| yuezonghe | 824eb0c | 2024-06-27 02:32:26 -0700 | [diff] [blame] | 1 | /* |
| 2 | * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. |
| 3 | * |
| 4 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 5 | * this file except in compliance with the License. You can obtain a copy |
| 6 | * in the file LICENSE in the source distribution or at |
| 7 | * https://www.openssl.org/source/license.html |
| 8 | */ |
| 9 | |
| 10 | /*- |
| 11 | * MessageImprint ::= SEQUENCE { |
| 12 | * hashAlgorithm AlgorithmIdentifier, |
| 13 | * hashedMessage OCTET STRING } |
| 14 | */ |
| 15 | struct TS_msg_imprint_st { |
| 16 | X509_ALGOR *hash_algo; |
| 17 | ASN1_OCTET_STRING *hashed_msg; |
| 18 | }; |
| 19 | |
| 20 | /*- |
| 21 | * TimeStampResp ::= SEQUENCE { |
| 22 | * status PKIStatusInfo, |
| 23 | * timeStampToken TimeStampToken OPTIONAL } |
| 24 | */ |
| 25 | struct TS_resp_st { |
| 26 | TS_STATUS_INFO *status_info; |
| 27 | PKCS7 *token; |
| 28 | TS_TST_INFO *tst_info; |
| 29 | }; |
| 30 | |
| 31 | /*- |
| 32 | * TimeStampReq ::= SEQUENCE { |
| 33 | * version INTEGER { v1(1) }, |
| 34 | * messageImprint MessageImprint, |
| 35 | * --a hash algorithm OID and the hash value of the data to be |
| 36 | * --time-stamped |
| 37 | * reqPolicy TSAPolicyId OPTIONAL, |
| 38 | * nonce INTEGER OPTIONAL, |
| 39 | * certReq BOOLEAN DEFAULT FALSE, |
| 40 | * extensions [0] IMPLICIT Extensions OPTIONAL } |
| 41 | */ |
| 42 | struct TS_req_st { |
| 43 | ASN1_INTEGER *version; |
| 44 | TS_MSG_IMPRINT *msg_imprint; |
| 45 | ASN1_OBJECT *policy_id; |
| 46 | ASN1_INTEGER *nonce; |
| 47 | ASN1_BOOLEAN cert_req; |
| 48 | STACK_OF(X509_EXTENSION) *extensions; |
| 49 | }; |
| 50 | |
| 51 | /*- |
| 52 | * Accuracy ::= SEQUENCE { |
| 53 | * seconds INTEGER OPTIONAL, |
| 54 | * millis [0] INTEGER (1..999) OPTIONAL, |
| 55 | * micros [1] INTEGER (1..999) OPTIONAL } |
| 56 | */ |
| 57 | struct TS_accuracy_st { |
| 58 | ASN1_INTEGER *seconds; |
| 59 | ASN1_INTEGER *millis; |
| 60 | ASN1_INTEGER *micros; |
| 61 | }; |
| 62 | |
| 63 | /*- |
| 64 | * TSTInfo ::= SEQUENCE { |
| 65 | * version INTEGER { v1(1) }, |
| 66 | * policy TSAPolicyId, |
| 67 | * messageImprint MessageImprint, |
| 68 | * -- MUST have the same value as the similar field in |
| 69 | * -- TimeStampReq |
| 70 | * serialNumber INTEGER, |
| 71 | * -- Time-Stamping users MUST be ready to accommodate integers |
| 72 | * -- up to 160 bits. |
| 73 | * genTime GeneralizedTime, |
| 74 | * accuracy Accuracy OPTIONAL, |
| 75 | * ordering BOOLEAN DEFAULT FALSE, |
| 76 | * nonce INTEGER OPTIONAL, |
| 77 | * -- MUST be present if the similar field was present |
| 78 | * -- in TimeStampReq. In that case it MUST have the same value. |
| 79 | * tsa [0] GeneralName OPTIONAL, |
| 80 | * extensions [1] IMPLICIT Extensions OPTIONAL } |
| 81 | */ |
| 82 | struct TS_tst_info_st { |
| 83 | ASN1_INTEGER *version; |
| 84 | ASN1_OBJECT *policy_id; |
| 85 | TS_MSG_IMPRINT *msg_imprint; |
| 86 | ASN1_INTEGER *serial; |
| 87 | ASN1_GENERALIZEDTIME *time; |
| 88 | TS_ACCURACY *accuracy; |
| 89 | ASN1_BOOLEAN ordering; |
| 90 | ASN1_INTEGER *nonce; |
| 91 | GENERAL_NAME *tsa; |
| 92 | STACK_OF(X509_EXTENSION) *extensions; |
| 93 | }; |
| 94 | |
| 95 | struct TS_status_info_st { |
| 96 | ASN1_INTEGER *status; |
| 97 | STACK_OF(ASN1_UTF8STRING) *text; |
| 98 | ASN1_BIT_STRING *failure_info; |
| 99 | }; |
| 100 | |
| 101 | /*- |
| 102 | * IssuerSerial ::= SEQUENCE { |
| 103 | * issuer GeneralNames, |
| 104 | * serialNumber CertificateSerialNumber |
| 105 | * } |
| 106 | */ |
| 107 | struct ESS_issuer_serial { |
| 108 | STACK_OF(GENERAL_NAME) *issuer; |
| 109 | ASN1_INTEGER *serial; |
| 110 | }; |
| 111 | |
| 112 | /*- |
| 113 | * ESSCertID ::= SEQUENCE { |
| 114 | * certHash Hash, |
| 115 | * issuerSerial IssuerSerial OPTIONAL |
| 116 | * } |
| 117 | */ |
| 118 | struct ESS_cert_id { |
| 119 | ASN1_OCTET_STRING *hash; /* Always SHA-1 digest. */ |
| 120 | ESS_ISSUER_SERIAL *issuer_serial; |
| 121 | }; |
| 122 | |
| 123 | /*- |
| 124 | * SigningCertificate ::= SEQUENCE { |
| 125 | * certs SEQUENCE OF ESSCertID, |
| 126 | * policies SEQUENCE OF PolicyInformation OPTIONAL |
| 127 | * } |
| 128 | */ |
| 129 | struct ESS_signing_cert { |
| 130 | STACK_OF(ESS_CERT_ID) *cert_ids; |
| 131 | STACK_OF(POLICYINFO) *policy_info; |
| 132 | }; |
| 133 | |
| 134 | /*- |
| 135 | * ESSCertIDv2 ::= SEQUENCE { |
| 136 | * hashAlgorithm AlgorithmIdentifier |
| 137 | * DEFAULT {algorithm id-sha256}, |
| 138 | * certHash Hash, |
| 139 | * issuerSerial IssuerSerial OPTIONAL |
| 140 | * } |
| 141 | */ |
| 142 | |
| 143 | struct ESS_cert_id_v2_st { |
| 144 | X509_ALGOR *hash_alg; /* Default: SHA-256 */ |
| 145 | ASN1_OCTET_STRING *hash; |
| 146 | ESS_ISSUER_SERIAL *issuer_serial; |
| 147 | }; |
| 148 | |
| 149 | /*- |
| 150 | * SigningCertificateV2 ::= SEQUENCE { |
| 151 | * certs SEQUENCE OF ESSCertIDv2, |
| 152 | * policies SEQUENCE OF PolicyInformation OPTIONAL |
| 153 | * } |
| 154 | */ |
| 155 | |
| 156 | struct ESS_signing_cert_v2_st { |
| 157 | STACK_OF(ESS_CERT_ID_V2) *cert_ids; |
| 158 | STACK_OF(POLICYINFO) *policy_info; |
| 159 | }; |
| 160 | |
| 161 | |
| 162 | struct TS_resp_ctx { |
| 163 | X509 *signer_cert; |
| 164 | EVP_PKEY *signer_key; |
| 165 | const EVP_MD *signer_md; |
| 166 | const EVP_MD *ess_cert_id_digest; |
| 167 | STACK_OF(X509) *certs; /* Certs to include in signed data. */ |
| 168 | STACK_OF(ASN1_OBJECT) *policies; /* Acceptable policies. */ |
| 169 | ASN1_OBJECT *default_policy; /* It may appear in policies, too. */ |
| 170 | STACK_OF(EVP_MD) *mds; /* Acceptable message digests. */ |
| 171 | ASN1_INTEGER *seconds; /* accuracy, 0 means not specified. */ |
| 172 | ASN1_INTEGER *millis; /* accuracy, 0 means not specified. */ |
| 173 | ASN1_INTEGER *micros; /* accuracy, 0 means not specified. */ |
| 174 | unsigned clock_precision_digits; /* fraction of seconds in time stamp |
| 175 | * token. */ |
| 176 | unsigned flags; /* Optional info, see values above. */ |
| 177 | /* Callback functions. */ |
| 178 | TS_serial_cb serial_cb; |
| 179 | void *serial_cb_data; /* User data for serial_cb. */ |
| 180 | TS_time_cb time_cb; |
| 181 | void *time_cb_data; /* User data for time_cb. */ |
| 182 | TS_extension_cb extension_cb; |
| 183 | void *extension_cb_data; /* User data for extension_cb. */ |
| 184 | /* These members are used only while creating the response. */ |
| 185 | TS_REQ *request; |
| 186 | TS_RESP *response; |
| 187 | TS_TST_INFO *tst_info; |
| 188 | }; |
| 189 | |
| 190 | struct TS_verify_ctx { |
| 191 | /* Set this to the union of TS_VFY_... flags you want to carry out. */ |
| 192 | unsigned flags; |
| 193 | /* Must be set only with TS_VFY_SIGNATURE. certs is optional. */ |
| 194 | X509_STORE *store; |
| 195 | STACK_OF(X509) *certs; |
| 196 | /* Must be set only with TS_VFY_POLICY. */ |
| 197 | ASN1_OBJECT *policy; |
| 198 | /* |
| 199 | * Must be set only with TS_VFY_IMPRINT. If md_alg is NULL, the |
| 200 | * algorithm from the response is used. |
| 201 | */ |
| 202 | X509_ALGOR *md_alg; |
| 203 | unsigned char *imprint; |
| 204 | unsigned imprint_len; |
| 205 | /* Must be set only with TS_VFY_DATA. */ |
| 206 | BIO *data; |
| 207 | /* Must be set only with TS_VFY_TSA_NAME. */ |
| 208 | ASN1_INTEGER *nonce; |
| 209 | /* Must be set only with TS_VFY_TSA_NAME. */ |
| 210 | GENERAL_NAME *tsa_name; |
| 211 | }; |