include/crypto/ess.h

   1 /*
   2  * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
   3  *
   4  * Licensed under the Apache License 2.0 (the "License").  You may not use
   5  * this file except in compliance with the License.  You can obtain a copy
   6  * in the file LICENSE in the source distribution or at
   7  * https://www.openssl.org/source/license.html
   8  */
   9
  10 #ifndef OSSL_CRYPTO_ESS_H
  11 # define OSSL_CRYPTO_ESS_H
  12 # pragma once
  13
  14 /* internal ESS related stuff */
  15
  16 ESS_SIGNING_CERT *ossl_ess_signing_cert_get(PKCS7_SIGNER_INFO *si);
  17 int ossl_ess_signing_cert_add(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc);
  18
  19 ESS_SIGNING_CERT *ossl_ess_signing_cert_new_init(X509 *signcert,
  20                                                  STACK_OF(X509) *certs,
  21                                                  int issuer_needed);
  22
  23 ESS_SIGNING_CERT_V2 *ossl_ess_signing_cert_v2_get(PKCS7_SIGNER_INFO *si);
  24 int ossl_ess_signing_cert_v2_add(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT_V2 *sc);
  25
  26 ESS_SIGNING_CERT_V2 *ossl_ess_signing_cert_v2_new_init(const EVP_MD *hash_alg,
  27                                                        X509 *signcert,
  28                                                        STACK_OF(X509) *certs,
  29                                                        int issuer_needed);
  30
  31 /* Returns < 0 if certificate is not found, certificate index otherwise. */
  32 int ossl_ess_find_cert_v2(const STACK_OF(ESS_CERT_ID_V2) *cert_ids,
  33                           const X509 *cert);
  34 int ossl_ess_find_cert(const STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert);
  35
  36 /*-
  37  * IssuerSerial ::= SEQUENCE {
  38  *        issuer                  GeneralNames,
  39  *        serialNumber            CertificateSerialNumber
  40  * }
  41  */
  42
  43 struct ESS_issuer_serial {
  44     STACK_OF(GENERAL_NAME) *issuer;
  45     ASN1_INTEGER *serial;
  46 };
  47
  48 /*-
  49  * ESSCertID ::=  SEQUENCE {
  50  *        certHash                Hash,
  51  *        issuerSerial            IssuerSerial OPTIONAL
  52  * }
  53  */
  54
  55 struct ESS_cert_id {
  56     ASN1_OCTET_STRING *hash;    /* Always SHA-1 digest. */
  57     ESS_ISSUER_SERIAL *issuer_serial;
  58 };
  59
  60 /*-
  61  * SigningCertificate ::=  SEQUENCE {
  62  *        certs                   SEQUENCE OF ESSCertID,
  63  *        policies                SEQUENCE OF PolicyInformation OPTIONAL
  64  * }
  65  */
  66
  67 struct ESS_signing_cert {
  68     STACK_OF(ESS_CERT_ID) *cert_ids;
  69     STACK_OF(POLICYINFO) *policy_info;
  70 };
  71
  72 /*-
  73  * ESSCertIDv2 ::=  SEQUENCE {
  74  *        hashAlgorithm           AlgorithmIdentifier DEFAULT id-sha256,
  75  *        certHash                Hash,
  76  *        issuerSerial            IssuerSerial OPTIONAL
  77  * }
  78  */
  79
  80 struct ESS_cert_id_v2_st {
  81     X509_ALGOR *hash_alg;       /* Default: SHA-256 */
  82     ASN1_OCTET_STRING *hash;
  83     ESS_ISSUER_SERIAL *issuer_serial;
  84 };
  85
  86 /*-
  87  * SigningCertificateV2 ::= SEQUENCE {
  88  *        certs                   SEQUENCE OF ESSCertIDv2,
  89  *        policies                SEQUENCE OF PolicyInformation OPTIONAL
  90  * }
  91  */
  92
  93 struct ESS_signing_cert_v2_st {
  94     STACK_OF(ESS_CERT_ID_V2) *cert_ids;
  95     STACK_OF(POLICYINFO) *policy_info;
  96 };
  97
  98 #endif /* OSSL_CRYPTO_ESS_H */