crypto/cms: add CAdES-BES signed attributes validation
[openssl.git] / include / crypto / ess.h
1 /*
2  * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9
10 /* internal ESS related stuff */
11
12 ESS_SIGNING_CERT *ESS_SIGNING_CERT_get(PKCS7_SIGNER_INFO *si);
13 int ESS_SIGNING_CERT_add(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc);
14
15 ESS_SIGNING_CERT *ESS_SIGNING_CERT_new_init(X509 *signcert,
16                                             STACK_OF(X509) *certs,
17                                             int issuer_needed);
18
19 ESS_SIGNING_CERT_V2 *ESS_SIGNING_CERT_V2_get(PKCS7_SIGNER_INFO *si);
20 int ESS_SIGNING_CERT_V2_add(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT_V2 *sc);
21
22 ESS_SIGNING_CERT_V2 *ESS_SIGNING_CERT_V2_new_init(const EVP_MD *hash_alg,
23                                                   X509 *signcert,
24                                                   STACK_OF(X509) *certs,
25                                                   int issuer_needed);
26
27 /* Returns < 0 if certificate is not found, certificate index otherwise. */
28 int ess_find_cert_v2(const STACK_OF(ESS_CERT_ID_V2) *cert_ids, const X509 *cert);
29 int ess_find_cert(const STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert);
30
31 /*-
32  * IssuerSerial ::= SEQUENCE {
33  *        issuer                  GeneralNames,
34  *        serialNumber            CertificateSerialNumber
35  * }
36  */
37
38 struct ESS_issuer_serial {
39     STACK_OF(GENERAL_NAME) *issuer;
40     ASN1_INTEGER *serial;
41 };
42
43 /*-
44  * ESSCertID ::=  SEQUENCE {
45  *        certHash                Hash,
46  *        issuerSerial            IssuerSerial OPTIONAL
47  * }
48  */
49
50 struct ESS_cert_id {
51     ASN1_OCTET_STRING *hash;    /* Always SHA-1 digest. */
52     ESS_ISSUER_SERIAL *issuer_serial;
53 };
54
55 /*-
56  * SigningCertificate ::=  SEQUENCE {
57  *        certs                   SEQUENCE OF ESSCertID,
58  *        policies                SEQUENCE OF PolicyInformation OPTIONAL
59  * }
60  */
61
62 struct ESS_signing_cert {
63     STACK_OF(ESS_CERT_ID) *cert_ids;
64     STACK_OF(POLICYINFO) *policy_info;
65 };
66
67 /*-
68  * ESSCertIDv2 ::=  SEQUENCE {
69  *        hashAlgorithm           AlgorithmIdentifier DEFAULT id-sha256,
70  *        certHash                Hash,
71  *        issuerSerial            IssuerSerial OPTIONAL
72  * }
73  */
74
75 struct ESS_cert_id_v2_st {
76     X509_ALGOR *hash_alg;       /* Default: SHA-256 */
77     ASN1_OCTET_STRING *hash;
78     ESS_ISSUER_SERIAL *issuer_serial;
79 };
80
81 /*-
82  * SigningCertificateV2 ::= SEQUENCE {
83  *        certs                   SEQUENCE OF ESSCertIDv2,
84  *        policies                SEQUENCE OF PolicyInformation OPTIONAL
85  * }
86  */
87
88 struct ESS_signing_cert_v2_st {
89     STACK_OF(ESS_CERT_ID_V2) *cert_ids;
90     STACK_OF(POLICYINFO) *policy_info;
91 };