summaryrefslogtreecommitdiff
path: root/src/lib
diff options
context:
space:
mode:
authortb <>2022-09-11 17:31:19 +0000
committertb <>2022-09-11 17:31:19 +0000
commit927eba6a7e1ebb08167c9fd72962c95695e1fbbb (patch)
treeec1c8803851e0c5ae7f551a696251352c9b2ba80 /src/lib
parent1e6a38fe37a22fd311807762cf937c6d1cf58aa0 (diff)
downloadopenbsd-927eba6a7e1ebb08167c9fd72962c95695e1fbbb.tar.gz
openbsd-927eba6a7e1ebb08167c9fd72962c95695e1fbbb.tar.bz2
openbsd-927eba6a7e1ebb08167c9fd72962c95695e1fbbb.zip
Make structs in ts.h opaque
ok jsing
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/libcrypto/ts/ts.h230
-rw-r--r--src/lib/libcrypto/ts/ts_local.h208
2 files changed, 223 insertions, 215 deletions
diff --git a/src/lib/libcrypto/ts/ts.h b/src/lib/libcrypto/ts/ts.h
index 0397fb8b08..cb372e6616 100644
--- a/src/lib/libcrypto/ts/ts.h
+++ b/src/lib/libcrypto/ts/ts.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ts.h,v 1.18 2022/07/24 20:02:04 tb Exp $ */ 1/* $OpenBSD: ts.h,v 1.19 2022/09/11 17:31:19 tb Exp $ */
2/* Written by Zoltan Glozik (zglozik@opentsa.org) for the OpenSSL 2/* Written by Zoltan Glozik (zglozik@opentsa.org) for the OpenSSL
3 * project 2002, 2003, 2004. 3 * project 2002, 2003, 2004.
4 */ 4 */
@@ -93,99 +93,12 @@ extern "C" {
93#include <openssl/x509.h> 93#include <openssl/x509.h>
94#include <openssl/x509v3.h> 94#include <openssl/x509v3.h>
95 95
96/* 96typedef struct TS_msg_imprint_st TS_MSG_IMPRINT;
97MessageImprint ::= SEQUENCE { 97typedef struct TS_req_st TS_REQ;
98 hashAlgorithm AlgorithmIdentifier, 98typedef struct TS_accuracy_st TS_ACCURACY;
99 hashedMessage OCTET STRING } 99typedef struct TS_tst_info_st TS_TST_INFO;
100*/
101
102typedef struct TS_msg_imprint_st {
103 X509_ALGOR *hash_algo;
104 ASN1_OCTET_STRING *hashed_msg;
105} TS_MSG_IMPRINT;
106
107/*
108TimeStampReq ::= SEQUENCE {
109 version INTEGER { v1(1) },
110 messageImprint MessageImprint,
111 --a hash algorithm OID and the hash value of the data to be
112 --time-stamped
113 reqPolicy TSAPolicyId OPTIONAL,
114 nonce INTEGER OPTIONAL,
115 certReq BOOLEAN DEFAULT FALSE,
116 extensions [0] IMPLICIT Extensions OPTIONAL }
117*/
118
119typedef struct TS_req_st {
120 ASN1_INTEGER *version;
121 TS_MSG_IMPRINT *msg_imprint;
122 ASN1_OBJECT *policy_id; /* OPTIONAL */
123 ASN1_INTEGER *nonce; /* OPTIONAL */
124 ASN1_BOOLEAN cert_req; /* DEFAULT FALSE */
125 STACK_OF(X509_EXTENSION) *extensions; /* [0] OPTIONAL */
126} TS_REQ;
127
128/*
129Accuracy ::= SEQUENCE {
130 seconds INTEGER OPTIONAL,
131 millis [0] INTEGER (1..999) OPTIONAL,
132 micros [1] INTEGER (1..999) OPTIONAL }
133*/
134
135typedef struct TS_accuracy_st {
136 ASN1_INTEGER *seconds;
137 ASN1_INTEGER *millis;
138 ASN1_INTEGER *micros;
139} TS_ACCURACY;
140
141/*
142TSTInfo ::= SEQUENCE {
143 version INTEGER { v1(1) },
144 policy TSAPolicyId,
145 messageImprint MessageImprint,
146 -- MUST have the same value as the similar field in
147 -- TimeStampReq
148 serialNumber INTEGER,
149 -- Time-Stamping users MUST be ready to accommodate integers
150 -- up to 160 bits.
151 genTime GeneralizedTime,
152 accuracy Accuracy OPTIONAL,
153 ordering BOOLEAN DEFAULT FALSE,
154 nonce INTEGER OPTIONAL,
155 -- MUST be present if the similar field was present
156 -- in TimeStampReq. In that case it MUST have the same value.
157 tsa [0] GeneralName OPTIONAL,
158 extensions [1] IMPLICIT Extensions OPTIONAL }
159*/
160
161typedef struct TS_tst_info_st {
162 ASN1_INTEGER *version;
163 ASN1_OBJECT *policy_id;
164 TS_MSG_IMPRINT *msg_imprint;
165 ASN1_INTEGER *serial;
166 ASN1_GENERALIZEDTIME *time;
167 TS_ACCURACY *accuracy;
168 ASN1_BOOLEAN ordering;
169 ASN1_INTEGER *nonce;
170 GENERAL_NAME *tsa;
171 STACK_OF(X509_EXTENSION) *extensions;
172} TS_TST_INFO;
173
174/*
175PKIStatusInfo ::= SEQUENCE {
176 status PKIStatus,
177 statusString PKIFreeText OPTIONAL,
178 failInfo PKIFailureInfo OPTIONAL }
179
180From RFC 1510 - section 3.1.1:
181PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String
182 -- text encoded as UTF-8 String (note: each UTF8String SHOULD
183 -- include an RFC 1766 language tag to indicate the language
184 -- of the contained text)
185*/
186
187/* Possible values for status. See ts_rsp_print.c && ts_rsp_verify.c. */
188 100
101/* Possible values for status. */
189#define TS_STATUS_GRANTED 0 102#define TS_STATUS_GRANTED 0
190#define TS_STATUS_GRANTED_WITH_MODS 1 103#define TS_STATUS_GRANTED_WITH_MODS 1
191#define TS_STATUS_REJECTION 2 104#define TS_STATUS_REJECTION 2
@@ -193,8 +106,7 @@ PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String
193#define TS_STATUS_REVOCATION_WARNING 4 106#define TS_STATUS_REVOCATION_WARNING 4
194#define TS_STATUS_REVOCATION_NOTIFICATION 5 107#define TS_STATUS_REVOCATION_NOTIFICATION 5
195 108
196/* Possible values for failure_info. See ts_rsp_print.c && ts_rsp_verify.c */ 109/* Possible values for failure_info. */
197
198#define TS_INFO_BAD_ALG 0 110#define TS_INFO_BAD_ALG 0
199#define TS_INFO_BAD_REQUEST 2 111#define TS_INFO_BAD_REQUEST 2
200#define TS_INFO_BAD_DATA_FORMAT 5 112#define TS_INFO_BAD_DATA_FORMAT 5
@@ -204,72 +116,21 @@ PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String
204#define TS_INFO_ADD_INFO_NOT_AVAILABLE 17 116#define TS_INFO_ADD_INFO_NOT_AVAILABLE 17
205#define TS_INFO_SYSTEM_FAILURE 25 117#define TS_INFO_SYSTEM_FAILURE 25
206 118
207typedef struct TS_status_info_st { 119typedef struct TS_status_info_st TS_STATUS_INFO;
208 ASN1_INTEGER *status;
209 STACK_OF(ASN1_UTF8STRING) *text;
210 ASN1_BIT_STRING *failure_info;
211} TS_STATUS_INFO;
212 120
213DECLARE_STACK_OF(ASN1_UTF8STRING) 121DECLARE_STACK_OF(ASN1_UTF8STRING)
214 122
215/* 123typedef struct ESS_issuer_serial ESS_ISSUER_SERIAL;
216TimeStampResp ::= SEQUENCE { 124typedef struct ESS_cert_id ESS_CERT_ID;
217 status PKIStatusInfo,
218 timeStampToken TimeStampToken OPTIONAL }
219*/
220
221typedef struct TS_resp_st {
222 TS_STATUS_INFO *status_info;
223 PKCS7 *token;
224 TS_TST_INFO *tst_info;
225} TS_RESP;
226
227/* The structure below would belong to the ESS component. */
228
229/*
230IssuerSerial ::= SEQUENCE {
231 issuer GeneralNames,
232 serialNumber CertificateSerialNumber
233 }
234*/
235
236typedef struct ESS_issuer_serial {
237 STACK_OF(GENERAL_NAME) *issuer;
238 ASN1_INTEGER *serial;
239} ESS_ISSUER_SERIAL;
240
241/*
242ESSCertID ::= SEQUENCE {
243 certHash Hash,
244 issuerSerial IssuerSerial OPTIONAL
245}
246*/
247
248typedef struct ESS_cert_id {
249 ASN1_OCTET_STRING *hash; /* Always SHA-1 digest. */
250 ESS_ISSUER_SERIAL *issuer_serial;
251} ESS_CERT_ID;
252
253DECLARE_STACK_OF(ESS_CERT_ID) 125DECLARE_STACK_OF(ESS_CERT_ID)
126typedef struct ESS_signing_cert ESS_SIGNING_CERT;
254 127
255/*
256SigningCertificate ::= SEQUENCE {
257 certs SEQUENCE OF ESSCertID,
258 policies SEQUENCE OF PolicyInformation OPTIONAL
259}
260*/
261
262typedef struct ESS_signing_cert {
263 STACK_OF(ESS_CERT_ID) *cert_ids;
264 STACK_OF(POLICYINFO) *policy_info;
265} ESS_SIGNING_CERT;
266
267#ifdef LIBRESSL_INTERNAL
268typedef struct ESS_cert_id_v2 ESS_CERT_ID_V2; 128typedef struct ESS_cert_id_v2 ESS_CERT_ID_V2;
269DECLARE_STACK_OF(ESS_CERT_ID_V2) 129DECLARE_STACK_OF(ESS_CERT_ID_V2)
270 130
271typedef struct ESS_signing_cert_v2 ESS_SIGNING_CERT_V2; 131typedef struct ESS_signing_cert_v2 ESS_SIGNING_CERT_V2;
272#endif /* LIBRESSL_INTERNAL */ 132
133typedef struct TS_resp_st TS_RESP;
273 134
274TS_REQ *TS_REQ_new(void); 135TS_REQ *TS_REQ_new(void);
275void TS_REQ_free(TS_REQ *a); 136void TS_REQ_free(TS_REQ *a);
@@ -398,13 +259,11 @@ int TS_REQ_print_bio(BIO *bio, TS_REQ *a);
398int TS_RESP_set_status_info(TS_RESP *a, TS_STATUS_INFO *info); 259int TS_RESP_set_status_info(TS_RESP *a, TS_STATUS_INFO *info);
399TS_STATUS_INFO *TS_RESP_get_status_info(TS_RESP *a); 260TS_STATUS_INFO *TS_RESP_get_status_info(TS_RESP *a);
400 261
401#if defined(LIBRESSL_INTERNAL)
402const ASN1_UTF8STRING *TS_STATUS_INFO_get0_failure_info(const TS_STATUS_INFO *si); 262const ASN1_UTF8STRING *TS_STATUS_INFO_get0_failure_info(const TS_STATUS_INFO *si);
403const STACK_OF(ASN1_UTF8STRING) * 263const STACK_OF(ASN1_UTF8STRING) *
404 TS_STATUS_INFO_get0_text(const TS_STATUS_INFO *si); 264 TS_STATUS_INFO_get0_text(const TS_STATUS_INFO *si);
405const ASN1_INTEGER *TS_STATUS_INFO_get0_status(const TS_STATUS_INFO *si); 265const ASN1_INTEGER *TS_STATUS_INFO_get0_status(const TS_STATUS_INFO *si);
406int TS_STATUS_INFO_set_status(TS_STATUS_INFO *si, int i); 266int TS_STATUS_INFO_set_status(TS_STATUS_INFO *si, int i);
407#endif
408 267
409/* Caller loses ownership of PKCS7 and TS_TST_INFO objects. */ 268/* Caller loses ownership of PKCS7 and TS_TST_INFO objects. */
410void TS_RESP_set_tst_info(TS_RESP *a, PKCS7 *p7, TS_TST_INFO *tst_info); 269void TS_RESP_set_tst_info(TS_RESP *a, PKCS7 *p7, TS_TST_INFO *tst_info);
@@ -494,35 +353,7 @@ typedef int (*TS_time_cb)(struct TS_resp_ctx *, void *, time_t *sec, long *usec)
494 */ 353 */
495typedef int (*TS_extension_cb)(struct TS_resp_ctx *, X509_EXTENSION *, void *); 354typedef int (*TS_extension_cb)(struct TS_resp_ctx *, X509_EXTENSION *, void *);
496 355
497typedef struct TS_resp_ctx { 356typedef struct TS_resp_ctx TS_RESP_CTX;
498 X509 *signer_cert;
499 EVP_PKEY *signer_key;
500 STACK_OF(X509) *certs; /* Certs to include in signed data. */
501 STACK_OF(ASN1_OBJECT) *policies; /* Acceptable policies. */
502 ASN1_OBJECT *default_policy; /* It may appear in policies, too. */
503 STACK_OF(EVP_MD) *mds; /* Acceptable message digests. */
504 ASN1_INTEGER *seconds; /* accuracy, 0 means not specified. */
505 ASN1_INTEGER *millis; /* accuracy, 0 means not specified. */
506 ASN1_INTEGER *micros; /* accuracy, 0 means not specified. */
507 unsigned clock_precision_digits; /* fraction of seconds in
508 time stamp token. */
509 unsigned flags; /* Optional info, see values above. */
510
511 /* Callback functions. */
512 TS_serial_cb serial_cb;
513 void *serial_cb_data; /* User data for serial_cb. */
514
515 TS_time_cb time_cb;
516 void *time_cb_data; /* User data for time_cb. */
517
518 TS_extension_cb extension_cb;
519 void *extension_cb_data; /* User data for extension_cb. */
520
521 /* These members are used only while creating the response. */
522 TS_REQ *request;
523 TS_RESP *response;
524 TS_TST_INFO *tst_info;
525} TS_RESP_CTX;
526 357
527DECLARE_STACK_OF(EVP_MD) 358DECLARE_STACK_OF(EVP_MD)
528 359
@@ -567,10 +398,8 @@ void TS_RESP_CTX_add_flags(TS_RESP_CTX *ctx, int flags);
567/* Default callback always returns a constant. */ 398/* Default callback always returns a constant. */
568void TS_RESP_CTX_set_serial_cb(TS_RESP_CTX *ctx, TS_serial_cb cb, void *data); 399void TS_RESP_CTX_set_serial_cb(TS_RESP_CTX *ctx, TS_serial_cb cb, void *data);
569 400
570#if defined(LIBRESSL_INTERNAL)
571/* Default callback uses gettimeofday() and gmtime(). */ 401/* Default callback uses gettimeofday() and gmtime(). */
572void TS_RESP_CTX_set_time_cb(TS_RESP_CTX *ctx, TS_time_cb cb, void *data); 402void TS_RESP_CTX_set_time_cb(TS_RESP_CTX *ctx, TS_time_cb cb, void *data);
573#endif
574 403
575/* Default callback rejects all extensions. The extension callback is called 404/* Default callback rejects all extensions. The extension callback is called
576 * when the TS_TST_INFO object is already set up and not signed yet. */ 405 * when the TS_TST_INFO object is already set up and not signed yet. */
@@ -646,32 +475,7 @@ int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs,
646 | TS_VFY_SIGNER \ 475 | TS_VFY_SIGNER \
647 | TS_VFY_TSA_NAME) 476 | TS_VFY_TSA_NAME)
648 477
649typedef struct TS_verify_ctx { 478typedef struct TS_verify_ctx TS_VERIFY_CTX;
650 /* Set this to the union of TS_VFY_... flags you want to carry out. */
651 unsigned flags;
652
653 /* Must be set only with TS_VFY_SIGNATURE. certs is optional. */
654 X509_STORE *store;
655 STACK_OF(X509) *certs;
656
657 /* Must be set only with TS_VFY_POLICY. */
658 ASN1_OBJECT *policy;
659
660 /* Must be set only with TS_VFY_IMPRINT. If md_alg is NULL,
661 the algorithm from the response is used. */
662 X509_ALGOR *md_alg;
663 unsigned char *imprint;
664 unsigned imprint_len;
665
666 /* Must be set only with TS_VFY_DATA. */
667 BIO *data;
668
669 /* Must be set only with TS_VFY_TSA_NAME. */
670 ASN1_INTEGER *nonce;
671
672 /* Must be set only with TS_VFY_TSA_NAME. */
673 GENERAL_NAME *tsa_name;
674} TS_VERIFY_CTX;
675 479
676int TS_RESP_verify_response(TS_VERIFY_CTX *ctx, TS_RESP *response); 480int TS_RESP_verify_response(TS_VERIFY_CTX *ctx, TS_RESP *response);
677int TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token); 481int TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token);
@@ -687,7 +491,6 @@ void TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx);
687void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx); 491void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx);
688void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx); 492void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx);
689 493
690#if defined(LIBRESSL_INTERNAL)
691int TS_VERIFY_CTX_add_flags(TS_VERIFY_CTX *ctx, int flags); 494int TS_VERIFY_CTX_add_flags(TS_VERIFY_CTX *ctx, int flags);
692int TS_VERIFY_CTX_set_flags(TS_VERIFY_CTX *ctx, int flags); 495int TS_VERIFY_CTX_set_flags(TS_VERIFY_CTX *ctx, int flags);
693BIO *TS_VERIFY_CTX_set_data(TS_VERIFY_CTX *ctx, BIO *bio); 496BIO *TS_VERIFY_CTX_set_data(TS_VERIFY_CTX *ctx, BIO *bio);
@@ -698,7 +501,6 @@ STACK_OF(X509) *TS_VERIFY_CTX_set_certs(TS_VERIFY_CTX *ctx,
698 STACK_OF(X509) *certs); 501 STACK_OF(X509) *certs);
699unsigned char *TS_VERIFY_CTX_set_imprint(TS_VERIFY_CTX *ctx, 502unsigned char *TS_VERIFY_CTX_set_imprint(TS_VERIFY_CTX *ctx,
700 unsigned char *imprint, long imprint_len); 503 unsigned char *imprint, long imprint_len);
701#endif
702 504
703/* 505/*
704 * If ctx is NULL, it allocates and returns a new object, otherwise 506 * If ctx is NULL, it allocates and returns a new object, otherwise
@@ -712,7 +514,7 @@ unsigned char *TS_VERIFY_CTX_set_imprint(TS_VERIFY_CTX *ctx,
712 * imprint, imprint_len = imprint from request 514 * imprint, imprint_len = imprint from request
713 * data = NULL 515 * data = NULL
714 * nonce, nonce_len = nonce from the request or NULL if absent (in this case 516 * nonce, nonce_len = nonce from the request or NULL if absent (in this case
715 * TS_VFY_NONCE is cleared from flags as well) 517 * TS_VFY_NONCE is cleared from flags as well)
716 * tsa_name = NULL 518 * tsa_name = NULL
717 * Important: after calling this method TS_VFY_SIGNATURE should be added! 519 * Important: after calling this method TS_VFY_SIGNATURE should be added!
718 */ 520 */
diff --git a/src/lib/libcrypto/ts/ts_local.h b/src/lib/libcrypto/ts/ts_local.h
index 01d26de127..cf1e9e0589 100644
--- a/src/lib/libcrypto/ts/ts_local.h
+++ b/src/lib/libcrypto/ts/ts_local.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ts_local.h,v 1.1 2022/07/24 08:16:47 tb Exp $ */ 1/* $OpenBSD: ts_local.h,v 1.2 2022/09/11 17:31:19 tb Exp $ */
2/* Written by Zoltan Glozik (zglozik@opentsa.org) for the OpenSSL 2/* Written by Zoltan Glozik (zglozik@opentsa.org) for the OpenSSL
3 * project 2002, 2003, 2004. 3 * project 2002, 2003, 2004.
4 */ 4 */
@@ -62,6 +62,153 @@
62__BEGIN_HIDDEN_DECLS 62__BEGIN_HIDDEN_DECLS
63 63
64/* 64/*
65 * MessageImprint ::= SEQUENCE {
66 * hashAlgorithm AlgorithmIdentifier,
67 * hashedMessage OCTET STRING }
68 */
69
70struct TS_msg_imprint_st {
71 X509_ALGOR *hash_algo;
72 ASN1_OCTET_STRING *hashed_msg;
73};
74
75/*
76 * TimeStampReq ::= SEQUENCE {
77 * version INTEGER { v1(1) },
78 * messageImprint MessageImprint,
79 * --a hash algorithm OID and the hash value of the data to be
80 * --time-stamped
81 * reqPolicy TSAPolicyId OPTIONAL,
82 * nonce INTEGER OPTIONAL,
83 * certReq BOOLEAN DEFAULT FALSE,
84 * extensions [0] IMPLICIT Extensions OPTIONAL }
85 */
86
87struct TS_req_st {
88 ASN1_INTEGER *version;
89 TS_MSG_IMPRINT *msg_imprint;
90 ASN1_OBJECT *policy_id; /* OPTIONAL */
91 ASN1_INTEGER *nonce; /* OPTIONAL */
92 ASN1_BOOLEAN cert_req; /* DEFAULT FALSE */
93 STACK_OF(X509_EXTENSION) *extensions; /* [0] OPTIONAL */
94};
95
96/*
97 * Accuracy ::= SEQUENCE {
98 * seconds INTEGER OPTIONAL,
99 * millis [0] INTEGER (1..999) OPTIONAL,
100 * micros [1] INTEGER (1..999) OPTIONAL }
101 */
102
103struct TS_accuracy_st {
104 ASN1_INTEGER *seconds;
105 ASN1_INTEGER *millis;
106 ASN1_INTEGER *micros;
107};
108
109/*
110 * TSTInfo ::= SEQUENCE {
111 * version INTEGER { v1(1) },
112 * policy TSAPolicyId,
113 * messageImprint MessageImprint,
114 * -- MUST have the same value as the similar field in
115 * -- TimeStampReq
116 * serialNumber INTEGER,
117 * -- Time-Stamping users MUST be ready to accommodate integers
118 * -- up to 160 bits.
119 * genTime GeneralizedTime,
120 * accuracy Accuracy OPTIONAL,
121 * ordering BOOLEAN DEFAULT FALSE,
122 * nonce INTEGER OPTIONAL,
123 * -- MUST be present if the similar field was present
124 * -- in TimeStampReq. In that case it MUST have the same value.
125 * tsa [0] GeneralName OPTIONAL,
126 * extensions [1] IMPLICIT Extensions OPTIONAL }
127 */
128
129struct TS_tst_info_st {
130 ASN1_INTEGER *version;
131 ASN1_OBJECT *policy_id;
132 TS_MSG_IMPRINT *msg_imprint;
133 ASN1_INTEGER *serial;
134 ASN1_GENERALIZEDTIME *time;
135 TS_ACCURACY *accuracy;
136 ASN1_BOOLEAN ordering;
137 ASN1_INTEGER *nonce;
138 GENERAL_NAME *tsa;
139 STACK_OF(X509_EXTENSION) *extensions;
140};
141
142/*
143 * PKIStatusInfo ::= SEQUENCE {
144 * status PKIStatus,
145 * statusString PKIFreeText OPTIONAL,
146 * failInfo PKIFailureInfo OPTIONAL }
147 *
148 * From RFC 1510 - section 3.1.1:
149 * PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String
150 * -- text encoded as UTF-8 String (note: each UTF8String SHOULD
151 * -- include an RFC 1766 language tag to indicate the language
152 * -- of the contained text)
153 */
154
155struct TS_status_info_st {
156 ASN1_INTEGER *status;
157 STACK_OF(ASN1_UTF8STRING) *text;
158 ASN1_BIT_STRING *failure_info;
159};
160
161/*
162 * TimeStampResp ::= SEQUENCE {
163 * status PKIStatusInfo,
164 * timeStampToken TimeStampToken OPTIONAL }
165 */
166
167struct TS_resp_st {
168 TS_STATUS_INFO *status_info;
169 PKCS7 *token;
170 TS_TST_INFO *tst_info;
171};
172
173/* The structure below would belong to the ESS component. */
174
175/*
176 * IssuerSerial ::= SEQUENCE {
177 * issuer GeneralNames,
178 * serialNumber CertificateSerialNumber
179 * }
180 */
181
182struct ESS_issuer_serial {
183 STACK_OF(GENERAL_NAME) *issuer;
184 ASN1_INTEGER *serial;
185};
186
187/*
188 * ESSCertID ::= SEQUENCE {
189 * certHash Hash,
190 * issuerSerial IssuerSerial OPTIONAL
191 * }
192 */
193
194struct ESS_cert_id {
195 ASN1_OCTET_STRING *hash; /* Always SHA-1 digest. */
196 ESS_ISSUER_SERIAL *issuer_serial;
197};
198
199/*
200 * SigningCertificate ::= SEQUENCE {
201 * certs SEQUENCE OF ESSCertID,
202 * policies SEQUENCE OF PolicyInformation OPTIONAL
203 * }
204 */
205
206struct ESS_signing_cert {
207 STACK_OF(ESS_CERT_ID) *cert_ids;
208 STACK_OF(POLICYINFO) *policy_info;
209};
210
211/*
65 * ESSCertIDv2 ::= SEQUENCE { 212 * ESSCertIDv2 ::= SEQUENCE {
66 * hashAlgorithm AlgorithmIdentifier 213 * hashAlgorithm AlgorithmIdentifier
67 * DEFAULT {algorithm id-sha256}, 214 * DEFAULT {algorithm id-sha256},
@@ -86,6 +233,65 @@ struct ESS_signing_cert_v2 {
86 STACK_OF(POLICYINFO) *policy_info; 233 STACK_OF(POLICYINFO) *policy_info;
87}; 234};
88 235
236struct TS_resp_ctx {
237 X509 *signer_cert;
238 EVP_PKEY *signer_key;
239 STACK_OF(X509) *certs; /* Certs to include in signed data. */
240 STACK_OF(ASN1_OBJECT) *policies; /* Acceptable policies. */
241 ASN1_OBJECT *default_policy; /* It may appear in policies, too. */
242 STACK_OF(EVP_MD) *mds; /* Acceptable message digests. */
243 ASN1_INTEGER *seconds; /* accuracy, 0 means not specified. */
244 ASN1_INTEGER *millis; /* accuracy, 0 means not specified. */
245 ASN1_INTEGER *micros; /* accuracy, 0 means not specified. */
246 unsigned clock_precision_digits; /* fraction of seconds in
247 time stamp token. */
248 unsigned flags; /* Optional info, see values above. */
249
250 /* Callback functions. */
251 TS_serial_cb serial_cb;
252 void *serial_cb_data; /* User data for serial_cb. */
253
254 TS_time_cb time_cb;
255 void *time_cb_data; /* User data for time_cb. */
256
257 TS_extension_cb extension_cb;
258 void *extension_cb_data; /* User data for extension_cb. */
259
260 /* These members are used only while creating the response. */
261 TS_REQ *request;
262 TS_RESP *response;
263 TS_TST_INFO *tst_info;
264};
265
266/* Context structure for the generic verify method. */
267
268struct TS_verify_ctx {
269 /* Set this to the union of TS_VFY_... flags you want to carry out. */
270 unsigned flags;
271
272 /* Must be set only with TS_VFY_SIGNATURE. certs is optional. */
273 X509_STORE *store;
274 STACK_OF(X509) *certs;
275
276 /* Must be set only with TS_VFY_POLICY. */
277 ASN1_OBJECT *policy;
278
279 /* Must be set only with TS_VFY_IMPRINT. If md_alg is NULL,
280 the algorithm from the response is used. */
281 X509_ALGOR *md_alg;
282 unsigned char *imprint;
283 unsigned imprint_len;
284
285 /* Must be set only with TS_VFY_DATA. */
286 BIO *data;
287
288 /* Must be set only with TS_VFY_TSA_NAME. */
289 ASN1_INTEGER *nonce;
290
291 /* Must be set only with TS_VFY_TSA_NAME. */
292 GENERAL_NAME *tsa_name;
293};
294
89/* 295/*
90 * Public OpenSSL API that we do not currently want to expose. 296 * Public OpenSSL API that we do not currently want to expose.
91 */ 297 */