[331] | 1 | /*
|
---|
| 2 | * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
|
---|
| 3 | *
|
---|
| 4 | * Licensed under the OpenSSL license (the "License"). You may not use
|
---|
| 5 | * this file except in compliance with the License. You can obtain a copy
|
---|
| 6 | * in the file LICENSE in the source distribution or at
|
---|
| 7 | * https://www.openssl.org/source/license.html
|
---|
| 8 | */
|
---|
| 9 |
|
---|
| 10 | /*-
|
---|
| 11 | * MessageImprint ::= SEQUENCE {
|
---|
| 12 | * hashAlgorithm AlgorithmIdentifier,
|
---|
| 13 | * hashedMessage OCTET STRING }
|
---|
| 14 | */
|
---|
| 15 | struct TS_msg_imprint_st {
|
---|
| 16 | X509_ALGOR *hash_algo;
|
---|
| 17 | ASN1_OCTET_STRING *hashed_msg;
|
---|
| 18 | };
|
---|
| 19 |
|
---|
| 20 | /*-
|
---|
| 21 | * TimeStampResp ::= SEQUENCE {
|
---|
| 22 | * status PKIStatusInfo,
|
---|
| 23 | * timeStampToken TimeStampToken OPTIONAL }
|
---|
| 24 | */
|
---|
| 25 | struct TS_resp_st {
|
---|
| 26 | TS_STATUS_INFO *status_info;
|
---|
| 27 | PKCS7 *token;
|
---|
| 28 | TS_TST_INFO *tst_info;
|
---|
| 29 | };
|
---|
| 30 |
|
---|
| 31 | /*-
|
---|
| 32 | * TimeStampReq ::= SEQUENCE {
|
---|
| 33 | * version INTEGER { v1(1) },
|
---|
| 34 | * messageImprint MessageImprint,
|
---|
| 35 | * --a hash algorithm OID and the hash value of the data to be
|
---|
| 36 | * --time-stamped
|
---|
| 37 | * reqPolicy TSAPolicyId OPTIONAL,
|
---|
| 38 | * nonce INTEGER OPTIONAL,
|
---|
| 39 | * certReq BOOLEAN DEFAULT FALSE,
|
---|
| 40 | * extensions [0] IMPLICIT Extensions OPTIONAL }
|
---|
| 41 | */
|
---|
| 42 | struct TS_req_st {
|
---|
| 43 | ASN1_INTEGER *version;
|
---|
| 44 | TS_MSG_IMPRINT *msg_imprint;
|
---|
| 45 | ASN1_OBJECT *policy_id;
|
---|
| 46 | ASN1_INTEGER *nonce;
|
---|
| 47 | ASN1_BOOLEAN cert_req;
|
---|
| 48 | STACK_OF(X509_EXTENSION) *extensions;
|
---|
| 49 | };
|
---|
| 50 |
|
---|
| 51 | /*-
|
---|
| 52 | * Accuracy ::= SEQUENCE {
|
---|
| 53 | * seconds INTEGER OPTIONAL,
|
---|
| 54 | * millis [0] INTEGER (1..999) OPTIONAL,
|
---|
| 55 | * micros [1] INTEGER (1..999) OPTIONAL }
|
---|
| 56 | */
|
---|
| 57 | struct TS_accuracy_st {
|
---|
| 58 | ASN1_INTEGER *seconds;
|
---|
| 59 | ASN1_INTEGER *millis;
|
---|
| 60 | ASN1_INTEGER *micros;
|
---|
| 61 | };
|
---|
| 62 |
|
---|
| 63 | /*-
|
---|
| 64 | * TSTInfo ::= SEQUENCE {
|
---|
| 65 | * version INTEGER { v1(1) },
|
---|
| 66 | * policy TSAPolicyId,
|
---|
| 67 | * messageImprint MessageImprint,
|
---|
| 68 | * -- MUST have the same value as the similar field in
|
---|
| 69 | * -- TimeStampReq
|
---|
| 70 | * serialNumber INTEGER,
|
---|
| 71 | * -- Time-Stamping users MUST be ready to accommodate integers
|
---|
| 72 | * -- up to 160 bits.
|
---|
| 73 | * genTime GeneralizedTime,
|
---|
| 74 | * accuracy Accuracy OPTIONAL,
|
---|
| 75 | * ordering BOOLEAN DEFAULT FALSE,
|
---|
| 76 | * nonce INTEGER OPTIONAL,
|
---|
| 77 | * -- MUST be present if the similar field was present
|
---|
| 78 | * -- in TimeStampReq. In that case it MUST have the same value.
|
---|
| 79 | * tsa [0] GeneralName OPTIONAL,
|
---|
| 80 | * extensions [1] IMPLICIT Extensions OPTIONAL }
|
---|
| 81 | */
|
---|
| 82 | struct TS_tst_info_st {
|
---|
| 83 | ASN1_INTEGER *version;
|
---|
| 84 | ASN1_OBJECT *policy_id;
|
---|
| 85 | TS_MSG_IMPRINT *msg_imprint;
|
---|
| 86 | ASN1_INTEGER *serial;
|
---|
| 87 | ASN1_GENERALIZEDTIME *time;
|
---|
| 88 | TS_ACCURACY *accuracy;
|
---|
| 89 | ASN1_BOOLEAN ordering;
|
---|
| 90 | ASN1_INTEGER *nonce;
|
---|
| 91 | GENERAL_NAME *tsa;
|
---|
| 92 | STACK_OF(X509_EXTENSION) *extensions;
|
---|
| 93 | };
|
---|
| 94 |
|
---|
| 95 | struct TS_status_info_st {
|
---|
| 96 | ASN1_INTEGER *status;
|
---|
| 97 | STACK_OF(ASN1_UTF8STRING) *text;
|
---|
| 98 | ASN1_BIT_STRING *failure_info;
|
---|
| 99 | };
|
---|
| 100 |
|
---|
| 101 | /*-
|
---|
| 102 | * IssuerSerial ::= SEQUENCE {
|
---|
| 103 | * issuer GeneralNames,
|
---|
| 104 | * serialNumber CertificateSerialNumber
|
---|
| 105 | * }
|
---|
| 106 | */
|
---|
| 107 | struct ESS_issuer_serial {
|
---|
| 108 | STACK_OF(GENERAL_NAME) *issuer;
|
---|
| 109 | ASN1_INTEGER *serial;
|
---|
| 110 | };
|
---|
| 111 |
|
---|
| 112 | /*-
|
---|
| 113 | * ESSCertID ::= SEQUENCE {
|
---|
| 114 | * certHash Hash,
|
---|
| 115 | * issuerSerial IssuerSerial OPTIONAL
|
---|
| 116 | * }
|
---|
| 117 | */
|
---|
| 118 | struct ESS_cert_id {
|
---|
| 119 | ASN1_OCTET_STRING *hash; /* Always SHA-1 digest. */
|
---|
| 120 | ESS_ISSUER_SERIAL *issuer_serial;
|
---|
| 121 | };
|
---|
| 122 |
|
---|
| 123 | /*-
|
---|
| 124 | * SigningCertificate ::= SEQUENCE {
|
---|
| 125 | * certs SEQUENCE OF ESSCertID,
|
---|
| 126 | * policies SEQUENCE OF PolicyInformation OPTIONAL
|
---|
| 127 | * }
|
---|
| 128 | */
|
---|
| 129 | struct ESS_signing_cert {
|
---|
| 130 | STACK_OF(ESS_CERT_ID) *cert_ids;
|
---|
| 131 | STACK_OF(POLICYINFO) *policy_info;
|
---|
| 132 | };
|
---|
| 133 |
|
---|
| 134 |
|
---|
| 135 | struct TS_resp_ctx {
|
---|
| 136 | X509 *signer_cert;
|
---|
| 137 | EVP_PKEY *signer_key;
|
---|
| 138 | const EVP_MD *signer_md;
|
---|
| 139 | STACK_OF(X509) *certs; /* Certs to include in signed data. */
|
---|
| 140 | STACK_OF(ASN1_OBJECT) *policies; /* Acceptable policies. */
|
---|
| 141 | ASN1_OBJECT *default_policy; /* It may appear in policies, too. */
|
---|
| 142 | STACK_OF(EVP_MD) *mds; /* Acceptable message digests. */
|
---|
| 143 | ASN1_INTEGER *seconds; /* accuracy, 0 means not specified. */
|
---|
| 144 | ASN1_INTEGER *millis; /* accuracy, 0 means not specified. */
|
---|
| 145 | ASN1_INTEGER *micros; /* accuracy, 0 means not specified. */
|
---|
| 146 | unsigned clock_precision_digits; /* fraction of seconds in time stamp
|
---|
| 147 | * token. */
|
---|
| 148 | unsigned flags; /* Optional info, see values above. */
|
---|
| 149 | /* Callback functions. */
|
---|
| 150 | TS_serial_cb serial_cb;
|
---|
| 151 | void *serial_cb_data; /* User data for serial_cb. */
|
---|
| 152 | TS_time_cb time_cb;
|
---|
| 153 | void *time_cb_data; /* User data for time_cb. */
|
---|
| 154 | TS_extension_cb extension_cb;
|
---|
| 155 | void *extension_cb_data; /* User data for extension_cb. */
|
---|
| 156 | /* These members are used only while creating the response. */
|
---|
| 157 | TS_REQ *request;
|
---|
| 158 | TS_RESP *response;
|
---|
| 159 | TS_TST_INFO *tst_info;
|
---|
| 160 | };
|
---|
| 161 |
|
---|
| 162 | struct TS_verify_ctx {
|
---|
| 163 | /* Set this to the union of TS_VFY_... flags you want to carry out. */
|
---|
| 164 | unsigned flags;
|
---|
| 165 | /* Must be set only with TS_VFY_SIGNATURE. certs is optional. */
|
---|
| 166 | X509_STORE *store;
|
---|
| 167 | STACK_OF(X509) *certs;
|
---|
| 168 | /* Must be set only with TS_VFY_POLICY. */
|
---|
| 169 | ASN1_OBJECT *policy;
|
---|
| 170 | /*
|
---|
| 171 | * Must be set only with TS_VFY_IMPRINT. If md_alg is NULL, the
|
---|
| 172 | * algorithm from the response is used.
|
---|
| 173 | */
|
---|
| 174 | X509_ALGOR *md_alg;
|
---|
| 175 | unsigned char *imprint;
|
---|
| 176 | unsigned imprint_len;
|
---|
| 177 | /* Must be set only with TS_VFY_DATA. */
|
---|
| 178 | BIO *data;
|
---|
| 179 | /* Must be set only with TS_VFY_TSA_NAME. */
|
---|
| 180 | ASN1_INTEGER *nonce;
|
---|
| 181 | /* Must be set only with TS_VFY_TSA_NAME. */
|
---|
| 182 | GENERAL_NAME *tsa_name;
|
---|
| 183 | };
|
---|