Context Navigation

source: murachi/esteidfirefoxplugin/include/openssl/ts.h @ 28fc3c9

Last change on this file since 28fc3c9 was 7d3ae3e, checked in by antonioaraujob <aaraujo@…>, 9 years ago
Agregados archivos fuentes del complemento esteidfirefoxplugin de Estonia para firmar electrónicamente un hash.
Property mode set to `100644`
File size: 30.3 KB

Line
1	/* crypto/ts/ts.h */
2	/* Written by Zoltan Glozik (zglozik@opentsa.org) for the OpenSSL
3	* project 2002, 2003, 2004.
4	*/
5	/* ====================================================================
6	* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
7	*
8	* Redistribution and use in source and binary forms, with or without
9	* modification, are permitted provided that the following conditions
10	* are met:
11	*
12	* 1. Redistributions of source code must retain the above copyright
13	* notice, this list of conditions and the following disclaimer.
14	*
15	* 2. Redistributions in binary form must reproduce the above copyright
16	* notice, this list of conditions and the following disclaimer in
17	* the documentation and/or other materials provided with the
18	* distribution.
19	*
20	* 3. All advertising materials mentioning features or use of this
21	* software must display the following acknowledgment:
22	* "This product includes software developed by the OpenSSL Project
23	* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24	*
25	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26	* endorse or promote products derived from this software without
27	* prior written permission. For written permission, please contact
28	* licensing@OpenSSL.org.
29	*
30	* 5. Products derived from this software may not be called "OpenSSL"
31	* nor may "OpenSSL" appear in their names without prior written
32	* permission of the OpenSSL Project.
33	*
34	* 6. Redistributions of any form whatsoever must retain the following
35	* acknowledgment:
36	* "This product includes software developed by the OpenSSL Project
37	* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38	*
39	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50	* OF THE POSSIBILITY OF SUCH DAMAGE.
51	* ====================================================================
52	*
53	* This product includes cryptographic software written by Eric Young
54	* (eay@cryptsoft.com). This product includes software written by Tim
55	* Hudson (tjh@cryptsoft.com).
56	*
57	*/
58
59	#ifndef HEADER_TS_H
60	#define HEADER_TS_H
61
62	#include <openssl/opensslconf.h>
63	#include <openssl/symhacks.h>
64	#ifndef OPENSSL_NO_BUFFER
65	#include <openssl/buffer.h>
66	#endif
67	#ifndef OPENSSL_NO_EVP
68	#include <openssl/evp.h>
69	#endif
70	#ifndef OPENSSL_NO_BIO
71	#include <openssl/bio.h>
72	#endif
73	#include <openssl/stack.h>
74	#include <openssl/asn1.h>
75	#include <openssl/safestack.h>
76
77	#ifndef OPENSSL_NO_RSA
78	#include <openssl/rsa.h>
79	#endif
80
81	#ifndef OPENSSL_NO_DSA
82	#include <openssl/dsa.h>
83	#endif
84
85	#ifndef OPENSSL_NO_DH
86	#include <openssl/dh.h>
87	#endif
88
89	#include <openssl/evp.h>
90
91
92	#ifdef __cplusplus
93	extern "C" {
94	#endif
95
96	#ifdef WIN32
97	/* Under Win32 this is defined in wincrypt.h */
98	#undef X509_NAME
99	#endif
100
101	#include <openssl/x509.h>
102	#include <openssl/x509v3.h>
103
104	/*
105	MessageImprint ::= SEQUENCE {
106	hashAlgorithm AlgorithmIdentifier,
107	hashedMessage OCTET STRING }
108	*/
109
110	typedef struct TS_msg_imprint_st
111	{
112	X509_ALGOR *hash_algo;
113	ASN1_OCTET_STRING *hashed_msg;
114	} TS_MSG_IMPRINT;
115
116	/*
117	TimeStampReq ::= SEQUENCE {
118	version INTEGER { v1(1) },
119	messageImprint MessageImprint,
120	--a hash algorithm OID and the hash value of the data to be
121	--time-stamped
122	reqPolicy TSAPolicyId OPTIONAL,
123	nonce INTEGER OPTIONAL,
124	certReq BOOLEAN DEFAULT FALSE,
125	extensions [0] IMPLICIT Extensions OPTIONAL }
126	*/
127
128	typedef struct TS_req_st
129	{
130	ASN1_INTEGER *version;
131	TS_MSG_IMPRINT *msg_imprint;
132	ASN1_OBJECT policy_id; / OPTIONAL */
133	ASN1_INTEGER nonce; / OPTIONAL */
134	ASN1_BOOLEAN cert_req; /* DEFAULT FALSE */
135	STACK_OF(X509_EXTENSION) extensions; / [0] OPTIONAL */
136	} TS_REQ;
137
138	/*
139	Accuracy ::= SEQUENCE {
140	seconds INTEGER OPTIONAL,
141	millis [0] INTEGER (1..999) OPTIONAL,
142	micros [1] INTEGER (1..999) OPTIONAL }
143	*/
144
145	typedef struct TS_accuracy_st
146	{
147	ASN1_INTEGER *seconds;
148	ASN1_INTEGER *millis;
149	ASN1_INTEGER *micros;
150	} TS_ACCURACY;
151
152	/*
153	TSTInfo ::= SEQUENCE {
154	version INTEGER { v1(1) },
155	policy TSAPolicyId,
156	messageImprint MessageImprint,
157	-- MUST have the same value as the similar field in
158	-- TimeStampReq
159	serialNumber INTEGER,
160	-- Time-Stamping users MUST be ready to accommodate integers
161	-- up to 160 bits.
162	genTime GeneralizedTime,
163	accuracy Accuracy OPTIONAL,
164	ordering BOOLEAN DEFAULT FALSE,
165	nonce INTEGER OPTIONAL,
166	-- MUST be present if the similar field was present
167	-- in TimeStampReq. In that case it MUST have the same value.
168	tsa [0] GeneralName OPTIONAL,
169	extensions [1] IMPLICIT Extensions OPTIONAL }
170	*/
171
172	typedef struct TS_tst_info_st
173	{
174	ASN1_INTEGER *version;
175	ASN1_OBJECT *policy_id;
176	TS_MSG_IMPRINT *msg_imprint;
177	ASN1_INTEGER *serial;
178	ASN1_GENERALIZEDTIME *time;
179	TS_ACCURACY *accuracy;
180	ASN1_BOOLEAN ordering;
181	ASN1_INTEGER *nonce;
182	GENERAL_NAME *tsa;
183	STACK_OF(X509_EXTENSION) *extensions;
184	} TS_TST_INFO;
185
186	/*
187	PKIStatusInfo ::= SEQUENCE {
188	status PKIStatus,
189	statusString PKIFreeText OPTIONAL,
190	failInfo PKIFailureInfo OPTIONAL }
191
192	From RFC 1510 - section 3.1.1:
193	PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String
194	-- text encoded as UTF-8 String (note: each UTF8String SHOULD
195	-- include an RFC 1766 language tag to indicate the language
196	-- of the contained text)
197	*/
198
199	/* Possible values for status. See ts_resp_print.c && ts_resp_verify.c. */
200
201	#define TS_STATUS_GRANTED 0
202	#define TS_STATUS_GRANTED_WITH_MODS 1
203	#define TS_STATUS_REJECTION 2
204	#define TS_STATUS_WAITING 3
205	#define TS_STATUS_REVOCATION_WARNING 4
206	#define TS_STATUS_REVOCATION_NOTIFICATION 5
207
208	/* Possible values for failure_info. See ts_resp_print.c && ts_resp_verify.c */
209
210	#define TS_INFO_BAD_ALG 0
211	#define TS_INFO_BAD_REQUEST 2
212	#define TS_INFO_BAD_DATA_FORMAT 5
213	#define TS_INFO_TIME_NOT_AVAILABLE 14
214	#define TS_INFO_UNACCEPTED_POLICY 15
215	#define TS_INFO_UNACCEPTED_EXTENSION 16
216	#define TS_INFO_ADD_INFO_NOT_AVAILABLE 17
217	#define TS_INFO_SYSTEM_FAILURE 25
218
219	typedef struct TS_status_info_st
220	{
221	ASN1_INTEGER *status;
222	STACK_OF(ASN1_UTF8STRING) *text;
223	ASN1_BIT_STRING *failure_info;
224	} TS_STATUS_INFO;
225
226	DECLARE_STACK_OF(ASN1_UTF8STRING)
227	DECLARE_ASN1_SET_OF(ASN1_UTF8STRING)
228
229	/*
230	TimeStampResp ::= SEQUENCE {
231	status PKIStatusInfo,
232	timeStampToken TimeStampToken OPTIONAL }
233	*/
234
235	typedef struct TS_resp_st
236	{
237	TS_STATUS_INFO *status_info;
238	PKCS7 *token;
239	TS_TST_INFO *tst_info;
240	} TS_RESP;
241
242	/* The structure below would belong to the ESS component. */
243
244	/*
245	IssuerSerial ::= SEQUENCE {
246	issuer GeneralNames,
247	serialNumber CertificateSerialNumber
248	}
249	*/
250
251	typedef struct ESS_issuer_serial
252	{
253	STACK_OF(GENERAL_NAME) *issuer;
254	ASN1_INTEGER *serial;
255	} ESS_ISSUER_SERIAL;
256
257	/*
258	ESSCertID ::= SEQUENCE {
259	certHash Hash,
260	issuerSerial IssuerSerial OPTIONAL
261	}
262	*/
263
264	typedef struct ESS_cert_id
265	{
266	ASN1_OCTET_STRING hash; / Always SHA-1 digest. */
267	ESS_ISSUER_SERIAL *issuer_serial;
268	} ESS_CERT_ID;
269
270	DECLARE_STACK_OF(ESS_CERT_ID)
271	DECLARE_ASN1_SET_OF(ESS_CERT_ID)
272
273	/*
274	SigningCertificate ::= SEQUENCE {
275	certs SEQUENCE OF ESSCertID,
276	policies SEQUENCE OF PolicyInformation OPTIONAL
277	}
278	*/
279
280	typedef struct ESS_signing_cert
281	{
282	STACK_OF(ESS_CERT_ID) *cert_ids;
283	STACK_OF(POLICYINFO) *policy_info;
284	} ESS_SIGNING_CERT;
285
286
287	TS_REQ *TS_REQ_new(void);
288	void TS_REQ_free(TS_REQ *a);
289	int i2d_TS_REQ(const TS_REQ a, unsigned char *pp);
290	TS_REQ d2i_TS_REQ(TS_REQ a, const unsigned char *pp, long length);
291
292	TS_REQ TS_REQ_dup(TS_REQ a);
293
294	TS_REQ d2i_TS_REQ_fp(FILE fp, TS_REQ **a);
295	int i2d_TS_REQ_fp(FILE fp, TS_REQ a);
296	TS_REQ d2i_TS_REQ_bio(BIO fp, TS_REQ **a);
297	int i2d_TS_REQ_bio(BIO fp, TS_REQ a);
298
299	TS_MSG_IMPRINT *TS_MSG_IMPRINT_new(void);
300	void TS_MSG_IMPRINT_free(TS_MSG_IMPRINT *a);
301	int i2d_TS_MSG_IMPRINT(const TS_MSG_IMPRINT a, unsigned char *pp);
302	TS_MSG_IMPRINT d2i_TS_MSG_IMPRINT(TS_MSG_IMPRINT *a,
303	const unsigned char **pp, long length);
304
305	TS_MSG_IMPRINT TS_MSG_IMPRINT_dup(TS_MSG_IMPRINT a);
306
307	TS_MSG_IMPRINT d2i_TS_MSG_IMPRINT_fp(FILE fp, TS_MSG_IMPRINT **a);
308	int i2d_TS_MSG_IMPRINT_fp(FILE fp, TS_MSG_IMPRINT a);
309	TS_MSG_IMPRINT d2i_TS_MSG_IMPRINT_bio(BIO fp, TS_MSG_IMPRINT **a);
310	int i2d_TS_MSG_IMPRINT_bio(BIO fp, TS_MSG_IMPRINT a);
311
312	TS_RESP *TS_RESP_new(void);
313	void TS_RESP_free(TS_RESP *a);
314	int i2d_TS_RESP(const TS_RESP a, unsigned char *pp);
315	TS_RESP d2i_TS_RESP(TS_RESP a, const unsigned char *pp, long length);
316	TS_TST_INFO PKCS7_to_TS_TST_INFO(PKCS7 token);
317	TS_RESP TS_RESP_dup(TS_RESP a);
318
319	TS_RESP d2i_TS_RESP_fp(FILE fp, TS_RESP **a);
320	int i2d_TS_RESP_fp(FILE fp, TS_RESP a);
321	TS_RESP d2i_TS_RESP_bio(BIO fp, TS_RESP **a);
322	int i2d_TS_RESP_bio(BIO fp, TS_RESP a);
323
324	TS_STATUS_INFO *TS_STATUS_INFO_new(void);
325	void TS_STATUS_INFO_free(TS_STATUS_INFO *a);
326	int i2d_TS_STATUS_INFO(const TS_STATUS_INFO a, unsigned char *pp);
327	TS_STATUS_INFO d2i_TS_STATUS_INFO(TS_STATUS_INFO *a,
328	const unsigned char **pp, long length);
329	TS_STATUS_INFO TS_STATUS_INFO_dup(TS_STATUS_INFO a);
330
331	TS_TST_INFO *TS_TST_INFO_new(void);
332	void TS_TST_INFO_free(TS_TST_INFO *a);
333	int i2d_TS_TST_INFO(const TS_TST_INFO a, unsigned char *pp);
334	TS_TST_INFO d2i_TS_TST_INFO(TS_TST_INFO a, const unsigned char *pp,
335	long length);
336	TS_TST_INFO TS_TST_INFO_dup(TS_TST_INFO a);
337
338	TS_TST_INFO d2i_TS_TST_INFO_fp(FILE fp, TS_TST_INFO **a);
339	int i2d_TS_TST_INFO_fp(FILE fp, TS_TST_INFO a);
340	TS_TST_INFO d2i_TS_TST_INFO_bio(BIO fp, TS_TST_INFO **a);
341	int i2d_TS_TST_INFO_bio(BIO fp, TS_TST_INFO a);
342
343	TS_ACCURACY *TS_ACCURACY_new(void);
344	void TS_ACCURACY_free(TS_ACCURACY *a);
345	int i2d_TS_ACCURACY(const TS_ACCURACY a, unsigned char *pp);
346	TS_ACCURACY d2i_TS_ACCURACY(TS_ACCURACY a, const unsigned char *pp,
347	long length);
348	TS_ACCURACY TS_ACCURACY_dup(TS_ACCURACY a);
349
350	ESS_ISSUER_SERIAL *ESS_ISSUER_SERIAL_new(void);
351	void ESS_ISSUER_SERIAL_free(ESS_ISSUER_SERIAL *a);
352	int i2d_ESS_ISSUER_SERIAL(const ESS_ISSUER_SERIAL *a,
353	unsigned char **pp);
354	ESS_ISSUER_SERIAL d2i_ESS_ISSUER_SERIAL(ESS_ISSUER_SERIAL *a,
355	const unsigned char **pp, long length);
356	ESS_ISSUER_SERIAL ESS_ISSUER_SERIAL_dup(ESS_ISSUER_SERIAL a);
357
358	ESS_CERT_ID *ESS_CERT_ID_new(void);
359	void ESS_CERT_ID_free(ESS_CERT_ID *a);
360	int i2d_ESS_CERT_ID(const ESS_CERT_ID a, unsigned char *pp);
361	ESS_CERT_ID d2i_ESS_CERT_ID(ESS_CERT_ID a, const unsigned char *pp,
362	long length);
363	ESS_CERT_ID ESS_CERT_ID_dup(ESS_CERT_ID a);
364
365	ESS_SIGNING_CERT *ESS_SIGNING_CERT_new(void);
366	void ESS_SIGNING_CERT_free(ESS_SIGNING_CERT *a);
367	int i2d_ESS_SIGNING_CERT(const ESS_SIGNING_CERT *a,
368	unsigned char **pp);
369	ESS_SIGNING_CERT d2i_ESS_SIGNING_CERT(ESS_SIGNING_CERT *a,
370	const unsigned char **pp, long length);
371	ESS_SIGNING_CERT ESS_SIGNING_CERT_dup(ESS_SIGNING_CERT a);
372
373	void ERR_load_TS_strings(void);
374
375	int TS_REQ_set_version(TS_REQ *a, long version);
376	long TS_REQ_get_version(const TS_REQ *a);
377
378	int TS_REQ_set_msg_imprint(TS_REQ a, TS_MSG_IMPRINT msg_imprint);
379	TS_MSG_IMPRINT TS_REQ_get_msg_imprint(TS_REQ a);
380
381	int TS_MSG_IMPRINT_set_algo(TS_MSG_IMPRINT a, X509_ALGOR alg);
382	X509_ALGOR TS_MSG_IMPRINT_get_algo(TS_MSG_IMPRINT a);
383
384	int TS_MSG_IMPRINT_set_msg(TS_MSG_IMPRINT a, unsigned char d, int len);
385	ASN1_OCTET_STRING TS_MSG_IMPRINT_get_msg(TS_MSG_IMPRINT a);
386
387	int TS_REQ_set_policy_id(TS_REQ a, ASN1_OBJECT policy);
388	ASN1_OBJECT TS_REQ_get_policy_id(TS_REQ a);
389
390	int TS_REQ_set_nonce(TS_REQ a, const ASN1_INTEGER nonce);
391	const ASN1_INTEGER TS_REQ_get_nonce(const TS_REQ a);
392
393	int TS_REQ_set_cert_req(TS_REQ *a, int cert_req);
394	int TS_REQ_get_cert_req(const TS_REQ *a);
395
396	STACK_OF(X509_EXTENSION) TS_REQ_get_exts(TS_REQ a);
397	void TS_REQ_ext_free(TS_REQ *a);
398	int TS_REQ_get_ext_count(TS_REQ *a);
399	int TS_REQ_get_ext_by_NID(TS_REQ *a, int nid, int lastpos);
400	int TS_REQ_get_ext_by_OBJ(TS_REQ a, ASN1_OBJECT obj, int lastpos);
401	int TS_REQ_get_ext_by_critical(TS_REQ *a, int crit, int lastpos);
402	X509_EXTENSION TS_REQ_get_ext(TS_REQ a, int loc);
403	X509_EXTENSION TS_REQ_delete_ext(TS_REQ a, int loc);
404	int TS_REQ_add_ext(TS_REQ a, X509_EXTENSION ex, int loc);
405	void TS_REQ_get_ext_d2i(TS_REQ a, int nid, int crit, int idx);
406
407	/* Function declarations for TS_REQ defined in ts/ts_req_print.c */
408
409	int TS_REQ_print_bio(BIO bio, TS_REQ a);
410
411	/* Function declarations for TS_RESP defined in ts/ts_resp_utils.c */
412
413	int TS_RESP_set_status_info(TS_RESP a, TS_STATUS_INFO info);
414	TS_STATUS_INFO TS_RESP_get_status_info(TS_RESP a);
415
416	/* Caller loses ownership of PKCS7 and TS_TST_INFO objects. */
417	void TS_RESP_set_tst_info(TS_RESP a, PKCS7 p7, TS_TST_INFO *tst_info);
418	PKCS7 TS_RESP_get_token(TS_RESP a);
419	TS_TST_INFO TS_RESP_get_tst_info(TS_RESP a);
420
421	int TS_TST_INFO_set_version(TS_TST_INFO *a, long version);
422	long TS_TST_INFO_get_version(const TS_TST_INFO *a);
423
424	int TS_TST_INFO_set_policy_id(TS_TST_INFO a, ASN1_OBJECT policy_id);
425	ASN1_OBJECT TS_TST_INFO_get_policy_id(TS_TST_INFO a);
426
427	int TS_TST_INFO_set_msg_imprint(TS_TST_INFO a, TS_MSG_IMPRINT msg_imprint);
428	TS_MSG_IMPRINT TS_TST_INFO_get_msg_imprint(TS_TST_INFO a);
429
430	int TS_TST_INFO_set_serial(TS_TST_INFO a, const ASN1_INTEGER serial);
431	const ASN1_INTEGER TS_TST_INFO_get_serial(const TS_TST_INFO a);
432
433	int TS_TST_INFO_set_time(TS_TST_INFO a, const ASN1_GENERALIZEDTIME gtime);
434	const ASN1_GENERALIZEDTIME TS_TST_INFO_get_time(const TS_TST_INFO a);
435
436	int TS_TST_INFO_set_accuracy(TS_TST_INFO a, TS_ACCURACY accuracy);
437	TS_ACCURACY TS_TST_INFO_get_accuracy(TS_TST_INFO a);
438
439	int TS_ACCURACY_set_seconds(TS_ACCURACY a, const ASN1_INTEGER seconds);
440	const ASN1_INTEGER TS_ACCURACY_get_seconds(const TS_ACCURACY a);
441
442	int TS_ACCURACY_set_millis(TS_ACCURACY a, const ASN1_INTEGER millis);
443	const ASN1_INTEGER TS_ACCURACY_get_millis(const TS_ACCURACY a);
444
445	int TS_ACCURACY_set_micros(TS_ACCURACY a, const ASN1_INTEGER micros);
446	const ASN1_INTEGER TS_ACCURACY_get_micros(const TS_ACCURACY a);
447
448	int TS_TST_INFO_set_ordering(TS_TST_INFO *a, int ordering);
449	int TS_TST_INFO_get_ordering(const TS_TST_INFO *a);
450
451	int TS_TST_INFO_set_nonce(TS_TST_INFO a, const ASN1_INTEGER nonce);
452	const ASN1_INTEGER TS_TST_INFO_get_nonce(const TS_TST_INFO a);
453
454	int TS_TST_INFO_set_tsa(TS_TST_INFO a, GENERAL_NAME tsa);
455	GENERAL_NAME TS_TST_INFO_get_tsa(TS_TST_INFO a);
456
457	STACK_OF(X509_EXTENSION) TS_TST_INFO_get_exts(TS_TST_INFO a);
458	void TS_TST_INFO_ext_free(TS_TST_INFO *a);
459	int TS_TST_INFO_get_ext_count(TS_TST_INFO *a);
460	int TS_TST_INFO_get_ext_by_NID(TS_TST_INFO *a, int nid, int lastpos);
461	int TS_TST_INFO_get_ext_by_OBJ(TS_TST_INFO a, ASN1_OBJECT obj, int lastpos);
462	int TS_TST_INFO_get_ext_by_critical(TS_TST_INFO *a, int crit, int lastpos);
463	X509_EXTENSION TS_TST_INFO_get_ext(TS_TST_INFO a, int loc);
464	X509_EXTENSION TS_TST_INFO_delete_ext(TS_TST_INFO a, int loc);
465	int TS_TST_INFO_add_ext(TS_TST_INFO a, X509_EXTENSION ex, int loc);
466	void TS_TST_INFO_get_ext_d2i(TS_TST_INFO a, int nid, int crit, int idx);
467
468	/* Declarations related to response generation, defined in ts/ts_resp_sign.c. */
469
470	/* Optional flags for response generation. */
471
472	/* Don't include the TSA name in response. */
473	#define TS_TSA_NAME 0x01
474
475	/* Set ordering to true in response. */
476	#define TS_ORDERING 0x02
477
478	/*
479	* Include the signer certificate and the other specified certificates in
480	* the ESS signing certificate attribute beside the PKCS7 signed data.
481	* Only the signer certificates is included by default.
482	*/
483	#define TS_ESS_CERT_ID_CHAIN 0x04
484
485	/* Forward declaration. */
486	struct TS_resp_ctx;
487
488	/* This must return a unique number less than 160 bits long. */
489	typedef ASN1_INTEGER (TS_serial_cb)(struct TS_resp_ctx , void );
490
491	/* This must return the seconds and microseconds since Jan 1, 1970 in
492	the sec and usec variables allocated by the caller.
493	Return non-zero for success and zero for failure. */
494	typedef int (TS_time_cb)(struct TS_resp_ctx , void , long sec, long *usec);
495
496	/* This must process the given extension.
497	* It can modify the TS_TST_INFO object of the context.
498	* Return values: !0 (processed), 0 (error, it must set the
499	* status info/failure info of the response).
500	*/
501	typedef int (TS_extension_cb)(struct TS_resp_ctx , X509_EXTENSION , void );
502
503	typedef struct TS_resp_ctx
504	{
505	X509 *signer_cert;
506	EVP_PKEY *signer_key;
507	STACK_OF(X509) certs; / Certs to include in signed data. */
508	STACK_OF(ASN1_OBJECT) policies; / Acceptable policies. */
509	ASN1_OBJECT default_policy; / It may appear in policies, too. */
510	STACK_OF(EVP_MD) mds; / Acceptable message digests. */
511	ASN1_INTEGER seconds; / accuracy, 0 means not specified. */
512	ASN1_INTEGER millis; / accuracy, 0 means not specified. */
513	ASN1_INTEGER micros; / accuracy, 0 means not specified. */
514	unsigned clock_precision_digits; /* fraction of seconds in
515	time stamp token. */
516	unsigned flags; /* Optional info, see values above. */
517
518	/* Callback functions. */
519	TS_serial_cb serial_cb;
520	void serial_cb_data; / User data for serial_cb. */
521
522	TS_time_cb time_cb;
523	void time_cb_data; / User data for time_cb. */
524
525	TS_extension_cb extension_cb;
526	void extension_cb_data; / User data for extension_cb. */
527
528	/* These members are used only while creating the response. */
529	TS_REQ *request;
530	TS_RESP *response;
531	TS_TST_INFO *tst_info;
532	} TS_RESP_CTX;
533
534	DECLARE_STACK_OF(EVP_MD)
535	DECLARE_ASN1_SET_OF(EVP_MD)
536
537	/* Creates a response context that can be used for generating responses. */
538	TS_RESP_CTX *TS_RESP_CTX_new(void);
539	void TS_RESP_CTX_free(TS_RESP_CTX *ctx);
540
541	/* This parameter must be set. */
542	int TS_RESP_CTX_set_signer_cert(TS_RESP_CTX ctx, X509 signer);
543
544	/* This parameter must be set. */
545	int TS_RESP_CTX_set_signer_key(TS_RESP_CTX ctx, EVP_PKEY key);
546
547	/* This parameter must be set. */
548	int TS_RESP_CTX_set_def_policy(TS_RESP_CTX ctx, ASN1_OBJECT def_policy);
549
550	/* No additional certs are included in the response by default. */
551	int TS_RESP_CTX_set_certs(TS_RESP_CTX ctx, STACK_OF(X509) certs);
552
553	/* Adds a new acceptable policy, only the default policy
554	is accepted by default. */
555	int TS_RESP_CTX_add_policy(TS_RESP_CTX ctx, ASN1_OBJECT policy);
556
557	/* Adds a new acceptable message digest. Note that no message digests
558	are accepted by default. The md argument is shared with the caller. */
559	int TS_RESP_CTX_add_md(TS_RESP_CTX ctx, const EVP_MD md);
560
561	/* Accuracy is not included by default. */
562	int TS_RESP_CTX_set_accuracy(TS_RESP_CTX *ctx,
563	int secs, int millis, int micros);
564
565	/* Clock precision digits, i.e. the number of decimal digits:
566	'0' means sec, '3' msec, '6' usec, and so on. Default is 0. */
567	int TS_RESP_CTX_set_clock_precision_digits(TS_RESP_CTX *ctx,
568	unsigned clock_precision_digits);
569	/* At most we accept usec precision. */
570	#define TS_MAX_CLOCK_PRECISION_DIGITS 6
571
572	/* No flags are set by default. */
573	void TS_RESP_CTX_add_flags(TS_RESP_CTX *ctx, int flags);
574
575	/* Default callback always returns a constant. */
576	void TS_RESP_CTX_set_serial_cb(TS_RESP_CTX ctx, TS_serial_cb cb, void data);
577
578	/* Default callback uses the gettimeofday() and gmtime() system calls. */
579	void TS_RESP_CTX_set_time_cb(TS_RESP_CTX ctx, TS_time_cb cb, void data);
580
581	/* Default callback rejects all extensions. The extension callback is called
582	* when the TS_TST_INFO object is already set up and not signed yet. */
583	/* FIXME: extension handling is not tested yet. */
584	void TS_RESP_CTX_set_extension_cb(TS_RESP_CTX *ctx,
585	TS_extension_cb cb, void *data);
586
587	/* The following methods can be used in the callbacks. */
588	int TS_RESP_CTX_set_status_info(TS_RESP_CTX *ctx,
589	int status, const char *text);
590
591	/* Sets the status info only if it is still TS_STATUS_GRANTED. */
592	int TS_RESP_CTX_set_status_info_cond(TS_RESP_CTX *ctx,
593	int status, const char *text);
594
595	int TS_RESP_CTX_add_failure_info(TS_RESP_CTX *ctx, int failure);
596
597	/* The get methods below can be used in the extension callback. */
598	TS_REQ TS_RESP_CTX_get_request(TS_RESP_CTX ctx);
599
600	TS_TST_INFO TS_RESP_CTX_get_tst_info(TS_RESP_CTX ctx);
601
602	/*
603	* Creates the signed TS_TST_INFO and puts it in TS_RESP.
604	* In case of errors it sets the status info properly.
605	* Returns NULL only in case of memory allocation/fatal error.
606	*/
607	TS_RESP TS_RESP_create_response(TS_RESP_CTX ctx, BIO *req_bio);
608
609	/*
610	* Declarations related to response verification,
611	* they are defined in ts/ts_resp_verify.c.
612	*/
613
614	int TS_RESP_verify_signature(PKCS7 token, STACK_OF(X509) certs,
615	X509_STORE store, X509 *signer_out);
616
617	/* Context structure for the generic verify method. */
618
619	/* Verify the signer's certificate and the signature of the response. */
620	#define TS_VFY_SIGNATURE (1u << 0)
621	/* Verify the version number of the response. */
622	#define TS_VFY_VERSION (1u << 1)
623	/* Verify if the policy supplied by the user matches the policy of the TSA. */
624	#define TS_VFY_POLICY (1u << 2)
625	/* Verify the message imprint provided by the user. This flag should not be
626	specified with TS_VFY_DATA. */
627	#define TS_VFY_IMPRINT (1u << 3)
628	/* Verify the message imprint computed by the verify method from the user
629	provided data and the MD algorithm of the response. This flag should not be
630	specified with TS_VFY_IMPRINT. */
631	#define TS_VFY_DATA (1u << 4)
632	/* Verify the nonce value. */
633	#define TS_VFY_NONCE (1u << 5)
634	/* Verify if the TSA name field matches the signer certificate. */
635	#define TS_VFY_SIGNER (1u << 6)
636	/* Verify if the TSA name field equals to the user provided name. */
637	#define TS_VFY_TSA_NAME (1u << 7)
638
639	/* You can use the following convenience constants. */
640	#define TS_VFY_ALL_IMPRINT (TS_VFY_SIGNATURE \
641	\| TS_VFY_VERSION \
642	\| TS_VFY_POLICY \
643	\| TS_VFY_IMPRINT \
644	\| TS_VFY_NONCE \
645	\| TS_VFY_SIGNER \
646	\| TS_VFY_TSA_NAME)
647	#define TS_VFY_ALL_DATA (TS_VFY_SIGNATURE \
648	\| TS_VFY_VERSION \
649	\| TS_VFY_POLICY \
650	\| TS_VFY_DATA \
651	\| TS_VFY_NONCE \
652	\| TS_VFY_SIGNER \
653	\| TS_VFY_TSA_NAME)
654
655	typedef struct TS_verify_ctx
656	{
657	/* Set this to the union of TS_VFY_... flags you want to carry out. */
658	unsigned flags;
659
660	/* Must be set only with TS_VFY_SIGNATURE. certs is optional. */
661	X509_STORE *store;
662	STACK_OF(X509) *certs;
663
664	/* Must be set only with TS_VFY_POLICY. */
665	ASN1_OBJECT *policy;
666
667	/* Must be set only with TS_VFY_IMPRINT. If md_alg is NULL,
668	the algorithm from the response is used. */
669	X509_ALGOR *md_alg;
670	unsigned char *imprint;
671	unsigned imprint_len;
672
673	/* Must be set only with TS_VFY_DATA. */
674	BIO *data;
675
676	/* Must be set only with TS_VFY_TSA_NAME. */
677	ASN1_INTEGER *nonce;
678
679	/* Must be set only with TS_VFY_TSA_NAME. */
680	GENERAL_NAME *tsa_name;
681	} TS_VERIFY_CTX;
682
683	int TS_RESP_verify_response(TS_VERIFY_CTX ctx, TS_RESP response);
684	int TS_RESP_verify_token(TS_VERIFY_CTX ctx, PKCS7 token);
685
686	/*
687	* Declarations related to response verification context,
688	* they are defined in ts/ts_verify_ctx.c.
689	*/
690
691	/* Set all fields to zero. */
692	TS_VERIFY_CTX *TS_VERIFY_CTX_new(void);
693	void TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx);
694	void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx);
695	void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx);
696
697	/*
698	* If ctx is NULL, it allocates and returns a new object, otherwise
699	* it returns ctx. It initialises all the members as follows:
700	* flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME \| TS_VFY_SIGNATURE)
701	* certs = NULL
702	* store = NULL
703	* policy = policy from the request or NULL if absent (in this case
704	* TS_VFY_POLICY is cleared from flags as well)
705	* md_alg = MD algorithm from request
706	* imprint, imprint_len = imprint from request
707	* data = NULL
708	* nonce, nonce_len = nonce from the request or NULL if absent (in this case
709	* TS_VFY_NONCE is cleared from flags as well)
710	* tsa_name = NULL
711	* Important: after calling this method TS_VFY_SIGNATURE should be added!
712	*/
713	TS_VERIFY_CTX TS_REQ_to_TS_VERIFY_CTX(TS_REQ req, TS_VERIFY_CTX *ctx);
714
715	/* Function declarations for TS_RESP defined in ts/ts_resp_print.c */
716
717	int TS_RESP_print_bio(BIO bio, TS_RESP a);
718	int TS_STATUS_INFO_print_bio(BIO bio, TS_STATUS_INFO a);
719	int TS_TST_INFO_print_bio(BIO bio, TS_TST_INFO a);
720
721	/* Common utility functions defined in ts/ts_lib.c */
722
723	int TS_ASN1_INTEGER_print_bio(BIO bio, const ASN1_INTEGER num);
724	int TS_OBJ_print_bio(BIO bio, const ASN1_OBJECT obj);
725	int TS_ext_print_bio(BIO bio, const STACK_OF(X509_EXTENSION) extensions);
726	int TS_X509_ALGOR_print_bio(BIO bio, const X509_ALGOR alg);
727	int TS_MSG_IMPRINT_print_bio(BIO bio, TS_MSG_IMPRINT msg);
728
729	/* Function declarations for handling configuration options,
730	defined in ts/ts_conf.c */
731
732	X509 TS_CONF_load_cert(const char file);
733	STACK_OF(X509) TS_CONF_load_certs(const char file);
734	EVP_PKEY TS_CONF_load_key(const char file, const char *pass);
735	const char TS_CONF_get_tsa_section(CONF conf, const char *section);
736	int TS_CONF_set_serial(CONF conf, const char section, TS_serial_cb cb,
737	TS_RESP_CTX *ctx);
738	int TS_CONF_set_crypto_device(CONF conf, const char section,
739	const char *device);
740	int TS_CONF_set_default_engine(const char *name);
741	int TS_CONF_set_signer_cert(CONF conf, const char section,
742	const char cert, TS_RESP_CTX ctx);
743	int TS_CONF_set_certs(CONF conf, const char section, const char *certs,
744	TS_RESP_CTX *ctx);
745	int TS_CONF_set_signer_key(CONF conf, const char section,
746	const char key, const char pass, TS_RESP_CTX *ctx);
747	int TS_CONF_set_def_policy(CONF conf, const char section,
748	const char policy, TS_RESP_CTX ctx);
749	int TS_CONF_set_policies(CONF conf, const char section, TS_RESP_CTX *ctx);
750	int TS_CONF_set_digests(CONF conf, const char section, TS_RESP_CTX *ctx);
751	int TS_CONF_set_accuracy(CONF conf, const char section, TS_RESP_CTX *ctx);
752	int TS_CONF_set_clock_precision_digits(CONF conf, const char section,
753	TS_RESP_CTX *ctx);
754	int TS_CONF_set_ordering(CONF conf, const char section, TS_RESP_CTX *ctx);
755	int TS_CONF_set_tsa_name(CONF conf, const char section, TS_RESP_CTX *ctx);
756	int TS_CONF_set_ess_cert_id_chain(CONF conf, const char section,
757	TS_RESP_CTX *ctx);
758
759	/* -------------------------------------------------- */
760	/* BEGIN ERROR CODES */
761	/* The following lines are auto generated by the script mkerr.pl. Any changes
762	* made after this point may be overwritten when the script is next run.
763	*/
764	void ERR_load_TS_strings(void);
765
766	/* Error codes for the TS functions. */
767
768	/* Function codes. */
769	#define TS_F_D2I_TS_RESP 147
770	#define TS_F_DEF_SERIAL_CB 110
771	#define TS_F_DEF_TIME_CB 111
772	#define TS_F_ESS_ADD_SIGNING_CERT 112
773	#define TS_F_ESS_CERT_ID_NEW_INIT 113
774	#define TS_F_ESS_SIGNING_CERT_NEW_INIT 114
775	#define TS_F_INT_TS_RESP_VERIFY_TOKEN 149
776	#define TS_F_PKCS7_TO_TS_TST_INFO 148
777	#define TS_F_TS_ACCURACY_SET_MICROS 115
778	#define TS_F_TS_ACCURACY_SET_MILLIS 116
779	#define TS_F_TS_ACCURACY_SET_SECONDS 117
780	#define TS_F_TS_CHECK_IMPRINTS 100
781	#define TS_F_TS_CHECK_NONCES 101
782	#define TS_F_TS_CHECK_POLICY 102
783	#define TS_F_TS_CHECK_SIGNING_CERTS 103
784	#define TS_F_TS_CHECK_STATUS_INFO 104
785	#define TS_F_TS_COMPUTE_IMPRINT 145
786	#define TS_F_TS_CONF_SET_DEFAULT_ENGINE 146
787	#define TS_F_TS_GET_STATUS_TEXT 105
788	#define TS_F_TS_MSG_IMPRINT_SET_ALGO 118
789	#define TS_F_TS_REQ_SET_MSG_IMPRINT 119
790	#define TS_F_TS_REQ_SET_NONCE 120
791	#define TS_F_TS_REQ_SET_POLICY_ID 121
792	#define TS_F_TS_RESP_CREATE_RESPONSE 122
793	#define TS_F_TS_RESP_CREATE_TST_INFO 123
794	#define TS_F_TS_RESP_CTX_ADD_FAILURE_INFO 124
795	#define TS_F_TS_RESP_CTX_ADD_MD 125
796	#define TS_F_TS_RESP_CTX_ADD_POLICY 126
797	#define TS_F_TS_RESP_CTX_NEW 127
798	#define TS_F_TS_RESP_CTX_SET_ACCURACY 128
799	#define TS_F_TS_RESP_CTX_SET_CERTS 129
800	#define TS_F_TS_RESP_CTX_SET_DEF_POLICY 130
801	#define TS_F_TS_RESP_CTX_SET_SIGNER_CERT 131
802	#define TS_F_TS_RESP_CTX_SET_STATUS_INFO 132
803	#define TS_F_TS_RESP_GET_POLICY 133
804	#define TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION 134
805	#define TS_F_TS_RESP_SET_STATUS_INFO 135
806	#define TS_F_TS_RESP_SET_TST_INFO 150
807	#define TS_F_TS_RESP_SIGN 136
808	#define TS_F_TS_RESP_VERIFY_SIGNATURE 106
809	#define TS_F_TS_RESP_VERIFY_TOKEN 107
810	#define TS_F_TS_TST_INFO_SET_ACCURACY 137
811	#define TS_F_TS_TST_INFO_SET_MSG_IMPRINT 138
812	#define TS_F_TS_TST_INFO_SET_NONCE 139
813	#define TS_F_TS_TST_INFO_SET_POLICY_ID 140
814	#define TS_F_TS_TST_INFO_SET_SERIAL 141
815	#define TS_F_TS_TST_INFO_SET_TIME 142
816	#define TS_F_TS_TST_INFO_SET_TSA 143
817	#define TS_F_TS_VERIFY 108
818	#define TS_F_TS_VERIFY_CERT 109
819	#define TS_F_TS_VERIFY_CTX_NEW 144
820
821	/* Reason codes. */
822	#define TS_R_BAD_PKCS7_TYPE 132
823	#define TS_R_BAD_TYPE 133
824	#define TS_R_CERTIFICATE_VERIFY_ERROR 100
825	#define TS_R_COULD_NOT_SET_ENGINE 127
826	#define TS_R_COULD_NOT_SET_TIME 115
827	#define TS_R_D2I_TS_RESP_INT_FAILED 128
828	#define TS_R_DETACHED_CONTENT 134
829	#define TS_R_ESS_ADD_SIGNING_CERT_ERROR 116
830	#define TS_R_ESS_SIGNING_CERTIFICATE_ERROR 101
831	#define TS_R_INVALID_NULL_POINTER 102
832	#define TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE 117
833	#define TS_R_MESSAGE_IMPRINT_MISMATCH 103
834	#define TS_R_NONCE_MISMATCH 104
835	#define TS_R_NONCE_NOT_RETURNED 105
836	#define TS_R_NO_CONTENT 106
837	#define TS_R_NO_TIME_STAMP_TOKEN 107
838	#define TS_R_PKCS7_ADD_SIGNATURE_ERROR 118
839	#define TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR 119
840	#define TS_R_PKCS7_TO_TS_TST_INFO_FAILED 129
841	#define TS_R_POLICY_MISMATCH 108
842	#define TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 120
843	#define TS_R_RESPONSE_SETUP_ERROR 121
844	#define TS_R_SIGNATURE_FAILURE 109
845	#define TS_R_THERE_MUST_BE_ONE_SIGNER 110
846	#define TS_R_TIME_SYSCALL_ERROR 122
847	#define TS_R_TOKEN_NOT_PRESENT 130
848	#define TS_R_TOKEN_PRESENT 131
849	#define TS_R_TSA_NAME_MISMATCH 111
850	#define TS_R_TSA_UNTRUSTED 112
851	#define TS_R_TST_INFO_SETUP_ERROR 123
852	#define TS_R_TS_DATASIGN 124
853	#define TS_R_UNACCEPTABLE_POLICY 125
854	#define TS_R_UNSUPPORTED_MD_ALGORITHM 126
855	#define TS_R_UNSUPPORTED_VERSION 113
856	#define TS_R_WRONG_CONTENT_TYPE 114
857
858	#ifdef __cplusplus
859	}
860	#endif
861	#endif

Note: See TracBrowser for help on using the repository browser.

Download in other formats: