ts_local.h 6.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211
  1. /*
  2. * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the OpenSSL license (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. /*-
  10. * MessageImprint ::= SEQUENCE {
  11. * hashAlgorithm AlgorithmIdentifier,
  12. * hashedMessage OCTET STRING }
  13. */
  14. struct TS_msg_imprint_st {
  15. X509_ALGOR *hash_algo;
  16. ASN1_OCTET_STRING *hashed_msg;
  17. };
  18. /*-
  19. * TimeStampResp ::= SEQUENCE {
  20. * status PKIStatusInfo,
  21. * timeStampToken TimeStampToken OPTIONAL }
  22. */
  23. struct TS_resp_st {
  24. TS_STATUS_INFO *status_info;
  25. PKCS7 *token;
  26. TS_TST_INFO *tst_info;
  27. };
  28. /*-
  29. * TimeStampReq ::= SEQUENCE {
  30. * version INTEGER { v1(1) },
  31. * messageImprint MessageImprint,
  32. * --a hash algorithm OID and the hash value of the data to be
  33. * --time-stamped
  34. * reqPolicy TSAPolicyId OPTIONAL,
  35. * nonce INTEGER OPTIONAL,
  36. * certReq BOOLEAN DEFAULT FALSE,
  37. * extensions [0] IMPLICIT Extensions OPTIONAL }
  38. */
  39. struct TS_req_st {
  40. ASN1_INTEGER *version;
  41. TS_MSG_IMPRINT *msg_imprint;
  42. ASN1_OBJECT *policy_id;
  43. ASN1_INTEGER *nonce;
  44. ASN1_BOOLEAN cert_req;
  45. STACK_OF(X509_EXTENSION) *extensions;
  46. };
  47. /*-
  48. * Accuracy ::= SEQUENCE {
  49. * seconds INTEGER OPTIONAL,
  50. * millis [0] INTEGER (1..999) OPTIONAL,
  51. * micros [1] INTEGER (1..999) OPTIONAL }
  52. */
  53. struct TS_accuracy_st {
  54. ASN1_INTEGER *seconds;
  55. ASN1_INTEGER *millis;
  56. ASN1_INTEGER *micros;
  57. };
  58. /*-
  59. * TSTInfo ::= SEQUENCE {
  60. * version INTEGER { v1(1) },
  61. * policy TSAPolicyId,
  62. * messageImprint MessageImprint,
  63. * -- MUST have the same value as the similar field in
  64. * -- TimeStampReq
  65. * serialNumber INTEGER,
  66. * -- Time-Stamping users MUST be ready to accommodate integers
  67. * -- up to 160 bits.
  68. * genTime GeneralizedTime,
  69. * accuracy Accuracy OPTIONAL,
  70. * ordering BOOLEAN DEFAULT FALSE,
  71. * nonce INTEGER OPTIONAL,
  72. * -- MUST be present if the similar field was present
  73. * -- in TimeStampReq. In that case it MUST have the same value.
  74. * tsa [0] GeneralName OPTIONAL,
  75. * extensions [1] IMPLICIT Extensions OPTIONAL }
  76. */
  77. struct TS_tst_info_st {
  78. ASN1_INTEGER *version;
  79. ASN1_OBJECT *policy_id;
  80. TS_MSG_IMPRINT *msg_imprint;
  81. ASN1_INTEGER *serial;
  82. ASN1_GENERALIZEDTIME *time;
  83. TS_ACCURACY *accuracy;
  84. ASN1_BOOLEAN ordering;
  85. ASN1_INTEGER *nonce;
  86. GENERAL_NAME *tsa;
  87. STACK_OF(X509_EXTENSION) *extensions;
  88. };
  89. struct TS_status_info_st {
  90. ASN1_INTEGER *status;
  91. STACK_OF(ASN1_UTF8STRING) *text;
  92. ASN1_BIT_STRING *failure_info;
  93. };
  94. /*-
  95. * IssuerSerial ::= SEQUENCE {
  96. * issuer GeneralNames,
  97. * serialNumber CertificateSerialNumber
  98. * }
  99. */
  100. struct ESS_issuer_serial {
  101. STACK_OF(GENERAL_NAME) *issuer;
  102. ASN1_INTEGER *serial;
  103. };
  104. /*-
  105. * ESSCertID ::= SEQUENCE {
  106. * certHash Hash,
  107. * issuerSerial IssuerSerial OPTIONAL
  108. * }
  109. */
  110. struct ESS_cert_id {
  111. ASN1_OCTET_STRING *hash; /* Always SHA-1 digest. */
  112. ESS_ISSUER_SERIAL *issuer_serial;
  113. };
  114. /*-
  115. * SigningCertificate ::= SEQUENCE {
  116. * certs SEQUENCE OF ESSCertID,
  117. * policies SEQUENCE OF PolicyInformation OPTIONAL
  118. * }
  119. */
  120. struct ESS_signing_cert {
  121. STACK_OF(ESS_CERT_ID) *cert_ids;
  122. STACK_OF(POLICYINFO) *policy_info;
  123. };
  124. /*-
  125. * ESSCertIDv2 ::= SEQUENCE {
  126. * hashAlgorithm AlgorithmIdentifier
  127. * DEFAULT {algorithm id-sha256},
  128. * certHash Hash,
  129. * issuerSerial IssuerSerial OPTIONAL
  130. * }
  131. */
  132. struct ESS_cert_id_v2_st {
  133. X509_ALGOR *hash_alg; /* Default: SHA-256 */
  134. ASN1_OCTET_STRING *hash;
  135. ESS_ISSUER_SERIAL *issuer_serial;
  136. };
  137. /*-
  138. * SigningCertificateV2 ::= SEQUENCE {
  139. * certs SEQUENCE OF ESSCertIDv2,
  140. * policies SEQUENCE OF PolicyInformation OPTIONAL
  141. * }
  142. */
  143. struct ESS_signing_cert_v2_st {
  144. STACK_OF(ESS_CERT_ID_V2) *cert_ids;
  145. STACK_OF(POLICYINFO) *policy_info;
  146. };
  147. struct TS_resp_ctx {
  148. X509 *signer_cert;
  149. EVP_PKEY *signer_key;
  150. const EVP_MD *signer_md;
  151. const EVP_MD *ess_cert_id_digest;
  152. STACK_OF(X509) *certs; /* Certs to include in signed data. */
  153. STACK_OF(ASN1_OBJECT) *policies; /* Acceptable policies. */
  154. ASN1_OBJECT *default_policy; /* It may appear in policies, too. */
  155. STACK_OF(EVP_MD) *mds; /* Acceptable message digests. */
  156. ASN1_INTEGER *seconds; /* accuracy, 0 means not specified. */
  157. ASN1_INTEGER *millis; /* accuracy, 0 means not specified. */
  158. ASN1_INTEGER *micros; /* accuracy, 0 means not specified. */
  159. unsigned clock_precision_digits; /* fraction of seconds in time stamp
  160. * token. */
  161. unsigned flags; /* Optional info, see values above. */
  162. /* Callback functions. */
  163. TS_serial_cb serial_cb;
  164. void *serial_cb_data; /* User data for serial_cb. */
  165. TS_time_cb time_cb;
  166. void *time_cb_data; /* User data for time_cb. */
  167. TS_extension_cb extension_cb;
  168. void *extension_cb_data; /* User data for extension_cb. */
  169. /* These members are used only while creating the response. */
  170. TS_REQ *request;
  171. TS_RESP *response;
  172. TS_TST_INFO *tst_info;
  173. };
  174. struct TS_verify_ctx {
  175. /* Set this to the union of TS_VFY_... flags you want to carry out. */
  176. unsigned flags;
  177. /* Must be set only with TS_VFY_SIGNATURE. certs is optional. */
  178. X509_STORE *store;
  179. STACK_OF(X509) *certs;
  180. /* Must be set only with TS_VFY_POLICY. */
  181. ASN1_OBJECT *policy;
  182. /*
  183. * Must be set only with TS_VFY_IMPRINT. If md_alg is NULL, the
  184. * algorithm from the response is used.
  185. */
  186. X509_ALGOR *md_alg;
  187. unsigned char *imprint;
  188. unsigned imprint_len;
  189. /* Must be set only with TS_VFY_DATA. */
  190. BIO *data;
  191. /* Must be set only with TS_VFY_TSA_NAME. */
  192. ASN1_INTEGER *nonce;
  193. /* Must be set only with TS_VFY_TSA_NAME. */
  194. GENERAL_NAME *tsa_name;
  195. };