include/crypto/ess.h

   1 /*
   2  * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
   3  *
   4  * Licensed under the Apache License 2.0 (the "License").  You may not use
   5  * this file except in compliance with the License.  You can obtain a copy
   6  * in the file LICENSE in the source distribution or at
   7  * https://www.openssl.org/source/license.html
   8  */
   9
  10 #ifndef OSSL_CRYPTO_ESS_H
  11 # define OSSL_CRYPTO_ESS_H
  12 # pragma once
  13
  14 /* internal ESS related stuff */
  15
  16 ESS_SIGNING_CERT *ESS_SIGNING_CERT_get(PKCS7_SIGNER_INFO *si);
  17 int ESS_SIGNING_CERT_add(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc);
  18
  19 ESS_SIGNING_CERT *ESS_SIGNING_CERT_new_init(X509 *signcert,
  20                                             STACK_OF(X509) *certs,
  21                                             int issuer_needed);
  22
  23 ESS_SIGNING_CERT_V2 *ESS_SIGNING_CERT_V2_get(PKCS7_SIGNER_INFO *si);
  24 int ESS_SIGNING_CERT_V2_add(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT_V2 *sc);
  25
  26 ESS_SIGNING_CERT_V2 *ESS_SIGNING_CERT_V2_new_init(const EVP_MD *hash_alg,
  27                                                   X509 *signcert,
  28                                                   STACK_OF(X509) *certs,
  29                                                   int issuer_needed);
  30
  31 /* Returns < 0 if certificate is not found, certificate index otherwise. */
  32 int ess_find_cert_v2(const STACK_OF(ESS_CERT_ID_V2) *cert_ids, const X509 *cert);
  33 int ess_find_cert(const STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert);
  34
  35 /*-
  36  * IssuerSerial ::= SEQUENCE {
  37  *        issuer                  GeneralNames,
  38  *        serialNumber            CertificateSerialNumber
  39  * }
  40  */
  41
  42 struct ESS_issuer_serial {
  43     STACK_OF(GENERAL_NAME) *issuer;
  44     ASN1_INTEGER *serial;
  45 };
  46
  47 /*-
  48  * ESSCertID ::=  SEQUENCE {
  49  *        certHash                Hash,
  50  *        issuerSerial            IssuerSerial OPTIONAL
  51  * }
  52  */
  53
  54 struct ESS_cert_id {
  55     ASN1_OCTET_STRING *hash;    /* Always SHA-1 digest. */
  56     ESS_ISSUER_SERIAL *issuer_serial;
  57 };
  58
  59 /*-
  60  * SigningCertificate ::=  SEQUENCE {
  61  *        certs                   SEQUENCE OF ESSCertID,
  62  *        policies                SEQUENCE OF PolicyInformation OPTIONAL
  63  * }
  64  */
  65
  66 struct ESS_signing_cert {
  67     STACK_OF(ESS_CERT_ID) *cert_ids;
  68     STACK_OF(POLICYINFO) *policy_info;
  69 };
  70
  71 /*-
  72  * ESSCertIDv2 ::=  SEQUENCE {
  73  *        hashAlgorithm           AlgorithmIdentifier DEFAULT id-sha256,
  74  *        certHash                Hash,
  75  *        issuerSerial            IssuerSerial OPTIONAL
  76  * }
  77  */
  78
  79 struct ESS_cert_id_v2_st {
  80     X509_ALGOR *hash_alg;       /* Default: SHA-256 */
  81     ASN1_OCTET_STRING *hash;
  82     ESS_ISSUER_SERIAL *issuer_serial;
  83 };
  84
  85 /*-
  86  * SigningCertificateV2 ::= SEQUENCE {
  87  *        certs                   SEQUENCE OF ESSCertIDv2,
  88  *        policies                SEQUENCE OF PolicyInformation OPTIONAL
  89  * }
  90  */
  91
  92 struct ESS_signing_cert_v2_st {
  93     STACK_OF(ESS_CERT_ID_V2) *cert_ids;
  94     STACK_OF(POLICYINFO) *policy_info;
  95 };
  96
  97 #endif /* OSSL_CRYPTO_ESS_H */