include/crypto/ess.h

   1 /*
   2  * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
   3  *
   4  * Licensed under the Apache License 2.0 (the "License").  You may not use
   5  * this file except in compliance with the License.  You can obtain a copy
   6  * in the file LICENSE in the source distribution or at
   7  * https://www.openssl.org/source/license.html
   8  */
   9
  10 /* internal ESS related stuff */
  11
  12 ESS_SIGNING_CERT *ESS_SIGNING_CERT_get(PKCS7_SIGNER_INFO *si);
  13 int ESS_SIGNING_CERT_add(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc);
  14
  15 ESS_SIGNING_CERT *ESS_SIGNING_CERT_new_init(X509 *signcert,
  16                                             STACK_OF(X509) *certs,
  17                                             int issuer_needed);
  18
  19 ESS_SIGNING_CERT_V2 *ESS_SIGNING_CERT_V2_get(PKCS7_SIGNER_INFO *si);
  20 int ESS_SIGNING_CERT_V2_add(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT_V2 *sc);
  21
  22 ESS_SIGNING_CERT_V2 *ESS_SIGNING_CERT_V2_new_init(const EVP_MD *hash_alg,
  23                                                   X509 *signcert,
  24                                                   STACK_OF(X509) *certs,
  25                                                   int issuer_needed);
  26
  27 /*-
  28  * IssuerSerial ::= SEQUENCE {
  29  *        issuer                  GeneralNames,
  30  *        serialNumber            CertificateSerialNumber
  31  * }
  32  */
  33
  34 struct ESS_issuer_serial {
  35     STACK_OF(GENERAL_NAME) *issuer;
  36     ASN1_INTEGER *serial;
  37 };
  38
  39 /*-
  40  * ESSCertID ::=  SEQUENCE {
  41  *        certHash                Hash,
  42  *        issuerSerial            IssuerSerial OPTIONAL
  43  * }
  44  */
  45
  46 struct ESS_cert_id {
  47     ASN1_OCTET_STRING *hash;    /* Always SHA-1 digest. */
  48     ESS_ISSUER_SERIAL *issuer_serial;
  49 };
  50
  51 /*-
  52  * SigningCertificate ::=  SEQUENCE {
  53  *        certs                   SEQUENCE OF ESSCertID,
  54  *        policies                SEQUENCE OF PolicyInformation OPTIONAL
  55  * }
  56  */
  57
  58 struct ESS_signing_cert {
  59     STACK_OF(ESS_CERT_ID) *cert_ids;
  60     STACK_OF(POLICYINFO) *policy_info;
  61 };
  62
  63 /*-
  64  * ESSCertIDv2 ::=  SEQUENCE {
  65  *        hashAlgorithm           AlgorithmIdentifier DEFAULT id-sha256,
  66  *        certHash                Hash,
  67  *        issuerSerial            IssuerSerial OPTIONAL
  68  * }
  69  */
  70
  71 struct ESS_cert_id_v2_st {
  72     X509_ALGOR *hash_alg;       /* Default: SHA-256 */
  73     ASN1_OCTET_STRING *hash;
  74     ESS_ISSUER_SERIAL *issuer_serial;
  75 };
  76
  77 /*-
  78  * SigningCertificateV2 ::= SEQUENCE {
  79  *        certs                   SEQUENCE OF ESSCertIDv2,
  80  *        policies                SEQUENCE OF PolicyInformation OPTIONAL
  81  * }
  82  */
  83
  84 struct ESS_signing_cert_v2_st {
  85     STACK_OF(ESS_CERT_ID_V2) *cert_ids;
  86     STACK_OF(POLICYINFO) *policy_info;
  87 };