp_log_parse_metadata(const char *buf, 738e1051a39Sopenharmony_ci OSSL_CMP_severity *level, char **func, 739e1051a39Sopenharmony_ci char **file, int *line); 740e1051a39Sopenharmony_ci# define ossl_cmp_add_error_data(txt) ERR_add_error_txt(" : ", txt) 741e1051a39Sopenharmony_ci# define ossl_cmp_add_error_line(txt) ERR_add_error_txt("\n", txt) 742e1051a39Sopenharmony_ci/* The two functions manipulating X509_STORE could be generally useful */ 743e1051a39Sopenharmony_ciint ossl_cmp_X509_STORE_add1_certs(X509_STORE *store, STACK_OF(X509) *certs, 744e1051a39Sopenharmony_ci int only_self_issued); 745e1051a39Sopenharmony_ciSTACK_OF(X509) *ossl_cmp_X509_STORE_get1_certs(X509_STORE *store); 746e1051a39Sopenharmony_ciint ossl_cmp_sk_ASN1_UTF8STRING_push_str(STACK_OF(ASN1_UTF8STRING) *sk, 747e1051a39Sopenharmony_ci const char *text, int len); 748e1051a39Sopenharmony_ciint ossl_cmp_asn1_octet_string_set1(ASN1_OCTET_STRING **tgt, 749e1051a39Sopenharmony_ci const ASN1_OCTET_STRING *src); 750e1051a39Sopenharmony_ciint ossl_cmp_asn1_octet_string_set1_bytes(ASN1_OCTET_STRING **tgt, 751e1051a39Sopenharmony_ci const unsigned char *bytes, int len); 752e1051a39Sopenharmony_ci 753e1051a39Sopenharmony_ci/* from cmp_ctx.c */ 754e1051a39Sopenharmony_ciint ossl_cmp_print_log(OSSL_CMP_severity level, const OSSL_CMP_CTX *ctx, 755e1051a39Sopenharmony_ci const char *func, const char *file, int line, 756e1051a39Sopenharmony_ci const char *level_str, const char *format, ...); 757e1051a39Sopenharmony_ci# define ossl_cmp_log(level, ctx, msg) \ 758e1051a39Sopenharmony_ci ossl_cmp_print_log(OSSL_CMP_LOG_##level, ctx, OPENSSL_FUNC, OPENSSL_FILE, \ 759e1051a39Sopenharmony_ci OPENSSL_LINE, #level, "%s", msg) 760e1051a39Sopenharmony_ci# define ossl_cmp_log1(level, ctx, fmt, arg1) \ 761e1051a39Sopenharmony_ci ossl_cmp_print_log(OSSL_CMP_LOG_##level, ctx, OPENSSL_FUNC, OPENSSL_FILE, \ 762e1051a39Sopenharmony_ci OPENSSL_LINE, #level, fmt, arg1) 763e1051a39Sopenharmony_ci# define ossl_cmp_log2(level, ctx, fmt, arg1, arg2) \ 764e1051a39Sopenharmony_ci ossl_cmp_print_log(OSSL_CMP_LOG_##level, ctx, OPENSSL_FUNC, OPENSSL_FILE, \ 765e1051a39Sopenharmony_ci OPENSSL_LINE, #level, fmt, arg1, arg2) 766e1051a39Sopenharmony_ci# define ossl_cmp_log3(level, ctx, fmt, arg1, arg2, arg3) \ 767e1051a39Sopenharmony_ci ossl_cmp_print_log(OSSL_CMP_LOG_##level, ctx, OPENSSL_FUNC, OPENSSL_FILE, \ 768e1051a39Sopenharmony_ci OPENSSL_LINE, #level, fmt, arg1, arg2, arg3) 769e1051a39Sopenharmony_ci# define ossl_cmp_log4(level, ctx, fmt, arg1, arg2, arg3, arg4) \ 770e1051a39Sopenharmony_ci ossl_cmp_print_log(OSSL_CMP_LOG_##level, ctx, OPENSSL_FUNC, OPENSSL_FILE, \ 771e1051a39Sopenharmony_ci OPENSSL_LINE, #level, fmt, arg1, arg2, arg3, arg4) 772e1051a39Sopenharmony_ci# define OSSL_CMP_LOG_ERROR OSSL_CMP_LOG_ERR 773e1051a39Sopenharmony_ci# define OSSL_CMP_LOG_WARN OSSL_CMP_LOG_WARNING 774e1051a39Sopenharmony_ci# define ossl_cmp_alert(ctx, msg) ossl_cmp_log(ALERT, ctx, msg) 775e1051a39Sopenharmony_ci# define ossl_cmp_err(ctx, msg) ossl_cmp_log(ERROR, ctx, msg) 776e1051a39Sopenharmony_ci# define ossl_cmp_warn(ctx, msg) ossl_cmp_log(WARN, ctx, msg) 777e1051a39Sopenharmony_ci# define ossl_cmp_info(ctx, msg) ossl_cmp_log(INFO, ctx, msg) 778e1051a39Sopenharmony_ci# define ossl_cmp_debug(ctx, msg) ossl_cmp_log(DEBUG, ctx, msg) 779e1051a39Sopenharmony_ci# define ossl_cmp_trace(ctx, msg) ossl_cmp_log(TRACE, ctx, msg) 780e1051a39Sopenharmony_ciint ossl_cmp_ctx_set0_validatedSrvCert(OSSL_CMP_CTX *ctx, X509 *cert); 781e1051a39Sopenharmony_ciint ossl_cmp_ctx_set_status(OSSL_CMP_CTX *ctx, int status); 782e1051a39Sopenharmony_ciint ossl_cmp_ctx_set0_statusString(OSSL_CMP_CTX *ctx, 783e1051a39Sopenharmony_ci OSSL_CMP_PKIFREETEXT *text); 784e1051a39Sopenharmony_ciint ossl_cmp_ctx_set_failInfoCode(OSSL_CMP_CTX *ctx, int fail_info); 785e1051a39Sopenharmony_ciint ossl_cmp_ctx_set0_newCert(OSSL_CMP_CTX *ctx, X509 *cert); 786e1051a39Sopenharmony_ciint ossl_cmp_ctx_set1_newChain(OSSL_CMP_CTX *ctx, STACK_OF(X509) *newChain); 787e1051a39Sopenharmony_ciint ossl_cmp_ctx_set1_caPubs(OSSL_CMP_CTX *ctx, STACK_OF(X509) *caPubs); 788e1051a39Sopenharmony_ciint ossl_cmp_ctx_set1_extraCertsIn(OSSL_CMP_CTX *ctx, 789e1051a39Sopenharmony_ci STACK_OF(X509) *extraCertsIn); 790e1051a39Sopenharmony_ciint ossl_cmp_ctx_set1_recipNonce(OSSL_CMP_CTX *ctx, 791e1051a39Sopenharmony_ci const ASN1_OCTET_STRING *nonce); 792e1051a39Sopenharmony_ciEVP_PKEY *ossl_cmp_ctx_get0_newPubkey(const OSSL_CMP_CTX *ctx); 793e1051a39Sopenharmony_ci 794e1051a39Sopenharmony_ci/* from cmp_status.c */ 795e1051a39Sopenharmony_ciint ossl_cmp_pkisi_get_status(const OSSL_CMP_PKISI *si); 796e1051a39Sopenharmony_ciconst char *ossl_cmp_PKIStatus_to_string(int status); 797e1051a39Sopenharmony_ciOSSL_CMP_PKIFREETEXT *ossl_cmp_pkisi_get0_statusString(const OSSL_CMP_PKISI *s); 798e1051a39Sopenharmony_ciint ossl_cmp_pkisi_get_pkifailureinfo(const OSSL_CMP_PKISI *si); 799e1051a39Sopenharmony_ciint ossl_cmp_pkisi_check_pkifailureinfo(const OSSL_CMP_PKISI *si, int index); 800e1051a39Sopenharmony_ci 801e1051a39Sopenharmony_ci/* from cmp_hdr.c */ 802e1051a39Sopenharmony_ciint ossl_cmp_hdr_set_pvno(OSSL_CMP_PKIHEADER *hdr, int pvno); 803e1051a39Sopenharmony_ciint ossl_cmp_hdr_get_pvno(const OSSL_CMP_PKIHEADER *hdr); 804e1051a39Sopenharmony_ciint ossl_cmp_hdr_get_protection_nid(const OSSL_CMP_PKIHEADER *hdr); 805e1051a39Sopenharmony_ciASN1_OCTET_STRING *ossl_cmp_hdr_get0_senderNonce(const OSSL_CMP_PKIHEADER *hdr); 806e1051a39Sopenharmony_ciint ossl_cmp_general_name_is_NULL_DN(GENERAL_NAME *name); 807e1051a39Sopenharmony_ciint ossl_cmp_hdr_set1_sender(OSSL_CMP_PKIHEADER *hdr, const X509_NAME *nm); 808e1051a39Sopenharmony_ciint ossl_cmp_hdr_set1_recipient(OSSL_CMP_PKIHEADER *hdr, const X509_NAME *nm); 809e1051a39Sopenharmony_ciint ossl_cmp_hdr_update_messageTime(OSSL_CMP_PKIHEADER *hdr); 810e1051a39Sopenharmony_ciint ossl_cmp_hdr_set1_senderKID(OSSL_CMP_PKIHEADER *hdr, 811e1051a39Sopenharmony_ci const ASN1_OCTET_STRING *senderKID); 812e1051a39Sopenharmony_ciint ossl_cmp_hdr_push0_freeText(OSSL_CMP_PKIHEADER *hdr, ASN1_UTF8STRING *text); 813e1051a39Sopenharmony_ciint ossl_cmp_hdr_push1_freeText(OSSL_CMP_PKIHEADER *hdr, ASN1_UTF8STRING *text); 814e1051a39Sopenharmony_ciint ossl_cmp_hdr_generalInfo_push0_item(OSSL_CMP_PKIHEADER *hdr, 815e1051a39Sopenharmony_ci OSSL_CMP_ITAV *itav); 816e1051a39Sopenharmony_ciint ossl_cmp_hdr_generalInfo_push1_items(OSSL_CMP_PKIHEADER *hdr, 817e1051a39Sopenharmony_ci const STACK_OF(OSSL_CMP_ITAV) *itavs); 818e1051a39Sopenharmony_ciint ossl_cmp_hdr_set_implicitConfirm(OSSL_CMP_PKIHEADER *hdr); 819e1051a39Sopenharmony_ciint ossl_cmp_hdr_has_implicitConfirm(const OSSL_CMP_PKIHEADER *hdr); 820e1051a39Sopenharmony_ci# define OSSL_CMP_TRANSACTIONID_LENGTH 16 821e1051a39Sopenharmony_ci# define OSSL_CMP_SENDERNONCE_LENGTH 16 822e1051a39Sopenharmony_ciint ossl_cmp_hdr_set_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_PKIHEADER *hdr); 823e1051a39Sopenharmony_ciint ossl_cmp_hdr_init(OSSL_CMP_CTX *ctx, OSSL_CMP_PKIHEADER *hdr); 824e1051a39Sopenharmony_ci 825e1051a39Sopenharmony_ci/* from cmp_msg.c */ 826e1051a39Sopenharmony_ci/* OSSL_CMP_MSG bodytype ASN.1 choice IDs */ 827e1051a39Sopenharmony_ci# define OSSL_CMP_PKIBODY_IR 0 828e1051a39Sopenharmony_ci# define OSSL_CMP_PKIBODY_IP 1 829e1051a39Sopenharmony_ci# define OSSL_CMP_PKIBODY_CR 2 830e1051a39Sopenharmony_ci# define OSSL_CMP_PKIBODY_CP 3 831e1051a39Sopenharmony_ci# define OSSL_CMP_PKIBODY_P10CR 4 832e1051a39Sopenharmony_ci# define OSSL_CMP_PKIBODY_POPDECC 5 833e1051a39Sopenharmony_ci# define OSSL_CMP_PKIBODY_POPDECR 6 834e1051a39Sopenharmony_ci# define OSSL_CMP_PKIBODY_KUR 7 835e1051a39Sopenharmony_ci# define OSSL_CMP_PKIBODY_KUP 8 836e1051a39Sopenharmony_ci# define OSSL_CMP_PKIBODY_KRR 9 837e1051a39Sopenharmony_ci# define OSSL_CMP_PKIBODY_KRP 10 838e1051a39Sopenharmony_ci# define OSSL_CMP_PKIBODY_RR 11 839e1051a39Sopenharmony_ci# define OSSL_CMP_PKIBODY_RP 12 840e1051a39Sopenharmony_ci# define OSSL_CMP_PKIBODY_CCR 13 841e1051a39Sopenharmony_ci# define OSSL_CMP_PKIBODY_CCP 14 842e1051a39Sopenharmony_ci# define OSSL_CMP_PKIBODY_CKUANN 15 843e1051a39Sopenharmony_ci# define OSSL_CMP_PKIBODY_CANN 16 844e1051a39Sopenharmony_ci# define OSSL_CMP_PKIBODY_RANN 17 845e1051a39Sopenharmony_ci# define OSSL_CMP_PKIBODY_CRLANN 18 846e1051a39Sopenharmony_ci# define OSSL_CMP_PKIBODY_PKICONF 19 847e1051a39Sopenharmony_ci# define OSSL_CMP_PKIBODY_NESTED 20 848e1051a39Sopenharmony_ci# define OSSL_CMP_PKIBODY_GENM 21 849e1051a39Sopenharmony_ci# define OSSL_CMP_PKIBODY_GENP 22 850e1051a39Sopenharmony_ci# define OSSL_CMP_PKIBODY_ERROR 23 851e1051a39Sopenharmony_ci# define OSSL_CMP_PKIBODY_CERTCONF 24 852e1051a39Sopenharmony_ci# define OSSL_CMP_PKIBODY_POLLREQ 25 853e1051a39Sopenharmony_ci# define OSSL_CMP_PKIBODY_POLLREP 26 854e1051a39Sopenharmony_ci# define OSSL_CMP_PKIBODY_TYPE_MAX OSSL_CMP_PKIBODY_POLLREP 855e1051a39Sopenharmony_ci/* certReqId for the first - and so far only - certificate request */ 856e1051a39Sopenharmony_ci# define OSSL_CMP_CERTREQID 0 857e1051a39Sopenharmony_ci# define OSSL_CMP_CERTREQID_NONE -1 858e1051a39Sopenharmony_ci# define OSSL_CMP_CERTREQID_INVALID -2 859e1051a39Sopenharmony_ci/* sequence id for the first - and so far only - revocation request */ 860e1051a39Sopenharmony_ci# define OSSL_CMP_REVREQSID 0 861e1051a39Sopenharmony_ciint ossl_cmp_msg_set0_libctx(OSSL_CMP_MSG *msg, OSSL_LIB_CTX *libctx, 862e1051a39Sopenharmony_ci const char *propq); 863e1051a39Sopenharmony_ciconst char *ossl_cmp_bodytype_to_string(int type); 864e1051a39Sopenharmony_ciint ossl_cmp_msg_set_bodytype(OSSL_CMP_MSG *msg, int type); 865e1051a39Sopenharmony_ciOSSL_CMP_MSG *ossl_cmp_msg_create(OSSL_CMP_CTX *ctx, int bodytype); 866e1051a39Sopenharmony_ciOSSL_CMP_MSG *ossl_cmp_certreq_new(OSSL_CMP_CTX *ctx, int bodytype, 867e1051a39Sopenharmony_ci const OSSL_CRMF_MSG *crm); 868e1051a39Sopenharmony_ciOSSL_CMP_MSG *ossl_cmp_certrep_new(OSSL_CMP_CTX *ctx, int bodytype, 869e1051a39Sopenharmony_ci int certReqId, const OSSL_CMP_PKISI *si, 870e1051a39Sopenharmony_ci X509 *cert, const X509 *encryption_recip, 871e1051a39Sopenharmony_ci STACK_OF(X509) *chain, STACK_OF(X509) *caPubs, 872e1051a39Sopenharmony_ci int unprotectedErrors); 873e1051a39Sopenharmony_ciOSSL_CMP_MSG *ossl_cmp_rr_new(OSSL_CMP_CTX *ctx); 874e1051a39Sopenharmony_ciOSSL_CMP_MSG *ossl_cmp_rp_new(OSSL_CMP_CTX *ctx, const OSSL_CMP_PKISI *si, 875e1051a39Sopenharmony_ci const OSSL_CRMF_CERTID *cid, 876e1051a39Sopenharmony_ci int unprotectedErrors); 877e1051a39Sopenharmony_ciOSSL_CMP_MSG *ossl_cmp_pkiconf_new(OSSL_CMP_CTX *ctx); 878e1051a39Sopenharmony_ciOSSL_CMP_MSG *ossl_cmp_pollRep_new(OSSL_CMP_CTX *ctx, int crid, 879e1051a39Sopenharmony_ci int64_t poll_after); 880e1051a39Sopenharmony_ciint ossl_cmp_msg_gen_push0_ITAV(OSSL_CMP_MSG *msg, OSSL_CMP_ITAV *itav); 881e1051a39Sopenharmony_ciint ossl_cmp_msg_gen_push1_ITAVs(OSSL_CMP_MSG *msg, 882e1051a39Sopenharmony_ci const STACK_OF(OSSL_CMP_ITAV) *itavs); 883e1051a39Sopenharmony_ciOSSL_CMP_MSG *ossl_cmp_genm_new(OSSL_CMP_CTX *ctx); 884e1051a39Sopenharmony_ciOSSL_CMP_MSG *ossl_cmp_genp_new(OSSL_CMP_CTX *ctx, 885e1051a39Sopenharmony_ci const STACK_OF(OSSL_CMP_ITAV) *itavs); 886e1051a39Sopenharmony_ciOSSL_CMP_MSG *ossl_cmp_error_new(OSSL_CMP_CTX *ctx, const OSSL_CMP_PKISI *si, 887e1051a39Sopenharmony_ci int64_t errorCode, const char *details, 888e1051a39Sopenharmony_ci int unprotected); 889e1051a39Sopenharmony_ciint ossl_cmp_certstatus_set0_certHash(OSSL_CMP_CERTSTATUS *certStatus, 890e1051a39Sopenharmony_ci ASN1_OCTET_STRING *hash); 891e1051a39Sopenharmony_ciOSSL_CMP_MSG *ossl_cmp_certConf_new(OSSL_CMP_CTX *ctx, int certReqId, 892e1051a39Sopenharmony_ci int fail_info, const char *text); 893e1051a39Sopenharmony_ciOSSL_CMP_MSG *ossl_cmp_pollReq_new(OSSL_CMP_CTX *ctx, int crid); 894e1051a39Sopenharmony_ciOSSL_CMP_MSG *ossl_cmp_pollRep_new(OSSL_CMP_CTX *ctx, int crid, 895e1051a39Sopenharmony_ci int64_t poll_after); 896e1051a39Sopenharmony_ciOSSL_CMP_PKISI * 897e1051a39Sopenharmony_ciossl_cmp_revrepcontent_get_pkisi(OSSL_CMP_REVREPCONTENT *rrep, int rsid); 898e1051a39Sopenharmony_ciOSSL_CRMF_CERTID *ossl_cmp_revrepcontent_get_CertId(OSSL_CMP_REVREPCONTENT *rc, 899e1051a39Sopenharmony_ci int rsid); 900e1051a39Sopenharmony_ciOSSL_CMP_POLLREP * 901e1051a39Sopenharmony_ciossl_cmp_pollrepcontent_get0_pollrep(const OSSL_CMP_POLLREPCONTENT *prc, 902e1051a39Sopenharmony_ci int rid); 903e1051a39Sopenharmony_ciOSSL_CMP_CERTRESPONSE * 904e1051a39Sopenharmony_ciossl_cmp_certrepmessage_get0_certresponse(const OSSL_CMP_CERTREPMESSAGE *crm, 905e1051a39Sopenharmony_ci int rid); 906e1051a39Sopenharmony_ciX509 *ossl_cmp_certresponse_get1_cert(const OSSL_CMP_CTX *ctx, 907e1051a39Sopenharmony_ci const OSSL_CMP_CERTRESPONSE *crep); 908e1051a39Sopenharmony_ciOSSL_CMP_MSG *ossl_cmp_msg_load(const char *file); 909e1051a39Sopenharmony_ci 910e1051a39Sopenharmony_ci/* from cmp_protect.c */ 911e1051a39Sopenharmony_ciint ossl_cmp_msg_add_extraCerts(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg); 912e1051a39Sopenharmony_ciASN1_BIT_STRING *ossl_cmp_calc_protection(const OSSL_CMP_CTX *ctx, 913e1051a39Sopenharmony_ci const OSSL_CMP_MSG *msg); 914e1051a39Sopenharmony_ciint ossl_cmp_msg_protect(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg); 915e1051a39Sopenharmony_ci 916e1051a39Sopenharmony_ci/* from cmp_vfy.c */ 917e1051a39Sopenharmony_citypedef int (*ossl_cmp_allow_unprotected_cb_t)(const OSSL_CMP_CTX *ctx, 918e1051a39Sopenharmony_ci const OSSL_CMP_MSG *msg, 919e1051a39Sopenharmony_ci int invalid_protection, int arg); 920e1051a39Sopenharmony_ciint ossl_cmp_msg_check_update(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, 921e1051a39Sopenharmony_ci ossl_cmp_allow_unprotected_cb_t cb, int cb_arg); 922e1051a39Sopenharmony_ciint ossl_cmp_msg_check_received(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, 923e1051a39Sopenharmony_ci ossl_cmp_allow_unprotected_cb_t cb, int cb_arg); 924e1051a39Sopenharmony_ciint ossl_cmp_verify_popo(const OSSL_CMP_CTX *ctx, 925e1051a39Sopenharmony_ci const OSSL_CMP_MSG *msg, int accept_RAVerified); 926e1051a39Sopenharmony_ci 927e1051a39Sopenharmony_ci/* from cmp_client.c */ 928e1051a39Sopenharmony_ciint ossl_cmp_exchange_certConf(OSSL_CMP_CTX *ctx, int certReqId, 929e1051a39Sopenharmony_ci int fail_info, const char *txt); 930e1051a39Sopenharmony_ciint ossl_cmp_exchange_error(OSSL_CMP_CTX *ctx, int status, int fail_info, 931e1051a39Sopenharmony_ci const char *txt, int errorCode, const char *detail); 932e1051a39Sopenharmony_ci 933e1051a39Sopenharmony_ci#endif /* !defined(OSSL_CRYPTO_CMP_LOCAL_H) */ 934